diff --git a/dependencies/@openzeppelin/.changeset/chilled-walls-develop.md b/dependencies/@openzeppelin/.changeset/chilled-walls-develop.md new file mode 100644 index 00000000..4108feb6 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/chilled-walls-develop.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Clones`: Add version of `clone` and `cloneDeterministic` that support sending value at creation. diff --git a/dependencies/@openzeppelin/.changeset/chilly-humans-warn.md b/dependencies/@openzeppelin/.changeset/chilly-humans-warn.md new file mode 100644 index 00000000..1301dfec --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/chilly-humans-warn.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': patch +--- + +`ProxyAdmin`: Fixed documentation for `UPGRADE_INTERFACE_VERSION` getter. diff --git a/dependencies/@openzeppelin/.changeset/cold-cheetahs-check.md b/dependencies/@openzeppelin/.changeset/cold-cheetahs-check.md new file mode 100644 index 00000000..0697dcdf --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/cold-cheetahs-check.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`CircularBuffer`: Add a data structure that stores the last `N` values pushed to it. diff --git a/dependencies/@openzeppelin/.changeset/config.json b/dependencies/@openzeppelin/.changeset/config.json new file mode 100644 index 00000000..66794fae --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/config.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://unpkg.com/@changesets/config@2.3.0/schema.json", + "changelog": [ + "@changesets/changelog-github", + { + "repo": "OpenZeppelin/openzeppelin-contracts" + } + ], + "commit": false, + "access": "public", + "baseBranch": "master" +} diff --git a/dependencies/@openzeppelin/.changeset/cool-mangos-compare.md b/dependencies/@openzeppelin/.changeset/cool-mangos-compare.md new file mode 100644 index 00000000..470ee089 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/cool-mangos-compare.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Math`: add an `invMod` function to get the modular multiplicative inverse of a number in Z/nZ. diff --git a/dependencies/@openzeppelin/.changeset/curvy-crabs-repeat.md b/dependencies/@openzeppelin/.changeset/curvy-crabs-repeat.md new file mode 100644 index 00000000..db3ef275 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/curvy-crabs-repeat.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`RSA`: Library to verify signatures according to RFC 8017 Signature Verification Operation diff --git a/dependencies/@openzeppelin/.changeset/dirty-cobras-smile.md b/dependencies/@openzeppelin/.changeset/dirty-cobras-smile.md new file mode 100644 index 00000000..d71194cf --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/dirty-cobras-smile.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Arrays`: add a `sort` functions for `address[]`, `bytes32[]` and `uint256[]` memory arrays. diff --git a/dependencies/@openzeppelin/.changeset/eight-eyes-burn.md b/dependencies/@openzeppelin/.changeset/eight-eyes-burn.md new file mode 100644 index 00000000..908c90c7 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/eight-eyes-burn.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`GovernorCountingFractional`: Add a governor counting module that allows distributing voting power amongst 3 options (For, Against, Abstain). diff --git a/dependencies/@openzeppelin/.changeset/eleven-planets-relax.md b/dependencies/@openzeppelin/.changeset/eleven-planets-relax.md new file mode 100644 index 00000000..a1f1bbf1 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/eleven-planets-relax.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': patch +--- + +`TransparentUpgradeableProxy`: Make internal `_proxyAdmin()` getter have `view` visibility. diff --git a/dependencies/@openzeppelin/.changeset/flat-turtles-repeat.md b/dependencies/@openzeppelin/.changeset/flat-turtles-repeat.md new file mode 100644 index 00000000..6b627201 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/flat-turtles-repeat.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Arrays`: deprecate `findUpperBound` in favor of the new `lowerBound`. diff --git a/dependencies/@openzeppelin/.changeset/fluffy-buses-jump.md b/dependencies/@openzeppelin/.changeset/fluffy-buses-jump.md new file mode 100644 index 00000000..0525a4d8 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/fluffy-buses-jump.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Comparator`: A library of comparator functions, useful for customizing the behavior of the Heap structure. diff --git a/dependencies/@openzeppelin/.changeset/fluffy-steaks-exist.md b/dependencies/@openzeppelin/.changeset/fluffy-steaks-exist.md new file mode 100644 index 00000000..b625e243 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/fluffy-steaks-exist.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': patch +--- + +`Create2`, `Clones`: Mask `computeAddress` and `cloneDeterministic` outputs to produce a clean value for an `address` type (i.e. only use 20 bytes) diff --git a/dependencies/@openzeppelin/.changeset/forty-dodos-visit.md b/dependencies/@openzeppelin/.changeset/forty-dodos-visit.md new file mode 100644 index 00000000..7d5ae747 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/forty-dodos-visit.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Strings`: Added a utility function for converting an address to checksummed string. diff --git a/dependencies/@openzeppelin/.changeset/four-chairs-help.md b/dependencies/@openzeppelin/.changeset/four-chairs-help.md new file mode 100644 index 00000000..cbd00760 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/four-chairs-help.md @@ -0,0 +1,5 @@ +--- +"openzeppelin-solidity": minor +--- + +`Clones`: Add `cloneWithImmutableArgs` and `cloneDeterministicWithImmutableArgs` variants that create clones with per-instance immutable arguments. The immutable arguments can be retrieved using `fetchCloneArgs`. The corresponding `predictDeterministicWithImmutableArgs` function is also included. diff --git a/dependencies/@openzeppelin/.changeset/friendly-nails-push.md b/dependencies/@openzeppelin/.changeset/friendly-nails-push.md new file mode 100644 index 00000000..157bf055 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/friendly-nails-push.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ERC1363`: Add implementation of the token payable standard allowing execution of contract code after transfers and approvals. diff --git a/dependencies/@openzeppelin/.changeset/gentle-bulldogs-turn.md b/dependencies/@openzeppelin/.changeset/gentle-bulldogs-turn.md new file mode 100644 index 00000000..12bc87a2 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/gentle-bulldogs-turn.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`DoubleEndedQueue`: Custom errors replaced with native panic codes. diff --git a/dependencies/@openzeppelin/.changeset/gorgeous-badgers-vanish.md b/dependencies/@openzeppelin/.changeset/gorgeous-badgers-vanish.md new file mode 100644 index 00000000..ce75ed6e --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/gorgeous-badgers-vanish.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`SlotDerivation`: Add a library of methods for derivating common storage slots. diff --git a/dependencies/@openzeppelin/.changeset/great-pianos-work.md b/dependencies/@openzeppelin/.changeset/great-pianos-work.md new file mode 100644 index 00000000..da54483e --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/great-pianos-work.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Heap`: A data structure that implements a heap-based priority queue. diff --git a/dependencies/@openzeppelin/.changeset/heavy-baboons-give.md b/dependencies/@openzeppelin/.changeset/heavy-baboons-give.md new file mode 100644 index 00000000..5852748f --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/heavy-baboons-give.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Packing`: Added a new utility for packing, extracting and replacing bytesXX values. diff --git a/dependencies/@openzeppelin/.changeset/kind-planets-cough.md b/dependencies/@openzeppelin/.changeset/kind-planets-cough.md new file mode 100644 index 00000000..988e24c4 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/kind-planets-cough.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`StorageSlot`: Add primitives for operating on the transient storage space using a typed-slot representation. diff --git a/dependencies/@openzeppelin/.changeset/light-news-listen.md b/dependencies/@openzeppelin/.changeset/light-news-listen.md new file mode 100644 index 00000000..1572d908 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/light-news-listen.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`AccessManager`: Allow the `onlyAuthorized` modifier to restrict functions added to the manager. diff --git a/dependencies/@openzeppelin/.changeset/lucky-crews-eat.md b/dependencies/@openzeppelin/.changeset/lucky-crews-eat.md new file mode 100644 index 00000000..48592b5e --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/lucky-crews-eat.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Votes`: Set `_moveDelegateVotes` visibility to internal instead of private. diff --git a/dependencies/@openzeppelin/.changeset/nervous-eyes-teach.md b/dependencies/@openzeppelin/.changeset/nervous-eyes-teach.md new file mode 100644 index 00000000..f85bc66d --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/nervous-eyes-teach.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Create2`: Bubbles up returndata from a deployed contract that reverted during construction. diff --git a/dependencies/@openzeppelin/.changeset/nervous-pans-grow.md b/dependencies/@openzeppelin/.changeset/nervous-pans-grow.md new file mode 100644 index 00000000..b86a075c --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/nervous-pans-grow.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': patch +--- + +`SafeCast`: Add `toUint(bool)` for operating on `bool` values as `uint256`. diff --git a/dependencies/@openzeppelin/.changeset/nice-paws-pull.md b/dependencies/@openzeppelin/.changeset/nice-paws-pull.md new file mode 100644 index 00000000..11f48d51 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/nice-paws-pull.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`SafeERC20`: Add "relaxed" function for interacting with ERC-1363 functions in a way that is compatible with EOAs. diff --git a/dependencies/@openzeppelin/.changeset/odd-files-protect.md b/dependencies/@openzeppelin/.changeset/odd-files-protect.md new file mode 100644 index 00000000..8b334acf --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/odd-files-protect.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Hashes`: A library with commonly used hash functions. diff --git a/dependencies/@openzeppelin/.changeset/odd-lobsters-wash.md b/dependencies/@openzeppelin/.changeset/odd-lobsters-wash.md new file mode 100644 index 00000000..578f7a42 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/odd-lobsters-wash.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`P256`: Library for verification and public key recovery of P256 (aka secp256r1) signatures. diff --git a/dependencies/@openzeppelin/.changeset/poor-chefs-cheat.md b/dependencies/@openzeppelin/.changeset/poor-chefs-cheat.md new file mode 100644 index 00000000..39db3d51 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/poor-chefs-cheat.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ERC721Utils` and `ERC1155Utils`: Add reusable libraries with functions to perform acceptance checks on `IERC721Receiver` and `IERC1155Receiver` implementers. diff --git a/dependencies/@openzeppelin/.changeset/serious-carrots-provide.md b/dependencies/@openzeppelin/.changeset/serious-carrots-provide.md new file mode 100644 index 00000000..60a16580 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/serious-carrots-provide.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ERC20TemporaryApproval`: Add an ERC-20 extension that implements temporary approval using transient storage, based on ERC7674 (draft). diff --git a/dependencies/@openzeppelin/.changeset/shiny-poets-whisper.md b/dependencies/@openzeppelin/.changeset/shiny-poets-whisper.md new file mode 100644 index 00000000..92497033 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/shiny-poets-whisper.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Math`: Add `modExp` function that exposes the `EIP-198` precompile. Includes `uint256` and `bytes memory` versions. diff --git a/dependencies/@openzeppelin/.changeset/silver-swans-promise.md b/dependencies/@openzeppelin/.changeset/silver-swans-promise.md new file mode 100644 index 00000000..1d2ff2e9 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/silver-swans-promise.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Panic`: Add a library for reverting with panic codes. diff --git a/dependencies/@openzeppelin/.changeset/smart-bugs-switch.md b/dependencies/@openzeppelin/.changeset/smart-bugs-switch.md new file mode 100644 index 00000000..8a001ae5 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/smart-bugs-switch.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Math`: Custom errors replaced with native panic codes. diff --git a/dependencies/@openzeppelin/.changeset/spotty-falcons-explain.md b/dependencies/@openzeppelin/.changeset/spotty-falcons-explain.md new file mode 100644 index 00000000..28cb9519 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/spotty-falcons-explain.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Math`, `SignedMath`: Add a branchless `ternary` function that computes`cond ? a : b` in constant gas cost. diff --git a/dependencies/@openzeppelin/.changeset/spotty-queens-own.md b/dependencies/@openzeppelin/.changeset/spotty-queens-own.md new file mode 100644 index 00000000..98fb2fbc --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/spotty-queens-own.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`MerkleProof`: Add variations of `verify`, `processProof`, `multiProofVerify` and `processMultiProof` (and equivalent calldata version) with support for custom hashing functions. diff --git a/dependencies/@openzeppelin/.changeset/strong-singers-talk.md b/dependencies/@openzeppelin/.changeset/strong-singers-talk.md new file mode 100644 index 00000000..7897980c --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/strong-singers-talk.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Errors`: New library of common custom errors. diff --git a/dependencies/@openzeppelin/.changeset/thick-pumpkins-report.md b/dependencies/@openzeppelin/.changeset/thick-pumpkins-report.md new file mode 100644 index 00000000..f17a2089 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/thick-pumpkins-report.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Arrays`: add new functions `lowerBound`, `upperBound`, `lowerBoundMemory` and `upperBoundMemory` for lookups in sorted arrays with potential duplicates. diff --git a/dependencies/@openzeppelin/.changeset/thin-walls-drop.md b/dependencies/@openzeppelin/.changeset/thin-walls-drop.md new file mode 100644 index 00000000..80260020 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/thin-walls-drop.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`AccessManager`, `VestingWallet`, `TimelockController` and `ERC2771Forwarder`: Added a public `initializer` function in their corresponding upgradeable variants. diff --git a/dependencies/@openzeppelin/.changeset/tricky-bats-pretend.md b/dependencies/@openzeppelin/.changeset/tricky-bats-pretend.md new file mode 100644 index 00000000..2809d329 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/tricky-bats-pretend.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ERC1363Utils`: Add helper similar to the existing `ERC721Utils` and `ERC1155Utils` diff --git a/dependencies/@openzeppelin/.changeset/twenty-feet-grin.md b/dependencies/@openzeppelin/.changeset/twenty-feet-grin.md new file mode 100644 index 00000000..69b4fe63 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/twenty-feet-grin.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`Base64`: Add `encodeURL` following section 5 of RFC4648 for URL encoding diff --git a/dependencies/@openzeppelin/.changeset/violet-moons-tell.md b/dependencies/@openzeppelin/.changeset/violet-moons-tell.md new file mode 100644 index 00000000..be215e19 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/violet-moons-tell.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`AccessControlEnumerable`: Add a `getRoleMembers` method to return all accounts that have `role`. diff --git a/dependencies/@openzeppelin/.changeset/warm-sheep-cover.md b/dependencies/@openzeppelin/.changeset/warm-sheep-cover.md new file mode 100644 index 00000000..f0a2ebaa --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/warm-sheep-cover.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`MerkleTree`: A data structure that allows inserting elements into a merkle tree and updating its root hash. diff --git a/dependencies/@openzeppelin/.changeset/wise-bobcats-speak.md b/dependencies/@openzeppelin/.changeset/wise-bobcats-speak.md new file mode 100644 index 00000000..6ecd9695 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/wise-bobcats-speak.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`VestingWalletCliff`: Add an extension of the `VestingWallet` contract with an added cliff. diff --git a/dependencies/@openzeppelin/.changeset/witty-chicken-smile.md b/dependencies/@openzeppelin/.changeset/witty-chicken-smile.md new file mode 100644 index 00000000..6fae3e74 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/witty-chicken-smile.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ReentrancyGuardTransient`: Added a variant of `ReentrancyGuard` that uses transient storage. diff --git a/dependencies/@openzeppelin/.changeset/yellow-deers-walk.md b/dependencies/@openzeppelin/.changeset/yellow-deers-walk.md new file mode 100644 index 00000000..ad370b36 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/yellow-deers-walk.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`EnumerableMap`: add `UintToBytes32Map`, `AddressToAddressMap`, `AddressToBytes32Map` and `Bytes32ToAddressMap`. diff --git a/dependencies/@openzeppelin/.changeset/yellow-moles-hammer.md b/dependencies/@openzeppelin/.changeset/yellow-moles-hammer.md new file mode 100644 index 00000000..b13971a2 --- /dev/null +++ b/dependencies/@openzeppelin/.changeset/yellow-moles-hammer.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`SignatureChecker`: refactor `isValidSignatureNow` to avoid validating ECDSA signatures if there is code deployed at the signer's address. diff --git a/dependencies/@openzeppelin/.codecov.yml b/dependencies/@openzeppelin/.codecov.yml new file mode 100644 index 00000000..5bee9146 --- /dev/null +++ b/dependencies/@openzeppelin/.codecov.yml @@ -0,0 +1,15 @@ +comment: off +github_checks: + annotations: false +coverage: + status: + patch: + default: + target: 95% + only_pulls: true + project: + default: + threshold: 1% +ignore: + - "test" + - "contracts/mocks" diff --git a/dependencies/@openzeppelin/.editorconfig b/dependencies/@openzeppelin/.editorconfig new file mode 100644 index 00000000..f162e8d2 --- /dev/null +++ b/dependencies/@openzeppelin/.editorconfig @@ -0,0 +1,21 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = false +max_line_length = 120 + +[*.sol] +indent_size = 4 + +[*.js] +indent_size = 2 + +[*.{adoc,md}] +max_line_length = 0 diff --git a/dependencies/@openzeppelin/.eslintrc b/dependencies/@openzeppelin/.eslintrc new file mode 100644 index 00000000..a5418c5e --- /dev/null +++ b/dependencies/@openzeppelin/.eslintrc @@ -0,0 +1,20 @@ +{ + "root": true, + "extends" : [ + "eslint:recommended", + "prettier", + ], + "env": { + "es2022": true, + "browser": true, + "node": true, + "mocha": true, + }, + "globals" : { + "artifacts": "readonly", + "contract": "readonly", + "web3": "readonly", + "extendEnvironment": "readonly", + "expect": "readonly", + } +} diff --git a/dependencies/@openzeppelin/.githooks/pre-push b/dependencies/@openzeppelin/.githooks/pre-push new file mode 100755 index 00000000..f028ce58 --- /dev/null +++ b/dependencies/@openzeppelin/.githooks/pre-push @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [ "${CI:-"false"}" != "true" ]; then + npm run test:generation + npm run lint +fi diff --git a/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/bug_report.md b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..35ad097f --- /dev/null +++ b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,21 @@ +--- +name: Bug report +about: Report a bug in OpenZeppelin Contracts + +--- + + + + + +**πŸ’» Environment** + + + +**πŸ“ Details** + + + +**πŸ”’ Code to reproduce bug** + + diff --git a/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/config.yml b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..4018cef2 --- /dev/null +++ b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,4 @@ +contact_links: + - name: Questions & Support Requests + url: https://forum.openzeppelin.com/c/support/contracts/18 + about: Ask in the OpenZeppelin Forum diff --git a/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/feature_request.md b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..ff596b0c --- /dev/null +++ b/dependencies/@openzeppelin/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,14 @@ +--- +name: Feature request +about: Suggest an idea for OpenZeppelin Contracts + +--- + +**🧐 Motivation** + + +**πŸ“ Details** + + + + diff --git a/dependencies/@openzeppelin/.github/PULL_REQUEST_TEMPLATE.md b/dependencies/@openzeppelin/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..23945183 --- /dev/null +++ b/dependencies/@openzeppelin/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,20 @@ + + + + + +Fixes #???? + + + + + +#### PR Checklist + + + + + +- [ ] Tests +- [ ] Documentation +- [ ] Changeset entry (run `npx changeset add`) diff --git a/dependencies/@openzeppelin/.github/actions/gas-compare/action.yml b/dependencies/@openzeppelin/.github/actions/gas-compare/action.yml new file mode 100644 index 00000000..23a756f3 --- /dev/null +++ b/dependencies/@openzeppelin/.github/actions/gas-compare/action.yml @@ -0,0 +1,50 @@ +name: Compare gas costs +description: Compare gas costs between branches +inputs: + token: + description: github token + required: true + report: + description: report to read from + required: false + default: gasReporterOutput.json + out_report: + description: report to read + required: false + default: ${{ github.ref_name }}.gasreport.json + ref_report: + description: report to read from + required: false + default: ${{ github.base_ref }}.gasreport.json + +runs: + using: composite + steps: + - name: Download reference report + if: github.event_name == 'pull_request' + run: | + RUN_ID=`gh run list --repo ${{ github.repository }} --branch ${{ github.base_ref }} --workflow ${{ github.workflow }} --limit 100 --json 'conclusion,databaseId,event' --jq 'map(select(.conclusion=="success" and .event!="pull_request"))[0].databaseId'` + gh run download ${RUN_ID} --repo ${{ github.repository }} -n gasreport + env: + GITHUB_TOKEN: ${{ inputs.token }} + shell: bash + continue-on-error: true + id: reference + - name: Compare reports + if: steps.reference.outcome == 'success' && github.event_name == 'pull_request' + run: | + node scripts/checks/compareGasReports.js ${{ inputs.report }} ${{ inputs.ref_report }} >> $GITHUB_STEP_SUMMARY + env: + STYLE: markdown + shell: bash + - name: Rename report for upload + if: github.event_name != 'pull_request' + run: | + mv ${{ inputs.report }} ${{ inputs.out_report }} + shell: bash + - name: Save report + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@v3 + with: + name: gasreport + path: ${{ inputs.out_report }} diff --git a/dependencies/@openzeppelin/.github/actions/setup/action.yml b/dependencies/@openzeppelin/.github/actions/setup/action.yml new file mode 100644 index 00000000..b68fec64 --- /dev/null +++ b/dependencies/@openzeppelin/.github/actions/setup/action.yml @@ -0,0 +1,22 @@ +name: Setup +description: Common environment setup + +runs: + using: composite + steps: + - uses: actions/setup-node@v4 + with: + node-version: 20.x + - uses: actions/cache@v4 + id: cache + with: + path: '**/node_modules' + key: npm-v3-${{ hashFiles('**/package-lock.json') }} + - name: Install dependencies + run: npm ci + shell: bash + if: steps.cache.outputs.cache-hit != 'true' + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly diff --git a/dependencies/@openzeppelin/.github/actions/storage-layout/action.yml b/dependencies/@openzeppelin/.github/actions/storage-layout/action.yml new file mode 100644 index 00000000..573564b6 --- /dev/null +++ b/dependencies/@openzeppelin/.github/actions/storage-layout/action.yml @@ -0,0 +1,56 @@ +name: Compare storage layouts +description: Compare storage layouts between branches +inputs: + token: + description: github token + required: true + buildinfo: + description: compilation artifacts + required: false + default: artifacts/build-info/*.json + layout: + description: extracted storage layout + required: false + default: HEAD.layout.json + out_layout: + description: storage layout to upload + required: false + default: ${{ github.ref_name }}.layout.json + ref_layout: + description: storage layout for the reference branch + required: false + default: ${{ github.base_ref }}.layout.json + +runs: + using: composite + steps: + - name: Extract layout + run: | + node scripts/checks/extract-layout.js ${{ inputs.buildinfo }} > ${{ inputs.layout }} + shell: bash + - name: Download reference + if: github.event_name == 'pull_request' + run: | + RUN_ID=`gh run list --repo ${{ github.repository }} --branch ${{ github.base_ref }} --workflow ${{ github.workflow }} --limit 100 --json 'conclusion,databaseId,event' --jq 'map(select(.conclusion=="success" and .event!="pull_request"))[0].databaseId'` + gh run download ${RUN_ID} --repo ${{ github.repository }} -n layout + env: + GITHUB_TOKEN: ${{ inputs.token }} + shell: bash + continue-on-error: true + id: reference + - name: Compare layouts + if: steps.reference.outcome == 'success' && github.event_name == 'pull_request' + run: | + node scripts/checks/compare-layout.js --head ${{ inputs.layout }} --ref ${{ inputs.ref_layout }} + shell: bash + - name: Rename artifacts for upload + if: github.event_name != 'pull_request' + run: | + mv ${{ inputs.layout }} ${{ inputs.out_layout }} + shell: bash + - name: Save artifacts + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@v3 + with: + name: layout + path: ${{ inputs.out_layout }} diff --git a/dependencies/@openzeppelin/.github/workflows/actionlint.yml b/dependencies/@openzeppelin/.github/workflows/actionlint.yml new file mode 100644 index 00000000..3e42c8a2 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/actionlint.yml @@ -0,0 +1,18 @@ +name: lint workflows + +on: + pull_request: + paths: + - '.github/**/*.ya?ml' + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Add problem matchers + run: | + # https://github.com/rhysd/actionlint/blob/3a2f2c7/docs/usage.md#problem-matchers + curl -LO https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json + echo "::add-matcher::actionlint-matcher.json" + - uses: docker://rhysd/actionlint:latest diff --git a/dependencies/@openzeppelin/.github/workflows/changeset.yml b/dependencies/@openzeppelin/.github/workflows/changeset.yml new file mode 100644 index 00000000..efc5c534 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/changeset.yml @@ -0,0 +1,28 @@ +name: changeset + +on: + pull_request: + branches: + - master + types: + - opened + - synchronize + - labeled + - unlabeled + +concurrency: + group: changeset-${{ github.ref }} + cancel-in-progress: true + +jobs: + check: + runs-on: ubuntu-latest + if: ${{ !contains(github.event.pull_request.labels.*.name, 'ignore-changeset') }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Include history so Changesets finds merge-base + - name: Set up environment + uses: ./.github/actions/setup + - name: Check changeset + run: npx changeset status --since=origin/${{ github.base_ref }} diff --git a/dependencies/@openzeppelin/.github/workflows/checks.yml b/dependencies/@openzeppelin/.github/workflows/checks.yml new file mode 100644 index 00000000..9d338bb6 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/checks.yml @@ -0,0 +1,132 @@ +name: checks + +on: + push: + branches: + - master + - next-v* + - release-v* + pull_request: {} + workflow_dispatch: {} + +concurrency: + group: checks-${{ github.ref }} + cancel-in-progress: true + +env: + NODE_OPTIONS: --max_old_space_size=8192 + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - run: npm run lint + + tests: + runs-on: ubuntu-latest + env: + FORCE_COLOR: 1 + # Needed for "eth-gas-reporter" to produce a "gasReporterOutput.json" as documented in + # https://github.com/cgewecke/eth-gas-reporter/blob/v0.2.27/docs/gasReporterOutput.md + CI: true + GAS: true + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - name: Run tests and generate gas report + run: npm run test + - name: Check linearisation of the inheritance graph + run: npm run test:inheritance + - name: Check proceduraly generated contracts are up-to-date + run: npm run test:generation + - name: Compare gas costs + uses: ./.github/actions/gas-compare + with: + token: ${{ github.token }} + + tests-upgradeable: + runs-on: ubuntu-latest + env: + FORCE_COLOR: 1 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Include history so patch conflicts are resolved automatically + - name: Set up environment + uses: ./.github/actions/setup + - name: Copy non-upgradeable contracts as dependency + run: | + mkdir -p lib/openzeppelin-contracts + cp -rnT contracts lib/openzeppelin-contracts/contracts + - name: Transpile to upgradeable + run: bash scripts/upgradeable/transpile.sh + - name: Run tests + run: npm run test + - name: Check linearisation of the inheritance graph + run: npm run test:inheritance + - name: Check storage layout + uses: ./.github/actions/storage-layout + continue-on-error: ${{ contains(github.event.pull_request.labels.*.name, 'breaking change') }} + with: + token: ${{ github.token }} + + tests-foundry: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - name: Set up environment + uses: ./.github/actions/setup + - name: Run tests + run: forge test -vv + + coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - name: Run coverage + run: npm run coverage + - uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + + harnesses: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - name: Compile harnesses + run: | + make -C certora apply + npm run compile:harnesses + + slither: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - run: rm foundry.toml + - uses: crytic/slither-action@v0.4.0 + with: + node-version: 18.15 + slither-version: 0.10.1 + + codespell: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run CodeSpell + uses: codespell-project/actions-codespell@v2.1 + with: + check_hidden: true + check_filenames: true + skip: package-lock.json,*.pdf diff --git a/dependencies/@openzeppelin/.github/workflows/docs.yml b/dependencies/@openzeppelin/.github/workflows/docs.yml new file mode 100644 index 00000000..04b8131c --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/docs.yml @@ -0,0 +1,19 @@ +name: Build Docs + +on: + push: + branches: [release-v*] + +permissions: + contents: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - run: bash scripts/git-user-config.sh + - run: node scripts/update-docs-branch.js + - run: git push --all origin diff --git a/dependencies/@openzeppelin/.github/workflows/formal-verification.yml b/dependencies/@openzeppelin/.github/workflows/formal-verification.yml new file mode 100644 index 00000000..e0475b19 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/formal-verification.yml @@ -0,0 +1,86 @@ +name: formal verification + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - labeled + workflow_dispatch: {} + +env: + PIP_VERSION: '3.11' + JAVA_VERSION: '11' + SOLC_VERSION: '0.8.20' + +concurrency: ${{ github.workflow }}-${{ github.ref }} + +jobs: + apply-diff: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Apply patches + run: make -C certora apply + + verify: + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'formal-verification') + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up environment + uses: ./.github/actions/setup + - name: identify specs that need to be run + id: arguments + run: | + if [[ ${{ github.event_name }} = 'pull_request' ]]; + then + RESULT=$(git diff ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} --name-only certora/specs/*.spec | while IFS= read -r file; do [[ -f $file ]] && basename "${file%.spec}"; done | tr "\n" " ") + else + RESULT='--all' + fi + echo "result=$RESULT" >> "$GITHUB_OUTPUT" + - name: Install python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PIP_VERSION }} + cache: 'pip' + cache-dependency-path: 'fv-requirements.txt' + - name: Install python packages + run: pip install -r fv-requirements.txt + - name: Install java + uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: ${{ env.JAVA_VERSION }} + - name: Install solc + run: | + wget https://github.com/ethereum/solidity/releases/download/v${{ env.SOLC_VERSION }}/solc-static-linux + sudo mv solc-static-linux /usr/local/bin/solc + chmod +x /usr/local/bin/solc + - name: Verify specification + run: | + make -C certora apply + node certora/run.js ${{ steps.arguments.outputs.result }} >> "$GITHUB_STEP_SUMMARY" + env: + CERTORAKEY: ${{ secrets.CERTORAKEY }} + + halmos: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - name: Install python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PIP_VERSION }} + cache: 'pip' + cache-dependency-path: 'fv-requirements.txt' + - name: Install python packages + run: pip install -r fv-requirements.txt + - name: Run Halmos + run: halmos --match-test '^symbolic|^testSymbolic' -vv diff --git a/dependencies/@openzeppelin/.github/workflows/release-cycle.yml b/dependencies/@openzeppelin/.github/workflows/release-cycle.yml new file mode 100644 index 00000000..fc129550 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/release-cycle.yml @@ -0,0 +1,212 @@ +# D: Manual Dispatch +# M: Merge release PR +# C: Commit +# β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +# β”‚Developmentβ”œβ”€β”€D──►RC-Unreleasedβ”‚ β”Œβ”€β”€β–ΊFinal-Unreleasedβ”‚ +# β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β–²β”€β”˜ β”‚ β””β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–²β”€β”˜ +# β”‚ β”‚ β”‚ β”‚ β”‚ +# M C D M C +# β”‚ β”‚ β”‚ β”‚ β”‚ +# β”Œβ–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β” β”‚ β”Œβ–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β” +# β”‚RC-Releasedβ”œβ”€β”€β”€β”˜ β”‚Final-Releasedβ”‚ +# β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +name: Release Cycle + +on: + push: + branches: + - release-v* + workflow_dispatch: {} + +concurrency: ${{ github.workflow }}-${{ github.ref }} + +jobs: + state: + name: Check state + permissions: + pull-requests: read + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - id: state + name: Get state + uses: actions/github-script@v7 + env: + TRIGGERING_ACTOR: ${{ github.triggering_actor }} + with: + result-encoding: string + script: await require('./scripts/release/workflow/state.js')({ github, context, core }) + outputs: + # Job Flags + start: ${{ steps.state.outputs.start }} + changesets: ${{ steps.state.outputs.changesets }} + promote: ${{ steps.state.outputs.promote }} + publish: ${{ steps.state.outputs.publish }} + merge: ${{ steps.state.outputs.merge }} + + # Global variables + is_prerelease: ${{ steps.state.outputs.is_prerelease }} + + start: + needs: state + name: Start new release candidate + permissions: + contents: write + actions: write + if: needs.state.outputs.start == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - run: bash scripts/git-user-config.sh + - id: start + name: Create branch with release candidate + run: bash scripts/release/workflow/start.sh + - name: Re-run workflow + uses: actions/github-script@v7 + env: + REF: ${{ steps.start.outputs.branch }} + with: + script: await require('./scripts/release/workflow/rerun.js')({ github, context }) + + promote: + needs: state + name: Promote to final release + permissions: + contents: write + actions: write + if: needs.state.outputs.promote == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - run: bash scripts/git-user-config.sh + - name: Exit prerelease state + if: needs.state.outputs.is_prerelease == 'true' + run: bash scripts/release/workflow/exit-prerelease.sh + - name: Re-run workflow + uses: actions/github-script@v7 + with: + script: await require('./scripts/release/workflow/rerun.js')({ github, context }) + + changesets: + needs: state + name: Update PR to release + permissions: + contents: write + pull-requests: write + if: needs.state.outputs.changesets == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # To get all tags + - name: Set up environment + uses: ./.github/actions/setup + - name: Set release title + uses: actions/github-script@v7 + with: + result-encoding: string + script: await require('./scripts/release/workflow/set-changesets-pr-title.js')({ core }) + - name: Create PR + uses: changesets/action@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PRERELEASE: ${{ needs.state.outputs.is_prerelease }} + with: + version: npm run version + title: ${{ env.TITLE }} + commit: ${{ env.TITLE }} + body: | # Wait for support on this https://github.com/changesets/action/pull/250 + This is an automated PR for releasing ${{ github.repository }} + Check [CHANGELOG.md](${{ github.repository }}/CHANGELOG.md) + + publish: + needs: state + name: Publish to npm + environment: npm + permissions: + contents: write + if: needs.state.outputs.publish == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up environment + uses: ./.github/actions/setup + - id: pack + name: Pack + run: bash scripts/release/workflow/pack.sh + env: + PRERELEASE: ${{ needs.state.outputs.is_prerelease }} + - name: Upload tarball artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ github.ref_name }} + path: ${{ steps.pack.outputs.tarball }} + - name: Publish + run: bash scripts/release/workflow/publish.sh + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + TARBALL: ${{ steps.pack.outputs.tarball }} + TAG: ${{ steps.pack.outputs.tag }} + - name: Create Github Release + uses: actions/github-script@v7 + env: + PRERELEASE: ${{ needs.state.outputs.is_prerelease }} + with: + script: await require('./scripts/release/workflow/github-release.js')({ github, context }) + outputs: + tarball_name: ${{ steps.pack.outputs.tarball_name }} + + integrity_check: + needs: publish + name: Tarball Integrity Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Download tarball artifact + id: artifact + uses: actions/download-artifact@v4 + with: + name: ${{ github.ref_name }} + - name: Check integrity + run: bash scripts/release/workflow/integrity-check.sh + env: + TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }} + + merge: + needs: state + name: Create PR back to master + permissions: + contents: write + pull-requests: write + if: needs.state.outputs.merge == 'true' + runs-on: ubuntu-latest + env: + MERGE_BRANCH: merge/${{ github.ref_name }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # All branches + - name: Set up environment + uses: ./.github/actions/setup + - run: bash scripts/git-user-config.sh + - name: Create branch to merge + run: | + git checkout -B "$MERGE_BRANCH" "$GITHUB_REF_NAME" + git push -f origin "$MERGE_BRANCH" + - name: Create PR back to master + uses: actions/github-script@v7 + with: + script: | + await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + head: process.env.MERGE_BRANCH, + base: 'master', + title: '${{ format('Merge {0} branch', github.ref_name) }}' + }); diff --git a/dependencies/@openzeppelin/.github/workflows/upgradeable.yml b/dependencies/@openzeppelin/.github/workflows/upgradeable.yml new file mode 100644 index 00000000..46bf15a4 --- /dev/null +++ b/dependencies/@openzeppelin/.github/workflows/upgradeable.yml @@ -0,0 +1,34 @@ +name: transpile upgradeable + +on: + push: + branches: + - master + - release-v* + +jobs: + transpile: + environment: push-upgradeable + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: OpenZeppelin/openzeppelin-contracts-upgradeable + fetch-depth: 0 + token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} + - name: Fetch current non-upgradeable branch + run: | + git fetch "$REMOTE" master # Fetch default branch first for patch to apply cleanly + git fetch "$REMOTE" "$REF" + git checkout FETCH_HEAD + env: + REF: ${{ github.ref }} + REMOTE: https://github.com/${{ github.repository }}.git + - name: Set up environment + uses: ./.github/actions/setup + - run: bash scripts/git-user-config.sh + - name: Transpile to upgradeable + run: bash scripts/upgradeable/transpile-onto.sh ${{ github.ref_name }} origin/${{ github.ref_name }} + env: + SUBMODULE_REMOTE: https://github.com/${{ github.repository }}.git + - run: git push origin ${{ github.ref_name }} diff --git a/dependencies/@openzeppelin/.gitignore b/dependencies/@openzeppelin/.gitignore new file mode 100644 index 00000000..b2b1eab1 --- /dev/null +++ b/dependencies/@openzeppelin/.gitignore @@ -0,0 +1,66 @@ +*.swp +*.swo + +# Logs +logs +*.log + +# Runtime data +pids +*.pid +*.seed +allFiredEvents +scTopics + +# Coverage directory used by tools like istanbul +coverage +coverage.json +coverageEnv + +# node-waf configuration +.lock-wscript + +# Dependency directory +node_modules + +# Debug log from npm +npm-debug.log + +# local env variables +.env + +# macOS +.DS_Store + +# IntelliJ IDE +.idea + +# docs artifacts +docs/modules/api + +# only used to package @openzeppelin/contracts +contracts/build/ +contracts/README.md + +# temporary artifact from solidity-coverage +allFiredEvents +.coverage_artifacts +.coverage_cache +.coverage_contracts + +# hardat-exposed +contracts-exposed + +# Hardhat +/cache +/artifacts + +# Foundry +/out +/cache_forge + +# Certora +.certora* +.last_confs +certora_* +.zip-output-url.txt diff --git a/dependencies/@openzeppelin/.gitmodules b/dependencies/@openzeppelin/.gitmodules new file mode 100644 index 00000000..4939cd2b --- /dev/null +++ b/dependencies/@openzeppelin/.gitmodules @@ -0,0 +1,10 @@ +[submodule "lib/forge-std"] + branch = v1 + path = lib/forge-std + url = https://github.com/foundry-rs/forge-std +[submodule "lib/erc4626-tests"] + path = lib/erc4626-tests + url = https://github.com/a16z/erc4626-tests.git +[submodule "lib/halmos-cheatcodes"] + path = lib/halmos-cheatcodes + url = https://github.com/a16z/halmos-cheatcodes diff --git a/dependencies/@openzeppelin/.mocharc.js b/dependencies/@openzeppelin/.mocharc.js new file mode 100644 index 00000000..920662db --- /dev/null +++ b/dependencies/@openzeppelin/.mocharc.js @@ -0,0 +1,4 @@ +module.exports = { + require: 'hardhat/register', + timeout: 4000, +}; diff --git a/dependencies/@openzeppelin/.prettierrc b/dependencies/@openzeppelin/.prettierrc new file mode 100644 index 00000000..39c004c7 --- /dev/null +++ b/dependencies/@openzeppelin/.prettierrc @@ -0,0 +1,15 @@ +{ + "printWidth": 120, + "singleQuote": true, + "trailingComma": "all", + "arrowParens": "avoid", + "overrides": [ + { + "files": "*.sol", + "options": { + "singleQuote": false + } + } + ], + "plugins": ["prettier-plugin-solidity"] +} diff --git a/dependencies/@openzeppelin/.solcover.js b/dependencies/@openzeppelin/.solcover.js new file mode 100644 index 00000000..f079998c --- /dev/null +++ b/dependencies/@openzeppelin/.solcover.js @@ -0,0 +1,21 @@ +module.exports = { + norpc: true, + testCommand: 'npm test', + compileCommand: 'npm run compile', + skipFiles: ['mocks'], + providerOptions: { + default_balance_ether: '10000000000000000000000000', + }, + mocha: { + fgrep: '[skip-on-coverage]', + invert: true, + }, + // Work around stack too deep for coverage + configureYulOptimizer: true, + solcOptimizerDetails: { + yul: true, + yulDetails: { + optimizerSteps: '', + }, + }, +}; diff --git a/dependencies/@openzeppelin/CHANGELOG.md b/dependencies/@openzeppelin/CHANGELOG.md new file mode 100644 index 00000000..f327a1cb --- /dev/null +++ b/dependencies/@openzeppelin/CHANGELOG.md @@ -0,0 +1,1037 @@ +# Changelog + +### Breaking changes + +- `ERC1967Utils`: Removed duplicate declaration of the `Upgraded`, `AdminChanged` and `BeaconUpgraded` events. These events are still available through the `IERC1967` interface located under the `contracts/interfaces/` directory. Minimum pragma version is now 0.8.21. +- `Governor`, `GovernorCountingSimple`: The `_countVotes` virtual function now returns an `uint256` with the total votes casted. This change allows for more flexibility for partial and fractional voting. Upgrading users may get a compilation error that can be fixed by adding a return statement to the `_countVotes` function. + +### Custom error changes + +This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly: + +- Replace `Address.FailedInnerCall` with `Errors.FailedCall` +- Replace `Address.AddressInsufficientBalance` with `Errors.InsufficientBalance` +- Replace `Clones.Create2InsufficientBalance` with `Errors.InsufficientBalance` +- Replace `Clones.ERC1167FailedCreateClone` with `Errors.FailedDeployment` +- Replace `Clones.Create2FailedDeployment` with `Errors.FailedDeployment` +- `SafeERC20`: Replace `Address.AddressEmptyCode` with `SafeERC20FailedOperation` if there is no code at the token's address. +- `SafeERC20`: Replace generic `Error(string)` with `SafeERC20FailedOperation` if the returned data can't be decoded as `bool`. +- `SafeERC20`: Replace generic `SafeERC20FailedOperation` with the revert message from the contract call if it fails. + +## 5.0.2 (2024-02-29) + +- `Base64`: Fix issue where dirty memory located just after the input buffer is affecting the result. ([#4926](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4926)) + +## 5.0.1 (2023-12-07) + +- `ERC2771Context` and `Context`: Introduce a `_contextPrefixLength()` getter, used to trim extra information appended to `msg.data`. +- `Multicall`: Make aware of non-canonical context (i.e. `msg.sender` is not `_msgSender()`), allowing compatibility with `ERC2771Context`. + +## 5.0.0 (2023-10-05) + +### Additions Summary + +The following contracts and libraries were added: + +- `AccessManager`: A consolidated system for managing access control in complex systems. + - `AccessManaged`: A module for connecting a contract to an authority in charge of its access control. + - `GovernorTimelockAccess`: An adapter for time-locking governance proposals using an `AccessManager`. + - `AuthorityUtils`: A library of utilities for interacting with authority contracts. +- `GovernorStorage`: A Governor module that stores proposal details in storage. +- `ERC2771Forwarder`: An ERC2771 forwarder for meta transactions. +- `ERC1967Utils`: A library with ERC1967 events, errors and getters. +- `Nonces`: An abstraction for managing account nonces. +- `MessageHashUtils`: A library for producing digests for ECDSA operations. +- `Time`: A library with helpers for manipulating time-related objects. + +### Removals Summary + +The following contracts, libraries, and functions were removed: + +- `Address.isContract` (because of its ambiguous nature and potential for misuse) +- `Checkpoints.History` +- `Counters` +- `ERC20Snapshot` +- `ERC20VotesComp` +- `ERC165Storage` (in favor of inheritance based approach) +- `ERC777` +- `ERC1820Implementer` +- `GovernorVotesComp` +- `GovernorProposalThreshold` (deprecated since 4.4) +- `PaymentSplitter` +- `PullPayment` +- `SafeMath` +- `SignedSafeMath` +- `Timers` +- `TokenTimelock` (in favor of `VestingWallet`) +- All escrow contracts (`Escrow`, `ConditionalEscrow` and `RefundEscrow`) +- All cross-chain contracts, including `AccessControlCrossChain` and all the vendored bridge interfaces +- All presets in favor of [OpenZeppelin Contracts Wizard](https://wizard.openzeppelin.com/) + +These removals were implemented in the following PRs: [#3637](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3637), [#3880](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3880), [#3945](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3945), [#4258](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4258), [#4276](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4276), [#4289](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4289) + +### Changes by category + +#### General + +- Replaced revert strings and require statements with custom errors. ([#4261](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4261)) +- Bumped minimum compiler version required to 0.8.20 ([#4288](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4288), [#4489](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4489)) +- Use of `abi.encodeCall` in place of `abi.encodeWithSelector` and `abi.encodeWithSignature` for improved type-checking of parameters ([#4293](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4293)) +- Replaced some uses of `abi.encodePacked` with clearer alternatives (e.g. `bytes.concat`, `string.concat`). ([#4504](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4504)) ([#4296](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4296)) +- Overrides are now used internally for a number of functions that were previously hardcoded to their default implementation in certain locations: `ERC1155Supply.totalSupply`, `ERC721.ownerOf`, `ERC721.balanceOf` and `ERC721.totalSupply` in `ERC721Enumerable`, `ERC20.totalSupply` in `ERC20FlashMint`, and `ERC1967._getImplementation` in `ERC1967Proxy`. ([#4299](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4299)) +- Removed the `override` specifier from functions that only override a single interface function. ([#4315](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4315)) +- Switched to using explicit Solidity import statements. Some previously available symbols may now have to be separately imported. ([#4399](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4399)) +- `Governor`, `Initializable`, and `UUPSUpgradeable`: Use internal functions in modifiers to optimize bytecode size. ([#4472](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4472)) +- Upgradeable contracts now use namespaced storage (EIP-7201). ([#4534](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4534)) +- Upgradeable contracts no longer transpile interfaces and libraries. ([#4628](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4628)) + +#### Access + +- `Ownable`: Added an `initialOwner` parameter to the constructor, making the ownership initialization explicit. ([#4267](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4267)) +- `Ownable`: Prevent using address(0) as the initial owner. ([#4531](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4531)) +- `AccessControl`: Added a boolean return value to the internal `_grantRole` and `_revokeRole` functions indicating whether the role was granted or revoked. ([#4241](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4241)) +- `access`: Moved `AccessControl` extensions to a dedicated directory. ([#4359](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4359)) +- `AccessManager`: Added a new contract for managing access control of complex systems in a consolidated location. ([#4121](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4121)) +- `AccessManager`, `AccessManaged`, `GovernorTimelockAccess`: Ensure that calldata shorter than 4 bytes is not padded to 4 bytes. ([#4624](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4624)) +- `AccessManager`: Use named return parameters in functions that return multiple values. ([#4624](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4624)) +- `AccessManager`: Make `schedule` and `execute` more conservative when delay is 0. ([#4644](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4644)) + +#### Finance + +- `VestingWallet`: Fixed revert during 1 second time window when duration is 0. ([#4502](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4502)) +- `VestingWallet`: Use `Ownable` instead of an immutable `beneficiary`. ([#4508](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4508)) + +#### Governance + +- `Governor`: Optimized use of storage for proposal data ([#4268](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4268)) +- `Governor`: Added validation in ERC1155 and ERC721 receiver hooks to ensure Governor is the executor. ([#4314](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4314)) +- `Governor`: Refactored internals to implement common queuing logic in the core module of the Governor. Added `queue` and `_queueOperations` functions that act at different levels. Modules that implement queuing via timelocks are expected to override `_queueOperations` to implement the timelock-specific logic. Added `_executeOperations` as the equivalent for execution. ([#4360](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4360)) +- `Governor`: Added `voter` and `nonce` parameters in signed ballots, to avoid forging signatures for random addresses, prevent signature replay, and allow invalidating signatures. Add `voter` as a new parameter in the `castVoteBySig` and `castVoteWithReasonAndParamsBySig` functions. ([#4378](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4378)) +- `Governor`: Added support for casting votes with ERC-1271 signatures by using a `bytes memory signature` instead of `r`, `s` and `v` arguments in the `castVoteBySig` and `castVoteWithReasonAndParamsBySig` functions. ([#4418](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4418)) +- `Governor`: Added a mechanism to restrict the address of the proposer using a suffix in the description. +- `GovernorStorage`: Added a new governor extension that stores the proposal details in storage, with an interface that operates on `proposalId`, as well as proposal enumerability. This replaces the old `GovernorCompatibilityBravo` module. ([#4360](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4360)) +- `GovernorTimelockAccess`: Added a module to connect a governor with an instance of `AccessManager`, allowing the governor to make calls that are delay-restricted by the manager using the normal `queue` workflow. ([#4523](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4523)) +- `GovernorTimelockControl`: Clean up timelock id on execution for gas refund. ([#4118](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4118)) +- `GovernorTimelockControl`: Added the Governor instance address as part of the TimelockController operation `salt` to avoid operation id collisions between governors using the same TimelockController. ([#4432](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4432)) +- `TimelockController`: Changed the role architecture to use `DEFAULT_ADMIN_ROLE` as the admin for all roles, instead of the bespoke `TIMELOCK_ADMIN_ROLE` that was used previously. This aligns with the general recommendation for `AccessControl` and makes the addition of new roles easier. Accordingly, the `admin` parameter and timelock will now be granted `DEFAULT_ADMIN_ROLE` instead of `TIMELOCK_ADMIN_ROLE`. ([#3799](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3799)) +- `TimelockController`: Added a state getter that returns an `OperationState` enum. ([#4358](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4358)) +- `Votes`: Use Trace208 for checkpoints. This enables EIP-6372 clock support for keys but reduces the max supported voting power to uint208. ([#4539](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4539)) + +#### Metatx + +- `ERC2771Forwarder`: Added `deadline` for expiring transactions, batching, and more secure handling of `msg.value`. ([#4346](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4346)) +- `ERC2771Context`: Return the forwarder address whenever the `msg.data` of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. `msg.data.length` is less than 20 bytes), as specified by ERC-2771. ([#4481](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481)) +- `ERC2771Context`: Prevent revert in `_msgData()` when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. `msg.data.length` is less than 20 bytes). Return the full calldata in that case. ([#4484](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484)) + +#### Proxy + +- `ProxyAdmin`: Removed `getProxyAdmin` and `getProxyImplementation` getters. ([#3820](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3820)) +- `TransparentUpgradeableProxy`: Removed `admin` and `implementation` getters, which were only callable by the proxy owner and thus not very useful. ([#3820](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3820)) +- `ERC1967Utils`: Refactored the `ERC1967Upgrade` abstract contract as a library. ([#4325](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4325)) +- `TransparentUpgradeableProxy`: Admin is now stored in an immutable variable (set during construction) to avoid unnecessary storage reads on every proxy call. This removed the ability to ever change the admin. Transfer of the upgrade capability is exclusively handled through the ownership of the `ProxyAdmin`. ([#4354](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4354)) +- Moved the logic to validate ERC-1822 during an upgrade from `ERC1967Utils` to `UUPSUpgradeable`. ([#4356](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4356)) +- `UUPSUpgradeable`, `TransparentUpgradeableProxy` and `ProxyAdmin`: Removed `upgradeTo` and `upgrade` functions, and made `upgradeToAndCall` and `upgradeAndCall` ignore the data argument if it is empty. It is no longer possible to invoke the receive function (or send value with empty data) along with an upgrade. ([#4382](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4382)) +- `BeaconProxy`: Reject value in initialization unless a payable function is explicitly invoked. ([#4382](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4382)) +- `Proxy`: Removed redundant `receive` function. ([#4434](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4434)) +- `BeaconProxy`: Use an immutable variable to store the address of the beacon. It is no longer possible for a `BeaconProxy` to upgrade by changing to another beacon. ([#4435](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4435)) +- `Initializable`: Use the namespaced storage pattern to avoid putting critical variables in slot 0. Allow reinitializer versions greater than 256. ([#4460](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4460)) +- `Initializable`: Use intermediate variables to improve readability. ([#4576](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4576)) + +#### Token + +- `ERC20`, `ERC721`, `ERC1155`: Deleted `_beforeTokenTransfer` and `_afterTokenTransfer` hooks, added a new internal `_update` function for customizations, and refactored all extensions using those hooks to use `_update` instead. ([#3838](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3838), [#3876](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3876), [#4377](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4377)) +- `ERC20`: Removed `Approval` event previously emitted in `transferFrom` to indicate that part of the allowance was consumed. With this change, allowances are no longer reconstructible from events. See the code for guidelines on how to re-enable this event if needed. ([#4370](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4370)) +- `ERC20`: Removed the non-standard `increaseAllowance` and `decreaseAllowance` functions. ([#4585](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4585)) +- `ERC20Votes`: Changed internal vote accounting to reusable `Votes` module previously used by `ERC721Votes`. Removed implicit `ERC20Permit` inheritance. Note that the `DOMAIN_SEPARATOR` getter was previously guaranteed to be available for `ERC20Votes` contracts, but is no longer available unless `ERC20Permit` is explicitly used; ERC-5267 support is included in `ERC20Votes` with `EIP712` and is recommended as an alternative. ([#3816](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3816)) +- `SafeERC20`: Refactored `safeDecreaseAllowance` and `safeIncreaseAllowance` to support USDT-like tokens. ([#4260](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4260)) +- `SafeERC20`: Removed `safePermit` in favor of documentation-only `permit` recommendations. Based on recommendations from @trust1995 ([#4582](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4582)) +- `ERC721`: `_approve` no longer allows approving the owner of the tokenId. ([#4377](https://github.com/OpenZeppelin/openzeppelin-contracts/issues/4377)) `_setApprovalForAll` no longer allows setting address(0) as an operator. ([#4377](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4377)) +- `ERC721`: Renamed `_requireMinted` to `_requireOwned` and added a return value with the current owner. Implemented `ownerOf` in terms of `_requireOwned`. ([#4566](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4566)) +- `ERC721Consecutive`: Added a `_firstConsecutiveId` internal function that can be overridden to change the id of the first token minted through `_mintConsecutive`. ([#4097](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4097)) +- `ERC721URIStorage`: Allow setting the token URI prior to minting. ([#4559](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4559)) +- `ERC721URIStorage`, `ERC721Royalty`: Stop resetting token-specific URI and royalties when burning. ([#4561](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4561)) +- `ERC1155`: Optimized array allocation. ([#4196](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4196)) +- `ERC1155`: Removed check for address zero in `balanceOf`. ([#4263](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4263)) +- `ERC1155`: Optimized array accesses by skipping bounds checking when unnecessary. ([#4300](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4300)) +- `ERC1155`: Bubble errors triggered in the `onERC1155Received` and `onERC1155BatchReceived` hooks. ([#4314](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4314)) +- `ERC1155Supply`: Added a `totalSupply()` function that returns the total amount of token circulating, this change will restrict the total tokens minted across all ids to 2\*\*256-1 . ([#3962](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3962)) +- `ERC1155Receiver`: Removed in favor of `ERC1155Holder`. ([#4450](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4450)) + +#### Utils + +- `Address`: Removed the ability to customize error messages. A common custom error is always used if the underlying revert reason cannot be bubbled up. ([#4502](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4502)) +- `Arrays`: Added `unsafeMemoryAccess` helpers to read from a memory array without checking the length. ([#4300](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4300)) +- `Arrays`: Optimized `findUpperBound` by removing redundant SLOAD. ([#4442](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4442)) +- `Checkpoints`: Library moved from `utils` to `utils/structs` ([#4275](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4275)) +- `DoubleEndedQueue`: Refactored internal structure to use `uint128` instead of `int128`. This has no effect on the library interface. ([#4150](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4150)) +- `ECDSA`: Use unchecked arithmetic for the `tryRecover` function that receives the `r` and `vs` short-signature fields separately. ([#4301](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4301)) +- `EIP712`: Added internal getters for the name and version strings ([#4303](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4303)) +- `Math`: Makes `ceilDiv` to revert on 0 division even if the numerator is 0 ([#4348](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4348)) +- `Math`: Optimized stack operations in `mulDiv`. ([#4494](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4494)) +- `Math`: Renamed members of `Rounding` enum, and added a new rounding mode for "away from zero". ([#4455](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4455)) +- `MerkleProof`: Use custom error to report invalid multiproof instead of reverting with overflow panic. ([#4564](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4564)) +- `MessageHashUtils`: Added a new library for creating message digest to be used along with signing or recovery such as ECDSA or ERC-1271. These functions are moved from the `ECDSA` library. ([#4430](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4430)) +- `Nonces`: Added a new contract to keep track of user nonces. Used for signatures in `ERC20Permit`, `ERC20Votes`, and `ERC721Votes`. ([#3816](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3816)) +- `ReentrancyGuard`, `Pausable`: Moved to `utils` directory. ([#4551](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4551)) +- `Strings`: Renamed `toString(int256)` to `toStringSigned(int256)`. ([#4330](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4330)) +- Optimized `Strings.equal` ([#4262](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4262)) + +### How to migrate from 4.x + +#### ERC20, ERC721, and ERC1155 + +These breaking changes will require modifications to ERC20, ERC721, and ERC1155 contracts, since the `_afterTokenTransfer` and `_beforeTokenTransfer` functions were removed. Thus, any customization made through those hooks should now be done overriding the new `_update` function instead. + +Minting and burning are implemented by `_update` and customizations should be done by overriding this function as well. `_transfer`, `_mint` and `_burn` are no longer virtual (meaning they are not overridable) to guard against possible inconsistencies. + +For example, a contract using `ERC20`'s `_beforeTokenTransfer` hook would have to be changed in the following way. + +```diff +-function _beforeTokenTransfer( ++function _update( + address from, + address to, + uint256 amount + ) internal virtual override { +- super._beforeTokenTransfer(from, to, amount); + require(!condition(), "ERC20: wrong condition"); ++ super._update(from, to, amount); + } +``` + +#### More about ERC721 + +In the case of `ERC721`, the `_update` function does not include a `from` parameter, as the sender is implicitly the previous owner of the `tokenId`. The address of this previous owner is returned by the `_update` function, so it can be used for a posteriori checks. In addition to `to` and `tokenId`, a third parameter (`auth`) is present in this function. This parameter enabled an optional check that the caller/spender is approved to do the transfer. This check cannot be performed after the transfer (because the transfer resets the approval), and doing it before `_update` would require a duplicate call to `_ownerOf`. + +In this logic of removing hidden SLOADs, the `_isApprovedOrOwner` function was removed in favor of a new `_isAuthorized` function. Overrides that used to target the `_isApprovedOrOwner` should now be performed on the `_isAuthorized` function. Calls to `_isApprovedOrOwner` that preceded a call to `_transfer`, `_burn` or `_approve` should be removed in favor of using the `auth` argument in `_update` and `_approve`. This is showcased in `ERC721Burnable.burn` and in `ERC721Wrapper.withdrawTo`. + +The `_exists` function was removed. Calls to this function can be replaced by `_ownerOf(tokenId) != address(0)`. + +#### More about ERC1155 + +Batch transfers will now emit `TransferSingle` if the batch consists of a single token, while in previous versions the `TransferBatch` event would be used for all transfers initiated through `safeBatchTransferFrom`. Both behaviors are compliant with the ERC-1155 specification. + +#### ERC165Storage + +Users that were registering EIP-165 interfaces with `_registerInterface` from `ERC165Storage` should instead do so by overriding the `supportsInterface` function as seen below: + +```solidity +function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId); +} +``` + +#### SafeMath + +Methods in SafeMath superseded by native overflow checks in Solidity 0.8.0 were removed along with operations providing an interface for revert strings. The remaining methods were moved to `utils/Math.sol`. + +```diff +- import "@openzeppelin/contracts/utils/math/SafeMath.sol"; ++ import "@openzeppelin/contracts/utils/math/Math.sol"; + + function tryOperations(uint256 x, uint256 y) external view { +- (bool overflowsAdd, uint256 resultAdd) = SafeMath.tryAdd(x, y); ++ (bool overflowsAdd, uint256 resultAdd) = Math.tryAdd(x, y); +- (bool overflowsSub, uint256 resultSub) = SafeMath.trySub(x, y); ++ (bool overflowsSub, uint256 resultSub) = Math.trySub(x, y); +- (bool overflowsMul, uint256 resultMul) = SafeMath.tryMul(x, y); ++ (bool overflowsMul, uint256 resultMul) = Math.tryMul(x, y); +- (bool overflowsDiv, uint256 resultDiv) = SafeMath.tryDiv(x, y); ++ (bool overflowsDiv, uint256 resultDiv) = Math.tryDiv(x, y); + // ... + } +``` + +#### Adapting Governor modules + +Custom Governor modules that override internal functions may require modifications if migrated to v5. In particular, the new internal functions `_queueOperations` and `_executeOperations` may need to be used. If assistance with this migration is needed reach out via the [OpenZeppelin Support Forum](https://forum.openzeppelin.com/c/support/contracts/18). + +#### ECDSA and MessageHashUtils + +The `ECDSA` library is now focused on signer recovery. Previously it also included utility methods for producing digests to be used with signing or recovery. These utilities have been moved to the `MessageHashUtils` library and should be imported if needed: + +```diff + import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; ++import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; + + contract Verifier { + using ECDSA for bytes32; ++ using MessageHashUtils for bytes32; + + function _verify(bytes32 data, bytes memory signature, address account) internal pure returns (bool) { + return data + .toEthSignedMessageHash() + .recover(signature) == account; + } + } +``` + +#### Interfaces and libraries in upgradeable contracts + +The upgradeable version of the contracts library used to include a variant suffixed with `Upgradeable` for every contract. These variants, which are produced automatically, mainly include changes for dealing with storage that don't apply to libraries and interfaces. + +The upgradeable library no longer includes upgradeable variants for libraries and interfaces. Projects migrating to 5.0 should replace their library and interface imports with their corresponding non-upgradeable version: + +```diff + // Libraries +-import {AddressUpgradeable} from '@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol'; ++import {Address} from '@openzeppelin/contracts/utils/Address.sol'; + + // Interfaces +-import {IERC20Upgradeable} from '@openzeppelin/contracts-upgradeable/interfaces/IERC20.sol'; ++import {IERC20} from '@openzeppelin/contracts/interfaces/IERC20.sol'; +``` + +#### Offchain Considerations + +Some changes may affect offchain systems if they rely on assumptions that are changed along with these new breaking changes. These cases are: + +##### Relying on revert strings for processing errors + +A concrete example is AccessControl, where it was previously advised to catch revert reasons using the following regex: + +``` +/^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/ +``` + +Instead, contracts now revert with custom errors. Systems that interact with smart contracts outside of the network should consider reliance on revert strings and possibly support the new custom errors. + +##### Relying on storage locations for retrieving data + +After 5.0, the storage location of some variables were changed. This is the case for `Initializable` and all the upgradeable contracts since they now use namespaced storaged locations. Any system relying on storage locations for retrieving data or detecting capabilities should be updated to support these new locations. + +## 4.9.6 (2024-02-29) + +- `Base64`: Fix issue where dirty memory located just after the input buffer is affecting the result. ([#4929](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4929)) + +## 4.9.5 (2023-12-08) + +- `Multicall`: Make aware of non-canonical context (i.e. `msg.sender` is not `_msgSender()`), allowing compatibility with `ERC2771Context`. Patch duplicated `Address.functionDelegateCall` in v4.9.4 (removed). + +## 4.9.3 (2023-07-28) + +- `ERC2771Context`: Return the forwarder address whenever the `msg.data` of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. `msg.data.length` is less than 20 bytes), as specified by ERC-2771. ([#4481](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481)) +- `ERC2771Context`: Prevent revert in `_msgData()` when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. `msg.data.length` is less than 20 bytes). Return the full calldata in that case. ([#4484](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484)) + +## 4.9.2 (2023-06-16) + +- `MerkleProof`: Fix a bug in `processMultiProof` and `processMultiProofCalldata` that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1. + +## 4.9.1 (2023-06-07) + +- `Governor`: Add a mechanism to restrict the address of the proposer using a suffix in the description. + +## 4.9.0 (2023-05-23) + +- `ReentrancyGuard`: Add a `_reentrancyGuardEntered` function to expose the guard status. ([#3714](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3714)) +- `ERC721Wrapper`: add a new extension of the `ERC721` token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. ([#3863](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3863)) +- `EnumerableMap`: add a `keys()` function that returns an array containing all the keys. ([#3920](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3920)) +- `Governor`: add a public `cancel(uint256)` function. ([#3983](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3983)) +- `Governor`: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. ([#3934](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3934)) +- `Strings`: add `equal` method. ([#3774](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3774)) +- `IERC5313`: Add an interface for EIP-5313 that is now final. ([#4013](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4013)) +- `IERC4906`: Add an interface for ERC-4906 that is now Final. ([#4012](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4012)) +- `StorageSlot`: Add support for `string` and `bytes`. ([#4008](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4008)) +- `Votes`, `ERC20Votes`, `ERC721Votes`: support timestamp checkpointing using EIP-6372. ([#3934](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3934)) +- `ERC4626`: Add mitigation to the inflation attack through virtual shares and assets. ([#3979](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3979)) +- `Strings`: add `toString` method for signed integers. ([#3773](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3773)) +- `ERC20Wrapper`: Make the `underlying` variable private and add a public accessor. ([#4029](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4029)) +- `EIP712`: add EIP-5267 support for better domain discovery. ([#3969](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3969)) +- `AccessControlDefaultAdminRules`: Add an extension of `AccessControl` with additional security rules for the `DEFAULT_ADMIN_ROLE`. ([#4009](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4009)) +- `SignatureChecker`: Add `isValidERC1271SignatureNow` for checking a signature directly against a smart contract using ERC-1271. ([#3932](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3932)) +- `SafeERC20`: Add a `forceApprove` function to improve compatibility with tokens behaving like USDT. ([#4067](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4067)) +- `ERC1967Upgrade`: removed contract-wide `oz-upgrades-unsafe-allow delegatecall` annotation, replaced by granular annotation in `UUPSUpgradeable`. ([#3971](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3971)) +- `ERC20Wrapper`: self wrapping and deposit by the wrapper itself are now explicitly forbidden. ([#4100](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4100)) +- `ECDSA`: optimize bytes32 computation by using assembly instead of `abi.encodePacked`. ([#3853](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3853)) +- `ERC721URIStorage`: Emit ERC-4906 `MetadataUpdate` in `_setTokenURI`. ([#4012](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4012)) +- `ShortStrings`: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. ([#4023](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4023)) +- `SignatureChecker`: Allow return data length greater than 32 from EIP-1271 signers. ([#4038](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4038)) +- `UUPSUpgradeable`: added granular `oz-upgrades-unsafe-allow-reachable` annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with `@openzeppelin/upgrades-core@1.21.0`). ([#3971](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3971)) +- `Initializable`: optimize `_disableInitializers` by using `!=` instead of `<`. ([#3787](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3787)) +- `Ownable2Step`: make `acceptOwnership` public virtual to enable usecases that require overriding it. ([#3960](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3960)) +- `UUPSUpgradeable.sol`: Change visibility to the functions `upgradeTo ` and `upgradeToAndCall ` from `external` to `public`. ([#3959](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3959)) +- `TimelockController`: Add the `CallSalt` event to emit on operation schedule. ([#4001](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4001)) +- Reformatted codebase with latest version of Prettier Solidity. ([#3898](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3898)) +- `Math`: optimize `log256` rounding check. ([#3745](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3745)) +- `ERC20Votes`: optimize by using unchecked arithmetic. ([#3748](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3748)) +- `Multicall`: annotate `multicall` function as upgrade safe to not raise a flag for its delegatecall. ([#3961](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3961)) +- `ERC20Pausable`, `ERC721Pausable`, `ERC1155Pausable`: Add note regarding missing public pausing functionality ([#4007](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4007)) +- `ECDSA`: Add a function `toDataWithIntendedValidatorHash` that encodes data with version 0x00 following EIP-191. ([#4063](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4063)) +- `MerkleProof`: optimize by using unchecked arithmetic. ([#3745](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3745)) + +### Breaking changes + +- `EIP712`: Addition of ERC5267 support requires support for user defined value types, which was released in Solidity version 0.8.8. This requires a pragma change from `^0.8.0` to `^0.8.8`. +- `EIP712`: Optimization of the cache for the upgradeable version affects the way `name` and `version` are set. This is no longer done through an initializer, and is instead part of the implementation's constructor. As a consequence, all proxies using the same implementation will necessarily share the same `name` and `version`. Additionally, an implementation upgrade risks changing the EIP712 domain unless the same `name` and `version` are used when deploying the new implementation contract. + +### Deprecations + +- `ERC20Permit`: Added the file `IERC20Permit.sol` and `ERC20Permit.sol` and deprecated `draft-IERC20Permit.sol` and `draft-ERC20Permit.sol` since [EIP-2612](https://eips.ethereum.org/EIPS/eip-2612) is no longer a Draft. Developers are encouraged to update their imports. ([#3793](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3793)) +- `Timers`: The `Timers` library is now deprecated and will be removed in the next major release. ([#4062](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4062)) +- `ERC777`: The `ERC777` token standard is no longer supported by OpenZeppelin. Our implementation is now deprecated and will be removed in the next major release. The corresponding standard interfaces remain available. ([#4066](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4066)) +- `ERC1820Implementer`: The `ERC1820` pseudo-introspection mechanism is no longer supported by OpenZeppelin. Our implementation is now deprecated and will be removed in the next major release. The corresponding standard interfaces remain available. ([#4066](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4066)) + +## 4.8.3 (2023-04-13) + +- `GovernorCompatibilityBravo`: Fix encoding of proposal data when signatures are missing. +- `TransparentUpgradeableProxy`: Fix transparency in case of selector clash with non-decodable calldata or payable mutability. ([#4154](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4154)) + +## 4.8.2 (2023-03-02) + +- `ERC721Consecutive`: Fixed a bug when `_mintConsecutive` is used for batches of size 1 that could lead to balance overflow. Refer to the breaking changes section in the changelog for a note on the behavior of `ERC721._beforeTokenTransfer`. + +### Breaking changes + +- `ERC721`: The internal function `_beforeTokenTransfer` no longer updates balances, which it previously did when `batchSize` was greater than 1. This change has no consequence unless a custom ERC721 extension is explicitly invoking `_beforeTokenTransfer`. Balance updates in extensions must now be done explicitly using `__unsafe_increaseBalance`, with a name that indicates that there is an invariant that has to be manually verified. + +## 4.8.1 (2023-01-12) + +- `ERC4626`: Use staticcall instead of call when fetching underlying ERC-20 decimals. ([#3943](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3943)) + +## 4.8.0 (2022-11-08) + +- `TimelockController`: Added a new `admin` constructor parameter that is assigned the admin role instead of the deployer account. ([#3722](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3722)) +- `Initializable`: add internal functions `_getInitializedVersion` and `_isInitializing` ([#3598](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3598)) +- `ERC165Checker`: add `supportsERC165InterfaceUnchecked` for consulting individual interfaces without the full ERC165 protocol. ([#3339](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3339)) +- `Address`: optimize `functionCall` by calling `functionCallWithValue` directly. ([#3468](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3468)) +- `Address`: optimize `functionCall` functions by checking contract size only if there is no returned data. ([#3469](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3469)) +- `Governor`: make the `relay` function payable, and add support for EOA payments. ([#3730](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3730)) +- `GovernorCompatibilityBravo`: remove unused `using` statements. ([#3506](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3506)) +- `ERC20`: optimize `_transfer`, `_mint` and `_burn` by using `unchecked` arithmetic when possible. ([#3513](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3513)) +- `ERC20Votes`, `ERC721Votes`: optimize `getPastVotes` for looking up recent checkpoints. ([#3673](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3673)) +- `ERC20FlashMint`: add an internal `_flashFee` function for overriding. ([#3551](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3551)) +- `ERC4626`: use the same `decimals()` as the underlying asset by default (if available). ([#3639](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3639)) +- `ERC4626`: add internal `_initialConvertToShares` and `_initialConvertToAssets` functions to customize empty vaults behavior. ([#3639](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3639)) +- `ERC721`: optimize transfers by making approval clearing implicit instead of emitting an event. ([#3481](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3481)) +- `ERC721`: optimize burn by making approval clearing implicit instead of emitting an event. ([#3538](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3538)) +- `ERC721`: Fix balance accounting when a custom `_beforeTokenTransfer` hook results in a transfer of the token under consideration. ([#3611](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3611)) +- `ERC721`: use unchecked arithmetic for balance updates. ([#3524](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3524)) +- `ERC721Consecutive`: Implementation of EIP-2309 that allows batch minting of ERC721 tokens during construction. ([#3311](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3311)) +- `ReentrancyGuard`: Reduce code size impact of the modifier by using internal functions. ([#3515](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3515)) +- `SafeCast`: optimize downcasting of signed integers. ([#3565](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3565)) +- `ECDSA`: Remove redundant check on the `v` value. ([#3591](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3591)) +- `VestingWallet`: add `releasable` getters. ([#3580](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3580)) +- `VestingWallet`: remove unused library `Math.sol`. ([#3605](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3605)) +- `VestingWallet`: make constructor payable. ([#3665](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3665)) +- `Create2`: optimize address computation by using assembly instead of `abi.encodePacked`. ([#3600](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3600)) +- `Clones`: optimized the assembly to use only the scratch space during deployments, and optimized `predictDeterministicAddress` to use fewer operations. ([#3640](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3640)) +- `Checkpoints`: Use procedural generation to support multiple key/value lengths. ([#3589](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3589)) +- `Checkpoints`: Add new lookup mechanisms. ([#3589](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3589)) +- `Arrays`: Add `unsafeAccess` functions that allow reading and writing to an element in a storage array bypassing Solidity's "out-of-bounds" check. ([#3589](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3589)) +- `Strings`: optimize `toString`. ([#3573](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3573)) +- `Ownable2Step`: extension of `Ownable` that makes the ownership transfers a two step process. ([#3620](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3620)) +- `Math` and `SignedMath`: optimize function `max` by using `>` instead of `>=`. ([#3679](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3679)) +- `Math`: Add `log2`, `log10` and `log256`. ([#3670](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3670)) +- Arbitrum: Update the vendored arbitrum contracts to match the nitro upgrade. ([#3692](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3692)) + +### Breaking changes + +- `ERC721`: In order to add support for batch minting via `ERC721Consecutive` it was necessary to make a minor breaking change in the internal interface of `ERC721`. Namely, the hooks `_beforeTokenTransfer` and `_afterTokenTransfer` have one additional argument that may need to be added to overrides: + +```diff + function _beforeTokenTransfer( + address from, + address to, + uint256 tokenId, ++ uint256 batchSize + ) internal virtual override +``` + +- `ERC4626`: Conversion from shares to assets (and vice-versa) in an empty vault used to consider the possible mismatch between the underlying asset's and the vault's decimals. This initial conversion rate is now set to 1-to-1 irrespective of decimals, which are meant for usability purposes only. The vault now uses the assets decimals by default, so off-chain the numbers should appear the same. Developers overriding the vault decimals to a value that does not match the underlying asset may want to override the `_initialConvertToShares` and `_initialConvertToAssets` to replicate the previous behavior. + +- `TimelockController`: During deployment, the TimelockController used to grant the `TIMELOCK_ADMIN_ROLE` to the deployer and to the timelock itself. The deployer was then expected to renounce this role once configuration of the timelock is over. Failing to renounce that role allows the deployer to change the timelock permissions (but not to bypass the delay for any time-locked actions). The role is no longer given to the deployer by default. A new parameter `admin` can be set to a non-zero address to grant the admin role during construction (to the deployer or any other address). Just like previously, this admin role should be renounced after configuration. If this param is given `address(0)`, the role is not allocated and doesn't need to be revoked. In any case, the timelock itself continues to have this role. + +### Deprecations + +- `EIP712`: Added the file `EIP712.sol` and deprecated `draft-EIP712.sol` since the EIP is no longer a Draft. Developers are encouraged to update their imports. ([#3621](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3621)) + +```diff +-import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol"; ++import "@openzeppelin/contracts/utils/cryptography/EIP712.sol"; +``` + +- `ERC721Votes`: Added the file `ERC721Votes.sol` and deprecated `draft-ERC721Votes.sol` since it no longer depends on a Draft EIP (EIP-712). Developers are encouraged to update their imports. ([#3699](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3699)) + +```diff +-import "@openzeppelin/contracts/token/ERC721/extensions/draft-ERC721Votes.sol"; ++import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Votes.sol"; +``` + +### ERC-721 Compatibility Note + +ERC-721 integrators that interpret contract state from events should make sure that they implement the clearing of approval that is implicit in every transfer according to the EIP. Previous versions of OpenZeppelin Contracts emitted an explicit `Approval` event even though it was not required by the specification, and this is no longer the case. + +With the new `ERC721Consecutive` extension, the internal workings of `ERC721` are slightly changed. Custom extensions to ERC721 should be reviewed to ensure they remain correct. The internal functions that should be considered are `_ownerOf` (new), `_beforeTokenTransfer`, and `_afterTokenTransfer`. + +### ERC-4626 Upgrade Note + +Existing `ERC4626` contracts that are upgraded to 4.8 must initialize a new variable that holds the vault token decimals. The recommended way to do this is to use a [reinitializer]: + +[reinitializer]: https://docs.openzeppelin.com/contracts/4.x/api/proxy#Initializable-reinitializer-uint8- + +```solidity +function migrateToV48() public reinitializer(2) { + __ERC4626_init(IERC20Upgradeable(asset())); +} +``` + +## 4.7.3 (2022-08-10) + +### Breaking changes + +- `ECDSA`: `recover(bytes32,bytes)` and `tryRecover(bytes32,bytes)` no longer accept compact signatures to prevent malleability. Compact signature support remains available using `recover(bytes32,bytes32,bytes32)` and `tryRecover(bytes32,bytes32,bytes32)`. + +## 4.7.2 (2022-07-25) + +- `LibArbitrumL2`, `CrossChainEnabledArbitrumL2`: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. ([#3578](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578)) +- `GovernorVotesQuorumFraction`: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. ([#3561](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561)) +- `ERC165Checker`: Added protection against large returndata. ([#3587](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587)) + +## 4.7.1 (2022-07-18) + +- `SignatureChecker`: Fix an issue that causes `isValidSignatureNow` to revert when the target contract returns ill-encoded data. ([#3552](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552)) +- `ERC165Checker`: Fix an issue that causes `supportsInterface` to revert when the target contract returns ill-encoded data. ([#3552](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552)) + +## 4.7.0 (2022-06-29) + +- `TimelockController`: Migrate `_call` to `_execute` and allow inheritance and overriding similar to `Governor`. ([#3317](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3317)) +- `CrossChainEnabledPolygonChild`: replace the `require` statement with the custom error `NotCrossChainCall`. ([#3380](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3380)) +- `ERC20FlashMint`: Add customizable flash fee receiver. ([#3327](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3327)) +- `ERC4626`: add an extension of `ERC20` that implements the ERC4626 Tokenized Vault Standard. ([#3171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3171)) +- `SafeERC20`: add `safePermit` as mitigation against phantom permit functions. ([#3280](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3280)) +- `Math`: add a `mulDiv` function that can round the result either up or down. ([#3171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3171)) +- `Math`: Add a `sqrt` function to compute square roots of integers, rounding either up or down. ([#3242](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3242)) +- `Strings`: add a new overloaded function `toHexString` that converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. ([#3403](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3403)) +- `EnumerableMap`: add new `UintToUintMap` map type. ([#3338](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3338)) +- `EnumerableMap`: add new `Bytes32ToUintMap` map type. ([#3416](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3416)) +- `SafeCast`: add support for many more types, using procedural code generation. ([#3245](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3245)) +- `MerkleProof`: add `multiProofVerify` to prove multiple values are part of a Merkle tree. ([#3276](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3276)) +- `MerkleProof`: add calldata versions of the functions to avoid copying input arrays to memory and save gas. ([#3200](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3200)) +- `ERC721`, `ERC1155`: simplified revert reasons. ([#3254](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3254), ([#3438](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3438))) +- `ERC721`: removed redundant require statement. ([#3434](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3434)) +- `PaymentSplitter`: add `releasable` getters. ([#3350](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3350)) +- `Initializable`: refactored implementation of modifiers for easier understanding. ([#3450](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3450)) +- `Proxies`: remove runtime check of ERC1967 storage slots. ([#3455](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3455)) + +### Breaking changes + +- `Initializable`: functions decorated with the modifier `reinitializer(1)` may no longer invoke each other. + +## 4.6.0 (2022-04-26) + +- `crosschain`: Add a new set of contracts for cross-chain applications. `CrossChainEnabled` is a base contract with instantiations for several chains and bridges, and `AccessControlCrossChain` is an extension of access control that allows cross-chain operation. ([#3183](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3183)) +- `AccessControl`: add a virtual `_checkRole(bytes32)` function that can be overridden to alter the `onlyRole` modifier behavior. ([#3137](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3137)) +- `EnumerableMap`: add new `AddressToUintMap` map type. ([#3150](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3150)) +- `EnumerableMap`: add new `Bytes32ToBytes32Map` map type. ([#3192](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3192)) +- `ERC20FlashMint`: support infinite allowance when paying back a flash loan. ([#3226](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3226)) +- `ERC20Wrapper`: the `decimals()` function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. ([#3259](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3259)) +- `draft-ERC20Permit`: replace `immutable` with `constant` for `_PERMIT_TYPEHASH` since the `keccak256` of string literals is treated specially and the hash is evaluated at compile time. ([#3196](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3196)) +- `ERC1155`: Add a `_afterTokenTransfer` hook for improved extensibility. ([#3166](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3166)) +- `ERC1155URIStorage`: add a new extension that implements a `_setURI` behavior similar to ERC721's `_setTokenURI`. ([#3210](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3210)) +- `DoubleEndedQueue`: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. ([#3153](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3153)) +- `Governor`: improved security of `onlyGovernance` modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. ([#3147](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3147)) +- `Governor`: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The `params` argument added to `_countVote` method, and included in the newly added `_getVotes` method, can be used by counting and voting modules respectively for such purposes. ([#3043](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) +- `Governor`: rewording of revert reason for consistency. ([#3275](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3275)) +- `Governor`: fix an inconsistency in data locations that could lead to invalid bytecode being produced. ([#3295](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3295)) +- `Governor`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by governors. ([#3230](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3230)) +- `TimelockController`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by timelocks. ([#3230](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3230)) +- `TimelockController`: Add a separate canceller role for the ability to cancel. ([#3165](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3165)) +- `Initializable`: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. ([#3232](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3232)) +- `Initializable`: add an Initialized event that tracks initialized version numbers. ([#3294](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3294)) +- `ERC2981`: make `royaltyInfo` public to allow super call in overrides. ([#3305](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3305)) + +### Upgradeability notice + +- `TimelockController`: **(Action needed)** The upgrade from <4.6 to >=4.6 introduces a new `CANCELLER_ROLE` that requires set up to be assignable. After the upgrade, only addresses with this role will have the ability to cancel. Proposers will no longer be able to cancel. Assigning cancellers can be done by an admin (including the timelock itself) once the role admin is set up. To do this, we recommend upgrading to the `TimelockControllerWith46MigrationUpgradeable` contract and then calling the `migrateTo46` function. + +### Breaking changes + +- `Governor`: Adds internal virtual `_getVotes` method that must be implemented; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing voting module extension, rename `getVotes` to `_getVotes` and add a `bytes memory` argument. ([#3043](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) +- `Governor`: Adds `params` parameter to internal virtual `_countVote` method; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing counting module extension, add a `bytes memory` argument to `_countVote`. ([#3043](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) +- `Governor`: Does not emit `VoteCast` event when params data is non-empty; instead emits `VoteCastWithParams` event. To fix this on an integration that consumes the `VoteCast` event, also fetch/monitor `VoteCastWithParams` events. ([#3043](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) +- `Votes`: The internal virtual function `_getVotingUnits` was made `view` (which was accidentally missing). Any overrides should now be updated so they are `view` as well. + +## 4.5.0 (2022-02-09) + +- `ERC2981`: add implementation of the royalty standard, and the respective extensions for `ERC721` and `ERC1155`. ([#3012](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3012)) +- `GovernorTimelockControl`: improve the `state()` function to have it reflect cases where a proposal has been canceled directly on the timelock. ([#2977](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2977)) +- Preset contracts are now deprecated in favor of [Contracts Wizard](https://wizard.openzeppelin.com). ([#2986](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2986)) +- `Governor`: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). ([#2926](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2926)) +- `GovernorPreventLateQuorum`: add new module to ensure a minimum voting duration is available after the quorum is reached. ([#2973](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2973)) +- `ERC721`: improved revert reason when transferring from wrong owner. ([#2975](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2975)) +- `Votes`: Added a base contract for vote tracking with delegation. ([#2944](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2944)) +- `ERC721Votes`: Added an extension of ERC721 enabled with vote tracking and delegation. ([#2944](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2944)) +- `ERC2771Context`: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. ([#2917](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2917)) +- `Base64`: add a library to parse bytes into base64 strings using `encode(bytes memory)` function, and provide examples to show how to use to build URL-safe `tokenURIs`. ([#2884](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2884)) +- `ERC20`: reduce allowance before triggering transfer. ([#3056](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3056)) +- `ERC20`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3085)) +- `ERC20`: add a `_spendAllowance` internal function. ([#3170](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) +- `ERC20Burnable`: do not update allowance on `burnFrom` when allowance is `type(uint256).max`. ([#3170](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) +- `ERC777`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3085)) +- `ERC777`: add a `_spendAllowance` internal function. ([#3170](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) +- `SignedMath`: a new signed version of the Math library with `max`, `min`, and `average`. ([#2686](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2686)) +- `SignedMath`: add an `abs(int256)` method that returns the unsigned absolute value of a signed value. ([#2984](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2984)) +- `ERC1967Upgrade`: Refactor the secure upgrade to use `ERC1822` instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. ([#3021](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3021)) +- `UUPSUpgradeable`: Add `ERC1822` compliance to support the updated secure upgrade mechanism. ([#3021](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3021)) +- Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior. + +### Breaking changes + +- `ERC1967Upgrade`: The function `_upgradeToAndCallSecure` was renamed to `_upgradeToAndCallUUPS`, along with the change in security mechanism described above. +- `Address`: The Solidity pragma is increased from `^0.8.0` to `^0.8.1`. This is required by the `account.code.length` syntax that replaces inline assembly. This may require users to bump their compiler version from `0.8.0` to `0.8.1` or later. Note that other parts of the code already include stricter requirements. + +## 4.4.2 (2022-01-11) + +### Bugfixes + +- `GovernorCompatibilityBravo`: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. ([#3100](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3100)) + +## 4.4.1 (2021-12-14) + +- `Initializable`: change the existing `initializer` modifier and add a new `onlyInitializing` modifier to prevent reentrancy risk. ([#3006](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3006)) + +### Breaking change + +It is no longer possible to call an `initializer`-protected function from within another `initializer` function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new `onlyInitializing` modifier in the following way: + +```diff + contract A { +- function initialize() public initializer { ... } ++ function initialize() internal onlyInitializing { ... } + } + contract B is A { + function initialize() public initializer { + A.initialize(); + } + } +``` + +## 4.4.0 (2021-11-25) + +- `Ownable`: add an internal `_transferOwnership(address)`. ([#2568](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) +- `AccessControl`: add internal `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2568](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) +- `AccessControl`: mark `_setupRole(bytes32,address)` as deprecated in favor of `_grantRole(bytes32,address)`. ([#2568](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) +- `AccessControlEnumerable`: hook into `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2946](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2946)) +- `EIP712`: cache `address(this)` to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. ([#2852](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2852)) +- Add internal `_setApprovalForAll` to `ERC721` and `ERC1155`. ([#2834](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2834)) +- `Governor`: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. ([#2892](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2892)) +- `GovernorCompatibilityBravo`: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. ([#2974](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2974)) +- `GovernorSettings`: a new governor module that manages voting settings updatable through governance actions. ([#2904](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2904)) +- `PaymentSplitter`: now supports ERC20 assets in addition to Ether. ([#2858](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2858)) +- `ECDSA`: add a variant of `toEthSignedMessageHash` for arbitrary length message hashing. ([#2865](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2865)) +- `MerkleProof`: add a `processProof` function that returns the rebuilt root hash given a leaf and a proof. ([#2841](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2841)) +- `VestingWallet`: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. ([#2748](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2748)) +- `Governor`: enable receiving Ether when a Timelock contract is not used. ([#2849](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2849)) +- `GovernorTimelockCompound`: fix ability to use Ether stored in the Timelock contract. ([#2849](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2849)) + +## 4.3.3 (2021-11-08) + +- `ERC1155Supply`: Handle `totalSupply` changes by hooking into `_beforeTokenTransfer` to ensure consistency of balances and supply during `IERC1155Receiver.onERC1155Received` calls. + +## 4.3.2 (2021-09-14) + +- `UUPSUpgradeable`: Add modifiers to prevent `upgradeTo` and `upgradeToAndCall` being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular. + +## 4.3.1 (2021-08-26) + +- `TimelockController`: Add additional isOperationReady check. + +## 4.3.0 (2021-08-17) + +- `ERC2771Context`: use private variable from storage to store the forwarder address. Fixes issues where `_msgSender()` was not callable from constructors. ([#2754](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2754)) +- `EnumerableSet`: add `values()` functions that returns an array containing all values in a single call. ([#2768](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2768)) +- `Governor`: added a modular system of `Governor` contracts based on `GovernorAlpha` and `GovernorBravo`. ([#2672](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2672)) +- Add an `interfaces` folder containing solidity interfaces to final ERCs. ([#2517](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2517)) +- `ECDSA`: add `tryRecover` functions that will not throw if the signature is invalid, and will return an error flag instead. ([#2661](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2661)) +- `SignatureChecker`: Reduce gas usage of the `isValidSignatureNow` function for the "signature by EOA" case. ([#2661](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2661)) + +## 4.2.0 (2021-06-30) + +- `ERC20Votes`: add a new extension of the `ERC20` token with support for voting snapshots and delegation. ([#2632](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2632)) +- `ERC20VotesComp`: Variant of `ERC20Votes` that is compatible with Compound's `Comp` token interface but restricts supply to `uint96`. ([#2706](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2706)) +- `ERC20Wrapper`: add a new extension of the `ERC20` token which wraps an underlying token. Deposit and withdraw guarantee that the total supply is backed by a corresponding amount of underlying token. ([#2633](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2633)) +- Enumerables: Improve gas cost of removal in `EnumerableSet` and `EnumerableMap`. +- Enumerables: Improve gas cost of lookup in `EnumerableSet` and `EnumerableMap`. +- `Counter`: add a reset method. ([#2678](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2678)) +- Tokens: Wrap definitely safe subtractions in `unchecked` blocks. +- `Math`: Add a `ceilDiv` method for performing ceiling division. +- `ERC1155Supply`: add a new `ERC1155` extension that keeps track of the totalSupply of each tokenId. ([#2593](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2593)) +- `BitMaps`: add a new `BitMaps` library that provides a storage efficient datastructure for `uint256` to `bool` mapping with contiguous keys. ([#2710](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2710)) + +### Breaking Changes + +- `ERC20FlashMint` is no longer a Draft ERC. ([#2673](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2673))) + +**How to update:** Change your import paths by removing the `draft-` prefix from `@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20FlashMint.sol`. + +> See [Releases and Stability: Drafts](https://docs.openzeppelin.com/contracts/4.x/releases-stability#drafts). + +## 4.1.0 (2021-04-29) + +- `IERC20Metadata`: add a new extended interface that includes the optional `name()`, `symbol()` and `decimals()` functions. ([#2561](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2561)) +- `ERC777`: make reception acquirement optional in `_mint`. ([#2552](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2552)) +- `ERC20Permit`: add a `_useNonce` to enable further usage of ERC712 signatures. ([#2565](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2565)) +- `ERC20FlashMint`: add an implementation of the ERC3156 extension for flash-minting ERC20 tokens. ([#2543](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2543)) +- `SignatureChecker`: add a signature verification library that supports both EOA and ERC1271 compliant contracts as signers. ([#2532](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2532)) +- `Multicall`: add abstract contract with `multicall(bytes[] calldata data)` function to bundle multiple calls together ([#2608](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2608)) +- `ECDSA`: add support for ERC2098 short-signatures. ([#2582](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2582)) +- `AccessControl`: add an `onlyRole` modifier to restrict specific function to callers bearing a specific role. ([#2609](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2609)) +- `StorageSlot`: add a library for reading and writing primitive types to specific storage slots. ([#2542](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2542)) +- UUPS Proxies: add `UUPSUpgradeable` to implement the UUPS proxy pattern together with `EIP1967Proxy`. ([#2542](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2542)) + +### Breaking changes + +This release includes two small breaking changes in `TimelockController`. + +1. The `onlyRole` modifier in this contract was designed to let anyone through if the role was granted to `address(0)`, + allowing the possibility to make a role "open", which can be used for `EXECUTOR_ROLE`. This modifier is now + replaced by `AccessControl.onlyRole`, which does not have this ability. The previous behavior was moved to the + modifier `TimelockController.onlyRoleOrOpenRole`. +2. It was possible to make `PROPOSER_ROLE` an open role (as described in the previous item) if it was granted to + `address(0)`. This would affect the `schedule`, `scheduleBatch`, and `cancel` operations in `TimelockController`. + This ability was removed as it does not make sense to open up the `PROPOSER_ROLE` in the same way that it does for + `EXECUTOR_ROLE`. + +## 4.0.0 (2021-03-23) + +- Now targeting the 0.8.x line of Solidity compilers. For 0.6.x (resp 0.7.x) support, use version 3.4.0 (resp 3.4.0-solc-0.7) of OpenZeppelin. +- `Context`: making `_msgData` return `bytes calldata` instead of `bytes memory` ([#2492](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2492)) +- `ERC20`: removed the `_setDecimals` function and the storage slot associated to decimals. ([#2502](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2502)) +- `Strings`: addition of a `toHexString` function. ([#2504](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2504)) +- `EnumerableMap`: change implementation to optimize for `key β†’ value` lookups instead of enumeration. ([#2518](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2518)) +- `GSN`: deprecate GSNv1 support in favor of upcoming support for GSNv2. ([#2521](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2521)) +- `ERC165`: remove uses of storage in the base ERC165 implementation. ERC165 based contracts now use storage-less virtual functions. Old behavior remains available in the `ERC165Storage` extension. ([#2505](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2505)) +- `Initializable`: make initializer check stricter during construction. ([#2531](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2531)) +- `ERC721`: remove enumerability of tokens from the base implementation. This feature is now provided separately through the `ERC721Enumerable` extension. ([#2511](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2511)) +- `AccessControl`: removed enumerability by default for a more lightweight contract. It is now opt-in through `AccessControlEnumerable`. ([#2512](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2512)) +- Meta Transactions: add `ERC2771Context` and a `MinimalForwarder` for meta-transactions. ([#2508](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2508)) +- Overall reorganization of the contract folder to improve clarity and discoverability. ([#2503](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2503)) +- `ERC20Capped`: optimize gas usage by enforcing the check directly in `_mint`. ([#2524](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2524)) +- Rename `UpgradeableProxy` to `ERC1967Proxy`. ([#2547](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2547)) +- `ERC777`: optimize the gas costs of the constructor. ([#2551](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2551)) +- `ERC721URIStorage`: add a new extension that implements the `_setTokenURI` behavior as it was available in 3.4.0. ([#2555](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2555)) +- `AccessControl`: added ERC165 interface detection. ([#2562](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2562)) +- `ERC1155`: make `uri` public so overloading function can call it using super. ([#2576](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2576)) + +### Bug fixes for beta releases + +- `AccessControlEnumerable`: Fixed `renounceRole` not updating enumerable set of addresses for a role. ([#2572](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2572)) + +### How to upgrade from 3.x + +Since this version has moved a few contracts to different directories, users upgrading from a previous version will need to adjust their import statements. To make this easier, the package includes a script that will migrate import statements automatically. After upgrading to the latest version of the package, run: + +``` +npx openzeppelin-contracts-migrate-imports +``` + +Make sure you're using git or another version control system to be able to recover from any potential error in our script. + +### How to upgrade from 4.0-beta.x + +Some further changes have been done between the different beta iterations. Transitions made during this period are configured in the `migrate-imports` script. Consequently, you can upgrade from any previous 4.0-beta.x version using the same script as described in the _How to upgrade from 3.x_ section. + +## 3.4.2 (2021-07-24) + +- `TimelockController`: Add additional isOperationReady check. + +## 3.4.1 (2021-03-03) + +- `ERC721`: made `_approve` an internal function (was private). + +## 3.4.0 (2021-02-02) + +- `BeaconProxy`: added new kind of proxy that allows simultaneous atomic upgrades. ([#2411](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2411)) +- `EIP712`: added helpers to verify EIP712 typed data signatures on chain. ([#2418](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2418)) +- `ERC20Permit`: added an implementation of the ERC20 permit extension for gasless token approvals. ([#2237](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2237)) +- Presets: added token presets with preminted fixed supply `ERC20PresetFixedSupply` and `ERC777PresetFixedSupply`. ([#2399](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2399)) +- `Address`: added `functionDelegateCall`, similar to the existing `functionCall`. ([#2333](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2333)) +- `Clones`: added a library for deploying EIP 1167 minimal proxies. ([#2449](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2449)) +- `Context`: moved from `contracts/GSN` to `contracts/utils`. ([#2453](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2453)) +- `PaymentSplitter`: replace usage of `.transfer()` with `Address.sendValue` for improved compatibility with smart wallets. ([#2455](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2455)) +- `UpgradeableProxy`: bubble revert reasons from initialization calls. ([#2454](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2454)) +- `SafeMath`: fix a memory allocation issue by adding new `SafeMath.tryOp(uint,uint)β†’(bool,uint)` functions. `SafeMath.op(uint,uint,string)β†’uint` are now deprecated. ([#2462](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2462)) +- `EnumerableMap`: fix a memory allocation issue by adding new `EnumerableMap.tryGet(uint)β†’(bool,address)` functions. `EnumerableMap.get(uint)β†’string` is now deprecated. ([#2462](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2462)) +- `ERC165Checker`: added batch `getSupportedInterfaces`. ([#2469](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2469)) +- `RefundEscrow`: `beneficiaryWithdraw` will forward all available gas to the beneficiary. ([#2480](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2480)) +- Many view and pure functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior. + +### Security Fixes + +- `ERC777`: fix potential reentrancy issues for custom extensions to `ERC777`. ([#2483](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2483)) + +If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom `_beforeTokenTransfer` function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. [Read more in the pull request.](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2483) + +## 3.3.0 (2020-11-26) + +- Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the `solc-0.7` tag to compile without warnings. +- `Address`: added `functionStaticCall`, similar to the existing `functionCall`. ([#2333](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2333)) +- `TimelockController`: added a contract to augment access control schemes with a delay. ([#2354](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2354)) +- `EnumerableSet`: added `Bytes32Set`, for sets of `bytes32`. ([#2395](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2395)) + +## 3.2.2-solc-0.7 (2020-10-28) + +- Resolve warnings introduced by Solidity 0.7.4. ([#2396](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2396)) + +## 3.2.1-solc-0.7 (2020-09-15) + +- `ERC777`: Remove a warning about function state visibility in Solidity 0.7. ([#2327](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2327)) + +## 3.2.0 (2020-09-10) + +### New features + +- Proxies: added the proxy contracts from OpenZeppelin SDK. ([#2335](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2335)) + +#### Proxy changes with respect to OpenZeppelin SDK + +Aside from upgrading them from Solidity 0.5 to 0.6, we've changed a few minor things from the proxy contracts as they were found in OpenZeppelin SDK. + +- `UpgradeabilityProxy` was renamed to `UpgradeableProxy`. +- `AdminUpgradeabilityProxy` was renamed to `TransparentUpgradeableProxy`. +- `Proxy._willFallback` was renamed to `Proxy._beforeFallback`. +- `UpgradeabilityProxy._setImplementation` and `AdminUpgradeabilityProxy._setAdmin` were made private. + +### Improvements + +- `Address.isContract`: switched from `extcodehash` to `extcodesize` for less gas usage. ([#2311](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2311)) + +### Breaking changes + +- `ERC20Snapshot`: switched to using `_beforeTokenTransfer` hook instead of overriding ERC20 operations. ([#2312](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2312)) + +This small change in the way we implemented `ERC20Snapshot` may affect users who are combining this contract with +other ERC20 flavors, since it no longer overrides `_transfer`, `_mint`, and `_burn`. This can result in having to remove Solidity `override(...)` specifiers in derived contracts for these functions, and to instead have to add it for `_beforeTokenTransfer`. See [Using Hooks](https://docs.openzeppelin.com/contracts/3.x/extending-contracts#using-hooks) in the documentation. + +## 3.1.0 (2020-06-23) + +### New features + +- `SafeCast`: added functions to downcast signed integers (e.g. `toInt32`), improving usability of `SignedSafeMath`. ([#2243](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2243)) +- `functionCall`: new helpers that replicate Solidity's function call semantics, reducing the need to rely on `call`. ([#2264](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2264)) +- `ERC1155`: added support for a base implementation, non-standard extensions and a preset contract. ([#2014](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2014), [#2230](https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2230)) + +### Improvements + +- `ReentrancyGuard`: reduced overhead of using the `nonReentrant` modifier. ([#2171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2171)) +- `AccessControl`: added a `RoleAdminChanged` event to `_setAdminRole`. ([#2214](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2214)) +- Made all `public` functions in the token preset contracts `virtual`. ([#2257](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2257)) + +### Deprecations + +- `SafeERC20`: deprecated `safeApprove`. ([#2268](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2268)) + +## 3.0.2 (2020-06-08) + +### Improvements + +- Added SPX license identifier to all contracts. ([#2235](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2235)) + +## 3.0.1 (2020-04-27) + +### Bugfixes + +- `ERC777`: fixed the `_approve` internal function not validating some of their arguments for non-zero addresses. ([#2213](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2213)) + +## 3.0.0 (2020-04-20) + +### New features + +- `AccessControl`: new contract for managing permissions in a system, replacement for `Ownable` and `Roles`. ([#2112](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2112)) +- `SafeCast`: new functions to convert to and from signed and unsigned values: `toUint256` and `toInt256`. ([#2123](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2123)) +- `EnumerableMap`: a new data structure for key-value pairs (like `mapping`) that can be iterated over. ([#2160](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2160)) + +### Breaking changes + +- `ERC721`: `burn(owner, tokenId)` was removed, use `burn(tokenId)` instead. ([#2125](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2125)) +- `ERC721`: `_checkOnERC721Received` was removed. ([#2125](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2125)) +- `ERC721`: `_transferFrom` and `_safeTransferFrom` were renamed to `_transfer` and `_safeTransfer`. ([#2162](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2162)) +- `Ownable`: removed `_transferOwnership`. ([#2162](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2162)) +- `PullPayment`, `Escrow`: `withdrawWithGas` was removed. The old `withdraw` function now forwards all gas. ([#2125](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2125)) +- `Roles` was removed, use `AccessControl` as a replacement. ([#2112](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2112)) +- `ECDSA`: when receiving an invalid signature, `recover` now reverts instead of returning the zero address. ([#2114](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2114)) +- `Create2`: added an `amount` argument to `deploy` for contracts with `payable` constructors. ([#2117](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2117)) +- `Pausable`: moved to the `utils` directory. ([#2122](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2122)) +- `Strings`: moved to the `utils` directory. ([#2122](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2122)) +- `Counters`: moved to the `utils` directory. ([#2122](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2122)) +- `SignedSafeMath`: moved to the `math` directory. ([#2122](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2122)) +- `ERC20Snapshot`: moved to the `token/ERC20` directory. `snapshot` was changed into an `internal` function. ([#2122](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2122)) +- `Ownable`: moved to the `access` directory. ([#2120](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2120)) +- `Ownable`: removed `isOwner`. ([#2120](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2120)) +- `Secondary`: removed from the library, use `Ownable` instead. ([#2120](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2120)) +- `Escrow`, `ConditionalEscrow`, `RefundEscrow`: these now use `Ownable` instead of `Secondary`, their external API changed accordingly. ([#2120](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2120)) +- `ERC20`: removed `_burnFrom`. ([#2119](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2119)) +- `Address`: removed `toPayable`, use `payable(address)` instead. ([#2133](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2133)) +- `ERC777`: `_send`, `_mint` and `_burn` now use the caller as the operator. ([#2134](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2134)) +- `ERC777`: removed `_callsTokensToSend` and `_callTokensReceived`. ([#2134](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2134)) +- `EnumerableSet`: renamed `get` to `at`. ([#2151](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2151)) +- `ERC165Checker`: functions no longer have a leading underscore. ([#2150](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2150)) +- `ERC721Metadata`, `ERC721Enumerable`: these contracts were removed, and their functionality merged into `ERC721`. ([#2160](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2160)) +- `ERC721`: added a constructor for `name` and `symbol`. ([#2160](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2160)) +- `ERC20Detailed`: this contract was removed and its functionality merged into `ERC20`. ([#2161](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2161)) +- `ERC20`: added a constructor for `name` and `symbol`. `decimals` now defaults to 18. ([#2161](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2161)) +- `Strings`: renamed `fromUint256` to `toString` ([#2188](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2188)) + +## 2.5.1 (2020-04-24) + +### Bugfixes + +- `ERC777`: fixed the `_send` and `_approve` internal functions not validating some of their arguments for non-zero addresses. ([#2212](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2212)) + +## 2.5.0 (2020-02-04) + +### New features + +- `SafeCast.toUintXX`: new library for integer downcasting, which allows for safe operation on smaller types (e.g. `uint32`) when combined with `SafeMath`. ([#1926](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1926)) +- `ERC721Metadata`: added `baseURI`, which can be used for dramatic gas savings when all token URIs share a prefix (e.g. `http://api.myapp.com/tokens/`). ([#1970](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1970)) +- `EnumerableSet`: new library for storing enumerable sets of values. Only `AddressSet` is supported in this release. ([#2061](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/2061)) +- `Create2`: simple library to make usage of the `CREATE2` opcode easier. ([#1744](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1744)) + +### Improvements + +- `ERC777`: `_burn` is now internal, providing more flexibility and making it easier to create tokens that deflate. ([#1908](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1908)) +- `ReentrancyGuard`: greatly improved gas efficiency by using the net gas metering mechanism introduced in the Istanbul hardfork. ([#1992](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1992), [#1996](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1996)) +- `ERC777`: improve extensibility by making `_send` and related functions `internal`. ([#2027](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2027)) +- `ERC721`: improved revert reason when transferring tokens to a non-recipient contract. ([#2018](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2018)) + +### Breaking changes + +- `ERC165Checker` now requires a minimum Solidity compiler version of 0.5.10. ([#1829](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1829)) + +## 2.4.0 (2019-10-29) + +### New features + +- `Address.toPayable`: added a helper to convert between address types without having to resort to low-level casting. ([#1773](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1773)) +- Facilities to make metatransaction-enabled contracts through the Gas Station Network. ([#1844](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1844)) +- `Address.sendValue`: added a replacement to Solidity's `transfer`, removing the fixed gas stipend. ([#1962](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1962)) +- Added replacement for functions that don't forward all gas (which have been deprecated): ([#1976](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1976)) + - `PullPayment.withdrawPaymentsWithGas(address payable payee)` + - `Escrow.withdrawWithGas(address payable payee)` +- `SafeMath`: added support for custom error messages to `sub`, `div` and `mod` functions. ([#1828](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1828)) + +### Improvements + +- `Address.isContract`: switched from `extcodesize` to `extcodehash` for less gas usage. ([#1802](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1802)) +- `ERC20` and `ERC777` updated to throw custom errors on subtraction overflows. ([#1828](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1828)) + +### Deprecations + +- Deprecated functions that don't forward all gas: ([#1976](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1976)) + - `PullPayment.withdrawPayments(address payable payee)` + - `Escrow.withdraw(address payable payee)` + +### Breaking changes + +- `Address` now requires a minimum Solidity compiler version of 0.5.5. ([#1802](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1802)) +- `SignatureBouncer` has been removed from drafts, both to avoid confusions with the GSN and `GSNRecipientSignature` (previously called `GSNBouncerSignature`) and because the API was not very clear. ([#1879](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1879)) + +### How to upgrade from 2.4.0-beta + +The final 2.4.0 release includes a refactor of the GSN contracts that will be a breaking change for 2.4.0-beta users. + +- The default empty implementations of `_preRelayedCall` and `_postRelayedCall` were removed and must now be explicitly implemented always in custom recipients. If your custom recipient didn't include an implementation, you can provide an empty one. +- `GSNRecipient`, `GSNBouncerBase`, and `GSNContext` were all merged into `GSNRecipient`. +- `GSNBouncerSignature` and `GSNBouncerERC20Fee` were renamed to `GSNRecipientSignature` and `GSNRecipientERC20Fee`. +- It is no longer necessary to inherit from `GSNRecipient` when using `GSNRecipientSignature` and `GSNRecipientERC20Fee`. + +For example, a contract using `GSNBouncerSignature` would have to be changed in the following way. + +```diff +-contract MyDapp is GSNRecipient, GSNBouncerSignature { ++contract MyDapp is GSNRecipientSignature { +``` + +Refer to the table below to adjust your inheritance list. + +| 2.4.0-beta | 2.4.0 | +| ----------------------------------- | ----------------------- | +| `GSNRecipient, GSNBouncerSignature` | `GSNRecipientSignature` | +| `GSNRecipient, GSNBouncerERC20Fee` | `GSNRecipientERC20Fee` | +| `GSNBouncerBase` | `GSNRecipient` | + +## 2.3.0 (2019-05-27) + +### New features + +- `ERC1820`: added support for interacting with the [ERC1820](https://eips.ethereum.org/EIPS/eip-1820) registry contract (`IERC1820Registry`), as well as base contracts that can be registered as implementers there. ([#1677](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1677)) +- `ERC777`: support for the [ERC777 token](https://eips.ethereum.org/EIPS/eip-777), which has multiple improvements over `ERC20` (but is backwards compatible with it) such as built-in burning, a more straightforward permission system, and optional sender and receiver hooks on transfer (mandatory for contracts!). ([#1684](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1684)) +- All contracts now have revert reason strings, which give insight into error conditions, and help debug failing transactions. ([#1704](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1704)) + +### Improvements + +- Reverted the Solidity version bump done in v2.2.0, setting the minimum compiler version to v0.5.0, to prevent unexpected build breakage. Users are encouraged however to stay on top of new compiler releases, which usually include bugfixes. ([#1729](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1729)) + +### Bugfixes + +- `PostDeliveryCrowdsale`: some validations where skipped when paired with other crowdsale flavors, such as `AllowanceCrowdsale`, or `MintableCrowdsale` and `ERC20Capped`, which could cause buyers to not be able to claim their purchased tokens. ([#1721](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1721)) +- `ERC20._transfer`: the `from` argument was allowed to be the zero address, so it was possible to internally trigger a transfer of 0 tokens from the zero address. This address is not a valid destinatary of transfers, nor can it give or receive allowance, so this behavior was inconsistent. It now reverts. ([#1752](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1752)) + +## 2.2.0 (2019-03-14) + +### New features + +- `ERC20Snapshot`: create snapshots on demand of the token balances and total supply, to later retrieve and e.g. calculate dividends at a past time. ([#1617](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1617)) +- `SafeERC20`: `ERC20` contracts with no return value (i.e. that revert on failure) are now supported. ([#1655](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1655)) +- `ERC20`: added internal `_approve(address owner, address spender, uint256 value)`, allowing derived contracts to set the allowance of arbitrary accounts. ([#1609](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1609)) +- `ERC20Metadata`: added internal `_setTokenURI(string memory tokenURI)`. ([#1618](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1618)) +- `TimedCrowdsale`: added internal `_extendTime(uint256 newClosingTime)` as well as `TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime)` event allowing to extend the crowdsale, as long as it hasn't already closed. + +### Improvements + +- Upgraded the minimum compiler version to v0.5.2: this removes many Solidity warnings that were false positives. ([#1606](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1606)) +- `ECDSA`: `recover` no longer accepts malleable signatures (those using upper-range values for `s`, or 0/1 for `v`). ([#1622](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1622)) +- `ERC721`'s transfers are now more gas efficient due to removal of unnecessary `SafeMath` calls. ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610)) +- Fixed variable shadowing issues. ([#1606](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1606)) + +### Bugfixes + +- (minor) `SafeERC20`: `safeApprove` wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. ([#1647](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1647)) + +### Breaking changes in drafts + +- `TokenMetadata` has been renamed to `ERC20Metadata`. ([#1618](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1618)) +- The library `Counter` has been renamed to `Counters` and its API has been improved. See an example in `ERC721`, lines [17](https://github.com/OpenZeppelin/openzeppelin-solidity/blob/3cb4a00fce1da76196ac0ac3a0ae9702b99642b5/contracts/token/ERC721/ERC721.sol#L17) and [204](https://github.com/OpenZeppelin/openzeppelin-solidity/blob/3cb4a00fce1da76196ac0ac3a0ae9702b99642b5/contracts/token/ERC721/ERC721.sol#L204). ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610)) + +## 2.1.3 (2019-02-26) + +- Backported `SafeERC20.safeApprove` bugfix. ([#1647](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1647)) + +## 2.1.2 (2019-01-17) + +- Removed most of the test suite from the npm package, except `PublicRole.behavior.js`, which may be useful to users testing their own `Roles`. + +## 2.1.1 (2019-01-04) + +- Version bump to avoid conflict in the npm registry. + +## 2.1.0 (2019-01-04) + +### New features + +- Now targeting the 0.5.x line of Solidity compilers. For 0.4.24 support, use version 2.0 of OpenZeppelin. +- `WhitelistCrowdsale`: a crowdsale where only whitelisted accounts (`WhitelistedRole`) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelist admins (`WhitelistAdminRole`). Similar to the pre-2.0 `WhitelistedCrowdsale`. ([#1525](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1525), [#1589](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1589)) +- `RefundablePostDeliveryCrowdsale`: replacement for `RefundableCrowdsale` (deprecated, see below) where tokens are only granted once the crowdsale ends (if it meets its goal). ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543)) +- `PausableCrowdsale`: allows for pausers (`PauserRole`) to pause token purchases. Other crowdsale operations (e.g. withdrawals and refunds, if applicable) are not affected. ([#832](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/832)) +- `ERC20`: `transferFrom` and `_burnFrom ` now emit `Approval` events, to represent the token's state comprehensively through events. ([#1524](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1524)) +- `ERC721`: added `_burn(uint256 tokenId)`, replacing the similar deprecated function (see below). ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550)) +- `ERC721`: added `_tokensOfOwner(address owner)`, allowing to internally retrieve the array of an account's owned tokens. ([#1522](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1522)) +- Crowdsales: all constructors are now `public`, meaning it is not necessary to extend these contracts in order to deploy them. The exception is `FinalizableCrowdsale`, since it is meaningless unless extended. ([#1564](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1564)) +- `SignedSafeMath`: added overflow-safe operations for signed integers (`int256`). ([#1559](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1559), [#1588](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1588)) + +### Improvements + +- The compiler version required by `Array` was behind the rest of the library so it was updated to `v0.4.24`. ([#1553](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1553)) +- Now conforming to a 4-space indentation code style. ([1508](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1508)) +- `ERC20`: more gas efficient due to removed redundant `require`s. ([#1409](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1409)) +- `ERC721`: fixed a bug that prevented internal data structures from being properly cleaned, missing potential gas refunds. ([#1539](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1539) and [#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549)) +- `ERC721`: general gas savings on `transferFrom`, `_mint` and `_burn`, due to redundant `require`s and `SSTORE`s. ([#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549)) + +### Bugfixes + +### Breaking changes + +### Deprecations + +- `ERC721._burn(address owner, uint256 tokenId)`: due to the `owner` parameter being unnecessary. ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550)) +- `RefundableCrowdsale`: due to trading abuse potential on crowdsales that miss their goal. ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543)) diff --git a/dependencies/@openzeppelin/CODE_OF_CONDUCT.md b/dependencies/@openzeppelin/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..f7cdce98 --- /dev/null +++ b/dependencies/@openzeppelin/CODE_OF_CONDUCT.md @@ -0,0 +1,73 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socioeconomic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at contact@openzeppelin.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/dependencies/@openzeppelin/CONTRIBUTING.md b/dependencies/@openzeppelin/CONTRIBUTING.md new file mode 100644 index 00000000..1a44cc27 --- /dev/null +++ b/dependencies/@openzeppelin/CONTRIBUTING.md @@ -0,0 +1,36 @@ +# Contributing Guidelines + +There are many ways to contribute to OpenZeppelin Contracts. + +## Troubleshooting + +You can help other users in the community to solve their smart contract issues in the [OpenZeppelin Forum]. + +[OpenZeppelin Forum]: https://forum.openzeppelin.com/ + +## Opening an issue + +You can [open an issue] to suggest a feature or report a minor bug. For serious bugs please do not open an issue, instead refer to our [security policy] for appropriate steps. + +If you believe your issue may be due to user error and not a problem in the library, consider instead posting a question on the [OpenZeppelin Forum]. + +Before opening an issue, be sure to search through the existing open and closed issues, and consider posting a comment in one of those instead. + +When requesting a new feature, include as many details as you can, especially around the use cases that motivate it. Features are prioritized according to the impact they may have on the ecosystem, so we appreciate information showing that the impact could be high. + +[security policy]: https://github.com/OpenZeppelin/openzeppelin-contracts/security +[open an issue]: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/new/choose + +## Submitting a pull request + +If you would like to contribute code or documentation you may do so by forking the repository and submitting a pull request. + +Any non-trivial code contribution must be first discussed with the maintainers in an issue (see [Opening an issue](#opening-an-issue)). Only very minor changes are accepted without prior discussion. + +Make sure to read and follow the [engineering guidelines](./GUIDELINES.md). Run linter and tests to make sure your pull request is good before submitting it. + +Changelog entries should be added to each pull request by using [Changesets](https://github.com/changesets/changesets/). + +When opening the pull request you will be presented with a template and a series of instructions. Read through it carefully and follow all the steps. Expect a review and feedback from the maintainers afterwards. + +If you're looking for a good place to start, look for issues labelled ["good first issue"](https://github.com/OpenZeppelin/openzeppelin-contracts/labels/good%20first%20issue)! diff --git a/dependencies/@openzeppelin/FUNDING.json b/dependencies/@openzeppelin/FUNDING.json new file mode 100644 index 00000000..c6728621 --- /dev/null +++ b/dependencies/@openzeppelin/FUNDING.json @@ -0,0 +1,7 @@ +{ + "drips": { + "ethereum": { + "ownedBy": "0xAeb37910f93486C85A1F8F994b67E8187554d664" + } + } +} diff --git a/dependencies/@openzeppelin/GUIDELINES.md b/dependencies/@openzeppelin/GUIDELINES.md new file mode 100644 index 00000000..a1418d65 --- /dev/null +++ b/dependencies/@openzeppelin/GUIDELINES.md @@ -0,0 +1,155 @@ +# Engineering Guidelines + +## Testing + +Code must be thoroughly tested with quality unit tests. + +We defer to the [Moloch Testing Guide](https://github.com/MolochVentures/moloch/tree/master/test#readme) for specific recommendations, though not all of it is relevant here. Note the introduction: + +> Tests should be written, not only to verify correctness of the target code, but to be comprehensively reviewed by other programmers. Therefore, for mission critical Solidity code, the quality of the tests are just as important (if not more so) than the code itself, and should be written with the highest standards of clarity and elegance. + +Every addition or change to the code must come with relevant and comprehensive tests. + +Refactors should avoid simultaneous changes to tests. + +Flaky tests are not acceptable. + +The test suite should run automatically for every change in the repository, and in pull requests tests must pass before merging. + +The test suite coverage must be kept as close to 100% as possible, enforced in pull requests. + +In some cases unit tests may be insufficient and complementary techniques should be used: + +1. Property-based tests (aka. fuzzing) for math-heavy code. +2. Formal verification for state machines. + +## Code style + +Solidity code should be written in a consistent format enforced by a linter, following the official [Solidity Style Guide](https://docs.soliditylang.org/en/latest/style-guide.html). See below for further [Solidity Conventions](#solidity-conventions). + +The code should be simple and straightforward, prioritizing readability and understandability. Consistency and predictability should be maintained across the codebase. In particular, this applies to naming, which should be systematic, clear, and concise. + +Sometimes these guidelines may be broken if doing so brings significant efficiency gains, but explanatory comments should be added. + +Modularity should be pursued, but not at the cost of the above priorities. + +## Documentation + +For contributors, project guidelines and processes must be documented publicly. + +For users, features must be abundantly documented. Documentation should include answers to common questions, solutions to common problems, and recommendations for critical decisions that the user may face. + +All changes to the core codebase (excluding tests, auxiliary scripts, etc.) must be documented in a changelog, except for purely cosmetic or documentation changes. + +## Peer review + +All changes must be submitted through pull requests and go through peer code review. + +The review must be approached by the reviewer in a similar way as if it was an audit of the code in question (but importantly it is not a substitute for and should not be considered an audit). + +Reviewers should enforce code and project guidelines. + +External contributions must be reviewed separately by multiple maintainers. + +## Automation + +Automation should be used as much as possible to reduce the possibility of human error and forgetfulness. + +Automations that make use of sensitive credentials must use secure secret management, and must be strengthened against attacks such as [those on GitHub Actions worklows](https://github.com/nikitastupin/pwnhub). + +Some other examples of automation are: + +- Looking for common security vulnerabilities or errors in our code (eg. reentrancy analysis). +- Keeping dependencies up to date and monitoring for vulnerable dependencies. + +## Pull requests + +Pull requests are squash-merged to keep the `master` branch history clean. The title of the pull request becomes the commit message, so it should be written in a consistent format: + +1) Begin with a capital letter. +2) Do not end with a period. +3) Write in the imperative: "Add feature X" and not "Adds feature X" or "Added feature X". + +This repository does not follow conventional commits, so do not prefix the title with "fix:" or "feat:". + +Work in progress pull requests should be submitted as Drafts and should not be prefixed with "WIP:". + +Branch names don't matter, and commit messages within a pull request mostly don't matter either, although they can help the review process. + +# Solidity Conventions + +In addition to the official Solidity Style Guide we have a number of other conventions that must be followed. + +* All state variables should be private. + + Changes to state should be accompanied by events, and in some cases it is not correct to arbitrarily set state. Encapsulating variables as private and only allowing modification via setters enables us to ensure that events and other rules are followed reliably and prevents this kind of user error. + +* Internal or private state variables or functions should have an underscore prefix. + + ```solidity + contract TestContract { + uint256 private _privateVar; + uint256 internal _internalVar; + function _testInternal() internal { ... } + function _testPrivate() private { ... } + } + ``` + +* Functions should be declared virtual, with few exceptions listed below. The + contract logic should be written considering that these functions may be + overridden by developers, e.g. getting a value using an internal getter rather + than reading directly from a state variable. + + If function A is an "alias" of function B, i.e. it invokes function B without + significant additional logic, then function A should not be virtual so that + any user overrides are implemented on B, preventing inconsistencies. + +* Events should generally be emitted immediately after the state change that they + represent, and should be named in the past tense. Some exceptions may be made for gas + efficiency if the result doesn't affect observable ordering of events. + + ```solidity + function _burn(address who, uint256 value) internal { + super._burn(who, value); + emit TokensBurned(who, value); + } + ``` + + Some standards (e.g. ERC-20) use present tense, and in those cases the + standard specification is used. + +* Interface names should have a capital I prefix. + + ```solidity + interface IERC777 { + ``` + +* Contracts not intended to be used standalone should be marked abstract + so they are required to be inherited to other contracts. + + ```solidity + abstract contract AccessControl is ..., { + ``` + +* Return values are generally not named, unless they are not immediately clear or there are multiple return values. + + ```solidity + function expiration() public view returns (uint256) { // Good + function hasRole() public view returns (bool isMember, uint32 currentDelay) { // Good + ``` + +* Unchecked arithmetic blocks should contain comments explaining why overflow is guaranteed not to happen. If the reason is immediately apparent from the line above the unchecked block, the comment may be omitted. + +* Custom errors should be declared following the [EIP-6093](https://eips.ethereum.org/EIPS/eip-6093) rationale whenever reasonable. Also, consider the following: + + * The domain prefix should be picked in the following order: + 1. Use `ERC` if the error is a violation of an ERC specification. + 2. Use the name of the underlying component where it belongs (eg. `Governor`, `ECDSA`, or `Timelock`). + + * The location of custom errors should be decided in the following order: + 1. Take the errors from their underlying ERCs if they're already defined. + 2. Declare the errors in the underlying interface/library if the error makes sense in its context. + 3. Declare the error in the implementation if the underlying interface/library is not suitable to do so (eg. interface/library already specified in an ERC). + 4. Declare the error in an extension if the error only happens in such extension or child contracts. + + * Custom error names should not be declared twice along the library to avoid duplicated identifier declarations when inheriting from multiple contracts. diff --git a/dependencies/@openzeppelin/LICENSE b/dependencies/@openzeppelin/LICENSE new file mode 100644 index 00000000..b2fee8f2 --- /dev/null +++ b/dependencies/@openzeppelin/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2016-2024 Zeppelin Group Ltd + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/dependencies/@openzeppelin/README.md b/dependencies/@openzeppelin/README.md new file mode 100644 index 00000000..fa7b4e31 --- /dev/null +++ b/dependencies/@openzeppelin/README.md @@ -0,0 +1,107 @@ +# OpenZeppelin + +[![NPM Package](https://img.shields.io/npm/v/@openzeppelin/contracts.svg)](https://www.npmjs.org/package/@openzeppelin/contracts) +[![Coverage Status](https://codecov.io/gh/OpenZeppelin/openzeppelin-contracts/graph/badge.svg)](https://codecov.io/gh/OpenZeppelin/openzeppelin-contracts) +[![GitPOAPs](https://public-api.gitpoap.io/v1/repo/OpenZeppelin/openzeppelin-contracts/badge)](https://www.gitpoap.io/gh/OpenZeppelin/openzeppelin-contracts) +[![Docs](https://img.shields.io/badge/docs-%F0%9F%93%84-yellow)](https://docs.openzeppelin.com/contracts) +[![Forum](https://img.shields.io/badge/forum-%F0%9F%92%AC-yellow)](https://docs.openzeppelin.com/contracts) + +**A library for secure smart contract development.** Build on a solid foundation of community-vetted code. + + * Implementations of standards like [ERC20](https://docs.openzeppelin.com/contracts/erc20) and [ERC721](https://docs.openzeppelin.com/contracts/erc721). + * Flexible [role-based permissioning](https://docs.openzeppelin.com/contracts/access-control) scheme. + * Reusable [Solidity components](https://docs.openzeppelin.com/contracts/utilities) to build custom contracts and complex decentralized systems. + +:mage: **Not sure how to get started?** Check out [Contracts Wizard](https://wizard.openzeppelin.com/) β€” an interactive smart contract generator. + +:building_construction: **Want to scale your decentralized application?** Check out [OpenZeppelin Defender](https://openzeppelin.com/defender) β€” a mission-critical developer security platform to code, audit, deploy, monitor, and operate with confidence. + +> [!IMPORTANT] +> OpenZeppelin Contracts uses semantic versioning to communicate backwards compatibility of its API and storage layout. For upgradeable contracts, the storage layout of different major versions should be assumed incompatible, for example, it is unsafe to upgrade from 4.9.3 to 5.0.0. Learn more at [Backwards Compatibility](https://docs.openzeppelin.com/contracts/backwards-compatibility). + +## Overview + +### Installation + +#### Hardhat (npm) + +``` +$ npm install @openzeppelin/contracts +``` + +#### Foundry (git) + +> [!WARNING] +> When installing via git, it is a common error to use the `master` branch. This is a development branch that should be avoided in favor of tagged releases. The release process involves security measures that the `master` branch does not guarantee. + +> [!WARNING] +> Foundry installs the latest version initially, but subsequent `forge update` commands will use the `master` branch. + +``` +$ forge install OpenZeppelin/openzeppelin-contracts +``` + +Add `@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/` in `remappings.txt.` + +### Usage + +Once installed, you can use the contracts in the library by importing them: + +```solidity +pragma solidity ^0.8.20; + +import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol"; + +contract MyCollectible is ERC721 { + constructor() ERC721("MyCollectible", "MCO") { + } +} +``` + +_If you're new to smart contract development, head to [Developing Smart Contracts](https://docs.openzeppelin.com/learn/developing-smart-contracts) to learn about creating a new project and compiling your contracts._ + +To keep your system secure, you should **always** use the installed code as-is, and neither copy-paste it from online sources nor modify it yourself. The library is designed so that only the contracts and functions you use are deployed, so you don't need to worry about it needlessly increasing gas costs. + +## Learn More + +The guides in the [documentation site](https://docs.openzeppelin.com/contracts) will teach about different concepts, and how to use the related contracts that OpenZeppelin Contracts provides: + +* [Access Control](https://docs.openzeppelin.com/contracts/access-control): decide who can perform each of the actions on your system. +* [Tokens](https://docs.openzeppelin.com/contracts/tokens): create tradeable assets or collectives, and distribute them via [Crowdsales](https://docs.openzeppelin.com/contracts/crowdsales). +* [Utilities](https://docs.openzeppelin.com/contracts/utilities): generic useful tools including non-overflowing math, signature verification, and trustless paying systems. + +The [full API](https://docs.openzeppelin.com/contracts/api/token/ERC20) is also thoroughly documented, and serves as a great reference when developing your smart contract application. You can also ask for help or follow Contracts's development in the [community forum](https://forum.openzeppelin.com). + +Finally, you may want to take a look at the [guides on our blog](https://blog.openzeppelin.com/), which cover several common use cases and good practices. The following articles provide great background reading, though please note that some of the referenced tools have changed, as the tooling in the ecosystem continues to rapidly evolve. + +* [The Hitchhiker’s Guide to Smart Contracts in Ethereum](https://blog.openzeppelin.com/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05) will help you get an overview of the various tools available for smart contract development, and help you set up your environment. +* [A Gentle Introduction to Ethereum Programming, Part 1](https://blog.openzeppelin.com/a-gentle-introduction-to-ethereum-programming-part-1-783cc7796094) provides very useful information on an introductory level, including many basic concepts from the Ethereum platform. +* For a more in-depth dive, you may read the guide [Designing the Architecture for Your Ethereum Application](https://blog.openzeppelin.com/designing-the-architecture-for-your-ethereum-application-9cec086f8317), which discusses how to better structure your application and its relationship to the real world. + +## Security + +This project is maintained by [OpenZeppelin](https://openzeppelin.com) with the goal of providing a secure and reliable library of smart contract components for the ecosystem. We address security through risk management in various areas such as engineering and open source best practices, scoping and API design, multi-layered review processes, and incident response preparedness. + +The [OpenZeppelin Contracts Security Center](https://contracts.openzeppelin.com/security) contains more details about the secure development process. + +The security policy is detailed in [`SECURITY.md`](./SECURITY.md) as well, and specifies how you can report security vulnerabilities, which versions will receive security patches, and how to stay informed about them. We run a [bug bounty program on Immunefi](https://immunefi.com/bounty/openzeppelin) to reward the responsible disclosure of vulnerabilities. + +The engineering guidelines we follow to promote project quality can be found in [`GUIDELINES.md`](./GUIDELINES.md). + +Past audits can be found in [`audits/`](./audits). + +Smart contracts are a nascent technology and carry a high level of technical risk and uncertainty. Although OpenZeppelin is well known for its security audits, using OpenZeppelin Contracts is not a substitute for a security audit. + +OpenZeppelin Contracts is made available under the MIT License, which disclaims all warranties in relation to the project and which limits the liability of those that contribute and maintain the project, including OpenZeppelin. As set out further in the Terms, you acknowledge that you are solely responsible for any use of OpenZeppelin Contracts and you assume all risks associated with any such use. + +## Contribute + +OpenZeppelin Contracts exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the [contribution guide](CONTRIBUTING.md)! + +## License + +OpenZeppelin Contracts is released under the [MIT License](LICENSE). + +## Legal + +Your use of this Project is governed by the terms found at www.openzeppelin.com/tos (the "Terms"). diff --git a/dependencies/@openzeppelin/RELEASING.md b/dependencies/@openzeppelin/RELEASING.md new file mode 100644 index 00000000..06dd218e --- /dev/null +++ b/dependencies/@openzeppelin/RELEASING.md @@ -0,0 +1,45 @@ +# Releasing + +OpenZeppelin Contracts uses a fully automated release process that takes care of compiling, packaging, and publishing the library, all of which is carried out in a clean CI environment (GitHub Actions), implemented in the ([`release-cycle`](.github/workflows/release-cycle.yml)) workflow. This helps to reduce the potential for human error and inconsistencies, and ensures that the release process is ongoing and reliable. + +## Changesets + +[Changesets](https://github.com/changesets/changesets/) is used as part of our release process for `CHANGELOG.md` management. Each change that is relevant for the codebase is expected to include a changeset. + +## Branching model + +The release cycle happens on release branches called `release-vX.Y`. Each of these branches starts as a release candidate (rc) and is eventually promoted to final. + +A release branch can be updated with cherry-picked patches from `master`, or may sometimes be committed to directly in the case of old releases. These commits will lead to a new release candidate or a patch increment depending on the state of the release branch. + +```mermaid + %%{init: {'gitGraph': {'mainBranchName': 'master'}} }%% + gitGraph + commit id: "Feature A" + commit id: "Feature B" + branch release-vX.Y + commit id: "Start release" + commit id: "Release vX.Y.0-rc.0" + + checkout master + commit id: "Feature C" + commit id: "Fix A" + + checkout release-vX.Y + cherry-pick id: "Fix A" tag: "" + commit id: "Release vX.Y.0-rc.1" + commit id: "Release vX.Y.0" + + checkout master + merge release-vX.Y + commit id: "Feature D" + commit id: "Patch B" + + checkout release-vX.Y + cherry-pick id: "Patch B" tag: "" + commit id: "Release vX.Y.1" + + checkout master + merge release-vX.Y + commit id: "Feature E" +``` diff --git a/dependencies/@openzeppelin/SECURITY.md b/dependencies/@openzeppelin/SECURITY.md new file mode 100644 index 00000000..9922c45e --- /dev/null +++ b/dependencies/@openzeppelin/SECURITY.md @@ -0,0 +1,43 @@ +# Security Policy + +Security vulnerabilities should be disclosed to the project maintainers through [Immunefi], or alternatively by email to security@openzeppelin.com. + +[Immunefi]: https://immunefi.com/bounty/openzeppelin + +## Bug Bounty + +Responsible disclosure of security vulnerabilities is rewarded through a bug bounty program on [Immunefi]. + +There is a bonus reward for issues introduced in release candidates that are reported before making it into a stable release. Learn more about release candidates at [`RELEASING.md`](./RELEASING.md). + +## Security Patches + +Security vulnerabilities will be patched as soon as responsibly possible, and published as an advisory on this repository (see [advisories]) and on the affected npm packages. + +[advisories]: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories + +Projects that build on OpenZeppelin Contracts are encouraged to clearly state, in their source code and websites, how to be contacted about security issues in the event that a direct notification is considered necessary. We recommend including it in the NatSpec for the contract as `/// @custom:security-contact security@example.com`. + +Additionally, we recommend installing the library through npm and setting up vulnerability alerts such as [Dependabot]. + +[Dependabot]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security#what-is-dependabot + +### Supported Versions + +Security patches will be released for the latest minor of a given major release. For example, if an issue is found in versions >=4.6.0 and the latest is 4.8.0, the patch will be released only in version 4.8.1. + +Only critical severity bug fixes will be backported to past major releases. + +| Version | Critical security fixes | Other security fixes | +| ------- | ----------------------- | -------------------- | +| 5.x | :white_check_mark: | :white_check_mark: | +| 4.9 | :white_check_mark: | :x: | +| 3.4 | :white_check_mark: | :x: | +| 2.5 | :x: | :x: | +| < 2.0 | :x: | :x: | + +Note as well that the Solidity language itself only guarantees security updates for the latest release. + +## Legal + +Smart contracts are a nascent technology and carry a high level of technical risk and uncertainty. OpenZeppelin Contracts is made available under the MIT License, which disclaims all warranties in relation to the project and which limits the liability of those that contribute and maintain the project, including OpenZeppelin. Your use of the project is also governed by the terms found at www.openzeppelin.com/tos (the "Terms"). As set out in the Terms, you are solely responsible for any use of OpenZeppelin Contracts and you assume all risks associated with any such use. This Security Policy in no way evidences or represents an on-going duty by any contributor, including OpenZeppelin, to correct any flaws or alert you to all or any of the potential risks of utilizing the project. diff --git a/dependencies/@openzeppelin/audits/2017-03.md b/dependencies/@openzeppelin/audits/2017-03.md new file mode 100644 index 00000000..4cd6dbfd --- /dev/null +++ b/dependencies/@openzeppelin/audits/2017-03.md @@ -0,0 +1,292 @@ +# OpenZeppelin Audit + +NOTE ON 2021-07-19: This report makes reference to Zeppelin, OpenZeppelin, OpenZeppelin Contracts, the OpenZeppelin team, and OpenZeppelin library. Many of these things have since been renamed and know that this audit applies to what is currently called the OpenZeppelin Contracts which are maintained by the OpenZeppelin Contracts Community. + +March, 2017 +Authored by Dennis Peterson and Peter Vessenes + +# Introduction + +Zeppelin requested that New Alchemy perform an audit of the contracts in their OpenZeppelin library. The OpenZeppelin contracts are a set of contracts intended to be a safe building block for a variety of uses by parties that may not be as sophisticated as the OpenZeppelin team. It is a design goal that the contracts be deployable safely and "as-is". + +The contracts are hosted at: + +https://github.com/OpenZeppelin/zeppelin-solidity + +All the contracts in the "contracts" folder are in scope. + +The git commit hash we evaluated is: +9c5975a706b076b7000e8179f8101e0c61024c87 + +# Disclaimer + +The audit makes no statements or warrantees about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about fitness of the contracts to purpose, or their bugfree status. The audit documentation is for discussion purposes only. + +# Executive Summary + +Overall the OpenZeppelin codebase is of reasonably high quality -- it is clean, modular and follows best practices throughout. + +It is still in flux as a codebase, and needs better documentation per file as to expected behavior and future plans. It probably needs more comprehensive and aggressive tests written by people less nice than the current OpenZeppelin team. + +We identified two critical errors and one moderate issue, and would not recommend this commit hash for public use until these bugs are remedied. + +The repository includes a set of Truffle unit tests, a requirement and best practice for smart contracts like these; we recommend these be bulked up. + +# Discussion + +## Big Picture: Is This A Worthwhile Project? + +As soon as a developer touches OpenZeppelin contracts, they will modify something, leaving them in an un-audited state. We do not recommend developers deploy any unaudited code to the Blockchain if it will handle money, information or other things of value. + +> "In accordance with Unix philosophy, Perl gives you enough rope to hang yourself" +> --Larry Wall + +We think this is an incredibly worthwhile project -- aided by the high code quality. Creating a framework that can be easily extended helps increase the average code quality on the Blockchain by charting a course for developers and encouraging containment of modifications to certain sections. + +> "Rust: The language that makes you take the safety off before shooting yourself in the foot" +> -- (@mbrubeck) + +We think much more could be done here, and recommend the OpenZeppelin team keep at this and keep focusing on the design goal of removing rope and adding safety. + +## Solidity Version Updates Recommended + +Most of the code uses Solidity 0.4.11, but some files under `Ownership` are marked 0.4.0. These should be updated. + +Solidity 0.4.10 will add several features which could be useful in these contracts: + +- `assert(condition)`, which throws if the condition is false + +- `revert()`, which rolls back without consuming all remaining gas. + +- `address.transfer(value)`, which is like `send` but automatically propagates exceptions, and supports `.gas()`. See https://github.com/ethereum/solidity/issues/610 for more on this. + +## Error Handling: Throw vs Return False +Solidity standards allow two ways to handle an error -- either calling `throw` or returning `false`. Both have benefits. In particular, a `throw` guarantees a complete wipe of the call stack (up to the preceding external call), whereas `false` allows a function to continue. + +In general we prefer `throw` in our code audits, because it is simpler -- it's less for an engineer to keep track of. Returning `false` and using logic to check results can quickly become a poorly-tracked state machine, and this sort of complexity can cause errors. + +In the OpenZeppelin contracts, both styles are used in different parts of the codebase. `SimpleToken` transfers throw upon failure, while the full ERC20 token returns `false`. Some modifiers `throw`, others just wrap the function body in a conditional, effectively allowing the function to return false if the condition is not met. + +We don't love this, and would usually recommend you stick with one style or the other throughout the codebase. + +In at least one case, these different techniques are combined cleverly (see the Multisig comments, line 65). As a set of contracts intended for general use, we recommend you either strive for more consistency or document explicit design criteria that govern which techniques are used where. + +Note that it may be impossible to use either one in all situations. For example, SafeMath functions pretty much have to throw upon failure, but ERC20 specifies returning booleans. Therefore we make no particular recommendations, but simply point out inconsistencies to consider. + +# Critical Issues + +## Stuck Ether in Crowdsale contract +CrowdsaleToken.sol has no provision for withdrawing the raised ether. We *strongly* recommend a standard `withdraw` function be added. There is no scenario in which someone should deploy this contract as is, whether for testing or live. + +## Recursive Call in MultisigWallet +Line 45 of `MultisigWallet.sol` checks if the amount being sent by `execute` is under a daily limit. + +This function can only be called by the "Owner". As a first angle of attack, it's worth asking what will happen if the multisig wallet owners reset the daily limit by approving a call to `resetSpentToday`. + +If a chain of calls can be constructed in which the owner confirms the `resetSpentToday` function and then withdraws through `execute` in a recursive call, the contract can be drained. In fact, this could be done without a recursive call, just through repeated `execute` calls alternating with the `confirm` calls. + +We are still working through the confirmation protocol in `Shareable.sol`, but we are not convinced that this is impossible, in fact it looks possible. The flexibility any shared owner has in being able to revoke confirmation later is another worrisome angle of approach even if some simple patches are included. + +This bug has a number of causes that need to be addressed: + +1. `resetSpentToday` and `confirm` together do not limit the days on which the function can be called or (it appears) the number of times it can be called. +1. Once a call has been confirmed and `execute`d it appears that it can be re-executed. This is not good. +3. `confirmandCheck` doesn't seem to have logic about whether or not the function in question has been called. +4. Even if it did, `revoke` would need updates and logic to deal with revocation requests after a function call had been completed. + +We do not recommend using the MultisigWallet until these issues are fixed. + +# Moderate to Minor Issues + +## PullPayment +PullPayment.sol needs some work. It has no explicit provision for cancelling a payment. This would be desirable in a number of scenarios; consider a payee losing their wallet, or giving a griefing address, or just an address that requires more than the default gas offered by `send`. + +`asyncSend` has no overflow checking. This is a bad plan. We recommend overflow and underflow checking at the layer closest to the data manipulation. + +`asyncSend` allows more balance to be queued up for sending than the contract holds. This is probably a bad idea, or at the very least should be called something different. If the intent is to allow this, it should have provisions for dealing with race conditions between competing `withdrawPayments` calls. + +It would be nice to see how many payments are pending. This would imply a bit of a rewrite; we recommend this contract get some design time, and that developers don't rely on it in its current state. + +## Shareable Contract + +We do not believe the `Shareable.sol` contract is ready for primetime. It is missing functions, and as written may be vulnerable to a reordering attack -- an attack in which a miner or other party "racing" with a smart contract participant inserts their own information into a list or mapping. + +The confirmation and revocation code needs to be looked over with a very careful eye imagining extraordinarily bad behavior by shared owners before this contract can be called safe. + +No sanity checks on the initial constructor's `required` argument are worrisome as well. + +# Line by Line Comments + +## Lifecycle + +### Killable + +Very simple, allows owner to call selfdestruct, sending funds to owner. No issues. However, note that `selfdestruct` should typically not be used; it is common that a developer may want to access data in a former contract, and they may not understand that `selfdestruct` limits access to the contract. We recommend better documentation about this dynamic, and an alternate function name for `kill` like `completelyDestroy` while `kill` would perhaps merely send funds to the owner. + +Also note that a killable function allows the owner to take funds regardless of other logic. This may be desirable or undesirable depending on the circumstances. Perhaps `Killable` should have a different name as well. + +### Migrations + +I presume that the goal of this contract is to allow and annotate a migration to a new smart contract address. We are not clear here how this would be accomplished by the code; we'd like to review with the OpenZeppelin team. + +### Pausable + +We like these pauses! Note that these allow significant griefing potential by owners, and that this might not be obvious to participants in smart contracts using the OpenZeppelin framework. We would recommend that additional sample logic be added to for instance the TokenContract showing safer use of the pause and resume functions. In particular, we would recommend a timelock after which anyone could unpause the contract. + +The modifiers use the pattern `if(bool){_;}`. This is fine for functions that return false upon failure, but could be problematic for functions expected to throw upon failure. See our comments above on standardizing on `throw` or `return(false)`. + +## Ownership + +### Ownable + +Line 19: Modifier throws if doesn't meet condition, in contrast to some other inheritable modifiers (e.g. in Pausable) that use `if(bool){_;}`. + +### Claimable + +Inherits from Ownable but the existing owner sets a pendingOwner who has to claim ownership. + +Line 17: Another modifier that throws. + +### DelayedClaimable + +Is there any reason to descend from Ownable directly, instead of just Claimable, which descends from Ownable? If not, descending from both just adds confusion. + +### Contactable + +Allows owner to set a public string of contract information. No issues. + +### Shareable + +This needs some work. Doesn't check if `_required <= len(_owners)` for instance, that would be a bummer. What if _required were like `MAX - 1`? + +I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recomment single character differences in variable names, although a preceding underscore is not uncommon in Solidity code. + +Line 34: "this contract only has six types of events"...actually only two. + +Line 61: Why is `ownerIndex` keyed by addresses hashed to `uint`s? Why not use the addresses directly, so `ownerIndex` is less obscure, and so there's stronger typing? + +Line 62: Do not love `++i) ... owners[2+ i]`. Makes me do math, which is not what I want to do. I want to not have to do math. + +There should probably be a function for adding a new operation, so the developer doesn't have to work directly with the internal data. (This would make the multisig contract even shorter.) + +There's a `revoke` function but not a `propose` function that we can see. + +Beware reordering. If `propose` allows the user to choose a bytes string for their proposal, bad things(TM) will happen as currently written. + + +### Multisig + +Just an interface. Note it allows changing an owner address, but not changing the number of owners. This is somewhat limiting but also simplifies implementation. + +## Payment + +### PullPayment + +Safe from reentrance attack since ether send is at the end, plus it uses `.send()` rather than `.call.value()`. + +There's an argument to be made that `.call.value()` is a better option *if* you're sure that it will be done after all state updates, since `.send` will fail if the recipient has an expensive fallback function. However, in the context of a function meant to be embedded in other contracts, it's probably better to use `.send`. One possible compromise is to add a function which allows only the owner to send ether via `.call.value`. + +If you don't use `call.value` you should implement a `cancel` function in case some value is pending here. + +Line 14: +Doesn't use safeAdd. Although it appears that payout amounts can only be increased, in fact the payer could lower the payout as much as desired via overflow. Also, the payer could add a large non-overflowing amount, causing the payment to exceed the contract balance and therefore fail when withdraw is attempted. + +Recommendation: track the sum of non-withdrawn asyncSends, and don't allow a new one which exceeds the leftover balance. If it's ever desirable to make payments revocable, it should be done explicitly. + +## Tokens + +### ERC20 + +Standard ERC20 interface only. + +There's a security hole in the standard, reported at Edcon: `approve` does not protect against race conditions and simply replaces the current value. An approved spender could wait for the owner to call `approve` again, then attempt to spend the old limit before the new limit is applied. If successful, this attacker could successfully spend the sum of both limits. + +This could be fixed by either (1) including the old limit as a parameter, so the update will fail if some gets spent, or (2) using the value parameter as a delta instead of replacement value. + +This is not fixable while adhering to the current full ERC20 standard, though it would be possible to add a "secureApprove" function. The impact isn't extreme since at least you can only be attacked by addresses you approved. Also, users could mitigate this by always setting spending limits to zero and checking for spends, before setting the new limit. + +Edcon slides: +https://drive.google.com/file/d/0ByMtMw2hul0EN3NCaVFHSFdxRzA/view + +### ERC20Basic + +Simpler interface skipping the Approve function. Note this departs from ERC20 in another way: transfer throws instead of returning false. + +### BasicToken + +Uses `SafeSub` and `SafeMath`, so transfer `throw`s instead of returning false. This complies with ERC20Basic but not the actual ERC20 standard. + +### StandardToken + +Implementation of full ERC20 token. + +Transfer() and transferFrom() use SafeMath functions, which will cause them to throw instead of returning false. Not a security issue but departs from standard. + +### SimpleToken + +Sample instantiation of StandardToken. Note that in this sample, decimals is 18 and supply only 10,000, so the supply is a small fraction of a single nominal token. + +### CrowdsaleToken + +StandardToken which mints tokens at a fixed price when sent ether. + +There's no provision for owner withdrawing the ether. As a sample for crowdsales it should be Ownable and allow the owner to withdraw ether, rather than stranding the ether in the contract. + +Note: an alternative pattern is a mint() function which is only callable from a separate crowdsale contract, so any sort of rules can be added without modifying the token itself. + +### VestedToken + +Lines 23, 27: +Functions `transfer()` and `transferFrom()` have a modifier canTransfer which throws if not enough tokens are available. However, transfer() returns a boolean success. Inconsistent treatment of failure conditions may cause problems for other contracts using the token. (Note that transferableTokens() relies on safeSub(), so will also throw if there's insufficient balance.) + +Line 64: +Delete not actually necessary since the value is overwritten in the next line anyway. + +## Root level + +### Bounty + +Avoids potential race condition by having each researcher deploy a separate contract for attack; if a research manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts. + +A developer could subvert this intent by implementing `deployContract()` to always return the same address. However, this would break the `researchers` mapping, updating the researcher address associated with the contract. This could be prevented by blocking rewrites in `researchers`. + +### DayLimit + +The modifier `limitedDaily` calls `underLimit`, which both checks that the spend is below the daily limit, and adds the input value to the daily spend. This is fine if all functions throw upon failure. However, not all OpenZeppelin functions do this; there are functions that returns false, and modifiers that wrap the function body in `if (bool) {_;}`. In these cases, `_value` will be added to `spentToday`, but ether may not actually be sent because other preconditions were not met. (However in the OpenZeppelin multisig this is not a problem.) + +Lines 4, 11: +Comment claims that `DayLimit` is multiowned, and Shareable is imported, but DayLimit does not actually inherit from Shareable. The intent may be for child contracts to inherit from Shareable (as Multisig does); in this case the import should be removed and the comment altered. + +Line 46: +Manual overflow check instead of using safeAdd. Since this is called from a function that throws upon failure anyway, there's no real downside to using safeAdd. + +### LimitBalance + +No issues. + +### MultisigWallet + +Lines 28, 76, 80: +`kill`, `setDailyLimit`, and `resetSpentToday` only happen with multisig approval, and hashes for these actions are logged by Shareable. However, they should probably post their own events for easy reading. + +Line 45: +This call to underLimit will reduce the daily limit, and then either throw or return 0. So in this case there's no danger that the limit will be reduced without the operation going through. + +Line 65: +Shareable's onlyManyOwners will take the user's confirmation, and execute the function body if and only if enough users have confirmed. Whole thing throws if the send fails, which will roll back the confirmation. Confirm returns false if not enough have confirmed yet, true if the whole thing succeeds, and throws only in the exceptional circumstance that the designated transaction unexpectedly fails. Elegant design. + +Line 68: +Throw here is good but note this function can fail either by returning false or by throwing. + +Line 92: +A bit odd to split `clearPending()` between this contract and Shareable. However this does allow contracts inheriting from Shareable to use custom structs for pending transactions. + + +### SafeMath + +Another interesting comment from the same Edcon presentation was that the overflow behavior of Solidity is undocumented, so in theory, source code that relies on it could break with a future revision. + +However, compiled code should be fine, and in the unlikely event that the compiler is revised in this way, there should be plenty of warning. (But this is an argument for keeping overflow checks isolated in SafeMath.) + +Aside from that small caveat, these are fine. + diff --git a/dependencies/@openzeppelin/audits/2018-10.pdf b/dependencies/@openzeppelin/audits/2018-10.pdf new file mode 100644 index 00000000..d5bf1274 Binary files /dev/null and b/dependencies/@openzeppelin/audits/2018-10.pdf differ diff --git a/dependencies/@openzeppelin/audits/2022-10-Checkpoints.pdf b/dependencies/@openzeppelin/audits/2022-10-Checkpoints.pdf new file mode 100644 index 00000000..7e0d0838 Binary files /dev/null and b/dependencies/@openzeppelin/audits/2022-10-Checkpoints.pdf differ diff --git a/dependencies/@openzeppelin/audits/2022-10-ERC4626.pdf b/dependencies/@openzeppelin/audits/2022-10-ERC4626.pdf new file mode 100644 index 00000000..154fe752 Binary files /dev/null and b/dependencies/@openzeppelin/audits/2022-10-ERC4626.pdf differ diff --git a/dependencies/@openzeppelin/audits/2023-05-v4.9.pdf b/dependencies/@openzeppelin/audits/2023-05-v4.9.pdf new file mode 100644 index 00000000..21cd7f59 Binary files /dev/null and b/dependencies/@openzeppelin/audits/2023-05-v4.9.pdf differ diff --git a/dependencies/@openzeppelin/audits/2023-10-v5.0.pdf b/dependencies/@openzeppelin/audits/2023-10-v5.0.pdf new file mode 100644 index 00000000..991026ec Binary files /dev/null and b/dependencies/@openzeppelin/audits/2023-10-v5.0.pdf differ diff --git a/dependencies/@openzeppelin/audits/README.md b/dependencies/@openzeppelin/audits/README.md new file mode 100644 index 00000000..369d0640 --- /dev/null +++ b/dependencies/@openzeppelin/audits/README.md @@ -0,0 +1,17 @@ +# Audits + +| Date | Version | Commit | Auditor | Scope | Links | +| ------------ | ------- | --------- | ------------ | -------------------- | ----------------------------------------------------------- | +| October 2023 | v5.0.0 | `b5a3e69` | OpenZeppelin | v5.0 Changes | [πŸ”—](./2023-10-v5.0.pdf) | +| May 2023 | v4.9.0 | `91df66c` | OpenZeppelin | v4.9 Changes | [πŸ”—](./2023-05-v4.9.pdf) | +| October 2022 | v4.8.0 | `14f98db` | OpenZeppelin | ERC4626, Checkpoints | [πŸ”—](./2022-10-ERC4626.pdf) [πŸ”—](./2022-10-Checkpoints.pdf) | +| October 2018 | v2.0.0 | `dac5bcc` | LevelK | Everything | [πŸ”—](./2018-10.pdf) | +| March 2017 | v1.0.4 | `9c5975a` | New Alchemy | Everything | [πŸ”—](./2017-03.md) | + +# Formal Verification + +| Date | Version | Commit | Tool | Scope | Links | +| ------------ | ------- | --------- | ------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | +| May 2022 | v4.7.0 | `109778c` | Certora | Initializable, GovernorPreventLateQuorum, ERC1155Burnable, ERC1155Pausable, ERC1155Supply, ERC1155Holder, ERC1155Receiver | [πŸ”—](../certora/reports/2022-05.pdf) | +| March 2022 | v4.4.0 | `4088540` | Certora | ERC20Votes, ERC20FlashMint, ERC20Wrapper, TimelockController, ERC721Votes, Votes, AccessControl, ERC1155 | [πŸ”—](../certora/reports/2022-03.pdf) | +| October 2021 | v4.4.0 | `4088540` | Certora | Governor, GovernorCountingSimple, GovernorProposalThreshold, GovernorTimelockControl, GovernorVotes, GovernorVotesQuorumFraction | [πŸ”—](../certora/reports/2021-10.pdf) | diff --git a/dependencies/@openzeppelin/certora/.gitignore b/dependencies/@openzeppelin/certora/.gitignore new file mode 100644 index 00000000..893adcd3 --- /dev/null +++ b/dependencies/@openzeppelin/certora/.gitignore @@ -0,0 +1 @@ +patched diff --git a/dependencies/@openzeppelin/certora/Makefile b/dependencies/@openzeppelin/certora/Makefile new file mode 100644 index 00000000..d57d2ffd --- /dev/null +++ b/dependencies/@openzeppelin/certora/Makefile @@ -0,0 +1,54 @@ +default: help + +SRC := ../contracts +DST := patched +DIFF := diff +SRCS := $(shell find $(SRC) -type f) +DSTS := $(shell find $(DST) -type f) +DIFFS := $(shell find $(DIFF) -type f) + +############################################################################### +# Apply all patches in the $DIFF folder to the $DST folder +apply: $(DST) $(patsubst $(DIFF)/%.patch,$(DST)/%,$(subst _,/,$(DIFFS))) + +# Reset the $DST folder +$(DST): FORCE + @rm -rf $@ + @cp -r $(SRC) $@ + +# Update a solidity file in the $DST directory using the corresponding patch +$(DST)/%.sol: FORCE | $(DST) + @echo Applying patch to $@ + @patch -p0 -d $(DST) < $(patsubst $(DST)_%,$(DIFF)/%.patch,$(subst /,_,$@)) + +############################################################################### +# Record all difference between $SRC and $DST in patches +record: $(DIFF) $(patsubst %,$(DIFF)/%.patch,$(subst /,_,$(subst $(SRC)/,,$(SRCS)) $(subst $(DST)/,,$(DSTS)))) + +# Create the $DIFF folder +$(DIFF): FORCE + @rm -rf $@ + @mkdir $@ + +# Create the patch file by comparing the source and the destination +$(DIFF)/%.patch: FORCE | $(DIFF) + @echo Generating patch $@ + @diff -ruN \ + $(patsubst $(DIFF)/%.patch,$(SRC)/%,$(subst _,/,$@)) \ + $(patsubst $(DIFF)/%.patch,$(DST)/%,$(subst _,/,$@)) \ + | sed 's+$(SRC)/++g' \ + | sed 's+$(DST)/++g' \ + > $@ + @[ -s $@ ] || rm $@ + +############################################################################### +help: + @echo "usage:" + @echo " make apply: create $(DST) directory by applying the patches to $(SRC)" + @echo " make record: record the patches capturing the differences between $(SRC) and $(DST)" + @echo " make clean: remove all generated files (those ignored by git)" + +clean: + git clean -fdX + +FORCE: ; diff --git a/dependencies/@openzeppelin/certora/README.md b/dependencies/@openzeppelin/certora/README.md new file mode 100644 index 00000000..cd85ba3d --- /dev/null +++ b/dependencies/@openzeppelin/certora/README.md @@ -0,0 +1,60 @@ +# Running the certora verification tool + +These instructions detail the process for running Certora Verification Tool on OpenZeppelin Contracts. + +Documentation for CVT and the specification language are available [here](https://certora.atlassian.net/wiki/spaces/CPD/overview). + +## Prerequisites + +Follow the [Certora installation guide](https://docs.certora.com/en/latest/docs/user-guide/getting-started/install.html) in order to get the Certora Prover Package and the `solc` executable folder in your path. + +> **Note** +> An API Key is required for local testing. Although the prover will run on a Github Actions' CI environment on selected Pull Requests. + +## Running the verification + +The Certora Verification Tool proves specs for contracts, which are defined by the `./specs.json` file along with their pre-configured options. + +The verification script `./run.js` is used to submit verification jobs to the Certora Verification service. + +You can run it from the root of the repository with the following command: + +```bash +node certora/run.js [[CONTRACT_NAME:]SPEC_NAME] [OPTIONS...] +``` + +Where: + +- `CONTRACT_NAME` matches the `contract` key in the `./spec.json` file and may be empty. It will run all matching contracts if not provided. +- `SPEC_NAME` refers to a `spec` key from the `./specs.json` file. It will run every spec if not provided. +- `OPTIONS` extend the [Certora Prover CLI options](https://docs.certora.com/en/latest/docs/prover/cli/options.html#certora-prover-cli-options) and will respect the preconfigured options in the `specs.json` file. + +> **Note** +> A single spec may be configured to run for multiple contracts, whereas a single contract may run multiple specs. + +Example usage: + +```bash +node certora/run.js AccessControl # Run the AccessControl spec against every contract implementing it +``` + +## Adapting to changes in the contracts + +Some of our rules require the code to be simplified in various ways. Our primary tool for performing these simplifications is to run verification on a contract that extends the original contracts and overrides some of the methods. These "harness" contracts can be found in the `certora/harness` directory. + +This pattern does require some modifications to the original code: some methods need to be made virtual or public, for example. These changes are handled by applying a patch +to the code before verification by running: + +```bash +make -C certora apply +``` + +Before running the `certora/run.js` script, it's required to apply the corresponding patches to the `contracts` directory, placing the output in the `certora/patched` directory. Then, the contracts are verified by running the verification for the `certora/patched` directory. + +If the original contracts change, it is possible to create a conflict with the patch. In this case, the verify scripts will report an error message and output rejected changes in the `patched` directory. After merging the changes, run `make record` in the `certora` directory; this will regenerate the patch file, which can then be checked into git. + +For more information about the `make` scripts available, run: + +```bash +make -C certora help +``` diff --git a/dependencies/@openzeppelin/certora/diff/access_manager_AccessManager.sol.patch b/dependencies/@openzeppelin/certora/diff/access_manager_AccessManager.sol.patch new file mode 100644 index 00000000..cfb6cdf2 --- /dev/null +++ b/dependencies/@openzeppelin/certora/diff/access_manager_AccessManager.sol.patch @@ -0,0 +1,97 @@ +--- access/manager/AccessManager.sol 2023-10-05 12:17:09.694051809 -0300 ++++ access/manager/AccessManager.sol 2023-10-05 12:26:18.498688718 -0300 +@@ -6,7 +6,6 @@ + import {IAccessManaged} from "./IAccessManaged.sol"; + import {Address} from "../../utils/Address.sol"; + import {Context} from "../../utils/Context.sol"; +-import {Multicall} from "../../utils/Multicall.sol"; + import {Math} from "../../utils/math/Math.sol"; + import {Time} from "../../utils/types/Time.sol"; + +@@ -57,7 +56,8 @@ + * mindful of the danger associated with functions such as {{Ownable-renounceOwnership}} or + * {{AccessControl-renounceRole}}. + */ +-contract AccessManager is Context, Multicall, IAccessManager { ++// NOTE: The FV version of this contract doesn't include Multicall because CVL HAVOCs on any `delegatecall`. ++contract AccessManager is Context, IAccessManager { + using Time for *; + + // Structure that stores the details for a target contract. +@@ -105,7 +105,7 @@ + + // Used to identify operations that are currently being executed via {execute}. + // This should be transient storage when supported by the EVM. +- bytes32 private _executionId; ++ bytes32 internal _executionId; // private β†’ internal for FV + + /** + * @dev Check that the caller is authorized to perform the operation, following the restrictions encoded in +@@ -253,6 +253,11 @@ + _setGrantDelay(roleId, newDelay); + } + ++ // Exposed for FV ++ function _getTargetAdminDelayFull(address target) internal view virtual returns (uint32, uint32, uint48) { ++ return _targets[target].adminDelay.getFull(); ++ } ++ + /** + * @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted. + * +@@ -287,6 +292,11 @@ + return newMember; + } + ++ // Exposed for FV ++ function _getRoleGrantDelayFull(uint64 roleId) internal view virtual returns (uint32, uint32, uint48) { ++ return _roles[roleId].grantDelay.getFull(); ++ } ++ + /** + * @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}. + * Returns true if the role was previously granted. +@@ -586,7 +596,7 @@ + /** + * @dev Check if the current call is authorized according to admin logic. + */ +- function _checkAuthorized() private { ++ function _checkAuthorized() internal virtual { // private β†’ internal virtual for FV + address caller = _msgSender(); + (bool immediate, uint32 delay) = _canCallSelf(caller, _msgData()); + if (!immediate) { +@@ -609,7 +619,7 @@ + */ + function _getAdminRestrictions( + bytes calldata data +- ) private view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) { ++ ) internal view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) { // private β†’ internal for FV + if (data.length < 4) { + return (false, 0, 0); + } +@@ -662,7 +672,7 @@ + address caller, + address target, + bytes calldata data +- ) private view returns (bool immediate, uint32 delay) { ++ ) internal view returns (bool immediate, uint32 delay) { // private β†’ internal for FV + if (target == address(this)) { + return _canCallSelf(caller, data); + } else { +@@ -716,14 +726,14 @@ + /** + * @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes + */ +- function _checkSelector(bytes calldata data) private pure returns (bytes4) { ++ function _checkSelector(bytes calldata data) internal pure returns (bytes4) { // private β†’ internal for FV + return bytes4(data[0:4]); + } + + /** + * @dev Hashing function for execute protection + */ +- function _hashExecutionId(address target, bytes4 selector) private pure returns (bytes32) { ++ function _hashExecutionId(address target, bytes4 selector) internal pure returns (bytes32) { // private β†’ internal for FV + return keccak256(abi.encode(target, selector)); + } + } diff --git a/dependencies/@openzeppelin/certora/harnesses/AccessControlDefaultAdminRulesHarness.sol b/dependencies/@openzeppelin/certora/harnesses/AccessControlDefaultAdminRulesHarness.sol new file mode 100644 index 00000000..e96883fa --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/AccessControlDefaultAdminRulesHarness.sol @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {AccessControlDefaultAdminRules} from "../patched/access/extensions/AccessControlDefaultAdminRules.sol"; + +contract AccessControlDefaultAdminRulesHarness is AccessControlDefaultAdminRules { + uint48 private _delayIncreaseWait; + + constructor( + uint48 initialDelay, + address initialDefaultAdmin, + uint48 delayIncreaseWait + ) AccessControlDefaultAdminRules(initialDelay, initialDefaultAdmin) { + _delayIncreaseWait = delayIncreaseWait; + } + + // FV + function pendingDefaultAdmin_() external view returns (address) { + (address newAdmin, ) = pendingDefaultAdmin(); + return newAdmin; + } + + function pendingDefaultAdminSchedule_() external view returns (uint48) { + (, uint48 schedule) = pendingDefaultAdmin(); + return schedule; + } + + function pendingDelay_() external view returns (uint48) { + (uint48 newDelay, ) = pendingDefaultAdminDelay(); + return newDelay; + } + + function pendingDelaySchedule_() external view returns (uint48) { + (, uint48 schedule) = pendingDefaultAdminDelay(); + return schedule; + } + + function delayChangeWait_(uint48 newDelay) external view returns (uint48) { + return _delayChangeWait(newDelay); + } + + // Overrides + function defaultAdminDelayIncreaseWait() public view override returns (uint48) { + return _delayIncreaseWait; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/AccessControlHarness.sol b/dependencies/@openzeppelin/certora/harnesses/AccessControlHarness.sol new file mode 100644 index 00000000..e862d3ec --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/AccessControlHarness.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {AccessControl} from "../patched/access/AccessControl.sol"; + +contract AccessControlHarness is AccessControl {} diff --git a/dependencies/@openzeppelin/certora/harnesses/AccessManagedHarness.sol b/dependencies/@openzeppelin/certora/harnesses/AccessManagedHarness.sol new file mode 100644 index 00000000..50be23ad --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/AccessManagedHarness.sol @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import "../patched/access/manager/IAccessManager.sol"; +import "../patched/access/manager/AccessManaged.sol"; + +contract AccessManagedHarness is AccessManaged { + bytes internal SOME_FUNCTION_CALLDATA = abi.encodeCall(this.someFunction, ()); + + constructor(address initialAuthority) AccessManaged(initialAuthority) {} + + function someFunction() public restricted() { + // Sanity for FV: the msg.data when calling this function should be the same as the data used when checking + // the schedule. This is a reformulation of `msg.data == SOME_FUNCTION_CALLDATA` that focuses on the operation + // hash for this call. + require( + IAccessManager(authority()).hashOperation(_msgSender(), address(this), msg.data) + == + IAccessManager(authority()).hashOperation(_msgSender(), address(this), SOME_FUNCTION_CALLDATA) + ); + } + + function authority_canCall_immediate(address caller) public view returns (bool result) { + (result,) = AuthorityUtils.canCallWithDelay(authority(), caller, address(this), this.someFunction.selector); + } + + function authority_canCall_delay(address caller) public view returns (uint32 result) { + (,result) = AuthorityUtils.canCallWithDelay(authority(), caller, address(this), this.someFunction.selector); + } + + function authority_getSchedule(address caller) public view returns (uint48) { + IAccessManager manager = IAccessManager(authority()); + return manager.getSchedule(manager.hashOperation(caller, address(this), SOME_FUNCTION_CALLDATA)); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/AccessManagerHarness.sol b/dependencies/@openzeppelin/certora/harnesses/AccessManagerHarness.sol new file mode 100644 index 00000000..69295d46 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/AccessManagerHarness.sol @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import "../patched/access/manager/AccessManager.sol"; + +contract AccessManagerHarness is AccessManager { + // override with a storage slot that can basically take any value. + uint32 private _minSetback; + + constructor(address initialAdmin) AccessManager(initialAdmin) {} + + // FV + function minSetback() public view override returns (uint32) { + return _minSetback; + } + + function canCall_immediate(address caller, address target, bytes4 selector) external view returns (bool result) { + (result,) = canCall(caller, target, selector); + } + + function canCall_delay(address caller, address target, bytes4 selector) external view returns (uint32 result) { + (,result) = canCall(caller, target, selector); + } + + function canCallExtended(address caller, address target, bytes calldata data) external view returns (bool, uint32) { + return _canCallExtended(caller, target, data); + } + + function canCallExtended_immediate(address caller, address target, bytes calldata data) external view returns (bool result) { + (result,) = _canCallExtended(caller, target, data); + } + + function canCallExtended_delay(address caller, address target, bytes calldata data) external view returns (uint32 result) { + (,result) = _canCallExtended(caller, target, data); + } + + function getAdminRestrictions_restricted(bytes calldata data) external view returns (bool result) { + (result,,) = _getAdminRestrictions(data); + } + + function getAdminRestrictions_roleAdminId(bytes calldata data) external view returns (uint64 result) { + (,result,) = _getAdminRestrictions(data); + } + + function getAdminRestrictions_executionDelay(bytes calldata data) external view returns (uint32 result) { + (,,result) = _getAdminRestrictions(data); + } + + function hasRole_isMember(uint64 roleId, address account) external view returns (bool result) { + (result,) = hasRole(roleId, account); + } + + function hasRole_executionDelay(uint64 roleId, address account) external view returns (uint32 result) { + (,result) = hasRole(roleId, account); + } + + function getAccess_since(uint64 roleId, address account) external view returns (uint48 result) { + (result,,,) = getAccess(roleId, account); + } + + function getAccess_currentDelay(uint64 roleId, address account) external view returns (uint32 result) { + (,result,,) = getAccess(roleId, account); + } + + function getAccess_pendingDelay(uint64 roleId, address account) external view returns (uint32 result) { + (,,result,) = getAccess(roleId, account); + } + + function getAccess_effect(uint64 roleId, address account) external view returns (uint48 result) { + (,,,result) = getAccess(roleId, account); + } + + function getTargetAdminDelay_after(address target) public view virtual returns (uint32 result) { + (,result,) = _getTargetAdminDelayFull(target); + } + + function getTargetAdminDelay_effect(address target) public view virtual returns (uint48 result) { + (,,result) = _getTargetAdminDelayFull(target); + } + + function getRoleGrantDelay_after(uint64 roleId) public view virtual returns (uint32 result) { + (,result,) = _getRoleGrantDelayFull(roleId); + } + + function getRoleGrantDelay_effect(uint64 roleId) public view virtual returns (uint48 result) { + (,,result) = _getRoleGrantDelayFull(roleId); + } + + function hashExecutionId(address target, bytes4 selector) external pure returns (bytes32) { + return _hashExecutionId(target, selector); + } + + function executionId() external view returns (bytes32) { + return _executionId; + } + + // Pad with zeros (and don't revert) if data is too short. + function getSelector(bytes calldata data) external pure returns (bytes4) { + return bytes4(data); + } + + function getFirstArgumentAsAddress(bytes calldata data) external pure returns (address) { + return abi.decode(data[0x04:0x24], (address)); + } + + function getFirstArgumentAsUint64(bytes calldata data) external pure returns (uint64) { + return abi.decode(data[0x04:0x24], (uint64)); + } + + function _checkAuthorized() internal override { + // We need this hack otherwise certora will assume _checkSelector(_msgData()) can return anything :/ + require(msg.sig == _checkSelector(_msgData())); + super._checkAuthorized(); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/DoubleEndedQueueHarness.sol b/dependencies/@openzeppelin/certora/harnesses/DoubleEndedQueueHarness.sol new file mode 100644 index 00000000..d684c738 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/DoubleEndedQueueHarness.sol @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {DoubleEndedQueue} from "../patched/utils/structs/DoubleEndedQueue.sol"; + +contract DoubleEndedQueueHarness { + using DoubleEndedQueue for DoubleEndedQueue.Bytes32Deque; + + DoubleEndedQueue.Bytes32Deque private _deque; + + function pushFront(bytes32 value) external { + _deque.pushFront(value); + } + + function pushBack(bytes32 value) external { + _deque.pushBack(value); + } + + function popFront() external returns (bytes32 value) { + return _deque.popFront(); + } + + function popBack() external returns (bytes32 value) { + return _deque.popBack(); + } + + function clear() external { + _deque.clear(); + } + + function begin() external view returns (uint128) { + return _deque._begin; + } + + function end() external view returns (uint128) { + return _deque._end; + } + + function length() external view returns (uint256) { + return _deque.length(); + } + + function empty() external view returns (bool) { + return _deque.empty(); + } + + function front() external view returns (bytes32 value) { + return _deque.front(); + } + + function back() external view returns (bytes32 value) { + return _deque.back(); + } + + function at_(uint256 index) external view returns (bytes32 value) { + return _deque.at(index); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC20FlashMintHarness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC20FlashMintHarness.sol new file mode 100644 index 00000000..2f989b24 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC20FlashMintHarness.sol @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import "../patched/token/ERC20/ERC20.sol"; +import "../patched/token/ERC20/extensions/ERC20Permit.sol"; +import "../patched/token/ERC20/extensions/ERC20FlashMint.sol"; + +contract ERC20FlashMintHarness is ERC20, ERC20Permit, ERC20FlashMint { + uint256 someFee; + address someFeeReceiver; + + constructor(string memory name, string memory symbol) ERC20(name, symbol) ERC20Permit(name) {} + + function mint(address account, uint256 amount) external { + _mint(account, amount); + } + + function burn(address account, uint256 amount) external { + _burn(account, amount); + } + + // public accessor + function flashFeeReceiver() public view returns (address) { + return someFeeReceiver; + } + + // internal hook + function _flashFee(address, uint256) internal view override returns (uint256) { + return someFee; + } + + function _flashFeeReceiver() internal view override returns (address) { + return someFeeReceiver; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC20PermitHarness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC20PermitHarness.sol new file mode 100644 index 00000000..08113f4e --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC20PermitHarness.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {ERC20Permit, ERC20} from "../patched/token/ERC20/extensions/ERC20Permit.sol"; + +contract ERC20PermitHarness is ERC20Permit { + constructor(string memory name, string memory symbol) ERC20(name, symbol) ERC20Permit(name) {} + + function mint(address account, uint256 amount) external { + _mint(account, amount); + } + + function burn(address account, uint256 amount) external { + _burn(account, amount); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC20WrapperHarness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC20WrapperHarness.sol new file mode 100644 index 00000000..ca183ad9 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC20WrapperHarness.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20Permit} from "../patched/token/ERC20/extensions/ERC20Permit.sol"; +import {ERC20Wrapper, IERC20, ERC20} from "../patched/token/ERC20/extensions/ERC20Wrapper.sol"; + +contract ERC20WrapperHarness is ERC20Permit, ERC20Wrapper { + constructor( + IERC20 _underlying, + string memory _name, + string memory _symbol + ) ERC20(_name, _symbol) ERC20Permit(_name) ERC20Wrapper(_underlying) {} + + function underlyingTotalSupply() public view returns (uint256) { + return underlying().totalSupply(); + } + + function underlyingBalanceOf(address account) public view returns (uint256) { + return underlying().balanceOf(account); + } + + function underlyingAllowanceToThis(address account) public view returns (uint256) { + return underlying().allowance(account, address(this)); + } + + function recover(address account) public returns (uint256) { + return _recover(account); + } + + function decimals() public view override(ERC20Wrapper, ERC20) returns (uint8) { + return super.decimals(); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC3156FlashBorrowerHarness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC3156FlashBorrowerHarness.sol new file mode 100644 index 00000000..1c76da2d --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC3156FlashBorrowerHarness.sol @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +import {IERC3156FlashBorrower} from "../patched/interfaces/IERC3156FlashBorrower.sol"; + +pragma solidity ^0.8.20; + +contract ERC3156FlashBorrowerHarness is IERC3156FlashBorrower { + bytes32 somethingToReturn; + + function onFlashLoan(address, address, uint256, uint256, bytes calldata) external view override returns (bytes32) { + return somethingToReturn; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC721Harness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC721Harness.sol new file mode 100644 index 00000000..69c4c205 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC721Harness.sol @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC721} from "../patched/token/ERC721/ERC721.sol"; + +contract ERC721Harness is ERC721 { + constructor(string memory name, string memory symbol) ERC721(name, symbol) {} + + function mint(address account, uint256 tokenId) external { + _mint(account, tokenId); + } + + function safeMint(address to, uint256 tokenId) external { + _safeMint(to, tokenId); + } + + function safeMint(address to, uint256 tokenId, bytes memory data) external { + _safeMint(to, tokenId, data); + } + + function burn(uint256 tokenId) external { + _burn(tokenId); + } + + function unsafeOwnerOf(uint256 tokenId) external view returns (address) { + return _ownerOf(tokenId); + } + + function unsafeGetApproved(uint256 tokenId) external view returns (address) { + return _getApproved(tokenId); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/ERC721ReceiverHarness.sol b/dependencies/@openzeppelin/certora/harnesses/ERC721ReceiverHarness.sol new file mode 100644 index 00000000..3843ef4a --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/ERC721ReceiverHarness.sol @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import "../patched/interfaces/IERC721Receiver.sol"; + +contract ERC721ReceiverHarness is IERC721Receiver { + function onERC721Received(address, address, uint256, bytes calldata) external pure returns (bytes4) { + return this.onERC721Received.selector; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/EnumerableMapHarness.sol b/dependencies/@openzeppelin/certora/harnesses/EnumerableMapHarness.sol new file mode 100644 index 00000000..6155193e --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/EnumerableMapHarness.sol @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {EnumerableMap} from "../patched/utils/structs/EnumerableMap.sol"; + +contract EnumerableMapHarness { + using EnumerableMap for EnumerableMap.Bytes32ToBytes32Map; + + EnumerableMap.Bytes32ToBytes32Map private _map; + + function set(bytes32 key, bytes32 value) public returns (bool) { + return _map.set(key, value); + } + + function remove(bytes32 key) public returns (bool) { + return _map.remove(key); + } + + function contains(bytes32 key) public view returns (bool) { + return _map.contains(key); + } + + function length() public view returns (uint256) { + return _map.length(); + } + + function key_at(uint256 index) public view returns (bytes32) { + (bytes32 key,) = _map.at(index); + return key; + } + + function value_at(uint256 index) public view returns (bytes32) { + (,bytes32 value) = _map.at(index); + return value; + } + + function tryGet_contains(bytes32 key) public view returns (bool) { + (bool contained,) = _map.tryGet(key); + return contained; + } + + function tryGet_value(bytes32 key) public view returns (bytes32) { + (,bytes32 value) = _map.tryGet(key); + return value; + } + + function get(bytes32 key) public view returns (bytes32) { + return _map.get(key); + } + + function _positionOf(bytes32 key) public view returns (uint256) { + return _map._keys._inner._positions[key]; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/EnumerableSetHarness.sol b/dependencies/@openzeppelin/certora/harnesses/EnumerableSetHarness.sol new file mode 100644 index 00000000..09246de6 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/EnumerableSetHarness.sol @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {EnumerableSet} from "../patched/utils/structs/EnumerableSet.sol"; + +contract EnumerableSetHarness { + using EnumerableSet for EnumerableSet.Bytes32Set; + + EnumerableSet.Bytes32Set private _set; + + function add(bytes32 value) public returns (bool) { + return _set.add(value); + } + + function remove(bytes32 value) public returns (bool) { + return _set.remove(value); + } + + function contains(bytes32 value) public view returns (bool) { + return _set.contains(value); + } + + function length() public view returns (uint256) { + return _set.length(); + } + + function at_(uint256 index) public view returns (bytes32) { + return _set.at(index); + } + + function _positionOf(bytes32 value) public view returns (uint256) { + return _set._inner._positions[value]; + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/InitializableHarness.sol b/dependencies/@openzeppelin/certora/harnesses/InitializableHarness.sol new file mode 100644 index 00000000..743d677d --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/InitializableHarness.sol @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Initializable} from "../patched/proxy/utils/Initializable.sol"; + +contract InitializableHarness is Initializable { + function initialize() public initializer {} + function reinitialize(uint64 n) public reinitializer(n) {} + function disable() public { _disableInitializers(); } + + function nested_init_init() public initializer { initialize(); } + function nested_init_reinit(uint64 m) public initializer { reinitialize(m); } + function nested_reinit_init(uint64 n) public reinitializer(n) { initialize(); } + function nested_reinit_reinit(uint64 n, uint64 m) public reinitializer(n) { reinitialize(m); } + + function version() public view returns (uint64) { + return _getInitializedVersion(); + } + + function initializing() public view returns (bool) { + return _isInitializing(); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/NoncesHarness.sol b/dependencies/@openzeppelin/certora/harnesses/NoncesHarness.sol new file mode 100644 index 00000000..beea5fda --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/NoncesHarness.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Nonces} from "../patched/utils/Nonces.sol"; + +contract NoncesHarness is Nonces { + function useNonce(address account) external returns (uint256) { + return _useNonce(account); + } + + function useCheckedNonce(address account, uint256 nonce) external { + _useCheckedNonce(account, nonce); + } +} diff --git a/dependencies/@openzeppelin/certora/harnesses/Ownable2StepHarness.sol b/dependencies/@openzeppelin/certora/harnesses/Ownable2StepHarness.sol new file mode 100644 index 00000000..09a5faa2 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/Ownable2StepHarness.sol @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Ownable2Step, Ownable} from "../patched/access/Ownable2Step.sol"; + +contract Ownable2StepHarness is Ownable2Step { + constructor(address initialOwner) Ownable(initialOwner) {} + + function restricted() external onlyOwner {} +} diff --git a/dependencies/@openzeppelin/certora/harnesses/OwnableHarness.sol b/dependencies/@openzeppelin/certora/harnesses/OwnableHarness.sol new file mode 100644 index 00000000..79b4b1b6 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/OwnableHarness.sol @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Ownable} from "../patched/access/Ownable.sol"; + +contract OwnableHarness is Ownable { + constructor(address initialOwner) Ownable(initialOwner) {} + + function restricted() external onlyOwner {} +} diff --git a/dependencies/@openzeppelin/certora/harnesses/PausableHarness.sol b/dependencies/@openzeppelin/certora/harnesses/PausableHarness.sol new file mode 100644 index 00000000..5977b920 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/PausableHarness.sol @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Pausable} from "../patched/utils/Pausable.sol"; + +contract PausableHarness is Pausable { + function pause() external { + _pause(); + } + + function unpause() external { + _unpause(); + } + + function onlyWhenPaused() external whenPaused {} + + function onlyWhenNotPaused() external whenNotPaused {} +} diff --git a/dependencies/@openzeppelin/certora/harnesses/TimelockControllerHarness.sol b/dependencies/@openzeppelin/certora/harnesses/TimelockControllerHarness.sol new file mode 100644 index 00000000..95ae4062 --- /dev/null +++ b/dependencies/@openzeppelin/certora/harnesses/TimelockControllerHarness.sol @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {TimelockController} from "../patched/governance/TimelockController.sol"; + +contract TimelockControllerHarness is TimelockController { + constructor( + uint256 minDelay, + address[] memory proposers, + address[] memory executors, + address admin + ) TimelockController(minDelay, proposers, executors, admin) {} +} diff --git a/dependencies/@openzeppelin/certora/reports/2021-10.pdf b/dependencies/@openzeppelin/certora/reports/2021-10.pdf new file mode 100644 index 00000000..22df9c61 Binary files /dev/null and b/dependencies/@openzeppelin/certora/reports/2021-10.pdf differ diff --git a/dependencies/@openzeppelin/certora/reports/2022-03.pdf b/dependencies/@openzeppelin/certora/reports/2022-03.pdf new file mode 100644 index 00000000..b6ff81d1 Binary files /dev/null and b/dependencies/@openzeppelin/certora/reports/2022-03.pdf differ diff --git a/dependencies/@openzeppelin/certora/reports/2022-05.pdf b/dependencies/@openzeppelin/certora/reports/2022-05.pdf new file mode 100644 index 00000000..f24a4491 Binary files /dev/null and b/dependencies/@openzeppelin/certora/reports/2022-05.pdf differ diff --git a/dependencies/@openzeppelin/certora/run.js b/dependencies/@openzeppelin/certora/run.js new file mode 100755 index 00000000..7b65534e --- /dev/null +++ b/dependencies/@openzeppelin/certora/run.js @@ -0,0 +1,160 @@ +#!/usr/bin/env node + +// USAGE: +// node certora/run.js [[CONTRACT_NAME:]SPEC_NAME]* [--all] [--options OPTIONS...] [--specs PATH] +// EXAMPLES: +// node certora/run.js --all +// node certora/run.js AccessControl +// node certora/run.js AccessControlHarness:AccessControl + +const proc = require('child_process'); +const { PassThrough } = require('stream'); +const events = require('events'); + +const argv = require('yargs') + .env('') + .options({ + all: { + alias: 'a', + type: 'boolean', + }, + spec: { + alias: 's', + type: 'string', + default: __dirname + '/specs.json', + }, + parallel: { + alias: 'p', + type: 'number', + default: 4, + }, + verbose: { + alias: 'v', + type: 'count', + default: 0, + }, + options: { + alias: 'o', + type: 'array', + default: [], + }, + }).argv; + +function match(entry, request) { + const [reqSpec, reqContract] = request.split(':').reverse(); + return entry.spec == reqSpec && (!reqContract || entry.contract == reqContract); +} + +const specs = require(argv.spec).filter(s => argv.all || argv._.some(r => match(s, r))); +const limit = require('p-limit')(argv.parallel); + +if (argv._.length == 0 && !argv.all) { + console.error(`Warning: No specs requested. Did you forgot to toggle '--all'?`); +} + +for (const r of argv._) { + if (!specs.some(s => match(s, r))) { + console.error(`Error: Requested spec '${r}' not found in ${argv.spec}`); + process.exitCode = 1; + } +} + +if (process.exitCode) { + process.exit(process.exitCode); +} + +for (const { spec, contract, files, options = [] } of specs) { + limit( + runCertora, + spec, + contract, + files, + [...options, ...argv.options].flatMap(opt => opt.split(' ')), + ); +} + +// Run certora, aggregate the output and print it at the end +async function runCertora(spec, contract, files, options = []) { + const args = [...files, '--verify', `${contract}:certora/specs/${spec}.spec`, ...options]; + if (argv.verbose) { + console.log('Running:', args.join(' ')); + } + const child = proc.spawn('certoraRun', args); + + const stream = new PassThrough(); + const output = collect(stream); + + child.stdout.pipe(stream, { end: false }); + child.stderr.pipe(stream, { end: false }); + + // as soon as we have a job id, print the output link + stream.on('data', function logStatusUrl(data) { + const { '-DjobId': jobId, '-DuserId': userId } = Object.fromEntries( + data + .toString('utf8') + .match(/-D\S+=\S+/g) + ?.map(s => s.split('=')) || [], + ); + + if (jobId && userId) { + console.error(`[${spec}] https://prover.certora.com/output/${userId}/${jobId}/`); + stream.off('data', logStatusUrl); + } + }); + + // wait for process end + const [code, signal] = await events.once(child, 'exit'); + + // error + if (code || signal) { + console.error(`[${spec}] Exited with code ${code || signal}`); + process.exitCode = 1; + } + + // get all output + stream.end(); + + // write results in markdown format + writeEntry(spec, contract, code || signal, (await output).match(/https:\/\/prover.certora.com\/output\/\S*/)?.[0]); + + // write all details + console.error(`+ certoraRun ${args.join(' ')}\n` + (await output)); +} + +// Collects stream data into a string +async function collect(stream) { + const buffers = []; + for await (const data of stream) { + const buf = Buffer.isBuffer(data) ? data : Buffer.from(data); + buffers.push(buf); + } + return Buffer.concat(buffers).toString('utf8'); +} + +// Formatting +let hasHeader = false; + +function formatRow(...array) { + return ['', ...array, ''].join(' | '); +} + +function writeHeader() { + console.log(formatRow('spec', 'contract', 'result', 'status', 'output')); + console.log(formatRow('-', '-', '-', '-', '-')); +} + +function writeEntry(spec, contract, success, url) { + if (!hasHeader) { + hasHeader = true; + writeHeader(); + } + console.log( + formatRow( + spec, + contract, + success ? ':x:' : ':heavy_check_mark:', + url ? `[link](${url?.replace('/output/', '/jobStatus/')})` : 'error', + url ? `[link](${url})` : 'error', + ), + ); +} diff --git a/dependencies/@openzeppelin/certora/specs.json b/dependencies/@openzeppelin/certora/specs.json new file mode 100644 index 00000000..a8941909 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs.json @@ -0,0 +1,110 @@ +[ + { + "spec": "Pausable", + "contract": "PausableHarness", + "files": ["certora/harnesses/PausableHarness.sol"] + }, + { + "spec": "AccessControl", + "contract": "AccessControlHarness", + "files": ["certora/harnesses/AccessControlHarness.sol"] + }, + { + "spec": "AccessControlDefaultAdminRules", + "contract": "AccessControlDefaultAdminRulesHarness", + "files": ["certora/harnesses/AccessControlDefaultAdminRulesHarness.sol"] + }, + { + "spec": "AccessManager", + "contract": "AccessManagerHarness", + "files": ["certora/harnesses/AccessManagerHarness.sol"], + "options": ["--optimistic_hashing", "--optimistic_loop"] + }, + { + "spec": "AccessManaged", + "contract": "AccessManagedHarness", + "files": [ + "certora/harnesses/AccessManagedHarness.sol", + "certora/harnesses/AccessManagerHarness.sol" + ], + "options": [ + "--optimistic_hashing", + "--optimistic_loop", + "--link AccessManagedHarness:_authority=AccessManagerHarness" + ] + }, + { + "spec": "DoubleEndedQueue", + "contract": "DoubleEndedQueueHarness", + "files": ["certora/harnesses/DoubleEndedQueueHarness.sol"] + }, + { + "spec": "Ownable", + "contract": "OwnableHarness", + "files": ["certora/harnesses/OwnableHarness.sol"] + }, + { + "spec": "Ownable2Step", + "contract": "Ownable2StepHarness", + "files": ["certora/harnesses/Ownable2StepHarness.sol"] + }, + { + "spec": "ERC20", + "contract": "ERC20PermitHarness", + "files": ["certora/harnesses/ERC20PermitHarness.sol"], + "options": ["--optimistic_loop"] + }, + { + "spec": "ERC20FlashMint", + "contract": "ERC20FlashMintHarness", + "files": [ + "certora/harnesses/ERC20FlashMintHarness.sol", + "certora/harnesses/ERC3156FlashBorrowerHarness.sol" + ], + "options": ["--optimistic_loop"] + }, + { + "spec": "ERC20Wrapper", + "contract": "ERC20WrapperHarness", + "files": [ + "certora/harnesses/ERC20PermitHarness.sol", + "certora/harnesses/ERC20WrapperHarness.sol" + ], + "options": [ + "--link ERC20WrapperHarness:_underlying=ERC20PermitHarness", + "--optimistic_loop" + ] + }, + { + "spec": "ERC721", + "contract": "ERC721Harness", + "files": ["certora/harnesses/ERC721Harness.sol", "certora/harnesses/ERC721ReceiverHarness.sol"], + "options": ["--optimistic_loop"] + }, + { + "spec": "Initializable", + "contract": "InitializableHarness", + "files": ["certora/harnesses/InitializableHarness.sol"] + }, + { + "spec": "EnumerableSet", + "contract": "EnumerableSetHarness", + "files": ["certora/harnesses/EnumerableSetHarness.sol"] + }, + { + "spec": "EnumerableMap", + "contract": "EnumerableMapHarness", + "files": ["certora/harnesses/EnumerableMapHarness.sol"] + }, + { + "spec": "TimelockController", + "contract": "TimelockControllerHarness", + "files": ["certora/harnesses/TimelockControllerHarness.sol"], + "options": ["--optimistic_hashing", "--optimistic_loop"] + }, + { + "spec": "Nonces", + "contract": "NoncesHarness", + "files": ["certora/harnesses/NoncesHarness.sol"] + } +] diff --git a/dependencies/@openzeppelin/certora/specs/AccessControl.spec b/dependencies/@openzeppelin/certora/specs/AccessControl.spec new file mode 100644 index 00000000..70b06721 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/AccessControl.spec @@ -0,0 +1,119 @@ +import "helpers/helpers.spec"; +import "methods/IAccessControl.spec"; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Identify entrypoints: only grantRole, revokeRole and renounceRole can alter permissions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyGrantCanGrant(env e, method f, bytes32 role, address account) { + calldataarg args; + + bool hasRoleBefore = hasRole(role, account); + f(e, args); + bool hasRoleAfter = hasRole(role, account); + + assert ( + !hasRoleBefore && + hasRoleAfter + ) => ( + f.selector == sig:grantRole(bytes32, address).selector + ); + + assert ( + hasRoleBefore && + !hasRoleAfter + ) => ( + f.selector == sig:revokeRole(bytes32, address).selector || + f.selector == sig:renounceRole(bytes32, address).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: grantRole only affects the specified user/role combo β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule grantRoleEffect(env e, bytes32 role) { + require nonpayable(e); + + bytes32 otherRole; + address account; + address otherAccount; + + bool isCallerAdmin = hasRole(getRoleAdmin(role), e.msg.sender); + bool hasOtherRoleBefore = hasRole(otherRole, otherAccount); + + grantRole@withrevert(e, role, account); + bool success = !lastReverted; + + bool hasOtherRoleAfter = hasRole(otherRole, otherAccount); + + // liveness + assert success <=> isCallerAdmin; + + // effect + assert success => hasRole(role, account); + + // no side effect + assert hasOtherRoleBefore != hasOtherRoleAfter => (role == otherRole && account == otherAccount); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: revokeRole only affects the specified user/role combo β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule revokeRoleEffect(env e, bytes32 role) { + require nonpayable(e); + + bytes32 otherRole; + address account; + address otherAccount; + + bool isCallerAdmin = hasRole(getRoleAdmin(role), e.msg.sender); + bool hasOtherRoleBefore = hasRole(otherRole, otherAccount); + + revokeRole@withrevert(e, role, account); + bool success = !lastReverted; + + bool hasOtherRoleAfter = hasRole(otherRole, otherAccount); + + // liveness + assert success <=> isCallerAdmin; + + // effect + assert success => !hasRole(role, account); + + // no side effect + assert hasOtherRoleBefore != hasOtherRoleAfter => (role == otherRole && account == otherAccount); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: renounceRole only affects the specified user/role combo β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule renounceRoleEffect(env e, bytes32 role) { + require nonpayable(e); + + bytes32 otherRole; + address account; + address otherAccount; + + bool hasOtherRoleBefore = hasRole(otherRole, otherAccount); + + renounceRole@withrevert(e, role, account); + bool success = !lastReverted; + + bool hasOtherRoleAfter = hasRole(otherRole, otherAccount); + + // liveness + assert success <=> account == e.msg.sender; + + // effect + assert success => !hasRole(role, account); + + // no side effect + assert hasOtherRoleBefore != hasOtherRoleAfter => (role == otherRole && account == otherAccount); +} diff --git a/dependencies/@openzeppelin/certora/specs/AccessControlDefaultAdminRules.spec b/dependencies/@openzeppelin/certora/specs/AccessControlDefaultAdminRules.spec new file mode 100644 index 00000000..2f5bb9d4 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/AccessControlDefaultAdminRules.spec @@ -0,0 +1,464 @@ +import "helpers/helpers.spec"; +import "methods/IAccessControlDefaultAdminRules.spec"; +import "methods/IAccessControl.spec"; +import "AccessControl.spec"; + +use rule onlyGrantCanGrant filtered { + f -> f.selector != sig:acceptDefaultAdminTransfer().selector +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Definitions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition timeSanity(env e) returns bool = + e.block.timestamp > 0 && e.block.timestamp + defaultAdminDelay(e) < max_uint48; + +definition delayChangeWaitSanity(env e, uint48 newDelay) returns bool = + e.block.timestamp + delayChangeWait_(e, newDelay) < max_uint48; + +definition isSet(uint48 schedule) returns bool = + schedule != 0; + +definition hasPassed(env e, uint48 schedule) returns bool = + assert_uint256(schedule) < e.block.timestamp; + +definition increasingDelaySchedule(env e, uint48 newDelay) returns mathint = + e.block.timestamp + min(newDelay, defaultAdminDelayIncreaseWait()); + +definition decreasingDelaySchedule(env e, uint48 newDelay) returns mathint = + e.block.timestamp + defaultAdminDelay(e) - newDelay; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: defaultAdmin holds the DEFAULT_ADMIN_ROLE β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant defaultAdminConsistency(address account) + (account == defaultAdmin() && account != 0) <=> hasRole(DEFAULT_ADMIN_ROLE(), account) + { + preserved with (env e) { + require nonzerosender(e); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: Only one account holds the DEFAULT_ADMIN_ROLE β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant singleDefaultAdmin(address account, address another) + hasRole(DEFAULT_ADMIN_ROLE(), account) && hasRole(DEFAULT_ADMIN_ROLE(), another) => another == account + { + preserved { + requireInvariant defaultAdminConsistency(account); + requireInvariant defaultAdminConsistency(another); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: DEFAULT_ADMIN_ROLE's admin is always DEFAULT_ADMIN_ROLE β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant defaultAdminRoleAdminConsistency() + getRoleAdmin(DEFAULT_ADMIN_ROLE()) == DEFAULT_ADMIN_ROLE(); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: owner is the defaultAdmin β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant ownerConsistency() + defaultAdmin() == owner(); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: revokeRole only affects the specified user/role combo β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule revokeRoleEffect(env e, bytes32 role) { + require nonpayable(e); + + bytes32 otherRole; + address account; + address otherAccount; + + bool isCallerAdmin = hasRole(getRoleAdmin(role), e.msg.sender); + bool hasOtherRoleBefore = hasRole(otherRole, otherAccount); + + revokeRole@withrevert(e, role, account); + bool success = !lastReverted; + + bool hasOtherRoleAfter = hasRole(otherRole, otherAccount); + + // liveness + assert success <=> isCallerAdmin && role != DEFAULT_ADMIN_ROLE(), + "roles can only be revoked by their owner except for the default admin role"; + + // effect + assert success => !hasRole(role, account), + "role is revoked"; + + // no side effect + assert hasOtherRoleBefore != hasOtherRoleAfter => (role == otherRole && account == otherAccount), + "no other role is affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: renounceRole only affects the specified user/role combo β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule renounceRoleEffect(env e, bytes32 role) { + require nonpayable(e); + + bytes32 otherRole; + address account; + address otherAccount; + + bool hasOtherRoleBefore = hasRole(otherRole, otherAccount); + address adminBefore = defaultAdmin(); + address pendingAdminBefore = pendingDefaultAdmin_(); + uint48 scheduleBefore = pendingDefaultAdminSchedule_(); + + renounceRole@withrevert(e, role, account); + bool success = !lastReverted; + + bool hasOtherRoleAfter = hasRole(otherRole, otherAccount); + address adminAfter = defaultAdmin(); + address pendingAdminAfter = pendingDefaultAdmin_(); + uint48 scheduleAfter = pendingDefaultAdminSchedule_(); + + // liveness + assert success <=> ( + account == e.msg.sender && + ( + role != DEFAULT_ADMIN_ROLE() || + account != adminBefore || + ( + pendingAdminBefore == 0 && + isSet(scheduleBefore) && + hasPassed(e, scheduleBefore) + ) + ) + ), + "an account only can renounce by itself with a delay for the default admin role"; + + // effect + assert success => !hasRole(role, account), + "role is renounced"; + + assert success => ( + ( + role == DEFAULT_ADMIN_ROLE() && + account == adminBefore + ) ? ( + adminAfter == 0 && + pendingAdminAfter == 0 && + scheduleAfter == 0 + ) : ( + adminAfter == adminBefore && + pendingAdminAfter == pendingAdminBefore && + scheduleAfter == scheduleBefore + ) + ), + "renouncing default admin role cleans state iff called by previous admin"; + + // no side effect + assert hasOtherRoleBefore != hasOtherRoleAfter => ( + role == otherRole && + account == otherAccount + ), + "no other role is affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: defaultAdmin is only affected by accepting an admin transfer or renoucing β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noDefaultAdminChange(env e, method f, calldataarg args) { + address adminBefore = defaultAdmin(); + f(e, args); + address adminAfter = defaultAdmin(); + + assert adminBefore != adminAfter => ( + f.selector == sig:acceptDefaultAdminTransfer().selector || + f.selector == sig:renounceRole(bytes32,address).selector + ), + "default admin is only affected by accepting an admin transfer or renoucing"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: pendingDefaultAdmin is only affected by beginning, completing (accept or renounce), or canceling an admin β”‚ +β”‚ transfer β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noPendingDefaultAdminChange(env e, method f, calldataarg args) { + address pendingAdminBefore = pendingDefaultAdmin_(); + uint48 scheduleBefore = pendingDefaultAdminSchedule_(); + f(e, args); + address pendingAdminAfter = pendingDefaultAdmin_(); + uint48 scheduleAfter = pendingDefaultAdminSchedule_(); + + assert ( + pendingAdminBefore != pendingAdminAfter || + scheduleBefore != scheduleAfter + ) => ( + f.selector == sig:beginDefaultAdminTransfer(address).selector || + f.selector == sig:acceptDefaultAdminTransfer().selector || + f.selector == sig:cancelDefaultAdminTransfer().selector || + f.selector == sig:renounceRole(bytes32,address).selector + ), + "pending admin and its schedule is only affected by beginning, completing, or cancelling an admin transfer"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: defaultAdminDelay can't be changed atomically by any function β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noDefaultAdminDelayChange(env e, method f, calldataarg args) { + uint48 delayBefore = defaultAdminDelay(e); + f(e, args); + uint48 delayAfter = defaultAdminDelay(e); + + assert delayBefore == delayAfter, + "delay can't be changed atomically by any function"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: pendingDefaultAdminDelay is only affected by changeDefaultAdminDelay or rollbackDefaultAdminDelay β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noPendingDefaultAdminDelayChange(env e, method f, calldataarg args) { + uint48 pendingDelayBefore = pendingDelay_(e); + f(e, args); + uint48 pendingDelayAfter = pendingDelay_(e); + + assert pendingDelayBefore != pendingDelayAfter => ( + f.selector == sig:changeDefaultAdminDelay(uint48).selector || + f.selector == sig:rollbackDefaultAdminDelay().selector + ), + "pending delay is only affected by changeDefaultAdminDelay or rollbackDefaultAdminDelay"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: defaultAdminDelayIncreaseWait can't be changed atomically by any function β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noDefaultAdminDelayIncreaseWaitChange(env e, method f, calldataarg args) { + uint48 delayIncreaseWaitBefore = defaultAdminDelayIncreaseWait(); + f(e, args); + uint48 delayIncreaseWaitAfter = defaultAdminDelayIncreaseWait(); + + assert delayIncreaseWaitBefore == delayIncreaseWaitAfter, + "delay increase wait can't be changed atomically by any function"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: beginDefaultAdminTransfer sets a pending default admin and its schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule beginDefaultAdminTransfer(env e, address newAdmin) { + require timeSanity(e); + require nonpayable(e); + require nonzerosender(e); + requireInvariant defaultAdminConsistency(e.msg.sender); + + beginDefaultAdminTransfer@withrevert(e, newAdmin); + bool success = !lastReverted; + + // liveness + assert success <=> e.msg.sender == defaultAdmin(), + "only the current default admin can begin a transfer"; + + // effect + assert success => pendingDefaultAdmin_() == newAdmin, + "pending default admin is set"; + assert success => to_mathint(pendingDefaultAdminSchedule_()) == e.block.timestamp + defaultAdminDelay(e), + "pending default admin delay is set"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: A default admin can't change in less than the applied schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pendingDefaultAdminDelayEnforced(env e1, env e2, method f, calldataarg args, address newAdmin) { + require e1.block.timestamp <= e2.block.timestamp; + + uint48 delayBefore = defaultAdminDelay(e1); + address adminBefore = defaultAdmin(); + + // There might be a better way to generalize this without requiring `beginDefaultAdminTransfer`, but currently + // it's the only way in which we can attest that only `delayBefore` has passed before a change. + beginDefaultAdminTransfer(e1, newAdmin); + f(e2, args); + + address adminAfter = defaultAdmin(); + + // change can only happen towards the newAdmin, with the delay + assert adminAfter != adminBefore => ( + adminAfter == newAdmin && + to_mathint(e2.block.timestamp) >= e1.block.timestamp + delayBefore + ), + "The admin can only change after the enforced delay and to the previously scheduled new admin"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: acceptDefaultAdminTransfer updates defaultAdmin resetting the pending admin and its schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule acceptDefaultAdminTransfer(env e) { + require nonpayable(e); + + address pendingAdminBefore = pendingDefaultAdmin_(); + uint48 scheduleBefore = pendingDefaultAdminSchedule_(); + + acceptDefaultAdminTransfer@withrevert(e); + bool success = !lastReverted; + + // liveness + assert success <=> ( + e.msg.sender == pendingAdminBefore && + isSet(scheduleBefore) && + hasPassed(e, scheduleBefore) + ), + "only the pending default admin can accept the role after the schedule has been set and passed"; + + // effect + assert success => defaultAdmin() == pendingAdminBefore, + "Default admin is set to the previous pending default admin"; + assert success => pendingDefaultAdmin_() == 0, + "Pending default admin is reset"; + assert success => pendingDefaultAdminSchedule_() == 0, + "Pending default admin delay is reset"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: cancelDefaultAdminTransfer resets pending default admin and its schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cancelDefaultAdminTransfer(env e) { + require nonpayable(e); + require nonzerosender(e); + requireInvariant defaultAdminConsistency(e.msg.sender); + + cancelDefaultAdminTransfer@withrevert(e); + bool success = !lastReverted; + + // liveness + assert success <=> e.msg.sender == defaultAdmin(), + "only the current default admin can cancel a transfer"; + + // effect + assert success => pendingDefaultAdmin_() == 0, + "Pending default admin is reset"; + assert success => pendingDefaultAdminSchedule_() == 0, + "Pending default admin delay is reset"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: changeDefaultAdminDelay sets a pending default admin delay and its schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule changeDefaultAdminDelay(env e, uint48 newDelay) { + require timeSanity(e); + require nonpayable(e); + require nonzerosender(e); + require delayChangeWaitSanity(e, newDelay); + requireInvariant defaultAdminConsistency(e.msg.sender); + + uint48 delayBefore = defaultAdminDelay(e); + + changeDefaultAdminDelay@withrevert(e, newDelay); + bool success = !lastReverted; + + // liveness + assert success <=> e.msg.sender == defaultAdmin(), + "only the current default admin can begin a delay change"; + + // effect + assert success => pendingDelay_(e) == newDelay, + "pending delay is set"; + + assert success => ( + assert_uint256(pendingDelaySchedule_(e)) > e.block.timestamp || + delayBefore == newDelay || // Interpreted as decreasing, x - x = 0 + defaultAdminDelayIncreaseWait() == 0 + ), + "pending delay schedule is set in the future unless accepted edge cases"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: A delay can't change in less than the applied schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pendingDelayWaitEnforced(env e1, env e2, method f, calldataarg args, uint48 newDelay) { + require e1.block.timestamp <= e2.block.timestamp; + + uint48 delayBefore = defaultAdminDelay(e1); + + changeDefaultAdminDelay(e1, newDelay); + f(e2, args); + + uint48 delayAfter = defaultAdminDelay(e2); + + mathint delayWait = newDelay > delayBefore ? increasingDelaySchedule(e1, newDelay) : decreasingDelaySchedule(e1, newDelay); + + assert delayAfter != delayBefore => ( + delayAfter == newDelay && + to_mathint(e2.block.timestamp) >= delayWait + ), + "A delay can only change after the applied schedule"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: pending delay wait is set depending on increasing or decreasing the delay β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pendingDelayWait(env e, uint48 newDelay) { + uint48 oldDelay = defaultAdminDelay(e); + changeDefaultAdminDelay(e, newDelay); + + assert newDelay > oldDelay => to_mathint(pendingDelaySchedule_(e)) == increasingDelaySchedule(e, newDelay), + "Delay wait is the minimum between the new delay and a threshold when the delay is increased"; + assert newDelay <= oldDelay => to_mathint(pendingDelaySchedule_(e)) == decreasingDelaySchedule(e, newDelay), + "Delay wait is the difference between the current and the new delay when the delay is decreased"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: rollbackDefaultAdminDelay resets the delay and its schedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule rollbackDefaultAdminDelay(env e) { + require nonpayable(e); + require nonzerosender(e); + requireInvariant defaultAdminConsistency(e.msg.sender); + + rollbackDefaultAdminDelay@withrevert(e); + bool success = !lastReverted; + + // liveness + assert success <=> e.msg.sender == defaultAdmin(), + "only the current default admin can rollback a delay change"; + + // effect + assert success => pendingDelay_(e) == 0, + "Pending default admin is reset"; + assert success => pendingDelaySchedule_(e) == 0, + "Pending default admin delay is reset"; +} diff --git a/dependencies/@openzeppelin/certora/specs/AccessManaged.spec b/dependencies/@openzeppelin/certora/specs/AccessManaged.spec new file mode 100644 index 00000000..adcb8593 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/AccessManaged.spec @@ -0,0 +1,34 @@ +import "helpers/helpers.spec"; +import "methods/IAccessManaged.spec"; + +methods { + // FV + function someFunction() external; + function authority_canCall_immediate(address) external returns (bool); + function authority_canCall_delay(address) external returns (uint32); + function authority_getSchedule(address) external returns (uint48); +} + +invariant isConsumingScheduledOpClean() + isConsumingScheduledOp() == to_bytes4(0); + +rule callRestrictedFunction(env e) { + bool immediate = authority_canCall_immediate(e, e.msg.sender); + uint32 delay = authority_canCall_delay(e, e.msg.sender); + uint48 scheduleBefore = authority_getSchedule(e, e.msg.sender); + + someFunction@withrevert(e); + bool success = !lastReverted; + + uint48 scheduleAfter = authority_getSchedule(e, e.msg.sender); + + // can only call if immediate, or (with delay) by consuming a scheduled op + assert success => ( + immediate || + ( + delay > 0 && + isSetAndPast(e, scheduleBefore) && + scheduleAfter == 0 + ) + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/AccessManager.spec b/dependencies/@openzeppelin/certora/specs/AccessManager.spec new file mode 100644 index 00000000..cc4b0132 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/AccessManager.spec @@ -0,0 +1,826 @@ +import "helpers/helpers.spec"; +import "methods/IAccessManager.spec"; + +methods { + // FV + function canCall_immediate(address,address,bytes4) external returns (bool); + function canCall_delay(address,address,bytes4) external returns (uint32); + function canCallExtended(address,address,bytes) external returns (bool,uint32); + function canCallExtended_immediate(address,address,bytes) external returns (bool); + function canCallExtended_delay(address,address,bytes) external returns (uint32); + function getAdminRestrictions_restricted(bytes) external returns (bool); + function getAdminRestrictions_roleAdminId(bytes) external returns (uint64); + function getAdminRestrictions_executionDelay(bytes) external returns (uint32); + function hasRole_isMember(uint64,address) external returns (bool); + function hasRole_executionDelay(uint64,address) external returns (uint32); + function getAccess_since(uint64,address) external returns (uint48); + function getAccess_currentDelay(uint64,address) external returns (uint32); + function getAccess_pendingDelay(uint64,address) external returns (uint32); + function getAccess_effect(uint64,address) external returns (uint48); + function getTargetAdminDelay_after(address target) external returns (uint32); + function getTargetAdminDelay_effect(address target) external returns (uint48); + function getRoleGrantDelay_after(uint64 roleId) external returns (uint32); + function getRoleGrantDelay_effect(uint64 roleId) external returns (uint48); + function hashExecutionId(address,bytes4) external returns (bytes32) envfree; + function executionId() external returns (bytes32) envfree; + function getSelector(bytes) external returns (bytes4) envfree; + function getFirstArgumentAsAddress(bytes) external returns (address) envfree; + function getFirstArgumentAsUint64(bytes) external returns (uint64) envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition isOnlyAuthorized(bytes4 selector) returns bool = + selector == to_bytes4(sig:labelRole(uint64,string).selector ) || + selector == to_bytes4(sig:setRoleAdmin(uint64,uint64).selector ) || + selector == to_bytes4(sig:setRoleGuardian(uint64,uint64).selector ) || + selector == to_bytes4(sig:setGrantDelay(uint64,uint32).selector ) || + selector == to_bytes4(sig:setTargetAdminDelay(address,uint32).selector ) || + selector == to_bytes4(sig:updateAuthority(address,address).selector ) || + selector == to_bytes4(sig:setTargetClosed(address,bool).selector ) || + selector == to_bytes4(sig:setTargetFunctionRole(address,bytes4[],uint64).selector) || + selector == to_bytes4(sig:grantRole(uint64,address,uint32).selector ) || + selector == to_bytes4(sig:revokeRole(uint64,address).selector ); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: executionId must be clean when not in the middle of a call β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant cleanExecutionId() + executionId() == to_bytes32(0); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: public role β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant publicRole(env e, address account) + hasRole_isMember(e, PUBLIC_ROLE(), account) && + hasRole_executionDelay(e, PUBLIC_ROLE(), account) == 0 && + getAccess_since(e, PUBLIC_ROLE(), account) == 0 && + getAccess_currentDelay(e, PUBLIC_ROLE(), account) == 0 && + getAccess_pendingDelay(e, PUBLIC_ROLE(), account) == 0 && + getAccess_effect(e, PUBLIC_ROLE(), account) == 0; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: hasRole is consistent with getAccess β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant hasRoleGetAccessConsistency(env e, uint64 roleId, address account) + hasRole_isMember(e, roleId, account) == (roleId == PUBLIC_ROLE() || isSetAndPast(e, getAccess_since(e, roleId, account))) && + hasRole_executionDelay(e, roleId, account) == getAccess_currentDelay(e, roleId, account); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: canCall, canCallExtended, getAccess, hasRole, isTargetClosed and getTargetFunctionRole do NOT revert β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noRevert(env e) { + require nonpayable(e); + require sanity(e); + + address caller; + address target; + bytes data; + bytes4 selector; + uint64 roleId; + + canCall@withrevert(e, caller, target, selector); + assert !lastReverted; + + // require data.length <= max_uint64; + // + // canCallExtended@withrevert(e, caller, target, data); + // assert !lastReverted; + + getAccess@withrevert(e, roleId, caller); + assert !lastReverted; + + hasRole@withrevert(e, roleId, caller); + assert !lastReverted; + + isTargetClosed@withrevert(target); + assert !lastReverted; + + getTargetFunctionRole@withrevert(target, selector); + assert !lastReverted; + + // Not covered: + // - getAdminRestrictions (_1, _2 & _3) + // - getSelector +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: admin restrictions are correct β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getAdminRestrictions(env e, bytes data) { + bool restricted = getAdminRestrictions_restricted(e, data); + uint64 roleId = getAdminRestrictions_roleAdminId(e, data); + uint32 delay = getAdminRestrictions_executionDelay(e, data); + bytes4 selector = getSelector(data); + + if (data.length < 4) { + assert restricted == false; + assert roleId == 0; + assert delay == 0; + } else { + assert restricted == + isOnlyAuthorized(selector); + + assert roleId == ( + (restricted && selector == to_bytes4(sig:grantRole(uint64,address,uint32).selector)) || + (restricted && selector == to_bytes4(sig:revokeRole(uint64,address).selector )) + ? getRoleAdmin(getFirstArgumentAsUint64(data)) + : ADMIN_ROLE() + ); + + assert delay == ( + (restricted && selector == to_bytes4(sig:updateAuthority(address,address).selector )) || + (restricted && selector == to_bytes4(sig:setTargetClosed(address,bool).selector )) || + (restricted && selector == to_bytes4(sig:setTargetFunctionRole(address,bytes4[],uint64).selector)) + ? getTargetAdminDelay(e, getFirstArgumentAsAddress(data)) + : 0 + ); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: canCall β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule canCall(env e) { + address caller; + address target; + bytes4 selector; + + // Get relevant values + bool immediate = canCall_immediate(e, caller, target, selector); + uint32 delay = canCall_delay(e, caller, target, selector); + bool closed = isTargetClosed(target); + uint64 roleId = getTargetFunctionRole(target, selector); + bool isMember = hasRole_isMember(e, roleId, caller); + uint32 currentDelay = hasRole_executionDelay(e, roleId, caller); + + // Can only execute without delay in specific cases: + // - target not closed + // - if self-execution: `executionId` must match + // - if third party execution: must be member with no delay + assert immediate <=> ( + !closed && + ( + (caller == currentContract && executionId() == hashExecutionId(target, selector)) + || + (caller != currentContract && isMember && currentDelay == 0) + ) + ); + + // Can only execute with delay in specific cases: + // - target not closed + // - third party execution + // - caller is a member and has an execution delay + assert delay > 0 <=> ( + !closed && + caller != currentContract && + isMember && + currentDelay > 0 + ); + + // If there is a delay, then it must be the caller's execution delay + assert delay > 0 => delay == currentDelay; + + // Immediate execute means no delayed execution + assert immediate => delay == 0; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: canCallExtended β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule canCallExtended(env e) { + address caller; + address target; + bytes data; + bytes4 selector = getSelector(data); + + bool immediate = canCallExtended_immediate(e, caller, target, data); + uint32 delay = canCallExtended_delay(e, caller, target, data); + bool enabled = getAdminRestrictions_restricted(e, data); + uint64 roleId = getAdminRestrictions_roleAdminId(e, data); + uint32 operationDelay = getAdminRestrictions_executionDelay(e, data); + bool inRole = hasRole_isMember(e, roleId, caller); + uint32 executionDelay = hasRole_executionDelay(e, roleId, caller); + + if (target == currentContract) { + // Can only execute without delay in the specific cases: + // - caller is the AccessManager and the executionId is set + // or + // - data matches an admin restricted function + // - caller has the necessary role + // - operation delay is not set + // - execution delay is not set + assert immediate <=> ( + ( + caller == currentContract && + data.length >= 4 && + executionId() == hashExecutionId(target, selector) + ) || ( + caller != currentContract && + enabled && + inRole && + operationDelay == 0 && + executionDelay == 0 + ) + ); + + // Immediate execute means no delayed execution + // This is equivalent to "delay > 0 => !immediate" + assert immediate => delay == 0; + + // Can only execute with delay in specific cases: + // - caller is a third party + // - data matches an admin restricted function + // - caller has the necessary role + // -operation delay or execution delay is set + assert delay > 0 <=> ( + caller != currentContract && + enabled && + inRole && + (operationDelay > 0 || executionDelay > 0) + ); + + // If there is a delay, then it must be the maximum of caller's execution delay and the operation delay + assert delay > 0 => to_mathint(delay) == max(operationDelay, executionDelay); + } else if (data.length < 4) { + assert immediate == false; + assert delay == 0; + } else { + // results are equivalent when targeting third party contracts + assert immediate == canCall_immediate(e, caller, target, selector); + assert delay == canCall_delay(e, caller, target, selector); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getAccess β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getAccessChangeTime(uint64 roleId, address account) { + env e1; + env e2; + + // values before + mathint getAccess1Before = getAccess_since(e1, roleId, account); + mathint getAccess2Before = getAccess_currentDelay(e1, roleId, account); + mathint getAccess3Before = getAccess_pendingDelay(e1, roleId, account); + mathint getAccess4Before = getAccess_effect(e1, roleId, account); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + mathint getAccess1After = getAccess_since(e2, roleId, account); + mathint getAccess2After = getAccess_currentDelay(e2, roleId, account); + mathint getAccess3After = getAccess_pendingDelay(e2, roleId, account); + mathint getAccess4After = getAccess_effect(e2, roleId, account); + + // member "since" cannot change as a consequence of time passing + assert getAccess1Before == getAccess1After; + + // any change of any other value should be a consequence of the effect timepoint being reached + assert ( + getAccess2Before != getAccess2After || + getAccess3Before != getAccess3After || + getAccess4Before != getAccess4After + ) => ( + getAccess4Before != 0 && + getAccess4Before > clock(e1) && + getAccess4Before <= clock(e2) && + getAccess2After == getAccess3Before && + getAccess3After == 0 && + getAccess4After == 0 + ); +} + +rule getAccessChangeCall(uint64 roleId, address account) { + env e; + + // sanity + require sanity(e); + + // values before + mathint getAccess1Before = getAccess_since(e, roleId, account); + mathint getAccess2Before = getAccess_currentDelay(e, roleId, account); + mathint getAccess3Before = getAccess_pendingDelay(e, roleId, account); + mathint getAccess4Before = getAccess_effect(e, roleId, account); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values before + mathint getAccess1After = getAccess_since(e, roleId, account); + mathint getAccess2After = getAccess_currentDelay(e, roleId, account); + mathint getAccess3After = getAccess_pendingDelay(e, roleId, account); + mathint getAccess4After = getAccess_effect(e, roleId, account); + + // transitions + assert ( + getAccess1Before != getAccess1After || + getAccess2Before != getAccess2After || + getAccess3Before != getAccess3After || + getAccess4Before != getAccess4After + ) => ( + ( + f.selector == sig:grantRole(uint64,address,uint32).selector && + getAccess1After > 0 + ) || ( + ( + f.selector == sig:revokeRole(uint64,address).selector || + f.selector == sig:renounceRole(uint64,address).selector + ) && + getAccess1After == 0 && + getAccess2After == 0 && + getAccess3After == 0 && + getAccess4After == 0 + ) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: isTargetClosed β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule isTargetClosedChangeTime(address target) { + env e1; + env e2; + + // values before + bool isClosedBefore = isTargetClosed(e1, target); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + bool isClosedAfter = isTargetClosed(e2, target); + + // transitions + assert isClosedBefore == isClosedAfter; +} + +rule isTargetClosedChangeCall(address target) { + env e; + + // values before + bool isClosedBefore = isTargetClosed(e, target); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values after + bool isClosedAfter = isTargetClosed(e, target); + + // transitions + assert isClosedBefore != isClosedAfter => ( + f.selector == sig:setTargetClosed(address,bool).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getTargetFunctionRole β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getTargetFunctionRoleChangeTime(address target, bytes4 selector) { + env e1; + env e2; + + // values before + mathint roleIdBefore = getTargetFunctionRole(e1, target, selector); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + mathint roleIdAfter = getTargetFunctionRole(e2, target, selector); + + // transitions + assert roleIdBefore == roleIdAfter; +} + +rule getTargetFunctionRoleChangeCall(address target, bytes4 selector) { + env e; + + // values before + mathint roleIdBefore = getTargetFunctionRole(e, target, selector); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values after + mathint roleIdAfter = getTargetFunctionRole(e, target, selector); + + // transitions + assert roleIdBefore != roleIdAfter => ( + f.selector == sig:setTargetFunctionRole(address,bytes4[],uint64).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getTargetAdminDelay β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getTargetAdminDelayChangeTime(address target) { + env e1; + env e2; + + // values before + mathint delayBefore = getTargetAdminDelay(e1, target); + mathint delayPendingBefore = getTargetAdminDelay_after(e1, target); + mathint delayEffectBefore = getTargetAdminDelay_effect(e1, target); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + mathint delayAfter = getTargetAdminDelay(e2, target); + mathint delayPendingAfter = getTargetAdminDelay_after(e2, target); + mathint delayEffectAfter = getTargetAdminDelay_effect(e2, target); + + assert ( + delayBefore != delayAfter || + delayPendingBefore != delayPendingAfter || + delayEffectBefore != delayEffectAfter + ) => ( + delayEffectBefore > clock(e1) && + delayEffectBefore <= clock(e2) && + delayAfter == delayPendingBefore && + delayPendingAfter == 0 && + delayEffectAfter == 0 + ); +} + +rule getTargetAdminDelayChangeCall(address target) { + env e; + + // values before + mathint delayBefore = getTargetAdminDelay(e, target); + mathint delayPendingBefore = getTargetAdminDelay_after(e, target); + mathint delayEffectBefore = getTargetAdminDelay_effect(e, target); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values after + mathint delayAfter = getTargetAdminDelay(e, target); + mathint delayPendingAfter = getTargetAdminDelay_after(e, target); + mathint delayEffectAfter = getTargetAdminDelay_effect(e, target); + + // if anything changed ... + assert ( + delayBefore != delayAfter || + delayPendingBefore != delayPendingAfter || + delayEffectBefore != delayEffectAfter + ) => ( + ( + // ... it was the consequence of a call to setTargetAdminDelay + f.selector == sig:setTargetAdminDelay(address,uint32).selector + ) && ( + // ... delay cannot decrease instantly + delayAfter >= delayBefore + ) && ( + // ... if setback is not 0, value cannot change instantly + minSetback() > 0 => ( + delayBefore == delayAfter + ) + ) && ( + // ... if the value did not change and there is a minSetback, there must be something scheduled in the future + delayAfter == delayBefore && minSetback() > 0 => ( + delayEffectAfter >= clock(e) + minSetback() + ) + // note: if there is no minSetback, and if the caller "confirms" the current value, + // then this as immediate effect and nothing is scheduled + ) && ( + // ... if the value changed, then no further change should be scheduled + delayAfter != delayBefore => ( + delayPendingAfter == 0 && + delayEffectAfter == 0 + ) + ) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getRoleGrantDelay β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getRoleGrantDelayChangeTime(uint64 roleId) { + env e1; + env e2; + + // values before + mathint delayBefore = getRoleGrantDelay(e1, roleId); + mathint delayPendingBefore = getRoleGrantDelay_after(e1, roleId); + mathint delayEffectBefore = getRoleGrantDelay_effect(e1, roleId); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + mathint delayAfter = getRoleGrantDelay(e2, roleId); + mathint delayPendingAfter = getRoleGrantDelay_after(e2, roleId); + mathint delayEffectAfter = getRoleGrantDelay_effect(e2, roleId); + + assert ( + delayBefore != delayAfter || + delayPendingBefore != delayPendingAfter || + delayEffectBefore != delayEffectAfter + ) => ( + delayEffectBefore > clock(e1) && + delayEffectBefore <= clock(e2) && + delayAfter == delayPendingBefore && + delayPendingAfter == 0 && + delayEffectAfter == 0 + ); +} + +rule getRoleGrantDelayChangeCall(uint64 roleId) { + env e; + + // values before + mathint delayBefore = getRoleGrantDelay(e, roleId); + mathint delayPendingBefore = getRoleGrantDelay_after(e, roleId); + mathint delayEffectBefore = getRoleGrantDelay_effect(e, roleId); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values after + mathint delayAfter = getRoleGrantDelay(e, roleId); + mathint delayPendingAfter = getRoleGrantDelay_after(e, roleId); + mathint delayEffectAfter = getRoleGrantDelay_effect(e, roleId); + + // if anything changed ... + assert ( + delayBefore != delayAfter || + delayPendingBefore != delayPendingAfter || + delayEffectBefore != delayEffectAfter + ) => ( + ( + // ... it was the consequence of a call to setTargetAdminDelay + f.selector == sig:setGrantDelay(uint64,uint32).selector + ) && ( + // ... delay cannot decrease instantly + delayAfter >= delayBefore + ) && ( + // ... if setback is not 0, value cannot change instantly + minSetback() > 0 => ( + delayBefore == delayAfter + ) + ) && ( + // ... if the value did not change and there is a minSetback, there must be something scheduled in the future + delayAfter == delayBefore && minSetback() > 0 => ( + delayEffectAfter >= clock(e) + minSetback() + ) + // note: if there is no minSetback, and if the caller "confirms" the current value, + // then this as immediate effect and nothing is scheduled + ) && ( + // ... if the value changed, then no further change should be scheduled + delayAfter != delayBefore => ( + delayPendingAfter == 0 && + delayEffectAfter == 0 + ) + ) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getRoleAdmin & getRoleGuardian β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getRoleAdminChangeCall(uint64 roleId) { + // values before + mathint adminIdBefore = getRoleAdmin(roleId); + + // arbitrary function call + env e; method f; calldataarg args; f(e, args); + + // values after + mathint adminIdAfter = getRoleAdmin(roleId); + + // transitions + assert adminIdBefore != adminIdAfter => f.selector == sig:setRoleAdmin(uint64,uint64).selector; +} + +rule getRoleGuardianChangeCall(uint64 roleId) { + // values before + mathint guardianIdBefore = getRoleGuardian(roleId); + + // arbitrary function call + env e; method f; calldataarg args; f(e, args); + + // values after + mathint guardianIdAfter = getRoleGuardian(roleId); + + // transitions + assert guardianIdBefore != guardianIdAfter => ( + f.selector == sig:setRoleGuardian(uint64,uint64).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getNonce β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getNonceChangeCall(bytes32 operationId) { + // values before + mathint nonceBefore = getNonce(operationId); + + // reasonable assumption + require nonceBefore < max_uint32; + + // arbitrary function call + env e; method f; calldataarg args; f(e, args); + + // values after + mathint nonceAfter = getNonce(operationId); + + // transitions + assert nonceBefore != nonceAfter => ( + f.selector == sig:schedule(address,bytes,uint48).selector && + nonceAfter == nonceBefore + 1 + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ State transitions: getSchedule β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getScheduleChangeTime(bytes32 operationId) { + env e1; + env e2; + + // values before + mathint scheduleBefore = getSchedule(e1, operationId); + + // time pass: e1 β†’ e2 + require clock(e1) <= clock(e2); + + // values after + mathint scheduleAfter = getSchedule(e2, operationId); + + // transition + assert scheduleBefore != scheduleAfter => ( + scheduleBefore + expiration() > clock(e1) && + scheduleBefore + expiration() <= clock(e2) && + scheduleAfter == 0 + ); +} + +rule getScheduleChangeCall(bytes32 operationId) { + env e; + + // values before + mathint scheduleBefore = getSchedule(e, operationId); + + // arbitrary function call + method f; calldataarg args; f(e, args); + + // values after + mathint scheduleAfter = getSchedule(e, operationId); + + // transitions + assert scheduleBefore != scheduleAfter => ( + (f.selector == sig:schedule(address,bytes,uint48).selector && scheduleAfter >= clock(e)) || + (f.selector == sig:execute(address,bytes).selector && scheduleAfter == 0 ) || + (f.selector == sig:cancel(address,address,bytes).selector && scheduleAfter == 0 ) || + (f.selector == sig:consumeScheduledOp(address,bytes).selector && scheduleAfter == 0 ) || + (isOnlyAuthorized(to_bytes4(f.selector)) && scheduleAfter == 0 ) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: restricted functions can only be called by owner β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule restrictedFunctions(env e) { + require nonpayable(e); + require sanity(e); + + method f; + calldataarg args; + + f(e,args); + + assert ( + f.selector == sig:labelRole(uint64,string).selector || + f.selector == sig:setRoleAdmin(uint64,uint64).selector || + f.selector == sig:setRoleGuardian(uint64,uint64).selector || + f.selector == sig:setGrantDelay(uint64,uint32).selector || + f.selector == sig:setTargetAdminDelay(address,uint32).selector || + f.selector == sig:updateAuthority(address,address).selector || + f.selector == sig:setTargetClosed(address,bool).selector || + f.selector == sig:setTargetFunctionRole(address,bytes4[],uint64).selector + ) => ( + hasRole_isMember(e, ADMIN_ROLE(), e.msg.sender) || e.msg.sender == currentContract + ); +} + +rule restrictedFunctionsGrantRole(env e) { + require nonpayable(e); + require sanity(e); + + uint64 roleId; + address account; + uint32 executionDelay; + + // We want to check that the caller has the admin role before we possibly grant it. + bool hasAdminRoleBefore = hasRole_isMember(e, getRoleAdmin(roleId), e.msg.sender); + + grantRole(e, roleId, account, executionDelay); + + assert hasAdminRoleBefore || e.msg.sender == currentContract; +} + +rule restrictedFunctionsRevokeRole(env e) { + require nonpayable(e); + require sanity(e); + + uint64 roleId; + address account; + + // This is needed if roleId is self-administered, the `revokeRole` call could target + // e.msg.sender and remove the very role that is necessary for authorizing the call. + bool hasAdminRoleBefore = hasRole_isMember(e, getRoleAdmin(roleId), e.msg.sender); + + revokeRole(e, roleId, account); + + assert hasAdminRoleBefore || e.msg.sender == currentContract; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Functions: canCall delay is enforced for calls to execute (only for others target) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +// getScheduleChangeCall proves that only {schedule} can set an operation schedule to a non 0 value +rule callDelayEnforce_scheduleInTheFuture(env e) { + address target; + bytes data; + uint48 when; + + // Condition: calling a third party with a delay + mathint delay = canCallExtended_delay(e, e.msg.sender, target, data); + require delay > 0; + + // Schedule + schedule(e, target, data, when); + + // Get operation schedule + mathint timepoint = getSchedule(e, hashOperation(e.msg.sender, target, data)); + + // Schedule is far enough in the future + assert timepoint == max(clock(e) + delay, when); +} + +rule callDelayEnforce_executeAfterDelay(env e) { + address target; + bytes data; + + // Condition: calling a third party with a delay + mathint delay = canCallExtended_delay(e, e.msg.sender, target, data); + + // Get operation schedule before + mathint scheduleBefore = getSchedule(e, hashOperation(e.msg.sender, target, data)); + + // Do call + execute@withrevert(e, target, data); + bool success = !lastReverted; + + // Get operation schedule after + mathint scheduleAfter = getSchedule(e, hashOperation(e.msg.sender, target, data)); + + // Can only execute if delay is set and has passed + assert success => ( + delay > 0 => ( + scheduleBefore != 0 && + scheduleBefore <= clock(e) + ) && + scheduleAfter == 0 + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/DoubleEndedQueue.spec b/dependencies/@openzeppelin/certora/specs/DoubleEndedQueue.spec new file mode 100644 index 00000000..3b71bb4c --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/DoubleEndedQueue.spec @@ -0,0 +1,300 @@ +import "helpers/helpers.spec"; + +methods { + function pushFront(bytes32) external envfree; + function pushBack(bytes32) external envfree; + function popFront() external returns (bytes32) envfree; + function popBack() external returns (bytes32) envfree; + function clear() external envfree; + + // exposed for FV + function begin() external returns (uint128) envfree; + function end() external returns (uint128) envfree; + + // view + function length() external returns (uint256) envfree; + function empty() external returns (bool) envfree; + function front() external returns (bytes32) envfree; + function back() external returns (bytes32) envfree; + function at_(uint256) external returns (bytes32) envfree; // at is a reserved word +} + +definition full() returns bool = length() == max_uint128; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: empty() is length 0 and no element exists β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant emptiness() + empty() <=> length() == 0 + filtered { f -> !f.isView } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: front points to the first index and back points to the last one β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant queueFront() + at_(0) == front() + filtered { f -> !f.isView } + +invariant queueBack() + at_(require_uint256(length() - 1)) == back() + filtered { f -> !f.isView } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: pushFront adds an element at the beginning of the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pushFront(bytes32 value) { + uint256 lengthBefore = length(); + bool fullBefore = full(); + + pushFront@withrevert(value); + bool success = !lastReverted; + + // liveness + assert success <=> !fullBefore, "never revert if not previously full"; + + // effect + assert success => front() == value, "front set to value"; + assert success => to_mathint(length()) == lengthBefore + 1, "queue extended"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: pushFront preserves the previous values in the queue with a +1 offset β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pushFrontConsistency(uint256 index) { + bytes32 beforeAt = at_(index); + + bytes32 value; + pushFront(value); + + // try to read value + bytes32 afterAt = at_@withrevert(require_uint256(index + 1)); + + assert !lastReverted, "value still there"; + assert afterAt == beforeAt, "data is preserved"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: pushBack adds an element at the end of the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pushBack(bytes32 value) { + uint256 lengthBefore = length(); + bool fullBefore = full(); + + pushBack@withrevert(value); + bool success = !lastReverted; + + // liveness + assert success <=> !fullBefore, "never revert if not previously full"; + + // effect + assert success => back() == value, "back set to value"; + assert success => to_mathint(length()) == lengthBefore + 1, "queue increased"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: pushBack preserves the previous values in the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pushBackConsistency(uint256 index) { + bytes32 beforeAt = at_(index); + + bytes32 value; + pushBack(value); + + // try to read value + bytes32 afterAt = at_@withrevert(index); + + assert !lastReverted, "value still there"; + assert afterAt == beforeAt, "data is preserved"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: popFront removes an element from the beginning of the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule popFront { + uint256 lengthBefore = length(); + bytes32 frontBefore = front@withrevert(); + + bytes32 popped = popFront@withrevert(); + bool success = !lastReverted; + + // liveness + assert success <=> lengthBefore != 0, "never reverts if not previously empty"; + + // effect + assert success => frontBefore == popped, "previous front is returned"; + assert success => to_mathint(length()) == lengthBefore - 1, "queue decreased"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: at(x) is preserved and offset to at(x - 1) after calling popFront | +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule popFrontConsistency(uint256 index) { + // Read (any) value that is not the front (this asserts the value exists / the queue is long enough) + require index > 1; + bytes32 before = at_(index); + + popFront(); + + // try to read value + bytes32 after = at_@withrevert(require_uint256(index - 1)); + + assert !lastReverted, "value still exists in the queue"; + assert before == after, "values are offset and not modified"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: popBack removes an element from the end of the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule popBack { + uint256 lengthBefore = length(); + bytes32 backBefore = back@withrevert(); + + bytes32 popped = popBack@withrevert(); + bool success = !lastReverted; + + // liveness + assert success <=> lengthBefore != 0, "never reverts if not previously empty"; + + // effect + assert success => backBefore == popped, "previous back is returned"; + assert success => to_mathint(length()) == lengthBefore - 1, "queue decreased"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: at(x) is preserved after calling popBack | +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule popBackConsistency(uint256 index) { + // Read (any) value that is not the back (this asserts the value exists / the queue is long enough) + require to_mathint(index) < length() - 1; + bytes32 before = at_(index); + + popBack(); + + // try to read value + bytes32 after = at_@withrevert(index); + + assert !lastReverted, "value still exists in the queue"; + assert before == after, "values are offset and not modified"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: clear sets length to 0 β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule clear { + clear@withrevert(); + + // liveness + assert !lastReverted, "never reverts"; + + // effect + assert length() == 0, "sets length to 0"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: front/back access reverts only if the queue is empty or querying out of bounds β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyEmptyOrFullRevert(env e) { + require nonpayable(e); + + method f; + calldataarg args; + + bool emptyBefore = empty(); + bool fullBefore = full(); + + f@withrevert(e, args); + + assert lastReverted => ( + (f.selector == sig:front().selector && emptyBefore) || + (f.selector == sig:back().selector && emptyBefore) || + (f.selector == sig:popFront().selector && emptyBefore) || + (f.selector == sig:popBack().selector && emptyBefore) || + (f.selector == sig:pushFront(bytes32).selector && fullBefore ) || + (f.selector == sig:pushBack(bytes32).selector && fullBefore ) || + f.selector == sig:at_(uint256).selector // revert conditions are verified in onlyOutOfBoundsRevert + ), "only revert if empty or out of bounds"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: at(index) only reverts if index is out of bounds | +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyOutOfBoundsRevert(uint256 index) { + at_@withrevert(index); + + assert lastReverted <=> index >= length(), "only reverts if index is out of bounds"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: only clear/push/pop operations can change the length of the queue β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noLengthChange(env e) { + method f; + calldataarg args; + + uint256 lengthBefore = length(); + f(e, args); + uint256 lengthAfter = length(); + + assert lengthAfter != lengthBefore => ( + (f.selector == sig:pushFront(bytes32).selector && to_mathint(lengthAfter) == lengthBefore + 1) || + (f.selector == sig:pushBack(bytes32).selector && to_mathint(lengthAfter) == lengthBefore + 1) || + (f.selector == sig:popBack().selector && to_mathint(lengthAfter) == lengthBefore - 1) || + (f.selector == sig:popFront().selector && to_mathint(lengthAfter) == lengthBefore - 1) || + (f.selector == sig:clear().selector && lengthAfter == 0) + ), "length is only affected by clear/pop/push operations"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: only push/pop can change values bounded in the queue (outside values aren't cleared) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noDataChange(env e) { + method f; + calldataarg args; + + uint256 index; + bytes32 atBefore = at_(index); + f(e, args); + bytes32 atAfter = at_@withrevert(index); + bool atAfterSuccess = !lastReverted; + + assert !atAfterSuccess <=> ( + (f.selector == sig:clear().selector ) || + (f.selector == sig:popBack().selector && index == length()) || + (f.selector == sig:popFront().selector && index == length()) + ), "indexes of the queue are only removed by clear or pop"; + + assert atAfterSuccess && atAfter != atBefore => ( + f.selector == sig:popFront().selector || + f.selector == sig:pushFront(bytes32).selector + ), "values of the queue are only changed by popFront or pushFront"; +} diff --git a/dependencies/@openzeppelin/certora/specs/ERC20.spec b/dependencies/@openzeppelin/certora/specs/ERC20.spec new file mode 100644 index 00000000..21a03358 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/ERC20.spec @@ -0,0 +1,352 @@ +import "helpers/helpers.spec"; +import "methods/IERC20.spec"; +import "methods/IERC2612.spec"; + +methods { + // exposed for FV + function mint(address,uint256) external; + function burn(address,uint256) external; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Ghost & hooks: sum of all balances β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +ghost mathint sumOfBalances { + init_state axiom sumOfBalances == 0; +} + +// Because `balance` has a uint256 type, any balance addition in CVL1 behaved as a `require_uint256()` casting, +// leaving out the possibility of overflow. This is not the case in CVL2 where casting became more explicit. +// A counterexample in CVL2 is having an initial state where Alice initial balance is larger than totalSupply, which +// overflows Alice's balance when receiving a transfer. This is not possible unless the contract is deployed into an +// already used address (or upgraded from corrupted state). +// We restrict such behavior by making sure no balance is greater than the sum of balances. +hook Sload uint256 balance _balances[KEY address addr] STORAGE { + require sumOfBalances >= to_mathint(balance); +} + +hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) STORAGE { + sumOfBalances = sumOfBalances - oldValue + newValue; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: totalSupply is the sum of all balances β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant totalSupplyIsSumOfBalances() + to_mathint(totalSupply()) == sumOfBalances; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: balance of address(0) is 0 β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant zeroAddressNoBalance() + balanceOf(0) == 0; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: only mint and burn can change total supply β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noChangeTotalSupply(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + + method f; + calldataarg args; + + uint256 totalSupplyBefore = totalSupply(); + f(e, args); + uint256 totalSupplyAfter = totalSupply(); + + assert totalSupplyAfter > totalSupplyBefore => f.selector == sig:mint(address,uint256).selector; + assert totalSupplyAfter < totalSupplyBefore => f.selector == sig:burn(address,uint256).selector; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: only the token holder or an approved third party can reduce an account's balance β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyAuthorizedCanTransfer(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + + method f; + calldataarg args; + address account; + + uint256 allowanceBefore = allowance(account, e.msg.sender); + uint256 balanceBefore = balanceOf(account); + f(e, args); + uint256 balanceAfter = balanceOf(account); + + assert ( + balanceAfter < balanceBefore + ) => ( + f.selector == sig:burn(address,uint256).selector || + e.msg.sender == account || + balanceBefore - balanceAfter <= to_mathint(allowanceBefore) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: only the token holder (or a permit) can increase allowance. The spender can decrease it by using it β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyHolderOfSpenderCanChangeAllowance(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + + method f; + calldataarg args; + address holder; + address spender; + + uint256 allowanceBefore = allowance(holder, spender); + f(e, args); + uint256 allowanceAfter = allowance(holder, spender); + + assert ( + allowanceAfter > allowanceBefore + ) => ( + (f.selector == sig:approve(address,uint256).selector && e.msg.sender == holder) || + (f.selector == sig:permit(address,address,uint256,uint256,uint8,bytes32,bytes32).selector) + ); + + assert ( + allowanceAfter < allowanceBefore + ) => ( + (f.selector == sig:transferFrom(address,address,uint256).selector && e.msg.sender == spender) || + (f.selector == sig:approve(address,uint256).selector && e.msg.sender == holder ) || + (f.selector == sig:permit(address,address,uint256,uint256,uint8,bytes32,bytes32).selector) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: mint behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule mint(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + require nonpayable(e); + + address to; + address other; + uint256 amount; + + // cache state + uint256 toBalanceBefore = balanceOf(to); + uint256 otherBalanceBefore = balanceOf(other); + uint256 totalSupplyBefore = totalSupply(); + + // run transaction + mint@withrevert(e, to, amount); + + // check outcome + if (lastReverted) { + assert to == 0 || totalSupplyBefore + amount > max_uint256; + } else { + // updates balance and totalSupply + assert to_mathint(balanceOf(to)) == toBalanceBefore + amount; + assert to_mathint(totalSupply()) == totalSupplyBefore + amount; + + // no other balance is modified + assert balanceOf(other) != otherBalanceBefore => other == to; + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: burn behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule burn(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + require nonpayable(e); + + address from; + address other; + uint256 amount; + + // cache state + uint256 fromBalanceBefore = balanceOf(from); + uint256 otherBalanceBefore = balanceOf(other); + uint256 totalSupplyBefore = totalSupply(); + + // run transaction + burn@withrevert(e, from, amount); + + // check outcome + if (lastReverted) { + assert from == 0 || fromBalanceBefore < amount; + } else { + // updates balance and totalSupply + assert to_mathint(balanceOf(from)) == fromBalanceBefore - amount; + assert to_mathint(totalSupply()) == totalSupplyBefore - amount; + + // no other balance is modified + assert balanceOf(other) != otherBalanceBefore => other == from; + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: transfer behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule transfer(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + require nonpayable(e); + + address holder = e.msg.sender; + address recipient; + address other; + uint256 amount; + + // cache state + uint256 holderBalanceBefore = balanceOf(holder); + uint256 recipientBalanceBefore = balanceOf(recipient); + uint256 otherBalanceBefore = balanceOf(other); + + // run transaction + transfer@withrevert(e, recipient, amount); + + // check outcome + if (lastReverted) { + assert holder == 0 || recipient == 0 || amount > holderBalanceBefore; + } else { + // balances of holder and recipient are updated + assert to_mathint(balanceOf(holder)) == holderBalanceBefore - (holder == recipient ? 0 : amount); + assert to_mathint(balanceOf(recipient)) == recipientBalanceBefore + (holder == recipient ? 0 : amount); + + // no other balance is modified + assert balanceOf(other) != otherBalanceBefore => (other == holder || other == recipient); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: transferFrom behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule transferFrom(env e) { + requireInvariant totalSupplyIsSumOfBalances(); + require nonpayable(e); + + address spender = e.msg.sender; + address holder; + address recipient; + address other; + uint256 amount; + + // cache state + uint256 allowanceBefore = allowance(holder, spender); + uint256 holderBalanceBefore = balanceOf(holder); + uint256 recipientBalanceBefore = balanceOf(recipient); + uint256 otherBalanceBefore = balanceOf(other); + + // run transaction + transferFrom@withrevert(e, holder, recipient, amount); + + // check outcome + if (lastReverted) { + assert holder == 0 || recipient == 0 || spender == 0 || amount > holderBalanceBefore || amount > allowanceBefore; + } else { + // allowance is valid & updated + assert allowanceBefore >= amount; + assert to_mathint(allowance(holder, spender)) == (allowanceBefore == max_uint256 ? max_uint256 : allowanceBefore - amount); + + // balances of holder and recipient are updated + assert to_mathint(balanceOf(holder)) == holderBalanceBefore - (holder == recipient ? 0 : amount); + assert to_mathint(balanceOf(recipient)) == recipientBalanceBefore + (holder == recipient ? 0 : amount); + + // no other balance is modified + assert balanceOf(other) != otherBalanceBefore => (other == holder || other == recipient); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: approve behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule approve(env e) { + require nonpayable(e); + + address holder = e.msg.sender; + address spender; + address otherHolder; + address otherSpender; + uint256 amount; + + // cache state + uint256 otherAllowanceBefore = allowance(otherHolder, otherSpender); + + // run transaction + approve@withrevert(e, spender, amount); + + // check outcome + if (lastReverted) { + assert holder == 0 || spender == 0; + } else { + // allowance is updated + assert allowance(holder, spender) == amount; + + // other allowances are untouched + assert allowance(otherHolder, otherSpender) != otherAllowanceBefore => (otherHolder == holder && otherSpender == spender); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: permit behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule permit(env e) { + require nonpayable(e); + + address holder; + address spender; + uint256 amount; + uint256 deadline; + uint8 v; + bytes32 r; + bytes32 s; + + address account1; + address account2; + address account3; + + // cache state + uint256 nonceBefore = nonces(holder); + uint256 otherNonceBefore = nonces(account1); + uint256 otherAllowanceBefore = allowance(account2, account3); + + // sanity: nonce overflow, which possible in theory, is assumed to be impossible in practice + require nonceBefore < max_uint256; + require otherNonceBefore < max_uint256; + + // run transaction + permit@withrevert(e, holder, spender, amount, deadline, v, r, s); + + // check outcome + if (lastReverted) { + // Without formally checking the signature, we can't verify exactly the revert causes + assert true; + } else { + // allowance and nonce are updated + assert allowance(holder, spender) == amount; + assert to_mathint(nonces(holder)) == nonceBefore + 1; + + // deadline was respected + assert deadline >= e.block.timestamp; + + // no other allowance or nonce is modified + assert nonces(account1) != otherNonceBefore => account1 == holder; + assert allowance(account2, account3) != otherAllowanceBefore => (account2 == holder && account3 == spender); + } +} diff --git a/dependencies/@openzeppelin/certora/specs/ERC20FlashMint.spec b/dependencies/@openzeppelin/certora/specs/ERC20FlashMint.spec new file mode 100644 index 00000000..4071052e --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/ERC20FlashMint.spec @@ -0,0 +1,55 @@ +import "helpers/helpers.spec"; +import "methods/IERC20.spec"; +import "methods/IERC3156FlashLender.spec"; +import "methods/IERC3156FlashBorrower.spec"; + +methods { + // non standard ERC-3156 functions + function flashFeeReceiver() external returns (address) envfree; + + // function summaries below + function _._update(address from, address to, uint256 amount) internal => specUpdate(from, to, amount) expect void ALL; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Ghost: track mint and burns in the CVL β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +ghost mapping(address => mathint) trackedMintAmount; +ghost mapping(address => mathint) trackedBurnAmount; +ghost mapping(address => mapping(address => mathint)) trackedTransferedAmount; + +function specUpdate(address from, address to, uint256 amount) { + if (from == 0 && to == 0) { assert(false); } // defensive + + if (from == 0) { + trackedMintAmount[to] = amount; + } else if (to == 0) { + trackedBurnAmount[from] = amount; + } else { + trackedTransferedAmount[from][to] = amount; + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: When doing a flashLoan, "amount" is minted and burnt, additionally, the fee is either burnt β”‚ +β”‚ (if the fee recipient is 0) or transferred (if the fee recipient is not 0) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule checkMintAndBurn(env e) { + address receiver; + address token; + uint256 amount; + bytes data; + + uint256 fees = flashFee(token, amount); + address recipient = flashFeeReceiver(); + + flashLoan(e, receiver, token, amount, data); + + assert trackedMintAmount[receiver] == to_mathint(amount); + assert trackedBurnAmount[receiver] == amount + to_mathint(recipient == 0 ? fees : 0); + assert (fees > 0 && recipient != 0) => trackedTransferedAmount[receiver][recipient] == to_mathint(fees); +} diff --git a/dependencies/@openzeppelin/certora/specs/ERC20Wrapper.spec b/dependencies/@openzeppelin/certora/specs/ERC20Wrapper.spec new file mode 100644 index 00000000..04e67042 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/ERC20Wrapper.spec @@ -0,0 +1,198 @@ +import "helpers/helpers.spec"; +import "ERC20.spec"; + +methods { + function underlying() external returns(address) envfree; + function underlyingTotalSupply() external returns(uint256) envfree; + function underlyingBalanceOf(address) external returns(uint256) envfree; + function underlyingAllowanceToThis(address) external returns(uint256) envfree; + + function depositFor(address, uint256) external returns(bool); + function withdrawTo(address, uint256) external returns(bool); + function recover(address) external returns(uint256); +} + +use invariant totalSupplyIsSumOfBalances; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helper: consequence of `totalSupplyIsSumOfBalances` applied to underlying β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition underlyingBalancesLowerThanUnderlyingSupply(address a) returns bool = + underlyingBalanceOf(a) <= underlyingTotalSupply(); + +definition sumOfUnderlyingBalancesLowerThanUnderlyingSupply(address a, address b) returns bool = + a != b => underlyingBalanceOf(a) + underlyingBalanceOf(b) <= to_mathint(underlyingTotalSupply()); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: wrapped token can't be undercollateralized (solvency of the wrapper) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant totalSupplyIsSmallerThanUnderlyingBalance() + totalSupply() <= underlyingBalanceOf(currentContract) && + underlyingBalanceOf(currentContract) <= underlyingTotalSupply() && + underlyingTotalSupply() <= max_uint256 + { + preserved { + requireInvariant totalSupplyIsSumOfBalances; + require underlyingBalancesLowerThanUnderlyingSupply(currentContract); + } + preserved depositFor(address account, uint256 amount) with (env e) { + require sumOfUnderlyingBalancesLowerThanUnderlyingSupply(e.msg.sender, currentContract); + } + } + +invariant noSelfWrap() + currentContract != underlying(); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: depositFor liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule depositFor(env e) { + require nonpayable(e); + + address sender = e.msg.sender; + address receiver; + address other; + uint256 amount; + + // sanity + requireInvariant noSelfWrap; + requireInvariant totalSupplyIsSumOfBalances; + requireInvariant totalSupplyIsSmallerThanUnderlyingBalance; + require sumOfUnderlyingBalancesLowerThanUnderlyingSupply(currentContract, sender); + + uint256 balanceBefore = balanceOf(receiver); + uint256 supplyBefore = totalSupply(); + uint256 senderUnderlyingBalanceBefore = underlyingBalanceOf(sender); + uint256 senderUnderlyingAllowanceBefore = underlyingAllowanceToThis(sender); + uint256 wrapperUnderlyingBalanceBefore = underlyingBalanceOf(currentContract); + uint256 underlyingSupplyBefore = underlyingTotalSupply(); + + uint256 otherBalanceBefore = balanceOf(other); + uint256 otherUnderlyingBalanceBefore = underlyingBalanceOf(other); + + depositFor@withrevert(e, receiver, amount); + bool success = !lastReverted; + + // liveness + assert success <=> ( + sender != currentContract && // invalid sender + sender != 0 && // invalid sender + receiver != currentContract && // invalid receiver + receiver != 0 && // invalid receiver + amount <= senderUnderlyingBalanceBefore && // deposit doesn't exceed balance + amount <= senderUnderlyingAllowanceBefore // deposit doesn't exceed allowance + ); + + // effects + assert success => ( + to_mathint(balanceOf(receiver)) == balanceBefore + amount && + to_mathint(totalSupply()) == supplyBefore + amount && + to_mathint(underlyingBalanceOf(currentContract)) == wrapperUnderlyingBalanceBefore + amount && + to_mathint(underlyingBalanceOf(sender)) == senderUnderlyingBalanceBefore - amount + ); + + // no side effect + assert underlyingTotalSupply() == underlyingSupplyBefore; + assert balanceOf(other) != otherBalanceBefore => other == receiver; + assert underlyingBalanceOf(other) != otherUnderlyingBalanceBefore => (other == sender || other == currentContract); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: withdrawTo liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule withdrawTo(env e) { + require nonpayable(e); + + address sender = e.msg.sender; + address receiver; + address other; + uint256 amount; + + // sanity + requireInvariant noSelfWrap; + requireInvariant totalSupplyIsSumOfBalances; + requireInvariant totalSupplyIsSmallerThanUnderlyingBalance; + require sumOfUnderlyingBalancesLowerThanUnderlyingSupply(currentContract, receiver); + + uint256 balanceBefore = balanceOf(sender); + uint256 supplyBefore = totalSupply(); + uint256 receiverUnderlyingBalanceBefore = underlyingBalanceOf(receiver); + uint256 wrapperUnderlyingBalanceBefore = underlyingBalanceOf(currentContract); + uint256 underlyingSupplyBefore = underlyingTotalSupply(); + + uint256 otherBalanceBefore = balanceOf(other); + uint256 otherUnderlyingBalanceBefore = underlyingBalanceOf(other); + + withdrawTo@withrevert(e, receiver, amount); + bool success = !lastReverted; + + // liveness + assert success <=> ( + sender != 0 && // invalid sender + receiver != currentContract && // invalid receiver + receiver != 0 && // invalid receiver + amount <= balanceBefore // withdraw doesn't exceed balance + ); + + // effects + assert success => ( + to_mathint(balanceOf(sender)) == balanceBefore - amount && + to_mathint(totalSupply()) == supplyBefore - amount && + to_mathint(underlyingBalanceOf(currentContract)) == wrapperUnderlyingBalanceBefore - (currentContract != receiver ? amount : 0) && + to_mathint(underlyingBalanceOf(receiver)) == receiverUnderlyingBalanceBefore + (currentContract != receiver ? amount : 0) + ); + + // no side effect + assert underlyingTotalSupply() == underlyingSupplyBefore; + assert balanceOf(other) != otherBalanceBefore => other == sender; + assert underlyingBalanceOf(other) != otherUnderlyingBalanceBefore => (other == receiver || other == currentContract); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: recover liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule recover(env e) { + require nonpayable(e); + + address receiver; + address other; + + // sanity + requireInvariant noSelfWrap; + requireInvariant totalSupplyIsSumOfBalances; + requireInvariant totalSupplyIsSmallerThanUnderlyingBalance; + + mathint value = underlyingBalanceOf(currentContract) - totalSupply(); + uint256 supplyBefore = totalSupply(); + uint256 balanceBefore = balanceOf(receiver); + + uint256 otherBalanceBefore = balanceOf(other); + uint256 otherUnderlyingBalanceBefore = underlyingBalanceOf(other); + + recover@withrevert(e, receiver); + bool success = !lastReverted; + + // liveness + assert success <=> receiver != 0; + + // effect + assert success => ( + to_mathint(balanceOf(receiver)) == balanceBefore + value && + to_mathint(totalSupply()) == supplyBefore + value && + totalSupply() == underlyingBalanceOf(currentContract) + ); + + // no side effect + assert underlyingBalanceOf(other) == otherUnderlyingBalanceBefore; + assert balanceOf(other) != otherBalanceBefore => other == receiver; +} diff --git a/dependencies/@openzeppelin/certora/specs/ERC721.spec b/dependencies/@openzeppelin/certora/specs/ERC721.spec new file mode 100644 index 00000000..bad4c473 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/ERC721.spec @@ -0,0 +1,679 @@ +import "helpers/helpers.spec"; +import "methods/IERC721.spec"; +import "methods/IERC721Receiver.spec"; + +methods { + // exposed for FV + function mint(address,uint256) external; + function safeMint(address,uint256) external; + function safeMint(address,uint256,bytes) external; + function burn(uint256) external; + + function unsafeOwnerOf(uint256) external returns (address) envfree; + function unsafeGetApproved(uint256) external returns (address) envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ + +definition authSanity(env e) returns bool = e.msg.sender != 0; + +// Could be broken in theory, but not in practice +definition balanceLimited(address account) returns bool = balanceOf(account) < max_uint256; + +function helperTransferWithRevert(env e, method f, address from, address to, uint256 tokenId) { + if (f.selector == sig:transferFrom(address,address,uint256).selector) { + transferFrom@withrevert(e, from, to, tokenId); + } else if (f.selector == sig:safeTransferFrom(address,address,uint256).selector) { + safeTransferFrom@withrevert(e, from, to, tokenId); + } else if (f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector) { + bytes params; + require params.length < 0xffff; + safeTransferFrom@withrevert(e, from, to, tokenId, params); + } else { + calldataarg args; + f@withrevert(e, args); + } +} + +function helperMintWithRevert(env e, method f, address to, uint256 tokenId) { + if (f.selector == sig:mint(address,uint256).selector) { + mint@withrevert(e, to, tokenId); + } else if (f.selector == sig:safeMint(address,uint256).selector) { + safeMint@withrevert(e, to, tokenId); + } else if (f.selector == sig:safeMint(address,uint256,bytes).selector) { + bytes params; + require params.length < 0xffff; + safeMint@withrevert(e, to, tokenId, params); + } else { + require false; + } +} + +function helperSoundFnCall(env e, method f) { + if (f.selector == sig:mint(address,uint256).selector) { + address to; uint256 tokenId; + require balanceLimited(to); + requireInvariant notMintedUnset(tokenId); + mint(e, to, tokenId); + } else if (f.selector == sig:safeMint(address,uint256).selector) { + address to; uint256 tokenId; + require balanceLimited(to); + requireInvariant notMintedUnset(tokenId); + safeMint(e, to, tokenId); + } else if (f.selector == sig:safeMint(address,uint256,bytes).selector) { + address to; uint256 tokenId; bytes data; + require data.length < 0xffff; + require balanceLimited(to); + requireInvariant notMintedUnset(tokenId); + safeMint(e, to, tokenId, data); + } else if (f.selector == sig:burn(uint256).selector) { + uint256 tokenId; + requireInvariant ownerHasBalance(tokenId); + requireInvariant notMintedUnset(tokenId); + burn(e, tokenId); + } else if (f.selector == sig:transferFrom(address,address,uint256).selector) { + address from; address to; uint256 tokenId; + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant notMintedUnset(tokenId); + transferFrom(e, from, to, tokenId); + } else if (f.selector == sig:safeTransferFrom(address,address,uint256).selector) { + address from; address to; uint256 tokenId; + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant notMintedUnset(tokenId); + safeTransferFrom(e, from, to, tokenId); + } else if (f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector) { + address from; address to; uint256 tokenId; bytes data; + require data.length < 0xffff; + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant notMintedUnset(tokenId); + safeTransferFrom(e, from, to, tokenId, data); + } else { + calldataarg args; + f(e, args); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Ghost & hooks: ownership count β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +ghost mathint _ownedTotal { + init_state axiom _ownedTotal == 0; +} + +ghost mapping(address => mathint) _ownedByUser { + init_state axiom forall address a. _ownedByUser[a] == 0; +} + +hook Sstore _owners[KEY uint256 tokenId] address newOwner (address oldOwner) STORAGE { + _ownedByUser[newOwner] = _ownedByUser[newOwner] + to_mathint(newOwner != 0 ? 1 : 0); + _ownedByUser[oldOwner] = _ownedByUser[oldOwner] - to_mathint(oldOwner != 0 ? 1 : 0); + _ownedTotal = _ownedTotal + to_mathint(newOwner != 0 ? 1 : 0) - to_mathint(oldOwner != 0 ? 1 : 0); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Ghost & hooks: sum of all balances β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +ghost mathint _supply { + init_state axiom _supply == 0; +} + +ghost mapping(address => mathint) _balances { + init_state axiom forall address a. _balances[a] == 0; +} + +hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) STORAGE { + _supply = _supply - oldValue + newValue; +} + +// TODO: This used to not be necessary. We should try to remove it. In order to do so, we will probably need to add +// many "preserved" directive that require the "balanceOfConsistency" invariant on the accounts involved. +hook Sload uint256 value _balances[KEY address user] STORAGE { + require _balances[user] == to_mathint(value); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: number of owned tokens is the sum of all balances β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant ownedTotalIsSumOfBalances() + _ownedTotal == _supply + { + preserved mint(address to, uint256 tokenId) with (env e) { + require balanceLimited(to); + } + preserved safeMint(address to, uint256 tokenId) with (env e) { + require balanceLimited(to); + } + preserved safeMint(address to, uint256 tokenId, bytes data) with (env e) { + require balanceLimited(to); + } + preserved burn(uint256 tokenId) with (env e) { + requireInvariant ownerHasBalance(tokenId); + requireInvariant balanceOfConsistency(ownerOf(tokenId)); + } + preserved transferFrom(address from, address to, uint256 tokenId) with (env e) { + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant balanceOfConsistency(from); + requireInvariant balanceOfConsistency(to); + } + preserved safeTransferFrom(address from, address to, uint256 tokenId) with (env e) { + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant balanceOfConsistency(from); + requireInvariant balanceOfConsistency(to); + } + preserved safeTransferFrom(address from, address to, uint256 tokenId, bytes data) with (env e) { + require balanceLimited(to); + requireInvariant ownerHasBalance(tokenId); + requireInvariant balanceOfConsistency(from); + requireInvariant balanceOfConsistency(to); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: balanceOf is the number of tokens owned β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant balanceOfConsistency(address user) + to_mathint(balanceOf(user)) == _ownedByUser[user] && + to_mathint(balanceOf(user)) == _balances[user] + { + preserved { + require balanceLimited(user); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: owner of a token must have some balance β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant ownerHasBalance(uint256 tokenId) + balanceOf(ownerOf(tokenId)) > 0 + { + preserved { + requireInvariant balanceOfConsistency(ownerOf(tokenId)); + require balanceLimited(ownerOf(tokenId)); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: balance of address(0) is 0 β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule zeroAddressBalanceRevert() { + balanceOf@withrevert(0); + assert lastReverted; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: address(0) has no authorized operator β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant zeroAddressHasNoApprovedOperator(address a) + !isApprovedForAll(0, a) + { + preserved with (env e) { + require nonzerosender(e); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: tokens that do not exist are not owned and not approved β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant notMintedUnset(uint256 tokenId) + unsafeOwnerOf(tokenId) == 0 => unsafeGetApproved(tokenId) == 0; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: unsafeOwnerOf and unsafeGetApproved don't revert + ownerOf and getApproved revert if token does not exist β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule notMintedRevert(uint256 tokenId) { + requireInvariant notMintedUnset(tokenId); + + address _owner = unsafeOwnerOf@withrevert(tokenId); + assert !lastReverted; + + address _approved = unsafeGetApproved@withrevert(tokenId); + assert !lastReverted; + + address owner = ownerOf@withrevert(tokenId); + assert lastReverted <=> _owner == 0; + assert !lastReverted => _owner == owner; + + address approved = getApproved@withrevert(tokenId); + assert lastReverted <=> _owner == 0; + assert !lastReverted => _approved == approved; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: total supply can only change through mint and burn β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule supplyChange(env e) { + require nonzerosender(e); + requireInvariant zeroAddressHasNoApprovedOperator(e.msg.sender); + + mathint supplyBefore = _supply; + method f; helperSoundFnCall(e, f); + mathint supplyAfter = _supply; + + assert supplyAfter > supplyBefore => ( + supplyAfter == supplyBefore + 1 && + ( + f.selector == sig:mint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256,bytes).selector + ) + ); + assert supplyAfter < supplyBefore => ( + supplyAfter == supplyBefore - 1 && + f.selector == sig:burn(uint256).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: balanceOf can only change through mint, burn or transfers. balanceOf cannot change by more than 1. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule balanceChange(env e, address account) { + requireInvariant balanceOfConsistency(account); + require balanceLimited(account); + + mathint balanceBefore = balanceOf(account); + method f; helperSoundFnCall(e, f); + mathint balanceAfter = balanceOf(account); + + // balance can change by at most 1 + assert balanceBefore != balanceAfter => ( + balanceAfter == balanceBefore - 1 || + balanceAfter == balanceBefore + 1 + ); + + // only selected function can change balances + assert balanceBefore != balanceAfter => ( + f.selector == sig:transferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector || + f.selector == sig:mint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256,bytes).selector || + f.selector == sig:burn(uint256).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: ownership can only change through mint, burn or transfers. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule ownershipChange(env e, uint256 tokenId) { + require nonzerosender(e); + requireInvariant zeroAddressHasNoApprovedOperator(e.msg.sender); + + address ownerBefore = unsafeOwnerOf(tokenId); + method f; helperSoundFnCall(e, f); + address ownerAfter = unsafeOwnerOf(tokenId); + + assert ownerBefore == 0 && ownerAfter != 0 => ( + f.selector == sig:mint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256,bytes).selector + ); + + assert ownerBefore != 0 && ownerAfter == 0 => ( + f.selector == sig:burn(uint256).selector + ); + + assert (ownerBefore != ownerAfter && ownerBefore != 0 && ownerAfter != 0) => ( + f.selector == sig:transferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: token approval can only change through approve or transfers (implicitly). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule approvalChange(env e, uint256 tokenId) { + address approvalBefore = unsafeGetApproved(tokenId); + method f; helperSoundFnCall(e, f); + address approvalAfter = unsafeGetApproved(tokenId); + + // approve can set any value, other functions reset + assert approvalBefore != approvalAfter => ( + f.selector == sig:approve(address,uint256).selector || + ( + ( + f.selector == sig:transferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector || + f.selector == sig:burn(uint256).selector + ) && approvalAfter == 0 + ) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: approval for all tokens can only change through isApprovedForAll. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule approvedForAllChange(env e, address owner, address spender) { + bool approvedForAllBefore = isApprovedForAll(owner, spender); + method f; helperSoundFnCall(e, f); + bool approvedForAllAfter = isApprovedForAll(owner, spender); + + assert approvedForAllBefore != approvedForAllAfter => f.selector == sig:setApprovalForAll(address,bool).selector; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: transferFrom behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule transferFrom(env e, address from, address to, uint256 tokenId) { + require nonpayable(e); + require authSanity(e); + + address operator = e.msg.sender; + uint256 otherTokenId; + address otherAccount; + + requireInvariant ownerHasBalance(tokenId); + require balanceLimited(to); + + uint256 balanceOfFromBefore = balanceOf(from); + uint256 balanceOfToBefore = balanceOf(to); + uint256 balanceOfOtherBefore = balanceOf(otherAccount); + address ownerBefore = unsafeOwnerOf(tokenId); + address otherOwnerBefore = unsafeOwnerOf(otherTokenId); + address approvalBefore = unsafeGetApproved(tokenId); + address otherApprovalBefore = unsafeGetApproved(otherTokenId); + + transferFrom@withrevert(e, from, to, tokenId); + bool success = !lastReverted; + + // liveness + assert success <=> ( + from == ownerBefore && + from != 0 && + to != 0 && + (operator == from || operator == approvalBefore || isApprovedForAll(ownerBefore, operator)) + ); + + // effect + assert success => ( + to_mathint(balanceOf(from)) == balanceOfFromBefore - assert_uint256(from != to ? 1 : 0) && + to_mathint(balanceOf(to)) == balanceOfToBefore + assert_uint256(from != to ? 1 : 0) && + unsafeOwnerOf(tokenId) == to && + unsafeGetApproved(tokenId) == 0 + ); + + // no side effect + assert balanceOf(otherAccount) != balanceOfOtherBefore => (otherAccount == from || otherAccount == to); + assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId; + assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: safeTransferFrom behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule safeTransferFrom(env e, method f, address from, address to, uint256 tokenId) filtered { f -> + f.selector == sig:safeTransferFrom(address,address,uint256).selector || + f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector +} { + require nonpayable(e); + require authSanity(e); + + address operator = e.msg.sender; + uint256 otherTokenId; + address otherAccount; + + requireInvariant ownerHasBalance(tokenId); + require balanceLimited(to); + + uint256 balanceOfFromBefore = balanceOf(from); + uint256 balanceOfToBefore = balanceOf(to); + uint256 balanceOfOtherBefore = balanceOf(otherAccount); + address ownerBefore = unsafeOwnerOf(tokenId); + address otherOwnerBefore = unsafeOwnerOf(otherTokenId); + address approvalBefore = unsafeGetApproved(tokenId); + address otherApprovalBefore = unsafeGetApproved(otherTokenId); + + helperTransferWithRevert(e, f, from, to, tokenId); + bool success = !lastReverted; + + assert success <=> ( + from == ownerBefore && + from != 0 && + to != 0 && + (operator == from || operator == approvalBefore || isApprovedForAll(ownerBefore, operator)) + ); + + // effect + assert success => ( + to_mathint(balanceOf(from)) == balanceOfFromBefore - assert_uint256(from != to ? 1: 0) && + to_mathint(balanceOf(to)) == balanceOfToBefore + assert_uint256(from != to ? 1: 0) && + unsafeOwnerOf(tokenId) == to && + unsafeGetApproved(tokenId) == 0 + ); + + // no side effect + assert balanceOf(otherAccount) != balanceOfOtherBefore => (otherAccount == from || otherAccount == to); + assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId; + assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: mint behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule mint(env e, address to, uint256 tokenId) { + require nonpayable(e); + requireInvariant notMintedUnset(tokenId); + + uint256 otherTokenId; + address otherAccount; + + require balanceLimited(to); + + mathint supplyBefore = _supply; + uint256 balanceOfToBefore = balanceOf(to); + uint256 balanceOfOtherBefore = balanceOf(otherAccount); + address ownerBefore = unsafeOwnerOf(tokenId); + address otherOwnerBefore = unsafeOwnerOf(otherTokenId); + + mint@withrevert(e, to, tokenId); + bool success = !lastReverted; + + // liveness + assert success <=> ( + ownerBefore == 0 && + to != 0 + ); + + // effect + assert success => ( + _supply == supplyBefore + 1 && + to_mathint(balanceOf(to)) == balanceOfToBefore + 1 && + unsafeOwnerOf(tokenId) == to + ); + + // no side effect + assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == to; + assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: safeMint behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule safeMint(env e, method f, address to, uint256 tokenId) filtered { f -> + f.selector == sig:safeMint(address,uint256).selector || + f.selector == sig:safeMint(address,uint256,bytes).selector +} { + require nonpayable(e); + requireInvariant notMintedUnset(tokenId); + + uint256 otherTokenId; + address otherAccount; + + require balanceLimited(to); + + mathint supplyBefore = _supply; + uint256 balanceOfToBefore = balanceOf(to); + uint256 balanceOfOtherBefore = balanceOf(otherAccount); + address ownerBefore = unsafeOwnerOf(tokenId); + address otherOwnerBefore = unsafeOwnerOf(otherTokenId); + + helperMintWithRevert(e, f, to, tokenId); + bool success = !lastReverted; + + assert success <=> ( + ownerBefore == 0 && + to != 0 + ); + + // effect + assert success => ( + _supply == supplyBefore + 1 && + to_mathint(balanceOf(to)) == balanceOfToBefore + 1 && + unsafeOwnerOf(tokenId) == to + ); + + // no side effect + assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == to; + assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: burn behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule burn(env e, uint256 tokenId) { + require nonpayable(e); + + address from = unsafeOwnerOf(tokenId); + uint256 otherTokenId; + address otherAccount; + + requireInvariant ownerHasBalance(tokenId); + + mathint supplyBefore = _supply; + uint256 balanceOfFromBefore = balanceOf(from); + uint256 balanceOfOtherBefore = balanceOf(otherAccount); + address ownerBefore = unsafeOwnerOf(tokenId); + address otherOwnerBefore = unsafeOwnerOf(otherTokenId); + address otherApprovalBefore = unsafeGetApproved(otherTokenId); + + burn@withrevert(e, tokenId); + bool success = !lastReverted; + + // liveness + assert success <=> ( + ownerBefore != 0 + ); + + // effect + assert success => ( + _supply == supplyBefore - 1 && + to_mathint(balanceOf(from)) == balanceOfFromBefore - 1 && + unsafeOwnerOf(tokenId) == 0 && + unsafeGetApproved(tokenId) == 0 + ); + + // no side effect + assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == from; + assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId; + assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: approve behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule approve(env e, address spender, uint256 tokenId) { + require nonpayable(e); + require authSanity(e); + + address caller = e.msg.sender; + address owner = unsafeOwnerOf(tokenId); + uint256 otherTokenId; + + address otherApprovalBefore = unsafeGetApproved(otherTokenId); + + approve@withrevert(e, spender, tokenId); + bool success = !lastReverted; + + // liveness + assert success <=> ( + owner != 0 && + (owner == caller || isApprovedForAll(owner, caller)) + ); + + // effect + assert success => unsafeGetApproved(tokenId) == spender; + + // no side effect + assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: setApprovalForAll behavior and side effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule setApprovalForAll(env e, address operator, bool approved) { + require nonpayable(e); + + address owner = e.msg.sender; + address otherOwner; + address otherOperator; + + bool otherIsApprovedForAllBefore = isApprovedForAll(otherOwner, otherOperator); + + setApprovalForAll@withrevert(e, operator, approved); + bool success = !lastReverted; + + // liveness + assert success <=> operator != 0; + + // effect + assert success => isApprovedForAll(owner, operator) == approved; + + // no side effect + assert isApprovedForAll(otherOwner, otherOperator) != otherIsApprovedForAllBefore => ( + otherOwner == owner && + otherOperator == operator + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/EnumerableMap.spec b/dependencies/@openzeppelin/certora/specs/EnumerableMap.spec new file mode 100644 index 00000000..1801d99f --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/EnumerableMap.spec @@ -0,0 +1,333 @@ +import "helpers/helpers.spec"; + +methods { + // library + function set(bytes32,bytes32) external returns (bool) envfree; + function remove(bytes32) external returns (bool) envfree; + function contains(bytes32) external returns (bool) envfree; + function length() external returns (uint256) envfree; + function key_at(uint256) external returns (bytes32) envfree; + function value_at(uint256) external returns (bytes32) envfree; + function tryGet_contains(bytes32) external returns (bool) envfree; + function tryGet_value(bytes32) external returns (bytes32) envfree; + function get(bytes32) external returns (bytes32) envfree; + + // FV + function _positionOf(bytes32) external returns (uint256) envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition sanity() returns bool = + length() < max_uint256; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: the value mapping is empty for keys that are not in the EnumerableMap. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant noValueIfNotContained(bytes32 key) + !contains(key) => tryGet_value(key) == to_bytes32(0) + { + preserved set(bytes32 otherKey, bytes32 someValue) { + require sanity(); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: All indexed keys are contained β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant indexedContained(uint256 index) + index < length() => contains(key_at(index)) + { + preserved { + requireInvariant consistencyIndex(index); + requireInvariant consistencyIndex(require_uint256(length() - 1)); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: A value can only be stored at a single location β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant atUniqueness(uint256 index1, uint256 index2) + index1 == index2 <=> key_at(index1) == key_at(index2) + { + preserved remove(bytes32 key) { + requireInvariant atUniqueness(index1, require_uint256(length() - 1)); + requireInvariant atUniqueness(index2, require_uint256(length() - 1)); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: index <> value relationship is consistent β”‚ +β”‚ β”‚ +β”‚ Note that the two consistencyXxx invariants, put together, prove that at_ and _positionOf are inverse of one β”‚ +β”‚ another. This proves that we have a bijection between indices (the enumerability part) and keys (the entries that β”‚ +β”‚ are set and removed from the EnumerableMap). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant consistencyIndex(uint256 index) + index < length() => to_mathint(_positionOf(key_at(index))) == index + 1 + { + preserved remove(bytes32 key) { + requireInvariant consistencyIndex(require_uint256(length() - 1)); + } + } + +invariant consistencyKey(bytes32 key) + contains(key) => ( + _positionOf(key) > 0 && + _positionOf(key) <= length() && + key_at(require_uint256(_positionOf(key) - 1)) == key + ) + { + preserved remove(bytes32 otherKey) { + requireInvariant consistencyKey(otherKey); + requireInvariant atUniqueness( + require_uint256(_positionOf(key) - 1), + require_uint256(_positionOf(otherKey) - 1) + ); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: state only changes by setting or removing elements β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule stateChange(env e, bytes32 key) { + require sanity(); + requireInvariant consistencyKey(key); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + bytes32 valueBefore = tryGet_value(key); + + method f; + calldataarg args; + f(e, args); + + uint256 lengthAfter = length(); + bool containsAfter = contains(key); + bytes32 valueAfter = tryGet_value(key); + + assert lengthBefore != lengthAfter => ( + (f.selector == sig:set(bytes32,bytes32).selector && to_mathint(lengthAfter) == lengthBefore + 1) || + (f.selector == sig:remove(bytes32).selector && to_mathint(lengthAfter) == lengthBefore - 1) + ); + + assert containsBefore != containsAfter => ( + (f.selector == sig:set(bytes32,bytes32).selector && containsAfter) || + (f.selector == sig:remove(bytes32).selector && !containsAfter) + ); + + assert valueBefore != valueAfter => ( + (f.selector == sig:set(bytes32,bytes32).selector && containsAfter) || + (f.selector == sig:remove(bytes32).selector && !containsAfter && valueAfter == to_bytes32(0)) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: check liveness of view functions. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule liveness_1(bytes32 key) { + requireInvariant consistencyKey(key); + + // contains never revert + bool contains = contains@withrevert(key); + assert !lastReverted; + + // tryGet never reverts (key) + tryGet_contains@withrevert(key); + assert !lastReverted; + + // tryGet never reverts (value) + tryGet_value@withrevert(key); + assert !lastReverted; + + // get reverts iff the key is not in the map + get@withrevert(key); + assert !lastReverted <=> contains; +} + +rule liveness_2(uint256 index) { + requireInvariant consistencyIndex(index); + + // length never revert + uint256 length = length@withrevert(); + assert !lastReverted; + + // key_at reverts iff the index is out of bound + key_at@withrevert(index); + assert !lastReverted <=> index < length; + + // value_at reverts iff the index is out of bound + value_at@withrevert(index); + assert !lastReverted <=> index < length; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: get and tryGet return the expected values. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule getAndTryGet(bytes32 key) { + requireInvariant noValueIfNotContained(key); + + bool contained = contains(key); + bool tryContained = tryGet_contains(key); + bytes32 tryValue = tryGet_value(key); + bytes32 value = get@withrevert(key); // revert is not contained + + assert contained == tryContained; + assert contained => tryValue == value; + assert !contained => tryValue == to_bytes32(0); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: set key-value in EnumerableMap β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule set(bytes32 key, bytes32 value, bytes32 otherKey) { + require sanity(); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + bool containsOtherBefore = contains(otherKey); + bytes32 otherValueBefore = tryGet_value(otherKey); + + bool added = set@withrevert(key, value); + bool success = !lastReverted; + + assert success && contains(key) && get(key) == value, + "liveness & immediate effect"; + + assert added <=> !containsBefore, + "return value: added iff not contained"; + + assert to_mathint(length()) == lengthBefore + to_mathint(added ? 1 : 0), + "effect: length increases iff added"; + + assert added => (key_at(lengthBefore) == key && value_at(lengthBefore) == value), + "effect: add at the end"; + + assert containsOtherBefore != contains(otherKey) => (added && key == otherKey), + "side effect: other keys are not affected"; + + assert otherValueBefore != tryGet_value(otherKey) => key == otherKey, + "side effect: values attached to other keys are not affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: remove key from EnumerableMap β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule remove(bytes32 key, bytes32 otherKey) { + requireInvariant consistencyKey(key); + requireInvariant consistencyKey(otherKey); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + bool containsOtherBefore = contains(otherKey); + bytes32 otherValueBefore = tryGet_value(otherKey); + + bool removed = remove@withrevert(key); + bool success = !lastReverted; + + assert success && !contains(key), + "liveness & immediate effect"; + + assert removed <=> containsBefore, + "return value: removed iff contained"; + + assert to_mathint(length()) == lengthBefore - to_mathint(removed ? 1 : 0), + "effect: length decreases iff removed"; + + assert containsOtherBefore != contains(otherKey) => (removed && key == otherKey), + "side effect: other keys are not affected"; + + assert otherValueBefore != tryGet_value(otherKey) => key == otherKey, + "side effect: values attached to other keys are not affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: when adding a new key, the other keys remain in set, at the same index. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule setEnumerability(bytes32 key, bytes32 value, uint256 index) { + require sanity(); + + bytes32 atKeyBefore = key_at(index); + bytes32 atValueBefore = value_at(index); + + set(key, value); + + bytes32 atKeyAfter = key_at@withrevert(index); + assert !lastReverted; + + bytes32 atValueAfter = value_at@withrevert(index); + assert !lastReverted; + + assert atKeyAfter == atKeyBefore; + assert atValueAfter != atValueBefore => ( + key == atKeyBefore && + value == atValueAfter + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: when removing a existing key, the other keys remain in set, at the same index (except for the last one). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule removeEnumerability(bytes32 key, uint256 index) { + uint256 last = require_uint256(length() - 1); + + requireInvariant consistencyKey(key); + requireInvariant consistencyIndex(index); + requireInvariant consistencyIndex(last); + + bytes32 atKeyBefore = key_at(index); + bytes32 atValueBefore = value_at(index); + bytes32 lastKeyBefore = key_at(last); + bytes32 lastValueBefore = value_at(last); + + remove(key); + + // can't read last value & keys (length decreased) + bytes32 atKeyAfter = key_at@withrevert(index); + assert lastReverted <=> index == last; + + bytes32 atValueAfter = value_at@withrevert(index); + assert lastReverted <=> index == last; + + // One value that is allowed to change is if previous value was removed, + // in that case the last value before took its place. + assert ( + index != last && + atKeyBefore != atKeyAfter + ) => ( + atKeyBefore == key && + atKeyAfter == lastKeyBefore + ); + + assert ( + index != last && + atValueBefore != atValueAfter + ) => ( + atValueAfter == lastValueBefore + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/EnumerableSet.spec b/dependencies/@openzeppelin/certora/specs/EnumerableSet.spec new file mode 100644 index 00000000..94d0a918 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/EnumerableSet.spec @@ -0,0 +1,246 @@ +import "helpers/helpers.spec"; + +methods { + // library + function add(bytes32) external returns (bool) envfree; + function remove(bytes32) external returns (bool) envfree; + function contains(bytes32) external returns (bool) envfree; + function length() external returns (uint256) envfree; + function at_(uint256) external returns (bytes32) envfree; + + // FV + function _positionOf(bytes32) external returns (uint256) envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition sanity() returns bool = + length() < max_uint256; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: All indexed keys are contained β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant indexedContained(uint256 index) + index < length() => contains(at_(index)) + { + preserved { + requireInvariant consistencyIndex(index); + requireInvariant consistencyIndex(require_uint256(length() - 1)); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: A value can only be stored at a single location β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant atUniqueness(uint256 index1, uint256 index2) + index1 == index2 <=> at_(index1) == at_(index2) + { + preserved remove(bytes32 key) { + requireInvariant atUniqueness(index1, require_uint256(length() - 1)); + requireInvariant atUniqueness(index2, require_uint256(length() - 1)); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: index <> key relationship is consistent β”‚ +β”‚ β”‚ +β”‚ Note that the two consistencyXxx invariants, put together, prove that at_ and _positionOf are inverse of one β”‚ +β”‚ another. This proves that we have a bijection between indices (the enumerability part) and keys (the entries that β”‚ +β”‚ are added and removed from the EnumerableSet). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant consistencyIndex(uint256 index) + index < length() => _positionOf(at_(index)) == require_uint256(index + 1) + { + preserved remove(bytes32 key) { + requireInvariant consistencyIndex(require_uint256(length() - 1)); + } + } + +invariant consistencyKey(bytes32 key) + contains(key) => ( + _positionOf(key) > 0 && + _positionOf(key) <= length() && + at_(require_uint256(_positionOf(key) - 1)) == key + ) + { + preserved remove(bytes32 otherKey) { + requireInvariant consistencyKey(otherKey); + requireInvariant atUniqueness( + require_uint256(_positionOf(key) - 1), + require_uint256(_positionOf(otherKey) - 1) + ); + } + } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: state only changes by adding or removing elements β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule stateChange(env e, bytes32 key) { + require sanity(); + requireInvariant consistencyKey(key); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + + method f; + calldataarg args; + f(e, args); + + uint256 lengthAfter = length(); + bool containsAfter = contains(key); + + assert lengthBefore != lengthAfter => ( + (f.selector == sig:add(bytes32).selector && lengthAfter == require_uint256(lengthBefore + 1)) || + (f.selector == sig:remove(bytes32).selector && lengthAfter == require_uint256(lengthBefore - 1)) + ); + + assert containsBefore != containsAfter => ( + (f.selector == sig:add(bytes32).selector && containsAfter) || + (f.selector == sig:remove(bytes32).selector && containsBefore) + ); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: check liveness of view functions. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule liveness_1(bytes32 key) { + requireInvariant consistencyKey(key); + + // contains never revert + contains@withrevert(key); + assert !lastReverted; +} + +rule liveness_2(uint256 index) { + requireInvariant consistencyIndex(index); + + // length never revert + uint256 length = length@withrevert(); + assert !lastReverted; + + // at reverts iff the index is out of bound + at_@withrevert(index); + assert !lastReverted <=> index < length; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: add key to EnumerableSet if not already contained β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule add(bytes32 key, bytes32 otherKey) { + require sanity(); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + bool containsOtherBefore = contains(otherKey); + + bool added = add@withrevert(key); + bool success = !lastReverted; + + assert success && contains(key), + "liveness & immediate effect"; + + assert added <=> !containsBefore, + "return value: added iff not contained"; + + assert length() == require_uint256(lengthBefore + to_mathint(added ? 1 : 0)), + "effect: length increases iff added"; + + assert added => at_(lengthBefore) == key, + "effect: add at the end"; + + assert containsOtherBefore != contains(otherKey) => (added && key == otherKey), + "side effect: other keys are not affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: remove key from EnumerableSet if already contained β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule remove(bytes32 key, bytes32 otherKey) { + requireInvariant consistencyKey(key); + requireInvariant consistencyKey(otherKey); + + uint256 lengthBefore = length(); + bool containsBefore = contains(key); + bool containsOtherBefore = contains(otherKey); + + bool removed = remove@withrevert(key); + bool success = !lastReverted; + + assert success && !contains(key), + "liveness & immediate effect"; + + assert removed <=> containsBefore, + "return value: removed iff contained"; + + assert length() == require_uint256(lengthBefore - to_mathint(removed ? 1 : 0)), + "effect: length decreases iff removed"; + + assert containsOtherBefore != contains(otherKey) => (removed && key == otherKey), + "side effect: other keys are not affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: when adding a new key, the other keys remain in set, at the same index. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule addEnumerability(bytes32 key, uint256 index) { + require sanity(); + + bytes32 atBefore = at_(index); + add(key); + bytes32 atAfter = at_@withrevert(index); + bool atAfterSuccess = !lastReverted; + + assert atAfterSuccess; + assert atBefore == atAfter; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: when removing a existing key, the other keys remain in set, at the same index (except for the last one). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule removeEnumerability(bytes32 key, uint256 index) { + uint256 last = require_uint256(length() - 1); + + requireInvariant consistencyKey(key); + requireInvariant consistencyIndex(index); + requireInvariant consistencyIndex(last); + + bytes32 atBefore = at_(index); + bytes32 lastBefore = at_(last); + + remove(key); + + // can't read last value (length decreased) + bytes32 atAfter = at_@withrevert(index); + assert lastReverted <=> index == last; + + // One value that is allowed to change is if previous value was removed, + // in that case the last value before took its place. + assert ( + index != last && + atBefore != atAfter + ) => ( + atBefore == key && + atAfter == lastBefore + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/Initializable.spec b/dependencies/@openzeppelin/certora/specs/Initializable.spec new file mode 100644 index 00000000..07c2930c --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/Initializable.spec @@ -0,0 +1,165 @@ +import "helpers/helpers.spec"; + +methods { + // initialize, reinitialize, disable + function initialize() external envfree; + function reinitialize(uint64) external envfree; + function disable() external envfree; + + function nested_init_init() external envfree; + function nested_init_reinit(uint64) external envfree; + function nested_reinit_init(uint64) external envfree; + function nested_reinit_reinit(uint64,uint64) external envfree; + + // view + function version() external returns uint64 envfree; + function initializing() external returns bool envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Definitions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition isUninitialized() returns bool = version() == 0; +definition isInitialized() returns bool = version() > 0; +definition isDisabled() returns bool = version() == max_uint64; + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: A contract must only ever be in an initializing state while in the middle of a transaction execution. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant notInitializing() + !initializing(); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: The version cannot decrease & disable state is irrevocable. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule increasingVersion(env e) { + uint64 versionBefore = version(); + bool disabledBefore = isDisabled(); + + method f; calldataarg args; + f(e, args); + + assert versionBefore <= version(), "_initialized must only increase"; + assert disabledBefore => isDisabled(), "a disabled initializer must stay disabled"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Cannot initialize a contract that is already initialized. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cannotInitializeTwice() { + require isInitialized(); + + initialize@withrevert(); + + assert lastReverted, "contract must only be initialized once"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Cannot initialize once disabled. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cannotInitializeOnceDisabled() { + require isDisabled(); + + initialize@withrevert(); + + assert lastReverted, "contract is disabled"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Cannot reinitialize once disabled. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cannotReinitializeOnceDisabled() { + require isDisabled(); + + uint64 n; + reinitialize@withrevert(n); + + assert lastReverted, "contract is disabled"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Cannot nest initializers (after construction). β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cannotNestInitializers_init_init() { + nested_init_init@withrevert(); + assert lastReverted, "nested initializers"; +} + +rule cannotNestInitializers_init_reinit(uint64 m) { + nested_init_reinit@withrevert(m); + assert lastReverted, "nested initializers"; +} + +rule cannotNestInitializers_reinit_init(uint64 n) { + nested_reinit_init@withrevert(n); + assert lastReverted, "nested initializers"; +} + +rule cannotNestInitializers_reinit_reinit(uint64 n, uint64 m) { + nested_reinit_reinit@withrevert(n, m); + assert lastReverted, "nested initializers"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Initialize correctly sets the version. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule initializeEffects() { + requireInvariant notInitializing(); + + bool isUninitializedBefore = isUninitialized(); + + initialize@withrevert(); + bool success = !lastReverted; + + assert success <=> isUninitializedBefore, "can only initialize uninitialized contracts"; + assert success => version() == 1, "initialize must set version() to 1"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Reinitialize correctly sets the version. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule reinitializeEffects() { + requireInvariant notInitializing(); + + uint64 versionBefore = version(); + + uint64 n; + reinitialize@withrevert(n); + bool success = !lastReverted; + + assert success <=> versionBefore < n, "can only reinitialize to a latter versions"; + assert success => version() == n, "reinitialize must set version() to n"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: Can disable. β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule disableEffect() { + requireInvariant notInitializing(); + + disable@withrevert(); + bool success = !lastReverted; + + assert success, "call to _disableInitializers failed"; + assert isDisabled(), "disable state not set"; +} diff --git a/dependencies/@openzeppelin/certora/specs/Nonces.spec b/dependencies/@openzeppelin/certora/specs/Nonces.spec new file mode 100644 index 00000000..4647c5c8 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/Nonces.spec @@ -0,0 +1,92 @@ +import "helpers/helpers.spec"; + +methods { + function nonces(address) external returns (uint256) envfree; + function useNonce(address) external returns (uint256) envfree; + function useCheckedNonce(address,uint256) external envfree; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +function nonceSanity(address account) returns bool { + return nonces(account) < max_uint256; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: useNonce uses nonce β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule useNonce(address account) { + require nonceSanity(account); + + address other; + + mathint nonceBefore = nonces(account); + mathint otherNonceBefore = nonces(other); + + mathint nonceUsed = useNonce@withrevert(account); + bool success = !lastReverted; + + mathint nonceAfter = nonces(account); + mathint otherNonceAfter = nonces(other); + + // liveness + assert success, "doesn't revert"; + + // effect + assert nonceAfter == nonceBefore + 1 && nonceBefore == nonceUsed, "nonce is used"; + + // no side effect + assert otherNonceBefore != otherNonceAfter => other == account, "no other nonce is used"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: useCheckedNonce uses only the current nonce β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule useCheckedNonce(address account, uint256 currentNonce) { + require nonceSanity(account); + + address other; + + mathint nonceBefore = nonces(account); + mathint otherNonceBefore = nonces(other); + + useCheckedNonce@withrevert(account, currentNonce); + bool success = !lastReverted; + + mathint nonceAfter = nonces(account); + mathint otherNonceAfter = nonces(other); + + // liveness + assert success <=> to_mathint(currentNonce) == nonceBefore, "works iff current nonce is correct"; + + // effect + assert success => nonceAfter == nonceBefore + 1, "nonce is used"; + + // no side effect + assert otherNonceBefore != otherNonceAfter => other == account, "no other nonce is used"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: nonce only increments β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule nonceOnlyIncrements(address account) { + require nonceSanity(account); + + mathint nonceBefore = nonces(account); + + env e; method f; calldataarg args; + f(e, args); + + mathint nonceAfter = nonces(account); + + assert nonceAfter == nonceBefore || nonceAfter == nonceBefore + 1, "nonce only increments"; +} diff --git a/dependencies/@openzeppelin/certora/specs/Ownable.spec b/dependencies/@openzeppelin/certora/specs/Ownable.spec new file mode 100644 index 00000000..0d50813c --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/Ownable.spec @@ -0,0 +1,77 @@ +import "helpers/helpers.spec"; +import "methods/IOwnable.spec"; + +methods { + function restricted() external; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: transferOwnership changes ownership β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule transferOwnership(env e) { + require nonpayable(e); + + address newOwner; + address current = owner(); + + transferOwnership@withrevert(e, newOwner); + bool success = !lastReverted; + + assert success <=> (e.msg.sender == current && newOwner != 0), "unauthorized caller or invalid arg"; + assert success => owner() == newOwner, "current owner changed"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: renounceOwnership removes the owner β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule renounceOwnership(env e) { + require nonpayable(e); + + address current = owner(); + + renounceOwnership@withrevert(e); + bool success = !lastReverted; + + assert success <=> e.msg.sender == current, "unauthorized caller"; + assert success => owner() == 0, "owner not cleared"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Access control: only current owner can call restricted functions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyCurrentOwnerCanCallOnlyOwner(env e) { + require nonpayable(e); + + address current = owner(); + + calldataarg args; + restricted@withrevert(e, args); + + assert !lastReverted <=> e.msg.sender == current, "access control failed"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: ownership can only change in specific ways β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyOwnerOrPendingOwnerCanChangeOwnership(env e) { + address oldCurrent = owner(); + + method f; calldataarg args; + f(e, args); + + address newCurrent = owner(); + + // If owner changes, must be either transferOwnership or renounceOwnership + assert oldCurrent != newCurrent => ( + (e.msg.sender == oldCurrent && newCurrent != 0 && f.selector == sig:transferOwnership(address).selector) || + (e.msg.sender == oldCurrent && newCurrent == 0 && f.selector == sig:renounceOwnership().selector) + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/Ownable2Step.spec b/dependencies/@openzeppelin/certora/specs/Ownable2Step.spec new file mode 100644 index 00000000..d13c6d3e --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/Ownable2Step.spec @@ -0,0 +1,108 @@ +import "helpers/helpers.spec"; +import "methods/IOwnable2Step.spec"; + +methods { + function restricted() external; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: transferOwnership sets the pending owner β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule transferOwnership(env e) { + require nonpayable(e); + + address newOwner; + address current = owner(); + + transferOwnership@withrevert(e, newOwner); + bool success = !lastReverted; + + assert success <=> e.msg.sender == current, "unauthorized caller"; + assert success => pendingOwner() == newOwner, "pending owner not set"; + assert success => owner() == current, "current owner changed"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: renounceOwnership removes the owner and the pendingOwner β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule renounceOwnership(env e) { + require nonpayable(e); + + address current = owner(); + + renounceOwnership@withrevert(e); + bool success = !lastReverted; + + assert success <=> e.msg.sender == current, "unauthorized caller"; + assert success => pendingOwner() == 0, "pending owner not cleared"; + assert success => owner() == 0, "owner not cleared"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: acceptOwnership changes owner and reset pending owner β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule acceptOwnership(env e) { + + require nonpayable(e); + + address current = owner(); + address pending = pendingOwner(); + + acceptOwnership@withrevert(e); + bool success = !lastReverted; + + assert success <=> e.msg.sender == pending, "unauthorized caller"; + assert success => pendingOwner() == 0, "pending owner not cleared"; + assert success => owner() == pending, "owner not transferred"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Access control: only current owner can call restricted functions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule onlyCurrentOwnerCanCallOnlyOwner(env e) { + require nonpayable(e); + + address current = owner(); + + calldataarg args; + restricted@withrevert(e, args); + + assert !lastReverted <=> e.msg.sender == current, "access control failed"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: ownership and pending ownership can only change in specific ways β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule ownerOrPendingOwnerChange(env e, method f) { + address oldCurrent = owner(); + address oldPending = pendingOwner(); + + calldataarg args; + f(e, args); + + address newCurrent = owner(); + address newPending = pendingOwner(); + + // If owner changes, must be either acceptOwnership or renounceOwnership + assert oldCurrent != newCurrent => ( + (e.msg.sender == oldPending && newCurrent == oldPending && newPending == 0 && f.selector == sig:acceptOwnership().selector) || + (e.msg.sender == oldCurrent && newCurrent == 0 && newPending == 0 && f.selector == sig:renounceOwnership().selector) + ); + + // If pending changes, must be either acceptance or reset + assert oldPending != newPending => ( + (e.msg.sender == oldCurrent && newCurrent == oldCurrent && f.selector == sig:transferOwnership(address).selector) || + (e.msg.sender == oldPending && newCurrent == oldPending && newPending == 0 && f.selector == sig:acceptOwnership().selector) || + (e.msg.sender == oldCurrent && newCurrent == 0 && newPending == 0 && f.selector == sig:renounceOwnership().selector) + ); +} diff --git a/dependencies/@openzeppelin/certora/specs/Pausable.spec b/dependencies/@openzeppelin/certora/specs/Pausable.spec new file mode 100644 index 00000000..a7aff9cc --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/Pausable.spec @@ -0,0 +1,96 @@ +import "helpers/helpers.spec"; + +methods { + function paused() external returns (bool) envfree; + function pause() external; + function unpause() external; + function onlyWhenPaused() external; + function onlyWhenNotPaused() external; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: _pause pauses the contract β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule pause(env e) { + require nonpayable(e); + + bool pausedBefore = paused(); + + pause@withrevert(e); + bool success = !lastReverted; + + bool pausedAfter = paused(); + + // liveness + assert success <=> !pausedBefore, "works if and only if the contract was not paused before"; + + // effect + assert success => pausedAfter, "contract must be paused after a successful call"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: _unpause unpauses the contract β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule unpause(env e) { + require nonpayable(e); + + bool pausedBefore = paused(); + + unpause@withrevert(e); + bool success = !lastReverted; + + bool pausedAfter = paused(); + + // liveness + assert success <=> pausedBefore, "works if and only if the contract was paused before"; + + // effect + assert success => !pausedAfter, "contract must be unpaused after a successful call"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: whenPaused modifier can only be called if the contract is paused β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule whenPaused(env e) { + require nonpayable(e); + + onlyWhenPaused@withrevert(e); + assert !lastReverted <=> paused(), "works if and only if the contract is paused"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Function correctness: whenNotPaused modifier can only be called if the contract is not paused β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule whenNotPaused(env e) { + require nonpayable(e); + + onlyWhenNotPaused@withrevert(e); + assert !lastReverted <=> !paused(), "works if and only if the contract is not paused"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rules: only _pause and _unpause can change paused status β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule noPauseChange(env e) { + method f; + calldataarg args; + + bool pausedBefore = paused(); + f(e, args); + bool pausedAfter = paused(); + + assert pausedBefore != pausedAfter => ( + (!pausedAfter && f.selector == sig:unpause().selector) || + (pausedAfter && f.selector == sig:pause().selector) + ), "contract's paused status can only be changed by _pause() or _unpause()"; +} diff --git a/dependencies/@openzeppelin/certora/specs/TimelockController.spec b/dependencies/@openzeppelin/certora/specs/TimelockController.spec new file mode 100644 index 00000000..5123768d --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/TimelockController.spec @@ -0,0 +1,274 @@ +import "helpers/helpers.spec"; +import "methods/IAccessControl.spec"; + +methods { + function PROPOSER_ROLE() external returns (bytes32) envfree; + function EXECUTOR_ROLE() external returns (bytes32) envfree; + function CANCELLER_ROLE() external returns (bytes32) envfree; + function isOperation(bytes32) external returns (bool); + function isOperationPending(bytes32) external returns (bool); + function isOperationReady(bytes32) external returns (bool); + function isOperationDone(bytes32) external returns (bool); + function getTimestamp(bytes32) external returns (uint256) envfree; + function getMinDelay() external returns (uint256) envfree; + + function hashOperation(address, uint256, bytes, bytes32, bytes32) external returns(bytes32) envfree; + function hashOperationBatch(address[], uint256[], bytes[], bytes32, bytes32) external returns(bytes32) envfree; + + function schedule(address, uint256, bytes, bytes32, bytes32, uint256) external; + function scheduleBatch(address[], uint256[], bytes[], bytes32, bytes32, uint256) external; + function execute(address, uint256, bytes, bytes32, bytes32) external; + function executeBatch(address[], uint256[], bytes[], bytes32, bytes32) external; + function cancel(bytes32) external; + + function updateDelay(uint256) external; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Helpers β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +// Uniformly handle scheduling of batched and non-batched operations. +function helperScheduleWithRevert(env e, method f, bytes32 id, uint256 delay) { + if (f.selector == sig:schedule(address, uint256, bytes, bytes32, bytes32, uint256).selector) { + address target; uint256 value; bytes data; bytes32 predecessor; bytes32 salt; + require hashOperation(target, value, data, predecessor, salt) == id; // Correlation + schedule@withrevert(e, target, value, data, predecessor, salt, delay); + } else if (f.selector == sig:scheduleBatch(address[], uint256[], bytes[], bytes32, bytes32, uint256).selector) { + address[] targets; uint256[] values; bytes[] payloads; bytes32 predecessor; bytes32 salt; + require hashOperationBatch(targets, values, payloads, predecessor, salt) == id; // Correlation + scheduleBatch@withrevert(e, targets, values, payloads, predecessor, salt, delay); + } else { + calldataarg args; + f@withrevert(e, args); + } +} + +// Uniformly handle execution of batched and non-batched operations. +function helperExecuteWithRevert(env e, method f, bytes32 id, bytes32 predecessor) { + if (f.selector == sig:execute(address, uint256, bytes, bytes32, bytes32).selector) { + address target; uint256 value; bytes data; bytes32 salt; + require hashOperation(target, value, data, predecessor, salt) == id; // Correlation + execute@withrevert(e, target, value, data, predecessor, salt); + } else if (f.selector == sig:executeBatch(address[], uint256[], bytes[], bytes32, bytes32).selector) { + address[] targets; uint256[] values; bytes[] payloads; bytes32 salt; + require hashOperationBatch(targets, values, payloads, predecessor, salt) == id; // Correlation + executeBatch@withrevert(e, targets, values, payloads, predecessor, salt); + } else { + calldataarg args; + f@withrevert(e, args); + } +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Definitions β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +definition DONE_TIMESTAMP() returns uint256 = 1; +definition UNSET() returns uint8 = 0x1; +definition PENDING() returns uint8 = 0x2; +definition DONE() returns uint8 = 0x4; + +definition isUnset(env e, bytes32 id) returns bool = !isOperation(e, id); +definition isPending(env e, bytes32 id) returns bool = isOperationPending(e, id); +definition isDone(env e, bytes32 id) returns bool = isOperationDone(e, id); +definition state(env e, bytes32 id) returns uint8 = (isUnset(e, id) ? UNSET() : 0) | (isPending(e, id) ? PENDING() : 0) | (isDone(e, id) ? DONE() : 0); + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariants: consistency of accessors β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant isOperationCheck(env e, bytes32 id) + isOperation(e, id) <=> getTimestamp(id) > 0 + filtered { f -> !f.isView } + +invariant isOperationPendingCheck(env e, bytes32 id) + isOperationPending(e, id) <=> getTimestamp(id) > DONE_TIMESTAMP() + filtered { f -> !f.isView } + +invariant isOperationDoneCheck(env e, bytes32 id) + isOperationDone(e, id) <=> getTimestamp(id) == DONE_TIMESTAMP() + filtered { f -> !f.isView } + +invariant isOperationReadyCheck(env e, bytes32 id) + isOperationReady(e, id) <=> (isOperationPending(e, id) && getTimestamp(id) <= e.block.timestamp) + filtered { f -> !f.isView } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Invariant: a proposal id is either unset, pending or done β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +invariant stateConsistency(bytes32 id, env e) + // Check states are mutually exclusive + (isUnset(e, id) <=> (!isPending(e, id) && !isDone(e, id) )) && + (isPending(e, id) <=> (!isUnset(e, id) && !isDone(e, id) )) && + (isDone(e, id) <=> (!isUnset(e, id) && !isPending(e, id))) && + // Check that the state helper behaves as expected: + (isUnset(e, id) <=> state(e, id) == UNSET() ) && + (isPending(e, id) <=> state(e, id) == PENDING() ) && + (isDone(e, id) <=> state(e, id) == DONE() ) && + // Check substate + isOperationReady(e, id) => isPending(e, id) + filtered { f -> !f.isView } + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: state transition rules β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule stateTransition(bytes32 id, env e, method f, calldataarg args) { + require e.block.timestamp > 1; // Sanity + + uint8 stateBefore = state(e, id); + f(e, args); + uint8 stateAfter = state(e, id); + + // Cannot jump from UNSET to DONE + assert stateBefore == UNSET() => stateAfter != DONE(); + + // UNSET β†’ PENDING: schedule or scheduleBatch + assert stateBefore == UNSET() && stateAfter == PENDING() => ( + f.selector == sig:schedule(address, uint256, bytes, bytes32, bytes32, uint256).selector || + f.selector == sig:scheduleBatch(address[], uint256[], bytes[], bytes32, bytes32, uint256).selector + ); + + // PENDING β†’ UNSET: cancel + assert stateBefore == PENDING() && stateAfter == UNSET() => ( + f.selector == sig:cancel(bytes32).selector + ); + + // PENDING β†’ DONE: execute or executeBatch + assert stateBefore == PENDING() && stateAfter == DONE() => ( + f.selector == sig:execute(address, uint256, bytes, bytes32, bytes32).selector || + f.selector == sig:executeBatch(address[], uint256[], bytes[], bytes32, bytes32).selector + ); + + // DONE is final + assert stateBefore == DONE() => stateAfter == DONE(); +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: minimum delay can only be updated through a timelock execution β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule minDelayOnlyChange(env e) { + uint256 delayBefore = getMinDelay(); + + method f; calldataarg args; + f(e, args); + + assert delayBefore != getMinDelay() => (e.msg.sender == currentContract && f.selector == sig:updateDelay(uint256).selector), "Unauthorized delay update"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: schedule liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule schedule(env e, method f, bytes32 id, uint256 delay) filtered { f -> + f.selector == sig:schedule(address, uint256, bytes, bytes32, bytes32, uint256).selector || + f.selector == sig:scheduleBatch(address[], uint256[], bytes[], bytes32, bytes32, uint256).selector +} { + require nonpayable(e); + + // Basic timestamp assumptions + require e.block.timestamp > 1; + require e.block.timestamp + delay < max_uint256; + require e.block.timestamp + getMinDelay() < max_uint256; + + bytes32 otherId; uint256 otherTimestamp = getTimestamp(otherId); + + uint8 stateBefore = state(e, id); + bool isDelaySufficient = delay >= getMinDelay(); + bool isProposerBefore = hasRole(PROPOSER_ROLE(), e.msg.sender); + + helperScheduleWithRevert(e, f, id, delay); + bool success = !lastReverted; + + // liveness + assert success <=> ( + stateBefore == UNSET() && + isDelaySufficient && + isProposerBefore + ); + + // effect + assert success => state(e, id) == PENDING(), "State transition violation"; + assert success => getTimestamp(id) == require_uint256(e.block.timestamp + delay), "Proposal timestamp not correctly set"; + + // no side effect + assert otherTimestamp != getTimestamp(otherId) => id == otherId, "Other proposal affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: execute liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule execute(env e, method f, bytes32 id, bytes32 predecessor) filtered { f -> + f.selector == sig:execute(address, uint256, bytes, bytes32, bytes32).selector || + f.selector == sig:executeBatch(address[], uint256[], bytes[], bytes32, bytes32).selector +} { + bytes32 otherId; uint256 otherTimestamp = getTimestamp(otherId); + + uint8 stateBefore = state(e, id); + bool isOperationReadyBefore = isOperationReady(e, id); + bool isExecutorOrOpen = hasRole(EXECUTOR_ROLE(), e.msg.sender) || hasRole(EXECUTOR_ROLE(), 0); + bool predecessorDependency = predecessor == to_bytes32(0) || isDone(e, predecessor); + + helperExecuteWithRevert(e, f, id, predecessor); + bool success = !lastReverted; + + // The underlying transaction can revert, and that would cause the execution to revert. We can check that all non + // reverting calls meet the requirements in terms of proposal readiness, access control and predecessor dependency. + // We can't however guarantee that these requirements being meet ensure liveness of the proposal, because the + // proposal can revert for reasons beyond our control. + + // liveness, should be `<=>` but can only check `=>` (see comment above) + assert success => ( + stateBefore == PENDING() && + isOperationReadyBefore && + predecessorDependency && + isExecutorOrOpen + ); + + // effect + assert success => state(e, id) == DONE(), "State transition violation"; + + // no side effect + assert otherTimestamp != getTimestamp(otherId) => id == otherId, "Other proposal affected"; +} + +/* +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Rule: cancel liveness and effects β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +*/ +rule cancel(env e, bytes32 id) { + require nonpayable(e); + + bytes32 otherId; uint256 otherTimestamp = getTimestamp(otherId); + + uint8 stateBefore = state(e, id); + bool isCanceller = hasRole(CANCELLER_ROLE(), e.msg.sender); + + cancel@withrevert(e, id); + bool success = !lastReverted; + + // liveness + assert success <=> ( + stateBefore == PENDING() && + isCanceller + ); + + // effect + assert success => state(e, id) == UNSET(), "State transition violation"; + + // no side effect + assert otherTimestamp != getTimestamp(otherId) => id == otherId, "Other proposal affected"; +} diff --git a/dependencies/@openzeppelin/certora/specs/helpers/helpers.spec b/dependencies/@openzeppelin/certora/specs/helpers/helpers.spec new file mode 100644 index 00000000..7125ce2d --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/helpers/helpers.spec @@ -0,0 +1,12 @@ +// environment +definition nonpayable(env e) returns bool = e.msg.value == 0; +definition nonzerosender(env e) returns bool = e.msg.sender != 0; +definition sanity(env e) returns bool = clock(e) > 0 && clock(e) <= max_uint48; + +// math +definition min(mathint a, mathint b) returns mathint = a < b ? a : b; +definition max(mathint a, mathint b) returns mathint = a > b ? a : b; + +// time +definition clock(env e) returns mathint = to_mathint(e.block.timestamp); +definition isSetAndPast(env e, uint48 timepoint) returns bool = timepoint != 0 && to_mathint(timepoint) <= clock(e); diff --git a/dependencies/@openzeppelin/certora/specs/methods/IAccessControl.spec b/dependencies/@openzeppelin/certora/specs/methods/IAccessControl.spec new file mode 100644 index 00000000..5c395b08 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IAccessControl.spec @@ -0,0 +1,8 @@ +methods { + function DEFAULT_ADMIN_ROLE() external returns (bytes32) envfree; + function hasRole(bytes32, address) external returns(bool) envfree; + function getRoleAdmin(bytes32) external returns(bytes32) envfree; + function grantRole(bytes32, address) external; + function revokeRole(bytes32, address) external; + function renounceRole(bytes32, address) external; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IAccessControlDefaultAdminRules.spec b/dependencies/@openzeppelin/certora/specs/methods/IAccessControlDefaultAdminRules.spec new file mode 100644 index 00000000..d02db180 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IAccessControlDefaultAdminRules.spec @@ -0,0 +1,36 @@ +import "./IERC5313.spec"; + +methods { + // === View == + + // Default Admin + function defaultAdmin() external returns(address) envfree; + function pendingDefaultAdmin() external returns(address, uint48) envfree; + + // Default Admin Delay + function defaultAdminDelay() external returns(uint48); + function pendingDefaultAdminDelay() external returns(uint48, uint48); + function defaultAdminDelayIncreaseWait() external returns(uint48) envfree; + + // === Mutations == + + // Default Admin + function beginDefaultAdminTransfer(address) external; + function cancelDefaultAdminTransfer() external; + function acceptDefaultAdminTransfer() external; + + // Default Admin Delay + function changeDefaultAdminDelay(uint48) external; + function rollbackDefaultAdminDelay() external; + + // == FV == + + // Default Admin + function pendingDefaultAdmin_() external returns (address) envfree; + function pendingDefaultAdminSchedule_() external returns (uint48) envfree; + + // Default Admin Delay + function pendingDelay_() external returns (uint48); + function pendingDelaySchedule_() external returns (uint48); + function delayChangeWait_(uint48) external returns (uint48); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IAccessManaged.spec b/dependencies/@openzeppelin/certora/specs/methods/IAccessManaged.spec new file mode 100644 index 00000000..886d917d --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IAccessManaged.spec @@ -0,0 +1,5 @@ +methods { + function authority() external returns (address) envfree; + function isConsumingScheduledOp() external returns (bytes4) envfree; + function setAuthority(address) external; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IAccessManager.spec b/dependencies/@openzeppelin/certora/specs/methods/IAccessManager.spec new file mode 100644 index 00000000..5d305f7b --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IAccessManager.spec @@ -0,0 +1,33 @@ +methods { + function ADMIN_ROLE() external returns (uint64) envfree; + function PUBLIC_ROLE() external returns (uint64) envfree; + function canCall(address,address,bytes4) external returns (bool,uint32); + function expiration() external returns (uint32) envfree; + function minSetback() external returns (uint32) envfree; + function isTargetClosed(address) external returns (bool) envfree; + function getTargetFunctionRole(address,bytes4) external returns (uint64) envfree; + function getTargetAdminDelay(address) external returns (uint32); + function getRoleAdmin(uint64) external returns (uint64) envfree; + function getRoleGuardian(uint64) external returns (uint64) envfree; + function getRoleGrantDelay(uint64) external returns (uint32); + function getAccess(uint64,address) external returns (uint48,uint32,uint32,uint48); + function hasRole(uint64,address) external returns (bool,uint32); + function labelRole(uint64,string) external; + function grantRole(uint64,address,uint32) external; + function revokeRole(uint64,address) external; + function renounceRole(uint64,address) external; + function setRoleAdmin(uint64,uint64) external; + function setRoleGuardian(uint64,uint64) external; + function setGrantDelay(uint64,uint32) external; + function setTargetFunctionRole(address,bytes4[],uint64) external; + function setTargetAdminDelay(address,uint32) external; + function setTargetClosed(address,bool) external; + function hashOperation(address,address,bytes) external returns (bytes32) envfree; + function getNonce(bytes32) external returns (uint32) envfree; + function getSchedule(bytes32) external returns (uint48); + function schedule(address,bytes,uint48) external returns (bytes32,uint32); + function execute(address,bytes) external returns (uint32); + function cancel(address,address,bytes) external returns (uint32); + function consumeScheduledOp(address,bytes) external; + function updateAuthority(address,address) external; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC20.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC20.spec new file mode 100644 index 00000000..100901a0 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC20.spec @@ -0,0 +1,11 @@ +methods { + function name() external returns (string) envfree; + function symbol() external returns (string) envfree; + function decimals() external returns (uint8) envfree; + function totalSupply() external returns (uint256) envfree; + function balanceOf(address) external returns (uint256) envfree; + function allowance(address,address) external returns (uint256) envfree; + function approve(address,uint256) external returns (bool); + function transfer(address,uint256) external returns (bool); + function transferFrom(address,address,uint256) external returns (bool); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC2612.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC2612.spec new file mode 100644 index 00000000..4ecc17b4 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC2612.spec @@ -0,0 +1,5 @@ +methods { + function permit(address,address,uint256,uint256,uint8,bytes32,bytes32) external; + function nonces(address) external returns (uint256) envfree; + function DOMAIN_SEPARATOR() external returns (bytes32) envfree; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashBorrower.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashBorrower.spec new file mode 100644 index 00000000..733c168c --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashBorrower.spec @@ -0,0 +1,3 @@ +methods { + function _.onFlashLoan(address,address,uint256,uint256,bytes) external => DISPATCHER(true); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashLender.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashLender.spec new file mode 100644 index 00000000..66ed14cd --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC3156FlashLender.spec @@ -0,0 +1,5 @@ +methods { + function maxFlashLoan(address) external returns (uint256) envfree; + function flashFee(address,uint256) external returns (uint256) envfree; + function flashLoan(address,address,uint256,bytes) external returns (bool); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC5313.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC5313.spec new file mode 100644 index 00000000..f1d469fa --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC5313.spec @@ -0,0 +1,3 @@ +methods { + function owner() external returns (address) envfree; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC721.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC721.spec new file mode 100644 index 00000000..34ff50bd --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC721.spec @@ -0,0 +1,17 @@ +methods { + // IERC721 + function balanceOf(address) external returns (uint256) envfree; + function ownerOf(uint256) external returns (address) envfree; + function getApproved(uint256) external returns (address) envfree; + function isApprovedForAll(address,address) external returns (bool) envfree; + function safeTransferFrom(address,address,uint256,bytes) external; + function safeTransferFrom(address,address,uint256) external; + function transferFrom(address,address,uint256) external; + function approve(address,uint256) external; + function setApprovalForAll(address,bool) external; + + // IERC721Metadata + function name() external returns (string); + function symbol() external returns (string); + function tokenURI(uint256) external returns (string); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IERC721Receiver.spec b/dependencies/@openzeppelin/certora/specs/methods/IERC721Receiver.spec new file mode 100644 index 00000000..e6bdf428 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IERC721Receiver.spec @@ -0,0 +1,3 @@ +methods { + function _.onERC721Received(address,address,uint256,bytes) external => DISPATCHER(true); +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IOwnable.spec b/dependencies/@openzeppelin/certora/specs/methods/IOwnable.spec new file mode 100644 index 00000000..4d7c925c --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IOwnable.spec @@ -0,0 +1,5 @@ +methods { + function owner() external returns (address) envfree; + function transferOwnership(address) external; + function renounceOwnership() external; +} diff --git a/dependencies/@openzeppelin/certora/specs/methods/IOwnable2Step.spec b/dependencies/@openzeppelin/certora/specs/methods/IOwnable2Step.spec new file mode 100644 index 00000000..e6a99570 --- /dev/null +++ b/dependencies/@openzeppelin/certora/specs/methods/IOwnable2Step.spec @@ -0,0 +1,7 @@ +methods { + function owner() external returns (address) envfree; + function pendingOwner() external returns (address) envfree; + function transferOwnership(address) external; + function acceptOwnership() external; + function renounceOwnership() external; +} diff --git a/dependencies/@openzeppelin/contracts/access/AccessControl.sol b/dependencies/@openzeppelin/contracts/access/AccessControl.sol new file mode 100644 index 00000000..3e3341e9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/AccessControl.sol @@ -0,0 +1,209 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol) + +pragma solidity ^0.8.20; + +import {IAccessControl} from "./IAccessControl.sol"; +import {Context} from "../utils/Context.sol"; +import {ERC165} from "../utils/introspection/ERC165.sol"; + +/** + * @dev Contract module that allows children to implement role-based access + * control mechanisms. This is a lightweight version that doesn't allow enumerating role + * members except through off-chain means by accessing the contract event logs. Some + * applications may benefit from on-chain enumerability, for those cases see + * {AccessControlEnumerable}. + * + * Roles are referred to by their `bytes32` identifier. These should be exposed + * in the external API and be unique. The best way to achieve this is by + * using `public constant` hash digests: + * + * ```solidity + * bytes32 public constant MY_ROLE = keccak256("MY_ROLE"); + * ``` + * + * Roles can be used to represent a set of permissions. To restrict access to a + * function call, use {hasRole}: + * + * ```solidity + * function foo() public { + * require(hasRole(MY_ROLE, msg.sender)); + * ... + * } + * ``` + * + * Roles can be granted and revoked dynamically via the {grantRole} and + * {revokeRole} functions. Each role has an associated admin role, and only + * accounts that have a role's admin role can call {grantRole} and {revokeRole}. + * + * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means + * that only accounts with this role will be able to grant or revoke other + * roles. More complex role relationships can be created by using + * {_setRoleAdmin}. + * + * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to + * grant and revoke this role. Extra precautions should be taken to secure + * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules} + * to enforce additional security measures for this role. + */ +abstract contract AccessControl is Context, IAccessControl, ERC165 { + struct RoleData { + mapping(address account => bool) hasRole; + bytes32 adminRole; + } + + mapping(bytes32 role => RoleData) private _roles; + + bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00; + + /** + * @dev Modifier that checks that an account has a specific role. Reverts + * with an {AccessControlUnauthorizedAccount} error including the required role. + */ + modifier onlyRole(bytes32 role) { + _checkRole(role); + _; + } + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @dev Returns `true` if `account` has been granted `role`. + */ + function hasRole(bytes32 role, address account) public view virtual returns (bool) { + return _roles[role].hasRole[account]; + } + + /** + * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()` + * is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier. + */ + function _checkRole(bytes32 role) internal view virtual { + _checkRole(role, _msgSender()); + } + + /** + * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account` + * is missing `role`. + */ + function _checkRole(bytes32 role, address account) internal view virtual { + if (!hasRole(role, account)) { + revert AccessControlUnauthorizedAccount(account, role); + } + } + + /** + * @dev Returns the admin role that controls `role`. See {grantRole} and + * {revokeRole}. + * + * To change a role's admin, use {_setRoleAdmin}. + */ + function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) { + return _roles[role].adminRole; + } + + /** + * @dev Grants `role` to `account`. + * + * If `account` had not been already granted `role`, emits a {RoleGranted} + * event. + * + * Requirements: + * + * - the caller must have ``role``'s admin role. + * + * May emit a {RoleGranted} event. + */ + function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) { + _grantRole(role, account); + } + + /** + * @dev Revokes `role` from `account`. + * + * If `account` had been granted `role`, emits a {RoleRevoked} event. + * + * Requirements: + * + * - the caller must have ``role``'s admin role. + * + * May emit a {RoleRevoked} event. + */ + function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) { + _revokeRole(role, account); + } + + /** + * @dev Revokes `role` from the calling account. + * + * Roles are often managed via {grantRole} and {revokeRole}: this function's + * purpose is to provide a mechanism for accounts to lose their privileges + * if they are compromised (such as when a trusted device is misplaced). + * + * If the calling account had been revoked `role`, emits a {RoleRevoked} + * event. + * + * Requirements: + * + * - the caller must be `callerConfirmation`. + * + * May emit a {RoleRevoked} event. + */ + function renounceRole(bytes32 role, address callerConfirmation) public virtual { + if (callerConfirmation != _msgSender()) { + revert AccessControlBadConfirmation(); + } + + _revokeRole(role, callerConfirmation); + } + + /** + * @dev Sets `adminRole` as ``role``'s admin role. + * + * Emits a {RoleAdminChanged} event. + */ + function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual { + bytes32 previousAdminRole = getRoleAdmin(role); + _roles[role].adminRole = adminRole; + emit RoleAdminChanged(role, previousAdminRole, adminRole); + } + + /** + * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted. + * + * Internal function without access restriction. + * + * May emit a {RoleGranted} event. + */ + function _grantRole(bytes32 role, address account) internal virtual returns (bool) { + if (!hasRole(role, account)) { + _roles[role].hasRole[account] = true; + emit RoleGranted(role, account, _msgSender()); + return true; + } else { + return false; + } + } + + /** + * @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked. + * + * Internal function without access restriction. + * + * May emit a {RoleRevoked} event. + */ + function _revokeRole(bytes32 role, address account) internal virtual returns (bool) { + if (hasRole(role, account)) { + _roles[role].hasRole[account] = false; + emit RoleRevoked(role, account, _msgSender()); + return true; + } else { + return false; + } + } +} diff --git a/dependencies/@openzeppelin/contracts/access/IAccessControl.sol b/dependencies/@openzeppelin/contracts/access/IAccessControl.sol new file mode 100644 index 00000000..67ea537e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/IAccessControl.sol @@ -0,0 +1,98 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/IAccessControl.sol) + +pragma solidity ^0.8.20; + +/** + * @dev External interface of AccessControl declared to support ERC-165 detection. + */ +interface IAccessControl { + /** + * @dev The `account` is missing a role. + */ + error AccessControlUnauthorizedAccount(address account, bytes32 neededRole); + + /** + * @dev The caller of a function is not the expected one. + * + * NOTE: Don't confuse with {AccessControlUnauthorizedAccount}. + */ + error AccessControlBadConfirmation(); + + /** + * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole` + * + * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite + * {RoleAdminChanged} not being emitted signaling this. + */ + event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole); + + /** + * @dev Emitted when `account` is granted `role`. + * + * `sender` is the account that originated the contract call. This account bears the admin role (for the granted role). + * Expected in cases where the role was granted using the internal {AccessControl-_grantRole}. + */ + event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender); + + /** + * @dev Emitted when `account` is revoked `role`. + * + * `sender` is the account that originated the contract call: + * - if using `revokeRole`, it is the admin role bearer + * - if using `renounceRole`, it is the role bearer (i.e. `account`) + */ + event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender); + + /** + * @dev Returns `true` if `account` has been granted `role`. + */ + function hasRole(bytes32 role, address account) external view returns (bool); + + /** + * @dev Returns the admin role that controls `role`. See {grantRole} and + * {revokeRole}. + * + * To change a role's admin, use {AccessControl-_setRoleAdmin}. + */ + function getRoleAdmin(bytes32 role) external view returns (bytes32); + + /** + * @dev Grants `role` to `account`. + * + * If `account` had not been already granted `role`, emits a {RoleGranted} + * event. + * + * Requirements: + * + * - the caller must have ``role``'s admin role. + */ + function grantRole(bytes32 role, address account) external; + + /** + * @dev Revokes `role` from `account`. + * + * If `account` had been granted `role`, emits a {RoleRevoked} event. + * + * Requirements: + * + * - the caller must have ``role``'s admin role. + */ + function revokeRole(bytes32 role, address account) external; + + /** + * @dev Revokes `role` from the calling account. + * + * Roles are often managed via {grantRole} and {revokeRole}: this function's + * purpose is to provide a mechanism for accounts to lose their privileges + * if they are compromised (such as when a trusted device is misplaced). + * + * If the calling account had been granted `role`, emits a {RoleRevoked} + * event. + * + * Requirements: + * + * - the caller must be `callerConfirmation`. + */ + function renounceRole(bytes32 role, address callerConfirmation) external; +} diff --git a/dependencies/@openzeppelin/contracts/access/Ownable.sol b/dependencies/@openzeppelin/contracts/access/Ownable.sol new file mode 100644 index 00000000..bd96f666 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/Ownable.sol @@ -0,0 +1,100 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol) + +pragma solidity ^0.8.20; + +import {Context} from "../utils/Context.sol"; + +/** + * @dev Contract module which provides a basic access control mechanism, where + * there is an account (an owner) that can be granted exclusive access to + * specific functions. + * + * The initial owner is set to the address provided by the deployer. This can + * later be changed with {transferOwnership}. + * + * This module is used through inheritance. It will make available the modifier + * `onlyOwner`, which can be applied to your functions to restrict their use to + * the owner. + */ +abstract contract Ownable is Context { + address private _owner; + + /** + * @dev The caller account is not authorized to perform an operation. + */ + error OwnableUnauthorizedAccount(address account); + + /** + * @dev The owner is not a valid owner account. (eg. `address(0)`) + */ + error OwnableInvalidOwner(address owner); + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + /** + * @dev Initializes the contract setting the address provided by the deployer as the initial owner. + */ + constructor(address initialOwner) { + if (initialOwner == address(0)) { + revert OwnableInvalidOwner(address(0)); + } + _transferOwnership(initialOwner); + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + _checkOwner(); + _; + } + + /** + * @dev Returns the address of the current owner. + */ + function owner() public view virtual returns (address) { + return _owner; + } + + /** + * @dev Throws if the sender is not the owner. + */ + function _checkOwner() internal view virtual { + if (owner() != _msgSender()) { + revert OwnableUnauthorizedAccount(_msgSender()); + } + } + + /** + * @dev Leaves the contract without owner. It will not be possible to call + * `onlyOwner` functions. Can only be called by the current owner. + * + * NOTE: Renouncing ownership will leave the contract without an owner, + * thereby disabling any functionality that is only available to the owner. + */ + function renounceOwnership() public virtual onlyOwner { + _transferOwnership(address(0)); + } + + /** + * @dev Transfers ownership of the contract to a new account (`newOwner`). + * Can only be called by the current owner. + */ + function transferOwnership(address newOwner) public virtual onlyOwner { + if (newOwner == address(0)) { + revert OwnableInvalidOwner(address(0)); + } + _transferOwnership(newOwner); + } + + /** + * @dev Transfers ownership of the contract to a new account (`newOwner`). + * Internal function without access restriction. + */ + function _transferOwnership(address newOwner) internal virtual { + address oldOwner = _owner; + _owner = newOwner; + emit OwnershipTransferred(oldOwner, newOwner); + } +} diff --git a/dependencies/@openzeppelin/contracts/access/Ownable2Step.sol b/dependencies/@openzeppelin/contracts/access/Ownable2Step.sol new file mode 100644 index 00000000..8050ff2b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/Ownable2Step.sol @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable2Step.sol) + +pragma solidity ^0.8.20; + +import {Ownable} from "./Ownable.sol"; + +/** + * @dev Contract module which provides access control mechanism, where + * there is an account (an owner) that can be granted exclusive access to + * specific functions. + * + * This extension of the {Ownable} contract includes a two-step mechanism to transfer + * ownership, where the new owner must call {acceptOwnership} in order to replace the + * old one. This can help prevent common mistakes, such as transfers of ownership to + * incorrect accounts, or to contracts that are unable to interact with the + * permission system. + * + * The initial owner is specified at deployment time in the constructor for `Ownable`. This + * can later be changed with {transferOwnership} and {acceptOwnership}. + * + * This module is used through inheritance. It will make available all functions + * from parent (Ownable). + */ +abstract contract Ownable2Step is Ownable { + address private _pendingOwner; + + event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner); + + /** + * @dev Returns the address of the pending owner. + */ + function pendingOwner() public view virtual returns (address) { + return _pendingOwner; + } + + /** + * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. + * Can only be called by the current owner. + * + * Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer. + */ + function transferOwnership(address newOwner) public virtual override onlyOwner { + _pendingOwner = newOwner; + emit OwnershipTransferStarted(owner(), newOwner); + } + + /** + * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner. + * Internal function without access restriction. + */ + function _transferOwnership(address newOwner) internal virtual override { + delete _pendingOwner; + super._transferOwnership(newOwner); + } + + /** + * @dev The new owner accepts the ownership transfer. + */ + function acceptOwnership() public virtual { + address sender = _msgSender(); + if (pendingOwner() != sender) { + revert OwnableUnauthorizedAccount(sender); + } + _transferOwnership(sender); + } +} diff --git a/dependencies/@openzeppelin/contracts/access/README.adoc b/dependencies/@openzeppelin/contracts/access/README.adoc new file mode 100644 index 00000000..b89865b2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/README.adoc @@ -0,0 +1,45 @@ += Access Control + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/access + +This directory provides ways to restrict who can access the functions of a contract or when they can do it. + +- {AccessManager} is a full-fledged access control solution for smart contract systems. Allows creating and assigning multiple hierarchical roles with execution delays for each account across various contracts. +- {AccessManaged} delegates its access control to an authority that dictates the permissions of the managed contract. It's compatible with an AccessManager as an authority. +- {AccessControl} provides a per-contract role based access control mechanism. Multiple hierarchical roles can be created and assigned each to multiple accounts within the same instance. +- {Ownable} is a simpler mechanism with a single owner "role" that can be assigned to a single account. This simpler mechanism can be useful for quick tests but projects with production concerns are likely to outgrow it. + +== Core + +{{Ownable}} + +{{Ownable2Step}} + +{{IAccessControl}} + +{{AccessControl}} + +== Extensions + +{{IAccessControlEnumerable}} + +{{AccessControlEnumerable}} + +{{IAccessControlDefaultAdminRules}} + +{{AccessControlDefaultAdminRules}} + +== AccessManager + +{{IAuthority}} + +{{IAccessManager}} + +{{AccessManager}} + +{{IAccessManaged}} + +{{AccessManaged}} + +{{AuthorityUtils}} diff --git a/dependencies/@openzeppelin/contracts/access/extensions/AccessControlDefaultAdminRules.sol b/dependencies/@openzeppelin/contracts/access/extensions/AccessControlDefaultAdminRules.sol new file mode 100644 index 00000000..ef71a648 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/extensions/AccessControlDefaultAdminRules.sol @@ -0,0 +1,396 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/extensions/AccessControlDefaultAdminRules.sol) + +pragma solidity ^0.8.20; + +import {IAccessControlDefaultAdminRules} from "./IAccessControlDefaultAdminRules.sol"; +import {AccessControl, IAccessControl} from "../AccessControl.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {Math} from "../../utils/math/Math.sol"; +import {IERC5313} from "../../interfaces/IERC5313.sol"; + +/** + * @dev Extension of {AccessControl} that allows specifying special rules to manage + * the `DEFAULT_ADMIN_ROLE` holder, which is a sensitive role with special permissions + * over other roles that may potentially have privileged rights in the system. + * + * If a specific role doesn't have an admin role assigned, the holder of the + * `DEFAULT_ADMIN_ROLE` will have the ability to grant it and revoke it. + * + * This contract implements the following risk mitigations on top of {AccessControl}: + * + * * Only one account holds the `DEFAULT_ADMIN_ROLE` since deployment until it's potentially renounced. + * * Enforces a 2-step process to transfer the `DEFAULT_ADMIN_ROLE` to another account. + * * Enforces a configurable delay between the two steps, with the ability to cancel before the transfer is accepted. + * * The delay can be changed by scheduling, see {changeDefaultAdminDelay}. + * * It is not possible to use another role to manage the `DEFAULT_ADMIN_ROLE`. + * + * Example usage: + * + * ```solidity + * contract MyToken is AccessControlDefaultAdminRules { + * constructor() AccessControlDefaultAdminRules( + * 3 days, + * msg.sender // Explicit initial `DEFAULT_ADMIN_ROLE` holder + * ) {} + * } + * ``` + */ +abstract contract AccessControlDefaultAdminRules is IAccessControlDefaultAdminRules, IERC5313, AccessControl { + // pending admin pair read/written together frequently + address private _pendingDefaultAdmin; + uint48 private _pendingDefaultAdminSchedule; // 0 == unset + + uint48 private _currentDelay; + address private _currentDefaultAdmin; + + // pending delay pair read/written together frequently + uint48 private _pendingDelay; + uint48 private _pendingDelaySchedule; // 0 == unset + + /** + * @dev Sets the initial values for {defaultAdminDelay} and {defaultAdmin} address. + */ + constructor(uint48 initialDelay, address initialDefaultAdmin) { + if (initialDefaultAdmin == address(0)) { + revert AccessControlInvalidDefaultAdmin(address(0)); + } + _currentDelay = initialDelay; + _grantRole(DEFAULT_ADMIN_ROLE, initialDefaultAdmin); + } + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + return interfaceId == type(IAccessControlDefaultAdminRules).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @dev See {IERC5313-owner}. + */ + function owner() public view virtual returns (address) { + return defaultAdmin(); + } + + /// + /// Override AccessControl role management + /// + + /** + * @dev See {AccessControl-grantRole}. Reverts for `DEFAULT_ADMIN_ROLE`. + */ + function grantRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) { + if (role == DEFAULT_ADMIN_ROLE) { + revert AccessControlEnforcedDefaultAdminRules(); + } + super.grantRole(role, account); + } + + /** + * @dev See {AccessControl-revokeRole}. Reverts for `DEFAULT_ADMIN_ROLE`. + */ + function revokeRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) { + if (role == DEFAULT_ADMIN_ROLE) { + revert AccessControlEnforcedDefaultAdminRules(); + } + super.revokeRole(role, account); + } + + /** + * @dev See {AccessControl-renounceRole}. + * + * For the `DEFAULT_ADMIN_ROLE`, it only allows renouncing in two steps by first calling + * {beginDefaultAdminTransfer} to the `address(0)`, so it's required that the {pendingDefaultAdmin} schedule + * has also passed when calling this function. + * + * After its execution, it will not be possible to call `onlyRole(DEFAULT_ADMIN_ROLE)` functions. + * + * NOTE: Renouncing `DEFAULT_ADMIN_ROLE` will leave the contract without a {defaultAdmin}, + * thereby disabling any functionality that is only available for it, and the possibility of reassigning a + * non-administrated role. + */ + function renounceRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) { + if (role == DEFAULT_ADMIN_ROLE && account == defaultAdmin()) { + (address newDefaultAdmin, uint48 schedule) = pendingDefaultAdmin(); + if (newDefaultAdmin != address(0) || !_isScheduleSet(schedule) || !_hasSchedulePassed(schedule)) { + revert AccessControlEnforcedDefaultAdminDelay(schedule); + } + delete _pendingDefaultAdminSchedule; + } + super.renounceRole(role, account); + } + + /** + * @dev See {AccessControl-_grantRole}. + * + * For `DEFAULT_ADMIN_ROLE`, it only allows granting if there isn't already a {defaultAdmin} or if the + * role has been previously renounced. + * + * NOTE: Exposing this function through another mechanism may make the `DEFAULT_ADMIN_ROLE` + * assignable again. Make sure to guarantee this is the expected behavior in your implementation. + */ + function _grantRole(bytes32 role, address account) internal virtual override returns (bool) { + if (role == DEFAULT_ADMIN_ROLE) { + if (defaultAdmin() != address(0)) { + revert AccessControlEnforcedDefaultAdminRules(); + } + _currentDefaultAdmin = account; + } + return super._grantRole(role, account); + } + + /** + * @dev See {AccessControl-_revokeRole}. + */ + function _revokeRole(bytes32 role, address account) internal virtual override returns (bool) { + if (role == DEFAULT_ADMIN_ROLE && account == defaultAdmin()) { + delete _currentDefaultAdmin; + } + return super._revokeRole(role, account); + } + + /** + * @dev See {AccessControl-_setRoleAdmin}. Reverts for `DEFAULT_ADMIN_ROLE`. + */ + function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual override { + if (role == DEFAULT_ADMIN_ROLE) { + revert AccessControlEnforcedDefaultAdminRules(); + } + super._setRoleAdmin(role, adminRole); + } + + /// + /// AccessControlDefaultAdminRules accessors + /// + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function defaultAdmin() public view virtual returns (address) { + return _currentDefaultAdmin; + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function pendingDefaultAdmin() public view virtual returns (address newAdmin, uint48 schedule) { + return (_pendingDefaultAdmin, _pendingDefaultAdminSchedule); + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function defaultAdminDelay() public view virtual returns (uint48) { + uint48 schedule = _pendingDelaySchedule; + return (_isScheduleSet(schedule) && _hasSchedulePassed(schedule)) ? _pendingDelay : _currentDelay; + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function pendingDefaultAdminDelay() public view virtual returns (uint48 newDelay, uint48 schedule) { + schedule = _pendingDelaySchedule; + return (_isScheduleSet(schedule) && !_hasSchedulePassed(schedule)) ? (_pendingDelay, schedule) : (0, 0); + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function defaultAdminDelayIncreaseWait() public view virtual returns (uint48) { + return 5 days; + } + + /// + /// AccessControlDefaultAdminRules public and internal setters for defaultAdmin/pendingDefaultAdmin + /// + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function beginDefaultAdminTransfer(address newAdmin) public virtual onlyRole(DEFAULT_ADMIN_ROLE) { + _beginDefaultAdminTransfer(newAdmin); + } + + /** + * @dev See {beginDefaultAdminTransfer}. + * + * Internal function without access restriction. + */ + function _beginDefaultAdminTransfer(address newAdmin) internal virtual { + uint48 newSchedule = SafeCast.toUint48(block.timestamp) + defaultAdminDelay(); + _setPendingDefaultAdmin(newAdmin, newSchedule); + emit DefaultAdminTransferScheduled(newAdmin, newSchedule); + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function cancelDefaultAdminTransfer() public virtual onlyRole(DEFAULT_ADMIN_ROLE) { + _cancelDefaultAdminTransfer(); + } + + /** + * @dev See {cancelDefaultAdminTransfer}. + * + * Internal function without access restriction. + */ + function _cancelDefaultAdminTransfer() internal virtual { + _setPendingDefaultAdmin(address(0), 0); + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function acceptDefaultAdminTransfer() public virtual { + (address newDefaultAdmin, ) = pendingDefaultAdmin(); + if (_msgSender() != newDefaultAdmin) { + // Enforce newDefaultAdmin explicit acceptance. + revert AccessControlInvalidDefaultAdmin(_msgSender()); + } + _acceptDefaultAdminTransfer(); + } + + /** + * @dev See {acceptDefaultAdminTransfer}. + * + * Internal function without access restriction. + */ + function _acceptDefaultAdminTransfer() internal virtual { + (address newAdmin, uint48 schedule) = pendingDefaultAdmin(); + if (!_isScheduleSet(schedule) || !_hasSchedulePassed(schedule)) { + revert AccessControlEnforcedDefaultAdminDelay(schedule); + } + _revokeRole(DEFAULT_ADMIN_ROLE, defaultAdmin()); + _grantRole(DEFAULT_ADMIN_ROLE, newAdmin); + delete _pendingDefaultAdmin; + delete _pendingDefaultAdminSchedule; + } + + /// + /// AccessControlDefaultAdminRules public and internal setters for defaultAdminDelay/pendingDefaultAdminDelay + /// + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function changeDefaultAdminDelay(uint48 newDelay) public virtual onlyRole(DEFAULT_ADMIN_ROLE) { + _changeDefaultAdminDelay(newDelay); + } + + /** + * @dev See {changeDefaultAdminDelay}. + * + * Internal function without access restriction. + */ + function _changeDefaultAdminDelay(uint48 newDelay) internal virtual { + uint48 newSchedule = SafeCast.toUint48(block.timestamp) + _delayChangeWait(newDelay); + _setPendingDelay(newDelay, newSchedule); + emit DefaultAdminDelayChangeScheduled(newDelay, newSchedule); + } + + /** + * @inheritdoc IAccessControlDefaultAdminRules + */ + function rollbackDefaultAdminDelay() public virtual onlyRole(DEFAULT_ADMIN_ROLE) { + _rollbackDefaultAdminDelay(); + } + + /** + * @dev See {rollbackDefaultAdminDelay}. + * + * Internal function without access restriction. + */ + function _rollbackDefaultAdminDelay() internal virtual { + _setPendingDelay(0, 0); + } + + /** + * @dev Returns the amount of seconds to wait after the `newDelay` will + * become the new {defaultAdminDelay}. + * + * The value returned guarantees that if the delay is reduced, it will go into effect + * after a wait that honors the previously set delay. + * + * See {defaultAdminDelayIncreaseWait}. + */ + function _delayChangeWait(uint48 newDelay) internal view virtual returns (uint48) { + uint48 currentDelay = defaultAdminDelay(); + + // When increasing the delay, we schedule the delay change to occur after a period of "new delay" has passed, up + // to a maximum given by defaultAdminDelayIncreaseWait, by default 5 days. For example, if increasing from 1 day + // to 3 days, the new delay will come into effect after 3 days. If increasing from 1 day to 10 days, the new + // delay will come into effect after 5 days. The 5 day wait period is intended to be able to fix an error like + // using milliseconds instead of seconds. + // + // When decreasing the delay, we wait the difference between "current delay" and "new delay". This guarantees + // that an admin transfer cannot be made faster than "current delay" at the time the delay change is scheduled. + // For example, if decreasing from 10 days to 3 days, the new delay will come into effect after 7 days. + return + newDelay > currentDelay + ? uint48(Math.min(newDelay, defaultAdminDelayIncreaseWait())) // no need to safecast, both inputs are uint48 + : currentDelay - newDelay; + } + + /// + /// Private setters + /// + + /** + * @dev Setter of the tuple for pending admin and its schedule. + * + * May emit a DefaultAdminTransferCanceled event. + */ + function _setPendingDefaultAdmin(address newAdmin, uint48 newSchedule) private { + (, uint48 oldSchedule) = pendingDefaultAdmin(); + + _pendingDefaultAdmin = newAdmin; + _pendingDefaultAdminSchedule = newSchedule; + + // An `oldSchedule` from `pendingDefaultAdmin()` is only set if it hasn't been accepted. + if (_isScheduleSet(oldSchedule)) { + // Emit for implicit cancellations when another default admin was scheduled. + emit DefaultAdminTransferCanceled(); + } + } + + /** + * @dev Setter of the tuple for pending delay and its schedule. + * + * May emit a DefaultAdminDelayChangeCanceled event. + */ + function _setPendingDelay(uint48 newDelay, uint48 newSchedule) private { + uint48 oldSchedule = _pendingDelaySchedule; + + if (_isScheduleSet(oldSchedule)) { + if (_hasSchedulePassed(oldSchedule)) { + // Materialize a virtual delay + _currentDelay = _pendingDelay; + } else { + // Emit for implicit cancellations when another delay was scheduled. + emit DefaultAdminDelayChangeCanceled(); + } + } + + _pendingDelay = newDelay; + _pendingDelaySchedule = newSchedule; + } + + /// + /// Private helpers + /// + + /** + * @dev Defines if an `schedule` is considered set. For consistency purposes. + */ + function _isScheduleSet(uint48 schedule) private pure returns (bool) { + return schedule != 0; + } + + /** + * @dev Defines if an `schedule` is considered passed. For consistency purposes. + */ + function _hasSchedulePassed(uint48 schedule) private view returns (bool) { + return schedule < block.timestamp; + } +} diff --git a/dependencies/@openzeppelin/contracts/access/extensions/AccessControlEnumerable.sol b/dependencies/@openzeppelin/contracts/access/extensions/AccessControlEnumerable.sol new file mode 100644 index 00000000..222490c9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/extensions/AccessControlEnumerable.sol @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/extensions/AccessControlEnumerable.sol) + +pragma solidity ^0.8.20; + +import {IAccessControlEnumerable} from "./IAccessControlEnumerable.sol"; +import {AccessControl} from "../AccessControl.sol"; +import {EnumerableSet} from "../../utils/structs/EnumerableSet.sol"; + +/** + * @dev Extension of {AccessControl} that allows enumerating the members of each role. + */ +abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessControl { + using EnumerableSet for EnumerableSet.AddressSet; + + mapping(bytes32 role => EnumerableSet.AddressSet) private _roleMembers; + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @dev Returns one of the accounts that have `role`. `index` must be a + * value between 0 and {getRoleMemberCount}, non-inclusive. + * + * Role bearers are not sorted in any particular way, and their ordering may + * change at any point. + * + * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure + * you perform all queries on the same block. See the following + * https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post] + * for more information. + */ + function getRoleMember(bytes32 role, uint256 index) public view virtual returns (address) { + return _roleMembers[role].at(index); + } + + /** + * @dev Returns the number of accounts that have `role`. Can be used + * together with {getRoleMember} to enumerate all bearers of a role. + */ + function getRoleMemberCount(bytes32 role) public view virtual returns (uint256) { + return _roleMembers[role].length(); + } + + /** + * @dev Return all accounts that have `role` + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function getRoleMembers(bytes32 role) public view virtual returns (address[] memory) { + return _roleMembers[role].values(); + } + + /** + * @dev Overload {AccessControl-_grantRole} to track enumerable memberships + */ + function _grantRole(bytes32 role, address account) internal virtual override returns (bool) { + bool granted = super._grantRole(role, account); + if (granted) { + _roleMembers[role].add(account); + } + return granted; + } + + /** + * @dev Overload {AccessControl-_revokeRole} to track enumerable memberships + */ + function _revokeRole(bytes32 role, address account) internal virtual override returns (bool) { + bool revoked = super._revokeRole(role, account); + if (revoked) { + _roleMembers[role].remove(account); + } + return revoked; + } +} diff --git a/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlDefaultAdminRules.sol b/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlDefaultAdminRules.sol new file mode 100644 index 00000000..b74355aa --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlDefaultAdminRules.sol @@ -0,0 +1,192 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/extensions/IAccessControlDefaultAdminRules.sol) + +pragma solidity ^0.8.20; + +import {IAccessControl} from "../IAccessControl.sol"; + +/** + * @dev External interface of AccessControlDefaultAdminRules declared to support ERC-165 detection. + */ +interface IAccessControlDefaultAdminRules is IAccessControl { + /** + * @dev The new default admin is not a valid default admin. + */ + error AccessControlInvalidDefaultAdmin(address defaultAdmin); + + /** + * @dev At least one of the following rules was violated: + * + * - The `DEFAULT_ADMIN_ROLE` must only be managed by itself. + * - The `DEFAULT_ADMIN_ROLE` must only be held by one account at the time. + * - Any `DEFAULT_ADMIN_ROLE` transfer must be in two delayed steps. + */ + error AccessControlEnforcedDefaultAdminRules(); + + /** + * @dev The delay for transferring the default admin delay is enforced and + * the operation must wait until `schedule`. + * + * NOTE: `schedule` can be 0 indicating there's no transfer scheduled. + */ + error AccessControlEnforcedDefaultAdminDelay(uint48 schedule); + + /** + * @dev Emitted when a {defaultAdmin} transfer is started, setting `newAdmin` as the next + * address to become the {defaultAdmin} by calling {acceptDefaultAdminTransfer} only after `acceptSchedule` + * passes. + */ + event DefaultAdminTransferScheduled(address indexed newAdmin, uint48 acceptSchedule); + + /** + * @dev Emitted when a {pendingDefaultAdmin} is reset if it was never accepted, regardless of its schedule. + */ + event DefaultAdminTransferCanceled(); + + /** + * @dev Emitted when a {defaultAdminDelay} change is started, setting `newDelay` as the next + * delay to be applied between default admin transfer after `effectSchedule` has passed. + */ + event DefaultAdminDelayChangeScheduled(uint48 newDelay, uint48 effectSchedule); + + /** + * @dev Emitted when a {pendingDefaultAdminDelay} is reset if its schedule didn't pass. + */ + event DefaultAdminDelayChangeCanceled(); + + /** + * @dev Returns the address of the current `DEFAULT_ADMIN_ROLE` holder. + */ + function defaultAdmin() external view returns (address); + + /** + * @dev Returns a tuple of a `newAdmin` and an accept schedule. + * + * After the `schedule` passes, the `newAdmin` will be able to accept the {defaultAdmin} role + * by calling {acceptDefaultAdminTransfer}, completing the role transfer. + * + * A zero value only in `acceptSchedule` indicates no pending admin transfer. + * + * NOTE: A zero address `newAdmin` means that {defaultAdmin} is being renounced. + */ + function pendingDefaultAdmin() external view returns (address newAdmin, uint48 acceptSchedule); + + /** + * @dev Returns the delay required to schedule the acceptance of a {defaultAdmin} transfer started. + * + * This delay will be added to the current timestamp when calling {beginDefaultAdminTransfer} to set + * the acceptance schedule. + * + * NOTE: If a delay change has been scheduled, it will take effect as soon as the schedule passes, making this + * function returns the new delay. See {changeDefaultAdminDelay}. + */ + function defaultAdminDelay() external view returns (uint48); + + /** + * @dev Returns a tuple of `newDelay` and an effect schedule. + * + * After the `schedule` passes, the `newDelay` will get into effect immediately for every + * new {defaultAdmin} transfer started with {beginDefaultAdminTransfer}. + * + * A zero value only in `effectSchedule` indicates no pending delay change. + * + * NOTE: A zero value only for `newDelay` means that the next {defaultAdminDelay} + * will be zero after the effect schedule. + */ + function pendingDefaultAdminDelay() external view returns (uint48 newDelay, uint48 effectSchedule); + + /** + * @dev Starts a {defaultAdmin} transfer by setting a {pendingDefaultAdmin} scheduled for acceptance + * after the current timestamp plus a {defaultAdminDelay}. + * + * Requirements: + * + * - Only can be called by the current {defaultAdmin}. + * + * Emits a DefaultAdminRoleChangeStarted event. + */ + function beginDefaultAdminTransfer(address newAdmin) external; + + /** + * @dev Cancels a {defaultAdmin} transfer previously started with {beginDefaultAdminTransfer}. + * + * A {pendingDefaultAdmin} not yet accepted can also be cancelled with this function. + * + * Requirements: + * + * - Only can be called by the current {defaultAdmin}. + * + * May emit a DefaultAdminTransferCanceled event. + */ + function cancelDefaultAdminTransfer() external; + + /** + * @dev Completes a {defaultAdmin} transfer previously started with {beginDefaultAdminTransfer}. + * + * After calling the function: + * + * - `DEFAULT_ADMIN_ROLE` should be granted to the caller. + * - `DEFAULT_ADMIN_ROLE` should be revoked from the previous holder. + * - {pendingDefaultAdmin} should be reset to zero values. + * + * Requirements: + * + * - Only can be called by the {pendingDefaultAdmin}'s `newAdmin`. + * - The {pendingDefaultAdmin}'s `acceptSchedule` should've passed. + */ + function acceptDefaultAdminTransfer() external; + + /** + * @dev Initiates a {defaultAdminDelay} update by setting a {pendingDefaultAdminDelay} scheduled for getting + * into effect after the current timestamp plus a {defaultAdminDelay}. + * + * This function guarantees that any call to {beginDefaultAdminTransfer} done between the timestamp this + * method is called and the {pendingDefaultAdminDelay} effect schedule will use the current {defaultAdminDelay} + * set before calling. + * + * The {pendingDefaultAdminDelay}'s effect schedule is defined in a way that waiting until the schedule and then + * calling {beginDefaultAdminTransfer} with the new delay will take at least the same as another {defaultAdmin} + * complete transfer (including acceptance). + * + * The schedule is designed for two scenarios: + * + * - When the delay is changed for a larger one the schedule is `block.timestamp + newDelay` capped by + * {defaultAdminDelayIncreaseWait}. + * - When the delay is changed for a shorter one, the schedule is `block.timestamp + (current delay - new delay)`. + * + * A {pendingDefaultAdminDelay} that never got into effect will be canceled in favor of a new scheduled change. + * + * Requirements: + * + * - Only can be called by the current {defaultAdmin}. + * + * Emits a DefaultAdminDelayChangeScheduled event and may emit a DefaultAdminDelayChangeCanceled event. + */ + function changeDefaultAdminDelay(uint48 newDelay) external; + + /** + * @dev Cancels a scheduled {defaultAdminDelay} change. + * + * Requirements: + * + * - Only can be called by the current {defaultAdmin}. + * + * May emit a DefaultAdminDelayChangeCanceled event. + */ + function rollbackDefaultAdminDelay() external; + + /** + * @dev Maximum time in seconds for an increase to {defaultAdminDelay} (that is scheduled using {changeDefaultAdminDelay}) + * to take effect. Default to 5 days. + * + * When the {defaultAdminDelay} is scheduled to be increased, it goes into effect after the new delay has passed with + * the purpose of giving enough time for reverting any accidental change (i.e. using milliseconds instead of seconds) + * that may lock the contract. However, to avoid excessive schedules, the wait is capped by this function and it can + * be overrode for a custom {defaultAdminDelay} increase scheduling. + * + * IMPORTANT: Make sure to add a reasonable amount of time while overriding this value, otherwise, + * there's a risk of setting a high new delay that goes into effect almost immediately without the + * possibility of human intervention in the case of an input error (eg. set milliseconds instead of seconds). + */ + function defaultAdminDelayIncreaseWait() external view returns (uint48); +} diff --git a/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlEnumerable.sol b/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlEnumerable.sol new file mode 100644 index 00000000..11429686 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/extensions/IAccessControlEnumerable.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/extensions/IAccessControlEnumerable.sol) + +pragma solidity ^0.8.20; + +import {IAccessControl} from "../IAccessControl.sol"; + +/** + * @dev External interface of AccessControlEnumerable declared to support ERC-165 detection. + */ +interface IAccessControlEnumerable is IAccessControl { + /** + * @dev Returns one of the accounts that have `role`. `index` must be a + * value between 0 and {getRoleMemberCount}, non-inclusive. + * + * Role bearers are not sorted in any particular way, and their ordering may + * change at any point. + * + * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure + * you perform all queries on the same block. See the following + * https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post] + * for more information. + */ + function getRoleMember(bytes32 role, uint256 index) external view returns (address); + + /** + * @dev Returns the number of accounts that have `role`. Can be used + * together with {getRoleMember} to enumerate all bearers of a role. + */ + function getRoleMemberCount(bytes32 role) external view returns (uint256); +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/AccessManaged.sol b/dependencies/@openzeppelin/contracts/access/manager/AccessManaged.sol new file mode 100644 index 00000000..41b21b0b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/AccessManaged.sol @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AccessManaged.sol) + +pragma solidity ^0.8.20; + +import {IAuthority} from "./IAuthority.sol"; +import {AuthorityUtils} from "./AuthorityUtils.sol"; +import {IAccessManager} from "./IAccessManager.sol"; +import {IAccessManaged} from "./IAccessManaged.sol"; +import {Context} from "../../utils/Context.sol"; + +/** + * @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be + * permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface, + * implementing a policy that allows certain callers to access certain functions. + * + * IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public` + * functions, and ideally only used in `external` functions. See {restricted}. + */ +abstract contract AccessManaged is Context, IAccessManaged { + address private _authority; + + bool private _consumingSchedule; + + /** + * @dev Initializes the contract connected to an initial authority. + */ + constructor(address initialAuthority) { + _setAuthority(initialAuthority); + } + + /** + * @dev Restricts access to a function as defined by the connected Authority for this contract and the + * caller and selector of the function that entered the contract. + * + * [IMPORTANT] + * ==== + * In general, this modifier should only be used on `external` functions. It is okay to use it on `public` + * functions that are used as external entry points and are not called internally. Unless you know what you're + * doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security + * implications! This is because the permissions are determined by the function that entered the contract, i.e. the + * function at the bottom of the call stack, and not the function where the modifier is visible in the source code. + * ==== + * + * [WARNING] + * ==== + * Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`] + * function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These + * functions are the only execution paths where a function selector cannot be unambiguously determined from the calldata + * since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function + * if no calldata is provided. (See {_checkCanCall}). + * + * The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length. + * ==== + */ + modifier restricted() { + _checkCanCall(_msgSender(), _msgData()); + _; + } + + /// @inheritdoc IAccessManaged + function authority() public view virtual returns (address) { + return _authority; + } + + /// @inheritdoc IAccessManaged + function setAuthority(address newAuthority) public virtual { + address caller = _msgSender(); + if (caller != authority()) { + revert AccessManagedUnauthorized(caller); + } + if (newAuthority.code.length == 0) { + revert AccessManagedInvalidAuthority(newAuthority); + } + _setAuthority(newAuthority); + } + + /// @inheritdoc IAccessManaged + function isConsumingScheduledOp() public view returns (bytes4) { + return _consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0); + } + + /** + * @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the + * permissions set by the current authority. + */ + function _setAuthority(address newAuthority) internal virtual { + _authority = newAuthority; + emit AuthorityUpdated(newAuthority); + } + + /** + * @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata + * is less than 4 bytes long. + */ + function _checkCanCall(address caller, bytes calldata data) internal virtual { + (bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay( + authority(), + caller, + address(this), + bytes4(data[0:4]) + ); + if (!immediate) { + if (delay > 0) { + _consumingSchedule = true; + IAccessManager(authority()).consumeScheduledOp(caller, data); + _consumingSchedule = false; + } else { + revert AccessManagedUnauthorized(caller); + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/AccessManager.sol b/dependencies/@openzeppelin/contracts/access/manager/AccessManager.sol new file mode 100644 index 00000000..a6e2d7ae --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/AccessManager.sol @@ -0,0 +1,740 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AccessManager.sol) + +pragma solidity ^0.8.20; + +import {IAccessManager} from "./IAccessManager.sol"; +import {IAccessManaged} from "./IAccessManaged.sol"; +import {Address} from "../../utils/Address.sol"; +import {Context} from "../../utils/Context.sol"; +import {Multicall} from "../../utils/Multicall.sol"; +import {Math} from "../../utils/math/Math.sol"; +import {Time} from "../../utils/types/Time.sol"; + +/** + * @dev AccessManager is a central contract to store the permissions of a system. + * + * A smart contract under the control of an AccessManager instance is known as a target, and will inherit from the + * {AccessManaged} contract, be connected to this contract as its manager and implement the {AccessManaged-restricted} + * modifier on a set of functions selected to be permissioned. Note that any function without this setup won't be + * effectively restricted. + * + * The restriction rules for such functions are defined in terms of "roles" identified by an `uint64` and scoped + * by target (`address`) and function selectors (`bytes4`). These roles are stored in this contract and can be + * configured by admins (`ADMIN_ROLE` members) after a delay (see {getTargetAdminDelay}). + * + * For each target contract, admins can configure the following without any delay: + * + * * The target's {AccessManaged-authority} via {updateAuthority}. + * * Close or open a target via {setTargetClosed} keeping the permissions intact. + * * The roles that are allowed (or disallowed) to call a given function (identified by its selector) through {setTargetFunctionRole}. + * + * By default every address is member of the `PUBLIC_ROLE` and every target function is restricted to the `ADMIN_ROLE` until configured otherwise. + * Additionally, each role has the following configuration options restricted to this manager's admins: + * + * * A role's admin role via {setRoleAdmin} who can grant or revoke roles. + * * A role's guardian role via {setRoleGuardian} who's allowed to cancel operations. + * * A delay in which a role takes effect after being granted through {setGrantDelay}. + * * A delay of any target's admin action via {setTargetAdminDelay}. + * * A role label for discoverability purposes with {labelRole}. + * + * Any account can be added and removed into any number of these roles by using the {grantRole} and {revokeRole} functions + * restricted to each role's admin (see {getRoleAdmin}). + * + * Since all the permissions of the managed system can be modified by the admins of this instance, it is expected that + * they will be highly secured (e.g., a multisig or a well-configured DAO). + * + * NOTE: This contract implements a form of the {IAuthority} interface, but {canCall} has additional return data so it + * doesn't inherit `IAuthority`. It is however compatible with the `IAuthority` interface since the first 32 bytes of + * the return data are a boolean as expected by that interface. + * + * NOTE: Systems that implement other access control mechanisms (for example using {Ownable}) can be paired with an + * {AccessManager} by transferring permissions (ownership in the case of {Ownable}) directly to the {AccessManager}. + * Users will be able to interact with these contracts through the {execute} function, following the access rules + * registered in the {AccessManager}. Keep in mind that in that context, the msg.sender seen by restricted functions + * will be {AccessManager} itself. + * + * WARNING: When granting permissions over an {Ownable} or {AccessControl} contract to an {AccessManager}, be very + * mindful of the danger associated with functions such as {Ownable-renounceOwnership} or + * {AccessControl-renounceRole}. + */ +contract AccessManager is Context, Multicall, IAccessManager { + using Time for *; + + // Structure that stores the details for a target contract. + struct TargetConfig { + mapping(bytes4 selector => uint64 roleId) allowedRoles; + Time.Delay adminDelay; + bool closed; + } + + // Structure that stores the details for a role/account pair. This structures fit into a single slot. + struct Access { + // Timepoint at which the user gets the permission. + // If this is either 0 or in the future, then the role permission is not available. + uint48 since; + // Delay for execution. Only applies to restricted() / execute() calls. + Time.Delay delay; + } + + // Structure that stores the details of a role. + struct Role { + // Members of the role. + mapping(address user => Access access) members; + // Admin who can grant or revoke permissions. + uint64 admin; + // Guardian who can cancel operations targeting functions that need this role. + uint64 guardian; + // Delay in which the role takes effect after being granted. + Time.Delay grantDelay; + } + + // Structure that stores the details for a scheduled operation. This structure fits into a single slot. + struct Schedule { + // Moment at which the operation can be executed. + uint48 timepoint; + // Operation nonce to allow third-party contracts to identify the operation. + uint32 nonce; + } + + /** + * @dev The identifier of the admin role. Required to perform most configuration operations including + * other roles' management and target restrictions. + */ + uint64 public constant ADMIN_ROLE = type(uint64).min; // 0 + + /** + * @dev The identifier of the public role. Automatically granted to all addresses with no delay. + */ + uint64 public constant PUBLIC_ROLE = type(uint64).max; // 2**64-1 + + mapping(address target => TargetConfig mode) private _targets; + mapping(uint64 roleId => Role) private _roles; + mapping(bytes32 operationId => Schedule) private _schedules; + + // Used to identify operations that are currently being executed via {execute}. + // This should be transient storage when supported by the EVM. + bytes32 private _executionId; + + /** + * @dev Check that the caller is authorized to perform the operation. + * See {AccessManager} description for a detailed breakdown of the authorization logic. + */ + modifier onlyAuthorized() { + _checkAuthorized(); + _; + } + + constructor(address initialAdmin) { + if (initialAdmin == address(0)) { + revert AccessManagerInvalidInitialAdmin(address(0)); + } + + // admin is active immediately and without any execution delay. + _grantRole(ADMIN_ROLE, initialAdmin, 0, 0); + } + + // =================================================== GETTERS ==================================================== + /// @inheritdoc IAccessManager + function canCall( + address caller, + address target, + bytes4 selector + ) public view virtual returns (bool immediate, uint32 delay) { + if (isTargetClosed(target)) { + return (false, 0); + } else if (caller == address(this)) { + // Caller is AccessManager, this means the call was sent through {execute} and it already checked + // permissions. We verify that the call "identifier", which is set during {execute}, is correct. + return (_isExecuting(target, selector), 0); + } else { + uint64 roleId = getTargetFunctionRole(target, selector); + (bool isMember, uint32 currentDelay) = hasRole(roleId, caller); + return isMember ? (currentDelay == 0, currentDelay) : (false, 0); + } + } + + /// @inheritdoc IAccessManager + function expiration() public view virtual returns (uint32) { + return 1 weeks; + } + + /// @inheritdoc IAccessManager + function minSetback() public view virtual returns (uint32) { + return 5 days; + } + + /// @inheritdoc IAccessManager + function isTargetClosed(address target) public view virtual returns (bool) { + return _targets[target].closed; + } + + /// @inheritdoc IAccessManager + function getTargetFunctionRole(address target, bytes4 selector) public view virtual returns (uint64) { + return _targets[target].allowedRoles[selector]; + } + + /// @inheritdoc IAccessManager + function getTargetAdminDelay(address target) public view virtual returns (uint32) { + return _targets[target].adminDelay.get(); + } + + /// @inheritdoc IAccessManager + function getRoleAdmin(uint64 roleId) public view virtual returns (uint64) { + return _roles[roleId].admin; + } + + /// @inheritdoc IAccessManager + function getRoleGuardian(uint64 roleId) public view virtual returns (uint64) { + return _roles[roleId].guardian; + } + + /// @inheritdoc IAccessManager + function getRoleGrantDelay(uint64 roleId) public view virtual returns (uint32) { + return _roles[roleId].grantDelay.get(); + } + + /// @inheritdoc IAccessManager + function getAccess( + uint64 roleId, + address account + ) public view virtual returns (uint48 since, uint32 currentDelay, uint32 pendingDelay, uint48 effect) { + Access storage access = _roles[roleId].members[account]; + + since = access.since; + (currentDelay, pendingDelay, effect) = access.delay.getFull(); + + return (since, currentDelay, pendingDelay, effect); + } + + /// @inheritdoc IAccessManager + function hasRole( + uint64 roleId, + address account + ) public view virtual returns (bool isMember, uint32 executionDelay) { + if (roleId == PUBLIC_ROLE) { + return (true, 0); + } else { + (uint48 hasRoleSince, uint32 currentDelay, , ) = getAccess(roleId, account); + return (hasRoleSince != 0 && hasRoleSince <= Time.timestamp(), currentDelay); + } + } + + // =============================================== ROLE MANAGEMENT =============================================== + /// @inheritdoc IAccessManager + function labelRole(uint64 roleId, string calldata label) public virtual onlyAuthorized { + if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + emit RoleLabel(roleId, label); + } + + /// @inheritdoc IAccessManager + function grantRole(uint64 roleId, address account, uint32 executionDelay) public virtual onlyAuthorized { + _grantRole(roleId, account, getRoleGrantDelay(roleId), executionDelay); + } + + /// @inheritdoc IAccessManager + function revokeRole(uint64 roleId, address account) public virtual onlyAuthorized { + _revokeRole(roleId, account); + } + + /// @inheritdoc IAccessManager + function renounceRole(uint64 roleId, address callerConfirmation) public virtual { + if (callerConfirmation != _msgSender()) { + revert AccessManagerBadConfirmation(); + } + _revokeRole(roleId, callerConfirmation); + } + + /// @inheritdoc IAccessManager + function setRoleAdmin(uint64 roleId, uint64 admin) public virtual onlyAuthorized { + _setRoleAdmin(roleId, admin); + } + + /// @inheritdoc IAccessManager + function setRoleGuardian(uint64 roleId, uint64 guardian) public virtual onlyAuthorized { + _setRoleGuardian(roleId, guardian); + } + + /// @inheritdoc IAccessManager + function setGrantDelay(uint64 roleId, uint32 newDelay) public virtual onlyAuthorized { + _setGrantDelay(roleId, newDelay); + } + + /** + * @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted. + * + * Emits a {RoleGranted} event. + */ + function _grantRole( + uint64 roleId, + address account, + uint32 grantDelay, + uint32 executionDelay + ) internal virtual returns (bool) { + if (roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + + bool newMember = _roles[roleId].members[account].since == 0; + uint48 since; + + if (newMember) { + since = Time.timestamp() + grantDelay; + _roles[roleId].members[account] = Access({since: since, delay: executionDelay.toDelay()}); + } else { + // No setback here. Value can be reset by doing revoke + grant, effectively allowing the admin to perform + // any change to the execution delay within the duration of the role admin delay. + (_roles[roleId].members[account].delay, since) = _roles[roleId].members[account].delay.withUpdate( + executionDelay, + 0 + ); + } + + emit RoleGranted(roleId, account, executionDelay, since, newMember); + return newMember; + } + + /** + * @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}. + * Returns true if the role was previously granted. + * + * Emits a {RoleRevoked} event if the account had the role. + */ + function _revokeRole(uint64 roleId, address account) internal virtual returns (bool) { + if (roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + + if (_roles[roleId].members[account].since == 0) { + return false; + } + + delete _roles[roleId].members[account]; + + emit RoleRevoked(roleId, account); + return true; + } + + /** + * @dev Internal version of {setRoleAdmin} without access control. + * + * Emits a {RoleAdminChanged} event. + * + * NOTE: Setting the admin role as the `PUBLIC_ROLE` is allowed, but it will effectively allow + * anyone to set grant or revoke such role. + */ + function _setRoleAdmin(uint64 roleId, uint64 admin) internal virtual { + if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + + _roles[roleId].admin = admin; + + emit RoleAdminChanged(roleId, admin); + } + + /** + * @dev Internal version of {setRoleGuardian} without access control. + * + * Emits a {RoleGuardianChanged} event. + * + * NOTE: Setting the guardian role as the `PUBLIC_ROLE` is allowed, but it will effectively allow + * anyone to cancel any scheduled operation for such role. + */ + function _setRoleGuardian(uint64 roleId, uint64 guardian) internal virtual { + if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + + _roles[roleId].guardian = guardian; + + emit RoleGuardianChanged(roleId, guardian); + } + + /** + * @dev Internal version of {setGrantDelay} without access control. + * + * Emits a {RoleGrantDelayChanged} event. + */ + function _setGrantDelay(uint64 roleId, uint32 newDelay) internal virtual { + if (roleId == PUBLIC_ROLE) { + revert AccessManagerLockedRole(roleId); + } + + uint48 effect; + (_roles[roleId].grantDelay, effect) = _roles[roleId].grantDelay.withUpdate(newDelay, minSetback()); + + emit RoleGrantDelayChanged(roleId, newDelay, effect); + } + + // ============================================= FUNCTION MANAGEMENT ============================================== + /// @inheritdoc IAccessManager + function setTargetFunctionRole( + address target, + bytes4[] calldata selectors, + uint64 roleId + ) public virtual onlyAuthorized { + for (uint256 i = 0; i < selectors.length; ++i) { + _setTargetFunctionRole(target, selectors[i], roleId); + } + } + + /** + * @dev Internal version of {setTargetFunctionRole} without access control. + * + * Emits a {TargetFunctionRoleUpdated} event. + */ + function _setTargetFunctionRole(address target, bytes4 selector, uint64 roleId) internal virtual { + _targets[target].allowedRoles[selector] = roleId; + emit TargetFunctionRoleUpdated(target, selector, roleId); + } + + /// @inheritdoc IAccessManager + function setTargetAdminDelay(address target, uint32 newDelay) public virtual onlyAuthorized { + _setTargetAdminDelay(target, newDelay); + } + + /** + * @dev Internal version of {setTargetAdminDelay} without access control. + * + * Emits a {TargetAdminDelayUpdated} event. + */ + function _setTargetAdminDelay(address target, uint32 newDelay) internal virtual { + uint48 effect; + (_targets[target].adminDelay, effect) = _targets[target].adminDelay.withUpdate(newDelay, minSetback()); + + emit TargetAdminDelayUpdated(target, newDelay, effect); + } + + // =============================================== MODE MANAGEMENT ================================================ + /// @inheritdoc IAccessManager + function setTargetClosed(address target, bool closed) public virtual onlyAuthorized { + _setTargetClosed(target, closed); + } + + /** + * @dev Set the closed flag for a contract. This is an internal setter with no access restrictions. + * + * Emits a {TargetClosed} event. + */ + function _setTargetClosed(address target, bool closed) internal virtual { + _targets[target].closed = closed; + emit TargetClosed(target, closed); + } + + // ============================================== DELAYED OPERATIONS ============================================== + /// @inheritdoc IAccessManager + function getSchedule(bytes32 id) public view virtual returns (uint48) { + uint48 timepoint = _schedules[id].timepoint; + return _isExpired(timepoint) ? 0 : timepoint; + } + + /// @inheritdoc IAccessManager + function getNonce(bytes32 id) public view virtual returns (uint32) { + return _schedules[id].nonce; + } + + /// @inheritdoc IAccessManager + function schedule( + address target, + bytes calldata data, + uint48 when + ) public virtual returns (bytes32 operationId, uint32 nonce) { + address caller = _msgSender(); + + // Fetch restrictions that apply to the caller on the targeted function + (, uint32 setback) = _canCallExtended(caller, target, data); + + uint48 minWhen = Time.timestamp() + setback; + + // If call with delay is not authorized, or if requested timing is too soon, revert + if (setback == 0 || (when > 0 && when < minWhen)) { + revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data)); + } + + // Reuse variable due to stack too deep + when = uint48(Math.max(when, minWhen)); // cast is safe: both inputs are uint48 + + // If caller is authorised, schedule operation + operationId = hashOperation(caller, target, data); + + _checkNotScheduled(operationId); + + unchecked { + // It's not feasible to overflow the nonce in less than 1000 years + nonce = _schedules[operationId].nonce + 1; + } + _schedules[operationId].timepoint = when; + _schedules[operationId].nonce = nonce; + emit OperationScheduled(operationId, nonce, when, caller, target, data); + + // Using named return values because otherwise we get stack too deep + } + + /** + * @dev Reverts if the operation is currently scheduled and has not expired. + * + * NOTE: This function was introduced due to stack too deep errors in schedule. + */ + function _checkNotScheduled(bytes32 operationId) private view { + uint48 prevTimepoint = _schedules[operationId].timepoint; + if (prevTimepoint != 0 && !_isExpired(prevTimepoint)) { + revert AccessManagerAlreadyScheduled(operationId); + } + } + + /// @inheritdoc IAccessManager + // Reentrancy is not an issue because permissions are checked on msg.sender. Additionally, + // _consumeScheduledOp guarantees a scheduled operation is only executed once. + // slither-disable-next-line reentrancy-no-eth + function execute(address target, bytes calldata data) public payable virtual returns (uint32) { + address caller = _msgSender(); + + // Fetch restrictions that apply to the caller on the targeted function + (bool immediate, uint32 setback) = _canCallExtended(caller, target, data); + + // If call is not authorized, revert + if (!immediate && setback == 0) { + revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data)); + } + + bytes32 operationId = hashOperation(caller, target, data); + uint32 nonce; + + // If caller is authorised, check operation was scheduled early enough + // Consume an available schedule even if there is no currently enforced delay + if (setback != 0 || getSchedule(operationId) != 0) { + nonce = _consumeScheduledOp(operationId); + } + + // Mark the target and selector as authorised + bytes32 executionIdBefore = _executionId; + _executionId = _hashExecutionId(target, _checkSelector(data)); + + // Perform call + Address.functionCallWithValue(target, data, msg.value); + + // Reset execute identifier + _executionId = executionIdBefore; + + return nonce; + } + + /// @inheritdoc IAccessManager + function cancel(address caller, address target, bytes calldata data) public virtual returns (uint32) { + address msgsender = _msgSender(); + bytes4 selector = _checkSelector(data); + + bytes32 operationId = hashOperation(caller, target, data); + if (_schedules[operationId].timepoint == 0) { + revert AccessManagerNotScheduled(operationId); + } else if (caller != msgsender) { + // calls can only be canceled by the account that scheduled them, a global admin, or by a guardian of the required role. + (bool isAdmin, ) = hasRole(ADMIN_ROLE, msgsender); + (bool isGuardian, ) = hasRole(getRoleGuardian(getTargetFunctionRole(target, selector)), msgsender); + if (!isAdmin && !isGuardian) { + revert AccessManagerUnauthorizedCancel(msgsender, caller, target, selector); + } + } + + delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonce + uint32 nonce = _schedules[operationId].nonce; + emit OperationCanceled(operationId, nonce); + + return nonce; + } + + /// @inheritdoc IAccessManager + function consumeScheduledOp(address caller, bytes calldata data) public virtual { + address target = _msgSender(); + if (IAccessManaged(target).isConsumingScheduledOp() != IAccessManaged.isConsumingScheduledOp.selector) { + revert AccessManagerUnauthorizedConsume(target); + } + _consumeScheduledOp(hashOperation(caller, target, data)); + } + + /** + * @dev Internal variant of {consumeScheduledOp} that operates on bytes32 operationId. + * + * Returns the nonce of the scheduled operation that is consumed. + */ + function _consumeScheduledOp(bytes32 operationId) internal virtual returns (uint32) { + uint48 timepoint = _schedules[operationId].timepoint; + uint32 nonce = _schedules[operationId].nonce; + + if (timepoint == 0) { + revert AccessManagerNotScheduled(operationId); + } else if (timepoint > Time.timestamp()) { + revert AccessManagerNotReady(operationId); + } else if (_isExpired(timepoint)) { + revert AccessManagerExpired(operationId); + } + + delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonce + emit OperationExecuted(operationId, nonce); + + return nonce; + } + + /// @inheritdoc IAccessManager + function hashOperation(address caller, address target, bytes calldata data) public view virtual returns (bytes32) { + return keccak256(abi.encode(caller, target, data)); + } + + // ==================================================== OTHERS ==================================================== + /// @inheritdoc IAccessManager + function updateAuthority(address target, address newAuthority) public virtual onlyAuthorized { + IAccessManaged(target).setAuthority(newAuthority); + } + + // ================================================= ADMIN LOGIC ================================================== + /** + * @dev Check if the current call is authorized according to admin and roles logic. + * + * WARNING: Carefully review the considerations of {AccessManaged-restricted} since they apply to this modifier. + */ + function _checkAuthorized() private { + address caller = _msgSender(); + (bool immediate, uint32 delay) = _canCallSelf(caller, _msgData()); + if (!immediate) { + if (delay == 0) { + (, uint64 requiredRole, ) = _getAdminRestrictions(_msgData()); + revert AccessManagerUnauthorizedAccount(caller, requiredRole); + } else { + _consumeScheduledOp(hashOperation(caller, address(this), _msgData())); + } + } + } + + /** + * @dev Get the admin restrictions of a given function call based on the function and arguments involved. + * + * Returns: + * - bool restricted: does this data match a restricted operation + * - uint64: which role is this operation restricted to + * - uint32: minimum delay to enforce for that operation (max between operation's delay and admin's execution delay) + */ + function _getAdminRestrictions( + bytes calldata data + ) private view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) { + if (data.length < 4) { + return (false, 0, 0); + } + + bytes4 selector = _checkSelector(data); + + // Restricted to ADMIN with no delay beside any execution delay the caller may have + if ( + selector == this.labelRole.selector || + selector == this.setRoleAdmin.selector || + selector == this.setRoleGuardian.selector || + selector == this.setGrantDelay.selector || + selector == this.setTargetAdminDelay.selector + ) { + return (true, ADMIN_ROLE, 0); + } + + // Restricted to ADMIN with the admin delay corresponding to the target + if ( + selector == this.updateAuthority.selector || + selector == this.setTargetClosed.selector || + selector == this.setTargetFunctionRole.selector + ) { + // First argument is a target. + address target = abi.decode(data[0x04:0x24], (address)); + uint32 delay = getTargetAdminDelay(target); + return (true, ADMIN_ROLE, delay); + } + + // Restricted to that role's admin with no delay beside any execution delay the caller may have. + if (selector == this.grantRole.selector || selector == this.revokeRole.selector) { + // First argument is a roleId. + uint64 roleId = abi.decode(data[0x04:0x24], (uint64)); + return (true, getRoleAdmin(roleId), 0); + } + + return (false, getTargetFunctionRole(address(this), selector), 0); + } + + // =================================================== HELPERS ==================================================== + /** + * @dev An extended version of {canCall} for internal usage that checks {_canCallSelf} + * when the target is this contract. + * + * Returns: + * - bool immediate: whether the operation can be executed immediately (with no delay) + * - uint32 delay: the execution delay + */ + function _canCallExtended( + address caller, + address target, + bytes calldata data + ) private view returns (bool immediate, uint32 delay) { + if (target == address(this)) { + return _canCallSelf(caller, data); + } else { + return data.length < 4 ? (false, 0) : canCall(caller, target, _checkSelector(data)); + } + } + + /** + * @dev A version of {canCall} that checks for restrictions in this contract. + */ + function _canCallSelf(address caller, bytes calldata data) private view returns (bool immediate, uint32 delay) { + if (data.length < 4) { + return (false, 0); + } + + if (caller == address(this)) { + // Caller is AccessManager, this means the call was sent through {execute} and it already checked + // permissions. We verify that the call "identifier", which is set during {execute}, is correct. + return (_isExecuting(address(this), _checkSelector(data)), 0); + } + + (bool adminRestricted, uint64 roleId, uint32 operationDelay) = _getAdminRestrictions(data); + + // isTargetClosed apply to non-admin-restricted function + if (!adminRestricted && isTargetClosed(address(this))) { + return (false, 0); + } + + (bool inRole, uint32 executionDelay) = hasRole(roleId, caller); + if (!inRole) { + return (false, 0); + } + + // downcast is safe because both options are uint32 + delay = uint32(Math.max(operationDelay, executionDelay)); + return (delay == 0, delay); + } + + /** + * @dev Returns true if a call with `target` and `selector` is being executed via {executed}. + */ + function _isExecuting(address target, bytes4 selector) private view returns (bool) { + return _executionId == _hashExecutionId(target, selector); + } + + /** + * @dev Returns true if a schedule timepoint is past its expiration deadline. + */ + function _isExpired(uint48 timepoint) private view returns (bool) { + return timepoint + expiration() <= Time.timestamp(); + } + + /** + * @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes + */ + function _checkSelector(bytes calldata data) private pure returns (bytes4) { + return bytes4(data[0:4]); + } + + /** + * @dev Hashing function for execute protection + */ + function _hashExecutionId(address target, bytes4 selector) private pure returns (bytes32) { + return keccak256(abi.encode(target, selector)); + } +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/AuthorityUtils.sol b/dependencies/@openzeppelin/contracts/access/manager/AuthorityUtils.sol new file mode 100644 index 00000000..fb3018ca --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/AuthorityUtils.sol @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AuthorityUtils.sol) + +pragma solidity ^0.8.20; + +import {IAuthority} from "./IAuthority.sol"; + +library AuthorityUtils { + /** + * @dev Since `AccessManager` implements an extended IAuthority interface, invoking `canCall` with backwards compatibility + * for the preexisting `IAuthority` interface requires special care to avoid reverting on insufficient return data. + * This helper function takes care of invoking `canCall` in a backwards compatible way without reverting. + */ + function canCallWithDelay( + address authority, + address caller, + address target, + bytes4 selector + ) internal view returns (bool immediate, uint32 delay) { + (bool success, bytes memory data) = authority.staticcall( + abi.encodeCall(IAuthority.canCall, (caller, target, selector)) + ); + if (success) { + if (data.length >= 0x40) { + (immediate, delay) = abi.decode(data, (bool, uint32)); + } else if (data.length >= 0x20) { + immediate = abi.decode(data, (bool)); + } + } + return (immediate, delay); + } +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/IAccessManaged.sol b/dependencies/@openzeppelin/contracts/access/manager/IAccessManaged.sol new file mode 100644 index 00000000..95206bde --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/IAccessManaged.sol @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAccessManaged.sol) + +pragma solidity ^0.8.20; + +interface IAccessManaged { + /** + * @dev Authority that manages this contract was updated. + */ + event AuthorityUpdated(address authority); + + error AccessManagedUnauthorized(address caller); + error AccessManagedRequiredDelay(address caller, uint32 delay); + error AccessManagedInvalidAuthority(address authority); + + /** + * @dev Returns the current authority. + */ + function authority() external view returns (address); + + /** + * @dev Transfers control to a new authority. The caller must be the current authority. + */ + function setAuthority(address) external; + + /** + * @dev Returns true only in the context of a delayed restricted call, at the moment that the scheduled operation is + * being consumed. Prevents denial of service for delayed restricted calls in the case that the contract performs + * attacker controlled calls. + */ + function isConsumingScheduledOp() external view returns (bytes4); +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/IAccessManager.sol b/dependencies/@openzeppelin/contracts/access/manager/IAccessManager.sol new file mode 100644 index 00000000..2811281a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/IAccessManager.sol @@ -0,0 +1,401 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAccessManager.sol) + +pragma solidity ^0.8.20; + +import {Time} from "../../utils/types/Time.sol"; + +interface IAccessManager { + /** + * @dev A delayed operation was scheduled. + */ + event OperationScheduled( + bytes32 indexed operationId, + uint32 indexed nonce, + uint48 schedule, + address caller, + address target, + bytes data + ); + + /** + * @dev A scheduled operation was executed. + */ + event OperationExecuted(bytes32 indexed operationId, uint32 indexed nonce); + + /** + * @dev A scheduled operation was canceled. + */ + event OperationCanceled(bytes32 indexed operationId, uint32 indexed nonce); + + /** + * @dev Informational labelling for a roleId. + */ + event RoleLabel(uint64 indexed roleId, string label); + + /** + * @dev Emitted when `account` is granted `roleId`. + * + * NOTE: The meaning of the `since` argument depends on the `newMember` argument. + * If the role is granted to a new member, the `since` argument indicates when the account becomes a member of the role, + * otherwise it indicates the execution delay for this account and roleId is updated. + */ + event RoleGranted(uint64 indexed roleId, address indexed account, uint32 delay, uint48 since, bool newMember); + + /** + * @dev Emitted when `account` membership or `roleId` is revoked. Unlike granting, revoking is instantaneous. + */ + event RoleRevoked(uint64 indexed roleId, address indexed account); + + /** + * @dev Role acting as admin over a given `roleId` is updated. + */ + event RoleAdminChanged(uint64 indexed roleId, uint64 indexed admin); + + /** + * @dev Role acting as guardian over a given `roleId` is updated. + */ + event RoleGuardianChanged(uint64 indexed roleId, uint64 indexed guardian); + + /** + * @dev Grant delay for a given `roleId` will be updated to `delay` when `since` is reached. + */ + event RoleGrantDelayChanged(uint64 indexed roleId, uint32 delay, uint48 since); + + /** + * @dev Target mode is updated (true = closed, false = open). + */ + event TargetClosed(address indexed target, bool closed); + + /** + * @dev Role required to invoke `selector` on `target` is updated to `roleId`. + */ + event TargetFunctionRoleUpdated(address indexed target, bytes4 selector, uint64 indexed roleId); + + /** + * @dev Admin delay for a given `target` will be updated to `delay` when `since` is reached. + */ + event TargetAdminDelayUpdated(address indexed target, uint32 delay, uint48 since); + + error AccessManagerAlreadyScheduled(bytes32 operationId); + error AccessManagerNotScheduled(bytes32 operationId); + error AccessManagerNotReady(bytes32 operationId); + error AccessManagerExpired(bytes32 operationId); + error AccessManagerLockedRole(uint64 roleId); + error AccessManagerBadConfirmation(); + error AccessManagerUnauthorizedAccount(address msgsender, uint64 roleId); + error AccessManagerUnauthorizedCall(address caller, address target, bytes4 selector); + error AccessManagerUnauthorizedConsume(address target); + error AccessManagerUnauthorizedCancel(address msgsender, address caller, address target, bytes4 selector); + error AccessManagerInvalidInitialAdmin(address initialAdmin); + + /** + * @dev Check if an address (`caller`) is authorised to call a given function on a given contract directly (with + * no restriction). Additionally, it returns the delay needed to perform the call indirectly through the {schedule} + * & {execute} workflow. + * + * This function is usually called by the targeted contract to control immediate execution of restricted functions. + * Therefore we only return true if the call can be performed without any delay. If the call is subject to a + * previously set delay (not zero), then the function should return false and the caller should schedule the operation + * for future execution. + * + * If `immediate` is true, the delay can be disregarded and the operation can be immediately executed, otherwise + * the operation can be executed if and only if delay is greater than 0. + * + * NOTE: The IAuthority interface does not include the `uint32` delay. This is an extension of that interface that + * is backward compatible. Some contracts may thus ignore the second return argument. In that case they will fail + * to identify the indirect workflow, and will consider calls that require a delay to be forbidden. + * + * NOTE: This function does not report the permissions of the admin functions in the manager itself. These are defined by the + * {AccessManager} documentation. + */ + function canCall( + address caller, + address target, + bytes4 selector + ) external view returns (bool allowed, uint32 delay); + + /** + * @dev Expiration delay for scheduled proposals. Defaults to 1 week. + * + * IMPORTANT: Avoid overriding the expiration with 0. Otherwise every contract proposal will be expired immediately, + * disabling any scheduling usage. + */ + function expiration() external view returns (uint32); + + /** + * @dev Minimum setback for all delay updates, with the exception of execution delays. It + * can be increased without setback (and reset via {revokeRole} in the case event of an + * accidental increase). Defaults to 5 days. + */ + function minSetback() external view returns (uint32); + + /** + * @dev Get whether the contract is closed disabling any access. Otherwise role permissions are applied. + * + * NOTE: When the manager itself is closed, admin functions are still accessible to avoid locking the contract. + */ + function isTargetClosed(address target) external view returns (bool); + + /** + * @dev Get the role required to call a function. + */ + function getTargetFunctionRole(address target, bytes4 selector) external view returns (uint64); + + /** + * @dev Get the admin delay for a target contract. Changes to contract configuration are subject to this delay. + */ + function getTargetAdminDelay(address target) external view returns (uint32); + + /** + * @dev Get the id of the role that acts as an admin for the given role. + * + * The admin permission is required to grant the role, revoke the role and update the execution delay to execute + * an operation that is restricted to this role. + */ + function getRoleAdmin(uint64 roleId) external view returns (uint64); + + /** + * @dev Get the role that acts as a guardian for a given role. + * + * The guardian permission allows canceling operations that have been scheduled under the role. + */ + function getRoleGuardian(uint64 roleId) external view returns (uint64); + + /** + * @dev Get the role current grant delay. + * + * Its value may change at any point without an event emitted following a call to {setGrantDelay}. + * Changes to this value, including effect timepoint are notified in advance by the {RoleGrantDelayChanged} event. + */ + function getRoleGrantDelay(uint64 roleId) external view returns (uint32); + + /** + * @dev Get the access details for a given account for a given role. These details include the timepoint at which + * membership becomes active, and the delay applied to all operation by this user that requires this permission + * level. + * + * Returns: + * [0] Timestamp at which the account membership becomes valid. 0 means role is not granted. + * [1] Current execution delay for the account. + * [2] Pending execution delay for the account. + * [3] Timestamp at which the pending execution delay will become active. 0 means no delay update is scheduled. + */ + function getAccess( + uint64 roleId, + address account + ) external view returns (uint48 since, uint32 currentDelay, uint32 pendingDelay, uint48 effect); + + /** + * @dev Check if a given account currently has the permission level corresponding to a given role. Note that this + * permission might be associated with an execution delay. {getAccess} can provide more details. + */ + function hasRole(uint64 roleId, address account) external view returns (bool isMember, uint32 executionDelay); + + /** + * @dev Give a label to a role, for improved role discoverability by UIs. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {RoleLabel} event. + */ + function labelRole(uint64 roleId, string calldata label) external; + + /** + * @dev Add `account` to `roleId`, or change its execution delay. + * + * This gives the account the authorization to call any function that is restricted to this role. An optional + * execution delay (in seconds) can be set. If that delay is non 0, the user is required to schedule any operation + * that is restricted to members of this role. The user will only be able to execute the operation after the delay has + * passed, before it has expired. During this period, admin and guardians can cancel the operation (see {cancel}). + * + * If the account has already been granted this role, the execution delay will be updated. This update is not + * immediate and follows the delay rules. For example, if a user currently has a delay of 3 hours, and this is + * called to reduce that delay to 1 hour, the new delay will take some time to take effect, enforcing that any + * operation executed in the 3 hours that follows this update was indeed scheduled before this update. + * + * Requirements: + * + * - the caller must be an admin for the role (see {getRoleAdmin}) + * - granted role must not be the `PUBLIC_ROLE` + * + * Emits a {RoleGranted} event. + */ + function grantRole(uint64 roleId, address account, uint32 executionDelay) external; + + /** + * @dev Remove an account from a role, with immediate effect. If the account does not have the role, this call has + * no effect. + * + * Requirements: + * + * - the caller must be an admin for the role (see {getRoleAdmin}) + * - revoked role must not be the `PUBLIC_ROLE` + * + * Emits a {RoleRevoked} event if the account had the role. + */ + function revokeRole(uint64 roleId, address account) external; + + /** + * @dev Renounce role permissions for the calling account with immediate effect. If the sender is not in + * the role this call has no effect. + * + * Requirements: + * + * - the caller must be `callerConfirmation`. + * + * Emits a {RoleRevoked} event if the account had the role. + */ + function renounceRole(uint64 roleId, address callerConfirmation) external; + + /** + * @dev Change admin role for a given role. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {RoleAdminChanged} event + */ + function setRoleAdmin(uint64 roleId, uint64 admin) external; + + /** + * @dev Change guardian role for a given role. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {RoleGuardianChanged} event + */ + function setRoleGuardian(uint64 roleId, uint64 guardian) external; + + /** + * @dev Update the delay for granting a `roleId`. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {RoleGrantDelayChanged} event. + */ + function setGrantDelay(uint64 roleId, uint32 newDelay) external; + + /** + * @dev Set the role required to call functions identified by the `selectors` in the `target` contract. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {TargetFunctionRoleUpdated} event per selector. + */ + function setTargetFunctionRole(address target, bytes4[] calldata selectors, uint64 roleId) external; + + /** + * @dev Set the delay for changing the configuration of a given target contract. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {TargetAdminDelayUpdated} event. + */ + function setTargetAdminDelay(address target, uint32 newDelay) external; + + /** + * @dev Set the closed flag for a contract. + * + * Closing the manager itself won't disable access to admin methods to avoid locking the contract. + * + * Requirements: + * + * - the caller must be a global admin + * + * Emits a {TargetClosed} event. + */ + function setTargetClosed(address target, bool closed) external; + + /** + * @dev Return the timepoint at which a scheduled operation will be ready for execution. This returns 0 if the + * operation is not yet scheduled, has expired, was executed, or was canceled. + */ + function getSchedule(bytes32 id) external view returns (uint48); + + /** + * @dev Return the nonce for the latest scheduled operation with a given id. Returns 0 if the operation has never + * been scheduled. + */ + function getNonce(bytes32 id) external view returns (uint32); + + /** + * @dev Schedule a delayed operation for future execution, and return the operation identifier. It is possible to + * choose the timestamp at which the operation becomes executable as long as it satisfies the execution delays + * required for the caller. The special value zero will automatically set the earliest possible time. + * + * Returns the `operationId` that was scheduled. Since this value is a hash of the parameters, it can reoccur when + * the same parameters are used; if this is relevant, the returned `nonce` can be used to uniquely identify this + * scheduled operation from other occurrences of the same `operationId` in invocations of {execute} and {cancel}. + * + * Emits a {OperationScheduled} event. + * + * NOTE: It is not possible to concurrently schedule more than one operation with the same `target` and `data`. If + * this is necessary, a random byte can be appended to `data` to act as a salt that will be ignored by the target + * contract if it is using standard Solidity ABI encoding. + */ + function schedule( + address target, + bytes calldata data, + uint48 when + ) external returns (bytes32 operationId, uint32 nonce); + + /** + * @dev Execute a function that is delay restricted, provided it was properly scheduled beforehand, or the + * execution delay is 0. + * + * Returns the nonce that identifies the previously scheduled operation that is executed, or 0 if the + * operation wasn't previously scheduled (if the caller doesn't have an execution delay). + * + * Emits an {OperationExecuted} event only if the call was scheduled and delayed. + */ + function execute(address target, bytes calldata data) external payable returns (uint32); + + /** + * @dev Cancel a scheduled (delayed) operation. Returns the nonce that identifies the previously scheduled + * operation that is cancelled. + * + * Requirements: + * + * - the caller must be the proposer, a guardian of the targeted function, or a global admin + * + * Emits a {OperationCanceled} event. + */ + function cancel(address caller, address target, bytes calldata data) external returns (uint32); + + /** + * @dev Consume a scheduled operation targeting the caller. If such an operation exists, mark it as consumed + * (emit an {OperationExecuted} event and clean the state). Otherwise, throw an error. + * + * This is useful for contract that want to enforce that calls targeting them were scheduled on the manager, + * with all the verifications that it implies. + * + * Emit a {OperationExecuted} event. + */ + function consumeScheduledOp(address caller, bytes calldata data) external; + + /** + * @dev Hashing function for delayed operations. + */ + function hashOperation(address caller, address target, bytes calldata data) external view returns (bytes32); + + /** + * @dev Changes the authority of a target managed by this manager instance. + * + * Requirements: + * + * - the caller must be a global admin + */ + function updateAuthority(address target, address newAuthority) external; +} diff --git a/dependencies/@openzeppelin/contracts/access/manager/IAuthority.sol b/dependencies/@openzeppelin/contracts/access/manager/IAuthority.sol new file mode 100644 index 00000000..e2d3898f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/access/manager/IAuthority.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAuthority.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Standard interface for permissioning originally defined in Dappsys. + */ +interface IAuthority { + /** + * @dev Returns true if the caller can invoke on a target the function identified by a function selector. + */ + function canCall(address caller, address target, bytes4 selector) external view returns (bool allowed); +} diff --git a/dependencies/@openzeppelin/contracts/finance/README.adoc b/dependencies/@openzeppelin/contracts/finance/README.adoc new file mode 100644 index 00000000..c855cbb6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/finance/README.adoc @@ -0,0 +1,14 @@ += Finance + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/finance + +This directory includes primitives for financial systems: + +- {VestingWallet} handles the vesting of Ether and ERC-20 tokens for a given beneficiary. Custody of multiple tokens can + be given to this contract, which will release the token to the beneficiary following a given, customizable, vesting + schedule. + +== Contracts + +{{VestingWallet}} diff --git a/dependencies/@openzeppelin/contracts/finance/VestingWallet.sol b/dependencies/@openzeppelin/contracts/finance/VestingWallet.sol new file mode 100644 index 00000000..153b8fc6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/finance/VestingWallet.sol @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (finance/VestingWallet.sol) +pragma solidity ^0.8.20; + +import {IERC20} from "../token/ERC20/IERC20.sol"; +import {SafeERC20} from "../token/ERC20/utils/SafeERC20.sol"; +import {Address} from "../utils/Address.sol"; +import {Context} from "../utils/Context.sol"; +import {Ownable} from "../access/Ownable.sol"; + +/** + * @dev A vesting wallet is an ownable contract that can receive native currency and ERC-20 tokens, and release these + * assets to the wallet owner, also referred to as "beneficiary", according to a vesting schedule. + * + * Any assets transferred to this contract will follow the vesting schedule as if they were locked from the beginning. + * Consequently, if the vesting has already started, any amount of tokens sent to this contract will (at least partly) + * be immediately releasable. + * + * By setting the duration to 0, one can configure this contract to behave like an asset timelock that hold tokens for + * a beneficiary until a specified time. + * + * NOTE: Since the wallet is {Ownable}, and ownership can be transferred, it is possible to sell unvested tokens. + * Preventing this in a smart contract is difficult, considering that: 1) a beneficiary address could be a + * counterfactually deployed contract, 2) there is likely to be a migration path for EOAs to become contracts in the + * near future. + * + * NOTE: When using this contract with any token whose balance is adjusted automatically (i.e. a rebase token), make + * sure to account the supply/balance adjustment in the vesting schedule to ensure the vested amount is as intended. + */ +contract VestingWallet is Context, Ownable { + event EtherReleased(uint256 amount); + event ERC20Released(address indexed token, uint256 amount); + + uint256 private _released; + mapping(address token => uint256) private _erc20Released; + uint64 private immutable _start; + uint64 private immutable _duration; + + /** + * @dev Sets the beneficiary (owner), the start timestamp and the vesting duration (in seconds) of the vesting + * wallet. + */ + constructor(address beneficiary, uint64 startTimestamp, uint64 durationSeconds) payable Ownable(beneficiary) { + _start = startTimestamp; + _duration = durationSeconds; + } + + /** + * @dev The contract should be able to receive Eth. + */ + receive() external payable virtual {} + + /** + * @dev Getter for the start timestamp. + */ + function start() public view virtual returns (uint256) { + return _start; + } + + /** + * @dev Getter for the vesting duration. + */ + function duration() public view virtual returns (uint256) { + return _duration; + } + + /** + * @dev Getter for the end timestamp. + */ + function end() public view virtual returns (uint256) { + return start() + duration(); + } + + /** + * @dev Amount of eth already released + */ + function released() public view virtual returns (uint256) { + return _released; + } + + /** + * @dev Amount of token already released + */ + function released(address token) public view virtual returns (uint256) { + return _erc20Released[token]; + } + + /** + * @dev Getter for the amount of releasable eth. + */ + function releasable() public view virtual returns (uint256) { + return vestedAmount(uint64(block.timestamp)) - released(); + } + + /** + * @dev Getter for the amount of releasable `token` tokens. `token` should be the address of an + * {IERC20} contract. + */ + function releasable(address token) public view virtual returns (uint256) { + return vestedAmount(token, uint64(block.timestamp)) - released(token); + } + + /** + * @dev Release the native token (ether) that have already vested. + * + * Emits a {EtherReleased} event. + */ + function release() public virtual { + uint256 amount = releasable(); + _released += amount; + emit EtherReleased(amount); + Address.sendValue(payable(owner()), amount); + } + + /** + * @dev Release the tokens that have already vested. + * + * Emits a {ERC20Released} event. + */ + function release(address token) public virtual { + uint256 amount = releasable(token); + _erc20Released[token] += amount; + emit ERC20Released(token, amount); + SafeERC20.safeTransfer(IERC20(token), owner(), amount); + } + + /** + * @dev Calculates the amount of ether that has already vested. Default implementation is a linear vesting curve. + */ + function vestedAmount(uint64 timestamp) public view virtual returns (uint256) { + return _vestingSchedule(address(this).balance + released(), timestamp); + } + + /** + * @dev Calculates the amount of tokens that has already vested. Default implementation is a linear vesting curve. + */ + function vestedAmount(address token, uint64 timestamp) public view virtual returns (uint256) { + return _vestingSchedule(IERC20(token).balanceOf(address(this)) + released(token), timestamp); + } + + /** + * @dev Virtual implementation of the vesting formula. This returns the amount vested, as a function of time, for + * an asset given its total historical allocation. + */ + function _vestingSchedule(uint256 totalAllocation, uint64 timestamp) internal view virtual returns (uint256) { + if (timestamp < start()) { + return 0; + } else if (timestamp >= end()) { + return totalAllocation; + } else { + return (totalAllocation * (timestamp - start())) / duration(); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/finance/VestingWalletCliff.sol b/dependencies/@openzeppelin/contracts/finance/VestingWalletCliff.sol new file mode 100644 index 00000000..83d82510 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/finance/VestingWalletCliff.sol @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {SafeCast} from "../utils/math/SafeCast.sol"; +import {VestingWallet} from "./VestingWallet.sol"; + +/** + * @dev Extension of {VestingWallet} that adds a cliff to the vesting schedule. + * + * _Available since v5.1._ + */ +abstract contract VestingWalletCliff is VestingWallet { + using SafeCast for *; + + uint64 private immutable _cliff; + + /// @dev The specified cliff duration is larger than the vesting duration. + error InvalidCliffDuration(uint64 cliffSeconds, uint64 durationSeconds); + + /** + * @dev Set the duration of the cliff, in seconds. The cliff starts vesting schedule (see {VestingWallet}'s + * constructor) and ends `cliffSeconds` later. + */ + constructor(uint64 cliffSeconds) { + if (cliffSeconds > duration()) { + revert InvalidCliffDuration(cliffSeconds, duration().toUint64()); + } + _cliff = start().toUint64() + cliffSeconds; + } + + /** + * @dev Getter for the cliff timestamp. + */ + function cliff() public view virtual returns (uint256) { + return _cliff; + } + + /** + * @dev Virtual implementation of the vesting formula. This returns the amount vested, as a function of time, for + * an asset given its total historical allocation. Returns 0 if the {cliff} timestamp is not met. + * + * IMPORTANT: The cliff not only makes the schedule return 0, but it also ignores every possible side + * effect from calling the inherited implementation (i.e. `super._vestingSchedule`). Carefully consider + * this caveat if the overridden implementation of this function has any (e.g. writing to memory or reverting). + */ + function _vestingSchedule( + uint256 totalAllocation, + uint64 timestamp + ) internal view virtual override returns (uint256) { + return timestamp < cliff() ? 0 : super._vestingSchedule(totalAllocation, timestamp); + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/Governor.sol b/dependencies/@openzeppelin/contracts/governance/Governor.sol new file mode 100644 index 00000000..02adffcb --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/Governor.sol @@ -0,0 +1,852 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/Governor.sol) + +pragma solidity ^0.8.20; + +import {IERC721Receiver} from "../token/ERC721/IERC721Receiver.sol"; +import {IERC1155Receiver} from "../token/ERC1155/IERC1155Receiver.sol"; +import {EIP712} from "../utils/cryptography/EIP712.sol"; +import {SignatureChecker} from "../utils/cryptography/SignatureChecker.sol"; +import {IERC165, ERC165} from "../utils/introspection/ERC165.sol"; +import {SafeCast} from "../utils/math/SafeCast.sol"; +import {DoubleEndedQueue} from "../utils/structs/DoubleEndedQueue.sol"; +import {Address} from "../utils/Address.sol"; +import {Context} from "../utils/Context.sol"; +import {Nonces} from "../utils/Nonces.sol"; +import {IGovernor, IERC6372} from "./IGovernor.sol"; + +/** + * @dev Core of the governance system, designed to be extended through various modules. + * + * This contract is abstract and requires several functions to be implemented in various modules: + * + * - A counting module must implement {quorum}, {_quorumReached}, {_voteSucceeded} and {_countVote} + * - A voting module must implement {_getVotes} + * - Additionally, {votingPeriod} must also be implemented + */ +abstract contract Governor is Context, ERC165, EIP712, Nonces, IGovernor, IERC721Receiver, IERC1155Receiver { + using DoubleEndedQueue for DoubleEndedQueue.Bytes32Deque; + + bytes32 public constant BALLOT_TYPEHASH = + keccak256("Ballot(uint256 proposalId,uint8 support,address voter,uint256 nonce)"); + bytes32 public constant EXTENDED_BALLOT_TYPEHASH = + keccak256( + "ExtendedBallot(uint256 proposalId,uint8 support,address voter,uint256 nonce,string reason,bytes params)" + ); + + struct ProposalCore { + address proposer; + uint48 voteStart; + uint32 voteDuration; + bool executed; + bool canceled; + uint48 etaSeconds; + } + + bytes32 private constant ALL_PROPOSAL_STATES_BITMAP = bytes32((2 ** (uint8(type(ProposalState).max) + 1)) - 1); + string private _name; + + mapping(uint256 proposalId => ProposalCore) private _proposals; + + // This queue keeps track of the governor operating on itself. Calls to functions protected by the {onlyGovernance} + // modifier needs to be whitelisted in this queue. Whitelisting is set in {execute}, consumed by the + // {onlyGovernance} modifier and eventually reset after {_executeOperations} completes. This ensures that the + // execution of {onlyGovernance} protected calls can only be achieved through successful proposals. + DoubleEndedQueue.Bytes32Deque private _governanceCall; + + /** + * @dev Restricts a function so it can only be executed through governance proposals. For example, governance + * parameter setters in {GovernorSettings} are protected using this modifier. + * + * The governance executing address may be different from the Governor's own address, for example it could be a + * timelock. This can be customized by modules by overriding {_executor}. The executor is only able to invoke these + * functions during the execution of the governor's {execute} function, and not under any other circumstances. Thus, + * for example, additional timelock proposers are not able to change governance parameters without going through the + * governance protocol (since v4.6). + */ + modifier onlyGovernance() { + _checkGovernance(); + _; + } + + /** + * @dev Sets the value for {name} and {version} + */ + constructor(string memory name_) EIP712(name_, version()) { + _name = name_; + } + + /** + * @dev Function to receive ETH that will be handled by the governor (disabled if executor is a third party contract) + */ + receive() external payable virtual { + if (_executor() != address(this)) { + revert GovernorDisabledDeposit(); + } + } + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC165) returns (bool) { + return + interfaceId == type(IGovernor).interfaceId || + interfaceId == type(IERC1155Receiver).interfaceId || + super.supportsInterface(interfaceId); + } + + /** + * @dev See {IGovernor-name}. + */ + function name() public view virtual returns (string memory) { + return _name; + } + + /** + * @dev See {IGovernor-version}. + */ + function version() public view virtual returns (string memory) { + return "1"; + } + + /** + * @dev See {IGovernor-hashProposal}. + * + * The proposal id is produced by hashing the ABI encoded `targets` array, the `values` array, the `calldatas` array + * and the descriptionHash (bytes32 which itself is the keccak256 hash of the description string). This proposal id + * can be produced from the proposal data which is part of the {ProposalCreated} event. It can even be computed in + * advance, before the proposal is submitted. + * + * Note that the chainId and the governor address are not part of the proposal id computation. Consequently, the + * same proposal (with same operation and same description) will have the same id if submitted on multiple governors + * across multiple networks. This also means that in order to execute the same operation twice (on the same + * governor) the proposer will have to change the description in order to avoid proposal id conflicts. + */ + function hashProposal( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) public pure virtual returns (uint256) { + return uint256(keccak256(abi.encode(targets, values, calldatas, descriptionHash))); + } + + /** + * @dev See {IGovernor-state}. + */ + function state(uint256 proposalId) public view virtual returns (ProposalState) { + // We read the struct fields into the stack at once so Solidity emits a single SLOAD + ProposalCore storage proposal = _proposals[proposalId]; + bool proposalExecuted = proposal.executed; + bool proposalCanceled = proposal.canceled; + + if (proposalExecuted) { + return ProposalState.Executed; + } + + if (proposalCanceled) { + return ProposalState.Canceled; + } + + uint256 snapshot = proposalSnapshot(proposalId); + + if (snapshot == 0) { + revert GovernorNonexistentProposal(proposalId); + } + + uint256 currentTimepoint = clock(); + + if (snapshot >= currentTimepoint) { + return ProposalState.Pending; + } + + uint256 deadline = proposalDeadline(proposalId); + + if (deadline >= currentTimepoint) { + return ProposalState.Active; + } else if (!_quorumReached(proposalId) || !_voteSucceeded(proposalId)) { + return ProposalState.Defeated; + } else if (proposalEta(proposalId) == 0) { + return ProposalState.Succeeded; + } else { + return ProposalState.Queued; + } + } + + /** + * @dev See {IGovernor-proposalThreshold}. + */ + function proposalThreshold() public view virtual returns (uint256) { + return 0; + } + + /** + * @dev See {IGovernor-proposalSnapshot}. + */ + function proposalSnapshot(uint256 proposalId) public view virtual returns (uint256) { + return _proposals[proposalId].voteStart; + } + + /** + * @dev See {IGovernor-proposalDeadline}. + */ + function proposalDeadline(uint256 proposalId) public view virtual returns (uint256) { + return _proposals[proposalId].voteStart + _proposals[proposalId].voteDuration; + } + + /** + * @dev See {IGovernor-proposalProposer}. + */ + function proposalProposer(uint256 proposalId) public view virtual returns (address) { + return _proposals[proposalId].proposer; + } + + /** + * @dev See {IGovernor-proposalEta}. + */ + function proposalEta(uint256 proposalId) public view virtual returns (uint256) { + return _proposals[proposalId].etaSeconds; + } + + /** + * @dev See {IGovernor-proposalNeedsQueuing}. + */ + function proposalNeedsQueuing(uint256) public view virtual returns (bool) { + return false; + } + + /** + * @dev Reverts if the `msg.sender` is not the executor. In case the executor is not this contract + * itself, the function reverts if `msg.data` is not whitelisted as a result of an {execute} + * operation. See {onlyGovernance}. + */ + function _checkGovernance() internal virtual { + if (_executor() != _msgSender()) { + revert GovernorOnlyExecutor(_msgSender()); + } + if (_executor() != address(this)) { + bytes32 msgDataHash = keccak256(_msgData()); + // loop until popping the expected operation - throw if deque is empty (operation not authorized) + while (_governanceCall.popFront() != msgDataHash) {} + } + } + + /** + * @dev Amount of votes already cast passes the threshold limit. + */ + function _quorumReached(uint256 proposalId) internal view virtual returns (bool); + + /** + * @dev Is the proposal successful or not. + */ + function _voteSucceeded(uint256 proposalId) internal view virtual returns (bool); + + /** + * @dev Get the voting weight of `account` at a specific `timepoint`, for a vote as described by `params`. + */ + function _getVotes(address account, uint256 timepoint, bytes memory params) internal view virtual returns (uint256); + + /** + * @dev Register a vote for `proposalId` by `account` with a given `support`, voting `weight` and voting `params`. + * + * Note: Support is generic and can represent various things depending on the voting system used. + */ + function _countVote( + uint256 proposalId, + address account, + uint8 support, + uint256 totalWeight, + bytes memory params + ) internal virtual returns (uint256); + + /** + * @dev Default additional encoded parameters used by castVote methods that don't include them + * + * Note: Should be overridden by specific implementations to use an appropriate value, the + * meaning of the additional params, in the context of that implementation + */ + function _defaultParams() internal view virtual returns (bytes memory) { + return ""; + } + + /** + * @dev See {IGovernor-propose}. This function has opt-in frontrunning protection, described in {_isValidDescriptionForProposer}. + */ + function propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description + ) public virtual returns (uint256) { + address proposer = _msgSender(); + + // check description restriction + if (!_isValidDescriptionForProposer(proposer, description)) { + revert GovernorRestrictedProposer(proposer); + } + + // check proposal threshold + uint256 votesThreshold = proposalThreshold(); + if (votesThreshold > 0) { + uint256 proposerVotes = getVotes(proposer, clock() - 1); + if (proposerVotes < votesThreshold) { + revert GovernorInsufficientProposerVotes(proposer, proposerVotes, votesThreshold); + } + } + + return _propose(targets, values, calldatas, description, proposer); + } + + /** + * @dev Internal propose mechanism. Can be overridden to add more logic on proposal creation. + * + * Emits a {IGovernor-ProposalCreated} event. + */ + function _propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description, + address proposer + ) internal virtual returns (uint256 proposalId) { + proposalId = hashProposal(targets, values, calldatas, keccak256(bytes(description))); + + if (targets.length != values.length || targets.length != calldatas.length || targets.length == 0) { + revert GovernorInvalidProposalLength(targets.length, calldatas.length, values.length); + } + if (_proposals[proposalId].voteStart != 0) { + revert GovernorUnexpectedProposalState(proposalId, state(proposalId), bytes32(0)); + } + + uint256 snapshot = clock() + votingDelay(); + uint256 duration = votingPeriod(); + + ProposalCore storage proposal = _proposals[proposalId]; + proposal.proposer = proposer; + proposal.voteStart = SafeCast.toUint48(snapshot); + proposal.voteDuration = SafeCast.toUint32(duration); + + emit ProposalCreated( + proposalId, + proposer, + targets, + values, + new string[](targets.length), + calldatas, + snapshot, + snapshot + duration, + description + ); + + // Using a named return variable to avoid stack too deep errors + } + + /** + * @dev See {IGovernor-queue}. + */ + function queue( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) public virtual returns (uint256) { + uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); + + _validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Succeeded)); + + uint48 etaSeconds = _queueOperations(proposalId, targets, values, calldatas, descriptionHash); + + if (etaSeconds != 0) { + _proposals[proposalId].etaSeconds = etaSeconds; + emit ProposalQueued(proposalId, etaSeconds); + } else { + revert GovernorQueueNotImplemented(); + } + + return proposalId; + } + + /** + * @dev Internal queuing mechanism. Can be overridden (without a super call) to modify the way queuing is + * performed (for example adding a vault/timelock). + * + * This is empty by default, and must be overridden to implement queuing. + * + * This function returns a timestamp that describes the expected ETA for execution. If the returned value is 0 + * (which is the default value), the core will consider queueing did not succeed, and the public {queue} function + * will revert. + * + * NOTE: Calling this function directly will NOT check the current state of the proposal, or emit the + * `ProposalQueued` event. Queuing a proposal should be done using {queue}. + */ + function _queueOperations( + uint256 /*proposalId*/, + address[] memory /*targets*/, + uint256[] memory /*values*/, + bytes[] memory /*calldatas*/, + bytes32 /*descriptionHash*/ + ) internal virtual returns (uint48) { + return 0; + } + + /** + * @dev See {IGovernor-execute}. + */ + function execute( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) public payable virtual returns (uint256) { + uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); + + _validateStateBitmap( + proposalId, + _encodeStateBitmap(ProposalState.Succeeded) | _encodeStateBitmap(ProposalState.Queued) + ); + + // mark as executed before calls to avoid reentrancy + _proposals[proposalId].executed = true; + + // before execute: register governance call in queue. + if (_executor() != address(this)) { + for (uint256 i = 0; i < targets.length; ++i) { + if (targets[i] == address(this)) { + _governanceCall.pushBack(keccak256(calldatas[i])); + } + } + } + + _executeOperations(proposalId, targets, values, calldatas, descriptionHash); + + // after execute: cleanup governance call queue. + if (_executor() != address(this) && !_governanceCall.empty()) { + _governanceCall.clear(); + } + + emit ProposalExecuted(proposalId); + + return proposalId; + } + + /** + * @dev Internal execution mechanism. Can be overridden (without a super call) to modify the way execution is + * performed (for example adding a vault/timelock). + * + * NOTE: Calling this function directly will NOT check the current state of the proposal, set the executed flag to + * true or emit the `ProposalExecuted` event. Executing a proposal should be done using {execute} or {_execute}. + */ + function _executeOperations( + uint256 /* proposalId */, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 /*descriptionHash*/ + ) internal virtual { + for (uint256 i = 0; i < targets.length; ++i) { + (bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]); + Address.verifyCallResult(success, returndata); + } + } + + /** + * @dev See {IGovernor-cancel}. + */ + function cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) public virtual returns (uint256) { + // The proposalId will be recomputed in the `_cancel` call further down. However we need the value before we + // do the internal call, because we need to check the proposal state BEFORE the internal `_cancel` call + // changes it. The `hashProposal` duplication has a cost that is limited, and that we accept. + uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); + + // public cancel restrictions (on top of existing _cancel restrictions). + _validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Pending)); + if (_msgSender() != proposalProposer(proposalId)) { + revert GovernorOnlyProposer(_msgSender()); + } + + return _cancel(targets, values, calldatas, descriptionHash); + } + + /** + * @dev Internal cancel mechanism with minimal restrictions. A proposal can be cancelled in any state other than + * Canceled, Expired, or Executed. Once cancelled a proposal can't be re-submitted. + * + * Emits a {IGovernor-ProposalCanceled} event. + */ + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual returns (uint256) { + uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); + + _validateStateBitmap( + proposalId, + ALL_PROPOSAL_STATES_BITMAP ^ + _encodeStateBitmap(ProposalState.Canceled) ^ + _encodeStateBitmap(ProposalState.Expired) ^ + _encodeStateBitmap(ProposalState.Executed) + ); + + _proposals[proposalId].canceled = true; + emit ProposalCanceled(proposalId); + + return proposalId; + } + + /** + * @dev See {IGovernor-getVotes}. + */ + function getVotes(address account, uint256 timepoint) public view virtual returns (uint256) { + return _getVotes(account, timepoint, _defaultParams()); + } + + /** + * @dev See {IGovernor-getVotesWithParams}. + */ + function getVotesWithParams( + address account, + uint256 timepoint, + bytes memory params + ) public view virtual returns (uint256) { + return _getVotes(account, timepoint, params); + } + + /** + * @dev See {IGovernor-castVote}. + */ + function castVote(uint256 proposalId, uint8 support) public virtual returns (uint256) { + address voter = _msgSender(); + return _castVote(proposalId, voter, support, ""); + } + + /** + * @dev See {IGovernor-castVoteWithReason}. + */ + function castVoteWithReason( + uint256 proposalId, + uint8 support, + string calldata reason + ) public virtual returns (uint256) { + address voter = _msgSender(); + return _castVote(proposalId, voter, support, reason); + } + + /** + * @dev See {IGovernor-castVoteWithReasonAndParams}. + */ + function castVoteWithReasonAndParams( + uint256 proposalId, + uint8 support, + string calldata reason, + bytes memory params + ) public virtual returns (uint256) { + address voter = _msgSender(); + return _castVote(proposalId, voter, support, reason, params); + } + + /** + * @dev See {IGovernor-castVoteBySig}. + */ + function castVoteBySig( + uint256 proposalId, + uint8 support, + address voter, + bytes memory signature + ) public virtual returns (uint256) { + bool valid = SignatureChecker.isValidSignatureNow( + voter, + _hashTypedDataV4(keccak256(abi.encode(BALLOT_TYPEHASH, proposalId, support, voter, _useNonce(voter)))), + signature + ); + + if (!valid) { + revert GovernorInvalidSignature(voter); + } + + return _castVote(proposalId, voter, support, ""); + } + + /** + * @dev See {IGovernor-castVoteWithReasonAndParamsBySig}. + */ + function castVoteWithReasonAndParamsBySig( + uint256 proposalId, + uint8 support, + address voter, + string calldata reason, + bytes memory params, + bytes memory signature + ) public virtual returns (uint256) { + bool valid = SignatureChecker.isValidSignatureNow( + voter, + _hashTypedDataV4( + keccak256( + abi.encode( + EXTENDED_BALLOT_TYPEHASH, + proposalId, + support, + voter, + _useNonce(voter), + keccak256(bytes(reason)), + keccak256(params) + ) + ) + ), + signature + ); + + if (!valid) { + revert GovernorInvalidSignature(voter); + } + + return _castVote(proposalId, voter, support, reason, params); + } + + /** + * @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve + * voting weight using {IGovernor-getVotes} and call the {_countVote} internal function. Uses the _defaultParams(). + * + * Emits a {IGovernor-VoteCast} event. + */ + function _castVote( + uint256 proposalId, + address account, + uint8 support, + string memory reason + ) internal virtual returns (uint256) { + return _castVote(proposalId, account, support, reason, _defaultParams()); + } + + /** + * @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve + * voting weight using {IGovernor-getVotes} and call the {_countVote} internal function. + * + * Emits a {IGovernor-VoteCast} event. + */ + function _castVote( + uint256 proposalId, + address account, + uint8 support, + string memory reason, + bytes memory params + ) internal virtual returns (uint256) { + _validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Active)); + + uint256 totalWeight = _getVotes(account, proposalSnapshot(proposalId), params); + uint256 votedWeight = _countVote(proposalId, account, support, totalWeight, params); + + if (params.length == 0) { + emit VoteCast(account, proposalId, support, votedWeight, reason); + } else { + emit VoteCastWithParams(account, proposalId, support, votedWeight, reason, params); + } + + return votedWeight; + } + + /** + * @dev Relays a transaction or function call to an arbitrary target. In cases where the governance executor + * is some contract other than the governor itself, like when using a timelock, this function can be invoked + * in a governance proposal to recover tokens or Ether that was sent to the governor contract by mistake. + * Note that if the executor is simply the governor itself, use of `relay` is redundant. + */ + function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance { + (bool success, bytes memory returndata) = target.call{value: value}(data); + Address.verifyCallResult(success, returndata); + } + + /** + * @dev Address through which the governor executes action. Will be overloaded by module that execute actions + * through another contract such as a timelock. + */ + function _executor() internal view virtual returns (address) { + return address(this); + } + + /** + * @dev See {IERC721Receiver-onERC721Received}. + * Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock). + */ + function onERC721Received(address, address, uint256, bytes memory) public virtual returns (bytes4) { + if (_executor() != address(this)) { + revert GovernorDisabledDeposit(); + } + return this.onERC721Received.selector; + } + + /** + * @dev See {IERC1155Receiver-onERC1155Received}. + * Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock). + */ + function onERC1155Received(address, address, uint256, uint256, bytes memory) public virtual returns (bytes4) { + if (_executor() != address(this)) { + revert GovernorDisabledDeposit(); + } + return this.onERC1155Received.selector; + } + + /** + * @dev See {IERC1155Receiver-onERC1155BatchReceived}. + * Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock). + */ + function onERC1155BatchReceived( + address, + address, + uint256[] memory, + uint256[] memory, + bytes memory + ) public virtual returns (bytes4) { + if (_executor() != address(this)) { + revert GovernorDisabledDeposit(); + } + return this.onERC1155BatchReceived.selector; + } + + /** + * @dev Encodes a `ProposalState` into a `bytes32` representation where each bit enabled corresponds to + * the underlying position in the `ProposalState` enum. For example: + * + * 0x000...10000 + * ^^^^^^------ ... + * ^----- Succeeded + * ^---- Defeated + * ^--- Canceled + * ^-- Active + * ^- Pending + */ + function _encodeStateBitmap(ProposalState proposalState) internal pure returns (bytes32) { + return bytes32(1 << uint8(proposalState)); + } + + /** + * @dev Check that the current state of a proposal matches the requirements described by the `allowedStates` bitmap. + * This bitmap should be built using `_encodeStateBitmap`. + * + * If requirements are not met, reverts with a {GovernorUnexpectedProposalState} error. + */ + function _validateStateBitmap(uint256 proposalId, bytes32 allowedStates) private view returns (ProposalState) { + ProposalState currentState = state(proposalId); + if (_encodeStateBitmap(currentState) & allowedStates == bytes32(0)) { + revert GovernorUnexpectedProposalState(proposalId, currentState, allowedStates); + } + return currentState; + } + + /* + * @dev Check if the proposer is authorized to submit a proposal with the given description. + * + * If the proposal description ends with `#proposer=0x???`, where `0x???` is an address written as a hex string + * (case insensitive), then the submission of this proposal will only be authorized to said address. + * + * This is used for frontrunning protection. By adding this pattern at the end of their proposal, one can ensure + * that no other address can submit the same proposal. An attacker would have to either remove or change that part, + * which would result in a different proposal id. + * + * If the description does not match this pattern, it is unrestricted and anyone can submit it. This includes: + * - If the `0x???` part is not a valid hex string. + * - If the `0x???` part is a valid hex string, but does not contain exactly 40 hex digits. + * - If it ends with the expected suffix followed by newlines or other whitespace. + * - If it ends with some other similar suffix, e.g. `#other=abc`. + * - If it does not end with any such suffix. + */ + function _isValidDescriptionForProposer( + address proposer, + string memory description + ) internal view virtual returns (bool) { + uint256 len = bytes(description).length; + + // Length is too short to contain a valid proposer suffix + if (len < 52) { + return true; + } + + // Extract what would be the `#proposer=0x` marker beginning the suffix + bytes12 marker; + assembly ("memory-safe") { + // - Start of the string contents in memory = description + 32 + // - First character of the marker = len - 52 + // - Length of "#proposer=0x0000000000000000000000000000000000000000" = 52 + // - We read the memory word starting at the first character of the marker: + // - (description + 32) + (len - 52) = description + (len - 20) + // - Note: Solidity will ignore anything past the first 12 bytes + marker := mload(add(description, sub(len, 20))) + } + + // If the marker is not found, there is no proposer suffix to check + if (marker != bytes12("#proposer=0x")) { + return true; + } + + // Parse the 40 characters following the marker as uint160 + uint160 recovered = 0; + for (uint256 i = len - 40; i < len; ++i) { + (bool isHex, uint8 value) = _tryHexToUint(bytes(description)[i]); + // If any of the characters is not a hex digit, ignore the suffix entirely + if (!isHex) { + return true; + } + recovered = (recovered << 4) | value; + } + + return recovered == uint160(proposer); + } + + /** + * @dev Try to parse a character from a string as a hex value. Returns `(true, value)` if the char is in + * `[0-9a-fA-F]` and `(false, 0)` otherwise. Value is guaranteed to be in the range `0 <= value < 16` + */ + function _tryHexToUint(bytes1 char) private pure returns (bool isHex, uint8 value) { + uint8 c = uint8(char); + unchecked { + // Case 0-9 + if (47 < c && c < 58) { + return (true, c - 48); + } + // Case A-F + else if (64 < c && c < 71) { + return (true, c - 55); + } + // Case a-f + else if (96 < c && c < 103) { + return (true, c - 87); + } + // Else: not a hex char + else { + return (false, 0); + } + } + } + + /** + * @inheritdoc IERC6372 + */ + function clock() public view virtual returns (uint48); + + /** + * @inheritdoc IERC6372 + */ + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual returns (string memory); + + /** + * @inheritdoc IGovernor + */ + function votingDelay() public view virtual returns (uint256); + + /** + * @inheritdoc IGovernor + */ + function votingPeriod() public view virtual returns (uint256); + + /** + * @inheritdoc IGovernor + */ + function quorum(uint256 timepoint) public view virtual returns (uint256); +} diff --git a/dependencies/@openzeppelin/contracts/governance/IGovernor.sol b/dependencies/@openzeppelin/contracts/governance/IGovernor.sol new file mode 100644 index 00000000..67abfdbb --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/IGovernor.sol @@ -0,0 +1,441 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/IGovernor.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../interfaces/IERC165.sol"; +import {IERC6372} from "../interfaces/IERC6372.sol"; + +/** + * @dev Interface of the {Governor} core. + * + * NOTE: Event parameters lack the `indexed` keyword for compatibility with GovernorBravo events. + * Making event parameters `indexed` affects how events are decoded, potentially breaking existing indexers. + */ +interface IGovernor is IERC165, IERC6372 { + enum ProposalState { + Pending, + Active, + Canceled, + Defeated, + Succeeded, + Queued, + Expired, + Executed + } + + /** + * @dev Empty proposal or a mismatch between the parameters length for a proposal call. + */ + error GovernorInvalidProposalLength(uint256 targets, uint256 calldatas, uint256 values); + + /** + * @dev The vote was already cast. + */ + error GovernorAlreadyCastVote(address voter); + + /** + * @dev Token deposits are disabled in this contract. + */ + error GovernorDisabledDeposit(); + + /** + * @dev The `account` is not a proposer. + */ + error GovernorOnlyProposer(address account); + + /** + * @dev The `account` is not the governance executor. + */ + error GovernorOnlyExecutor(address account); + + /** + * @dev The `proposalId` doesn't exist. + */ + error GovernorNonexistentProposal(uint256 proposalId); + + /** + * @dev The current state of a proposal is not the required for performing an operation. + * The `expectedStates` is a bitmap with the bits enabled for each ProposalState enum position + * counting from right to left. + * + * NOTE: If `expectedState` is `bytes32(0)`, the proposal is expected to not be in any state (i.e. not exist). + * This is the case when a proposal that is expected to be unset is already initiated (the proposal is duplicated). + * + * See {Governor-_encodeStateBitmap}. + */ + error GovernorUnexpectedProposalState(uint256 proposalId, ProposalState current, bytes32 expectedStates); + + /** + * @dev The voting period set is not a valid period. + */ + error GovernorInvalidVotingPeriod(uint256 votingPeriod); + + /** + * @dev The `proposer` does not have the required votes to create a proposal. + */ + error GovernorInsufficientProposerVotes(address proposer, uint256 votes, uint256 threshold); + + /** + * @dev The `proposer` is not allowed to create a proposal. + */ + error GovernorRestrictedProposer(address proposer); + + /** + * @dev The vote type used is not valid for the corresponding counting module. + */ + error GovernorInvalidVoteType(); + + /** + * @dev The provided params buffer is not supported by the counting module. + */ + error GovernorInvalidVoteParams(); + + /** + * @dev Queue operation is not implemented for this governor. Execute should be called directly. + */ + error GovernorQueueNotImplemented(); + + /** + * @dev The proposal hasn't been queued yet. + */ + error GovernorNotQueuedProposal(uint256 proposalId); + + /** + * @dev The proposal has already been queued. + */ + error GovernorAlreadyQueuedProposal(uint256 proposalId); + + /** + * @dev The provided signature is not valid for the expected `voter`. + * If the `voter` is a contract, the signature is not valid using {IERC1271-isValidSignature}. + */ + error GovernorInvalidSignature(address voter); + + /** + * @dev Emitted when a proposal is created. + */ + event ProposalCreated( + uint256 proposalId, + address proposer, + address[] targets, + uint256[] values, + string[] signatures, + bytes[] calldatas, + uint256 voteStart, + uint256 voteEnd, + string description + ); + + /** + * @dev Emitted when a proposal is queued. + */ + event ProposalQueued(uint256 proposalId, uint256 etaSeconds); + + /** + * @dev Emitted when a proposal is executed. + */ + event ProposalExecuted(uint256 proposalId); + + /** + * @dev Emitted when a proposal is canceled. + */ + event ProposalCanceled(uint256 proposalId); + + /** + * @dev Emitted when a vote is cast without params. + * + * Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used. + */ + event VoteCast(address indexed voter, uint256 proposalId, uint8 support, uint256 weight, string reason); + + /** + * @dev Emitted when a vote is cast with params. + * + * Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used. + * `params` are additional encoded parameters. Their interpretation also depends on the voting module used. + */ + event VoteCastWithParams( + address indexed voter, + uint256 proposalId, + uint8 support, + uint256 weight, + string reason, + bytes params + ); + + /** + * @notice module:core + * @dev Name of the governor instance (used in building the EIP-712 domain separator). + */ + function name() external view returns (string memory); + + /** + * @notice module:core + * @dev Version of the governor instance (used in building the EIP-712 domain separator). Default: "1" + */ + function version() external view returns (string memory); + + /** + * @notice module:voting + * @dev A description of the possible `support` values for {castVote} and the way these votes are counted, meant to + * be consumed by UIs to show correct vote options and interpret the results. The string is a URL-encoded sequence of + * key-value pairs that each describe one aspect, for example `support=bravo&quorum=for,abstain`. + * + * There are 2 standard keys: `support` and `quorum`. + * + * - `support=bravo` refers to the vote options 0 = Against, 1 = For, 2 = Abstain, as in `GovernorBravo`. + * - `quorum=bravo` means that only For votes are counted towards quorum. + * - `quorum=for,abstain` means that both For and Abstain votes are counted towards quorum. + * + * If a counting module makes use of encoded `params`, it should include this under a `params` key with a unique + * name that describes the behavior. For example: + * + * - `params=fractional` might refer to a scheme where votes are divided fractionally between for/against/abstain. + * - `params=erc721` might refer to a scheme where specific NFTs are delegated to vote. + * + * NOTE: The string can be decoded by the standard + * https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams[`URLSearchParams`] + * JavaScript class. + */ + // solhint-disable-next-line func-name-mixedcase + function COUNTING_MODE() external view returns (string memory); + + /** + * @notice module:core + * @dev Hashing function used to (re)build the proposal id from the proposal details.. + */ + function hashProposal( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) external pure returns (uint256); + + /** + * @notice module:core + * @dev Current state of a proposal, following Compound's convention + */ + function state(uint256 proposalId) external view returns (ProposalState); + + /** + * @notice module:core + * @dev The number of votes required in order for a voter to become a proposer. + */ + function proposalThreshold() external view returns (uint256); + + /** + * @notice module:core + * @dev Timepoint used to retrieve user's votes and quorum. If using block number (as per Compound's Comp), the + * snapshot is performed at the end of this block. Hence, voting for this proposal starts at the beginning of the + * following block. + */ + function proposalSnapshot(uint256 proposalId) external view returns (uint256); + + /** + * @notice module:core + * @dev Timepoint at which votes close. If using block number, votes close at the end of this block, so it is + * possible to cast a vote during this block. + */ + function proposalDeadline(uint256 proposalId) external view returns (uint256); + + /** + * @notice module:core + * @dev The account that created a proposal. + */ + function proposalProposer(uint256 proposalId) external view returns (address); + + /** + * @notice module:core + * @dev The time when a queued proposal becomes executable ("ETA"). Unlike {proposalSnapshot} and + * {proposalDeadline}, this doesn't use the governor clock, and instead relies on the executor's clock which may be + * different. In most cases this will be a timestamp. + */ + function proposalEta(uint256 proposalId) external view returns (uint256); + + /** + * @notice module:core + * @dev Whether a proposal needs to be queued before execution. + */ + function proposalNeedsQueuing(uint256 proposalId) external view returns (bool); + + /** + * @notice module:user-config + * @dev Delay, between the proposal is created and the vote starts. The unit this duration is expressed in depends + * on the clock (see ERC-6372) this contract uses. + * + * This can be increased to leave time for users to buy voting power, or delegate it, before the voting of a + * proposal starts. + * + * NOTE: While this interface returns a uint256, timepoints are stored as uint48 following the ERC-6372 clock type. + * Consequently this value must fit in a uint48 (when added to the current clock). See {IERC6372-clock}. + */ + function votingDelay() external view returns (uint256); + + /** + * @notice module:user-config + * @dev Delay between the vote start and vote end. The unit this duration is expressed in depends on the clock + * (see ERC-6372) this contract uses. + * + * NOTE: The {votingDelay} can delay the start of the vote. This must be considered when setting the voting + * duration compared to the voting delay. + * + * NOTE: This value is stored when the proposal is submitted so that possible changes to the value do not affect + * proposals that have already been submitted. The type used to save it is a uint32. Consequently, while this + * interface returns a uint256, the value it returns should fit in a uint32. + */ + function votingPeriod() external view returns (uint256); + + /** + * @notice module:user-config + * @dev Minimum number of cast voted required for a proposal to be successful. + * + * NOTE: The `timepoint` parameter corresponds to the snapshot used for counting vote. This allows to scale the + * quorum depending on values such as the totalSupply of a token at this timepoint (see {ERC20Votes}). + */ + function quorum(uint256 timepoint) external view returns (uint256); + + /** + * @notice module:reputation + * @dev Voting power of an `account` at a specific `timepoint`. + * + * Note: this can be implemented in a number of ways, for example by reading the delegated balance from one (or + * multiple), {ERC20Votes} tokens. + */ + function getVotes(address account, uint256 timepoint) external view returns (uint256); + + /** + * @notice module:reputation + * @dev Voting power of an `account` at a specific `timepoint` given additional encoded parameters. + */ + function getVotesWithParams( + address account, + uint256 timepoint, + bytes memory params + ) external view returns (uint256); + + /** + * @notice module:voting + * @dev Returns whether `account` has cast a vote on `proposalId`. + */ + function hasVoted(uint256 proposalId, address account) external view returns (bool); + + /** + * @dev Create a new proposal. Vote start after a delay specified by {IGovernor-votingDelay} and lasts for a + * duration specified by {IGovernor-votingPeriod}. + * + * Emits a {ProposalCreated} event. + * + * NOTE: The state of the Governor and `targets` may change between the proposal creation and its execution. + * This may be the result of third party actions on the targeted contracts, or other governor proposals. + * For example, the balance of this contract could be updated or its access control permissions may be modified, + * possibly compromising the proposal's ability to execute successfully (e.g. the governor doesn't have enough + * value to cover a proposal with multiple transfers). + */ + function propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description + ) external returns (uint256 proposalId); + + /** + * @dev Queue a proposal. Some governors require this step to be performed before execution can happen. If queuing + * is not necessary, this function may revert. + * Queuing a proposal requires the quorum to be reached, the vote to be successful, and the deadline to be reached. + * + * Emits a {ProposalQueued} event. + */ + function queue( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) external returns (uint256 proposalId); + + /** + * @dev Execute a successful proposal. This requires the quorum to be reached, the vote to be successful, and the + * deadline to be reached. Depending on the governor it might also be required that the proposal was queued and + * that some delay passed. + * + * Emits a {ProposalExecuted} event. + * + * NOTE: Some modules can modify the requirements for execution, for example by adding an additional timelock. + */ + function execute( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) external payable returns (uint256 proposalId); + + /** + * @dev Cancel a proposal. A proposal is cancellable by the proposer, but only while it is Pending state, i.e. + * before the vote starts. + * + * Emits a {ProposalCanceled} event. + */ + function cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) external returns (uint256 proposalId); + + /** + * @dev Cast a vote + * + * Emits a {VoteCast} event. + */ + function castVote(uint256 proposalId, uint8 support) external returns (uint256 balance); + + /** + * @dev Cast a vote with a reason + * + * Emits a {VoteCast} event. + */ + function castVoteWithReason( + uint256 proposalId, + uint8 support, + string calldata reason + ) external returns (uint256 balance); + + /** + * @dev Cast a vote with a reason and additional encoded parameters + * + * Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params. + */ + function castVoteWithReasonAndParams( + uint256 proposalId, + uint8 support, + string calldata reason, + bytes memory params + ) external returns (uint256 balance); + + /** + * @dev Cast a vote using the voter's signature, including ERC-1271 signature support. + * + * Emits a {VoteCast} event. + */ + function castVoteBySig( + uint256 proposalId, + uint8 support, + address voter, + bytes memory signature + ) external returns (uint256 balance); + + /** + * @dev Cast a vote with a reason and additional encoded parameters using the voter's signature, + * including ERC-1271 signature support. + * + * Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params. + */ + function castVoteWithReasonAndParamsBySig( + uint256 proposalId, + uint8 support, + address voter, + string calldata reason, + bytes memory params, + bytes memory signature + ) external returns (uint256 balance); +} diff --git a/dependencies/@openzeppelin/contracts/governance/README.adoc b/dependencies/@openzeppelin/contracts/governance/README.adoc new file mode 100644 index 00000000..0f556b90 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/README.adoc @@ -0,0 +1,175 @@ += Governance + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/governance + +This directory includes primitives for on-chain governance. + +== Governor + +This modular system of Governor contracts allows the deployment on-chain voting protocols similar to https://compound.finance/docs/governance[Compound's Governor Alpha & Bravo] and beyond, through the ability to easily customize multiple aspects of the protocol. + +[TIP] +==== +For a guided experience, set up your Governor contract using https://wizard.openzeppelin.com/#governor[Contracts Wizard]. + +For a written walkthrough, check out our guide on xref:ROOT:governance.adoc[How to set up on-chain governance]. +==== + +* {Governor}: The core contract that contains all the logic and primitives. It is abstract and requires choosing one of each of the modules below, or custom ones. + +Votes modules determine the source of voting power, and sometimes quorum number. + +* {GovernorVotes}: Extracts voting weight from an {ERC20Votes}, or since v4.5 an {ERC721Votes} token. + +* {GovernorVotesQuorumFraction}: Combines with `GovernorVotes` to set the quorum as a fraction of the total token supply. + +Counting modules determine valid voting options. + +* {GovernorCountingSimple}: Simple voting mechanism with 3 voting options: Against, For and Abstain. + +* {GovernorCountingFractional}: A more modular voting system that allows a user to vote with only part of its voting power, and to split that weight arbitrarily between the 3 different options (Against, For and Abstain). + +Timelock extensions add a delay for governance decisions to be executed. The workflow is extended to require a `queue` step before execution. With these modules, proposals are executed by the external timelock contract, thus it is the timelock that has to hold the assets that are being governed. + +* {GovernorTimelockAccess}: Connects with an instance of an {AccessManager}. This allows restrictions (and delays) enforced by the manager to be considered by the Governor and integrated into the AccessManager's "schedule + execute" workflow. + +* {GovernorTimelockControl}: Connects with an instance of {TimelockController}. Allows multiple proposers and executors, in addition to the Governor itself. + +* {GovernorTimelockCompound}: Connects with an instance of Compound's https://github.com/compound-finance/compound-protocol/blob/master/contracts/Timelock.sol[`Timelock`] contract. + +Other extensions can customize the behavior or interface in multiple ways. + +* {GovernorStorage}: Stores the proposal details onchain and provides enumerability of the proposals. This can be useful for some L2 chains where storage is cheap compared to calldata. + +* {GovernorSettings}: Manages some of the settings (voting delay, voting period duration, and proposal threshold) in a way that can be updated through a governance proposal, without requiring an upgrade. + +* {GovernorPreventLateQuorum}: Ensures there is a minimum voting period after quorum is reached as a security protection against large voters. + +In addition to modules and extensions, the core contract requires a few virtual functions to be implemented to your particular specifications: + +* <>: Delay (in ERC-6372 clock) since the proposal is submitted until voting power is fixed and voting starts. This can be used to enforce a delay after a proposal is published for users to buy tokens, or delegate their votes. +* <>: Delay (in ERC-6372 clock) since the proposal starts until voting ends. +* <>: Quorum required for a proposal to be successful. This function includes a `timepoint` argument (see ERC-6372) so the quorum can adapt through time, for example, to follow a token's `totalSupply`. + +NOTE: Functions of the `Governor` contract do not include access control. If you want to restrict access, you should add these checks by overloading the particular functions. Among these, {Governor-_cancel} is internal by default, and you will have to expose it (with the right access control mechanism) yourself if this function is needed. + +=== Core + +{{IGovernor}} + +{{Governor}} + +=== Modules + +{{GovernorCountingSimple}} + +{{GovernorCountingFractional}} + +{{GovernorVotes}} + +{{GovernorVotesQuorumFraction}} + +=== Extensions + +{{GovernorTimelockAccess}} + +{{GovernorTimelockControl}} + +{{GovernorTimelockCompound}} + +{{GovernorSettings}} + +{{GovernorPreventLateQuorum}} + +{{GovernorStorage}} + +== Utils + +{{Votes}} + +== Timelock + +In a governance system, the {TimelockController} contract is in charge of introducing a delay between a proposal and its execution. It can be used with or without a {Governor}. + +{{TimelockController}} + +[[timelock-terminology]] +==== Terminology + +* *Operation:* A transaction (or a set of transactions) that is the subject of the timelock. It has to be scheduled by a proposer and executed by an executor. The timelock enforces a minimum delay between the proposition and the execution (see xref:access-control.adoc#operation_lifecycle[operation lifecycle]). If the operation contains multiple transactions (batch mode), they are executed atomically. Operations are identified by the hash of their content. +* *Operation status:* +** *Unset:* An operation that is not part of the timelock mechanism. +** *Waiting:* An operation that has been scheduled, before the timer expires. +** *Ready:* An operation that has been scheduled, after the timer expires. +** *Pending:* An operation that is either waiting or ready. +** *Done:* An operation that has been executed. +* *Predecessor*: An (optional) dependency between operations. An operation can depend on another operation (its predecessor), forcing the execution order of these two operations. +* *Role*: +** *Admin:* An address (smart contract or EOA) that is in charge of granting the roles of Proposer and Executor. +** *Proposer:* An address (smart contract or EOA) that is in charge of scheduling (and cancelling) operations. +** *Executor:* An address (smart contract or EOA) that is in charge of executing operations once the timelock has expired. This role can be given to the zero address to allow anyone to execute operations. + +[[timelock-operation]] +==== Operation structure + +Operation executed by the xref:api:governance.adoc#TimelockController[`TimelockController`] can contain one or multiple subsequent calls. Depending on whether you need to multiple calls to be executed atomically, you can either use simple or batched operations. + +Both operations contain: + +* *Target*, the address of the smart contract that the timelock should operate on. +* *Value*, in wei, that should be sent with the transaction. Most of the time this will be 0. Ether can be deposited before-end or passed along when executing the transaction. +* *Data*, containing the encoded function selector and parameters of the call. This can be produced using a number of tools. For example, a maintenance operation granting role `ROLE` to `ACCOUNT` can be encoded using web3js as follows: + +```javascript +const data = timelock.contract.methods.grantRole(ROLE, ACCOUNT).encodeABI() +``` + +* *Predecessor*, that specifies a dependency between operations. This dependency is optional. Use `bytes32(0)` if the operation does not have any dependency. +* *Salt*, used to disambiguate two otherwise identical operations. This can be any random value. + +In the case of batched operations, `target`, `value` and `data` are specified as arrays, which must be of the same length. + +[[timelock-operation-lifecycle]] +==== Operation lifecycle + +Timelocked operations are identified by a unique id (their hash) and follow a specific lifecycle: + +`Unset` -> `Pending` -> `Pending` + `Ready` -> `Done` + +* By calling xref:api:governance.adoc#TimelockController-schedule-address-uint256-bytes-bytes32-bytes32-uint256-[`schedule`] (or xref:api:governance.adoc#TimelockController-scheduleBatch-address---uint256---bytes---bytes32-bytes32-uint256-[`scheduleBatch`]), a proposer moves the operation from the `Unset` to the `Pending` state. This starts a timer that must be longer than the minimum delay. The timer expires at a timestamp accessible through the xref:api:governance.adoc#TimelockController-getTimestamp-bytes32-[`getTimestamp`] method. +* Once the timer expires, the operation automatically gets the `Ready` state. At this point, it can be executed. +* By calling xref:api:governance.adoc#TimelockController-TimelockController-execute-address-uint256-bytes-bytes32-bytes32-[`execute`] (or xref:api:governance.adoc#TimelockController-executeBatch-address---uint256---bytes---bytes32-bytes32-[`executeBatch`]), an executor triggers the operation's underlying transactions and moves it to the `Done` state. If the operation has a predecessor, it has to be in the `Done` state for this transition to succeed. +* xref:api:governance.adoc#TimelockController-TimelockController-cancel-bytes32-[`cancel`] allows proposers to cancel any `Pending` operation. This resets the operation to the `Unset` state. It is thus possible for a proposer to re-schedule an operation that has been cancelled. In this case, the timer restarts when the operation is rescheduled. + +Operations status can be queried using the functions: + +* xref:api:governance.adoc#TimelockController-isOperationPending-bytes32-[`isOperationPending(bytes32)`] +* xref:api:governance.adoc#TimelockController-isOperationReady-bytes32-[`isOperationReady(bytes32)`] +* xref:api:governance.adoc#TimelockController-isOperationDone-bytes32-[`isOperationDone(bytes32)`] + +[[timelock-roles]] +==== Roles + +[[timelock-admin]] +===== Admin + +The admins are in charge of managing proposers and executors. For the timelock to be self-governed, this role should only be given to the timelock itself. Upon deployment, the admin role can be granted to any address (in addition to the timelock itself). After further configuration and testing, this optional admin should renounce its role such that all further maintenance operations have to go through the timelock process. + +[[timelock-proposer]] +===== Proposer + +The proposers are in charge of scheduling (and cancelling) operations. This is a critical role, that should be given to governing entities. This could be an EOA, a multisig, or a DAO. + +WARNING: *Proposer fight:* Having multiple proposers, while providing redundancy in case one becomes unavailable, can be dangerous. As proposer have their say on all operations, they could cancel operations they disagree with, including operations to remove them for the proposers. + +This role is identified by the *PROPOSER_ROLE* value: `0xb09aa5aeb3702cfd50b6b62bc4532604938f21248a27a1d5ca736082b6819cc1` + +[[timelock-executor]] +===== Executor + +The executors are in charge of executing the operations scheduled by the proposers once the timelock expires. Logic dictates that multisig or DAO that are proposers should also be executors in order to guarantee operations that have been scheduled will eventually be executed. However, having additional executors can reduce the cost (the executing transaction does not require validation by the multisig or DAO that proposed it), while ensuring whoever is in charge of execution cannot trigger actions that have not been scheduled by the proposers. Alternatively, it is possible to allow _any_ address to execute a proposal once the timelock has expired by granting the executor role to the zero address. + +This role is identified by the *EXECUTOR_ROLE* value: `0xd8aa0f3194971a2a116679f7c2090f6939c8d4e01a2a8d7e41d55e5351469e63` + +WARNING: A live contract without at least one proposer and one executor is locked. Make sure these roles are filled by reliable entities before the deployer renounces its administrative rights in favour of the timelock contract itself. See the {AccessControl} documentation to learn more about role management. diff --git a/dependencies/@openzeppelin/contracts/governance/TimelockController.sol b/dependencies/@openzeppelin/contracts/governance/TimelockController.sol new file mode 100644 index 00000000..349d940f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/TimelockController.sol @@ -0,0 +1,472 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/TimelockController.sol) + +pragma solidity ^0.8.20; + +import {AccessControl} from "../access/AccessControl.sol"; +import {ERC721Holder} from "../token/ERC721/utils/ERC721Holder.sol"; +import {ERC1155Holder} from "../token/ERC1155/utils/ERC1155Holder.sol"; +import {Address} from "../utils/Address.sol"; + +/** + * @dev Contract module which acts as a timelocked controller. When set as the + * owner of an `Ownable` smart contract, it enforces a timelock on all + * `onlyOwner` maintenance operations. This gives time for users of the + * controlled contract to exit before a potentially dangerous maintenance + * operation is applied. + * + * By default, this contract is self administered, meaning administration tasks + * have to go through the timelock process. The proposer (resp executor) role + * is in charge of proposing (resp executing) operations. A common use case is + * to position this {TimelockController} as the owner of a smart contract, with + * a multisig or a DAO as the sole proposer. + */ +contract TimelockController is AccessControl, ERC721Holder, ERC1155Holder { + bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE"); + bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE"); + bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE"); + uint256 internal constant _DONE_TIMESTAMP = uint256(1); + + mapping(bytes32 id => uint256) private _timestamps; + uint256 private _minDelay; + + enum OperationState { + Unset, + Waiting, + Ready, + Done + } + + /** + * @dev Mismatch between the parameters length for an operation call. + */ + error TimelockInvalidOperationLength(uint256 targets, uint256 payloads, uint256 values); + + /** + * @dev The schedule operation doesn't meet the minimum delay. + */ + error TimelockInsufficientDelay(uint256 delay, uint256 minDelay); + + /** + * @dev The current state of an operation is not as required. + * The `expectedStates` is a bitmap with the bits enabled for each OperationState enum position + * counting from right to left. + * + * See {_encodeStateBitmap}. + */ + error TimelockUnexpectedOperationState(bytes32 operationId, bytes32 expectedStates); + + /** + * @dev The predecessor to an operation not yet done. + */ + error TimelockUnexecutedPredecessor(bytes32 predecessorId); + + /** + * @dev The caller account is not authorized. + */ + error TimelockUnauthorizedCaller(address caller); + + /** + * @dev Emitted when a call is scheduled as part of operation `id`. + */ + event CallScheduled( + bytes32 indexed id, + uint256 indexed index, + address target, + uint256 value, + bytes data, + bytes32 predecessor, + uint256 delay + ); + + /** + * @dev Emitted when a call is performed as part of operation `id`. + */ + event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data); + + /** + * @dev Emitted when new proposal is scheduled with non-zero salt. + */ + event CallSalt(bytes32 indexed id, bytes32 salt); + + /** + * @dev Emitted when operation `id` is cancelled. + */ + event Cancelled(bytes32 indexed id); + + /** + * @dev Emitted when the minimum delay for future operations is modified. + */ + event MinDelayChange(uint256 oldDuration, uint256 newDuration); + + /** + * @dev Initializes the contract with the following parameters: + * + * - `minDelay`: initial minimum delay in seconds for operations + * - `proposers`: accounts to be granted proposer and canceller roles + * - `executors`: accounts to be granted executor role + * - `admin`: optional account to be granted admin role; disable with zero address + * + * IMPORTANT: The optional admin can aid with initial configuration of roles after deployment + * without being subject to delay, but this role should be subsequently renounced in favor of + * administration through timelocked proposals. Previous versions of this contract would assign + * this admin to the deployer automatically and should be renounced as well. + */ + constructor(uint256 minDelay, address[] memory proposers, address[] memory executors, address admin) { + // self administration + _grantRole(DEFAULT_ADMIN_ROLE, address(this)); + + // optional admin + if (admin != address(0)) { + _grantRole(DEFAULT_ADMIN_ROLE, admin); + } + + // register proposers and cancellers + for (uint256 i = 0; i < proposers.length; ++i) { + _grantRole(PROPOSER_ROLE, proposers[i]); + _grantRole(CANCELLER_ROLE, proposers[i]); + } + + // register executors + for (uint256 i = 0; i < executors.length; ++i) { + _grantRole(EXECUTOR_ROLE, executors[i]); + } + + _minDelay = minDelay; + emit MinDelayChange(0, minDelay); + } + + /** + * @dev Modifier to make a function callable only by a certain role. In + * addition to checking the sender's role, `address(0)` 's role is also + * considered. Granting a role to `address(0)` is equivalent to enabling + * this role for everyone. + */ + modifier onlyRoleOrOpenRole(bytes32 role) { + if (!hasRole(role, address(0))) { + _checkRole(role, _msgSender()); + } + _; + } + + /** + * @dev Contract might receive/hold ETH as part of the maintenance process. + */ + receive() external payable {} + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface( + bytes4 interfaceId + ) public view virtual override(AccessControl, ERC1155Holder) returns (bool) { + return super.supportsInterface(interfaceId); + } + + /** + * @dev Returns whether an id corresponds to a registered operation. This + * includes both Waiting, Ready, and Done operations. + */ + function isOperation(bytes32 id) public view returns (bool) { + return getOperationState(id) != OperationState.Unset; + } + + /** + * @dev Returns whether an operation is pending or not. Note that a "pending" operation may also be "ready". + */ + function isOperationPending(bytes32 id) public view returns (bool) { + OperationState state = getOperationState(id); + return state == OperationState.Waiting || state == OperationState.Ready; + } + + /** + * @dev Returns whether an operation is ready for execution. Note that a "ready" operation is also "pending". + */ + function isOperationReady(bytes32 id) public view returns (bool) { + return getOperationState(id) == OperationState.Ready; + } + + /** + * @dev Returns whether an operation is done or not. + */ + function isOperationDone(bytes32 id) public view returns (bool) { + return getOperationState(id) == OperationState.Done; + } + + /** + * @dev Returns the timestamp at which an operation becomes ready (0 for + * unset operations, 1 for done operations). + */ + function getTimestamp(bytes32 id) public view virtual returns (uint256) { + return _timestamps[id]; + } + + /** + * @dev Returns operation state. + */ + function getOperationState(bytes32 id) public view virtual returns (OperationState) { + uint256 timestamp = getTimestamp(id); + if (timestamp == 0) { + return OperationState.Unset; + } else if (timestamp == _DONE_TIMESTAMP) { + return OperationState.Done; + } else if (timestamp > block.timestamp) { + return OperationState.Waiting; + } else { + return OperationState.Ready; + } + } + + /** + * @dev Returns the minimum delay in seconds for an operation to become valid. + * + * This value can be changed by executing an operation that calls `updateDelay`. + */ + function getMinDelay() public view virtual returns (uint256) { + return _minDelay; + } + + /** + * @dev Returns the identifier of an operation containing a single + * transaction. + */ + function hashOperation( + address target, + uint256 value, + bytes calldata data, + bytes32 predecessor, + bytes32 salt + ) public pure virtual returns (bytes32) { + return keccak256(abi.encode(target, value, data, predecessor, salt)); + } + + /** + * @dev Returns the identifier of an operation containing a batch of + * transactions. + */ + function hashOperationBatch( + address[] calldata targets, + uint256[] calldata values, + bytes[] calldata payloads, + bytes32 predecessor, + bytes32 salt + ) public pure virtual returns (bytes32) { + return keccak256(abi.encode(targets, values, payloads, predecessor, salt)); + } + + /** + * @dev Schedule an operation containing a single transaction. + * + * Emits {CallSalt} if salt is nonzero, and {CallScheduled}. + * + * Requirements: + * + * - the caller must have the 'proposer' role. + */ + function schedule( + address target, + uint256 value, + bytes calldata data, + bytes32 predecessor, + bytes32 salt, + uint256 delay + ) public virtual onlyRole(PROPOSER_ROLE) { + bytes32 id = hashOperation(target, value, data, predecessor, salt); + _schedule(id, delay); + emit CallScheduled(id, 0, target, value, data, predecessor, delay); + if (salt != bytes32(0)) { + emit CallSalt(id, salt); + } + } + + /** + * @dev Schedule an operation containing a batch of transactions. + * + * Emits {CallSalt} if salt is nonzero, and one {CallScheduled} event per transaction in the batch. + * + * Requirements: + * + * - the caller must have the 'proposer' role. + */ + function scheduleBatch( + address[] calldata targets, + uint256[] calldata values, + bytes[] calldata payloads, + bytes32 predecessor, + bytes32 salt, + uint256 delay + ) public virtual onlyRole(PROPOSER_ROLE) { + if (targets.length != values.length || targets.length != payloads.length) { + revert TimelockInvalidOperationLength(targets.length, payloads.length, values.length); + } + + bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt); + _schedule(id, delay); + for (uint256 i = 0; i < targets.length; ++i) { + emit CallScheduled(id, i, targets[i], values[i], payloads[i], predecessor, delay); + } + if (salt != bytes32(0)) { + emit CallSalt(id, salt); + } + } + + /** + * @dev Schedule an operation that is to become valid after a given delay. + */ + function _schedule(bytes32 id, uint256 delay) private { + if (isOperation(id)) { + revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Unset)); + } + uint256 minDelay = getMinDelay(); + if (delay < minDelay) { + revert TimelockInsufficientDelay(delay, minDelay); + } + _timestamps[id] = block.timestamp + delay; + } + + /** + * @dev Cancel an operation. + * + * Requirements: + * + * - the caller must have the 'canceller' role. + */ + function cancel(bytes32 id) public virtual onlyRole(CANCELLER_ROLE) { + if (!isOperationPending(id)) { + revert TimelockUnexpectedOperationState( + id, + _encodeStateBitmap(OperationState.Waiting) | _encodeStateBitmap(OperationState.Ready) + ); + } + delete _timestamps[id]; + + emit Cancelled(id); + } + + /** + * @dev Execute an (ready) operation containing a single transaction. + * + * Emits a {CallExecuted} event. + * + * Requirements: + * + * - the caller must have the 'executor' role. + */ + // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending, + // thus any modifications to the operation during reentrancy should be caught. + // slither-disable-next-line reentrancy-eth + function execute( + address target, + uint256 value, + bytes calldata payload, + bytes32 predecessor, + bytes32 salt + ) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) { + bytes32 id = hashOperation(target, value, payload, predecessor, salt); + + _beforeCall(id, predecessor); + _execute(target, value, payload); + emit CallExecuted(id, 0, target, value, payload); + _afterCall(id); + } + + /** + * @dev Execute an (ready) operation containing a batch of transactions. + * + * Emits one {CallExecuted} event per transaction in the batch. + * + * Requirements: + * + * - the caller must have the 'executor' role. + */ + // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending, + // thus any modifications to the operation during reentrancy should be caught. + // slither-disable-next-line reentrancy-eth + function executeBatch( + address[] calldata targets, + uint256[] calldata values, + bytes[] calldata payloads, + bytes32 predecessor, + bytes32 salt + ) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) { + if (targets.length != values.length || targets.length != payloads.length) { + revert TimelockInvalidOperationLength(targets.length, payloads.length, values.length); + } + + bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt); + + _beforeCall(id, predecessor); + for (uint256 i = 0; i < targets.length; ++i) { + address target = targets[i]; + uint256 value = values[i]; + bytes calldata payload = payloads[i]; + _execute(target, value, payload); + emit CallExecuted(id, i, target, value, payload); + } + _afterCall(id); + } + + /** + * @dev Execute an operation's call. + */ + function _execute(address target, uint256 value, bytes calldata data) internal virtual { + (bool success, bytes memory returndata) = target.call{value: value}(data); + Address.verifyCallResult(success, returndata); + } + + /** + * @dev Checks before execution of an operation's calls. + */ + function _beforeCall(bytes32 id, bytes32 predecessor) private view { + if (!isOperationReady(id)) { + revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Ready)); + } + if (predecessor != bytes32(0) && !isOperationDone(predecessor)) { + revert TimelockUnexecutedPredecessor(predecessor); + } + } + + /** + * @dev Checks after execution of an operation's calls. + */ + function _afterCall(bytes32 id) private { + if (!isOperationReady(id)) { + revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Ready)); + } + _timestamps[id] = _DONE_TIMESTAMP; + } + + /** + * @dev Changes the minimum timelock duration for future operations. + * + * Emits a {MinDelayChange} event. + * + * Requirements: + * + * - the caller must be the timelock itself. This can only be achieved by scheduling and later executing + * an operation where the timelock is the target and the data is the ABI-encoded call to this function. + */ + function updateDelay(uint256 newDelay) external virtual { + address sender = _msgSender(); + if (sender != address(this)) { + revert TimelockUnauthorizedCaller(sender); + } + emit MinDelayChange(_minDelay, newDelay); + _minDelay = newDelay; + } + + /** + * @dev Encodes a `OperationState` into a `bytes32` representation where each bit enabled corresponds to + * the underlying position in the `OperationState` enum. For example: + * + * 0x000...1000 + * ^^^^^^----- ... + * ^---- Done + * ^--- Ready + * ^-- Waiting + * ^- Unset + */ + function _encodeStateBitmap(OperationState operationState) internal pure returns (bytes32) { + return bytes32(1 << uint8(operationState)); + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingFractional.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingFractional.sol new file mode 100644 index 00000000..a3f40201 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingFractional.sol @@ -0,0 +1,195 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; +import {GovernorCountingSimple} from "./GovernorCountingSimple.sol"; +import {Math} from "../../utils/math/Math.sol"; + +/** + * @dev Extension of {Governor} for fractional voting. + * + * Similar to {GovernorCountingSimple}, this contract is a votes counting module for {Governor} that supports 3 options: + * Against, For, Abstain. Additionally, it includes a fourth option: Fractional, which allows voters to split their voting + * power amongst the other 3 options. + * + * Votes cast with the Fractional support must be accompanied by a `params` argument that is three packed `uint128` values + * representing the weight the delegate assigns to Against, For, and Abstain respectively. For those votes cast for the other + * 3 options, the `params` argument must be empty. + * + * This is mostly useful when the delegate is a contract that implements its own rules for voting. These delegate-contracts + * can cast fractional votes according to the preferences of multiple entities delegating their voting power. + * + * Some example use cases include: + * + * * Voting from tokens that are held by a DeFi pool + * * Voting from an L2 with tokens held by a bridge + * * Voting privately from a shielded pool using zero knowledge proofs. + * + * Based on ScopeLift's GovernorCountingFractional[https://github.com/ScopeLift/flexible-voting/blob/e5de2efd1368387b840931f19f3c184c85842761/src/GovernorCountingFractional.sol] + * + * _Available since v5.1._ + */ +abstract contract GovernorCountingFractional is Governor { + using Math for *; + + uint8 internal constant VOTE_TYPE_FRACTIONAL = 255; + + struct ProposalVote { + uint256 againstVotes; + uint256 forVotes; + uint256 abstainVotes; + mapping(address voter => uint256) usedVotes; + } + + /** + * @dev Mapping from proposal ID to vote tallies for that proposal. + */ + mapping(uint256 proposalId => ProposalVote) private _proposalVotes; + + /** + * @dev A fractional vote params uses more votes than are available for that user. + */ + error GovernorExceedRemainingWeight(address voter, uint256 usedVotes, uint256 remainingWeight); + + /** + * @dev See {IGovernor-COUNTING_MODE}. + */ + // solhint-disable-next-line func-name-mixedcase + function COUNTING_MODE() public pure virtual override returns (string memory) { + return "support=bravo,fractional&quorum=for,abstain¶ms=fractional"; + } + + /** + * @dev See {IGovernor-hasVoted}. + */ + function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) { + return usedVotes(proposalId, account) > 0; + } + + /** + * @dev Get the number of votes already cast by `account` for a proposal with `proposalId`. Useful for + * integrations that allow delegates to cast rolling, partial votes. + */ + function usedVotes(uint256 proposalId, address account) public view virtual returns (uint256) { + return _proposalVotes[proposalId].usedVotes[account]; + } + + /** + * @dev Get current distribution of votes for a given proposal. + */ + function proposalVotes( + uint256 proposalId + ) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + return (proposalVote.againstVotes, proposalVote.forVotes, proposalVote.abstainVotes); + } + + /** + * @dev See {Governor-_quorumReached}. + */ + function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + return quorum(proposalSnapshot(proposalId)) <= proposalVote.forVotes + proposalVote.abstainVotes; + } + + /** + * @dev See {Governor-_voteSucceeded}. In this module, forVotes must be > againstVotes. + */ + function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + return proposalVote.forVotes > proposalVote.againstVotes; + } + + /** + * @dev See {Governor-_countVote}. Function that records the delegate's votes. + * + * Executing this function consumes (part of) the delegate's weight on the proposal. This weight can be + * distributed amongst the 3 options (Against, For, Abstain) by specifying a fractional `support`. + * + * This counting module supports two vote casting modes: nominal and fractional. + * + * - Nominal: A nominal vote is cast by setting `support` to one of the 3 bravo options (Against, For, Abstain). + * - Fractional: A fractional vote is cast by setting `support` to `type(uint8).max` (255). + * + * Casting a nominal vote requires `params` to be empty and consumes the delegate's full remaining weight on the + * proposal for the specified `support` option. This is similar to the {GovernorCountingSimple} module and follows + * the `VoteType` enum from Governor Bravo. As a consequence, no vote weight remains unspent so no further voting + * is possible (for this `proposalId` and this `account`). + * + * Casting a fractional vote consumes a fraction of the delegate's remaining weight on the proposal according to the + * weights the delegate assigns to each support option (Against, For, Abstain respectively). The sum total of the + * three decoded vote weights _must_ be less than or equal to the delegate's remaining weight on the proposal (i.e. + * their checkpointed total weight minus votes already cast on the proposal). This format can be produced using: + * + * `abi.encodePacked(uint128(againstVotes), uint128(forVotes), uint128(abstainVotes))` + * + * NOTE: Consider that fractional voting restricts the number of casted vote (in each category) to 128 bits. + * Depending on how many decimals the underlying token has, a single voter may require to split their vote into + * multiple vote operations. For precision higher than ~30 decimals, large token holders may require an + * potentially large number of calls to cast all their votes. The voter has the possibility to cast all the + * remaining votes in a single operation using the traditional "bravo" vote. + */ + // slither-disable-next-line cyclomatic-complexity + function _countVote( + uint256 proposalId, + address account, + uint8 support, + uint256 totalWeight, + bytes memory params + ) internal virtual override returns (uint256) { + // Compute number of remaining votes. Returns 0 on overflow. + (, uint256 remainingWeight) = totalWeight.trySub(usedVotes(proposalId, account)); + if (remainingWeight == 0) { + revert GovernorAlreadyCastVote(account); + } + + uint256 againstVotes = 0; + uint256 forVotes = 0; + uint256 abstainVotes = 0; + uint256 usedWeight = 0; + + // For clarity of event indexing, fractional voting must be clearly advertised in the "support" field. + // + // Supported `support` value must be: + // - "Full" voting: `support = 0` (Against), `1` (For) or `2` (Abstain), with empty params. + // - "Fractional" voting: `support = 255`, with 48 bytes params. + if (support == uint8(GovernorCountingSimple.VoteType.Against)) { + if (params.length != 0) revert GovernorInvalidVoteParams(); + usedWeight = againstVotes = remainingWeight; + } else if (support == uint8(GovernorCountingSimple.VoteType.For)) { + if (params.length != 0) revert GovernorInvalidVoteParams(); + usedWeight = forVotes = remainingWeight; + } else if (support == uint8(GovernorCountingSimple.VoteType.Abstain)) { + if (params.length != 0) revert GovernorInvalidVoteParams(); + usedWeight = abstainVotes = remainingWeight; + } else if (support == VOTE_TYPE_FRACTIONAL) { + // The `params` argument is expected to be three packed `uint128`: + // `abi.encodePacked(uint128(againstVotes), uint128(forVotes), uint128(abstainVotes))` + if (params.length != 0x30) revert GovernorInvalidVoteParams(); + + assembly ("memory-safe") { + againstVotes := shr(128, mload(add(params, 0x20))) + forVotes := shr(128, mload(add(params, 0x30))) + abstainVotes := shr(128, mload(add(params, 0x40))) + usedWeight := add(add(againstVotes, forVotes), abstainVotes) // inputs are uint128: cannot overflow + } + + // check parsed arguments are valid + if (usedWeight > remainingWeight) { + revert GovernorExceedRemainingWeight(account, usedWeight, remainingWeight); + } + } else { + revert GovernorInvalidVoteType(); + } + + // update votes tracking + ProposalVote storage details = _proposalVotes[proposalId]; + if (againstVotes > 0) details.againstVotes += againstVotes; + if (forVotes > 0) details.forVotes += forVotes; + if (abstainVotes > 0) details.abstainVotes += abstainVotes; + details.usedVotes[account] += usedWeight; + + return usedWeight; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol new file mode 100644 index 00000000..def29e34 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorCountingSimple.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; + +/** + * @dev Extension of {Governor} for simple, 3 options, vote counting. + */ +abstract contract GovernorCountingSimple is Governor { + /** + * @dev Supported vote types. Matches Governor Bravo ordering. + */ + enum VoteType { + Against, + For, + Abstain + } + + struct ProposalVote { + uint256 againstVotes; + uint256 forVotes; + uint256 abstainVotes; + mapping(address voter => bool) hasVoted; + } + + mapping(uint256 proposalId => ProposalVote) private _proposalVotes; + + /** + * @dev See {IGovernor-COUNTING_MODE}. + */ + // solhint-disable-next-line func-name-mixedcase + function COUNTING_MODE() public pure virtual override returns (string memory) { + return "support=bravo&quorum=for,abstain"; + } + + /** + * @dev See {IGovernor-hasVoted}. + */ + function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) { + return _proposalVotes[proposalId].hasVoted[account]; + } + + /** + * @dev Accessor to the internal vote counts. + */ + function proposalVotes( + uint256 proposalId + ) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + return (proposalVote.againstVotes, proposalVote.forVotes, proposalVote.abstainVotes); + } + + /** + * @dev See {Governor-_quorumReached}. + */ + function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + + return quorum(proposalSnapshot(proposalId)) <= proposalVote.forVotes + proposalVote.abstainVotes; + } + + /** + * @dev See {Governor-_voteSucceeded}. In this module, the forVotes must be strictly over the againstVotes. + */ + function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + + return proposalVote.forVotes > proposalVote.againstVotes; + } + + /** + * @dev See {Governor-_countVote}. In this module, the support follows the `VoteType` enum (from Governor Bravo). + */ + function _countVote( + uint256 proposalId, + address account, + uint8 support, + uint256 totalWeight, + bytes memory // params + ) internal virtual override returns (uint256) { + ProposalVote storage proposalVote = _proposalVotes[proposalId]; + + if (proposalVote.hasVoted[account]) { + revert GovernorAlreadyCastVote(account); + } + proposalVote.hasVoted[account] = true; + + if (support == uint8(VoteType.Against)) { + proposalVote.againstVotes += totalWeight; + } else if (support == uint8(VoteType.For)) { + proposalVote.forVotes += totalWeight; + } else if (support == uint8(VoteType.Abstain)) { + proposalVote.abstainVotes += totalWeight; + } else { + revert GovernorInvalidVoteType(); + } + + return totalWeight; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorPreventLateQuorum.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorPreventLateQuorum.sol new file mode 100644 index 00000000..ff80af64 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorPreventLateQuorum.sol @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorPreventLateQuorum.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; +import {Math} from "../../utils/math/Math.sol"; + +/** + * @dev A module that ensures there is a minimum voting period after quorum is reached. This prevents a large voter from + * swaying a vote and triggering quorum at the last minute, by ensuring there is always time for other voters to react + * and try to oppose the decision. + * + * If a vote causes quorum to be reached, the proposal's voting period may be extended so that it does not end before at + * least a specified time has passed (the "vote extension" parameter). This parameter can be set through a governance + * proposal. + */ +abstract contract GovernorPreventLateQuorum is Governor { + uint48 private _voteExtension; + + mapping(uint256 proposalId => uint48) private _extendedDeadlines; + + /// @dev Emitted when a proposal deadline is pushed back due to reaching quorum late in its voting period. + event ProposalExtended(uint256 indexed proposalId, uint64 extendedDeadline); + + /// @dev Emitted when the {lateQuorumVoteExtension} parameter is changed. + event LateQuorumVoteExtensionSet(uint64 oldVoteExtension, uint64 newVoteExtension); + + /** + * @dev Initializes the vote extension parameter: the time in either number of blocks or seconds (depending on the + * governor clock mode) that is required to pass since the moment a proposal reaches quorum until its voting period + * ends. If necessary the voting period will be extended beyond the one set during proposal creation. + */ + constructor(uint48 initialVoteExtension) { + _setLateQuorumVoteExtension(initialVoteExtension); + } + + /** + * @dev Returns the proposal deadline, which may have been extended beyond that set at proposal creation, if the + * proposal reached quorum late in the voting period. See {Governor-proposalDeadline}. + */ + function proposalDeadline(uint256 proposalId) public view virtual override returns (uint256) { + return Math.max(super.proposalDeadline(proposalId), _extendedDeadlines[proposalId]); + } + + /** + * @dev Casts a vote and detects if it caused quorum to be reached, potentially extending the voting period. See + * {Governor-_castVote}. + * + * May emit a {ProposalExtended} event. + */ + function _castVote( + uint256 proposalId, + address account, + uint8 support, + string memory reason, + bytes memory params + ) internal virtual override returns (uint256) { + uint256 result = super._castVote(proposalId, account, support, reason, params); + + if (_extendedDeadlines[proposalId] == 0 && _quorumReached(proposalId)) { + uint48 extendedDeadline = clock() + lateQuorumVoteExtension(); + + if (extendedDeadline > proposalDeadline(proposalId)) { + emit ProposalExtended(proposalId, extendedDeadline); + } + + _extendedDeadlines[proposalId] = extendedDeadline; + } + + return result; + } + + /** + * @dev Returns the current value of the vote extension parameter: the number of blocks that are required to pass + * from the time a proposal reaches quorum until its voting period ends. + */ + function lateQuorumVoteExtension() public view virtual returns (uint48) { + return _voteExtension; + } + + /** + * @dev Changes the {lateQuorumVoteExtension}. This operation can only be performed by the governance executor, + * generally through a governance proposal. + * + * Emits a {LateQuorumVoteExtensionSet} event. + */ + function setLateQuorumVoteExtension(uint48 newVoteExtension) public virtual onlyGovernance { + _setLateQuorumVoteExtension(newVoteExtension); + } + + /** + * @dev Changes the {lateQuorumVoteExtension}. This is an internal function that can be exposed in a public function + * like {setLateQuorumVoteExtension} if another access control mechanism is needed. + * + * Emits a {LateQuorumVoteExtensionSet} event. + */ + function _setLateQuorumVoteExtension(uint48 newVoteExtension) internal virtual { + emit LateQuorumVoteExtensionSet(_voteExtension, newVoteExtension); + _voteExtension = newVoteExtension; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorSettings.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorSettings.sol new file mode 100644 index 00000000..7347ee29 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorSettings.sol @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorSettings.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; + +/** + * @dev Extension of {Governor} for settings updatable through governance. + */ +abstract contract GovernorSettings is Governor { + // amount of token + uint256 private _proposalThreshold; + // timepoint: limited to uint48 in core (same as clock() type) + uint48 private _votingDelay; + // duration: limited to uint32 in core + uint32 private _votingPeriod; + + event VotingDelaySet(uint256 oldVotingDelay, uint256 newVotingDelay); + event VotingPeriodSet(uint256 oldVotingPeriod, uint256 newVotingPeriod); + event ProposalThresholdSet(uint256 oldProposalThreshold, uint256 newProposalThreshold); + + /** + * @dev Initialize the governance parameters. + */ + constructor(uint48 initialVotingDelay, uint32 initialVotingPeriod, uint256 initialProposalThreshold) { + _setVotingDelay(initialVotingDelay); + _setVotingPeriod(initialVotingPeriod); + _setProposalThreshold(initialProposalThreshold); + } + + /** + * @dev See {IGovernor-votingDelay}. + */ + function votingDelay() public view virtual override returns (uint256) { + return _votingDelay; + } + + /** + * @dev See {IGovernor-votingPeriod}. + */ + function votingPeriod() public view virtual override returns (uint256) { + return _votingPeriod; + } + + /** + * @dev See {Governor-proposalThreshold}. + */ + function proposalThreshold() public view virtual override returns (uint256) { + return _proposalThreshold; + } + + /** + * @dev Update the voting delay. This operation can only be performed through a governance proposal. + * + * Emits a {VotingDelaySet} event. + */ + function setVotingDelay(uint48 newVotingDelay) public virtual onlyGovernance { + _setVotingDelay(newVotingDelay); + } + + /** + * @dev Update the voting period. This operation can only be performed through a governance proposal. + * + * Emits a {VotingPeriodSet} event. + */ + function setVotingPeriod(uint32 newVotingPeriod) public virtual onlyGovernance { + _setVotingPeriod(newVotingPeriod); + } + + /** + * @dev Update the proposal threshold. This operation can only be performed through a governance proposal. + * + * Emits a {ProposalThresholdSet} event. + */ + function setProposalThreshold(uint256 newProposalThreshold) public virtual onlyGovernance { + _setProposalThreshold(newProposalThreshold); + } + + /** + * @dev Internal setter for the voting delay. + * + * Emits a {VotingDelaySet} event. + */ + function _setVotingDelay(uint48 newVotingDelay) internal virtual { + emit VotingDelaySet(_votingDelay, newVotingDelay); + _votingDelay = newVotingDelay; + } + + /** + * @dev Internal setter for the voting period. + * + * Emits a {VotingPeriodSet} event. + */ + function _setVotingPeriod(uint32 newVotingPeriod) internal virtual { + if (newVotingPeriod == 0) { + revert GovernorInvalidVotingPeriod(0); + } + emit VotingPeriodSet(_votingPeriod, newVotingPeriod); + _votingPeriod = newVotingPeriod; + } + + /** + * @dev Internal setter for the proposal threshold. + * + * Emits a {ProposalThresholdSet} event. + */ + function _setProposalThreshold(uint256 newProposalThreshold) internal virtual { + emit ProposalThresholdSet(_proposalThreshold, newProposalThreshold); + _proposalThreshold = newProposalThreshold; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorStorage.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorStorage.sol new file mode 100644 index 00000000..40f7b23d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorStorage.sol @@ -0,0 +1,125 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorStorage.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; + +/** + * @dev Extension of {Governor} that implements storage of proposal details. This modules also provides primitives for + * the enumerability of proposals. + * + * Use cases for this module include: + * - UIs that explore the proposal state without relying on event indexing. + * - Using only the proposalId as an argument in the {Governor-queue} and {Governor-execute} functions for L2 chains + * where storage is cheap compared to calldata. + */ +abstract contract GovernorStorage is Governor { + struct ProposalDetails { + address[] targets; + uint256[] values; + bytes[] calldatas; + bytes32 descriptionHash; + } + + uint256[] private _proposalIds; + mapping(uint256 proposalId => ProposalDetails) private _proposalDetails; + + /** + * @dev Hook into the proposing mechanism + */ + function _propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description, + address proposer + ) internal virtual override returns (uint256) { + uint256 proposalId = super._propose(targets, values, calldatas, description, proposer); + + // store + _proposalIds.push(proposalId); + _proposalDetails[proposalId] = ProposalDetails({ + targets: targets, + values: values, + calldatas: calldatas, + descriptionHash: keccak256(bytes(description)) + }); + + return proposalId; + } + + /** + * @dev Version of {IGovernorTimelock-queue} with only `proposalId` as an argument. + */ + function queue(uint256 proposalId) public virtual { + // here, using storage is more efficient than memory + ProposalDetails storage details = _proposalDetails[proposalId]; + queue(details.targets, details.values, details.calldatas, details.descriptionHash); + } + + /** + * @dev Version of {IGovernor-execute} with only `proposalId` as an argument. + */ + function execute(uint256 proposalId) public payable virtual { + // here, using storage is more efficient than memory + ProposalDetails storage details = _proposalDetails[proposalId]; + execute(details.targets, details.values, details.calldatas, details.descriptionHash); + } + + /** + * @dev ProposalId version of {IGovernor-cancel}. + */ + function cancel(uint256 proposalId) public virtual { + // here, using storage is more efficient than memory + ProposalDetails storage details = _proposalDetails[proposalId]; + cancel(details.targets, details.values, details.calldatas, details.descriptionHash); + } + + /** + * @dev Returns the number of stored proposals. + */ + function proposalCount() public view virtual returns (uint256) { + return _proposalIds.length; + } + + /** + * @dev Returns the details of a proposalId. Reverts if `proposalId` is not a known proposal. + */ + function proposalDetails( + uint256 proposalId + ) + public + view + virtual + returns (address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash) + { + // here, using memory is more efficient than storage + ProposalDetails memory details = _proposalDetails[proposalId]; + if (details.descriptionHash == 0) { + revert GovernorNonexistentProposal(proposalId); + } + return (details.targets, details.values, details.calldatas, details.descriptionHash); + } + + /** + * @dev Returns the details (including the proposalId) of a proposal given its sequential index. + */ + function proposalDetailsAt( + uint256 index + ) + public + view + virtual + returns ( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) + { + proposalId = _proposalIds[index]; + (targets, values, calldatas, descriptionHash) = proposalDetails(proposalId); + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockAccess.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockAccess.sol new file mode 100644 index 00000000..6e2c5b84 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockAccess.sol @@ -0,0 +1,349 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorTimelockAccess.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; +import {AuthorityUtils} from "../../access/manager/AuthorityUtils.sol"; +import {IAccessManager} from "../../access/manager/IAccessManager.sol"; +import {Address} from "../../utils/Address.sol"; +import {Math} from "../../utils/math/Math.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {Time} from "../../utils/types/Time.sol"; + +/** + * @dev This module connects a {Governor} instance to an {AccessManager} instance, allowing the governor to make calls + * that are delay-restricted by the manager using the normal {queue} workflow. An optional base delay is applied to + * operations that are not delayed externally by the manager. Execution of a proposal will be delayed as much as + * necessary to meet the required delays of all of its operations. + * + * This extension allows the governor to hold and use its own assets and permissions, unlike {GovernorTimelockControl} + * and {GovernorTimelockCompound}, where the timelock is a separate contract that must be the one to hold assets and + * permissions. Operations that are delay-restricted by the manager, however, will be executed through the + * {AccessManager-execute} function. + * + * ==== Security Considerations + * + * Some operations may be cancelable in the `AccessManager` by the admin or a set of guardians, depending on the + * restricted function being invoked. Since proposals are atomic, the cancellation by a guardian of a single operation + * in a proposal will cause all of the proposal to become unable to execute. Consider proposing cancellable operations + * separately. + * + * By default, function calls will be routed through the associated `AccessManager` whenever it claims the target + * function to be restricted by it. However, admins may configure the manager to make that claim for functions that a + * governor would want to call directly (e.g., token transfers) in an attempt to deny it access to those functions. To + * mitigate this attack vector, the governor is able to ignore the restrictions claimed by the `AccessManager` using + * {setAccessManagerIgnored}. While permanent denial of service is mitigated, temporary DoS may still be technically + * possible. All of the governor's own functions (e.g., {setBaseDelaySeconds}) ignore the `AccessManager` by default. + * + * NOTE: `AccessManager` does not support scheduling more than one operation with the same target and calldata at + * the same time. See {AccessManager-schedule} for a workaround. + */ +abstract contract GovernorTimelockAccess is Governor { + // An execution plan is produced at the moment a proposal is created, in order to fix at that point the exact + // execution semantics of the proposal, namely whether a call will go through {AccessManager-execute}. + struct ExecutionPlan { + uint16 length; + uint32 delay; + // We use mappings instead of arrays because it allows us to pack values in storage more tightly without + // storing the length redundantly. + // We pack 8 operations' data in each bucket. Each uint32 value is set to 1 upon proposal creation if it has + // to be scheduled and executed through the manager. Upon queuing, the value is set to nonce + 2, where the + // nonce is received from the manager when scheduling the operation. + mapping(uint256 operationBucket => uint32[8]) managerData; + } + + // The meaning of the "toggle" set to true depends on the target contract. + // If target == address(this), the manager is ignored by default, and a true toggle means it won't be ignored. + // For all other target contracts, the manager is used by default, and a true toggle means it will be ignored. + mapping(address target => mapping(bytes4 selector => bool)) private _ignoreToggle; + + mapping(uint256 proposalId => ExecutionPlan) private _executionPlan; + + uint32 private _baseDelay; + + IAccessManager private immutable _manager; + + error GovernorUnmetDelay(uint256 proposalId, uint256 neededTimestamp); + error GovernorMismatchedNonce(uint256 proposalId, uint256 expectedNonce, uint256 actualNonce); + error GovernorLockedIgnore(); + + event BaseDelaySet(uint32 oldBaseDelaySeconds, uint32 newBaseDelaySeconds); + event AccessManagerIgnoredSet(address target, bytes4 selector, bool ignored); + + /** + * @dev Initialize the governor with an {AccessManager} and initial base delay. + */ + constructor(address manager, uint32 initialBaseDelay) { + _manager = IAccessManager(manager); + _setBaseDelaySeconds(initialBaseDelay); + } + + /** + * @dev Returns the {AccessManager} instance associated to this governor. + */ + function accessManager() public view virtual returns (IAccessManager) { + return _manager; + } + + /** + * @dev Base delay that will be applied to all function calls. Some may be further delayed by their associated + * `AccessManager` authority; in this case the final delay will be the maximum of the base delay and the one + * demanded by the authority. + * + * NOTE: Execution delays are processed by the `AccessManager` contracts, and according to that contract are + * expressed in seconds. Therefore, the base delay is also in seconds, regardless of the governor's clock mode. + */ + function baseDelaySeconds() public view virtual returns (uint32) { + return _baseDelay; + } + + /** + * @dev Change the value of {baseDelaySeconds}. This operation can only be invoked through a governance proposal. + */ + function setBaseDelaySeconds(uint32 newBaseDelay) public virtual onlyGovernance { + _setBaseDelaySeconds(newBaseDelay); + } + + /** + * @dev Change the value of {baseDelaySeconds}. Internal function without access control. + */ + function _setBaseDelaySeconds(uint32 newBaseDelay) internal virtual { + emit BaseDelaySet(_baseDelay, newBaseDelay); + _baseDelay = newBaseDelay; + } + + /** + * @dev Check if restrictions from the associated {AccessManager} are ignored for a target function. Returns true + * when the target function will be invoked directly regardless of `AccessManager` settings for the function. + * See {setAccessManagerIgnored} and Security Considerations above. + */ + function isAccessManagerIgnored(address target, bytes4 selector) public view virtual returns (bool) { + bool isGovernor = target == address(this); + return _ignoreToggle[target][selector] != isGovernor; // equivalent to: isGovernor ? !toggle : toggle + } + + /** + * @dev Configure whether restrictions from the associated {AccessManager} are ignored for a target function. + * See Security Considerations above. + */ + function setAccessManagerIgnored( + address target, + bytes4[] calldata selectors, + bool ignored + ) public virtual onlyGovernance { + for (uint256 i = 0; i < selectors.length; ++i) { + _setAccessManagerIgnored(target, selectors[i], ignored); + } + } + + /** + * @dev Internal version of {setAccessManagerIgnored} without access restriction. + */ + function _setAccessManagerIgnored(address target, bytes4 selector, bool ignored) internal virtual { + bool isGovernor = target == address(this); + if (isGovernor && selector == this.setAccessManagerIgnored.selector) { + revert GovernorLockedIgnore(); + } + _ignoreToggle[target][selector] = ignored != isGovernor; // equivalent to: isGovernor ? !ignored : ignored + emit AccessManagerIgnoredSet(target, selector, ignored); + } + + /** + * @dev Public accessor to check the execution plan, including the number of seconds that the proposal will be + * delayed since queuing, an array indicating which of the proposal actions will be executed indirectly through + * the associated {AccessManager}, and another indicating which will be scheduled in {queue}. Note that + * those that must be scheduled are cancellable by `AccessManager` guardians. + */ + function proposalExecutionPlan( + uint256 proposalId + ) public view returns (uint32 delay, bool[] memory indirect, bool[] memory withDelay) { + ExecutionPlan storage plan = _executionPlan[proposalId]; + + uint32 length = plan.length; + delay = plan.delay; + indirect = new bool[](length); + withDelay = new bool[](length); + for (uint256 i = 0; i < length; ++i) { + (indirect[i], withDelay[i], ) = _getManagerData(plan, i); + } + + return (delay, indirect, withDelay); + } + + /** + * @dev See {IGovernor-proposalNeedsQueuing}. + */ + function proposalNeedsQueuing(uint256 proposalId) public view virtual override returns (bool) { + return _executionPlan[proposalId].delay > 0; + } + + /** + * @dev See {IGovernor-propose} + */ + function propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description + ) public virtual override returns (uint256) { + uint256 proposalId = super.propose(targets, values, calldatas, description); + + uint32 neededDelay = baseDelaySeconds(); + + ExecutionPlan storage plan = _executionPlan[proposalId]; + plan.length = SafeCast.toUint16(targets.length); + + for (uint256 i = 0; i < targets.length; ++i) { + if (calldatas[i].length < 4) { + continue; + } + address target = targets[i]; + bytes4 selector = bytes4(calldatas[i]); + (bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay( + address(_manager), + address(this), + target, + selector + ); + if ((immediate || delay > 0) && !isAccessManagerIgnored(target, selector)) { + _setManagerData(plan, i, !immediate, 0); + // downcast is safe because both arguments are uint32 + neededDelay = uint32(Math.max(delay, neededDelay)); + } + } + + plan.delay = neededDelay; + + return proposalId; + } + + /** + * @dev Mechanism to queue a proposal, potentially scheduling some of its operations in the AccessManager. + * + * NOTE: The execution delay is chosen based on the delay information retrieved in {propose}. This value may be + * off if the delay was updated since proposal creation. In this case, the proposal needs to be recreated. + */ + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory /* values */, + bytes[] memory calldatas, + bytes32 /* descriptionHash */ + ) internal virtual override returns (uint48) { + ExecutionPlan storage plan = _executionPlan[proposalId]; + uint48 etaSeconds = Time.timestamp() + plan.delay; + + for (uint256 i = 0; i < targets.length; ++i) { + (, bool withDelay, ) = _getManagerData(plan, i); + if (withDelay) { + (, uint32 nonce) = _manager.schedule(targets[i], calldatas[i], etaSeconds); + _setManagerData(plan, i, true, nonce); + } + } + + return etaSeconds; + } + + /** + * @dev Mechanism to execute a proposal, potentially going through {AccessManager-execute} for delayed operations. + */ + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 /* descriptionHash */ + ) internal virtual override { + uint48 etaSeconds = SafeCast.toUint48(proposalEta(proposalId)); + if (block.timestamp < etaSeconds) { + revert GovernorUnmetDelay(proposalId, etaSeconds); + } + + ExecutionPlan storage plan = _executionPlan[proposalId]; + + for (uint256 i = 0; i < targets.length; ++i) { + (bool controlled, bool withDelay, uint32 nonce) = _getManagerData(plan, i); + if (controlled) { + uint32 executedNonce = _manager.execute{value: values[i]}(targets[i], calldatas[i]); + if (withDelay && executedNonce != nonce) { + revert GovernorMismatchedNonce(proposalId, nonce, executedNonce); + } + } else { + (bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]); + Address.verifyCallResult(success, returndata); + } + } + } + + /** + * @dev See {IGovernor-_cancel} + */ + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual override returns (uint256) { + uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash); + + uint48 etaSeconds = SafeCast.toUint48(proposalEta(proposalId)); + + ExecutionPlan storage plan = _executionPlan[proposalId]; + + // If the proposal has been scheduled it will have an ETA and we may have to externally cancel + if (etaSeconds != 0) { + for (uint256 i = 0; i < targets.length; ++i) { + (, bool withDelay, uint32 nonce) = _getManagerData(plan, i); + // Only attempt to cancel if the execution plan included a delay + if (withDelay) { + bytes32 operationId = _manager.hashOperation(address(this), targets[i], calldatas[i]); + // Check first if the current operation nonce is the one that we observed previously. It could + // already have been cancelled and rescheduled. We don't want to cancel unless it is exactly the + // instance that we previously scheduled. + if (nonce == _manager.getNonce(operationId)) { + // It is important that all calls have an opportunity to be cancelled. We chose to ignore + // potential failures of some of the cancel operations to give the other operations a chance to + // be properly cancelled. In particular cancel might fail if the operation was already cancelled + // by guardians previously. We don't match on the revert reason to avoid encoding assumptions + // about specific errors. + try _manager.cancel(address(this), targets[i], calldatas[i]) {} catch {} + } + } + } + } + + return proposalId; + } + + /** + * @dev Returns whether the operation at an index is delayed by the manager, and its scheduling nonce once queued. + */ + function _getManagerData( + ExecutionPlan storage plan, + uint256 index + ) private view returns (bool controlled, bool withDelay, uint32 nonce) { + (uint256 bucket, uint256 subindex) = _getManagerDataIndices(index); + uint32 value = plan.managerData[bucket][subindex]; + unchecked { + return (value > 0, value > 1, value > 1 ? value - 2 : 0); + } + } + + /** + * @dev Marks an operation at an index as permissioned by the manager, potentially delayed, and + * when delayed sets its scheduling nonce. + */ + function _setManagerData(ExecutionPlan storage plan, uint256 index, bool withDelay, uint32 nonce) private { + (uint256 bucket, uint256 subindex) = _getManagerDataIndices(index); + plan.managerData[bucket][subindex] = withDelay ? nonce + 2 : 1; + } + + /** + * @dev Returns bucket and subindex for reading manager data from the packed array mapping. + */ + function _getManagerDataIndices(uint256 index) private pure returns (uint256 bucket, uint256 subindex) { + bucket = index >> 3; // index / 8 + subindex = index & 7; // index % 8 + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockCompound.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockCompound.sol new file mode 100644 index 00000000..77cf369f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockCompound.sol @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorTimelockCompound.sol) + +pragma solidity ^0.8.20; + +import {IGovernor, Governor} from "../Governor.sol"; +import {ICompoundTimelock} from "../../vendor/compound/ICompoundTimelock.sol"; +import {Address} from "../../utils/Address.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; + +/** + * @dev Extension of {Governor} that binds the execution process to a Compound Timelock. This adds a delay, enforced by + * the external timelock to all successful proposal (in addition to the voting duration). The {Governor} needs to be + * the admin of the timelock for any operation to be performed. A public, unrestricted, + * {GovernorTimelockCompound-__acceptAdmin} is available to accept ownership of the timelock. + * + * Using this model means the proposal will be operated by the {TimelockController} and not by the {Governor}. Thus, + * the assets and permissions must be attached to the {TimelockController}. Any asset sent to the {Governor} will be + * inaccessible from a proposal, unless executed via {Governor-relay}. + */ +abstract contract GovernorTimelockCompound is Governor { + ICompoundTimelock private _timelock; + + /** + * @dev Emitted when the timelock controller used for proposal execution is modified. + */ + event TimelockChange(address oldTimelock, address newTimelock); + + /** + * @dev Set the timelock. + */ + constructor(ICompoundTimelock timelockAddress) { + _updateTimelock(timelockAddress); + } + + /** + * @dev Overridden version of the {Governor-state} function with added support for the `Expired` state. + */ + function state(uint256 proposalId) public view virtual override returns (ProposalState) { + ProposalState currentState = super.state(proposalId); + + return + (currentState == ProposalState.Queued && + block.timestamp >= proposalEta(proposalId) + _timelock.GRACE_PERIOD()) + ? ProposalState.Expired + : currentState; + } + + /** + * @dev Public accessor to check the address of the timelock + */ + function timelock() public view virtual returns (address) { + return address(_timelock); + } + + /** + * @dev See {IGovernor-proposalNeedsQueuing}. + */ + function proposalNeedsQueuing(uint256) public view virtual override returns (bool) { + return true; + } + + /** + * @dev Function to queue a proposal to the timelock. + */ + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 /*descriptionHash*/ + ) internal virtual override returns (uint48) { + uint48 etaSeconds = SafeCast.toUint48(block.timestamp + _timelock.delay()); + + for (uint256 i = 0; i < targets.length; ++i) { + if ( + _timelock.queuedTransactions(keccak256(abi.encode(targets[i], values[i], "", calldatas[i], etaSeconds))) + ) { + revert GovernorAlreadyQueuedProposal(proposalId); + } + _timelock.queueTransaction(targets[i], values[i], "", calldatas[i], etaSeconds); + } + + return etaSeconds; + } + + /** + * @dev Overridden version of the {Governor-_executeOperations} function that run the already queued proposal + * through the timelock. + */ + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 /*descriptionHash*/ + ) internal virtual override { + uint256 etaSeconds = proposalEta(proposalId); + if (etaSeconds == 0) { + revert GovernorNotQueuedProposal(proposalId); + } + Address.sendValue(payable(_timelock), msg.value); + for (uint256 i = 0; i < targets.length; ++i) { + _timelock.executeTransaction(targets[i], values[i], "", calldatas[i], etaSeconds); + } + } + + /** + * @dev Overridden version of the {Governor-_cancel} function to cancel the timelocked proposal if it has already + * been queued. + */ + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual override returns (uint256) { + uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash); + + uint256 etaSeconds = proposalEta(proposalId); + if (etaSeconds > 0) { + // do external call later + for (uint256 i = 0; i < targets.length; ++i) { + _timelock.cancelTransaction(targets[i], values[i], "", calldatas[i], etaSeconds); + } + } + + return proposalId; + } + + /** + * @dev Address through which the governor executes action. In this case, the timelock. + */ + function _executor() internal view virtual override returns (address) { + return address(_timelock); + } + + /** + * @dev Accept admin right over the timelock. + */ + // solhint-disable-next-line private-vars-leading-underscore + function __acceptAdmin() public { + _timelock.acceptAdmin(); + } + + /** + * @dev Public endpoint to update the underlying timelock instance. Restricted to the timelock itself, so updates + * must be proposed, scheduled, and executed through governance proposals. + * + * For security reasons, the timelock must be handed over to another admin before setting up a new one. The two + * operations (hand over the timelock) and do the update can be batched in a single proposal. + * + * Note that if the timelock admin has been handed over in a previous operation, we refuse updates made through the + * timelock if admin of the timelock has already been accepted and the operation is executed outside the scope of + * governance. + + * CAUTION: It is not recommended to change the timelock while there are other queued governance proposals. + */ + function updateTimelock(ICompoundTimelock newTimelock) external virtual onlyGovernance { + _updateTimelock(newTimelock); + } + + function _updateTimelock(ICompoundTimelock newTimelock) private { + emit TimelockChange(address(_timelock), address(newTimelock)); + _timelock = newTimelock; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol new file mode 100644 index 00000000..52d4b429 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol @@ -0,0 +1,170 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorTimelockControl.sol) + +pragma solidity ^0.8.20; + +import {IGovernor, Governor} from "../Governor.sol"; +import {TimelockController} from "../TimelockController.sol"; +import {IERC165} from "../../interfaces/IERC165.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; + +/** + * @dev Extension of {Governor} that binds the execution process to an instance of {TimelockController}. This adds a + * delay, enforced by the {TimelockController} to all successful proposal (in addition to the voting duration). The + * {Governor} needs the proposer (and ideally the executor and canceller) roles for the {Governor} to work properly. + * + * Using this model means the proposal will be operated by the {TimelockController} and not by the {Governor}. Thus, + * the assets and permissions must be attached to the {TimelockController}. Any asset sent to the {Governor} will be + * inaccessible from a proposal, unless executed via {Governor-relay}. + * + * WARNING: Setting up the TimelockController to have additional proposers or cancellers besides the governor is very + * risky, as it grants them the ability to: 1) execute operations as the timelock, and thus possibly performing + * operations or accessing funds that are expected to only be accessible through a vote, and 2) block governance + * proposals that have been approved by the voters, effectively executing a Denial of Service attack. + */ +abstract contract GovernorTimelockControl is Governor { + TimelockController private _timelock; + mapping(uint256 proposalId => bytes32) private _timelockIds; + + /** + * @dev Emitted when the timelock controller used for proposal execution is modified. + */ + event TimelockChange(address oldTimelock, address newTimelock); + + /** + * @dev Set the timelock. + */ + constructor(TimelockController timelockAddress) { + _updateTimelock(timelockAddress); + } + + /** + * @dev Overridden version of the {Governor-state} function that considers the status reported by the timelock. + */ + function state(uint256 proposalId) public view virtual override returns (ProposalState) { + ProposalState currentState = super.state(proposalId); + + if (currentState != ProposalState.Queued) { + return currentState; + } + + bytes32 queueid = _timelockIds[proposalId]; + if (_timelock.isOperationPending(queueid)) { + return ProposalState.Queued; + } else if (_timelock.isOperationDone(queueid)) { + // This can happen if the proposal is executed directly on the timelock. + return ProposalState.Executed; + } else { + // This can happen if the proposal is canceled directly on the timelock. + return ProposalState.Canceled; + } + } + + /** + * @dev Public accessor to check the address of the timelock + */ + function timelock() public view virtual returns (address) { + return address(_timelock); + } + + /** + * @dev See {IGovernor-proposalNeedsQueuing}. + */ + function proposalNeedsQueuing(uint256) public view virtual override returns (bool) { + return true; + } + + /** + * @dev Function to queue a proposal to the timelock. + */ + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual override returns (uint48) { + uint256 delay = _timelock.getMinDelay(); + + bytes32 salt = _timelockSalt(descriptionHash); + _timelockIds[proposalId] = _timelock.hashOperationBatch(targets, values, calldatas, 0, salt); + _timelock.scheduleBatch(targets, values, calldatas, 0, salt, delay); + + return SafeCast.toUint48(block.timestamp + delay); + } + + /** + * @dev Overridden version of the {Governor-_executeOperations} function that runs the already queued proposal + * through the timelock. + */ + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual override { + // execute + _timelock.executeBatch{value: msg.value}(targets, values, calldatas, 0, _timelockSalt(descriptionHash)); + // cleanup for refund + delete _timelockIds[proposalId]; + } + + /** + * @dev Overridden version of the {Governor-_cancel} function to cancel the timelocked proposal if it has already + * been queued. + */ + // This function can reenter through the external call to the timelock, but we assume the timelock is trusted and + // well behaved (according to TimelockController) and this will not happen. + // slither-disable-next-line reentrancy-no-eth + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal virtual override returns (uint256) { + uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash); + + bytes32 timelockId = _timelockIds[proposalId]; + if (timelockId != 0) { + // cancel + _timelock.cancel(timelockId); + // cleanup + delete _timelockIds[proposalId]; + } + + return proposalId; + } + + /** + * @dev Address through which the governor executes action. In this case, the timelock. + */ + function _executor() internal view virtual override returns (address) { + return address(_timelock); + } + + /** + * @dev Public endpoint to update the underlying timelock instance. Restricted to the timelock itself, so updates + * must be proposed, scheduled, and executed through governance proposals. + * + * CAUTION: It is not recommended to change the timelock while there are other queued governance proposals. + */ + function updateTimelock(TimelockController newTimelock) external virtual onlyGovernance { + _updateTimelock(newTimelock); + } + + function _updateTimelock(TimelockController newTimelock) private { + emit TimelockChange(address(_timelock), address(newTimelock)); + _timelock = newTimelock; + } + + /** + * @dev Computes the {TimelockController} operation salt. + * + * It is computed with the governor address itself to avoid collisions across governor instances using the + * same timelock. + */ + function _timelockSalt(bytes32 descriptionHash) private view returns (bytes32) { + return bytes20(address(this)) ^ descriptionHash; + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotes.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotes.sol new file mode 100644 index 00000000..16cd9343 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotes.sol @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorVotes.sol) + +pragma solidity ^0.8.20; + +import {Governor} from "../Governor.sol"; +import {IVotes} from "../utils/IVotes.sol"; +import {IERC5805} from "../../interfaces/IERC5805.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {Time} from "../../utils/types/Time.sol"; + +/** + * @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token, or since v4.5 an {ERC721Votes} + * token. + */ +abstract contract GovernorVotes is Governor { + IERC5805 private immutable _token; + + constructor(IVotes tokenAddress) { + _token = IERC5805(address(tokenAddress)); + } + + /** + * @dev The token that voting power is sourced from. + */ + function token() public view virtual returns (IERC5805) { + return _token; + } + + /** + * @dev Clock (as specified in ERC-6372) is set to match the token's clock. Fallback to block numbers if the token + * does not implement ERC-6372. + */ + function clock() public view virtual override returns (uint48) { + try token().clock() returns (uint48 timepoint) { + return timepoint; + } catch { + return Time.blockNumber(); + } + } + + /** + * @dev Machine-readable description of the clock as specified in ERC-6372. + */ + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual override returns (string memory) { + try token().CLOCK_MODE() returns (string memory clockmode) { + return clockmode; + } catch { + return "mode=blocknumber&from=default"; + } + } + + /** + * Read the voting weight from the token's built in snapshot mechanism (see {Governor-_getVotes}). + */ + function _getVotes( + address account, + uint256 timepoint, + bytes memory /*params*/ + ) internal view virtual override returns (uint256) { + return token().getPastVotes(account, timepoint); + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol new file mode 100644 index 00000000..85a1f982 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol @@ -0,0 +1,110 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorVotesQuorumFraction.sol) + +pragma solidity ^0.8.20; + +import {GovernorVotes} from "./GovernorVotes.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {Checkpoints} from "../../utils/structs/Checkpoints.sol"; + +/** + * @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token and a quorum expressed as a + * fraction of the total supply. + */ +abstract contract GovernorVotesQuorumFraction is GovernorVotes { + using Checkpoints for Checkpoints.Trace208; + + Checkpoints.Trace208 private _quorumNumeratorHistory; + + event QuorumNumeratorUpdated(uint256 oldQuorumNumerator, uint256 newQuorumNumerator); + + /** + * @dev The quorum set is not a valid fraction. + */ + error GovernorInvalidQuorumFraction(uint256 quorumNumerator, uint256 quorumDenominator); + + /** + * @dev Initialize quorum as a fraction of the token's total supply. + * + * The fraction is specified as `numerator / denominator`. By default the denominator is 100, so quorum is + * specified as a percent: a numerator of 10 corresponds to quorum being 10% of total supply. The denominator can be + * customized by overriding {quorumDenominator}. + */ + constructor(uint256 quorumNumeratorValue) { + _updateQuorumNumerator(quorumNumeratorValue); + } + + /** + * @dev Returns the current quorum numerator. See {quorumDenominator}. + */ + function quorumNumerator() public view virtual returns (uint256) { + return _quorumNumeratorHistory.latest(); + } + + /** + * @dev Returns the quorum numerator at a specific timepoint. See {quorumDenominator}. + */ + function quorumNumerator(uint256 timepoint) public view virtual returns (uint256) { + uint256 length = _quorumNumeratorHistory._checkpoints.length; + + // Optimistic search, check the latest checkpoint + Checkpoints.Checkpoint208 storage latest = _quorumNumeratorHistory._checkpoints[length - 1]; + uint48 latestKey = latest._key; + uint208 latestValue = latest._value; + if (latestKey <= timepoint) { + return latestValue; + } + + // Otherwise, do the binary search + return _quorumNumeratorHistory.upperLookupRecent(SafeCast.toUint48(timepoint)); + } + + /** + * @dev Returns the quorum denominator. Defaults to 100, but may be overridden. + */ + function quorumDenominator() public view virtual returns (uint256) { + return 100; + } + + /** + * @dev Returns the quorum for a timepoint, in terms of number of votes: `supply * numerator / denominator`. + */ + function quorum(uint256 timepoint) public view virtual override returns (uint256) { + return (token().getPastTotalSupply(timepoint) * quorumNumerator(timepoint)) / quorumDenominator(); + } + + /** + * @dev Changes the quorum numerator. + * + * Emits a {QuorumNumeratorUpdated} event. + * + * Requirements: + * + * - Must be called through a governance proposal. + * - New numerator must be smaller or equal to the denominator. + */ + function updateQuorumNumerator(uint256 newQuorumNumerator) external virtual onlyGovernance { + _updateQuorumNumerator(newQuorumNumerator); + } + + /** + * @dev Changes the quorum numerator. + * + * Emits a {QuorumNumeratorUpdated} event. + * + * Requirements: + * + * - New numerator must be smaller or equal to the denominator. + */ + function _updateQuorumNumerator(uint256 newQuorumNumerator) internal virtual { + uint256 denominator = quorumDenominator(); + if (newQuorumNumerator > denominator) { + revert GovernorInvalidQuorumFraction(newQuorumNumerator, denominator); + } + + uint256 oldQuorumNumerator = quorumNumerator(); + _quorumNumeratorHistory.push(clock(), SafeCast.toUint208(newQuorumNumerator)); + + emit QuorumNumeratorUpdated(oldQuorumNumerator, newQuorumNumerator); + } +} diff --git a/dependencies/@openzeppelin/contracts/governance/utils/IVotes.sol b/dependencies/@openzeppelin/contracts/governance/utils/IVotes.sol new file mode 100644 index 00000000..7ba012e6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/utils/IVotes.sol @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/utils/IVotes.sol) +pragma solidity ^0.8.20; + +/** + * @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts. + */ +interface IVotes { + /** + * @dev The signature used has expired. + */ + error VotesExpiredSignature(uint256 expiry); + + /** + * @dev Emitted when an account changes their delegate. + */ + event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate); + + /** + * @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of voting units. + */ + event DelegateVotesChanged(address indexed delegate, uint256 previousVotes, uint256 newVotes); + + /** + * @dev Returns the current amount of votes that `account` has. + */ + function getVotes(address account) external view returns (uint256); + + /** + * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is + * configured to use block numbers, this will return the value at the end of the corresponding block. + */ + function getPastVotes(address account, uint256 timepoint) external view returns (uint256); + + /** + * @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is + * configured to use block numbers, this will return the value at the end of the corresponding block. + * + * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes. + * Votes that have not been delegated are still part of total supply, even though they would not participate in a + * vote. + */ + function getPastTotalSupply(uint256 timepoint) external view returns (uint256); + + /** + * @dev Returns the delegate that `account` has chosen. + */ + function delegates(address account) external view returns (address); + + /** + * @dev Delegates votes from the sender to `delegatee`. + */ + function delegate(address delegatee) external; + + /** + * @dev Delegates votes from signer to `delegatee`. + */ + function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external; +} diff --git a/dependencies/@openzeppelin/contracts/governance/utils/Votes.sol b/dependencies/@openzeppelin/contracts/governance/utils/Votes.sol new file mode 100644 index 00000000..9c3262b9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/governance/utils/Votes.sol @@ -0,0 +1,251 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (governance/utils/Votes.sol) +pragma solidity ^0.8.20; + +import {IERC5805} from "../../interfaces/IERC5805.sol"; +import {Context} from "../../utils/Context.sol"; +import {Nonces} from "../../utils/Nonces.sol"; +import {EIP712} from "../../utils/cryptography/EIP712.sol"; +import {Checkpoints} from "../../utils/structs/Checkpoints.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {ECDSA} from "../../utils/cryptography/ECDSA.sol"; +import {Time} from "../../utils/types/Time.sol"; + +/** + * @dev This is a base abstract contract that tracks voting units, which are a measure of voting power that can be + * transferred, and provides a system of vote delegation, where an account can delegate its voting units to a sort of + * "representative" that will pool delegated voting units from different accounts and can then use it to vote in + * decisions. In fact, voting units _must_ be delegated in order to count as actual votes, and an account has to + * delegate those votes to itself if it wishes to participate in decisions and does not have a trusted representative. + * + * This contract is often combined with a token contract such that voting units correspond to token units. For an + * example, see {ERC721Votes}. + * + * The full history of delegate votes is tracked on-chain so that governance protocols can consider votes as distributed + * at a particular block number to protect against flash loans and double voting. The opt-in delegate system makes the + * cost of this history tracking optional. + * + * When using this module the derived contract must implement {_getVotingUnits} (for example, make it return + * {ERC721-balanceOf}), and can use {_transferVotingUnits} to track a change in the distribution of those units (in the + * previous example, it would be included in {ERC721-_update}). + */ +abstract contract Votes is Context, EIP712, Nonces, IERC5805 { + using Checkpoints for Checkpoints.Trace208; + + bytes32 private constant DELEGATION_TYPEHASH = + keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)"); + + mapping(address account => address) private _delegatee; + + mapping(address delegatee => Checkpoints.Trace208) private _delegateCheckpoints; + + Checkpoints.Trace208 private _totalCheckpoints; + + /** + * @dev The clock was incorrectly modified. + */ + error ERC6372InconsistentClock(); + + /** + * @dev Lookup to future votes is not available. + */ + error ERC5805FutureLookup(uint256 timepoint, uint48 clock); + + /** + * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based + * checkpoints (and voting), in which case {CLOCK_MODE} should be overridden as well to match. + */ + function clock() public view virtual returns (uint48) { + return Time.blockNumber(); + } + + /** + * @dev Machine-readable description of the clock as specified in ERC-6372. + */ + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual returns (string memory) { + // Check that the clock was not modified + if (clock() != Time.blockNumber()) { + revert ERC6372InconsistentClock(); + } + return "mode=blocknumber&from=default"; + } + + /** + * @dev Returns the current amount of votes that `account` has. + */ + function getVotes(address account) public view virtual returns (uint256) { + return _delegateCheckpoints[account].latest(); + } + + /** + * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is + * configured to use block numbers, this will return the value at the end of the corresponding block. + * + * Requirements: + * + * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined. + */ + function getPastVotes(address account, uint256 timepoint) public view virtual returns (uint256) { + uint48 currentTimepoint = clock(); + if (timepoint >= currentTimepoint) { + revert ERC5805FutureLookup(timepoint, currentTimepoint); + } + return _delegateCheckpoints[account].upperLookupRecent(SafeCast.toUint48(timepoint)); + } + + /** + * @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is + * configured to use block numbers, this will return the value at the end of the corresponding block. + * + * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes. + * Votes that have not been delegated are still part of total supply, even though they would not participate in a + * vote. + * + * Requirements: + * + * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined. + */ + function getPastTotalSupply(uint256 timepoint) public view virtual returns (uint256) { + uint48 currentTimepoint = clock(); + if (timepoint >= currentTimepoint) { + revert ERC5805FutureLookup(timepoint, currentTimepoint); + } + return _totalCheckpoints.upperLookupRecent(SafeCast.toUint48(timepoint)); + } + + /** + * @dev Returns the current total supply of votes. + */ + function _getTotalSupply() internal view virtual returns (uint256) { + return _totalCheckpoints.latest(); + } + + /** + * @dev Returns the delegate that `account` has chosen. + */ + function delegates(address account) public view virtual returns (address) { + return _delegatee[account]; + } + + /** + * @dev Delegates votes from the sender to `delegatee`. + */ + function delegate(address delegatee) public virtual { + address account = _msgSender(); + _delegate(account, delegatee); + } + + /** + * @dev Delegates votes from signer to `delegatee`. + */ + function delegateBySig( + address delegatee, + uint256 nonce, + uint256 expiry, + uint8 v, + bytes32 r, + bytes32 s + ) public virtual { + if (block.timestamp > expiry) { + revert VotesExpiredSignature(expiry); + } + address signer = ECDSA.recover( + _hashTypedDataV4(keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry))), + v, + r, + s + ); + _useCheckedNonce(signer, nonce); + _delegate(signer, delegatee); + } + + /** + * @dev Delegate all of `account`'s voting units to `delegatee`. + * + * Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}. + */ + function _delegate(address account, address delegatee) internal virtual { + address oldDelegate = delegates(account); + _delegatee[account] = delegatee; + + emit DelegateChanged(account, oldDelegate, delegatee); + _moveDelegateVotes(oldDelegate, delegatee, _getVotingUnits(account)); + } + + /** + * @dev Transfers, mints, or burns voting units. To register a mint, `from` should be zero. To register a burn, `to` + * should be zero. Total supply of voting units will be adjusted with mints and burns. + */ + function _transferVotingUnits(address from, address to, uint256 amount) internal virtual { + if (from == address(0)) { + _push(_totalCheckpoints, _add, SafeCast.toUint208(amount)); + } + if (to == address(0)) { + _push(_totalCheckpoints, _subtract, SafeCast.toUint208(amount)); + } + _moveDelegateVotes(delegates(from), delegates(to), amount); + } + + /** + * @dev Moves delegated votes from one delegate to another. + */ + function _moveDelegateVotes(address from, address to, uint256 amount) internal virtual { + if (from != to && amount > 0) { + if (from != address(0)) { + (uint256 oldValue, uint256 newValue) = _push( + _delegateCheckpoints[from], + _subtract, + SafeCast.toUint208(amount) + ); + emit DelegateVotesChanged(from, oldValue, newValue); + } + if (to != address(0)) { + (uint256 oldValue, uint256 newValue) = _push( + _delegateCheckpoints[to], + _add, + SafeCast.toUint208(amount) + ); + emit DelegateVotesChanged(to, oldValue, newValue); + } + } + } + + /** + * @dev Get number of checkpoints for `account`. + */ + function _numCheckpoints(address account) internal view virtual returns (uint32) { + return SafeCast.toUint32(_delegateCheckpoints[account].length()); + } + + /** + * @dev Get the `pos`-th checkpoint for `account`. + */ + function _checkpoints( + address account, + uint32 pos + ) internal view virtual returns (Checkpoints.Checkpoint208 memory) { + return _delegateCheckpoints[account].at(pos); + } + + function _push( + Checkpoints.Trace208 storage store, + function(uint208, uint208) view returns (uint208) op, + uint208 delta + ) private returns (uint208 oldValue, uint208 newValue) { + return store.push(clock(), op(store.latest(), delta)); + } + + function _add(uint208 a, uint208 b) private pure returns (uint208) { + return a + b; + } + + function _subtract(uint208 a, uint208 b) private pure returns (uint208) { + return a - b; + } + + /** + * @dev Must return the voting units held by an account. + */ + function _getVotingUnits(address) internal view virtual returns (uint256); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1155.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1155.sol new file mode 100644 index 00000000..bb502b1d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1155.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1155.sol) + +pragma solidity ^0.8.20; + +import {IERC1155} from "../token/ERC1155/IERC1155.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1155MetadataURI.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1155MetadataURI.sol new file mode 100644 index 00000000..dac0bab5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1155MetadataURI.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1155MetadataURI.sol) + +pragma solidity ^0.8.20; + +import {IERC1155MetadataURI} from "../token/ERC1155/extensions/IERC1155MetadataURI.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1155Receiver.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1155Receiver.sol new file mode 100644 index 00000000..6bb7c968 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1155Receiver.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1155Receiver.sol) + +pragma solidity ^0.8.20; + +import {IERC1155Receiver} from "../token/ERC1155/IERC1155Receiver.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1271.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1271.sol new file mode 100644 index 00000000..5f5b3263 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1271.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1271.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-1271 standard signature validation method for + * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271]. + */ +interface IERC1271 { + /** + * @dev Should return whether the signature provided is valid for the provided data + * @param hash Hash of the data to be signed + * @param signature Signature byte array associated with _data + */ + function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1363.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1363.sol new file mode 100644 index 00000000..a5246da3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1363.sol @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1363.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "./IERC20.sol"; +import {IERC165} from "./IERC165.sol"; + +/** + * @title IERC1363 + * @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363]. + * + * Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract + * after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction. + */ +interface IERC1363 is IERC20, IERC165 { + /* + * Note: the ERC-165 identifier for this interface is 0xb0202a11. + * 0xb0202a11 === + * bytes4(keccak256('transferAndCall(address,uint256)')) ^ + * bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^ + * bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^ + * bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^ + * bytes4(keccak256('approveAndCall(address,uint256)')) ^ + * bytes4(keccak256('approveAndCall(address,uint256,bytes)')) + */ + + /** + * @dev Moves a `value` amount of tokens from the caller's account to `to` + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * @param to The address which you want to transfer to. + * @param value The amount of tokens to be transferred. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function transferAndCall(address to, uint256 value) external returns (bool); + + /** + * @dev Moves a `value` amount of tokens from the caller's account to `to` + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * @param to The address which you want to transfer to. + * @param value The amount of tokens to be transferred. + * @param data Additional data with no specified format, sent in call to `to`. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool); + + /** + * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * @param from The address which you want to send tokens from. + * @param to The address which you want to transfer to. + * @param value The amount of tokens to be transferred. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function transferFromAndCall(address from, address to, uint256 value) external returns (bool); + + /** + * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * @param from The address which you want to send tokens from. + * @param to The address which you want to transfer to. + * @param value The amount of tokens to be transferred. + * @param data Additional data with no specified format, sent in call to `to`. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool); + + /** + * @dev Sets a `value` amount of tokens as the allowance of `spender` over the + * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`. + * @param spender The address which will spend the funds. + * @param value The amount of tokens to be spent. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function approveAndCall(address spender, uint256 value) external returns (bool); + + /** + * @dev Sets a `value` amount of tokens as the allowance of `spender` over the + * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`. + * @param spender The address which will spend the funds. + * @param value The amount of tokens to be spent. + * @param data Additional data with no specified format, sent in call to `spender`. + * @return A boolean value indicating whether the operation succeeded unless throwing. + */ + function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1363Receiver.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1363Receiver.sol new file mode 100644 index 00000000..27917884 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1363Receiver.sol @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1363Receiver.sol) + +pragma solidity ^0.8.20; + +/** + * @title IERC1363Receiver + * @dev Interface for any contract that wants to support `transferAndCall` or `transferFromAndCall` + * from ERC-1363 token contracts. + */ +interface IERC1363Receiver { + /** + * @dev Whenever ERC-1363 tokens are transferred to this contract via `transferAndCall` or `transferFromAndCall` + * by `operator` from `from`, this function is called. + * + * NOTE: To accept the transfer, this must return + * `bytes4(keccak256("onTransferReceived(address,address,uint256,bytes)"))` + * (i.e. 0x88a7ca5c, or its own function selector). + * + * @param operator The address which called `transferAndCall` or `transferFromAndCall` function. + * @param from The address which the tokens are transferred from. + * @param value The amount of tokens transferred. + * @param data Additional data with no specified format. + * @return `bytes4(keccak256("onTransferReceived(address,address,uint256,bytes)"))` if transfer is allowed unless throwing. + */ + function onTransferReceived( + address operator, + address from, + uint256 value, + bytes calldata data + ) external returns (bytes4); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1363Spender.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1363Spender.sol new file mode 100644 index 00000000..4e9aba7d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1363Spender.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1363Spender.sol) + +pragma solidity ^0.8.20; + +/** + * @title IERC1363Spender + * @dev Interface for any contract that wants to support `approveAndCall` + * from ERC-1363 token contracts. + */ +interface IERC1363Spender { + /** + * @dev Whenever an ERC-1363 token `owner` approves this contract via `approveAndCall` + * to spend their tokens, this function is called. + * + * NOTE: To accept the approval, this must return + * `bytes4(keccak256("onApprovalReceived(address,uint256,bytes)"))` + * (i.e. 0x7b04a2d0, or its own function selector). + * + * @param owner The address which called `approveAndCall` function and previously owned the tokens. + * @param value The amount of tokens to be spent. + * @param data Additional data with no specified format. + * @return `bytes4(keccak256("onApprovalReceived(address,uint256,bytes)"))` if approval is allowed unless throwing. + */ + function onApprovalReceived(address owner, uint256 value, bytes calldata data) external returns (bytes4); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC165.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC165.sol new file mode 100644 index 00000000..944dd0d5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC165.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../utils/introspection/IERC165.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1820Implementer.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1820Implementer.sol new file mode 100644 index 00000000..9cf941a3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1820Implementer.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1820Implementer.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface for an ERC-1820 implementer, as defined in the + * https://eips.ethereum.org/EIPS/eip-1820#interface-implementation-erc1820implementerinterface[ERC]. + * Used by contracts that will be registered as implementers in the + * {IERC1820Registry}. + */ +interface IERC1820Implementer { + /** + * @dev Returns a special value (`ERC1820_ACCEPT_MAGIC`) if this contract + * implements `interfaceHash` for `account`. + * + * See {IERC1820Registry-setInterfaceImplementer}. + */ + function canImplementInterfaceForAddress(bytes32 interfaceHash, address account) external view returns (bytes32); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1820Registry.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1820Registry.sol new file mode 100644 index 00000000..b8f3d739 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1820Registry.sol @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1820Registry.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the global ERC-1820 Registry, as defined in the + * https://eips.ethereum.org/EIPS/eip-1820[ERC]. Accounts may register + * implementers for interfaces in this registry, as well as query support. + * + * Implementers may be shared by multiple accounts, and can also implement more + * than a single interface for each account. Contracts can implement interfaces + * for themselves, but externally-owned accounts (EOA) must delegate this to a + * contract. + * + * {IERC165} interfaces can also be queried via the registry. + * + * For an in-depth explanation and source code analysis, see the ERC text. + */ +interface IERC1820Registry { + event InterfaceImplementerSet(address indexed account, bytes32 indexed interfaceHash, address indexed implementer); + + event ManagerChanged(address indexed account, address indexed newManager); + + /** + * @dev Sets `newManager` as the manager for `account`. A manager of an + * account is able to set interface implementers for it. + * + * By default, each account is its own manager. Passing a value of `0x0` in + * `newManager` will reset the manager to this initial state. + * + * Emits a {ManagerChanged} event. + * + * Requirements: + * + * - the caller must be the current manager for `account`. + */ + function setManager(address account, address newManager) external; + + /** + * @dev Returns the manager for `account`. + * + * See {setManager}. + */ + function getManager(address account) external view returns (address); + + /** + * @dev Sets the `implementer` contract as ``account``'s implementer for + * `interfaceHash`. + * + * `account` being the zero address is an alias for the caller's address. + * The zero address can also be used in `implementer` to remove an old one. + * + * See {interfaceHash} to learn how these are created. + * + * Emits an {InterfaceImplementerSet} event. + * + * Requirements: + * + * - the caller must be the current manager for `account`. + * - `interfaceHash` must not be an {IERC165} interface id (i.e. it must not + * end in 28 zeroes). + * - `implementer` must implement {IERC1820Implementer} and return true when + * queried for support, unless `implementer` is the caller. See + * {IERC1820Implementer-canImplementInterfaceForAddress}. + */ + function setInterfaceImplementer(address account, bytes32 _interfaceHash, address implementer) external; + + /** + * @dev Returns the implementer of `interfaceHash` for `account`. If no such + * implementer is registered, returns the zero address. + * + * If `interfaceHash` is an {IERC165} interface id (i.e. it ends with 28 + * zeroes), `account` will be queried for support of it. + * + * `account` being the zero address is an alias for the caller's address. + */ + function getInterfaceImplementer(address account, bytes32 _interfaceHash) external view returns (address); + + /** + * @dev Returns the interface hash for an `interfaceName`, as defined in the + * corresponding + * https://eips.ethereum.org/EIPS/eip-1820#interface-name[section of the ERC]. + */ + function interfaceHash(string calldata interfaceName) external pure returns (bytes32); + + /** + * @notice Updates the cache with whether the contract implements an ERC-165 interface or not. + * @param account Address of the contract for which to update the cache. + * @param interfaceId ERC-165 interface for which to update the cache. + */ + function updateERC165Cache(address account, bytes4 interfaceId) external; + + /** + * @notice Checks whether a contract implements an ERC-165 interface or not. + * If the result is not cached a direct lookup on the contract address is performed. + * If the result is not cached or the cached value is out-of-date, the cache MUST be updated manually by calling + * {updateERC165Cache} with the contract address. + * @param account Address of the contract to check. + * @param interfaceId ERC-165 interface to check. + * @return True if `account` implements `interfaceId`, false otherwise. + */ + function implementsERC165Interface(address account, bytes4 interfaceId) external view returns (bool); + + /** + * @notice Checks whether a contract implements an ERC-165 interface or not without using or updating the cache. + * @param account Address of the contract to check. + * @param interfaceId ERC-165 interface to check. + * @return True if `account` implements `interfaceId`, false otherwise. + */ + function implementsERC165InterfaceNoCache(address account, bytes4 interfaceId) external view returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC1967.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC1967.sol new file mode 100644 index 00000000..d285ec88 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC1967.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1967.sol) + +pragma solidity ^0.8.20; + +/** + * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC. + */ +interface IERC1967 { + /** + * @dev Emitted when the implementation is upgraded. + */ + event Upgraded(address indexed implementation); + + /** + * @dev Emitted when the admin account has changed. + */ + event AdminChanged(address previousAdmin, address newAdmin); + + /** + * @dev Emitted when the beacon is changed. + */ + event BeaconUpgraded(address indexed beacon); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC20.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC20.sol new file mode 100644 index 00000000..21d5a413 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC20.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC20.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "../token/ERC20/IERC20.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC20Metadata.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC20Metadata.sol new file mode 100644 index 00000000..b7bc6916 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC20Metadata.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC20Metadata.sol) + +pragma solidity ^0.8.20; + +import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC2309.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC2309.sol new file mode 100644 index 00000000..aa00f341 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC2309.sol @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC2309.sol) + +pragma solidity ^0.8.20; + +/** + * @dev ERC-2309: ERC-721 Consecutive Transfer Extension. + */ +interface IERC2309 { + /** + * @dev Emitted when the tokens from `fromTokenId` to `toTokenId` are transferred from `fromAddress` to `toAddress`. + */ + event ConsecutiveTransfer( + uint256 indexed fromTokenId, + uint256 toTokenId, + address indexed fromAddress, + address indexed toAddress + ); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC2612.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC2612.sol new file mode 100644 index 00000000..c0427bbf --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC2612.sol @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC2612.sol) + +pragma solidity ^0.8.20; + +import {IERC20Permit} from "../token/ERC20/extensions/IERC20Permit.sol"; + +interface IERC2612 is IERC20Permit {} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC2981.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC2981.sol new file mode 100644 index 00000000..22b951dd --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC2981.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC2981.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../utils/introspection/IERC165.sol"; + +/** + * @dev Interface for the NFT Royalty Standard. + * + * A standardized way to retrieve royalty payment information for non-fungible tokens (NFTs) to enable universal + * support for royalty payments across all NFT marketplaces and ecosystem participants. + */ +interface IERC2981 is IERC165 { + /** + * @dev Returns how much royalty is owed and to whom, based on a sale price that may be denominated in any unit of + * exchange. The royalty amount is denominated and should be paid in that same unit of exchange. + * + * NOTE: ERC-2981 allows setting the royalty to 100% of the price. In that case all the price would be sent to the + * royalty receiver and 0 tokens to the seller. Contracts dealing with royalty should consider empty transfers. + */ + function royaltyInfo( + uint256 tokenId, + uint256 salePrice + ) external view returns (address receiver, uint256 royaltyAmount); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC3156.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC3156.sol new file mode 100644 index 00000000..0f48bf38 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC3156.sol @@ -0,0 +1,7 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC3156.sol) + +pragma solidity ^0.8.20; + +import {IERC3156FlashBorrower} from "./IERC3156FlashBorrower.sol"; +import {IERC3156FlashLender} from "./IERC3156FlashLender.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashBorrower.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashBorrower.sol new file mode 100644 index 00000000..4fd10e7c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashBorrower.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC3156FlashBorrower.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-3156 FlashBorrower, as defined in + * https://eips.ethereum.org/EIPS/eip-3156[ERC-3156]. + */ +interface IERC3156FlashBorrower { + /** + * @dev Receive a flash loan. + * @param initiator The initiator of the loan. + * @param token The loan currency. + * @param amount The amount of tokens lent. + * @param fee The additional amount of tokens to repay. + * @param data Arbitrary data structure, intended to contain user-defined parameters. + * @return The keccak256 hash of "ERC3156FlashBorrower.onFlashLoan" + */ + function onFlashLoan( + address initiator, + address token, + uint256 amount, + uint256 fee, + bytes calldata data + ) external returns (bytes32); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashLender.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashLender.sol new file mode 100644 index 00000000..47208ac3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC3156FlashLender.sol @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC3156FlashLender.sol) + +pragma solidity ^0.8.20; + +import {IERC3156FlashBorrower} from "./IERC3156FlashBorrower.sol"; + +/** + * @dev Interface of the ERC-3156 FlashLender, as defined in + * https://eips.ethereum.org/EIPS/eip-3156[ERC-3156]. + */ +interface IERC3156FlashLender { + /** + * @dev The amount of currency available to be lended. + * @param token The loan currency. + * @return The amount of `token` that can be borrowed. + */ + function maxFlashLoan(address token) external view returns (uint256); + + /** + * @dev The fee to be charged for a given loan. + * @param token The loan currency. + * @param amount The amount of tokens lent. + * @return The amount of `token` to be charged for the loan, on top of the returned principal. + */ + function flashFee(address token, uint256 amount) external view returns (uint256); + + /** + * @dev Initiate a flash loan. + * @param receiver The receiver of the tokens in the loan, and the receiver of the callback. + * @param token The loan currency. + * @param amount The amount of tokens lent. + * @param data Arbitrary data structure, intended to contain user-defined parameters. + */ + function flashLoan( + IERC3156FlashBorrower receiver, + address token, + uint256 amount, + bytes calldata data + ) external returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC4626.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC4626.sol new file mode 100644 index 00000000..9a24507a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC4626.sol @@ -0,0 +1,230 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "../token/ERC20/IERC20.sol"; +import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol"; + +/** + * @dev Interface of the ERC-4626 "Tokenized Vault Standard", as defined in + * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626]. + */ +interface IERC4626 is IERC20, IERC20Metadata { + event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares); + + event Withdraw( + address indexed sender, + address indexed receiver, + address indexed owner, + uint256 assets, + uint256 shares + ); + + /** + * @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing. + * + * - MUST be an ERC-20 token contract. + * - MUST NOT revert. + */ + function asset() external view returns (address assetTokenAddress); + + /** + * @dev Returns the total amount of the underlying asset that is β€œmanaged” by Vault. + * + * - SHOULD include any compounding that occurs from yield. + * - MUST be inclusive of any fees that are charged against assets in the Vault. + * - MUST NOT revert. + */ + function totalAssets() external view returns (uint256 totalManagedAssets); + + /** + * @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal + * scenario where all the conditions are met. + * + * - MUST NOT be inclusive of any fees that are charged against assets in the Vault. + * - MUST NOT show any variations depending on the caller. + * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange. + * - MUST NOT revert. + * + * NOTE: This calculation MAY NOT reflect the β€œper-user” price-per-share, and instead should reflect the + * β€œaverage-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and + * from. + */ + function convertToShares(uint256 assets) external view returns (uint256 shares); + + /** + * @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal + * scenario where all the conditions are met. + * + * - MUST NOT be inclusive of any fees that are charged against assets in the Vault. + * - MUST NOT show any variations depending on the caller. + * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange. + * - MUST NOT revert. + * + * NOTE: This calculation MAY NOT reflect the β€œper-user” price-per-share, and instead should reflect the + * β€œaverage-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and + * from. + */ + function convertToAssets(uint256 shares) external view returns (uint256 assets); + + /** + * @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver, + * through a deposit call. + * + * - MUST return a limited value if receiver is subject to some deposit limit. + * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited. + * - MUST NOT revert. + */ + function maxDeposit(address receiver) external view returns (uint256 maxAssets); + + /** + * @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given + * current on-chain conditions. + * + * - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit + * call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called + * in the same transaction. + * - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the + * deposit would be accepted, regardless if the user has enough tokens approved, etc. + * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees. + * - MUST NOT revert. + * + * NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in + * share price or some other type of condition, meaning the depositor will lose assets by depositing. + */ + function previewDeposit(uint256 assets) external view returns (uint256 shares); + + /** + * @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens. + * + * - MUST emit the Deposit event. + * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the + * deposit execution, and are accounted for during deposit. + * - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not + * approving enough underlying tokens to the Vault contract, etc). + * + * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token. + */ + function deposit(uint256 assets, address receiver) external returns (uint256 shares); + + /** + * @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call. + * - MUST return a limited value if receiver is subject to some mint limit. + * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted. + * - MUST NOT revert. + */ + function maxMint(address receiver) external view returns (uint256 maxShares); + + /** + * @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given + * current on-chain conditions. + * + * - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call + * in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the + * same transaction. + * - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint + * would be accepted, regardless if the user has enough tokens approved, etc. + * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees. + * - MUST NOT revert. + * + * NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in + * share price or some other type of condition, meaning the depositor will lose assets by minting. + */ + function previewMint(uint256 shares) external view returns (uint256 assets); + + /** + * @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens. + * + * - MUST emit the Deposit event. + * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint + * execution, and are accounted for during mint. + * - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not + * approving enough underlying tokens to the Vault contract, etc). + * + * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token. + */ + function mint(uint256 shares, address receiver) external returns (uint256 assets); + + /** + * @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the + * Vault, through a withdraw call. + * + * - MUST return a limited value if owner is subject to some withdrawal limit or timelock. + * - MUST NOT revert. + */ + function maxWithdraw(address owner) external view returns (uint256 maxAssets); + + /** + * @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block, + * given current on-chain conditions. + * + * - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw + * call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if + * called + * in the same transaction. + * - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though + * the withdrawal would be accepted, regardless if the user has enough shares, etc. + * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees. + * - MUST NOT revert. + * + * NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in + * share price or some other type of condition, meaning the depositor will lose assets by depositing. + */ + function previewWithdraw(uint256 assets) external view returns (uint256 shares); + + /** + * @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver. + * + * - MUST emit the Withdraw event. + * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the + * withdraw execution, and are accounted for during withdraw. + * - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner + * not having enough shares, etc). + * + * Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed. + * Those methods should be performed separately. + */ + function withdraw(uint256 assets, address receiver, address owner) external returns (uint256 shares); + + /** + * @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault, + * through a redeem call. + * + * - MUST return a limited value if owner is subject to some withdrawal limit or timelock. + * - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock. + * - MUST NOT revert. + */ + function maxRedeem(address owner) external view returns (uint256 maxShares); + + /** + * @dev Allows an on-chain or off-chain user to simulate the effects of their redeemption at the current block, + * given current on-chain conditions. + * + * - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call + * in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the + * same transaction. + * - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the + * redemption would be accepted, regardless if the user has enough shares, etc. + * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees. + * - MUST NOT revert. + * + * NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in + * share price or some other type of condition, meaning the depositor will lose assets by redeeming. + */ + function previewRedeem(uint256 shares) external view returns (uint256 assets); + + /** + * @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver. + * + * - MUST emit the Withdraw event. + * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the + * redeem execution, and are accounted for during redeem. + * - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner + * not having enough shares, etc). + * + * NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed. + * Those methods should be performed separately. + */ + function redeem(uint256 shares, address receiver, address owner) external returns (uint256 assets); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC4906.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC4906.sol new file mode 100644 index 00000000..cdcace31 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC4906.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4906.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "./IERC165.sol"; +import {IERC721} from "./IERC721.sol"; + +/// @title ERC-721 Metadata Update Extension +interface IERC4906 is IERC165, IERC721 { + /// @dev This event emits when the metadata of a token is changed. + /// So that the third-party platforms such as NFT market could + /// timely update the images and related attributes of the NFT. + event MetadataUpdate(uint256 _tokenId); + + /// @dev This event emits when the metadata of a range of tokens is changed. + /// So that the third-party platforms such as NFT market could + /// timely update the images and related attributes of the NFTs. + event BatchMetadataUpdate(uint256 _fromTokenId, uint256 _toTokenId); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC5267.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC5267.sol new file mode 100644 index 00000000..47a9fd58 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC5267.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5267.sol) + +pragma solidity ^0.8.20; + +interface IERC5267 { + /** + * @dev MAY be emitted to signal that the domain could have changed. + */ + event EIP712DomainChanged(); + + /** + * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712 + * signature. + */ + function eip712Domain() + external + view + returns ( + bytes1 fields, + string memory name, + string memory version, + uint256 chainId, + address verifyingContract, + bytes32 salt, + uint256[] memory extensions + ); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC5313.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC5313.sol new file mode 100644 index 00000000..62f8d75c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC5313.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5313.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface for the Light Contract Ownership Standard. + * + * A standardized minimal interface required to identify an account that controls a contract + */ +interface IERC5313 { + /** + * @dev Gets the address of the owner. + */ + function owner() external view returns (address); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC5805.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC5805.sol new file mode 100644 index 00000000..a89e22df --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC5805.sol @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5805.sol) + +pragma solidity ^0.8.20; + +import {IVotes} from "../governance/utils/IVotes.sol"; +import {IERC6372} from "./IERC6372.sol"; + +interface IERC5805 is IERC6372, IVotes {} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC6372.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC6372.sol new file mode 100644 index 00000000..7d2ea4a5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC6372.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC6372.sol) + +pragma solidity ^0.8.20; + +interface IERC6372 { + /** + * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based checkpoints (and voting). + */ + function clock() external view returns (uint48); + + /** + * @dev Description of the clock + */ + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() external view returns (string memory); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC721.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC721.sol new file mode 100644 index 00000000..0ea735bb --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC721.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC721.sol) + +pragma solidity ^0.8.20; + +import {IERC721} from "../token/ERC721/IERC721.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC721Enumerable.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC721Enumerable.sol new file mode 100644 index 00000000..d83a0562 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC721Enumerable.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC721Enumerable.sol) + +pragma solidity ^0.8.20; + +import {IERC721Enumerable} from "../token/ERC721/extensions/IERC721Enumerable.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC721Metadata.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC721Metadata.sol new file mode 100644 index 00000000..d79dd686 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC721Metadata.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC721Metadata.sol) + +pragma solidity ^0.8.20; + +import {IERC721Metadata} from "../token/ERC721/extensions/IERC721Metadata.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC721Receiver.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC721Receiver.sol new file mode 100644 index 00000000..6b2a5aa6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC721Receiver.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC721Receiver.sol) + +pragma solidity ^0.8.20; + +import {IERC721Receiver} from "../token/ERC721/IERC721Receiver.sol"; diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC777.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC777.sol new file mode 100644 index 00000000..31f05aa6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC777.sol @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC777.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-777 Token standard as defined in the ERC. + * + * This contract uses the + * https://eips.ethereum.org/EIPS/eip-1820[ERC-1820 registry standard] to let + * token holders and recipients react to token movements by using setting implementers + * for the associated interfaces in said registry. See {IERC1820Registry} and + * {IERC1820Implementer}. + */ +interface IERC777 { + /** + * @dev Emitted when `amount` tokens are created by `operator` and assigned to `to`. + * + * Note that some additional user `data` and `operatorData` can be logged in the event. + */ + event Minted(address indexed operator, address indexed to, uint256 amount, bytes data, bytes operatorData); + + /** + * @dev Emitted when `operator` destroys `amount` tokens from `account`. + * + * Note that some additional user `data` and `operatorData` can be logged in the event. + */ + event Burned(address indexed operator, address indexed from, uint256 amount, bytes data, bytes operatorData); + + /** + * @dev Emitted when `operator` is made operator for `tokenHolder`. + */ + event AuthorizedOperator(address indexed operator, address indexed tokenHolder); + + /** + * @dev Emitted when `operator` is revoked its operator status for `tokenHolder`. + */ + event RevokedOperator(address indexed operator, address indexed tokenHolder); + + /** + * @dev Returns the name of the token. + */ + function name() external view returns (string memory); + + /** + * @dev Returns the symbol of the token, usually a shorter version of the + * name. + */ + function symbol() external view returns (string memory); + + /** + * @dev Returns the smallest part of the token that is not divisible. This + * means all token operations (creation, movement and destruction) must have + * amounts that are a multiple of this number. + * + * For most token contracts, this value will equal 1. + */ + function granularity() external view returns (uint256); + + /** + * @dev Returns the amount of tokens in existence. + */ + function totalSupply() external view returns (uint256); + + /** + * @dev Returns the amount of tokens owned by an account (`owner`). + */ + function balanceOf(address owner) external view returns (uint256); + + /** + * @dev Moves `amount` tokens from the caller's account to `recipient`. + * + * If send or receive hooks are registered for the caller and `recipient`, + * the corresponding functions will be called with `data` and empty + * `operatorData`. See {IERC777Sender} and {IERC777Recipient}. + * + * Emits a {Sent} event. + * + * Requirements + * + * - the caller must have at least `amount` tokens. + * - `recipient` cannot be the zero address. + * - if `recipient` is a contract, it must implement the {IERC777Recipient} + * interface. + */ + function send(address recipient, uint256 amount, bytes calldata data) external; + + /** + * @dev Destroys `amount` tokens from the caller's account, reducing the + * total supply. + * + * If a send hook is registered for the caller, the corresponding function + * will be called with `data` and empty `operatorData`. See {IERC777Sender}. + * + * Emits a {Burned} event. + * + * Requirements + * + * - the caller must have at least `amount` tokens. + */ + function burn(uint256 amount, bytes calldata data) external; + + /** + * @dev Returns true if an account is an operator of `tokenHolder`. + * Operators can send and burn tokens on behalf of their owners. All + * accounts are their own operator. + * + * See {operatorSend} and {operatorBurn}. + */ + function isOperatorFor(address operator, address tokenHolder) external view returns (bool); + + /** + * @dev Make an account an operator of the caller. + * + * See {isOperatorFor}. + * + * Emits an {AuthorizedOperator} event. + * + * Requirements + * + * - `operator` cannot be calling address. + */ + function authorizeOperator(address operator) external; + + /** + * @dev Revoke an account's operator status for the caller. + * + * See {isOperatorFor} and {defaultOperators}. + * + * Emits a {RevokedOperator} event. + * + * Requirements + * + * - `operator` cannot be calling address. + */ + function revokeOperator(address operator) external; + + /** + * @dev Returns the list of default operators. These accounts are operators + * for all token holders, even if {authorizeOperator} was never called on + * them. + * + * This list is immutable, but individual holders may revoke these via + * {revokeOperator}, in which case {isOperatorFor} will return false. + */ + function defaultOperators() external view returns (address[] memory); + + /** + * @dev Moves `amount` tokens from `sender` to `recipient`. The caller must + * be an operator of `sender`. + * + * If send or receive hooks are registered for `sender` and `recipient`, + * the corresponding functions will be called with `data` and + * `operatorData`. See {IERC777Sender} and {IERC777Recipient}. + * + * Emits a {Sent} event. + * + * Requirements + * + * - `sender` cannot be the zero address. + * - `sender` must have at least `amount` tokens. + * - the caller must be an operator for `sender`. + * - `recipient` cannot be the zero address. + * - if `recipient` is a contract, it must implement the {IERC777Recipient} + * interface. + */ + function operatorSend( + address sender, + address recipient, + uint256 amount, + bytes calldata data, + bytes calldata operatorData + ) external; + + /** + * @dev Destroys `amount` tokens from `account`, reducing the total supply. + * The caller must be an operator of `account`. + * + * If a send hook is registered for `account`, the corresponding function + * will be called with `data` and `operatorData`. See {IERC777Sender}. + * + * Emits a {Burned} event. + * + * Requirements + * + * - `account` cannot be the zero address. + * - `account` must have at least `amount` tokens. + * - the caller must be an operator for `account`. + */ + function operatorBurn(address account, uint256 amount, bytes calldata data, bytes calldata operatorData) external; + + event Sent( + address indexed operator, + address indexed from, + address indexed to, + uint256 amount, + bytes data, + bytes operatorData + ); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC777Recipient.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC777Recipient.sol new file mode 100644 index 00000000..1619e112 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC777Recipient.sol @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC777Recipient.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-777 Tokens Recipient standard as defined in the ERC. + * + * Accounts can be notified of {IERC777} tokens being sent to them by having a + * contract implement this interface (contract holders can be their own + * implementer) and registering it on the + * https://eips.ethereum.org/EIPS/eip-1820[ERC-1820 global registry]. + * + * See {IERC1820Registry} and {IERC1820Implementer}. + */ +interface IERC777Recipient { + /** + * @dev Called by an {IERC777} token contract whenever tokens are being + * moved or created into a registered account (`to`). The type of operation + * is conveyed by `from` being the zero address or not. + * + * This call occurs _after_ the token contract's state is updated, so + * {IERC777-balanceOf}, etc., can be used to query the post-operation state. + * + * This function may revert to prevent the operation from being executed. + */ + function tokensReceived( + address operator, + address from, + address to, + uint256 amount, + bytes calldata userData, + bytes calldata operatorData + ) external; +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/IERC777Sender.sol b/dependencies/@openzeppelin/contracts/interfaces/IERC777Sender.sol new file mode 100644 index 00000000..f47a7832 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/IERC777Sender.sol @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC777Sender.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-777 Tokens Sender standard as defined in the ERC. + * + * {IERC777} Token holders can be notified of operations performed on their + * tokens by having a contract implement this interface (contract holders can be + * their own implementer) and registering it on the + * https://eips.ethereum.org/EIPS/eip-1820[ERC-1820 global registry]. + * + * See {IERC1820Registry} and {IERC1820Implementer}. + */ +interface IERC777Sender { + /** + * @dev Called by an {IERC777} token contract whenever a registered holder's + * (`from`) tokens are about to be moved or destroyed. The type of operation + * is conveyed by `to` being the zero address or not. + * + * This call occurs _before_ the token contract's state is updated, so + * {IERC777-balanceOf}, etc., can be used to query the pre-operation state. + * + * This function may revert to prevent the operation from being executed. + */ + function tokensToSend( + address operator, + address from, + address to, + uint256 amount, + bytes calldata userData, + bytes calldata operatorData + ) external; +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/README.adoc b/dependencies/@openzeppelin/contracts/interfaces/README.adoc new file mode 100644 index 00000000..61aae05d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/README.adoc @@ -0,0 +1,85 @@ += Interfaces + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/interfaces + +== List of standardized interfaces +These interfaces are available as `.sol` files, and also as compiler `.json` ABI files (through the npm package). These +are useful to interact with third party contracts that implement them. + +- {IERC20} +- {IERC20Errors} +- {IERC20Metadata} +- {IERC165} +- {IERC721} +- {IERC721Receiver} +- {IERC721Enumerable} +- {IERC721Metadata} +- {IERC721Errors} +- {IERC777} +- {IERC777Recipient} +- {IERC777Sender} +- {IERC1155} +- {IERC1155Receiver} +- {IERC1155MetadataURI} +- {IERC1155Errors} +- {IERC1271} +- {IERC1363} +- {IERC1363Receiver} +- {IERC1363Spender} +- {IERC1820Implementer} +- {IERC1820Registry} +- {IERC1822Proxiable} +- {IERC2612} +- {IERC2981} +- {IERC3156FlashLender} +- {IERC3156FlashBorrower} +- {IERC4626} +- {IERC4906} +- {IERC5267} +- {IERC5313} +- {IERC5805} +- {IERC6372} +- {IERC7674} + +== Detailed ABI + +{{IERC20Errors}} + +{{IERC721Errors}} + +{{IERC1155Errors}} + +{{IERC1271}} + +{{IERC1363}} + +{{IERC1363Receiver}} + +{{IERC1363Spender}} + +{{IERC1820Implementer}} + +{{IERC1820Registry}} + +{{IERC1822Proxiable}} + +{{IERC2612}} + +{{IERC2981}} + +{{IERC3156FlashLender}} + +{{IERC3156FlashBorrower}} + +{{IERC4626}} + +{{IERC5313}} + +{{IERC5267}} + +{{IERC5805}} + +{{IERC6372}} + +{{IERC7674}} diff --git a/dependencies/@openzeppelin/contracts/interfaces/draft-IERC1822.sol b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC1822.sol new file mode 100644 index 00000000..ad047dae --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC1822.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC1822.sol) + +pragma solidity ^0.8.20; + +/** + * @dev ERC-1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified + * proxy whose upgrades are fully controlled by the current implementation. + */ +interface IERC1822Proxiable { + /** + * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation + * address. + * + * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks + * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this + * function revert if invoked through a proxy. + */ + function proxiableUUID() external view returns (bytes32); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/draft-IERC6093.sol b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC6093.sol new file mode 100644 index 00000000..75fd7564 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC6093.sol @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol) +pragma solidity ^0.8.20; + +/** + * @dev Standard ERC-20 Errors + * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-20 tokens. + */ +interface IERC20Errors { + /** + * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers. + * @param sender Address whose tokens are being transferred. + * @param balance Current balance for the interacting account. + * @param needed Minimum amount required to perform a transfer. + */ + error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed); + + /** + * @dev Indicates a failure with the token `sender`. Used in transfers. + * @param sender Address whose tokens are being transferred. + */ + error ERC20InvalidSender(address sender); + + /** + * @dev Indicates a failure with the token `receiver`. Used in transfers. + * @param receiver Address to which tokens are being transferred. + */ + error ERC20InvalidReceiver(address receiver); + + /** + * @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers. + * @param spender Address that may be allowed to operate on tokens without being their owner. + * @param allowance Amount of tokens a `spender` is allowed to operate with. + * @param needed Minimum amount required to perform a transfer. + */ + error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed); + + /** + * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals. + * @param approver Address initiating an approval operation. + */ + error ERC20InvalidApprover(address approver); + + /** + * @dev Indicates a failure with the `spender` to be approved. Used in approvals. + * @param spender Address that may be allowed to operate on tokens without being their owner. + */ + error ERC20InvalidSpender(address spender); +} + +/** + * @dev Standard ERC-721 Errors + * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-721 tokens. + */ +interface IERC721Errors { + /** + * @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in ERC-20. + * Used in balance queries. + * @param owner Address of the current owner of a token. + */ + error ERC721InvalidOwner(address owner); + + /** + * @dev Indicates a `tokenId` whose `owner` is the zero address. + * @param tokenId Identifier number of a token. + */ + error ERC721NonexistentToken(uint256 tokenId); + + /** + * @dev Indicates an error related to the ownership over a particular token. Used in transfers. + * @param sender Address whose tokens are being transferred. + * @param tokenId Identifier number of a token. + * @param owner Address of the current owner of a token. + */ + error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner); + + /** + * @dev Indicates a failure with the token `sender`. Used in transfers. + * @param sender Address whose tokens are being transferred. + */ + error ERC721InvalidSender(address sender); + + /** + * @dev Indicates a failure with the token `receiver`. Used in transfers. + * @param receiver Address to which tokens are being transferred. + */ + error ERC721InvalidReceiver(address receiver); + + /** + * @dev Indicates a failure with the `operator`’s approval. Used in transfers. + * @param operator Address that may be allowed to operate on tokens without being their owner. + * @param tokenId Identifier number of a token. + */ + error ERC721InsufficientApproval(address operator, uint256 tokenId); + + /** + * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals. + * @param approver Address initiating an approval operation. + */ + error ERC721InvalidApprover(address approver); + + /** + * @dev Indicates a failure with the `operator` to be approved. Used in approvals. + * @param operator Address that may be allowed to operate on tokens without being their owner. + */ + error ERC721InvalidOperator(address operator); +} + +/** + * @dev Standard ERC-1155 Errors + * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-1155 tokens. + */ +interface IERC1155Errors { + /** + * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers. + * @param sender Address whose tokens are being transferred. + * @param balance Current balance for the interacting account. + * @param needed Minimum amount required to perform a transfer. + * @param tokenId Identifier number of a token. + */ + error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId); + + /** + * @dev Indicates a failure with the token `sender`. Used in transfers. + * @param sender Address whose tokens are being transferred. + */ + error ERC1155InvalidSender(address sender); + + /** + * @dev Indicates a failure with the token `receiver`. Used in transfers. + * @param receiver Address to which tokens are being transferred. + */ + error ERC1155InvalidReceiver(address receiver); + + /** + * @dev Indicates a failure with the `operator`’s approval. Used in transfers. + * @param operator Address that may be allowed to operate on tokens without being their owner. + * @param owner Address of the current owner of a token. + */ + error ERC1155MissingApprovalForAll(address operator, address owner); + + /** + * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals. + * @param approver Address initiating an approval operation. + */ + error ERC1155InvalidApprover(address approver); + + /** + * @dev Indicates a failure with the `operator` to be approved. Used in approvals. + * @param operator Address that may be allowed to operate on tokens without being their owner. + */ + error ERC1155InvalidOperator(address operator); + + /** + * @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation. + * Used in batch transfers. + * @param idsLength Length of the array of token identifiers + * @param valuesLength Length of the array of token amounts + */ + error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength); +} diff --git a/dependencies/@openzeppelin/contracts/interfaces/draft-IERC7674.sol b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC7674.sol new file mode 100644 index 00000000..949ec806 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/interfaces/draft-IERC7674.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC20} from "./IERC20.sol"; + +/** + * @dev Temporary Approval Extension for ERC-20 (https://github.com/ethereum/ERCs/pull/358[ERC-7674]) + */ +interface IERC7674 is IERC20 { + /** + * @dev Set the temporary allowance, allowing `spender` to withdraw (within the same transaction) assets + * held by the caller. + */ + function temporaryApprove(address spender, uint256 value) external returns (bool success); +} diff --git a/dependencies/@openzeppelin/contracts/metatx/ERC2771Context.sol b/dependencies/@openzeppelin/contracts/metatx/ERC2771Context.sol new file mode 100644 index 00000000..d448b24b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/metatx/ERC2771Context.sol @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.1) (metatx/ERC2771Context.sol) + +pragma solidity ^0.8.20; + +import {Context} from "../utils/Context.sol"; + +/** + * @dev Context variant with ERC-2771 support. + * + * WARNING: Avoid using this pattern in contracts that rely in a specific calldata length as they'll + * be affected by any forwarder whose `msg.data` is suffixed with the `from` address according to the ERC-2771 + * specification adding the address size in bytes (20) to the calldata size. An example of an unexpected + * behavior could be an unintended fallback (or another function) invocation while trying to invoke the `receive` + * function only accessible if `msg.data.length == 0`. + * + * WARNING: The usage of `delegatecall` in this contract is dangerous and may result in context corruption. + * Any forwarded request to this contract triggering a `delegatecall` to itself will result in an invalid {_msgSender} + * recovery. + */ +abstract contract ERC2771Context is Context { + /// @custom:oz-upgrades-unsafe-allow state-variable-immutable + address private immutable _trustedForwarder; + + /** + * @dev Initializes the contract with a trusted forwarder, which will be able to + * invoke functions on this contract on behalf of other accounts. + * + * NOTE: The trusted forwarder can be replaced by overriding {trustedForwarder}. + */ + /// @custom:oz-upgrades-unsafe-allow constructor + constructor(address trustedForwarder_) { + _trustedForwarder = trustedForwarder_; + } + + /** + * @dev Returns the address of the trusted forwarder. + */ + function trustedForwarder() public view virtual returns (address) { + return _trustedForwarder; + } + + /** + * @dev Indicates whether any particular address is the trusted forwarder. + */ + function isTrustedForwarder(address forwarder) public view virtual returns (bool) { + return forwarder == trustedForwarder(); + } + + /** + * @dev Override for `msg.sender`. Defaults to the original `msg.sender` whenever + * a call is not performed by the trusted forwarder or the calldata length is less than + * 20 bytes (an address length). + */ + function _msgSender() internal view virtual override returns (address) { + uint256 calldataLength = msg.data.length; + uint256 contextSuffixLength = _contextSuffixLength(); + if (isTrustedForwarder(msg.sender) && calldataLength >= contextSuffixLength) { + return address(bytes20(msg.data[calldataLength - contextSuffixLength:])); + } else { + return super._msgSender(); + } + } + + /** + * @dev Override for `msg.data`. Defaults to the original `msg.data` whenever + * a call is not performed by the trusted forwarder or the calldata length is less than + * 20 bytes (an address length). + */ + function _msgData() internal view virtual override returns (bytes calldata) { + uint256 calldataLength = msg.data.length; + uint256 contextSuffixLength = _contextSuffixLength(); + if (isTrustedForwarder(msg.sender) && calldataLength >= contextSuffixLength) { + return msg.data[:calldataLength - contextSuffixLength]; + } else { + return super._msgData(); + } + } + + /** + * @dev ERC-2771 specifies the context as being a single address (20 bytes). + */ + function _contextSuffixLength() internal view virtual override returns (uint256) { + return 20; + } +} diff --git a/dependencies/@openzeppelin/contracts/metatx/ERC2771Forwarder.sol b/dependencies/@openzeppelin/contracts/metatx/ERC2771Forwarder.sol new file mode 100644 index 00000000..0b0d185d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/metatx/ERC2771Forwarder.sol @@ -0,0 +1,369 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (metatx/ERC2771Forwarder.sol) + +pragma solidity ^0.8.20; + +import {ERC2771Context} from "./ERC2771Context.sol"; +import {ECDSA} from "../utils/cryptography/ECDSA.sol"; +import {EIP712} from "../utils/cryptography/EIP712.sol"; +import {Nonces} from "../utils/Nonces.sol"; +import {Address} from "../utils/Address.sol"; +import {Errors} from "../utils/Errors.sol"; + +/** + * @dev A forwarder compatible with ERC-2771 contracts. See {ERC2771Context}. + * + * This forwarder operates on forward requests that include: + * + * * `from`: An address to operate on behalf of. It is required to be equal to the request signer. + * * `to`: The address that should be called. + * * `value`: The amount of native token to attach with the requested call. + * * `gas`: The amount of gas limit that will be forwarded with the requested call. + * * `nonce`: A unique transaction ordering identifier to avoid replayability and request invalidation. + * * `deadline`: A timestamp after which the request is not executable anymore. + * * `data`: Encoded `msg.data` to send with the requested call. + * + * Relayers are able to submit batches if they are processing a high volume of requests. With high + * throughput, relayers may run into limitations of the chain such as limits on the number of + * transactions in the mempool. In these cases the recommendation is to distribute the load among + * multiple accounts. + * + * NOTE: Batching requests includes an optional refund for unused `msg.value` that is achieved by + * performing a call with empty calldata. While this is within the bounds of ERC-2771 compliance, + * if the refund receiver happens to consider the forwarder a trusted forwarder, it MUST properly + * handle `msg.data.length == 0`. `ERC2771Context` in OpenZeppelin Contracts versions prior to 4.9.3 + * do not handle this properly. + * + * ==== Security Considerations + * + * If a relayer submits a forward request, it should be willing to pay up to 100% of the gas amount + * specified in the request. This contract does not implement any kind of retribution for this gas, + * and it is assumed that there is an out of band incentive for relayers to pay for execution on + * behalf of signers. Often, the relayer is operated by a project that will consider it a user + * acquisition cost. + * + * By offering to pay for gas, relayers are at risk of having that gas used by an attacker toward + * some other purpose that is not aligned with the expected out of band incentives. If you operate a + * relayer, consider whitelisting target contracts and function selectors. When relaying ERC-721 or + * ERC-1155 transfers specifically, consider rejecting the use of the `data` field, since it can be + * used to execute arbitrary code. + */ +contract ERC2771Forwarder is EIP712, Nonces { + using ECDSA for bytes32; + + struct ForwardRequestData { + address from; + address to; + uint256 value; + uint256 gas; + uint48 deadline; + bytes data; + bytes signature; + } + + bytes32 internal constant _FORWARD_REQUEST_TYPEHASH = + keccak256( + "ForwardRequest(address from,address to,uint256 value,uint256 gas,uint256 nonce,uint48 deadline,bytes data)" + ); + + /** + * @dev Emitted when a `ForwardRequest` is executed. + * + * NOTE: An unsuccessful forward request could be due to an invalid signature, an expired deadline, + * or simply a revert in the requested call. The contract guarantees that the relayer is not able to force + * the requested call to run out of gas. + */ + event ExecutedForwardRequest(address indexed signer, uint256 nonce, bool success); + + /** + * @dev The request `from` doesn't match with the recovered `signer`. + */ + error ERC2771ForwarderInvalidSigner(address signer, address from); + + /** + * @dev The `requestedValue` doesn't match with the available `msgValue`. + */ + error ERC2771ForwarderMismatchedValue(uint256 requestedValue, uint256 msgValue); + + /** + * @dev The request `deadline` has expired. + */ + error ERC2771ForwarderExpiredRequest(uint48 deadline); + + /** + * @dev The request target doesn't trust the `forwarder`. + */ + error ERC2771UntrustfulTarget(address target, address forwarder); + + /** + * @dev See {EIP712-constructor}. + */ + constructor(string memory name) EIP712(name, "1") {} + + /** + * @dev Returns `true` if a request is valid for a provided `signature` at the current block timestamp. + * + * A transaction is considered valid when the target trusts this forwarder, the request hasn't expired + * (deadline is not met), and the signer matches the `from` parameter of the signed request. + * + * NOTE: A request may return false here but it won't cause {executeBatch} to revert if a refund + * receiver is provided. + */ + function verify(ForwardRequestData calldata request) public view virtual returns (bool) { + (bool isTrustedForwarder, bool active, bool signerMatch, ) = _validate(request); + return isTrustedForwarder && active && signerMatch; + } + + /** + * @dev Executes a `request` on behalf of `signature`'s signer using the ERC-2771 protocol. The gas + * provided to the requested call may not be exactly the amount requested, but the call will not run + * out of gas. Will revert if the request is invalid or the call reverts, in this case the nonce is not consumed. + * + * Requirements: + * + * - The request value should be equal to the provided `msg.value`. + * - The request should be valid according to {verify}. + */ + function execute(ForwardRequestData calldata request) public payable virtual { + // We make sure that msg.value and request.value match exactly. + // If the request is invalid or the call reverts, this whole function + // will revert, ensuring value isn't stuck. + if (msg.value != request.value) { + revert ERC2771ForwarderMismatchedValue(request.value, msg.value); + } + + if (!_execute(request, true)) { + revert Errors.FailedCall(); + } + } + + /** + * @dev Batch version of {execute} with optional refunding and atomic execution. + * + * In case a batch contains at least one invalid request (see {verify}), the + * request will be skipped and the `refundReceiver` parameter will receive back the + * unused requested value at the end of the execution. This is done to prevent reverting + * the entire batch when a request is invalid or has already been submitted. + * + * If the `refundReceiver` is the `address(0)`, this function will revert when at least + * one of the requests was not valid instead of skipping it. This could be useful if + * a batch is required to get executed atomically (at least at the top-level). For example, + * refunding (and thus atomicity) can be opt-out if the relayer is using a service that avoids + * including reverted transactions. + * + * Requirements: + * + * - The sum of the requests' values should be equal to the provided `msg.value`. + * - All of the requests should be valid (see {verify}) when `refundReceiver` is the zero address. + * + * NOTE: Setting a zero `refundReceiver` guarantees an all-or-nothing requests execution only for + * the first-level forwarded calls. In case a forwarded request calls to a contract with another + * subcall, the second-level call may revert without the top-level call reverting. + */ + function executeBatch( + ForwardRequestData[] calldata requests, + address payable refundReceiver + ) public payable virtual { + bool atomic = refundReceiver == address(0); + + uint256 requestsValue; + uint256 refundValue; + + for (uint256 i; i < requests.length; ++i) { + requestsValue += requests[i].value; + bool success = _execute(requests[i], atomic); + if (!success) { + refundValue += requests[i].value; + } + } + + // The batch should revert if there's a mismatched msg.value provided + // to avoid request value tampering + if (requestsValue != msg.value) { + revert ERC2771ForwarderMismatchedValue(requestsValue, msg.value); + } + + // Some requests with value were invalid (possibly due to frontrunning). + // To avoid leaving ETH in the contract this value is refunded. + if (refundValue != 0) { + // We know refundReceiver != address(0) && requestsValue == msg.value + // meaning we can ensure refundValue is not taken from the original contract's balance + // and refundReceiver is a known account. + Address.sendValue(refundReceiver, refundValue); + } + } + + /** + * @dev Validates if the provided request can be executed at current block timestamp with + * the given `request.signature` on behalf of `request.signer`. + */ + function _validate( + ForwardRequestData calldata request + ) internal view virtual returns (bool isTrustedForwarder, bool active, bool signerMatch, address signer) { + (bool isValid, address recovered) = _recoverForwardRequestSigner(request); + + return ( + _isTrustedByTarget(request.to), + request.deadline >= block.timestamp, + isValid && recovered == request.from, + recovered + ); + } + + /** + * @dev Returns a tuple with the recovered the signer of an EIP712 forward request message hash + * and a boolean indicating if the signature is valid. + * + * NOTE: The signature is considered valid if {ECDSA-tryRecover} indicates no recover error for it. + */ + function _recoverForwardRequestSigner( + ForwardRequestData calldata request + ) internal view virtual returns (bool isValid, address signer) { + (address recovered, ECDSA.RecoverError err, ) = _hashTypedDataV4( + keccak256( + abi.encode( + _FORWARD_REQUEST_TYPEHASH, + request.from, + request.to, + request.value, + request.gas, + nonces(request.from), + request.deadline, + keccak256(request.data) + ) + ) + ).tryRecover(request.signature); + + return (err == ECDSA.RecoverError.NoError, recovered); + } + + /** + * @dev Validates and executes a signed request returning the request call `success` value. + * + * Internal function without msg.value validation. + * + * Requirements: + * + * - The caller must have provided enough gas to forward with the call. + * - The request must be valid (see {verify}) if the `requireValidRequest` is true. + * + * Emits an {ExecutedForwardRequest} event. + * + * IMPORTANT: Using this function doesn't check that all the `msg.value` was sent, potentially + * leaving value stuck in the contract. + */ + function _execute( + ForwardRequestData calldata request, + bool requireValidRequest + ) internal virtual returns (bool success) { + (bool isTrustedForwarder, bool active, bool signerMatch, address signer) = _validate(request); + + // Need to explicitly specify if a revert is required since non-reverting is default for + // batches and reversion is opt-in since it could be useful in some scenarios + if (requireValidRequest) { + if (!isTrustedForwarder) { + revert ERC2771UntrustfulTarget(request.to, address(this)); + } + + if (!active) { + revert ERC2771ForwarderExpiredRequest(request.deadline); + } + + if (!signerMatch) { + revert ERC2771ForwarderInvalidSigner(signer, request.from); + } + } + + // Ignore an invalid request because requireValidRequest = false + if (isTrustedForwarder && signerMatch && active) { + // Nonce should be used before the call to prevent reusing by reentrancy + uint256 currentNonce = _useNonce(signer); + + uint256 reqGas = request.gas; + address to = request.to; + uint256 value = request.value; + bytes memory data = abi.encodePacked(request.data, request.from); + + uint256 gasLeft; + + assembly ("memory-safe") { + success := call(reqGas, to, value, add(data, 0x20), mload(data), 0, 0) + gasLeft := gas() + } + + _checkForwardedGas(gasLeft, request); + + emit ExecutedForwardRequest(signer, currentNonce, success); + } + } + + /** + * @dev Returns whether the target trusts this forwarder. + * + * This function performs a static call to the target contract calling the + * {ERC2771Context-isTrustedForwarder} function. + */ + function _isTrustedByTarget(address target) private view returns (bool) { + bytes memory encodedParams = abi.encodeCall(ERC2771Context.isTrustedForwarder, (address(this))); + + bool success; + uint256 returnSize; + uint256 returnValue; + assembly ("memory-safe") { + // Perform the staticcall and save the result in the scratch space. + // | Location | Content | Content (Hex) | + // |-----------|----------|--------------------------------------------------------------------| + // | | | result ↓ | + // | 0x00:0x1F | selector | 0x0000000000000000000000000000000000000000000000000000000000000001 | + success := staticcall(gas(), target, add(encodedParams, 0x20), mload(encodedParams), 0, 0x20) + returnSize := returndatasize() + returnValue := mload(0) + } + + return success && returnSize >= 0x20 && returnValue > 0; + } + + /** + * @dev Checks if the requested gas was correctly forwarded to the callee. + * + * As a consequence of https://eips.ethereum.org/EIPS/eip-150[EIP-150]: + * - At most `gasleft() - floor(gasleft() / 64)` is forwarded to the callee. + * - At least `floor(gasleft() / 64)` is kept in the caller. + * + * It reverts consuming all the available gas if the forwarded gas is not the requested gas. + * + * IMPORTANT: The `gasLeft` parameter should be measured exactly at the end of the forwarded call. + * Any gas consumed in between will make room for bypassing this check. + */ + function _checkForwardedGas(uint256 gasLeft, ForwardRequestData calldata request) private pure { + // To avoid insufficient gas griefing attacks, as referenced in https://ronan.eth.limo/blog/ethereum-gas-dangers/ + // + // A malicious relayer can attempt to shrink the gas forwarded so that the underlying call reverts out-of-gas + // but the forwarding itself still succeeds. In order to make sure that the subcall received sufficient gas, + // we will inspect gasleft() after the forwarding. + // + // Let X be the gas available before the subcall, such that the subcall gets at most X * 63 / 64. + // We can't know X after CALL dynamic costs, but we want it to be such that X * 63 / 64 >= req.gas. + // Let Y be the gas used in the subcall. gasleft() measured immediately after the subcall will be gasleft() = X - Y. + // If the subcall ran out of gas, then Y = X * 63 / 64 and gasleft() = X - Y = X / 64. + // Under this assumption req.gas / 63 > gasleft() is true if and only if + // req.gas / 63 > X / 64, or equivalently req.gas > X * 63 / 64. + // This means that if the subcall runs out of gas we are able to detect that insufficient gas was passed. + // + // We will now also see that req.gas / 63 > gasleft() implies that req.gas >= X * 63 / 64. + // The contract guarantees Y <= req.gas, thus gasleft() = X - Y >= X - req.gas. + // - req.gas / 63 > gasleft() + // - req.gas / 63 >= X - req.gas + // - req.gas >= X * 63 / 64 + // In other words if req.gas < X * 63 / 64 then req.gas / 63 <= gasleft(), thus if the relayer behaves honestly + // the forwarding does not revert. + if (gasLeft < request.gas / 63) { + // We explicitly trigger invalid opcode to consume all gas and bubble-up the effects, since + // neither revert or assert consume all gas since Solidity 0.8.20 + // https://docs.soliditylang.org/en/v0.8.20/control-structures.html#panic-via-assert-and-error-via-require + assembly ("memory-safe") { + invalid() + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/metatx/README.adoc b/dependencies/@openzeppelin/contracts/metatx/README.adoc new file mode 100644 index 00000000..c02fb103 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/metatx/README.adoc @@ -0,0 +1,17 @@ += Meta Transactions + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/metatx + +This directory includes contracts for adding meta-transaction capabilities (i.e. abstracting the execution context from the transaction origin) following the https://eips.ethereum.org/EIPS/eip-2771[ERC-2771 specification]. + +- {ERC2771Context}: Provides a mechanism to override the sender and calldata of the execution context (`msg.sender` and `msg.data`) with a custom value specified by a trusted forwarder. +- {ERC2771Forwarder}: A production-ready forwarder that relays operation requests signed off-chain by an EOA. + +== Core + +{{ERC2771Context}} + +== Utils + +{{ERC2771Forwarder}} diff --git a/dependencies/@openzeppelin/contracts/mocks/AccessManagedTarget.sol b/dependencies/@openzeppelin/contracts/mocks/AccessManagedTarget.sol new file mode 100644 index 00000000..673feeda --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/AccessManagedTarget.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {AccessManaged} from "../access/manager/AccessManaged.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; + +abstract contract AccessManagedTarget is AccessManaged { + event CalledRestricted(address caller); + event CalledUnrestricted(address caller); + event CalledFallback(address caller); + + function fnRestricted() public restricted { + emit CalledRestricted(msg.sender); + } + + function fnUnrestricted() public { + emit CalledUnrestricted(msg.sender); + } + + function setIsConsumingScheduledOp(bool isConsuming, bytes32 slot) external { + // Memory layout is 0x....<_consumingSchedule (boolean)> + bytes32 mask = bytes32(uint256(1 << 160)); + if (isConsuming) { + StorageSlot.getBytes32Slot(slot).value |= mask; + } else { + StorageSlot.getBytes32Slot(slot).value &= ~mask; + } + } + + fallback() external { + emit CalledFallback(msg.sender); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/AccessManagerMock.sol b/dependencies/@openzeppelin/contracts/mocks/AccessManagerMock.sol new file mode 100644 index 00000000..952c7611 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/AccessManagerMock.sol @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {AccessManager} from "../access/manager/AccessManager.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; + +contract AccessManagerMock is AccessManager { + event CalledRestricted(address caller); + event CalledUnrestricted(address caller); + + constructor(address initialAdmin) AccessManager(initialAdmin) {} + + function fnRestricted() public onlyAuthorized { + emit CalledRestricted(msg.sender); + } + + function fnUnrestricted() public { + emit CalledUnrestricted(msg.sender); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ArraysMock.sol b/dependencies/@openzeppelin/contracts/mocks/ArraysMock.sol new file mode 100644 index 00000000..63f4c8e6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ArraysMock.sol @@ -0,0 +1,127 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Arrays} from "../utils/Arrays.sol"; + +contract Uint256ArraysMock { + using Arrays for uint256[]; + + uint256[] private _array; + + constructor(uint256[] memory array) { + _array = array; + } + + function findUpperBound(uint256 value) external view returns (uint256) { + return _array.findUpperBound(value); + } + + function lowerBound(uint256 value) external view returns (uint256) { + return _array.lowerBound(value); + } + + function upperBound(uint256 value) external view returns (uint256) { + return _array.upperBound(value); + } + + function lowerBoundMemory(uint256[] memory array, uint256 value) external pure returns (uint256) { + return array.lowerBoundMemory(value); + } + + function upperBoundMemory(uint256[] memory array, uint256 value) external pure returns (uint256) { + return array.upperBoundMemory(value); + } + + function unsafeAccess(uint256 pos) external view returns (uint256) { + return _array.unsafeAccess(pos).value; + } + + function sort(uint256[] memory array) external pure returns (uint256[] memory) { + return array.sort(); + } + + function sortReverse(uint256[] memory array) external pure returns (uint256[] memory) { + return array.sort(_reverse); + } + + function _reverse(uint256 a, uint256 b) private pure returns (bool) { + return a > b; + } + + function unsafeSetLength(uint256 newLength) external { + _array.unsafeSetLength(newLength); + } + + function length() external view returns (uint256) { + return _array.length; + } +} + +contract AddressArraysMock { + using Arrays for address[]; + + address[] private _array; + + constructor(address[] memory array) { + _array = array; + } + + function unsafeAccess(uint256 pos) external view returns (address) { + return _array.unsafeAccess(pos).value; + } + + function sort(address[] memory array) external pure returns (address[] memory) { + return array.sort(); + } + + function sortReverse(address[] memory array) external pure returns (address[] memory) { + return array.sort(_reverse); + } + + function _reverse(address a, address b) private pure returns (bool) { + return uint160(a) > uint160(b); + } + + function unsafeSetLength(uint256 newLength) external { + _array.unsafeSetLength(newLength); + } + + function length() external view returns (uint256) { + return _array.length; + } +} + +contract Bytes32ArraysMock { + using Arrays for bytes32[]; + + bytes32[] private _array; + + constructor(bytes32[] memory array) { + _array = array; + } + + function unsafeAccess(uint256 pos) external view returns (bytes32) { + return _array.unsafeAccess(pos).value; + } + + function sort(bytes32[] memory array) external pure returns (bytes32[] memory) { + return array.sort(); + } + + function sortReverse(bytes32[] memory array) external pure returns (bytes32[] memory) { + return array.sort(_reverse); + } + + function _reverse(bytes32 a, bytes32 b) private pure returns (bool) { + return uint256(a) > uint256(b); + } + + function unsafeSetLength(uint256 newLength) external { + _array.unsafeSetLength(newLength); + } + + function length() external view returns (uint256) { + return _array.length; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/AuthorityMock.sol b/dependencies/@openzeppelin/contracts/mocks/AuthorityMock.sol new file mode 100644 index 00000000..4f3e1de3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/AuthorityMock.sol @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IAccessManaged} from "../access/manager/IAccessManaged.sol"; +import {IAuthority} from "../access/manager/IAuthority.sol"; + +contract NotAuthorityMock is IAuthority { + function canCall(address /* caller */, address /* target */, bytes4 /* selector */) external pure returns (bool) { + revert("AuthorityNoDelayMock: not implemented"); + } +} + +contract AuthorityNoDelayMock is IAuthority { + bool _immediate; + + function canCall( + address /* caller */, + address /* target */, + bytes4 /* selector */ + ) external view returns (bool immediate) { + return _immediate; + } + + function _setImmediate(bool immediate) external { + _immediate = immediate; + } +} + +contract AuthorityDelayMock { + bool _immediate; + uint32 _delay; + + function canCall( + address /* caller */, + address /* target */, + bytes4 /* selector */ + ) external view returns (bool immediate, uint32 delay) { + return (_immediate, _delay); + } + + function _setImmediate(bool immediate) external { + _immediate = immediate; + } + + function _setDelay(uint32 delay) external { + _delay = delay; + } +} + +contract AuthorityNoResponse { + function canCall(address /* caller */, address /* target */, bytes4 /* selector */) external view {} +} + +contract AuthorityObserveIsConsuming { + event ConsumeScheduledOpCalled(address caller, bytes data, bytes4 isConsuming); + + function canCall( + address /* caller */, + address /* target */, + bytes4 /* selector */ + ) external pure returns (bool immediate, uint32 delay) { + return (false, 1); + } + + function consumeScheduledOp(address caller, bytes memory data) public { + emit ConsumeScheduledOpCalled(caller, data, IAccessManaged(msg.sender).isConsumingScheduledOp()); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/Base64Dirty.sol b/dependencies/@openzeppelin/contracts/mocks/Base64Dirty.sol new file mode 100644 index 00000000..238bd26a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/Base64Dirty.sol @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Base64} from "../utils/Base64.sol"; + +contract Base64Dirty { + struct A { + uint256 value; + } + + function encode(bytes memory input) public pure returns (string memory) { + A memory unused = A({value: type(uint256).max}); + // To silence warning + unused; + + return Base64.encode(input); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/BatchCaller.sol b/dependencies/@openzeppelin/contracts/mocks/BatchCaller.sol new file mode 100644 index 00000000..740691ba --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/BatchCaller.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Address} from "../utils/Address.sol"; + +contract BatchCaller { + struct Call { + address target; + uint256 value; + bytes data; + } + + function execute(Call[] calldata calls) external returns (bytes[] memory) { + bytes[] memory returndata = new bytes[](calls.length); + for (uint256 i = 0; i < calls.length; ++i) { + returndata[i] = Address.functionCallWithValue(calls[i].target, calls[i].data, calls[i].value); + } + return returndata; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/CallReceiverMock.sol b/dependencies/@openzeppelin/contracts/mocks/CallReceiverMock.sol new file mode 100644 index 00000000..e371c7db --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/CallReceiverMock.sol @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract CallReceiverMock { + event MockFunctionCalled(); + event MockFunctionCalledWithArgs(uint256 a, uint256 b); + + uint256[] private _array; + + function mockFunction() public payable returns (string memory) { + emit MockFunctionCalled(); + + return "0x1234"; + } + + function mockFunctionEmptyReturn() public payable { + emit MockFunctionCalled(); + } + + function mockFunctionWithArgs(uint256 a, uint256 b) public payable returns (string memory) { + emit MockFunctionCalledWithArgs(a, b); + + return "0x1234"; + } + + function mockFunctionNonPayable() public returns (string memory) { + emit MockFunctionCalled(); + + return "0x1234"; + } + + function mockStaticFunction() public pure returns (string memory) { + return "0x1234"; + } + + function mockFunctionRevertsNoReason() public payable { + revert(); + } + + function mockFunctionRevertsReason() public payable { + revert("CallReceiverMock: reverting"); + } + + function mockFunctionThrows() public payable { + assert(false); + } + + function mockFunctionOutOfGas() public payable { + for (uint256 i = 0; ; ++i) { + _array.push(i); + } + } + + function mockFunctionWritesStorage(bytes32 slot, bytes32 value) public returns (string memory) { + assembly { + sstore(slot, value) + } + return "0x1234"; + } +} + +contract CallReceiverMockTrustingForwarder is CallReceiverMock { + address private _trustedForwarder; + + constructor(address trustedForwarder_) { + _trustedForwarder = trustedForwarder_; + } + + function isTrustedForwarder(address forwarder) public view virtual returns (bool) { + return forwarder == _trustedForwarder; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ConstructorMock.sol b/dependencies/@openzeppelin/contracts/mocks/ConstructorMock.sol new file mode 100644 index 00000000..50e671b6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ConstructorMock.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract ConstructorMock { + bool foo; + + enum RevertType { + None, + RevertWithoutMessage, + RevertWithMessage, + RevertWithCustomError, + Panic + } + + error CustomError(); + + constructor(RevertType error) { + // After transpilation to upgradeable contract, the constructor will become an initializer + // To silence the `... can be restricted to view` warning, we write to state + foo = true; + + if (error == RevertType.RevertWithoutMessage) { + revert(); + } else if (error == RevertType.RevertWithMessage) { + revert("ConstructorMock: reverting"); + } else if (error == RevertType.RevertWithCustomError) { + revert CustomError(); + } else if (error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ContextMock.sol b/dependencies/@openzeppelin/contracts/mocks/ContextMock.sol new file mode 100644 index 00000000..199b2a97 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ContextMock.sol @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Context} from "../utils/Context.sol"; + +contract ContextMock is Context { + event Sender(address sender); + + function msgSender() public { + emit Sender(_msgSender()); + } + + event Data(bytes data, uint256 integerValue, string stringValue); + + function msgData(uint256 integerValue, string memory stringValue) public { + emit Data(_msgData(), integerValue, stringValue); + } + + event DataShort(bytes data); + + function msgDataShort() public { + emit DataShort(_msgData()); + } +} + +contract ContextMockCaller { + function callSender(ContextMock context) public { + context.msgSender(); + } + + function callData(ContextMock context, uint256 integerValue, string memory stringValue) public { + context.msgData(integerValue, stringValue); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/DummyImplementation.sol b/dependencies/@openzeppelin/contracts/mocks/DummyImplementation.sol new file mode 100644 index 00000000..4925c89d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/DummyImplementation.sol @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC1967Utils} from "../proxy/ERC1967/ERC1967Utils.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; + +abstract contract Impl { + function version() public pure virtual returns (string memory); +} + +contract DummyImplementation { + uint256 public value; + string public text; + uint256[] public values; + + function initializeNonPayable() public { + value = 10; + } + + function initializePayable() public payable { + value = 100; + } + + function initializeNonPayableWithValue(uint256 _value) public { + value = _value; + } + + function initializePayableWithValue(uint256 _value) public payable { + value = _value; + } + + function initialize(uint256 _value, string memory _text, uint256[] memory _values) public { + value = _value; + text = _text; + values = _values; + } + + function get() public pure returns (bool) { + return true; + } + + function version() public pure virtual returns (string memory) { + return "V1"; + } + + function reverts() public pure { + require(false, "DummyImplementation reverted"); + } + + // Use for forcing an unsafe TransparentUpgradeableProxy admin override + function unsafeOverrideAdmin(address newAdmin) public { + StorageSlot.getAddressSlot(ERC1967Utils.ADMIN_SLOT).value = newAdmin; + } +} + +contract DummyImplementationV2 is DummyImplementation { + function migrate(uint256 newVal) public payable { + value = newVal; + } + + function version() public pure override returns (string memory) { + return "V2"; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/EIP712Verifier.sol b/dependencies/@openzeppelin/contracts/mocks/EIP712Verifier.sol new file mode 100644 index 00000000..fe32a218 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/EIP712Verifier.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ECDSA} from "../utils/cryptography/ECDSA.sol"; +import {EIP712} from "../utils/cryptography/EIP712.sol"; + +abstract contract EIP712Verifier is EIP712 { + function verify(bytes memory signature, address signer, address mailTo, string memory mailContents) external view { + bytes32 digest = _hashTypedDataV4( + keccak256(abi.encode(keccak256("Mail(address to,string contents)"), mailTo, keccak256(bytes(mailContents)))) + ); + address recoveredSigner = ECDSA.recover(digest, signature); + require(recoveredSigner == signer); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC1271WalletMock.sol b/dependencies/@openzeppelin/contracts/mocks/ERC1271WalletMock.sol new file mode 100644 index 00000000..cba7d47d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC1271WalletMock.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Ownable} from "../access/Ownable.sol"; +import {IERC1271} from "../interfaces/IERC1271.sol"; +import {ECDSA} from "../utils/cryptography/ECDSA.sol"; + +contract ERC1271WalletMock is Ownable, IERC1271 { + constructor(address originalOwner) Ownable(originalOwner) {} + + function isValidSignature(bytes32 hash, bytes memory signature) public view returns (bytes4 magicValue) { + return ECDSA.recover(hash, signature) == owner() ? this.isValidSignature.selector : bytes4(0); + } +} + +contract ERC1271MaliciousMock is IERC1271 { + function isValidSignature(bytes32, bytes memory) public pure returns (bytes4) { + assembly { + mstore(0, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + return(0, 32) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165InterfacesSupported.sol b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165InterfacesSupported.sol new file mode 100644 index 00000000..dffd6a24 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165InterfacesSupported.sol @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC165} from "../../utils/introspection/IERC165.sol"; + +/** + * https://eips.ethereum.org/EIPS/eip-214#specification + * From the specification: + * > Any attempts to make state-changing operations inside an execution instance with STATIC set to true will instead + * throw an exception. + * > These operations include [...], LOG0, LOG1, LOG2, [...] + * + * therefore, because this contract is staticcall'd we need to not emit events (which is how solidity-coverage works) + * solidity-coverage ignores the /mocks folder, so we duplicate its implementation here to avoid instrumenting it + */ +contract SupportsInterfaceWithLookupMock is IERC165 { + /* + * bytes4(keccak256('supportsInterface(bytes4)')) == 0x01ffc9a7 + */ + bytes4 public constant INTERFACE_ID_ERC165 = 0x01ffc9a7; + + /** + * @dev A mapping of interface id to whether or not it's supported. + */ + mapping(bytes4 interfaceId => bool) private _supportedInterfaces; + + /** + * @dev A contract implementing SupportsInterfaceWithLookup + * implement ERC-165 itself. + */ + constructor() { + _registerInterface(INTERFACE_ID_ERC165); + } + + /** + * @dev Implement supportsInterface(bytes4) using a lookup table. + */ + function supportsInterface(bytes4 interfaceId) public view override returns (bool) { + return _supportedInterfaces[interfaceId]; + } + + /** + * @dev Private method for registering an interface. + */ + function _registerInterface(bytes4 interfaceId) internal { + require(interfaceId != 0xffffffff, "ERC165InterfacesSupported: invalid interface id"); + _supportedInterfaces[interfaceId] = true; + } +} + +contract ERC165InterfacesSupported is SupportsInterfaceWithLookupMock { + constructor(bytes4[] memory interfaceIds) { + for (uint256 i = 0; i < interfaceIds.length; i++) { + _registerInterface(interfaceIds[i]); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MaliciousData.sol b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MaliciousData.sol new file mode 100644 index 00000000..35427567 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MaliciousData.sol @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract ERC165MaliciousData { + function supportsInterface(bytes4) public pure returns (bool) { + assembly { + mstore(0, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + return(0, 32) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MissingData.sol b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MissingData.sol new file mode 100644 index 00000000..fec43391 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165MissingData.sol @@ -0,0 +1,7 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract ERC165MissingData { + function supportsInterface(bytes4 interfaceId) public view {} // missing return +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165NotSupported.sol b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165NotSupported.sol new file mode 100644 index 00000000..78ef9c8e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165NotSupported.sol @@ -0,0 +1,5 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract ERC165NotSupported {} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165ReturnBomb.sol b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165ReturnBomb.sol new file mode 100644 index 00000000..4bfacfd6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC165/ERC165ReturnBomb.sol @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC165} from "../../utils/introspection/IERC165.sol"; + +contract ERC165ReturnBombMock is IERC165 { + function supportsInterface(bytes4 interfaceId) public pure override returns (bool) { + if (interfaceId == type(IERC165).interfaceId) { + assembly { + mstore(0, 1) + } + } + assembly { + return(0, 101500) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC2771ContextMock.sol b/dependencies/@openzeppelin/contracts/mocks/ERC2771ContextMock.sol new file mode 100644 index 00000000..33887cf4 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC2771ContextMock.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ContextMock} from "./ContextMock.sol"; +import {Context} from "../utils/Context.sol"; +import {Multicall} from "../utils/Multicall.sol"; +import {ERC2771Context} from "../metatx/ERC2771Context.sol"; + +// By inheriting from ERC2771Context, Context's internal functions are overridden automatically +contract ERC2771ContextMock is ContextMock, ERC2771Context, Multicall { + /// @custom:oz-upgrades-unsafe-allow constructor + constructor(address trustedForwarder) ERC2771Context(trustedForwarder) { + emit Sender(_msgSender()); // _msgSender() should be accessible during construction + } + + function _msgSender() internal view override(Context, ERC2771Context) returns (address) { + return ERC2771Context._msgSender(); + } + + function _msgData() internal view override(Context, ERC2771Context) returns (bytes calldata) { + return ERC2771Context._msgData(); + } + + function _contextSuffixLength() internal view override(Context, ERC2771Context) returns (uint256) { + return ERC2771Context._contextSuffixLength(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ERC3156FlashBorrowerMock.sol b/dependencies/@openzeppelin/contracts/mocks/ERC3156FlashBorrowerMock.sol new file mode 100644 index 00000000..261fea17 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ERC3156FlashBorrowerMock.sol @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC20} from "../token/ERC20/IERC20.sol"; +import {IERC3156FlashBorrower} from "../interfaces/IERC3156.sol"; +import {Address} from "../utils/Address.sol"; + +/** + * @dev WARNING: this IERC3156FlashBorrower mock implementation is for testing purposes ONLY. + * Writing a secure flash lock borrower is not an easy task, and should be done with the utmost care. + * This is not an example of how it should be done, and no pattern present in this mock should be considered secure. + * Following best practices, always have your contract properly audited before using them to manipulate important funds on + * live networks. + */ +contract ERC3156FlashBorrowerMock is IERC3156FlashBorrower { + bytes32 internal constant _RETURN_VALUE = keccak256("ERC3156FlashBorrower.onFlashLoan"); + + bool immutable _enableApprove; + bool immutable _enableReturn; + + event BalanceOf(address token, address account, uint256 value); + event TotalSupply(address token, uint256 value); + + constructor(bool enableReturn, bool enableApprove) { + _enableApprove = enableApprove; + _enableReturn = enableReturn; + } + + function onFlashLoan( + address /*initiator*/, + address token, + uint256 amount, + uint256 fee, + bytes calldata data + ) public returns (bytes32) { + require(msg.sender == token); + + emit BalanceOf(token, address(this), IERC20(token).balanceOf(address(this))); + emit TotalSupply(token, IERC20(token).totalSupply()); + + if (data.length > 0) { + // WARNING: This code is for testing purposes only! Do not use. + Address.functionCall(token, data); + } + + if (_enableApprove) { + IERC20(token).approve(token, amount + fee); + } + + return _enableReturn ? _RETURN_VALUE : bytes32(0); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/EtherReceiverMock.sol b/dependencies/@openzeppelin/contracts/mocks/EtherReceiverMock.sol new file mode 100644 index 00000000..1b1c9363 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/EtherReceiverMock.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract EtherReceiverMock { + bool private _acceptEther; + + function setAcceptEther(bool acceptEther) public { + _acceptEther = acceptEther; + } + + receive() external payable { + if (!_acceptEther) { + revert(); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/InitializableMock.sol b/dependencies/@openzeppelin/contracts/mocks/InitializableMock.sol new file mode 100644 index 00000000..7f76caac --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/InitializableMock.sol @@ -0,0 +1,130 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Initializable} from "../proxy/utils/Initializable.sol"; + +/** + * @title InitializableMock + * @dev This contract is a mock to test initializable functionality + */ +contract InitializableMock is Initializable { + bool public initializerRan; + bool public onlyInitializingRan; + uint256 public x; + + function isInitializing() public view returns (bool) { + return _isInitializing(); + } + + function initialize() public initializer { + initializerRan = true; + } + + function initializeOnlyInitializing() public onlyInitializing { + onlyInitializingRan = true; + } + + function initializerNested() public initializer { + initialize(); + } + + function onlyInitializingNested() public initializer { + initializeOnlyInitializing(); + } + + function initializeWithX(uint256 _x) public payable initializer { + x = _x; + } + + function nonInitializable(uint256 _x) public payable { + x = _x; + } + + function fail() public pure { + require(false, "InitializableMock forced failure"); + } +} + +contract ConstructorInitializableMock is Initializable { + bool public initializerRan; + bool public onlyInitializingRan; + + constructor() initializer { + initialize(); + initializeOnlyInitializing(); + } + + function initialize() public initializer { + initializerRan = true; + } + + function initializeOnlyInitializing() public onlyInitializing { + onlyInitializingRan = true; + } +} + +contract ChildConstructorInitializableMock is ConstructorInitializableMock { + bool public childInitializerRan; + + constructor() initializer { + childInitialize(); + } + + function childInitialize() public initializer { + childInitializerRan = true; + } +} + +contract ReinitializerMock is Initializable { + uint256 public counter; + + function getInitializedVersion() public view returns (uint64) { + return _getInitializedVersion(); + } + + function initialize() public initializer { + doStuff(); + } + + function reinitialize(uint64 i) public reinitializer(i) { + doStuff(); + } + + function nestedReinitialize(uint64 i, uint64 j) public reinitializer(i) { + reinitialize(j); + } + + function chainReinitialize(uint64 i, uint64 j) public { + reinitialize(i); + reinitialize(j); + } + + function disableInitializers() public { + _disableInitializers(); + } + + function doStuff() public onlyInitializing { + counter++; + } +} + +contract DisableNew is Initializable { + constructor() { + _disableInitializers(); + } +} + +contract DisableOld is Initializable { + constructor() initializer {} +} + +contract DisableBad1 is DisableNew, DisableOld {} + +contract DisableBad2 is Initializable { + constructor() initializer { + _disableInitializers(); + } +} + +contract DisableOk is DisableOld, DisableNew {} diff --git a/dependencies/@openzeppelin/contracts/mocks/MerkleProofCustomHashMock.sol b/dependencies/@openzeppelin/contracts/mocks/MerkleProofCustomHashMock.sol new file mode 100644 index 00000000..1039af32 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/MerkleProofCustomHashMock.sol @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {MerkleProof} from "../utils/cryptography/MerkleProof.sol"; + +// This could be a library, but then we would have to add it to the Stateless.sol mock for upgradeable tests +abstract contract MerkleProofCustomHashMock { + function customHash(bytes32 a, bytes32 b) internal pure returns (bytes32) { + return a < b ? sha256(abi.encode(a, b)) : sha256(abi.encode(b, a)); + } + + function verify(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal view returns (bool) { + return MerkleProof.verify(proof, root, leaf, customHash); + } + + function processProof(bytes32[] calldata proof, bytes32 leaf) internal view returns (bytes32) { + return MerkleProof.processProof(proof, leaf, customHash); + } + + function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal view returns (bool) { + return MerkleProof.verifyCalldata(proof, root, leaf, customHash); + } + + function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal view returns (bytes32) { + return MerkleProof.processProofCalldata(proof, leaf, customHash); + } + + function multiProofVerify( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32 root, + bytes32[] calldata leaves + ) internal view returns (bool) { + return MerkleProof.multiProofVerify(proof, proofFlags, root, leaves, customHash); + } + + function processMultiProof( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32[] calldata leaves + ) internal view returns (bytes32) { + return MerkleProof.processMultiProof(proof, proofFlags, leaves, customHash); + } + + function multiProofVerifyCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32 root, + bytes32[] calldata leaves + ) internal view returns (bool) { + return MerkleProof.multiProofVerifyCalldata(proof, proofFlags, root, leaves, customHash); + } + + function processMultiProofCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32[] calldata leaves + ) internal view returns (bytes32) { + return MerkleProof.processMultiProofCalldata(proof, proofFlags, leaves, customHash); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/MerkleTreeMock.sol b/dependencies/@openzeppelin/contracts/mocks/MerkleTreeMock.sol new file mode 100644 index 00000000..2454efa2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/MerkleTreeMock.sol @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.0; + +import {MerkleTree} from "../utils/structs/MerkleTree.sol"; + +contract MerkleTreeMock { + using MerkleTree for MerkleTree.Bytes32PushTree; + + MerkleTree.Bytes32PushTree private _tree; + + // This mock only stored the latest root. + // Production contract may want to store historical values. + bytes32 public root; + + event LeafInserted(bytes32 leaf, uint256 index, bytes32 root); + + function setup(uint8 _depth, bytes32 _zero) public { + root = _tree.setup(_depth, _zero); + } + + function push(bytes32 leaf) public { + (uint256 leafIndex, bytes32 currentRoot) = _tree.push(leaf); + emit LeafInserted(leaf, leafIndex, currentRoot); + root = currentRoot; + } + + function depth() public view returns (uint256) { + return _tree.depth(); + } + + // internal state + function nextLeafIndex() public view returns (uint256) { + return _tree._nextLeafIndex; + } + + function sides(uint256 i) public view returns (bytes32) { + return _tree._sides[i]; + } + + function zeros(uint256 i) public view returns (bytes32) { + return _tree._zeros[i]; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/MulticallHelper.sol b/dependencies/@openzeppelin/contracts/mocks/MulticallHelper.sol new file mode 100644 index 00000000..d70f3bf4 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/MulticallHelper.sol @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20MulticallMock} from "./token/ERC20MulticallMock.sol"; + +contract MulticallHelper { + function checkReturnValues( + ERC20MulticallMock multicallToken, + address[] calldata recipients, + uint256[] calldata amounts + ) external { + bytes[] memory calls = new bytes[](recipients.length); + for (uint256 i = 0; i < recipients.length; i++) { + calls[i] = abi.encodeCall(multicallToken.transfer, (recipients[i], amounts[i])); + } + + bytes[] memory results = multicallToken.multicall(calls); + for (uint256 i = 0; i < results.length; i++) { + require(abi.decode(results[i], (bool))); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/MultipleInheritanceInitializableMocks.sol b/dependencies/@openzeppelin/contracts/mocks/MultipleInheritanceInitializableMocks.sol new file mode 100644 index 00000000..51030acd --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/MultipleInheritanceInitializableMocks.sol @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Initializable} from "../proxy/utils/Initializable.sol"; + +// Sample contracts showing upgradeability with multiple inheritance. +// Child contract inherits from Father and Mother contracts, and Father extends from Gramps. +// +// Human +// / \ +// | Gramps +// | | +// Mother Father +// | | +// -- Child -- + +/** + * Sample base initializable contract that is a human + */ +contract SampleHuman is Initializable { + bool public isHuman; + + function initialize() public initializer { + __SampleHuman_init(); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleHuman_init() internal onlyInitializing { + __SampleHuman_init_unchained(); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleHuman_init_unchained() internal onlyInitializing { + isHuman = true; + } +} + +/** + * Sample base initializable contract that defines a field mother + */ +contract SampleMother is Initializable, SampleHuman { + uint256 public mother; + + function initialize(uint256 value) public initializer { + __SampleMother_init(value); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleMother_init(uint256 value) internal onlyInitializing { + __SampleHuman_init(); + __SampleMother_init_unchained(value); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleMother_init_unchained(uint256 value) internal onlyInitializing { + mother = value; + } +} + +/** + * Sample base initializable contract that defines a field gramps + */ +contract SampleGramps is Initializable, SampleHuman { + string public gramps; + + function initialize(string memory value) public initializer { + __SampleGramps_init(value); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleGramps_init(string memory value) internal onlyInitializing { + __SampleHuman_init(); + __SampleGramps_init_unchained(value); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleGramps_init_unchained(string memory value) internal onlyInitializing { + gramps = value; + } +} + +/** + * Sample base initializable contract that defines a field father and extends from gramps + */ +contract SampleFather is Initializable, SampleGramps { + uint256 public father; + + function initialize(string memory _gramps, uint256 _father) public initializer { + __SampleFather_init(_gramps, _father); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleFather_init(string memory _gramps, uint256 _father) internal onlyInitializing { + __SampleGramps_init(_gramps); + __SampleFather_init_unchained(_father); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleFather_init_unchained(uint256 _father) internal onlyInitializing { + father = _father; + } +} + +/** + * Child extends from mother, father (gramps) + */ +contract SampleChild is Initializable, SampleMother, SampleFather { + uint256 public child; + + function initialize(uint256 _mother, string memory _gramps, uint256 _father, uint256 _child) public initializer { + __SampleChild_init(_mother, _gramps, _father, _child); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleChild_init( + uint256 _mother, + string memory _gramps, + uint256 _father, + uint256 _child + ) internal onlyInitializing { + __SampleMother_init(_mother); + __SampleFather_init(_gramps, _father); + __SampleChild_init_unchained(_child); + } + + // solhint-disable-next-line func-name-mixedcase + function __SampleChild_init_unchained(uint256 _child) internal onlyInitializing { + child = _child; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/PausableMock.sol b/dependencies/@openzeppelin/contracts/mocks/PausableMock.sol new file mode 100644 index 00000000..fa701e2c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/PausableMock.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Pausable} from "../utils/Pausable.sol"; + +contract PausableMock is Pausable { + bool public drasticMeasureTaken; + uint256 public count; + + constructor() { + drasticMeasureTaken = false; + count = 0; + } + + function normalProcess() external whenNotPaused { + count++; + } + + function drasticMeasure() external whenPaused { + drasticMeasureTaken = true; + } + + function pause() external { + _pause(); + } + + function unpause() external { + _unpause(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ReentrancyAttack.sol b/dependencies/@openzeppelin/contracts/mocks/ReentrancyAttack.sol new file mode 100644 index 00000000..3df2d1c2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ReentrancyAttack.sol @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Context} from "../utils/Context.sol"; + +contract ReentrancyAttack is Context { + function callSender(bytes calldata data) public { + (bool success, ) = _msgSender().call(data); + require(success, "ReentrancyAttack: failed call"); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ReentrancyMock.sol b/dependencies/@openzeppelin/contracts/mocks/ReentrancyMock.sol new file mode 100644 index 00000000..39e2d5ed --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ReentrancyMock.sol @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ReentrancyGuard} from "../utils/ReentrancyGuard.sol"; +import {ReentrancyAttack} from "./ReentrancyAttack.sol"; + +contract ReentrancyMock is ReentrancyGuard { + uint256 public counter; + + constructor() { + counter = 0; + } + + function callback() external nonReentrant { + _count(); + } + + function countLocalRecursive(uint256 n) public nonReentrant { + if (n > 0) { + _count(); + countLocalRecursive(n - 1); + } + } + + function countThisRecursive(uint256 n) public nonReentrant { + if (n > 0) { + _count(); + (bool success, ) = address(this).call(abi.encodeCall(this.countThisRecursive, (n - 1))); + require(success, "ReentrancyMock: failed call"); + } + } + + function countAndCall(ReentrancyAttack attacker) public nonReentrant { + _count(); + attacker.callSender(abi.encodeCall(this.callback, ())); + } + + function _count() private { + counter += 1; + } + + function guardedCheckEntered() public nonReentrant { + require(_reentrancyGuardEntered()); + } + + function unguardedCheckNotEntered() public view { + require(!_reentrancyGuardEntered()); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/ReentrancyTransientMock.sol b/dependencies/@openzeppelin/contracts/mocks/ReentrancyTransientMock.sol new file mode 100644 index 00000000..f0e61ea8 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/ReentrancyTransientMock.sol @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.24; + +import {ReentrancyGuardTransient} from "../utils/ReentrancyGuardTransient.sol"; +import {ReentrancyAttack} from "./ReentrancyAttack.sol"; + +contract ReentrancyTransientMock is ReentrancyGuardTransient { + uint256 public counter; + + constructor() { + counter = 0; + } + + function callback() external nonReentrant { + _count(); + } + + function countLocalRecursive(uint256 n) public nonReentrant { + if (n > 0) { + _count(); + countLocalRecursive(n - 1); + } + } + + function countThisRecursive(uint256 n) public nonReentrant { + if (n > 0) { + _count(); + (bool success, ) = address(this).call(abi.encodeCall(this.countThisRecursive, (n - 1))); + require(success, "ReentrancyTransientMock: failed call"); + } + } + + function countAndCall(ReentrancyAttack attacker) public nonReentrant { + _count(); + attacker.callSender(abi.encodeCall(this.callback, ())); + } + + function _count() private { + counter += 1; + } + + function guardedCheckEntered() public nonReentrant { + require(_reentrancyGuardEntered()); + } + + function unguardedCheckNotEntered() public view { + require(!_reentrancyGuardEntered()); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/RegressionImplementation.sol b/dependencies/@openzeppelin/contracts/mocks/RegressionImplementation.sol new file mode 100644 index 00000000..19b9706d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/RegressionImplementation.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Initializable} from "../proxy/utils/Initializable.sol"; + +contract Implementation1 is Initializable { + uint256 internal _value; + + function initialize() public initializer {} + + function setValue(uint256 _number) public { + _value = _number; + } +} + +contract Implementation2 is Initializable { + uint256 internal _value; + + function initialize() public initializer {} + + function setValue(uint256 _number) public { + _value = _number; + } + + function getValue() public view returns (uint256) { + return _value; + } +} + +contract Implementation3 is Initializable { + uint256 internal _value; + + function initialize() public initializer {} + + function setValue(uint256 _number) public { + _value = _number; + } + + function getValue(uint256 _number) public view returns (uint256) { + return _value + _number; + } +} + +contract Implementation4 is Initializable { + uint256 internal _value; + + function initialize() public initializer {} + + function setValue(uint256 _number) public { + _value = _number; + } + + function getValue() public view returns (uint256) { + return _value; + } + + fallback() external { + _value = 1; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/SingleInheritanceInitializableMocks.sol b/dependencies/@openzeppelin/contracts/mocks/SingleInheritanceInitializableMocks.sol new file mode 100644 index 00000000..0bd3c614 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/SingleInheritanceInitializableMocks.sol @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Initializable} from "../proxy/utils/Initializable.sol"; + +/** + * @title MigratableMockV1 + * @dev This contract is a mock to test initializable functionality through migrations + */ +contract MigratableMockV1 is Initializable { + uint256 public x; + + function initialize(uint256 value) public payable initializer { + x = value; + } +} + +/** + * @title MigratableMockV2 + * @dev This contract is a mock to test migratable functionality with params + */ +contract MigratableMockV2 is MigratableMockV1 { + bool internal _migratedV2; + uint256 public y; + + function migrate(uint256 value, uint256 anotherValue) public payable { + require(!_migratedV2); + x = value; + y = anotherValue; + _migratedV2 = true; + } +} + +/** + * @title MigratableMockV3 + * @dev This contract is a mock to test migratable functionality without params + */ +contract MigratableMockV3 is MigratableMockV2 { + bool internal _migratedV3; + + function migrate() public payable { + require(!_migratedV3); + uint256 oldX = x; + x = y; + y = oldX; + _migratedV3 = true; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/Stateless.sol b/dependencies/@openzeppelin/contracts/mocks/Stateless.sol new file mode 100644 index 00000000..846c77d9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/Stateless.sol @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +// We keep these imports and a dummy contract just to we can run the test suite after transpilation. + +import {Address} from "../utils/Address.sol"; +import {Arrays} from "../utils/Arrays.sol"; +import {AuthorityUtils} from "../access/manager/AuthorityUtils.sol"; +import {Base64} from "../utils/Base64.sol"; +import {BitMaps} from "../utils/structs/BitMaps.sol"; +import {Checkpoints} from "../utils/structs/Checkpoints.sol"; +import {CircularBuffer} from "../utils/structs/CircularBuffer.sol"; +import {Clones} from "../proxy/Clones.sol"; +import {Create2} from "../utils/Create2.sol"; +import {DoubleEndedQueue} from "../utils/structs/DoubleEndedQueue.sol"; +import {ECDSA} from "../utils/cryptography/ECDSA.sol"; +import {EnumerableMap} from "../utils/structs/EnumerableMap.sol"; +import {EnumerableSet} from "../utils/structs/EnumerableSet.sol"; +import {ERC1155Holder} from "../token/ERC1155/utils/ERC1155Holder.sol"; +import {ERC165} from "../utils/introspection/ERC165.sol"; +import {ERC165Checker} from "../utils/introspection/ERC165Checker.sol"; +import {ERC1967Utils} from "../proxy/ERC1967/ERC1967Utils.sol"; +import {ERC721Holder} from "../token/ERC721/utils/ERC721Holder.sol"; +import {Heap} from "../utils/structs/Heap.sol"; +import {Math} from "../utils/math/Math.sol"; +import {MerkleProof} from "../utils/cryptography/MerkleProof.sol"; +import {MessageHashUtils} from "../utils/cryptography/MessageHashUtils.sol"; +import {P256} from "../utils/cryptography/P256.sol"; +import {Panic} from "../utils/Panic.sol"; +import {Packing} from "../utils/Packing.sol"; +import {RSA} from "../utils/cryptography/RSA.sol"; +import {SafeCast} from "../utils/math/SafeCast.sol"; +import {SafeERC20} from "../token/ERC20/utils/SafeERC20.sol"; +import {ShortStrings} from "../utils/ShortStrings.sol"; +import {SignatureChecker} from "../utils/cryptography/SignatureChecker.sol"; +import {SignedMath} from "../utils/math/SignedMath.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; +import {Strings} from "../utils/Strings.sol"; +import {Time} from "../utils/types/Time.sol"; + +contract Dummy1234 {} diff --git a/dependencies/@openzeppelin/contracts/mocks/StorageSlotMock.sol b/dependencies/@openzeppelin/contracts/mocks/StorageSlotMock.sol new file mode 100644 index 00000000..e69bd36a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/StorageSlotMock.sol @@ -0,0 +1,137 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/StorageSlotMock.js. + +pragma solidity ^0.8.24; + +import {Multicall} from "../utils/Multicall.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; + +contract StorageSlotMock is Multicall { + using StorageSlot for *; + + function setAddressSlot(bytes32 slot, address value) public { + slot.getAddressSlot().value = value; + } + + function setBooleanSlot(bytes32 slot, bool value) public { + slot.getBooleanSlot().value = value; + } + + function setBytes32Slot(bytes32 slot, bytes32 value) public { + slot.getBytes32Slot().value = value; + } + + function setUint256Slot(bytes32 slot, uint256 value) public { + slot.getUint256Slot().value = value; + } + + function setInt256Slot(bytes32 slot, int256 value) public { + slot.getInt256Slot().value = value; + } + + function getAddressSlot(bytes32 slot) public view returns (address) { + return slot.getAddressSlot().value; + } + + function getBooleanSlot(bytes32 slot) public view returns (bool) { + return slot.getBooleanSlot().value; + } + + function getBytes32Slot(bytes32 slot) public view returns (bytes32) { + return slot.getBytes32Slot().value; + } + + function getUint256Slot(bytes32 slot) public view returns (uint256) { + return slot.getUint256Slot().value; + } + + function getInt256Slot(bytes32 slot) public view returns (int256) { + return slot.getInt256Slot().value; + } + + mapping(uint256 key => string) public stringMap; + + function setStringSlot(bytes32 slot, string calldata value) public { + slot.getStringSlot().value = value; + } + + function setStringStorage(uint256 key, string calldata value) public { + stringMap[key].getStringSlot().value = value; + } + + function getStringSlot(bytes32 slot) public view returns (string memory) { + return slot.getStringSlot().value; + } + + function getStringStorage(uint256 key) public view returns (string memory) { + return stringMap[key].getStringSlot().value; + } + + mapping(uint256 key => bytes) public bytesMap; + + function setBytesSlot(bytes32 slot, bytes calldata value) public { + slot.getBytesSlot().value = value; + } + + function setBytesStorage(uint256 key, bytes calldata value) public { + bytesMap[key].getBytesSlot().value = value; + } + + function getBytesSlot(bytes32 slot) public view returns (bytes memory) { + return slot.getBytesSlot().value; + } + + function getBytesStorage(uint256 key) public view returns (bytes memory) { + return bytesMap[key].getBytesSlot().value; + } + + event AddressValue(bytes32 slot, address value); + + function tloadAddress(bytes32 slot) public { + emit AddressValue(slot, slot.asAddress().tload()); + } + + function tstore(bytes32 slot, address value) public { + slot.asAddress().tstore(value); + } + + event BooleanValue(bytes32 slot, bool value); + + function tloadBoolean(bytes32 slot) public { + emit BooleanValue(slot, slot.asBoolean().tload()); + } + + function tstore(bytes32 slot, bool value) public { + slot.asBoolean().tstore(value); + } + + event Bytes32Value(bytes32 slot, bytes32 value); + + function tloadBytes32(bytes32 slot) public { + emit Bytes32Value(slot, slot.asBytes32().tload()); + } + + function tstore(bytes32 slot, bytes32 value) public { + slot.asBytes32().tstore(value); + } + + event Uint256Value(bytes32 slot, uint256 value); + + function tloadUint256(bytes32 slot) public { + emit Uint256Value(slot, slot.asUint256().tload()); + } + + function tstore(bytes32 slot, uint256 value) public { + slot.asUint256().tstore(value); + } + + event Int256Value(bytes32 slot, int256 value); + + function tloadInt256(bytes32 slot) public { + emit Int256Value(slot, slot.asInt256().tload()); + } + + function tstore(bytes32 slot, int256 value) public { + slot.asInt256().tstore(value); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/TimelockReentrant.sol b/dependencies/@openzeppelin/contracts/mocks/TimelockReentrant.sol new file mode 100644 index 00000000..aab676a5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/TimelockReentrant.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Address} from "../utils/Address.sol"; + +contract TimelockReentrant { + address private _reenterTarget; + bytes private _reenterData; + bool _reentered; + + function disableReentrancy() external { + _reentered = true; + } + + function enableRentrancy(address target, bytes calldata data) external { + _reenterTarget = target; + _reenterData = data; + } + + function reenter() external { + if (!_reentered) { + _reentered = true; + Address.functionCall(_reenterTarget, _reenterData); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/UpgradeableBeaconMock.sol b/dependencies/@openzeppelin/contracts/mocks/UpgradeableBeaconMock.sol new file mode 100644 index 00000000..354ac02f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/UpgradeableBeaconMock.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {IBeacon} from "../proxy/beacon/IBeacon.sol"; + +contract UpgradeableBeaconMock is IBeacon { + address public implementation; + + constructor(address impl) { + implementation = impl; + } +} + +interface IProxyExposed { + // solhint-disable-next-line func-name-mixedcase + function $getBeacon() external view returns (address); +} + +contract UpgradeableBeaconReentrantMock is IBeacon { + error BeaconProxyBeaconSlotAddress(address beacon); + + function implementation() external view override returns (address) { + // Revert with the beacon seen in the proxy at the moment of calling to check if it's + // set before the call. + revert BeaconProxyBeaconSlotAddress(IProxyExposed(msg.sender).$getBeacon()); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/VotesMock.sol b/dependencies/@openzeppelin/contracts/mocks/VotesMock.sol new file mode 100644 index 00000000..e28d6b55 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/VotesMock.sol @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Votes} from "../governance/utils/Votes.sol"; + +abstract contract VotesMock is Votes { + mapping(address voter => uint256) private _votingUnits; + + function getTotalSupply() public view returns (uint256) { + return _getTotalSupply(); + } + + function delegate(address account, address newDelegation) public { + return _delegate(account, newDelegation); + } + + function _getVotingUnits(address account) internal view override returns (uint256) { + return _votingUnits[account]; + } + + function _mint(address account, uint256 votes) internal { + _votingUnits[account] += votes; + _transferVotingUnits(address(0), account, votes); + } + + function _burn(address account, uint256 votes) internal { + _votingUnits[account] += votes; + _transferVotingUnits(account, address(0), votes); + } +} + +abstract contract VotesTimestampMock is VotesMock { + function clock() public view override returns (uint48) { + return uint48(block.timestamp); + } + + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual override returns (string memory) { + return "mode=timestamp"; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/compound/CompTimelock.sol b/dependencies/@openzeppelin/contracts/mocks/compound/CompTimelock.sol new file mode 100644 index 00000000..c72ed083 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/compound/CompTimelock.sol @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: BSD-3-Clause +// solhint-disable private-vars-leading-underscore +/** + * Copyright 2020 Compound Labs, Inc. + * + * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the + * following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following + * disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the + * following disclaimer in the documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote + * products derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +pragma solidity ^0.8.20; + +contract CompTimelock { + event NewAdmin(address indexed newAdmin); + event NewPendingAdmin(address indexed newPendingAdmin); + event NewDelay(uint256 indexed newDelay); + event CancelTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + event ExecuteTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + event QueueTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + + uint256 public constant GRACE_PERIOD = 14 days; + uint256 public constant MINIMUM_DELAY = 2 days; + uint256 public constant MAXIMUM_DELAY = 30 days; + + address public admin; + address public pendingAdmin; + uint256 public delay; + + mapping(bytes32 => bool) public queuedTransactions; + + constructor(address admin_, uint256 delay_) { + require(delay_ >= MINIMUM_DELAY, "Timelock::constructor: Delay must exceed minimum delay."); + require(delay_ <= MAXIMUM_DELAY, "Timelock::setDelay: Delay must not exceed maximum delay."); + + admin = admin_; + delay = delay_; + } + + receive() external payable {} + + function setDelay(uint256 delay_) public { + require(msg.sender == address(this), "Timelock::setDelay: Call must come from Timelock."); + require(delay_ >= MINIMUM_DELAY, "Timelock::setDelay: Delay must exceed minimum delay."); + require(delay_ <= MAXIMUM_DELAY, "Timelock::setDelay: Delay must not exceed maximum delay."); + delay = delay_; + + emit NewDelay(delay); + } + + function acceptAdmin() public { + require(msg.sender == pendingAdmin, "Timelock::acceptAdmin: Call must come from pendingAdmin."); + admin = msg.sender; + pendingAdmin = address(0); + + emit NewAdmin(admin); + } + + function setPendingAdmin(address pendingAdmin_) public { + require(msg.sender == address(this), "Timelock::setPendingAdmin: Call must come from Timelock."); + pendingAdmin = pendingAdmin_; + + emit NewPendingAdmin(pendingAdmin); + } + + function queueTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) public returns (bytes32) { + require(msg.sender == admin, "Timelock::queueTransaction: Call must come from admin."); + require( + eta >= getBlockTimestamp() + delay, + "Timelock::queueTransaction: Estimated execution block must satisfy delay." + ); + + bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta)); + queuedTransactions[txHash] = true; + + emit QueueTransaction(txHash, target, value, signature, data, eta); + return txHash; + } + + function cancelTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) public { + require(msg.sender == admin, "Timelock::cancelTransaction: Call must come from admin."); + + bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta)); + queuedTransactions[txHash] = false; + + emit CancelTransaction(txHash, target, value, signature, data, eta); + } + + function executeTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) public payable returns (bytes memory) { + require(msg.sender == admin, "Timelock::executeTransaction: Call must come from admin."); + + bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta)); + require(queuedTransactions[txHash], "Timelock::executeTransaction: Transaction hasn't been queued."); + require(getBlockTimestamp() >= eta, "Timelock::executeTransaction: Transaction hasn't surpassed time lock."); + require(getBlockTimestamp() <= eta + GRACE_PERIOD, "Timelock::executeTransaction: Transaction is stale."); + + queuedTransactions[txHash] = false; + + bytes memory callData; + + if (bytes(signature).length == 0) { + callData = data; + } else { + callData = abi.encodePacked(bytes4(keccak256(bytes(signature))), data); + } + + // solium-disable-next-line security/no-call-value + (bool success, bytes memory returnData) = target.call{value: value}(callData); + require(success, "Timelock::executeTransaction: Transaction execution reverted."); + + emit ExecuteTransaction(txHash, target, value, signature, data, eta); + + return returnData; + } + + function getBlockTimestamp() internal view returns (uint256) { + // solium-disable-next-line security/no-block-members + return block.timestamp; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorFractionalMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorFractionalMock.sol new file mode 100644 index 00000000..d6d6042a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorFractionalMock.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Governor} from "../../governance/Governor.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingFractional} from "../../governance/extensions/GovernorCountingFractional.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; + +abstract contract GovernorFractionalMock is GovernorSettings, GovernorVotesQuorumFraction, GovernorCountingFractional { + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorMock.sol new file mode 100644 index 00000000..69668d28 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorMock.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Governor} from "../../governance/Governor.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; + +abstract contract GovernorMock is GovernorSettings, GovernorVotesQuorumFraction, GovernorCountingSimple { + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorPreventLateQuorumMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorPreventLateQuorumMock.sol new file mode 100644 index 00000000..fde0863c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorPreventLateQuorumMock.sol @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Governor} from "../../governance/Governor.sol"; +import {GovernorPreventLateQuorum} from "../../governance/extensions/GovernorPreventLateQuorum.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotes} from "../../governance/extensions/GovernorVotes.sol"; + +abstract contract GovernorPreventLateQuorumMock is + GovernorSettings, + GovernorVotes, + GovernorCountingSimple, + GovernorPreventLateQuorum +{ + uint256 private _quorum; + + constructor(uint256 quorum_) { + _quorum = quorum_; + } + + function quorum(uint256) public view override returns (uint256) { + return _quorum; + } + + function proposalDeadline( + uint256 proposalId + ) public view override(Governor, GovernorPreventLateQuorum) returns (uint256) { + return super.proposalDeadline(proposalId); + } + + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } + + function _castVote( + uint256 proposalId, + address account, + uint8 support, + string memory reason, + bytes memory params + ) internal override(Governor, GovernorPreventLateQuorum) returns (uint256) { + return super._castVote(proposalId, account, support, reason, params); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorStorageMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorStorageMock.sol new file mode 100644 index 00000000..88c6bf90 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorStorageMock.sol @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.19; + +import {IGovernor, Governor} from "../../governance/Governor.sol"; +import {GovernorTimelockControl} from "../../governance/extensions/GovernorTimelockControl.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; +import {GovernorStorage} from "../../governance/extensions/GovernorStorage.sol"; + +abstract contract GovernorStorageMock is + GovernorSettings, + GovernorTimelockControl, + GovernorVotesQuorumFraction, + GovernorCountingSimple, + GovernorStorage +{ + function quorum(uint256 blockNumber) public view override(Governor, GovernorVotesQuorumFraction) returns (uint256) { + return super.quorum(blockNumber); + } + + function state(uint256 proposalId) public view override(Governor, GovernorTimelockControl) returns (ProposalState) { + return super.state(proposalId); + } + + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } + + function proposalNeedsQueuing( + uint256 proposalId + ) public view virtual override(Governor, GovernorTimelockControl) returns (bool) { + return super.proposalNeedsQueuing(proposalId); + } + + function _propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description, + address proposer + ) internal virtual override(Governor, GovernorStorage) returns (uint256) { + return super._propose(targets, values, calldatas, description, proposer); + } + + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) returns (uint48) { + return super._queueOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) { + super._executeOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) returns (uint256) { + return super._cancel(targets, values, calldatas, descriptionHash); + } + + function _executor() internal view override(Governor, GovernorTimelockControl) returns (address) { + return super._executor(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockAccessMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockAccessMock.sol new file mode 100644 index 00000000..3d1bbeee --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockAccessMock.sol @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IGovernor, Governor} from "../../governance/Governor.sol"; +import {GovernorTimelockAccess} from "../../governance/extensions/GovernorTimelockAccess.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; + +abstract contract GovernorTimelockAccessMock is + GovernorSettings, + GovernorTimelockAccess, + GovernorVotesQuorumFraction, + GovernorCountingSimple +{ + function nonGovernanceFunction() external {} + + function quorum(uint256 blockNumber) public view override(Governor, GovernorVotesQuorumFraction) returns (uint256) { + return super.quorum(blockNumber); + } + + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } + + function proposalNeedsQueuing( + uint256 proposalId + ) public view virtual override(Governor, GovernorTimelockAccess) returns (bool) { + return super.proposalNeedsQueuing(proposalId); + } + + function propose( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + string memory description + ) public override(Governor, GovernorTimelockAccess) returns (uint256) { + return super.propose(targets, values, calldatas, description); + } + + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockAccess) returns (uint48) { + return super._queueOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockAccess) { + super._executeOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockAccess) returns (uint256) { + return super._cancel(targets, values, calldatas, descriptionHash); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockCompoundMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockCompoundMock.sol new file mode 100644 index 00000000..03ef6251 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockCompoundMock.sol @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IGovernor, Governor} from "../../governance/Governor.sol"; +import {GovernorTimelockCompound} from "../../governance/extensions/GovernorTimelockCompound.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; + +abstract contract GovernorTimelockCompoundMock is + GovernorSettings, + GovernorTimelockCompound, + GovernorVotesQuorumFraction, + GovernorCountingSimple +{ + function quorum(uint256 blockNumber) public view override(Governor, GovernorVotesQuorumFraction) returns (uint256) { + return super.quorum(blockNumber); + } + + function state( + uint256 proposalId + ) public view override(Governor, GovernorTimelockCompound) returns (ProposalState) { + return super.state(proposalId); + } + + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } + + function proposalNeedsQueuing( + uint256 proposalId + ) public view virtual override(Governor, GovernorTimelockCompound) returns (bool) { + return super.proposalNeedsQueuing(proposalId); + } + + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockCompound) returns (uint48) { + return super._queueOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockCompound) { + super._executeOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockCompound) returns (uint256) { + return super._cancel(targets, values, calldatas, descriptionHash); + } + + function _executor() internal view override(Governor, GovernorTimelockCompound) returns (address) { + return super._executor(); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockControlMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockControlMock.sol new file mode 100644 index 00000000..edaccc0b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorTimelockControlMock.sol @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IGovernor, Governor} from "../../governance/Governor.sol"; +import {GovernorTimelockControl} from "../../governance/extensions/GovernorTimelockControl.sol"; +import {GovernorSettings} from "../../governance/extensions/GovernorSettings.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotesQuorumFraction} from "../../governance/extensions/GovernorVotesQuorumFraction.sol"; + +abstract contract GovernorTimelockControlMock is + GovernorSettings, + GovernorTimelockControl, + GovernorVotesQuorumFraction, + GovernorCountingSimple +{ + function quorum(uint256 blockNumber) public view override(Governor, GovernorVotesQuorumFraction) returns (uint256) { + return super.quorum(blockNumber); + } + + function state(uint256 proposalId) public view override(Governor, GovernorTimelockControl) returns (ProposalState) { + return super.state(proposalId); + } + + function proposalThreshold() public view override(Governor, GovernorSettings) returns (uint256) { + return super.proposalThreshold(); + } + + function proposalNeedsQueuing( + uint256 proposalId + ) public view virtual override(Governor, GovernorTimelockControl) returns (bool) { + return super.proposalNeedsQueuing(proposalId); + } + + function _queueOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) returns (uint48) { + return super._queueOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _executeOperations( + uint256 proposalId, + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) { + super._executeOperations(proposalId, targets, values, calldatas, descriptionHash); + } + + function _cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) internal override(Governor, GovernorTimelockControl) returns (uint256) { + return super._cancel(targets, values, calldatas, descriptionHash); + } + + function _executor() internal view override(Governor, GovernorTimelockControl) returns (address) { + return super._executor(); + } + + function nonGovernanceFunction() external {} +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorVoteMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorVoteMock.sol new file mode 100644 index 00000000..e6949b5b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorVoteMock.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotes} from "../../governance/extensions/GovernorVotes.sol"; + +abstract contract GovernorVoteMocks is GovernorVotes, GovernorCountingSimple { + function quorum(uint256) public pure override returns (uint256) { + return 0; + } + + function votingDelay() public pure override returns (uint256) { + return 4; + } + + function votingPeriod() public pure override returns (uint256) { + return 16; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/governance/GovernorWithParamsMock.sol b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorWithParamsMock.sol new file mode 100644 index 00000000..29b738e9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/governance/GovernorWithParamsMock.sol @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Governor} from "../../governance/Governor.sol"; +import {GovernorCountingSimple} from "../../governance/extensions/GovernorCountingSimple.sol"; +import {GovernorVotes} from "../../governance/extensions/GovernorVotes.sol"; + +abstract contract GovernorWithParamsMock is GovernorVotes, GovernorCountingSimple { + event CountParams(uint256 uintParam, string strParam); + + function quorum(uint256) public pure override returns (uint256) { + return 0; + } + + function votingDelay() public pure override returns (uint256) { + return 4; + } + + function votingPeriod() public pure override returns (uint256) { + return 16; + } + + function _getVotes( + address account, + uint256 blockNumber, + bytes memory params + ) internal view override(Governor, GovernorVotes) returns (uint256) { + uint256 reduction = 0; + // If the user provides parameters, we reduce the voting weight by the amount of the integer param + if (params.length > 0) { + (reduction, ) = abi.decode(params, (uint256, string)); + } + // reverts on overflow + return super._getVotes(account, blockNumber, params) - reduction; + } + + function _countVote( + uint256 proposalId, + address account, + uint8 support, + uint256 weight, + bytes memory params + ) internal override(Governor, GovernorCountingSimple) returns (uint256) { + if (params.length > 0) { + (uint256 _uintParam, string memory _strParam) = abi.decode(params, (uint256, string)); + emit CountParams(_uintParam, _strParam); + } + return super._countVote(proposalId, account, support, weight, params); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/proxy/BadBeacon.sol b/dependencies/@openzeppelin/contracts/mocks/proxy/BadBeacon.sol new file mode 100644 index 00000000..f3153a84 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/proxy/BadBeacon.sol @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract BadBeaconNoImpl {} + +contract BadBeaconNotContract { + function implementation() external pure returns (address) { + return address(0x1); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/proxy/ClashingImplementation.sol b/dependencies/@openzeppelin/contracts/mocks/proxy/ClashingImplementation.sol new file mode 100644 index 00000000..43d5a34f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/proxy/ClashingImplementation.sol @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +/** + * @dev Implementation contract with a payable changeAdmin(address) function made to clash with + * TransparentUpgradeableProxy's to test correct functioning of the Transparent Proxy feature. + */ +contract ClashingImplementation { + event ClashingImplementationCall(); + + function upgradeToAndCall(address, bytes calldata) external payable { + emit ClashingImplementationCall(); + } + + function delegatedFunction() external pure returns (bool) { + return true; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/proxy/UUPSUpgradeableMock.sol b/dependencies/@openzeppelin/contracts/mocks/proxy/UUPSUpgradeableMock.sol new file mode 100644 index 00000000..a5f2d4a2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/proxy/UUPSUpgradeableMock.sol @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {UUPSUpgradeable} from "../../proxy/utils/UUPSUpgradeable.sol"; +import {ERC1967Utils} from "../../proxy/ERC1967/ERC1967Utils.sol"; + +contract NonUpgradeableMock { + uint256 internal _counter; + + function current() external view returns (uint256) { + return _counter; + } + + function increment() external { + ++_counter; + } +} + +contract UUPSUpgradeableMock is NonUpgradeableMock, UUPSUpgradeable { + // Not having any checks in this function is dangerous! Do not do this outside tests! + function _authorizeUpgrade(address) internal override {} +} + +contract UUPSUpgradeableUnsafeMock is UUPSUpgradeableMock { + function upgradeToAndCall(address newImplementation, bytes memory data) public payable override { + ERC1967Utils.upgradeToAndCall(newImplementation, data); + } +} + +contract UUPSUnsupportedProxiableUUID is UUPSUpgradeableMock { + function proxiableUUID() external pure override returns (bytes32) { + return keccak256("invalid UUID"); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1155ReceiverMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1155ReceiverMock.sol new file mode 100644 index 00000000..2a85d1df --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1155ReceiverMock.sol @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC1155Receiver} from "../../token/ERC1155/IERC1155Receiver.sol"; +import {ERC165} from "../../utils/introspection/ERC165.sol"; + +contract ERC1155ReceiverMock is ERC165, IERC1155Receiver { + enum RevertType { + None, + RevertWithoutMessage, + RevertWithMessage, + RevertWithCustomError, + Panic + } + + bytes4 private immutable _recRetval; + bytes4 private immutable _batRetval; + RevertType private immutable _error; + + event Received(address operator, address from, uint256 id, uint256 value, bytes data, uint256 gas); + event BatchReceived(address operator, address from, uint256[] ids, uint256[] values, bytes data, uint256 gas); + error CustomError(bytes4); + + constructor(bytes4 recRetval, bytes4 batRetval, RevertType error) { + _recRetval = recRetval; + _batRetval = batRetval; + _error = error; + } + + function onERC1155Received( + address operator, + address from, + uint256 id, + uint256 value, + bytes calldata data + ) external returns (bytes4) { + if (_error == RevertType.RevertWithoutMessage) { + revert(); + } else if (_error == RevertType.RevertWithMessage) { + revert("ERC1155ReceiverMock: reverting on receive"); + } else if (_error == RevertType.RevertWithCustomError) { + revert CustomError(_recRetval); + } else if (_error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + + emit Received(operator, from, id, value, data, gasleft()); + return _recRetval; + } + + function onERC1155BatchReceived( + address operator, + address from, + uint256[] calldata ids, + uint256[] calldata values, + bytes calldata data + ) external returns (bytes4) { + if (_error == RevertType.RevertWithoutMessage) { + revert(); + } else if (_error == RevertType.RevertWithMessage) { + revert("ERC1155ReceiverMock: reverting on batch receive"); + } else if (_error == RevertType.RevertWithCustomError) { + revert CustomError(_recRetval); + } else if (_error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + + emit BatchReceived(operator, from, ids, values, data, gasleft()); + return _batRetval; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ForceApproveMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ForceApproveMock.sol new file mode 100644 index 00000000..d911a0ac --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ForceApproveMock.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC20} from "../../interfaces/IERC20.sol"; +import {ERC20, ERC1363} from "../../token/ERC20/extensions/ERC1363.sol"; + +// contract that replicate USDT approval behavior in approveAndCall +abstract contract ERC1363ForceApproveMock is ERC1363 { + function approveAndCall(address spender, uint256 amount, bytes memory data) public virtual override returns (bool) { + require(amount == 0 || allowance(msg.sender, spender) == 0, "USDT approval failure"); + return super.approveAndCall(spender, amount, data); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1363NoReturnMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363NoReturnMock.sol new file mode 100644 index 00000000..748d2341 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363NoReturnMock.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC20, ERC20} from "../../token/ERC20/ERC20.sol"; +import {ERC1363} from "../../token/ERC20/extensions/ERC1363.sol"; + +abstract contract ERC1363NoReturnMock is ERC1363 { + function transferAndCall(address to, uint256 value, bytes memory data) public override returns (bool) { + super.transferAndCall(to, value, data); + assembly { + return(0, 0) + } + } + + function transferFromAndCall( + address from, + address to, + uint256 value, + bytes memory data + ) public override returns (bool) { + super.transferFromAndCall(from, to, value, data); + assembly { + return(0, 0) + } + } + + function approveAndCall(address spender, uint256 value, bytes memory data) public override returns (bool) { + super.approveAndCall(spender, value, data); + assembly { + return(0, 0) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReceiverMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReceiverMock.sol new file mode 100644 index 00000000..d33e05e4 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReceiverMock.sol @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC1363Receiver} from "../../interfaces/IERC1363Receiver.sol"; + +contract ERC1363ReceiverMock is IERC1363Receiver { + enum RevertType { + None, + RevertWithoutMessage, + RevertWithMessage, + RevertWithCustomError, + Panic + } + + bytes4 private _retval; + RevertType private _error; + + event Received(address operator, address from, uint256 value, bytes data); + error CustomError(bytes4); + + constructor() { + _retval = IERC1363Receiver.onTransferReceived.selector; + _error = RevertType.None; + } + + function setUp(bytes4 retval, RevertType error) public { + _retval = retval; + _error = error; + } + + function onTransferReceived( + address operator, + address from, + uint256 value, + bytes calldata data + ) external override returns (bytes4) { + if (_error == RevertType.RevertWithoutMessage) { + revert(); + } else if (_error == RevertType.RevertWithMessage) { + revert("ERC1363ReceiverMock: reverting"); + } else if (_error == RevertType.RevertWithCustomError) { + revert CustomError(_retval); + } else if (_error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + + emit Received(operator, from, value, data); + return _retval; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReturnFalseMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReturnFalseMock.sol new file mode 100644 index 00000000..afdd01f3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363ReturnFalseMock.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC20, ERC20} from "../../token/ERC20/ERC20.sol"; +import {ERC1363} from "../../token/ERC20/extensions/ERC1363.sol"; + +abstract contract ERC1363ReturnFalseOnERC20Mock is ERC1363 { + function transfer(address, uint256) public pure override(IERC20, ERC20) returns (bool) { + return false; + } + + function transferFrom(address, address, uint256) public pure override(IERC20, ERC20) returns (bool) { + return false; + } + + function approve(address, uint256) public pure override(IERC20, ERC20) returns (bool) { + return false; + } +} + +abstract contract ERC1363ReturnFalseMock is ERC1363 { + function transferAndCall(address, uint256, bytes memory) public pure override returns (bool) { + return false; + } + + function transferFromAndCall(address, address, uint256, bytes memory) public pure override returns (bool) { + return false; + } + + function approveAndCall(address, uint256, bytes memory) public pure override returns (bool) { + return false; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC1363SpenderMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363SpenderMock.sol new file mode 100644 index 00000000..b12c4c1d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC1363SpenderMock.sol @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC1363Spender} from "../../interfaces/IERC1363Spender.sol"; + +contract ERC1363SpenderMock is IERC1363Spender { + enum RevertType { + None, + RevertWithoutMessage, + RevertWithMessage, + RevertWithCustomError, + Panic + } + + bytes4 private _retval; + RevertType private _error; + + event Approved(address owner, uint256 value, bytes data); + error CustomError(bytes4); + + constructor() { + _retval = IERC1363Spender.onApprovalReceived.selector; + _error = RevertType.None; + } + + function setUp(bytes4 retval, RevertType error) public { + _retval = retval; + _error = error; + } + + function onApprovalReceived(address owner, uint256 value, bytes calldata data) external override returns (bytes4) { + if (_error == RevertType.RevertWithoutMessage) { + revert(); + } else if (_error == RevertType.RevertWithMessage) { + revert("ERC1363SpenderMock: reverting"); + } else if (_error == RevertType.RevertWithCustomError) { + revert CustomError(_retval); + } else if (_error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + + emit Approved(owner, value, data); + return _retval; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20ApprovalMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ApprovalMock.sol new file mode 100644 index 00000000..ff33a36d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ApprovalMock.sol @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +abstract contract ERC20ApprovalMock is ERC20 { + function _approve(address owner, address spender, uint256 amount, bool) internal virtual override { + super._approve(owner, spender, amount, true); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20DecimalsMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20DecimalsMock.sol new file mode 100644 index 00000000..a26e1f52 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20DecimalsMock.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +abstract contract ERC20DecimalsMock is ERC20 { + uint8 private immutable _decimals; + + constructor(uint8 decimals_) { + _decimals = decimals_; + } + + function decimals() public view override returns (uint8) { + return _decimals; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20ExcessDecimalsMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ExcessDecimalsMock.sol new file mode 100644 index 00000000..4627efd3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ExcessDecimalsMock.sol @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +contract ERC20ExcessDecimalsMock { + function decimals() public pure returns (uint256) { + return type(uint256).max; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20FlashMintMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20FlashMintMock.sol new file mode 100644 index 00000000..508573c2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20FlashMintMock.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20FlashMint} from "../../token/ERC20/extensions/ERC20FlashMint.sol"; + +abstract contract ERC20FlashMintMock is ERC20FlashMint { + uint256 _flashFeeAmount; + address _flashFeeReceiverAddress; + + function setFlashFee(uint256 amount) public { + _flashFeeAmount = amount; + } + + function _flashFee(address, uint256) internal view override returns (uint256) { + return _flashFeeAmount; + } + + function setFlashFeeReceiver(address receiver) public { + _flashFeeReceiverAddress = receiver; + } + + function _flashFeeReceiver() internal view override returns (address) { + return _flashFeeReceiverAddress; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20ForceApproveMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ForceApproveMock.sol new file mode 100644 index 00000000..36c0f574 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ForceApproveMock.sol @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +// contract that replicate USDT (0xdac17f958d2ee523a2206206994597c13d831ec7) approval behavior +abstract contract ERC20ForceApproveMock is ERC20 { + function approve(address spender, uint256 amount) public virtual override returns (bool) { + require(amount == 0 || allowance(msg.sender, spender) == 0, "USDT approval failure"); + return super.approve(spender, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20GetterHelper.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20GetterHelper.sol new file mode 100644 index 00000000..acdcced9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20GetterHelper.sol @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {IERC20} from "../../token/ERC20/IERC20.sol"; +import {IERC20Metadata} from "../../token/ERC20/extensions/IERC20Metadata.sol"; + +contract ERC20GetterHelper { + event ERC20TotalSupply(IERC20 token, uint256 totalSupply); + event ERC20BalanceOf(IERC20 token, address account, uint256 balanceOf); + event ERC20Allowance(IERC20 token, address owner, address spender, uint256 allowance); + event ERC20Name(IERC20Metadata token, string name); + event ERC20Symbol(IERC20Metadata token, string symbol); + event ERC20Decimals(IERC20Metadata token, uint8 decimals); + + function totalSupply(IERC20 token) external { + emit ERC20TotalSupply(token, token.totalSupply()); + } + + function balanceOf(IERC20 token, address account) external { + emit ERC20BalanceOf(token, account, token.balanceOf(account)); + } + + function allowance(IERC20 token, address owner, address spender) external { + emit ERC20Allowance(token, owner, spender, token.allowance(owner, spender)); + } + + function name(IERC20Metadata token) external { + emit ERC20Name(token, token.name()); + } + + function symbol(IERC20Metadata token) external { + emit ERC20Symbol(token, token.symbol()); + } + + function decimals(IERC20Metadata token) external { + emit ERC20Decimals(token, token.decimals()); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20Mock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20Mock.sol new file mode 100644 index 00000000..39ab1295 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20Mock.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +contract ERC20Mock is ERC20 { + constructor() ERC20("ERC20Mock", "E20M") {} + + function mint(address account, uint256 amount) external { + _mint(account, amount); + } + + function burn(address account, uint256 amount) external { + _burn(account, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20MulticallMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20MulticallMock.sol new file mode 100644 index 00000000..dce3e705 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20MulticallMock.sol @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; +import {Multicall} from "../../utils/Multicall.sol"; + +abstract contract ERC20MulticallMock is ERC20, Multicall {} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20NoReturnMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20NoReturnMock.sol new file mode 100644 index 00000000..2129537b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20NoReturnMock.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +abstract contract ERC20NoReturnMock is ERC20 { + function transfer(address to, uint256 amount) public override returns (bool) { + super.transfer(to, amount); + assembly { + return(0, 0) + } + } + + function transferFrom(address from, address to, uint256 amount) public override returns (bool) { + super.transferFrom(from, to, amount); + assembly { + return(0, 0) + } + } + + function approve(address spender, uint256 amount) public override returns (bool) { + super.approve(spender, amount); + assembly { + return(0, 0) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20Reentrant.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20Reentrant.sol new file mode 100644 index 00000000..813913f7 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20Reentrant.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; +import {Address} from "../../utils/Address.sol"; + +contract ERC20Reentrant is ERC20("TEST", "TST") { + enum Type { + No, + Before, + After + } + + Type private _reenterType; + address private _reenterTarget; + bytes private _reenterData; + + function scheduleReenter(Type when, address target, bytes calldata data) external { + _reenterType = when; + _reenterTarget = target; + _reenterData = data; + } + + function functionCall(address target, bytes memory data) public returns (bytes memory) { + return Address.functionCall(target, data); + } + + function _update(address from, address to, uint256 amount) internal override { + if (_reenterType == Type.Before) { + _reenterType = Type.No; + functionCall(_reenterTarget, _reenterData); + } + super._update(from, to, amount); + if (_reenterType == Type.After) { + _reenterType = Type.No; + functionCall(_reenterTarget, _reenterData); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20ReturnFalseMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ReturnFalseMock.sol new file mode 100644 index 00000000..94bff32f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20ReturnFalseMock.sol @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../../token/ERC20/ERC20.sol"; + +abstract contract ERC20ReturnFalseMock is ERC20 { + function transfer(address, uint256) public pure override returns (bool) { + return false; + } + + function transferFrom(address, address, uint256) public pure override returns (bool) { + return false; + } + + function approve(address, uint256) public pure override returns (bool) { + return false; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesLegacyMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesLegacyMock.sol new file mode 100644 index 00000000..3246fd42 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesLegacyMock.sol @@ -0,0 +1,253 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20Permit} from "../../token/ERC20/extensions/ERC20Permit.sol"; +import {Math} from "../../utils/math/Math.sol"; +import {IVotes} from "../../governance/utils/IVotes.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; +import {ECDSA} from "../../utils/cryptography/ECDSA.sol"; + +/** + * @dev Copied from the master branch at commit 86de1e8b6c3fa6b4efa4a5435869d2521be0f5f5 + */ +abstract contract ERC20VotesLegacyMock is IVotes, ERC20Permit { + struct Checkpoint { + uint32 fromBlock; + uint224 votes; + } + + bytes32 private constant _DELEGATION_TYPEHASH = + keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)"); + + mapping(address account => address) private _delegatee; + mapping(address delegatee => Checkpoint[]) private _checkpoints; + Checkpoint[] private _totalSupplyCheckpoints; + + /** + * @dev Get the `pos`-th checkpoint for `account`. + */ + function checkpoints(address account, uint32 pos) public view virtual returns (Checkpoint memory) { + return _checkpoints[account][pos]; + } + + /** + * @dev Get number of checkpoints for `account`. + */ + function numCheckpoints(address account) public view virtual returns (uint32) { + return SafeCast.toUint32(_checkpoints[account].length); + } + + /** + * @dev Get the address `account` is currently delegating to. + */ + function delegates(address account) public view virtual returns (address) { + return _delegatee[account]; + } + + /** + * @dev Gets the current votes balance for `account` + */ + function getVotes(address account) public view virtual returns (uint256) { + uint256 pos = _checkpoints[account].length; + unchecked { + return pos == 0 ? 0 : _checkpoints[account][pos - 1].votes; + } + } + + /** + * @dev Retrieve the number of votes for `account` at the end of `blockNumber`. + * + * Requirements: + * + * - `blockNumber` must have been already mined + */ + function getPastVotes(address account, uint256 blockNumber) public view virtual returns (uint256) { + require(blockNumber < block.number, "ERC20Votes: block not yet mined"); + return _checkpointsLookup(_checkpoints[account], blockNumber); + } + + /** + * @dev Retrieve the `totalSupply` at the end of `blockNumber`. Note, this value is the sum of all balances. + * It is NOT the sum of all the delegated votes! + * + * Requirements: + * + * - `blockNumber` must have been already mined + */ + function getPastTotalSupply(uint256 blockNumber) public view virtual returns (uint256) { + require(blockNumber < block.number, "ERC20Votes: block not yet mined"); + return _checkpointsLookup(_totalSupplyCheckpoints, blockNumber); + } + + /** + * @dev Lookup a value in a list of (sorted) checkpoints. + */ + function _checkpointsLookup(Checkpoint[] storage ckpts, uint256 blockNumber) private view returns (uint256) { + // We run a binary search to look for the earliest checkpoint taken after `blockNumber`. + // + // Initially we check if the block is recent to narrow the search range. + // During the loop, the index of the wanted checkpoint remains in the range [low-1, high). + // With each iteration, either `low` or `high` is moved towards the middle of the range to maintain the + // invariant. + // - If the middle checkpoint is after `blockNumber`, we look in [low, mid) + // - If the middle checkpoint is before or equal to `blockNumber`, we look in [mid+1, high) + // Once we reach a single value (when low == high), we've found the right checkpoint at the index high-1, if not + // out of bounds (in which case we're looking too far in the past and the result is 0). + // Note that if the latest checkpoint available is exactly for `blockNumber`, we end up with an index that is + // past the end of the array, so we technically don't find a checkpoint after `blockNumber`, but it works out + // the same. + uint256 length = ckpts.length; + + uint256 low = 0; + uint256 high = length; + + if (length > 5) { + uint256 mid = length - Math.sqrt(length); + if (_unsafeAccess(ckpts, mid).fromBlock > blockNumber) { + high = mid; + } else { + low = mid + 1; + } + } + + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(ckpts, mid).fromBlock > blockNumber) { + high = mid; + } else { + low = mid + 1; + } + } + + unchecked { + return high == 0 ? 0 : _unsafeAccess(ckpts, high - 1).votes; + } + } + + /** + * @dev Delegate votes from the sender to `delegatee`. + */ + function delegate(address delegatee) public virtual { + _delegate(_msgSender(), delegatee); + } + + /** + * @dev Delegates votes from signer to `delegatee` + */ + function delegateBySig( + address delegatee, + uint256 nonce, + uint256 expiry, + uint8 v, + bytes32 r, + bytes32 s + ) public virtual { + require(block.timestamp <= expiry, "ERC20Votes: signature expired"); + address signer = ECDSA.recover( + _hashTypedDataV4(keccak256(abi.encode(_DELEGATION_TYPEHASH, delegatee, nonce, expiry))), + v, + r, + s + ); + require(nonce == _useNonce(signer), "ERC20Votes: invalid nonce"); + _delegate(signer, delegatee); + } + + /** + * @dev Maximum token supply. Defaults to `type(uint224).max` (2^224^ - 1). + */ + function _maxSupply() internal view virtual returns (uint224) { + return type(uint224).max; + } + + /** + * @dev Move voting power when tokens are transferred. + * + * Emits a {IVotes-DelegateVotesChanged} event. + */ + function _update(address from, address to, uint256 amount) internal virtual override { + super._update(from, to, amount); + + if (from == address(0)) { + require(totalSupply() <= _maxSupply(), "ERC20Votes: total supply risks overflowing votes"); + _writeCheckpoint(_totalSupplyCheckpoints, _add, amount); + } + + if (to == address(0)) { + _writeCheckpoint(_totalSupplyCheckpoints, _subtract, amount); + } + + _moveVotingPower(delegates(from), delegates(to), amount); + } + + /** + * @dev Change delegation for `delegator` to `delegatee`. + * + * Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}. + */ + function _delegate(address delegator, address delegatee) internal virtual { + address currentDelegate = delegates(delegator); + uint256 delegatorBalance = balanceOf(delegator); + _delegatee[delegator] = delegatee; + + emit DelegateChanged(delegator, currentDelegate, delegatee); + + _moveVotingPower(currentDelegate, delegatee, delegatorBalance); + } + + function _moveVotingPower(address src, address dst, uint256 amount) private { + if (src != dst && amount > 0) { + if (src != address(0)) { + (uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[src], _subtract, amount); + emit DelegateVotesChanged(src, oldWeight, newWeight); + } + + if (dst != address(0)) { + (uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[dst], _add, amount); + emit DelegateVotesChanged(dst, oldWeight, newWeight); + } + } + } + + function _writeCheckpoint( + Checkpoint[] storage ckpts, + function(uint256, uint256) view returns (uint256) op, + uint256 delta + ) private returns (uint256 oldWeight, uint256 newWeight) { + uint256 pos = ckpts.length; + + unchecked { + Checkpoint memory oldCkpt = pos == 0 ? Checkpoint(0, 0) : _unsafeAccess(ckpts, pos - 1); + + oldWeight = oldCkpt.votes; + newWeight = op(oldWeight, delta); + + if (pos > 0 && oldCkpt.fromBlock == block.number) { + _unsafeAccess(ckpts, pos - 1).votes = SafeCast.toUint224(newWeight); + } else { + ckpts.push( + Checkpoint({fromBlock: SafeCast.toUint32(block.number), votes: SafeCast.toUint224(newWeight)}) + ); + } + } + } + + function _add(uint256 a, uint256 b) private pure returns (uint256) { + return a + b; + } + + function _subtract(uint256 a, uint256 b) private pure returns (uint256) { + return a - b; + } + + /** + * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. + */ + function _unsafeAccess(Checkpoint[] storage ckpts, uint256 pos) private pure returns (Checkpoint storage result) { + assembly { + mstore(0, ckpts.slot) + result.slot := add(keccak256(0, 0x20), pos) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesTimestampMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesTimestampMock.sol new file mode 100644 index 00000000..78fdfae9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC20VotesTimestampMock.sol @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20Votes} from "../../token/ERC20/extensions/ERC20Votes.sol"; +import {ERC721Votes} from "../../token/ERC721/extensions/ERC721Votes.sol"; +import {SafeCast} from "../../utils/math/SafeCast.sol"; + +abstract contract ERC20VotesTimestampMock is ERC20Votes { + function clock() public view virtual override returns (uint48) { + return SafeCast.toUint48(block.timestamp); + } + + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual override returns (string memory) { + return "mode=timestamp"; + } +} + +abstract contract ERC721VotesTimestampMock is ERC721Votes { + function clock() public view virtual override returns (uint48) { + return SafeCast.toUint48(block.timestamp); + } + + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public view virtual override returns (string memory) { + return "mode=timestamp"; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC4626LimitsMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626LimitsMock.sol new file mode 100644 index 00000000..a845365a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626LimitsMock.sol @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC4626} from "../../token/ERC20/extensions/ERC4626.sol"; + +abstract contract ERC4626LimitsMock is ERC4626 { + uint256 _maxDeposit; + uint256 _maxMint; + + constructor() { + _maxDeposit = 100 ether; + _maxMint = 100 ether; + } + + function maxDeposit(address) public view override returns (uint256) { + return _maxDeposit; + } + + function maxMint(address) public view override returns (uint256) { + return _maxMint; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC4626Mock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626Mock.sol new file mode 100644 index 00000000..22ac5e8c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626Mock.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {IERC20, ERC20} from "../../token/ERC20/ERC20.sol"; +import {ERC4626} from "../../token/ERC20/extensions/ERC4626.sol"; + +contract ERC4626Mock is ERC4626 { + constructor(address underlying) ERC20("ERC4626Mock", "E4626M") ERC4626(IERC20(underlying)) {} + + function mint(address account, uint256 amount) external { + _mint(account, amount); + } + + function burn(address account, uint256 amount) external { + _burn(account, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC4626OffsetMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626OffsetMock.sol new file mode 100644 index 00000000..3dde0952 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC4626OffsetMock.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC4626} from "../../token/ERC20/extensions/ERC4626.sol"; + +abstract contract ERC4626OffsetMock is ERC4626 { + uint8 private immutable _offset; + + constructor(uint8 offset_) { + _offset = offset_; + } + + function _decimalsOffset() internal view virtual override returns (uint8) { + return _offset; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC4646FeesMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC4646FeesMock.sol new file mode 100644 index 00000000..368b078e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC4646FeesMock.sol @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC4626Fees} from "../docs/ERC4626Fees.sol"; + +abstract contract ERC4626FeesMock is ERC4626Fees { + uint256 private immutable _entryFeeBasisPointValue; + address private immutable _entryFeeRecipientValue; + uint256 private immutable _exitFeeBasisPointValue; + address private immutable _exitFeeRecipientValue; + + constructor( + uint256 entryFeeBasisPoints, + address entryFeeRecipient, + uint256 exitFeeBasisPoints, + address exitFeeRecipient + ) { + _entryFeeBasisPointValue = entryFeeBasisPoints; + _entryFeeRecipientValue = entryFeeRecipient; + _exitFeeBasisPointValue = exitFeeBasisPoints; + _exitFeeRecipientValue = exitFeeRecipient; + } + + function _entryFeeBasisPoints() internal view virtual override returns (uint256) { + return _entryFeeBasisPointValue; + } + + function _entryFeeRecipient() internal view virtual override returns (address) { + return _entryFeeRecipientValue; + } + + function _exitFeeBasisPoints() internal view virtual override returns (uint256) { + return _exitFeeBasisPointValue; + } + + function _exitFeeRecipient() internal view virtual override returns (address) { + return _exitFeeRecipientValue; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveEnumerableMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveEnumerableMock.sol new file mode 100644 index 00000000..7732ae4a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveEnumerableMock.sol @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC721} from "../../token/ERC721/ERC721.sol"; +import {ERC721Consecutive} from "../../token/ERC721/extensions/ERC721Consecutive.sol"; +import {ERC721Enumerable} from "../../token/ERC721/extensions/ERC721Enumerable.sol"; + +contract ERC721ConsecutiveEnumerableMock is ERC721Consecutive, ERC721Enumerable { + constructor( + string memory name, + string memory symbol, + address[] memory receivers, + uint96[] memory amounts + ) ERC721(name, symbol) { + for (uint256 i = 0; i < receivers.length; ++i) { + _mintConsecutive(receivers[i], amounts[i]); + } + } + + function supportsInterface( + bytes4 interfaceId + ) public view virtual override(ERC721, ERC721Enumerable) returns (bool) { + return super.supportsInterface(interfaceId); + } + + function _ownerOf(uint256 tokenId) internal view virtual override(ERC721, ERC721Consecutive) returns (address) { + return super._ownerOf(tokenId); + } + + function _update( + address to, + uint256 tokenId, + address auth + ) internal virtual override(ERC721Consecutive, ERC721Enumerable) returns (address) { + return super._update(to, tokenId, auth); + } + + function _increaseBalance(address account, uint128 amount) internal virtual override(ERC721, ERC721Enumerable) { + super._increaseBalance(account, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveMock.sol new file mode 100644 index 00000000..10986471 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ConsecutiveMock.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC721} from "../../token/ERC721/ERC721.sol"; +import {ERC721Consecutive} from "../../token/ERC721/extensions/ERC721Consecutive.sol"; +import {ERC721Pausable} from "../../token/ERC721/extensions/ERC721Pausable.sol"; +import {ERC721Votes} from "../../token/ERC721/extensions/ERC721Votes.sol"; +import {EIP712} from "../../utils/cryptography/EIP712.sol"; + +/** + * @title ERC721ConsecutiveMock + */ +contract ERC721ConsecutiveMock is ERC721Consecutive, ERC721Pausable, ERC721Votes { + uint96 private immutable _offset; + + constructor( + string memory name, + string memory symbol, + uint96 offset, + address[] memory delegates, + address[] memory receivers, + uint96[] memory amounts + ) ERC721(name, symbol) EIP712(name, "1") { + _offset = offset; + + for (uint256 i = 0; i < delegates.length; ++i) { + _delegate(delegates[i], delegates[i]); + } + + for (uint256 i = 0; i < receivers.length; ++i) { + _mintConsecutive(receivers[i], amounts[i]); + } + } + + function _firstConsecutiveId() internal view virtual override returns (uint96) { + return _offset; + } + + function _ownerOf(uint256 tokenId) internal view virtual override(ERC721, ERC721Consecutive) returns (address) { + return super._ownerOf(tokenId); + } + + function _update( + address to, + uint256 tokenId, + address auth + ) internal virtual override(ERC721Consecutive, ERC721Pausable, ERC721Votes) returns (address) { + return super._update(to, tokenId, auth); + } + + function _increaseBalance(address account, uint128 amount) internal virtual override(ERC721, ERC721Votes) { + super._increaseBalance(account, amount); + } +} + +contract ERC721ConsecutiveNoConstructorMintMock is ERC721Consecutive { + constructor(string memory name, string memory symbol) ERC721(name, symbol) { + _mint(msg.sender, 0); + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC721ReceiverMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ReceiverMock.sol new file mode 100644 index 00000000..14120f5d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC721ReceiverMock.sol @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC721Receiver} from "../../token/ERC721/IERC721Receiver.sol"; + +contract ERC721ReceiverMock is IERC721Receiver { + enum RevertType { + None, + RevertWithoutMessage, + RevertWithMessage, + RevertWithCustomError, + Panic + } + + bytes4 private immutable _retval; + RevertType private immutable _error; + + event Received(address operator, address from, uint256 tokenId, bytes data, uint256 gas); + error CustomError(bytes4); + + constructor(bytes4 retval, RevertType error) { + _retval = retval; + _error = error; + } + + function onERC721Received( + address operator, + address from, + uint256 tokenId, + bytes memory data + ) public returns (bytes4) { + if (_error == RevertType.RevertWithoutMessage) { + revert(); + } else if (_error == RevertType.RevertWithMessage) { + revert("ERC721ReceiverMock: reverting"); + } else if (_error == RevertType.RevertWithCustomError) { + revert CustomError(_retval); + } else if (_error == RevertType.Panic) { + uint256 a = uint256(0) / uint256(0); + a; + } + + emit Received(operator, from, tokenId, data, gasleft()); + return _retval; + } +} diff --git a/dependencies/@openzeppelin/contracts/mocks/token/ERC721URIStorageMock.sol b/dependencies/@openzeppelin/contracts/mocks/token/ERC721URIStorageMock.sol new file mode 100644 index 00000000..254435e0 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/mocks/token/ERC721URIStorageMock.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC721URIStorage} from "../../token/ERC721/extensions/ERC721URIStorage.sol"; + +abstract contract ERC721URIStorageMock is ERC721URIStorage { + string private _baseTokenURI; + + function _baseURI() internal view virtual override returns (string memory) { + return _baseTokenURI; + } + + function setBaseURI(string calldata newBaseTokenURI) public { + _baseTokenURI = newBaseTokenURI; + } +} diff --git a/dependencies/@openzeppelin/contracts/package.json b/dependencies/@openzeppelin/contracts/package.json new file mode 100644 index 00000000..845e8c40 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/package.json @@ -0,0 +1,32 @@ +{ + "name": "@openzeppelin/contracts", + "description": "Secure Smart Contract library for Solidity", + "version": "5.0.2", + "files": [ + "**/*.sol", + "/build/contracts/*.json", + "!/mocks/**/*" + ], + "scripts": { + "prepack": "bash ../scripts/prepack.sh", + "prepare-docs": "cd ..; npm run prepare-docs" + }, + "repository": { + "type": "git", + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts.git" + }, + "keywords": [ + "solidity", + "ethereum", + "smart", + "contracts", + "security", + "zeppelin" + ], + "author": "OpenZeppelin Community ", + "license": "MIT", + "bugs": { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/issues" + }, + "homepage": "https://openzeppelin.com/contracts/" +} diff --git a/dependencies/@openzeppelin/contracts/proxy/Clones.sol b/dependencies/@openzeppelin/contracts/proxy/Clones.sol new file mode 100644 index 00000000..454d7fb9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/Clones.sol @@ -0,0 +1,262 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Clones.sol) + +pragma solidity ^0.8.20; + +import {Create2} from "../utils/Create2.sol"; +import {Errors} from "../utils/Errors.sol"; + +/** + * @dev https://eips.ethereum.org/EIPS/eip-1167[ERC-1167] is a standard for + * deploying minimal proxy contracts, also known as "clones". + * + * > To simply and cheaply clone contract functionality in an immutable way, this standard specifies + * > a minimal bytecode implementation that delegates all calls to a known, fixed address. + * + * The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2` + * (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the + * deterministic method. + */ +library Clones { + error CloneArgumentsTooLong(); + + /** + * @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`. + * + * This function uses the create opcode, which should never revert. + */ + function clone(address implementation) internal returns (address instance) { + return clone(implementation, 0); + } + + /** + * @dev Same as {xref-Clones-clone-address-}[clone], but with a `value` parameter to send native currency + * to the new contract. + * + * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory) + * to always have enough balance for new deployments. Consider exposing this function under a payable method. + */ + function clone(address implementation, uint256 value) internal returns (address instance) { + if (address(this).balance < value) { + revert Errors.InsufficientBalance(address(this).balance, value); + } + assembly ("memory-safe") { + // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes + // of the `implementation` address with the bytecode before the address. + mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000)) + // Packs the remaining 17 bytes of `implementation` with the bytecode after the address. + mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3)) + instance := create(value, 0x09, 0x37) + } + if (instance == address(0)) { + revert Errors.FailedDeployment(); + } + } + + /** + * @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`. + * + * This function uses the create2 opcode and a `salt` to deterministically deploy + * the clone. Using the same `implementation` and `salt` multiple time will revert, since + * the clones cannot be deployed twice at the same address. + */ + function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) { + return cloneDeterministic(implementation, salt, 0); + } + + /** + * @dev Same as {xref-Clones-cloneDeterministic-address-bytes32-}[cloneDeterministic], but with + * a `value` parameter to send native currency to the new contract. + * + * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory) + * to always have enough balance for new deployments. Consider exposing this function under a payable method. + */ + function cloneDeterministic( + address implementation, + bytes32 salt, + uint256 value + ) internal returns (address instance) { + if (address(this).balance < value) { + revert Errors.InsufficientBalance(address(this).balance, value); + } + assembly ("memory-safe") { + // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes + // of the `implementation` address with the bytecode before the address. + mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000)) + // Packs the remaining 17 bytes of `implementation` with the bytecode after the address. + mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3)) + instance := create2(value, 0x09, 0x37, salt) + } + if (instance == address(0)) { + revert Errors.FailedDeployment(); + } + } + + /** + * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}. + */ + function predictDeterministicAddress( + address implementation, + bytes32 salt, + address deployer + ) internal pure returns (address predicted) { + assembly ("memory-safe") { + let ptr := mload(0x40) + mstore(add(ptr, 0x38), deployer) + mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff) + mstore(add(ptr, 0x14), implementation) + mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73) + mstore(add(ptr, 0x58), salt) + mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37)) + predicted := and(keccak256(add(ptr, 0x43), 0x55), 0xffffffffffffffffffffffffffffffffffffffff) + } + } + + /** + * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}. + */ + function predictDeterministicAddress( + address implementation, + bytes32 salt + ) internal view returns (address predicted) { + return predictDeterministicAddress(implementation, salt, address(this)); + } + + /** + * @dev Deploys and returns the address of a clone that mimics the behavior of `implementation` with custom + * immutable arguments. These are provided through `args` and cannot be changed after deployment. To + * access the arguments within the implementation, use {fetchCloneArgs}. + * + * This function uses the create opcode, which should never revert. + */ + function cloneWithImmutableArgs(address implementation, bytes memory args) internal returns (address instance) { + return cloneWithImmutableArgs(implementation, args, 0); + } + + /** + * @dev Same as {xref-Clones-cloneWithImmutableArgs-address-bytes-}[cloneWithImmutableArgs], but with a `value` + * parameter to send native currency to the new contract. + * + * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory) + * to always have enough balance for new deployments. Consider exposing this function under a payable method. + */ + function cloneWithImmutableArgs( + address implementation, + bytes memory args, + uint256 value + ) internal returns (address instance) { + if (address(this).balance < value) { + revert Errors.InsufficientBalance(address(this).balance, value); + } + bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args); + assembly ("memory-safe") { + instance := create(value, add(bytecode, 0x20), mload(bytecode)) + } + if (instance == address(0)) { + revert Errors.FailedDeployment(); + } + } + + /** + * @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation` with custom + * immutable arguments. These are provided through `args` and cannot be changed after deployment. To + * access the arguments within the implementation, use {fetchCloneArgs}. + * + * This function uses the create2 opcode and a `salt` to deterministically deploy the clone. Using the same + * `implementation` and `salt` multiple time will revert, since the clones cannot be deployed twice at the same + * address. + */ + function cloneDeterministicWithImmutableArgs( + address implementation, + bytes memory args, + bytes32 salt + ) internal returns (address instance) { + return cloneDeterministicWithImmutableArgs(implementation, args, salt, 0); + } + + /** + * @dev Same as {xref-Clones-cloneDeterministicWithImmutableArgs-address-bytes-bytes32-}[cloneDeterministicWithImmutableArgs], + * but with a `value` parameter to send native currency to the new contract. + * + * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory) + * to always have enough balance for new deployments. Consider exposing this function under a payable method. + */ + function cloneDeterministicWithImmutableArgs( + address implementation, + bytes memory args, + bytes32 salt, + uint256 value + ) internal returns (address instance) { + bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args); + return Create2.deploy(value, salt, bytecode); + } + + /** + * @dev Computes the address of a clone deployed using {Clones-cloneDeterministicWithImmutableArgs}. + */ + function predictDeterministicAddressWithImmutableArgs( + address implementation, + bytes memory args, + bytes32 salt, + address deployer + ) internal pure returns (address predicted) { + bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args); + return Create2.computeAddress(salt, keccak256(bytecode), deployer); + } + + /** + * @dev Computes the address of a clone deployed using {Clones-cloneDeterministicWithImmutableArgs}. + */ + function predictDeterministicAddressWithImmutableArgs( + address implementation, + bytes memory args, + bytes32 salt + ) internal view returns (address predicted) { + return predictDeterministicAddressWithImmutableArgs(implementation, args, salt, address(this)); + } + + /** + * @dev Get the immutable args attached to a clone. + * + * - If `instance` is a clone that was deployed using `clone` or `cloneDeterministic`, this + * function will return an empty array. + * - If `instance` is a clone that was deployed using `cloneWithImmutableArgs` or + * `cloneDeterministicWithImmutableArgs`, this function will return the args array used at + * creation. + * - If `instance` is NOT a clone deployed using this library, the behavior is undefined. This + * function should only be used to check addresses that are known to be clones. + */ + function fetchCloneArgs(address instance) internal view returns (bytes memory) { + bytes memory result = new bytes(instance.code.length - 0x2d); // revert if length is too short + assembly ("memory-safe") { + extcodecopy(instance, add(result, 0x20), 0x2d, mload(result)) + } + return result; + } + + /** + * @dev Helper that prepares the initcode of the proxy with immutable args. + * + * An assembly variant of this function requires copying the `args` array, which can be efficiently done using + * `mcopy`. Unfortunately, that opcode is not available before cancun. A pure solidity implementation using + * abi.encodePacked is more expensive but also more portable and easier to review. + * + * NOTE: https://eips.ethereum.org/EIPS/eip-170[EIP-170] limits the length of the contract code to 24576 bytes. + * With the proxy code taking 45 bytes, that limits the length of the immutable args to 24531 bytes. + */ + function _cloneCodeWithImmutableArgs( + address implementation, + bytes memory args + ) private pure returns (bytes memory) { + if (args.length > 0x5fd3) revert CloneArgumentsTooLong(); + return + abi.encodePacked( + hex"61", + uint16(args.length + 0x2d), + hex"3d81600a3d39f3363d3d373d3d3d363d73", + implementation, + hex"5af43d82803e903d91602b57fd5bf3", + args + ); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol b/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol new file mode 100644 index 00000000..8f6b717a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Proxy.sol) + +pragma solidity ^0.8.20; + +import {Proxy} from "../Proxy.sol"; +import {ERC1967Utils} from "./ERC1967Utils.sol"; + +/** + * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an + * implementation address that can be changed. This address is stored in storage in the location specified by + * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the + * implementation behind the proxy. + */ +contract ERC1967Proxy is Proxy { + /** + * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`. + * + * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an + * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor. + * + * Requirements: + * + * - If `data` is empty, `msg.value` must be zero. + */ + constructor(address implementation, bytes memory _data) payable { + ERC1967Utils.upgradeToAndCall(implementation, _data); + } + + /** + * @dev Returns the current implementation address. + * + * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using + * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. + * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` + */ + function _implementation() internal view virtual override returns (address) { + return ERC1967Utils.getImplementation(); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol b/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol new file mode 100644 index 00000000..cf555098 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol @@ -0,0 +1,177 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol) + +pragma solidity ^0.8.21; + +import {IBeacon} from "../beacon/IBeacon.sol"; +import {IERC1967} from "../../interfaces/IERC1967.sol"; +import {Address} from "../../utils/Address.sol"; +import {StorageSlot} from "../../utils/StorageSlot.sol"; + +/** + * @dev This library provides getters and event emitting update functions for + * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots. + */ +library ERC1967Utils { + /** + * @dev Storage slot with the address of the current implementation. + * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1. + */ + // solhint-disable-next-line private-vars-leading-underscore + bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; + + /** + * @dev The `implementation` of the proxy is invalid. + */ + error ERC1967InvalidImplementation(address implementation); + + /** + * @dev The `admin` of the proxy is invalid. + */ + error ERC1967InvalidAdmin(address admin); + + /** + * @dev The `beacon` of the proxy is invalid. + */ + error ERC1967InvalidBeacon(address beacon); + + /** + * @dev An upgrade function sees `msg.value > 0` that may be lost. + */ + error ERC1967NonPayable(); + + /** + * @dev Returns the current implementation address. + */ + function getImplementation() internal view returns (address) { + return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value; + } + + /** + * @dev Stores a new address in the ERC-1967 implementation slot. + */ + function _setImplementation(address newImplementation) private { + if (newImplementation.code.length == 0) { + revert ERC1967InvalidImplementation(newImplementation); + } + StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation; + } + + /** + * @dev Performs implementation upgrade with additional setup call if data is nonempty. + * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected + * to avoid stuck value in the contract. + * + * Emits an {IERC1967-Upgraded} event. + */ + function upgradeToAndCall(address newImplementation, bytes memory data) internal { + _setImplementation(newImplementation); + emit IERC1967.Upgraded(newImplementation); + + if (data.length > 0) { + Address.functionDelegateCall(newImplementation, data); + } else { + _checkNonPayable(); + } + } + + /** + * @dev Storage slot with the admin of the contract. + * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1. + */ + // solhint-disable-next-line private-vars-leading-underscore + bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; + + /** + * @dev Returns the current admin. + * + * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using + * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. + * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103` + */ + function getAdmin() internal view returns (address) { + return StorageSlot.getAddressSlot(ADMIN_SLOT).value; + } + + /** + * @dev Stores a new address in the ERC-1967 admin slot. + */ + function _setAdmin(address newAdmin) private { + if (newAdmin == address(0)) { + revert ERC1967InvalidAdmin(address(0)); + } + StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin; + } + + /** + * @dev Changes the admin of the proxy. + * + * Emits an {IERC1967-AdminChanged} event. + */ + function changeAdmin(address newAdmin) internal { + emit IERC1967.AdminChanged(getAdmin(), newAdmin); + _setAdmin(newAdmin); + } + + /** + * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy. + * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1. + */ + // solhint-disable-next-line private-vars-leading-underscore + bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50; + + /** + * @dev Returns the current beacon. + */ + function getBeacon() internal view returns (address) { + return StorageSlot.getAddressSlot(BEACON_SLOT).value; + } + + /** + * @dev Stores a new beacon in the ERC-1967 beacon slot. + */ + function _setBeacon(address newBeacon) private { + if (newBeacon.code.length == 0) { + revert ERC1967InvalidBeacon(newBeacon); + } + + StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon; + + address beaconImplementation = IBeacon(newBeacon).implementation(); + if (beaconImplementation.code.length == 0) { + revert ERC1967InvalidImplementation(beaconImplementation); + } + } + + /** + * @dev Change the beacon and trigger a setup call if data is nonempty. + * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected + * to avoid stuck value in the contract. + * + * Emits an {IERC1967-BeaconUpgraded} event. + * + * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since + * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for + * efficiency. + */ + function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal { + _setBeacon(newBeacon); + emit IERC1967.BeaconUpgraded(newBeacon); + + if (data.length > 0) { + Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data); + } else { + _checkNonPayable(); + } + } + + /** + * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract + * if an upgrade doesn't perform an initialization call. + */ + function _checkNonPayable() private { + if (msg.value > 0) { + revert ERC1967NonPayable(); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/Proxy.sol b/dependencies/@openzeppelin/contracts/proxy/Proxy.sol new file mode 100644 index 00000000..0e736512 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/Proxy.sol @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol) + +pragma solidity ^0.8.20; + +/** + * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM + * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to + * be specified by overriding the virtual {_implementation} function. + * + * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a + * different contract through the {_delegate} function. + * + * The success and return data of the delegated call will be returned back to the caller of the proxy. + */ +abstract contract Proxy { + /** + * @dev Delegates the current call to `implementation`. + * + * This function does not return to its internal call site, it will return directly to the external caller. + */ + function _delegate(address implementation) internal virtual { + assembly { + // Copy msg.data. We take full control of memory in this inline assembly + // block because it will not return to Solidity code. We overwrite the + // Solidity scratch pad at memory position 0. + calldatacopy(0, 0, calldatasize()) + + // Call the implementation. + // out and outsize are 0 because we don't know the size yet. + let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0) + + // Copy the returned data. + returndatacopy(0, 0, returndatasize()) + + switch result + // delegatecall returns 0 on error. + case 0 { + revert(0, returndatasize()) + } + default { + return(0, returndatasize()) + } + } + } + + /** + * @dev This is a virtual function that should be overridden so it returns the address to which the fallback + * function and {_fallback} should delegate. + */ + function _implementation() internal view virtual returns (address); + + /** + * @dev Delegates the current call to the address returned by `_implementation()`. + * + * This function does not return to its internal call site, it will return directly to the external caller. + */ + function _fallback() internal virtual { + _delegate(_implementation()); + } + + /** + * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other + * function in the contract matches the call data. + */ + fallback() external payable virtual { + _fallback(); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/README.adoc b/dependencies/@openzeppelin/contracts/proxy/README.adoc new file mode 100644 index 00000000..1c4d0105 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/README.adoc @@ -0,0 +1,87 @@ += Proxies + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/proxy + +This is a low-level set of contracts implementing different proxy patterns with and without upgradeability. For an in-depth overview of this pattern check out the xref:upgrades-plugins::proxies.adoc[Proxy Upgrade Pattern] page. + +Most of the proxies below are built on an abstract base contract. + +- {Proxy}: Abstract contract implementing the core delegation functionality. + +In order to avoid clashes with the storage variables of the implementation contract behind a proxy, we use https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] storage slots. + +- {ERC1967Utils}: Internal functions to get and set the storage slots defined in ERC-1967. +- {ERC1967Proxy}: A proxy using ERC-1967 storage slots. Not upgradeable by default. + +There are two alternative ways to add upgradeability to an ERC-1967 proxy. Their differences are explained below in <>. + +- {TransparentUpgradeableProxy}: A proxy with a built-in immutable admin and upgrade interface. +- {UUPSUpgradeable}: An upgradeability mechanism to be included in the implementation contract. + +CAUTION: Using upgradeable proxies correctly and securely is a difficult task that requires deep knowledge of the proxy pattern, Solidity, and the EVM. Unless you want a lot of low level control, we recommend using the xref:upgrades-plugins::index.adoc[OpenZeppelin Upgrades Plugins] for Hardhat and Foundry. + +A different family of proxies are beacon proxies. This pattern, popularized by Dharma, allows multiple proxies to be upgraded to a different implementation in a single transaction. + +- {BeaconProxy}: A proxy that retrieves its implementation from a beacon contract. +- {UpgradeableBeacon}: A beacon contract with a built in admin that can upgrade the {BeaconProxy} pointing to it. + +In this pattern, the proxy contract doesn't hold the implementation address in storage like an ERC-1967 proxy. Instead, the address is stored in a separate beacon contract. The `upgrade` operations are sent to the beacon instead of to the proxy contract, and all proxies that follow that beacon are automatically upgraded. + +Outside the realm of upgradeability, proxies can also be useful to make cheap contract clones, such as those created by an on-chain factory contract that creates many instances of the same contract. These instances are designed to be both cheap to deploy, and cheap to call. + +- {Clones}: A library that can deploy cheap minimal non-upgradeable proxies. + +[[transparent-vs-uups]] +== Transparent vs UUPS Proxies + +The original proxies included in OpenZeppelin followed the https://blog.openzeppelin.com/the-transparent-proxy-pattern/[Transparent Proxy Pattern]. While this pattern is still provided, our recommendation is now shifting towards UUPS proxies, which are both lightweight and versatile. The name UUPS comes from https://eips.ethereum.org/EIPS/eip-1822[ERC-1822], which first documented the pattern. + +While both of these share the same interface for upgrades, in UUPS proxies the upgrade is handled by the implementation, and can eventually be removed. Transparent proxies, on the other hand, include the upgrade and admin logic in the proxy itself. This means {TransparentUpgradeableProxy} is more expensive to deploy than what is possible with UUPS proxies. + +UUPS proxies are implemented using an {ERC1967Proxy}. Note that this proxy is not by itself upgradeable. It is the role of the implementation to include, alongside the contract's logic, all the code necessary to update the implementation's address that is stored at a specific slot in the proxy's storage space. This is where the {UUPSUpgradeable} contract comes in. Inheriting from it (and overriding the {xref-UUPSUpgradeable-_authorizeUpgrade-address-}[`_authorizeUpgrade`] function with the relevant access control mechanism) will turn your contract into a UUPS compliant implementation. + +Note that since both proxies use the same storage slot for the implementation address, using a UUPS compliant implementation with a {TransparentUpgradeableProxy} might allow non-admins to perform upgrade operations. + +By default, the upgrade functionality included in {UUPSUpgradeable} contains a security mechanism that will prevent any upgrades to a non UUPS compliant implementation. This prevents upgrades to an implementation contract that wouldn't contain the necessary upgrade mechanism, as it would lock the upgradeability of the proxy forever. This security mechanism can be bypassed by either of: + +- Adding a flag mechanism in the implementation that will disable the upgrade function when triggered. +- Upgrading to an implementation that features an upgrade mechanism without the additional security check, and then upgrading again to another implementation without the upgrade mechanism. + +The current implementation of this security mechanism uses https://eips.ethereum.org/EIPS/eip-1822[ERC-1822] to detect the storage slot used by the implementation. A previous implementation, now deprecated, relied on a rollback check. It is possible to upgrade from a contract using the old mechanism to a new one. The inverse is however not possible, as old implementations (before version 4.5) did not include the ERC-1822 interface. + +== Core + +{{Proxy}} + +== ERC-1967 + +{{IERC1967}} + +{{ERC1967Proxy}} + +{{ERC1967Utils}} + +== Transparent Proxy + +{{TransparentUpgradeableProxy}} + +{{ProxyAdmin}} + +== Beacon + +{{BeaconProxy}} + +{{IBeacon}} + +{{UpgradeableBeacon}} + +== Minimal Clones + +{{Clones}} + +== Utils + +{{Initializable}} + +{{UUPSUpgradeable}} diff --git a/dependencies/@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol b/dependencies/@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol new file mode 100644 index 00000000..9b3f627b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/BeaconProxy.sol) + +pragma solidity ^0.8.20; + +import {IBeacon} from "./IBeacon.sol"; +import {Proxy} from "../Proxy.sol"; +import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol"; + +/** + * @dev This contract implements a proxy that gets the implementation address for each call from an {UpgradeableBeacon}. + * + * The beacon address can only be set once during construction, and cannot be changed afterwards. It is stored in an + * immutable variable to avoid unnecessary storage reads, and also in the beacon storage slot specified by + * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] so that it can be accessed externally. + * + * CAUTION: Since the beacon address can never be changed, you must ensure that you either control the beacon, or trust + * the beacon to not upgrade the implementation maliciously. + * + * IMPORTANT: Do not use the implementation logic to modify the beacon storage slot. Doing so would leave the proxy in + * an inconsistent state where the beacon storage slot does not match the beacon address. + */ +contract BeaconProxy is Proxy { + // An immutable address for the beacon to avoid unnecessary SLOADs before each delegate call. + address private immutable _beacon; + + /** + * @dev Initializes the proxy with `beacon`. + * + * If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This + * will typically be an encoded function call, and allows initializing the storage of the proxy like a Solidity + * constructor. + * + * Requirements: + * + * - `beacon` must be a contract with the interface {IBeacon}. + * - If `data` is empty, `msg.value` must be zero. + */ + constructor(address beacon, bytes memory data) payable { + ERC1967Utils.upgradeBeaconToAndCall(beacon, data); + _beacon = beacon; + } + + /** + * @dev Returns the current implementation address of the associated beacon. + */ + function _implementation() internal view virtual override returns (address) { + return IBeacon(_getBeacon()).implementation(); + } + + /** + * @dev Returns the beacon. + */ + function _getBeacon() internal view virtual returns (address) { + return _beacon; + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/beacon/IBeacon.sol b/dependencies/@openzeppelin/contracts/proxy/beacon/IBeacon.sol new file mode 100644 index 00000000..36a3c76e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/beacon/IBeacon.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol) + +pragma solidity ^0.8.20; + +/** + * @dev This is the interface that {BeaconProxy} expects of its beacon. + */ +interface IBeacon { + /** + * @dev Must return an address that can be used as a delegate call target. + * + * {UpgradeableBeacon} will check that this address is a contract. + */ + function implementation() external view returns (address); +} diff --git a/dependencies/@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol b/dependencies/@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol new file mode 100644 index 00000000..8db9bd23 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/UpgradeableBeacon.sol) + +pragma solidity ^0.8.20; + +import {IBeacon} from "./IBeacon.sol"; +import {Ownable} from "../../access/Ownable.sol"; + +/** + * @dev This contract is used in conjunction with one or more instances of {BeaconProxy} to determine their + * implementation contract, which is where they will delegate all function calls. + * + * An owner is able to change the implementation the beacon points to, thus upgrading the proxies that use this beacon. + */ +contract UpgradeableBeacon is IBeacon, Ownable { + address private _implementation; + + /** + * @dev The `implementation` of the beacon is invalid. + */ + error BeaconInvalidImplementation(address implementation); + + /** + * @dev Emitted when the implementation returned by the beacon is changed. + */ + event Upgraded(address indexed implementation); + + /** + * @dev Sets the address of the initial implementation, and the initial owner who can upgrade the beacon. + */ + constructor(address implementation_, address initialOwner) Ownable(initialOwner) { + _setImplementation(implementation_); + } + + /** + * @dev Returns the current implementation address. + */ + function implementation() public view virtual returns (address) { + return _implementation; + } + + /** + * @dev Upgrades the beacon to a new implementation. + * + * Emits an {Upgraded} event. + * + * Requirements: + * + * - msg.sender must be the owner of the contract. + * - `newImplementation` must be a contract. + */ + function upgradeTo(address newImplementation) public virtual onlyOwner { + _setImplementation(newImplementation); + } + + /** + * @dev Sets the implementation contract address for this beacon + * + * Requirements: + * + * - `newImplementation` must be a contract. + */ + function _setImplementation(address newImplementation) private { + if (newImplementation.code.length == 0) { + revert BeaconInvalidImplementation(newImplementation); + } + _implementation = newImplementation; + emit Upgraded(newImplementation); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol b/dependencies/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol new file mode 100644 index 00000000..7fbdca6f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/transparent/ProxyAdmin.sol) + +pragma solidity ^0.8.20; + +import {ITransparentUpgradeableProxy} from "./TransparentUpgradeableProxy.sol"; +import {Ownable} from "../../access/Ownable.sol"; + +/** + * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an + * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}. + */ +contract ProxyAdmin is Ownable { + /** + * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgrade(address,address)` + * and `upgradeAndCall(address,address,bytes)` are present, and `upgrade` must be used if no function should be called, + * while `upgradeAndCall` will invoke the `receive` function if the third argument is the empty byte string. + * If the getter returns `"5.0.0"`, only `upgradeAndCall(address,address,bytes)` is present, and the third argument must + * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function + * during an upgrade. + */ + string public constant UPGRADE_INTERFACE_VERSION = "5.0.0"; + + /** + * @dev Sets the initial owner who can perform upgrades. + */ + constructor(address initialOwner) Ownable(initialOwner) {} + + /** + * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation. + * See {TransparentUpgradeableProxy-_dispatchUpgradeToAndCall}. + * + * Requirements: + * + * - This contract must be the admin of `proxy`. + * - If `data` is empty, `msg.value` must be zero. + */ + function upgradeAndCall( + ITransparentUpgradeableProxy proxy, + address implementation, + bytes memory data + ) public payable virtual onlyOwner { + proxy.upgradeToAndCall{value: msg.value}(implementation, data); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol b/dependencies/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol new file mode 100644 index 00000000..5304f431 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/transparent/TransparentUpgradeableProxy.sol) + +pragma solidity ^0.8.20; + +import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol"; +import {ERC1967Proxy} from "../ERC1967/ERC1967Proxy.sol"; +import {IERC1967} from "../../interfaces/IERC1967.sol"; +import {ProxyAdmin} from "./ProxyAdmin.sol"; + +/** + * @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy} + * does not implement this interface directly, and its upgradeability mechanism is implemented by an internal dispatch + * mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not + * include them in the ABI so this interface must be used to interact with it. + */ +interface ITransparentUpgradeableProxy is IERC1967 { + /// @dev See {UUPSUpgradeable-upgradeToAndCall} + function upgradeToAndCall(address newImplementation, bytes calldata data) external payable; +} + +/** + * @dev This contract implements a proxy that is upgradeable through an associated {ProxyAdmin} instance. + * + * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector + * clashing], which can potentially be used in an attack, this contract uses the + * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two + * things that go hand in hand: + * + * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if + * that call matches the {ITransparentUpgradeableProxy-upgradeToAndCall} function exposed by the proxy itself. + * 2. If the admin calls the proxy, it can call the `upgradeToAndCall` function but any other call won't be forwarded to + * the implementation. If the admin tries to call a function on the implementation it will fail with an error indicating + * the proxy admin cannot fallback to the target implementation. + * + * These properties mean that the admin account can only be used for upgrading the proxy, so it's best if it's a + * dedicated account that is not used for anything else. This will avoid headaches due to sudden errors when trying to + * call a function from the proxy implementation. For this reason, the proxy deploys an instance of {ProxyAdmin} and + * allows upgrades only if they come through it. You should think of the `ProxyAdmin` instance as the administrative + * interface of the proxy, including the ability to change who can trigger upgrades by transferring ownership. + * + * NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not + * inherit from that interface, and instead `upgradeToAndCall` is implicitly implemented using a custom dispatch + * mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to + * fully implement transparency without decoding reverts caused by selector clashes between the proxy and the + * implementation. + * + * NOTE: This proxy does not inherit from {Context} deliberately. The {ProxyAdmin} of this contract won't send a + * meta-transaction in any way, and any other meta-transaction setup should be made in the implementation contract. + * + * IMPORTANT: This contract avoids unnecessary storage reads by setting the admin only during construction as an + * immutable variable, preventing any changes thereafter. However, the admin slot defined in ERC-1967 can still be + * overwritten by the implementation logic pointed to by this proxy. In such cases, the contract may end up in an + * undesirable state where the admin slot is different from the actual admin. Relying on the value of the admin slot + * is generally fine if the implementation is trusted. + * + * WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the + * compiler will not check that there are no selector conflicts, due to the note above. A selector clash between any new + * function and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This + * could render the `upgradeToAndCall` function inaccessible, preventing upgradeability and compromising transparency. + */ +contract TransparentUpgradeableProxy is ERC1967Proxy { + // An immutable address for the admin to avoid unnecessary SLOADs before each call + // at the expense of removing the ability to change the admin once it's set. + // This is acceptable if the admin is always a ProxyAdmin instance or similar contract + // with its own ability to transfer the permissions to another account. + address private immutable _admin; + + /** + * @dev The proxy caller is the current admin, and can't fallback to the proxy target. + */ + error ProxyDeniedAdminAccess(); + + /** + * @dev Initializes an upgradeable proxy managed by an instance of a {ProxyAdmin} with an `initialOwner`, + * backed by the implementation at `_logic`, and optionally initialized with `_data` as explained in + * {ERC1967Proxy-constructor}. + */ + constructor(address _logic, address initialOwner, bytes memory _data) payable ERC1967Proxy(_logic, _data) { + _admin = address(new ProxyAdmin(initialOwner)); + // Set the storage value and emit an event for ERC-1967 compatibility + ERC1967Utils.changeAdmin(_proxyAdmin()); + } + + /** + * @dev Returns the admin of this proxy. + */ + function _proxyAdmin() internal view virtual returns (address) { + return _admin; + } + + /** + * @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior. + */ + function _fallback() internal virtual override { + if (msg.sender == _proxyAdmin()) { + if (msg.sig != ITransparentUpgradeableProxy.upgradeToAndCall.selector) { + revert ProxyDeniedAdminAccess(); + } else { + _dispatchUpgradeToAndCall(); + } + } else { + super._fallback(); + } + } + + /** + * @dev Upgrade the implementation of the proxy. See {ERC1967Utils-upgradeToAndCall}. + * + * Requirements: + * + * - If `data` is empty, `msg.value` must be zero. + */ + function _dispatchUpgradeToAndCall() private { + (address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes)); + ERC1967Utils.upgradeToAndCall(newImplementation, data); + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/utils/Initializable.sol b/dependencies/@openzeppelin/contracts/proxy/utils/Initializable.sol new file mode 100644 index 00000000..b3d82b58 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/utils/Initializable.sol @@ -0,0 +1,228 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol) + +pragma solidity ^0.8.20; + +/** + * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed + * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an + * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer + * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. + * + * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be + * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in + * case an upgrade adds a module that needs to be initialized. + * + * For example: + * + * [.hljs-theme-light.nopadding] + * ```solidity + * contract MyToken is ERC20Upgradeable { + * function initialize() initializer public { + * __ERC20_init("MyToken", "MTK"); + * } + * } + * + * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { + * function initializeV2() reinitializer(2) public { + * __ERC20Permit_init("MyToken"); + * } + * } + * ``` + * + * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as + * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. + * + * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure + * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. + * + * [CAUTION] + * ==== + * Avoid leaving a contract uninitialized. + * + * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation + * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke + * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: + * + * [.hljs-theme-light.nopadding] + * ``` + * /// @custom:oz-upgrades-unsafe-allow constructor + * constructor() { + * _disableInitializers(); + * } + * ``` + * ==== + */ +abstract contract Initializable { + /** + * @dev Storage of the initializable contract. + * + * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions + * when using with upgradeable contracts. + * + * @custom:storage-location erc7201:openzeppelin.storage.Initializable + */ + struct InitializableStorage { + /** + * @dev Indicates that the contract has been initialized. + */ + uint64 _initialized; + /** + * @dev Indicates that the contract is in the process of being initialized. + */ + bool _initializing; + } + + // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff)) + bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00; + + /** + * @dev The contract is already initialized. + */ + error InvalidInitialization(); + + /** + * @dev The contract is not initializing. + */ + error NotInitializing(); + + /** + * @dev Triggered when the contract has been initialized or reinitialized. + */ + event Initialized(uint64 version); + + /** + * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, + * `onlyInitializing` functions can be used to initialize parent contracts. + * + * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any + * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in + * production. + * + * Emits an {Initialized} event. + */ + modifier initializer() { + // solhint-disable-next-line var-name-mixedcase + InitializableStorage storage $ = _getInitializableStorage(); + + // Cache values to avoid duplicated sloads + bool isTopLevelCall = !$._initializing; + uint64 initialized = $._initialized; + + // Allowed calls: + // - initialSetup: the contract is not in the initializing state and no previous version was + // initialized + // - construction: the contract is initialized at version 1 (no reininitialization) and the + // current contract is just being deployed + bool initialSetup = initialized == 0 && isTopLevelCall; + bool construction = initialized == 1 && address(this).code.length == 0; + + if (!initialSetup && !construction) { + revert InvalidInitialization(); + } + $._initialized = 1; + if (isTopLevelCall) { + $._initializing = true; + } + _; + if (isTopLevelCall) { + $._initializing = false; + emit Initialized(1); + } + } + + /** + * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the + * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be + * used to initialize parent contracts. + * + * A reinitializer may be used after the original initialization step. This is essential to configure modules that + * are added through upgrades and that require initialization. + * + * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` + * cannot be nested. If one is invoked in the context of another, execution will revert. + * + * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in + * a contract, executing them in the right order is up to the developer or operator. + * + * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization. + * + * Emits an {Initialized} event. + */ + modifier reinitializer(uint64 version) { + // solhint-disable-next-line var-name-mixedcase + InitializableStorage storage $ = _getInitializableStorage(); + + if ($._initializing || $._initialized >= version) { + revert InvalidInitialization(); + } + $._initialized = version; + $._initializing = true; + _; + $._initializing = false; + emit Initialized(version); + } + + /** + * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the + * {initializer} and {reinitializer} modifiers, directly or indirectly. + */ + modifier onlyInitializing() { + _checkInitializing(); + _; + } + + /** + * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}. + */ + function _checkInitializing() internal view virtual { + if (!_isInitializing()) { + revert NotInitializing(); + } + } + + /** + * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. + * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized + * to any version. It is recommended to use this to lock implementation contracts that are designed to be called + * through proxies. + * + * Emits an {Initialized} event the first time it is successfully executed. + */ + function _disableInitializers() internal virtual { + // solhint-disable-next-line var-name-mixedcase + InitializableStorage storage $ = _getInitializableStorage(); + + if ($._initializing) { + revert InvalidInitialization(); + } + if ($._initialized != type(uint64).max) { + $._initialized = type(uint64).max; + emit Initialized(type(uint64).max); + } + } + + /** + * @dev Returns the highest version that has been initialized. See {reinitializer}. + */ + function _getInitializedVersion() internal view returns (uint64) { + return _getInitializableStorage()._initialized; + } + + /** + * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. + */ + function _isInitializing() internal view returns (bool) { + return _getInitializableStorage()._initializing; + } + + /** + * @dev Returns a pointer to the storage namespace. + */ + // solhint-disable-next-line var-name-mixedcase + function _getInitializableStorage() private pure returns (InitializableStorage storage $) { + assembly { + $.slot := INITIALIZABLE_STORAGE + } + } +} diff --git a/dependencies/@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol b/dependencies/@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol new file mode 100644 index 00000000..20eb1f72 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol @@ -0,0 +1,147 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/UUPSUpgradeable.sol) + +pragma solidity ^0.8.20; + +import {IERC1822Proxiable} from "../../interfaces/draft-IERC1822.sol"; +import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol"; + +/** + * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an + * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy. + * + * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is + * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing + * `UUPSUpgradeable` with a custom implementation of upgrades. + * + * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism. + */ +abstract contract UUPSUpgradeable is IERC1822Proxiable { + /// @custom:oz-upgrades-unsafe-allow state-variable-immutable + address private immutable __self = address(this); + + /** + * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)` + * and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called, + * while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string. + * If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must + * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function + * during an upgrade. + */ + string public constant UPGRADE_INTERFACE_VERSION = "5.0.0"; + + /** + * @dev The call is from an unauthorized context. + */ + error UUPSUnauthorizedCallContext(); + + /** + * @dev The storage `slot` is unsupported as a UUID. + */ + error UUPSUnsupportedProxiableUUID(bytes32 slot); + + /** + * @dev Check that the execution is being performed through a delegatecall call and that the execution context is + * a proxy contract with an implementation (as defined in ERC-1967) pointing to self. This should only be the case + * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a + * function through ERC-1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to + * fail. + */ + modifier onlyProxy() { + _checkProxy(); + _; + } + + /** + * @dev Check that the execution is not being performed through a delegate call. This allows a function to be + * callable on the implementing contract but not through proxies. + */ + modifier notDelegated() { + _checkNotDelegated(); + _; + } + + /** + * @dev Implementation of the ERC-1822 {proxiableUUID} function. This returns the storage slot used by the + * implementation. It is used to validate the implementation's compatibility when performing an upgrade. + * + * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks + * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this + * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier. + */ + function proxiableUUID() external view virtual notDelegated returns (bytes32) { + return ERC1967Utils.IMPLEMENTATION_SLOT; + } + + /** + * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call + * encoded in `data`. + * + * Calls {_authorizeUpgrade}. + * + * Emits an {Upgraded} event. + * + * @custom:oz-upgrades-unsafe-allow-reachable delegatecall + */ + function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy { + _authorizeUpgrade(newImplementation); + _upgradeToAndCallUUPS(newImplementation, data); + } + + /** + * @dev Reverts if the execution is not performed via delegatecall or the execution + * context is not of a proxy with an ERC-1967 compliant implementation pointing to self. + * See {_onlyProxy}. + */ + function _checkProxy() internal view virtual { + if ( + address(this) == __self || // Must be called through delegatecall + ERC1967Utils.getImplementation() != __self // Must be called through an active proxy + ) { + revert UUPSUnauthorizedCallContext(); + } + } + + /** + * @dev Reverts if the execution is performed via delegatecall. + * See {notDelegated}. + */ + function _checkNotDelegated() internal view virtual { + if (address(this) != __self) { + // Must not be called through delegatecall + revert UUPSUnauthorizedCallContext(); + } + } + + /** + * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by + * {upgradeToAndCall}. + * + * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}. + * + * ```solidity + * function _authorizeUpgrade(address) internal onlyOwner {} + * ``` + */ + function _authorizeUpgrade(address newImplementation) internal virtual; + + /** + * @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call. + * + * As a security check, {proxiableUUID} is invoked in the new implementation, and the return value + * is expected to be the implementation slot in ERC-1967. + * + * Emits an {IERC1967-Upgraded} event. + */ + function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private { + try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) { + if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) { + revert UUPSUnsupportedProxiableUUID(slot); + } + ERC1967Utils.upgradeToAndCall(newImplementation, data); + } catch { + // The implementation is not UUPS + revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/ERC1155.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/ERC1155.sol new file mode 100644 index 00000000..b0e7e547 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/ERC1155.sol @@ -0,0 +1,401 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/ERC1155.sol) + +pragma solidity ^0.8.20; + +import {IERC1155} from "./IERC1155.sol"; +import {IERC1155MetadataURI} from "./extensions/IERC1155MetadataURI.sol"; +import {ERC1155Utils} from "./utils/ERC1155Utils.sol"; +import {Context} from "../../utils/Context.sol"; +import {IERC165, ERC165} from "../../utils/introspection/ERC165.sol"; +import {Arrays} from "../../utils/Arrays.sol"; +import {IERC1155Errors} from "../../interfaces/draft-IERC6093.sol"; + +/** + * @dev Implementation of the basic standard multi-token. + * See https://eips.ethereum.org/EIPS/eip-1155 + * Originally based on code by Enjin: https://github.com/enjin/erc-1155 + */ +abstract contract ERC1155 is Context, ERC165, IERC1155, IERC1155MetadataURI, IERC1155Errors { + using Arrays for uint256[]; + using Arrays for address[]; + + mapping(uint256 id => mapping(address account => uint256)) private _balances; + + mapping(address account => mapping(address operator => bool)) private _operatorApprovals; + + // Used as the URI for all token types by relying on ID substitution, e.g. https://token-cdn-domain/{id}.json + string private _uri; + + /** + * @dev See {_setURI}. + */ + constructor(string memory uri_) { + _setURI(uri_); + } + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) { + return + interfaceId == type(IERC1155).interfaceId || + interfaceId == type(IERC1155MetadataURI).interfaceId || + super.supportsInterface(interfaceId); + } + + /** + * @dev See {IERC1155MetadataURI-uri}. + * + * This implementation returns the same URI for *all* token types. It relies + * on the token type ID substitution mechanism + * https://eips.ethereum.org/EIPS/eip-1155#metadata[defined in the ERC]. + * + * Clients calling this function must replace the `\{id\}` substring with the + * actual token type ID. + */ + function uri(uint256 /* id */) public view virtual returns (string memory) { + return _uri; + } + + /** + * @dev See {IERC1155-balanceOf}. + */ + function balanceOf(address account, uint256 id) public view virtual returns (uint256) { + return _balances[id][account]; + } + + /** + * @dev See {IERC1155-balanceOfBatch}. + * + * Requirements: + * + * - `accounts` and `ids` must have the same length. + */ + function balanceOfBatch( + address[] memory accounts, + uint256[] memory ids + ) public view virtual returns (uint256[] memory) { + if (accounts.length != ids.length) { + revert ERC1155InvalidArrayLength(ids.length, accounts.length); + } + + uint256[] memory batchBalances = new uint256[](accounts.length); + + for (uint256 i = 0; i < accounts.length; ++i) { + batchBalances[i] = balanceOf(accounts.unsafeMemoryAccess(i), ids.unsafeMemoryAccess(i)); + } + + return batchBalances; + } + + /** + * @dev See {IERC1155-setApprovalForAll}. + */ + function setApprovalForAll(address operator, bool approved) public virtual { + _setApprovalForAll(_msgSender(), operator, approved); + } + + /** + * @dev See {IERC1155-isApprovedForAll}. + */ + function isApprovedForAll(address account, address operator) public view virtual returns (bool) { + return _operatorApprovals[account][operator]; + } + + /** + * @dev See {IERC1155-safeTransferFrom}. + */ + function safeTransferFrom(address from, address to, uint256 id, uint256 value, bytes memory data) public virtual { + address sender = _msgSender(); + if (from != sender && !isApprovedForAll(from, sender)) { + revert ERC1155MissingApprovalForAll(sender, from); + } + _safeTransferFrom(from, to, id, value, data); + } + + /** + * @dev See {IERC1155-safeBatchTransferFrom}. + */ + function safeBatchTransferFrom( + address from, + address to, + uint256[] memory ids, + uint256[] memory values, + bytes memory data + ) public virtual { + address sender = _msgSender(); + if (from != sender && !isApprovedForAll(from, sender)) { + revert ERC1155MissingApprovalForAll(sender, from); + } + _safeBatchTransferFrom(from, to, ids, values, data); + } + + /** + * @dev Transfers a `value` amount of tokens of type `id` from `from` to `to`. Will mint (or burn) if `from` + * (or `to`) is the zero address. + * + * Emits a {TransferSingle} event if the arrays contain one element, and {TransferBatch} otherwise. + * + * Requirements: + * + * - If `to` refers to a smart contract, it must implement either {IERC1155Receiver-onERC1155Received} + * or {IERC1155Receiver-onERC1155BatchReceived} and return the acceptance magic value. + * - `ids` and `values` must have the same length. + * + * NOTE: The ERC-1155 acceptance check is not performed in this function. See {_updateWithAcceptanceCheck} instead. + */ + function _update(address from, address to, uint256[] memory ids, uint256[] memory values) internal virtual { + if (ids.length != values.length) { + revert ERC1155InvalidArrayLength(ids.length, values.length); + } + + address operator = _msgSender(); + + for (uint256 i = 0; i < ids.length; ++i) { + uint256 id = ids.unsafeMemoryAccess(i); + uint256 value = values.unsafeMemoryAccess(i); + + if (from != address(0)) { + uint256 fromBalance = _balances[id][from]; + if (fromBalance < value) { + revert ERC1155InsufficientBalance(from, fromBalance, value, id); + } + unchecked { + // Overflow not possible: value <= fromBalance + _balances[id][from] = fromBalance - value; + } + } + + if (to != address(0)) { + _balances[id][to] += value; + } + } + + if (ids.length == 1) { + uint256 id = ids.unsafeMemoryAccess(0); + uint256 value = values.unsafeMemoryAccess(0); + emit TransferSingle(operator, from, to, id, value); + } else { + emit TransferBatch(operator, from, to, ids, values); + } + } + + /** + * @dev Version of {_update} that performs the token acceptance check by calling + * {IERC1155Receiver-onERC1155Received} or {IERC1155Receiver-onERC1155BatchReceived} on the receiver address if it + * contains code (eg. is a smart contract at the moment of execution). + * + * IMPORTANT: Overriding this function is discouraged because it poses a reentrancy risk from the receiver. So any + * update to the contract state after this function would break the check-effect-interaction pattern. Consider + * overriding {_update} instead. + */ + function _updateWithAcceptanceCheck( + address from, + address to, + uint256[] memory ids, + uint256[] memory values, + bytes memory data + ) internal virtual { + _update(from, to, ids, values); + if (to != address(0)) { + address operator = _msgSender(); + if (ids.length == 1) { + uint256 id = ids.unsafeMemoryAccess(0); + uint256 value = values.unsafeMemoryAccess(0); + ERC1155Utils.checkOnERC1155Received(operator, from, to, id, value, data); + } else { + ERC1155Utils.checkOnERC1155BatchReceived(operator, from, to, ids, values, data); + } + } + } + + /** + * @dev Transfers a `value` tokens of token type `id` from `from` to `to`. + * + * Emits a {TransferSingle} event. + * + * Requirements: + * + * - `to` cannot be the zero address. + * - `from` must have a balance of tokens of type `id` of at least `value` amount. + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the + * acceptance magic value. + */ + function _safeTransferFrom(address from, address to, uint256 id, uint256 value, bytes memory data) internal { + if (to == address(0)) { + revert ERC1155InvalidReceiver(address(0)); + } + if (from == address(0)) { + revert ERC1155InvalidSender(address(0)); + } + (uint256[] memory ids, uint256[] memory values) = _asSingletonArrays(id, value); + _updateWithAcceptanceCheck(from, to, ids, values, data); + } + + /** + * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {_safeTransferFrom}. + * + * Emits a {TransferBatch} event. + * + * Requirements: + * + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the + * acceptance magic value. + * - `ids` and `values` must have the same length. + */ + function _safeBatchTransferFrom( + address from, + address to, + uint256[] memory ids, + uint256[] memory values, + bytes memory data + ) internal { + if (to == address(0)) { + revert ERC1155InvalidReceiver(address(0)); + } + if (from == address(0)) { + revert ERC1155InvalidSender(address(0)); + } + _updateWithAcceptanceCheck(from, to, ids, values, data); + } + + /** + * @dev Sets a new URI for all token types, by relying on the token type ID + * substitution mechanism + * https://eips.ethereum.org/EIPS/eip-1155#metadata[defined in the ERC]. + * + * By this mechanism, any occurrence of the `\{id\}` substring in either the + * URI or any of the values in the JSON file at said URI will be replaced by + * clients with the token type ID. + * + * For example, the `https://token-cdn-domain/\{id\}.json` URI would be + * interpreted by clients as + * `https://token-cdn-domain/000000000000000000000000000000000000000000000000000000000004cce0.json` + * for token type ID 0x4cce0. + * + * See {uri}. + * + * Because these URIs cannot be meaningfully represented by the {URI} event, + * this function emits no events. + */ + function _setURI(string memory newuri) internal virtual { + _uri = newuri; + } + + /** + * @dev Creates a `value` amount of tokens of type `id`, and assigns them to `to`. + * + * Emits a {TransferSingle} event. + * + * Requirements: + * + * - `to` cannot be the zero address. + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the + * acceptance magic value. + */ + function _mint(address to, uint256 id, uint256 value, bytes memory data) internal { + if (to == address(0)) { + revert ERC1155InvalidReceiver(address(0)); + } + (uint256[] memory ids, uint256[] memory values) = _asSingletonArrays(id, value); + _updateWithAcceptanceCheck(address(0), to, ids, values, data); + } + + /** + * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {_mint}. + * + * Emits a {TransferBatch} event. + * + * Requirements: + * + * - `ids` and `values` must have the same length. + * - `to` cannot be the zero address. + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the + * acceptance magic value. + */ + function _mintBatch(address to, uint256[] memory ids, uint256[] memory values, bytes memory data) internal { + if (to == address(0)) { + revert ERC1155InvalidReceiver(address(0)); + } + _updateWithAcceptanceCheck(address(0), to, ids, values, data); + } + + /** + * @dev Destroys a `value` amount of tokens of type `id` from `from` + * + * Emits a {TransferSingle} event. + * + * Requirements: + * + * - `from` cannot be the zero address. + * - `from` must have at least `value` amount of tokens of type `id`. + */ + function _burn(address from, uint256 id, uint256 value) internal { + if (from == address(0)) { + revert ERC1155InvalidSender(address(0)); + } + (uint256[] memory ids, uint256[] memory values) = _asSingletonArrays(id, value); + _updateWithAcceptanceCheck(from, address(0), ids, values, ""); + } + + /** + * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {_burn}. + * + * Emits a {TransferBatch} event. + * + * Requirements: + * + * - `from` cannot be the zero address. + * - `from` must have at least `value` amount of tokens of type `id`. + * - `ids` and `values` must have the same length. + */ + function _burnBatch(address from, uint256[] memory ids, uint256[] memory values) internal { + if (from == address(0)) { + revert ERC1155InvalidSender(address(0)); + } + _updateWithAcceptanceCheck(from, address(0), ids, values, ""); + } + + /** + * @dev Approve `operator` to operate on all of `owner` tokens + * + * Emits an {ApprovalForAll} event. + * + * Requirements: + * + * - `operator` cannot be the zero address. + */ + function _setApprovalForAll(address owner, address operator, bool approved) internal virtual { + if (operator == address(0)) { + revert ERC1155InvalidOperator(address(0)); + } + _operatorApprovals[owner][operator] = approved; + emit ApprovalForAll(owner, operator, approved); + } + + /** + * @dev Creates an array in memory with only one value for each of the elements provided. + */ + function _asSingletonArrays( + uint256 element1, + uint256 element2 + ) private pure returns (uint256[] memory array1, uint256[] memory array2) { + assembly ("memory-safe") { + // Load the free memory pointer + array1 := mload(0x40) + // Set array length to 1 + mstore(array1, 1) + // Store the single element at the next word after the length (where content starts) + mstore(add(array1, 0x20), element1) + + // Repeat for next array locating it right after the first array + array2 := add(array1, 0x40) + mstore(array2, 1) + mstore(add(array2, 0x20), element2) + + // Update the free memory pointer by pointing after the second array + mstore(0x40, add(array2, 0x40)) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155.sol new file mode 100644 index 00000000..5a1805fa --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155.sol @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.1) (token/ERC1155/IERC1155.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../../utils/introspection/IERC165.sol"; + +/** + * @dev Required interface of an ERC-1155 compliant contract, as defined in the + * https://eips.ethereum.org/EIPS/eip-1155[ERC]. + */ +interface IERC1155 is IERC165 { + /** + * @dev Emitted when `value` amount of tokens of type `id` are transferred from `from` to `to` by `operator`. + */ + event TransferSingle(address indexed operator, address indexed from, address indexed to, uint256 id, uint256 value); + + /** + * @dev Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all + * transfers. + */ + event TransferBatch( + address indexed operator, + address indexed from, + address indexed to, + uint256[] ids, + uint256[] values + ); + + /** + * @dev Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to + * `approved`. + */ + event ApprovalForAll(address indexed account, address indexed operator, bool approved); + + /** + * @dev Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI. + * + * If an {URI} event was emitted for `id`, the standard + * https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value + * returned by {IERC1155MetadataURI-uri}. + */ + event URI(string value, uint256 indexed id); + + /** + * @dev Returns the value of tokens of token type `id` owned by `account`. + */ + function balanceOf(address account, uint256 id) external view returns (uint256); + + /** + * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {balanceOf}. + * + * Requirements: + * + * - `accounts` and `ids` must have the same length. + */ + function balanceOfBatch( + address[] calldata accounts, + uint256[] calldata ids + ) external view returns (uint256[] memory); + + /** + * @dev Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`, + * + * Emits an {ApprovalForAll} event. + * + * Requirements: + * + * - `operator` cannot be the zero address. + */ + function setApprovalForAll(address operator, bool approved) external; + + /** + * @dev Returns true if `operator` is approved to transfer ``account``'s tokens. + * + * See {setApprovalForAll}. + */ + function isApprovedForAll(address account, address operator) external view returns (bool); + + /** + * @dev Transfers a `value` amount of tokens of type `id` from `from` to `to`. + * + * WARNING: This function can potentially allow a reentrancy attack when transferring tokens + * to an untrusted contract, when invoking {onERC1155Received} on the receiver. + * Ensure to follow the checks-effects-interactions pattern and consider employing + * reentrancy guards when interacting with untrusted contracts. + * + * Emits a {TransferSingle} event. + * + * Requirements: + * + * - `to` cannot be the zero address. + * - If the caller is not `from`, it must have been approved to spend ``from``'s tokens via {setApprovalForAll}. + * - `from` must have a balance of tokens of type `id` of at least `value` amount. + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the + * acceptance magic value. + */ + function safeTransferFrom(address from, address to, uint256 id, uint256 value, bytes calldata data) external; + + /** + * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}. + * + * WARNING: This function can potentially allow a reentrancy attack when transferring tokens + * to an untrusted contract, when invoking {onERC1155BatchReceived} on the receiver. + * Ensure to follow the checks-effects-interactions pattern and consider employing + * reentrancy guards when interacting with untrusted contracts. + * + * Emits either a {TransferSingle} or a {TransferBatch} event, depending on the length of the array arguments. + * + * Requirements: + * + * - `ids` and `values` must have the same length. + * - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the + * acceptance magic value. + */ + function safeBatchTransferFrom( + address from, + address to, + uint256[] calldata ids, + uint256[] calldata values, + bytes calldata data + ) external; +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155Receiver.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155Receiver.sol new file mode 100644 index 00000000..36ad4c75 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/IERC1155Receiver.sol @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/IERC1155Receiver.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../../utils/introspection/IERC165.sol"; + +/** + * @dev Interface that must be implemented by smart contracts in order to receive + * ERC-1155 token transfers. + */ +interface IERC1155Receiver is IERC165 { + /** + * @dev Handles the receipt of a single ERC-1155 token type. This function is + * called at the end of a `safeTransferFrom` after the balance has been updated. + * + * NOTE: To accept the transfer, this must return + * `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` + * (i.e. 0xf23a6e61, or its own function selector). + * + * @param operator The address which initiated the transfer (i.e. msg.sender) + * @param from The address which previously owned the token + * @param id The ID of the token being transferred + * @param value The amount of tokens being transferred + * @param data Additional data with no specified format + * @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed + */ + function onERC1155Received( + address operator, + address from, + uint256 id, + uint256 value, + bytes calldata data + ) external returns (bytes4); + + /** + * @dev Handles the receipt of a multiple ERC-1155 token types. This function + * is called at the end of a `safeBatchTransferFrom` after the balances have + * been updated. + * + * NOTE: To accept the transfer(s), this must return + * `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` + * (i.e. 0xbc197c81, or its own function selector). + * + * @param operator The address which initiated the batch transfer (i.e. msg.sender) + * @param from The address which previously owned the token + * @param ids An array containing ids of each token being transferred (order and length must match values array) + * @param values An array containing amounts of each token being transferred (order and length must match ids array) + * @param data Additional data with no specified format + * @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed + */ + function onERC1155BatchReceived( + address operator, + address from, + uint256[] calldata ids, + uint256[] calldata values, + bytes calldata data + ) external returns (bytes4); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/README.adoc b/dependencies/@openzeppelin/contracts/token/ERC1155/README.adoc new file mode 100644 index 00000000..f8bf958f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/README.adoc @@ -0,0 +1,43 @@ += ERC-1155 + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/token/erc1155 + +This set of interfaces and contracts are all related to the https://eips.ethereum.org/EIPS/eip-1155[ERC-1155 Multi Token Standard]. + +The ERC consists of three interfaces which fulfill different roles, found here as {IERC1155}, {IERC1155MetadataURI} and {IERC1155Receiver}. + +{ERC1155} implements the mandatory {IERC1155} interface, as well as the optional extension {IERC1155MetadataURI}, by relying on the substitution mechanism to use the same URI for all token types, dramatically reducing gas costs. + +Additionally there are multiple custom extensions, including: + +* designation of addresses that can pause token transfers for all users ({ERC1155Pausable}). +* destruction of own tokens ({ERC1155Burnable}). + +NOTE: This core set of contracts is designed to be unopinionated, allowing developers to access the internal functions in ERC-1155 (such as <>) and expose them as external functions in the way they prefer. + +== Core + +{{IERC1155}} + +{{IERC1155MetadataURI}} + +{{ERC1155}} + +{{IERC1155Receiver}} + +== Extensions + +{{ERC1155Pausable}} + +{{ERC1155Burnable}} + +{{ERC1155Supply}} + +{{ERC1155URIStorage}} + +== Utilities + +{{ERC1155Holder}} + +{{ERC1155Utils}} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol new file mode 100644 index 00000000..fd6ad61d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/extensions/ERC1155Burnable.sol) + +pragma solidity ^0.8.20; + +import {ERC1155} from "../ERC1155.sol"; + +/** + * @dev Extension of {ERC1155} that allows token holders to destroy both their + * own tokens and those that they have been approved to use. + */ +abstract contract ERC1155Burnable is ERC1155 { + function burn(address account, uint256 id, uint256 value) public virtual { + if (account != _msgSender() && !isApprovedForAll(account, _msgSender())) { + revert ERC1155MissingApprovalForAll(_msgSender(), account); + } + + _burn(account, id, value); + } + + function burnBatch(address account, uint256[] memory ids, uint256[] memory values) public virtual { + if (account != _msgSender() && !isApprovedForAll(account, _msgSender())) { + revert ERC1155MissingApprovalForAll(_msgSender(), account); + } + + _burnBatch(account, ids, values); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Pausable.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Pausable.sol new file mode 100644 index 00000000..e99cf2aa --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Pausable.sol @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/extensions/ERC1155Pausable.sol) + +pragma solidity ^0.8.20; + +import {ERC1155} from "../ERC1155.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; + +/** + * @dev ERC-1155 token with pausable token transfers, minting and burning. + * + * Useful for scenarios such as preventing trades until the end of an evaluation + * period, or having an emergency switch for freezing all token transfers in the + * event of a large bug. + * + * IMPORTANT: This contract does not include public pause and unpause functions. In + * addition to inheriting this contract, you must define both functions, invoking the + * {Pausable-_pause} and {Pausable-_unpause} internal functions, with appropriate + * access control, e.g. using {AccessControl} or {Ownable}. Not doing so will + * make the contract pause mechanism of the contract unreachable, and thus unusable. + */ +abstract contract ERC1155Pausable is ERC1155, Pausable { + /** + * @dev See {ERC1155-_update}. + * + * Requirements: + * + * - the contract must not be paused. + */ + function _update( + address from, + address to, + uint256[] memory ids, + uint256[] memory values + ) internal virtual override whenNotPaused { + super._update(from, to, ids, values); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Supply.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Supply.sol new file mode 100644 index 00000000..33c5b103 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Supply.sol @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/extensions/ERC1155Supply.sol) + +pragma solidity ^0.8.20; + +import {ERC1155} from "../ERC1155.sol"; +import {Arrays} from "../../../utils/Arrays.sol"; + +/** + * @dev Extension of ERC-1155 that adds tracking of total supply per id. + * + * Useful for scenarios where Fungible and Non-fungible tokens have to be + * clearly identified. Note: While a totalSupply of 1 might mean the + * corresponding is an NFT, there is no guarantees that no other token with the + * same id are not going to be minted. + * + * NOTE: This contract implies a global limit of 2**256 - 1 to the number of tokens + * that can be minted. + * + * CAUTION: This extension should not be added in an upgrade to an already deployed contract. + */ +abstract contract ERC1155Supply is ERC1155 { + using Arrays for uint256[]; + + mapping(uint256 id => uint256) private _totalSupply; + uint256 private _totalSupplyAll; + + /** + * @dev Total value of tokens in with a given id. + */ + function totalSupply(uint256 id) public view virtual returns (uint256) { + return _totalSupply[id]; + } + + /** + * @dev Total value of tokens. + */ + function totalSupply() public view virtual returns (uint256) { + return _totalSupplyAll; + } + + /** + * @dev Indicates whether any token exist with a given id, or not. + */ + function exists(uint256 id) public view virtual returns (bool) { + return totalSupply(id) > 0; + } + + /** + * @dev See {ERC1155-_update}. + */ + function _update( + address from, + address to, + uint256[] memory ids, + uint256[] memory values + ) internal virtual override { + super._update(from, to, ids, values); + + if (from == address(0)) { + uint256 totalMintValue = 0; + for (uint256 i = 0; i < ids.length; ++i) { + uint256 value = values.unsafeMemoryAccess(i); + // Overflow check required: The rest of the code assumes that totalSupply never overflows + _totalSupply[ids.unsafeMemoryAccess(i)] += value; + totalMintValue += value; + } + // Overflow check required: The rest of the code assumes that totalSupplyAll never overflows + _totalSupplyAll += totalMintValue; + } + + if (to == address(0)) { + uint256 totalBurnValue = 0; + for (uint256 i = 0; i < ids.length; ++i) { + uint256 value = values.unsafeMemoryAccess(i); + + unchecked { + // Overflow not possible: values[i] <= balanceOf(from, ids[i]) <= totalSupply(ids[i]) + _totalSupply[ids.unsafeMemoryAccess(i)] -= value; + // Overflow not possible: sum_i(values[i]) <= sum_i(totalSupply(ids[i])) <= totalSupplyAll + totalBurnValue += value; + } + } + unchecked { + // Overflow not possible: totalBurnValue = sum_i(values[i]) <= sum_i(totalSupply(ids[i])) <= totalSupplyAll + _totalSupplyAll -= totalBurnValue; + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155URIStorage.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155URIStorage.sol new file mode 100644 index 00000000..e8436e83 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/ERC1155URIStorage.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/extensions/ERC1155URIStorage.sol) + +pragma solidity ^0.8.20; + +import {Strings} from "../../../utils/Strings.sol"; +import {ERC1155} from "../ERC1155.sol"; + +/** + * @dev ERC-1155 token with storage based token URI management. + * Inspired by the {ERC721URIStorage} extension + */ +abstract contract ERC1155URIStorage is ERC1155 { + using Strings for uint256; + + // Optional base URI + string private _baseURI = ""; + + // Optional mapping for token URIs + mapping(uint256 tokenId => string) private _tokenURIs; + + /** + * @dev See {IERC1155MetadataURI-uri}. + * + * This implementation returns the concatenation of the `_baseURI` + * and the token-specific uri if the latter is set + * + * This enables the following behaviors: + * + * - if `_tokenURIs[tokenId]` is set, then the result is the concatenation + * of `_baseURI` and `_tokenURIs[tokenId]` (keep in mind that `_baseURI` + * is empty per default); + * + * - if `_tokenURIs[tokenId]` is NOT set then we fallback to `super.uri()` + * which in most cases will contain `ERC1155._uri`; + * + * - if `_tokenURIs[tokenId]` is NOT set, and if the parents do not have a + * uri value set, then the result is empty. + */ + function uri(uint256 tokenId) public view virtual override returns (string memory) { + string memory tokenURI = _tokenURIs[tokenId]; + + // If token URI is set, concatenate base URI and tokenURI (via string.concat). + return bytes(tokenURI).length > 0 ? string.concat(_baseURI, tokenURI) : super.uri(tokenId); + } + + /** + * @dev Sets `tokenURI` as the tokenURI of `tokenId`. + */ + function _setURI(uint256 tokenId, string memory tokenURI) internal virtual { + _tokenURIs[tokenId] = tokenURI; + emit URI(uri(tokenId), tokenId); + } + + /** + * @dev Sets `baseURI` as the `_baseURI` for all tokens + */ + function _setBaseURI(string memory baseURI) internal virtual { + _baseURI = baseURI; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/IERC1155MetadataURI.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/IERC1155MetadataURI.sol new file mode 100644 index 00000000..ea07897b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/extensions/IERC1155MetadataURI.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/extensions/IERC1155MetadataURI.sol) + +pragma solidity ^0.8.20; + +import {IERC1155} from "../IERC1155.sol"; + +/** + * @dev Interface of the optional ERC1155MetadataExtension interface, as defined + * in the https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[ERC]. + */ +interface IERC1155MetadataURI is IERC1155 { + /** + * @dev Returns the URI for token type `id`. + * + * If the `\{id\}` substring is present in the URI, it must be replaced by + * clients with the actual token type ID. + */ + function uri(uint256 id) external view returns (string memory); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol new file mode 100644 index 00000000..35be58c5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/utils/ERC1155Holder.sol) + +pragma solidity ^0.8.20; + +import {IERC165, ERC165} from "../../../utils/introspection/ERC165.sol"; +import {IERC1155Receiver} from "../IERC1155Receiver.sol"; + +/** + * @dev Simple implementation of `IERC1155Receiver` that will allow a contract to hold ERC-1155 tokens. + * + * IMPORTANT: When inheriting this contract, you must include a way to use the received tokens, otherwise they will be + * stuck. + */ +abstract contract ERC1155Holder is ERC165, IERC1155Receiver { + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) { + return interfaceId == type(IERC1155Receiver).interfaceId || super.supportsInterface(interfaceId); + } + + function onERC1155Received( + address, + address, + uint256, + uint256, + bytes memory + ) public virtual override returns (bytes4) { + return this.onERC1155Received.selector; + } + + function onERC1155BatchReceived( + address, + address, + uint256[] memory, + uint256[] memory, + bytes memory + ) public virtual override returns (bytes4) { + return this.onERC1155BatchReceived.selector; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Utils.sol b/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Utils.sol new file mode 100644 index 00000000..62accf6b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC1155/utils/ERC1155Utils.sol @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC1155Receiver} from "../IERC1155Receiver.sol"; +import {IERC1155Errors} from "../../../interfaces/draft-IERC6093.sol"; + +/** + * @dev Library that provide common ERC-1155 utility functions. + * + * See https://eips.ethereum.org/EIPS/eip-1155[ERC-1155]. + * + * _Available since v5.1._ + */ +library ERC1155Utils { + /** + * @dev Performs an acceptance check for the provided `operator` by calling {IERC1155-onERC1155Received} + * on the `to` address. The `operator` is generally the address that initiated the token transfer (i.e. `msg.sender`). + * + * The acceptance call is not executed and treated as a no-op if the target address doesn't contain code (i.e. an EOA). + * Otherwise, the recipient must implement {IERC1155Receiver-onERC1155Received} and return the acceptance magic value to accept + * the transfer. + */ + function checkOnERC1155Received( + address operator, + address from, + address to, + uint256 id, + uint256 value, + bytes memory data + ) internal { + if (to.code.length > 0) { + try IERC1155Receiver(to).onERC1155Received(operator, from, id, value, data) returns (bytes4 response) { + if (response != IERC1155Receiver.onERC1155Received.selector) { + // Tokens rejected + revert IERC1155Errors.ERC1155InvalidReceiver(to); + } + } catch (bytes memory reason) { + if (reason.length == 0) { + // non-IERC1155Receiver implementer + revert IERC1155Errors.ERC1155InvalidReceiver(to); + } else { + assembly ("memory-safe") { + revert(add(32, reason), mload(reason)) + } + } + } + } + } + + /** + * @dev Performs a batch acceptance check for the provided `operator` by calling {IERC1155-onERC1155BatchReceived} + * on the `to` address. The `operator` is generally the address that initiated the token transfer (i.e. `msg.sender`). + * + * The acceptance call is not executed and treated as a no-op if the target address doesn't contain code (i.e. an EOA). + * Otherwise, the recipient must implement {IERC1155Receiver-onERC1155Received} and return the acceptance magic value to accept + * the transfer. + */ + function checkOnERC1155BatchReceived( + address operator, + address from, + address to, + uint256[] memory ids, + uint256[] memory values, + bytes memory data + ) internal { + if (to.code.length > 0) { + try IERC1155Receiver(to).onERC1155BatchReceived(operator, from, ids, values, data) returns ( + bytes4 response + ) { + if (response != IERC1155Receiver.onERC1155BatchReceived.selector) { + // Tokens rejected + revert IERC1155Errors.ERC1155InvalidReceiver(to); + } + } catch (bytes memory reason) { + if (reason.length == 0) { + // non-IERC1155Receiver implementer + revert IERC1155Errors.ERC1155InvalidReceiver(to); + } else { + assembly ("memory-safe") { + revert(add(32, reason), mload(reason)) + } + } + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/ERC20.sol b/dependencies/@openzeppelin/contracts/token/ERC20/ERC20.sol new file mode 100644 index 00000000..9885eaac --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/ERC20.sol @@ -0,0 +1,312 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "./IERC20.sol"; +import {IERC20Metadata} from "./extensions/IERC20Metadata.sol"; +import {Context} from "../../utils/Context.sol"; +import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol"; + +/** + * @dev Implementation of the {IERC20} interface. + * + * This implementation is agnostic to the way tokens are created. This means + * that a supply mechanism has to be added in a derived contract using {_mint}. + * + * TIP: For a detailed writeup see our guide + * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How + * to implement supply mechanisms]. + * + * The default value of {decimals} is 18. To change this, you should override + * this function so it returns a different value. + * + * We have followed general OpenZeppelin Contracts guidelines: functions revert + * instead returning `false` on failure. This behavior is nonetheless + * conventional and does not conflict with the expectations of ERC-20 + * applications. + */ +abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors { + mapping(address account => uint256) private _balances; + + mapping(address account => mapping(address spender => uint256)) private _allowances; + + uint256 private _totalSupply; + + string private _name; + string private _symbol; + + /** + * @dev Sets the values for {name} and {symbol}. + * + * All two of these values are immutable: they can only be set once during + * construction. + */ + constructor(string memory name_, string memory symbol_) { + _name = name_; + _symbol = symbol_; + } + + /** + * @dev Returns the name of the token. + */ + function name() public view virtual returns (string memory) { + return _name; + } + + /** + * @dev Returns the symbol of the token, usually a shorter version of the + * name. + */ + function symbol() public view virtual returns (string memory) { + return _symbol; + } + + /** + * @dev Returns the number of decimals used to get its user representation. + * For example, if `decimals` equals `2`, a balance of `505` tokens should + * be displayed to a user as `5.05` (`505 / 10 ** 2`). + * + * Tokens usually opt for a value of 18, imitating the relationship between + * Ether and Wei. This is the default value returned by this function, unless + * it's overridden. + * + * NOTE: This information is only used for _display_ purposes: it in + * no way affects any of the arithmetic of the contract, including + * {IERC20-balanceOf} and {IERC20-transfer}. + */ + function decimals() public view virtual returns (uint8) { + return 18; + } + + /** + * @dev See {IERC20-totalSupply}. + */ + function totalSupply() public view virtual returns (uint256) { + return _totalSupply; + } + + /** + * @dev See {IERC20-balanceOf}. + */ + function balanceOf(address account) public view virtual returns (uint256) { + return _balances[account]; + } + + /** + * @dev See {IERC20-transfer}. + * + * Requirements: + * + * - `to` cannot be the zero address. + * - the caller must have a balance of at least `value`. + */ + function transfer(address to, uint256 value) public virtual returns (bool) { + address owner = _msgSender(); + _transfer(owner, to, value); + return true; + } + + /** + * @dev See {IERC20-allowance}. + */ + function allowance(address owner, address spender) public view virtual returns (uint256) { + return _allowances[owner][spender]; + } + + /** + * @dev See {IERC20-approve}. + * + * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on + * `transferFrom`. This is semantically equivalent to an infinite approval. + * + * Requirements: + * + * - `spender` cannot be the zero address. + */ + function approve(address spender, uint256 value) public virtual returns (bool) { + address owner = _msgSender(); + _approve(owner, spender, value); + return true; + } + + /** + * @dev See {IERC20-transferFrom}. + * + * Skips emitting an {Approval} event indicating an allowance update. This is not + * required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve]. + * + * NOTE: Does not update the allowance if the current allowance + * is the maximum `uint256`. + * + * Requirements: + * + * - `from` and `to` cannot be the zero address. + * - `from` must have a balance of at least `value`. + * - the caller must have allowance for ``from``'s tokens of at least + * `value`. + */ + function transferFrom(address from, address to, uint256 value) public virtual returns (bool) { + address spender = _msgSender(); + _spendAllowance(from, spender, value); + _transfer(from, to, value); + return true; + } + + /** + * @dev Moves a `value` amount of tokens from `from` to `to`. + * + * This internal function is equivalent to {transfer}, and can be used to + * e.g. implement automatic token fees, slashing mechanisms, etc. + * + * Emits a {Transfer} event. + * + * NOTE: This function is not virtual, {_update} should be overridden instead. + */ + function _transfer(address from, address to, uint256 value) internal { + if (from == address(0)) { + revert ERC20InvalidSender(address(0)); + } + if (to == address(0)) { + revert ERC20InvalidReceiver(address(0)); + } + _update(from, to, value); + } + + /** + * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from` + * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding + * this function. + * + * Emits a {Transfer} event. + */ + function _update(address from, address to, uint256 value) internal virtual { + if (from == address(0)) { + // Overflow check required: The rest of the code assumes that totalSupply never overflows + _totalSupply += value; + } else { + uint256 fromBalance = _balances[from]; + if (fromBalance < value) { + revert ERC20InsufficientBalance(from, fromBalance, value); + } + unchecked { + // Overflow not possible: value <= fromBalance <= totalSupply. + _balances[from] = fromBalance - value; + } + } + + if (to == address(0)) { + unchecked { + // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply. + _totalSupply -= value; + } + } else { + unchecked { + // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256. + _balances[to] += value; + } + } + + emit Transfer(from, to, value); + } + + /** + * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0). + * Relies on the `_update` mechanism + * + * Emits a {Transfer} event with `from` set to the zero address. + * + * NOTE: This function is not virtual, {_update} should be overridden instead. + */ + function _mint(address account, uint256 value) internal { + if (account == address(0)) { + revert ERC20InvalidReceiver(address(0)); + } + _update(address(0), account, value); + } + + /** + * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply. + * Relies on the `_update` mechanism. + * + * Emits a {Transfer} event with `to` set to the zero address. + * + * NOTE: This function is not virtual, {_update} should be overridden instead + */ + function _burn(address account, uint256 value) internal { + if (account == address(0)) { + revert ERC20InvalidSender(address(0)); + } + _update(account, address(0), value); + } + + /** + * @dev Sets `value` as the allowance of `spender` over the `owner` s tokens. + * + * This internal function is equivalent to `approve`, and can be used to + * e.g. set automatic allowances for certain subsystems, etc. + * + * Emits an {Approval} event. + * + * Requirements: + * + * - `owner` cannot be the zero address. + * - `spender` cannot be the zero address. + * + * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument. + */ + function _approve(address owner, address spender, uint256 value) internal { + _approve(owner, spender, value, true); + } + + /** + * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event. + * + * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by + * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any + * `Approval` event during `transferFrom` operations. + * + * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to + * true using the following override: + * + * ```solidity + * function _approve(address owner, address spender, uint256 value, bool) internal virtual override { + * super._approve(owner, spender, value, true); + * } + * ``` + * + * Requirements are the same as {_approve}. + */ + function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual { + if (owner == address(0)) { + revert ERC20InvalidApprover(address(0)); + } + if (spender == address(0)) { + revert ERC20InvalidSpender(address(0)); + } + _allowances[owner][spender] = value; + if (emitEvent) { + emit Approval(owner, spender, value); + } + } + + /** + * @dev Updates `owner` s allowance for `spender` based on spent `value`. + * + * Does not update the allowance value in case of infinite allowance. + * Revert if not enough allowance is available. + * + * Does not emit an {Approval} event. + */ + function _spendAllowance(address owner, address spender, uint256 value) internal virtual { + uint256 currentAllowance = allowance(owner, spender); + if (currentAllowance != type(uint256).max) { + if (currentAllowance < value) { + revert ERC20InsufficientAllowance(spender, currentAllowance, value); + } + unchecked { + _approve(owner, spender, currentAllowance - value, false); + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/IERC20.sol b/dependencies/@openzeppelin/contracts/token/ERC20/IERC20.sol new file mode 100644 index 00000000..d8907216 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/IERC20.sol @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-20 standard as defined in the ERC. + */ +interface IERC20 { + /** + * @dev Emitted when `value` tokens are moved from one account (`from`) to + * another (`to`). + * + * Note that `value` may be zero. + */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /** + * @dev Emitted when the allowance of a `spender` for an `owner` is set by + * a call to {approve}. `value` is the new allowance. + */ + event Approval(address indexed owner, address indexed spender, uint256 value); + + /** + * @dev Returns the value of tokens in existence. + */ + function totalSupply() external view returns (uint256); + + /** + * @dev Returns the value of tokens owned by `account`. + */ + function balanceOf(address account) external view returns (uint256); + + /** + * @dev Moves a `value` amount of tokens from the caller's account to `to`. + * + * Returns a boolean value indicating whether the operation succeeded. + * + * Emits a {Transfer} event. + */ + function transfer(address to, uint256 value) external returns (bool); + + /** + * @dev Returns the remaining number of tokens that `spender` will be + * allowed to spend on behalf of `owner` through {transferFrom}. This is + * zero by default. + * + * This value changes when {approve} or {transferFrom} are called. + */ + function allowance(address owner, address spender) external view returns (uint256); + + /** + * @dev Sets a `value` amount of tokens as the allowance of `spender` over the + * caller's tokens. + * + * Returns a boolean value indicating whether the operation succeeded. + * + * IMPORTANT: Beware that changing an allowance with this method brings the risk + * that someone may use both the old and the new allowance by unfortunate + * transaction ordering. One possible solution to mitigate this race + * condition is to first reduce the spender's allowance to 0 and set the + * desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * + * Emits an {Approval} event. + */ + function approve(address spender, uint256 value) external returns (bool); + + /** + * @dev Moves a `value` amount of tokens from `from` to `to` using the + * allowance mechanism. `value` is then deducted from the caller's + * allowance. + * + * Returns a boolean value indicating whether the operation succeeded. + * + * Emits a {Transfer} event. + */ + function transferFrom(address from, address to, uint256 value) external returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/README.adoc b/dependencies/@openzeppelin/contracts/token/ERC20/README.adoc new file mode 100644 index 00000000..bfbe6790 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/README.adoc @@ -0,0 +1,75 @@ += ERC-20 + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/token/erc20 + +This set of interfaces, contracts, and utilities are all related to the https://eips.ethereum.org/EIPS/eip-20[ERC-20 Token Standard]. + +TIP: For an overview of ERC-20 tokens and a walk through on how to create a token contract read our xref:ROOT:erc20.adoc[ERC-20 guide]. + +There are a few core contracts that implement the behavior specified in the ERC: + +* {IERC20}: the interface all ERC-20 implementations should conform to. +* {IERC20Metadata}: the extended ERC-20 interface including the <>, <> and <> functions. +* {ERC20}: the implementation of the ERC-20 interface, including the <>, <> and <> optional standard extension to the base interface. + +Additionally there are multiple custom extensions, including: + +* {ERC20Permit}: gasless approval of tokens (standardized as ERC-2612). +* {ERC20Burnable}: destruction of own tokens. +* {ERC20Capped}: enforcement of a cap to the total supply when minting tokens. +* {ERC20Pausable}: ability to pause token transfers. +* {ERC20FlashMint}: token level support for flash loans through the minting and burning of ephemeral tokens (standardized as ERC-3156). +* {ERC20Votes}: support for voting and vote delegation. +* {ERC20Wrapper}: wrapper to create an ERC-20 backed by another ERC-20, with deposit and withdraw methods. Useful in conjunction with {ERC20Votes}. +* {ERC20TemporaryApproval}: support for approvals lasting for only one transaction, as defined in ERC-7674. +* {ERC1363}: support for calling the target of a transfer or approval, enabling code execution on the receiver within a single transaction. +* {ERC4626}: tokenized vault that manages shares (represented as ERC-20) that are backed by assets (another ERC-20). + +Finally, there are some utilities to interact with ERC-20 contracts in various ways: + +* {SafeERC20}: a wrapper around the interface that eliminates the need to handle boolean return values. + +Other utilities that support ERC-20 assets can be found in codebase: + +* ERC-20 tokens can be timelocked (held tokens for a beneficiary until a specified time) or vested (released following a given schedule) using a {VestingWallet}. + +NOTE: This core set of contracts is designed to be unopinionated, allowing developers to access the internal functions in ERC-20 (such as <>) and expose them as external functions in the way they prefer. + +== Core + +{{IERC20}} + +{{IERC20Metadata}} + +{{ERC20}} + +== Extensions + +{{IERC20Permit}} + +{{ERC20Permit}} + +{{ERC20Burnable}} + +{{ERC20Capped}} + +{{ERC20Pausable}} + +{{ERC20Votes}} + +{{ERC20Wrapper}} + +{{ERC20FlashMint}} + +{{ERC20TemporaryApproval}} + +{{ERC1363}} + +{{ERC4626}} + +== Utilities + +{{SafeERC20}} + +{{ERC1363Utils}} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC1363.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC1363.sol new file mode 100644 index 00000000..4ae78f32 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC1363.sol @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {ERC20} from "../ERC20.sol"; +import {IERC165, ERC165} from "../../../utils/introspection/ERC165.sol"; +import {IERC1363} from "../../../interfaces/IERC1363.sol"; +import {ERC1363Utils} from "../utils/ERC1363Utils.sol"; + +/** + * @title ERC1363 + * @dev Extension of {ERC20} tokens that adds support for code execution after transfers and approvals + * on recipient contracts. Calls after transfers are enabled through the {ERC1363-transferAndCall} and + * {ERC1363-transferFromAndCall} methods while calls after approvals can be made with {ERC1363-approveAndCall} + * + * _Available since v5.1._ + */ +abstract contract ERC1363 is ERC20, ERC165, IERC1363 { + /** + * @dev Indicates a failure within the {transfer} part of a transferAndCall operation. + * @param receiver Address to which tokens are being transferred. + * @param value Amount of tokens to be transferred. + */ + error ERC1363TransferFailed(address receiver, uint256 value); + + /** + * @dev Indicates a failure within the {transferFrom} part of a transferFromAndCall operation. + * @param sender Address from which to send tokens. + * @param receiver Address to which tokens are being transferred. + * @param value Amount of tokens to be transferred. + */ + error ERC1363TransferFromFailed(address sender, address receiver, uint256 value); + + /** + * @dev Indicates a failure within the {approve} part of a approveAndCall operation. + * @param spender Address which will spend the funds. + * @param value Amount of tokens to be spent. + */ + error ERC1363ApproveFailed(address spender, uint256 value); + + /** + * @inheritdoc IERC165 + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) { + return interfaceId == type(IERC1363).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @dev Moves a `value` amount of tokens from the caller's account to `to` + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * + * Requirements: + * + * - The target has code (i.e. is a contract). + * - The target `to` must implement the {IERC1363Receiver} interface. + * - The target must return the {IERC1363Receiver-onTransferReceived} selector to accept the transfer. + * - The internal {transfer} must succeed (returned `true`). + */ + function transferAndCall(address to, uint256 value) public returns (bool) { + return transferAndCall(to, value, ""); + } + + /** + * @dev Variant of {transferAndCall} that accepts an additional `data` parameter with + * no specified format. + */ + function transferAndCall(address to, uint256 value, bytes memory data) public virtual returns (bool) { + if (!transfer(to, value)) { + revert ERC1363TransferFailed(to, value); + } + ERC1363Utils.checkOnERC1363TransferReceived(_msgSender(), _msgSender(), to, value, data); + return true; + } + + /** + * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism + * and then calls {IERC1363Receiver-onTransferReceived} on `to`. + * + * Requirements: + * + * - The target has code (i.e. is a contract). + * - The target `to` must implement the {IERC1363Receiver} interface. + * - The target must return the {IERC1363Receiver-onTransferReceived} selector to accept the transfer. + * - The internal {transferFrom} must succeed (returned `true`). + */ + function transferFromAndCall(address from, address to, uint256 value) public returns (bool) { + return transferFromAndCall(from, to, value, ""); + } + + /** + * @dev Variant of {transferFromAndCall} that accepts an additional `data` parameter with + * no specified format. + */ + function transferFromAndCall( + address from, + address to, + uint256 value, + bytes memory data + ) public virtual returns (bool) { + if (!transferFrom(from, to, value)) { + revert ERC1363TransferFromFailed(from, to, value); + } + ERC1363Utils.checkOnERC1363TransferReceived(_msgSender(), from, to, value, data); + return true; + } + + /** + * @dev Sets a `value` amount of tokens as the allowance of `spender` over the + * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`. + * + * Requirements: + * + * - The target has code (i.e. is a contract). + * - The target `spender` must implement the {IERC1363Spender} interface. + * - The target must return the {IERC1363Spender-onApprovalReceived} selector to accept the approval. + * - The internal {approve} must succeed (returned `true`). + */ + function approveAndCall(address spender, uint256 value) public returns (bool) { + return approveAndCall(spender, value, ""); + } + + /** + * @dev Variant of {approveAndCall} that accepts an additional `data` parameter with + * no specified format. + */ + function approveAndCall(address spender, uint256 value, bytes memory data) public virtual returns (bool) { + if (!approve(spender, value)) { + revert ERC1363ApproveFailed(spender, value); + } + ERC1363Utils.checkOnERC1363ApprovalReceived(_msgSender(), spender, value, data); + return true; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol new file mode 100644 index 00000000..4d482d8e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Burnable.sol) + +pragma solidity ^0.8.20; + +import {ERC20} from "../ERC20.sol"; +import {Context} from "../../../utils/Context.sol"; + +/** + * @dev Extension of {ERC20} that allows token holders to destroy both their own + * tokens and those that they have an allowance for, in a way that can be + * recognized off-chain (via event analysis). + */ +abstract contract ERC20Burnable is Context, ERC20 { + /** + * @dev Destroys a `value` amount of tokens from the caller. + * + * See {ERC20-_burn}. + */ + function burn(uint256 value) public virtual { + _burn(_msgSender(), value); + } + + /** + * @dev Destroys a `value` amount of tokens from `account`, deducting from + * the caller's allowance. + * + * See {ERC20-_burn} and {ERC20-allowance}. + * + * Requirements: + * + * - the caller must have allowance for ``accounts``'s tokens of at least + * `value`. + */ + function burnFrom(address account, uint256 value) public virtual { + _spendAllowance(account, _msgSender(), value); + _burn(account, value); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Capped.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Capped.sol new file mode 100644 index 00000000..56bafb3a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Capped.sol @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Capped.sol) + +pragma solidity ^0.8.20; + +import {ERC20} from "../ERC20.sol"; + +/** + * @dev Extension of {ERC20} that adds a cap to the supply of tokens. + */ +abstract contract ERC20Capped is ERC20 { + uint256 private immutable _cap; + + /** + * @dev Total supply cap has been exceeded. + */ + error ERC20ExceededCap(uint256 increasedSupply, uint256 cap); + + /** + * @dev The supplied cap is not a valid cap. + */ + error ERC20InvalidCap(uint256 cap); + + /** + * @dev Sets the value of the `cap`. This value is immutable, it can only be + * set once during construction. + */ + constructor(uint256 cap_) { + if (cap_ == 0) { + revert ERC20InvalidCap(0); + } + _cap = cap_; + } + + /** + * @dev Returns the cap on the token's total supply. + */ + function cap() public view virtual returns (uint256) { + return _cap; + } + + /** + * @dev See {ERC20-_update}. + */ + function _update(address from, address to, uint256 value) internal virtual override { + super._update(from, to, value); + + if (from == address(0)) { + uint256 maxSupply = cap(); + uint256 supply = totalSupply(); + if (supply > maxSupply) { + revert ERC20ExceededCap(supply, maxSupply); + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20FlashMint.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20FlashMint.sol new file mode 100644 index 00000000..fd8ff0b3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20FlashMint.sol @@ -0,0 +1,134 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20FlashMint.sol) + +pragma solidity ^0.8.20; + +import {IERC3156FlashBorrower} from "../../../interfaces/IERC3156FlashBorrower.sol"; +import {IERC3156FlashLender} from "../../../interfaces/IERC3156FlashLender.sol"; +import {ERC20} from "../ERC20.sol"; + +/** + * @dev Implementation of the ERC-3156 Flash loans extension, as defined in + * https://eips.ethereum.org/EIPS/eip-3156[ERC-3156]. + * + * Adds the {flashLoan} method, which provides flash loan support at the token + * level. By default there is no fee, but this can be changed by overriding {flashFee}. + * + * NOTE: When this extension is used along with the {ERC20Capped} or {ERC20Votes} extensions, + * {maxFlashLoan} will not correctly reflect the maximum that can be flash minted. We recommend + * overriding {maxFlashLoan} so that it correctly reflects the supply cap. + */ +abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender { + bytes32 private constant RETURN_VALUE = keccak256("ERC3156FlashBorrower.onFlashLoan"); + + /** + * @dev The loan token is not valid. + */ + error ERC3156UnsupportedToken(address token); + + /** + * @dev The requested loan exceeds the max loan value for `token`. + */ + error ERC3156ExceededMaxLoan(uint256 maxLoan); + + /** + * @dev The receiver of a flashloan is not a valid {IERC3156FlashBorrower-onFlashLoan} implementer. + */ + error ERC3156InvalidReceiver(address receiver); + + /** + * @dev Returns the maximum amount of tokens available for loan. + * @param token The address of the token that is requested. + * @return The amount of token that can be loaned. + * + * NOTE: This function does not consider any form of supply cap, so in case + * it's used in a token with a cap like {ERC20Capped}, make sure to override this + * function to integrate the cap instead of `type(uint256).max`. + */ + function maxFlashLoan(address token) public view virtual returns (uint256) { + return token == address(this) ? type(uint256).max - totalSupply() : 0; + } + + /** + * @dev Returns the fee applied when doing flash loans. This function calls + * the {_flashFee} function which returns the fee applied when doing flash + * loans. + * @param token The token to be flash loaned. + * @param value The amount of tokens to be loaned. + * @return The fees applied to the corresponding flash loan. + */ + function flashFee(address token, uint256 value) public view virtual returns (uint256) { + if (token != address(this)) { + revert ERC3156UnsupportedToken(token); + } + return _flashFee(token, value); + } + + /** + * @dev Returns the fee applied when doing flash loans. By default this + * implementation has 0 fees. This function can be overloaded to make + * the flash loan mechanism deflationary. + * @param token The token to be flash loaned. + * @param value The amount of tokens to be loaned. + * @return The fees applied to the corresponding flash loan. + */ + function _flashFee(address token, uint256 value) internal view virtual returns (uint256) { + // silence warning about unused variable without the addition of bytecode. + token; + value; + return 0; + } + + /** + * @dev Returns the receiver address of the flash fee. By default this + * implementation returns the address(0) which means the fee amount will be burnt. + * This function can be overloaded to change the fee receiver. + * @return The address for which the flash fee will be sent to. + */ + function _flashFeeReceiver() internal view virtual returns (address) { + return address(0); + } + + /** + * @dev Performs a flash loan. New tokens are minted and sent to the + * `receiver`, who is required to implement the {IERC3156FlashBorrower} + * interface. By the end of the flash loan, the receiver is expected to own + * value + fee tokens and have them approved back to the token contract itself so + * they can be burned. + * @param receiver The receiver of the flash loan. Should implement the + * {IERC3156FlashBorrower-onFlashLoan} interface. + * @param token The token to be flash loaned. Only `address(this)` is + * supported. + * @param value The amount of tokens to be loaned. + * @param data An arbitrary datafield that is passed to the receiver. + * @return `true` if the flash loan was successful. + */ + // This function can reenter, but it doesn't pose a risk because it always preserves the property that the amount + // minted at the beginning is always recovered and burned at the end, or else the entire function will revert. + // slither-disable-next-line reentrancy-no-eth + function flashLoan( + IERC3156FlashBorrower receiver, + address token, + uint256 value, + bytes calldata data + ) public virtual returns (bool) { + uint256 maxLoan = maxFlashLoan(token); + if (value > maxLoan) { + revert ERC3156ExceededMaxLoan(maxLoan); + } + uint256 fee = flashFee(token, value); + _mint(address(receiver), value); + if (receiver.onFlashLoan(_msgSender(), token, value, fee, data) != RETURN_VALUE) { + revert ERC3156InvalidReceiver(address(receiver)); + } + address flashFeeReceiver = _flashFeeReceiver(); + _spendAllowance(address(receiver), address(this), value + fee); + if (fee == 0 || flashFeeReceiver == address(0)) { + _burn(address(receiver), value + fee); + } else { + _burn(address(receiver), value); + _transfer(address(receiver), flashFeeReceiver, fee); + } + return true; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Pausable.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Pausable.sol new file mode 100644 index 00000000..9b56f053 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Pausable.sol @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Pausable.sol) + +pragma solidity ^0.8.20; + +import {ERC20} from "../ERC20.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; + +/** + * @dev ERC-20 token with pausable token transfers, minting and burning. + * + * Useful for scenarios such as preventing trades until the end of an evaluation + * period, or having an emergency switch for freezing all token transfers in the + * event of a large bug. + * + * IMPORTANT: This contract does not include public pause and unpause functions. In + * addition to inheriting this contract, you must define both functions, invoking the + * {Pausable-_pause} and {Pausable-_unpause} internal functions, with appropriate + * access control, e.g. using {AccessControl} or {Ownable}. Not doing so will + * make the contract pause mechanism of the contract unreachable, and thus unusable. + */ +abstract contract ERC20Pausable is ERC20, Pausable { + /** + * @dev See {ERC20-_update}. + * + * Requirements: + * + * - the contract must not be paused. + */ + function _update(address from, address to, uint256 value) internal virtual override whenNotPaused { + super._update(from, to, value); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol new file mode 100644 index 00000000..22b19dc0 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Permit.sol) + +pragma solidity ^0.8.20; + +import {IERC20Permit} from "./IERC20Permit.sol"; +import {ERC20} from "../ERC20.sol"; +import {ECDSA} from "../../../utils/cryptography/ECDSA.sol"; +import {EIP712} from "../../../utils/cryptography/EIP712.sol"; +import {Nonces} from "../../../utils/Nonces.sol"; + +/** + * @dev Implementation of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in + * https://eips.ethereum.org/EIPS/eip-2612[ERC-2612]. + * + * Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by + * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't + * need to send a transaction, and thus is not required to hold Ether at all. + */ +abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712, Nonces { + bytes32 private constant PERMIT_TYPEHASH = + keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"); + + /** + * @dev Permit deadline has expired. + */ + error ERC2612ExpiredSignature(uint256 deadline); + + /** + * @dev Mismatched signature. + */ + error ERC2612InvalidSigner(address signer, address owner); + + /** + * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`. + * + * It's a good idea to use the same `name` that is defined as the ERC-20 token name. + */ + constructor(string memory name) EIP712(name, "1") {} + + /** + * @inheritdoc IERC20Permit + */ + function permit( + address owner, + address spender, + uint256 value, + uint256 deadline, + uint8 v, + bytes32 r, + bytes32 s + ) public virtual { + if (block.timestamp > deadline) { + revert ERC2612ExpiredSignature(deadline); + } + + bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline)); + + bytes32 hash = _hashTypedDataV4(structHash); + + address signer = ECDSA.recover(hash, v, r, s); + if (signer != owner) { + revert ERC2612InvalidSigner(signer, owner); + } + + _approve(owner, spender, value); + } + + /** + * @inheritdoc IERC20Permit + */ + function nonces(address owner) public view virtual override(IERC20Permit, Nonces) returns (uint256) { + return super.nonces(owner); + } + + /** + * @inheritdoc IERC20Permit + */ + // solhint-disable-next-line func-name-mixedcase + function DOMAIN_SEPARATOR() external view virtual returns (bytes32) { + return _domainSeparatorV4(); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol new file mode 100644 index 00000000..7680293a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Votes.sol) + +pragma solidity ^0.8.20; + +import {ERC20} from "../ERC20.sol"; +import {Votes} from "../../../governance/utils/Votes.sol"; +import {Checkpoints} from "../../../utils/structs/Checkpoints.sol"; + +/** + * @dev Extension of ERC-20 to support Compound-like voting and delegation. This version is more generic than Compound's, + * and supports token supply up to 2^208^ - 1, while COMP is limited to 2^96^ - 1. + * + * NOTE: This contract does not provide interface compatibility with Compound's COMP token. + * + * This extension keeps a history (checkpoints) of each account's vote power. Vote power can be delegated either + * by calling the {Votes-delegate} function directly, or by providing a signature to be used with {Votes-delegateBySig}. Voting + * power can be queried through the public accessors {Votes-getVotes} and {Votes-getPastVotes}. + * + * By default, token balance does not account for voting power. This makes transfers cheaper. The downside is that it + * requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked. + */ +abstract contract ERC20Votes is ERC20, Votes { + /** + * @dev Total supply cap has been exceeded, introducing a risk of votes overflowing. + */ + error ERC20ExceededSafeSupply(uint256 increasedSupply, uint256 cap); + + /** + * @dev Maximum token supply. Defaults to `type(uint208).max` (2^208^ - 1). + * + * This maximum is enforced in {_update}. It limits the total supply of the token, which is otherwise a uint256, + * so that checkpoints can be stored in the Trace208 structure used by {Votes}. Increasing this value will not + * remove the underlying limitation, and will cause {_update} to fail because of a math overflow in + * {Votes-_transferVotingUnits}. An override could be used to further restrict the total supply (to a lower value) if + * additional logic requires it. When resolving override conflicts on this function, the minimum should be + * returned. + */ + function _maxSupply() internal view virtual returns (uint256) { + return type(uint208).max; + } + + /** + * @dev Move voting power when tokens are transferred. + * + * Emits a {IVotes-DelegateVotesChanged} event. + */ + function _update(address from, address to, uint256 value) internal virtual override { + super._update(from, to, value); + if (from == address(0)) { + uint256 supply = totalSupply(); + uint256 cap = _maxSupply(); + if (supply > cap) { + revert ERC20ExceededSafeSupply(supply, cap); + } + } + _transferVotingUnits(from, to, value); + } + + /** + * @dev Returns the voting units of an `account`. + * + * WARNING: Overriding this function may compromise the internal vote accounting. + * `ERC20Votes` assumes tokens map to voting units 1:1 and this is not easy to change. + */ + function _getVotingUnits(address account) internal view virtual override returns (uint256) { + return balanceOf(account); + } + + /** + * @dev Get number of checkpoints for `account`. + */ + function numCheckpoints(address account) public view virtual returns (uint32) { + return _numCheckpoints(account); + } + + /** + * @dev Get the `pos`-th checkpoint for `account`. + */ + function checkpoints(address account, uint32 pos) public view virtual returns (Checkpoints.Checkpoint208 memory) { + return _checkpoints(account, pos); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Wrapper.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Wrapper.sol new file mode 100644 index 00000000..eecd6ab7 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC20Wrapper.sol @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Wrapper.sol) + +pragma solidity ^0.8.20; + +import {IERC20, IERC20Metadata, ERC20} from "../ERC20.sol"; +import {SafeERC20} from "../utils/SafeERC20.sol"; + +/** + * @dev Extension of the ERC-20 token contract to support token wrapping. + * + * Users can deposit and withdraw "underlying tokens" and receive a matching number of "wrapped tokens". This is useful + * in conjunction with other modules. For example, combining this wrapping mechanism with {ERC20Votes} will allow the + * wrapping of an existing "basic" ERC-20 into a governance token. + * + * WARNING: Any mechanism in which the underlying token changes the {balanceOf} of an account without an explicit transfer + * may desynchronize this contract's supply and its underlying balance. Please exercise caution when wrapping tokens that + * may undercollateralize the wrapper (i.e. wrapper's total supply is higher than its underlying balance). See {_recover} + * for recovering value accrued to the wrapper. + */ +abstract contract ERC20Wrapper is ERC20 { + IERC20 private immutable _underlying; + + /** + * @dev The underlying token couldn't be wrapped. + */ + error ERC20InvalidUnderlying(address token); + + constructor(IERC20 underlyingToken) { + if (underlyingToken == this) { + revert ERC20InvalidUnderlying(address(this)); + } + _underlying = underlyingToken; + } + + /** + * @dev See {ERC20-decimals}. + */ + function decimals() public view virtual override returns (uint8) { + try IERC20Metadata(address(_underlying)).decimals() returns (uint8 value) { + return value; + } catch { + return super.decimals(); + } + } + + /** + * @dev Returns the address of the underlying ERC-20 token that is being wrapped. + */ + function underlying() public view returns (IERC20) { + return _underlying; + } + + /** + * @dev Allow a user to deposit underlying tokens and mint the corresponding number of wrapped tokens. + */ + function depositFor(address account, uint256 value) public virtual returns (bool) { + address sender = _msgSender(); + if (sender == address(this)) { + revert ERC20InvalidSender(address(this)); + } + if (account == address(this)) { + revert ERC20InvalidReceiver(account); + } + SafeERC20.safeTransferFrom(_underlying, sender, address(this), value); + _mint(account, value); + return true; + } + + /** + * @dev Allow a user to burn a number of wrapped tokens and withdraw the corresponding number of underlying tokens. + */ + function withdrawTo(address account, uint256 value) public virtual returns (bool) { + if (account == address(this)) { + revert ERC20InvalidReceiver(account); + } + _burn(_msgSender(), value); + SafeERC20.safeTransfer(_underlying, account, value); + return true; + } + + /** + * @dev Mint wrapped token to cover any underlyingTokens that would have been transferred by mistake or acquired from + * rebasing mechanisms. Internal function that can be exposed with access control if desired. + */ + function _recover(address account) internal virtual returns (uint256) { + uint256 value = _underlying.balanceOf(address(this)) - totalSupply(); + _mint(account, value); + return value; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol new file mode 100644 index 00000000..73778b53 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC4626.sol) + +pragma solidity ^0.8.20; + +import {IERC20, IERC20Metadata, ERC20} from "../ERC20.sol"; +import {SafeERC20} from "../utils/SafeERC20.sol"; +import {IERC4626} from "../../../interfaces/IERC4626.sol"; +import {Math} from "../../../utils/math/Math.sol"; + +/** + * @dev Implementation of the ERC-4626 "Tokenized Vault Standard" as defined in + * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626]. + * + * This extension allows the minting and burning of "shares" (represented using the ERC-20 inheritance) in exchange for + * underlying "assets" through standardized {deposit}, {mint}, {redeem} and {burn} workflows. This contract extends + * the ERC-20 standard. Any additional extensions included along it would affect the "shares" token represented by this + * contract and not the "assets" token which is an independent contract. + * + * [CAUTION] + * ==== + * In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through frontrunning + * with a "donation" to the vault that inflates the price of a share. This is variously known as a donation or inflation + * attack and is essentially a problem of slippage. Vault deployers can protect against this attack by making an initial + * deposit of a non-trivial amount of the asset, such that price manipulation becomes infeasible. Withdrawals may + * similarly be affected by slippage. Users can protect against this attack as well as unexpected slippage in general by + * verifying the amount received is as expected, using a wrapper that performs these checks such as + * https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router]. + * + * Since v4.9, this implementation introduces configurable virtual assets and shares to help developers mitigate that risk. + * The `_decimalsOffset()` corresponds to an offset in the decimal representation between the underlying asset's decimals + * and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which + * itself determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default + * offset (0) makes it non-profitable even if an attacker is able to capture value from multiple user deposits, as a result + * of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains. + * With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable. More details about the + * underlying math can be found xref:erc4626.adoc#inflation-attack[here]. + * + * The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued + * to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets + * will cause the first user to exit to experience reduced losses in detriment to the last users that will experience + * bigger losses. Developers willing to revert back to the pre-v4.9 behavior just need to override the + * `_convertToShares` and `_convertToAssets` functions. + * + * To learn more, check out our xref:ROOT:erc4626.adoc[ERC-4626 guide]. + * ==== + */ +abstract contract ERC4626 is ERC20, IERC4626 { + using Math for uint256; + + IERC20 private immutable _asset; + uint8 private immutable _underlyingDecimals; + + /** + * @dev Attempted to deposit more assets than the max amount for `receiver`. + */ + error ERC4626ExceededMaxDeposit(address receiver, uint256 assets, uint256 max); + + /** + * @dev Attempted to mint more shares than the max amount for `receiver`. + */ + error ERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max); + + /** + * @dev Attempted to withdraw more assets than the max amount for `receiver`. + */ + error ERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max); + + /** + * @dev Attempted to redeem more shares than the max amount for `receiver`. + */ + error ERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max); + + /** + * @dev Set the underlying asset contract. This must be an ERC20-compatible contract (ERC-20 or ERC-777). + */ + constructor(IERC20 asset_) { + (bool success, uint8 assetDecimals) = _tryGetAssetDecimals(asset_); + _underlyingDecimals = success ? assetDecimals : 18; + _asset = asset_; + } + + /** + * @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way. + */ + function _tryGetAssetDecimals(IERC20 asset_) private view returns (bool ok, uint8 assetDecimals) { + (bool success, bytes memory encodedDecimals) = address(asset_).staticcall( + abi.encodeCall(IERC20Metadata.decimals, ()) + ); + if (success && encodedDecimals.length >= 32) { + uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256)); + if (returnedDecimals <= type(uint8).max) { + return (true, uint8(returnedDecimals)); + } + } + return (false, 0); + } + + /** + * @dev Decimals are computed by adding the decimal offset on top of the underlying asset's decimals. This + * "original" value is cached during construction of the vault contract. If this read operation fails (e.g., the + * asset has not been created yet), a default of 18 is used to represent the underlying asset's decimals. + * + * See {IERC20Metadata-decimals}. + */ + function decimals() public view virtual override(IERC20Metadata, ERC20) returns (uint8) { + return _underlyingDecimals + _decimalsOffset(); + } + + /** @dev See {IERC4626-asset}. */ + function asset() public view virtual returns (address) { + return address(_asset); + } + + /** @dev See {IERC4626-totalAssets}. */ + function totalAssets() public view virtual returns (uint256) { + return _asset.balanceOf(address(this)); + } + + /** @dev See {IERC4626-convertToShares}. */ + function convertToShares(uint256 assets) public view virtual returns (uint256) { + return _convertToShares(assets, Math.Rounding.Floor); + } + + /** @dev See {IERC4626-convertToAssets}. */ + function convertToAssets(uint256 shares) public view virtual returns (uint256) { + return _convertToAssets(shares, Math.Rounding.Floor); + } + + /** @dev See {IERC4626-maxDeposit}. */ + function maxDeposit(address) public view virtual returns (uint256) { + return type(uint256).max; + } + + /** @dev See {IERC4626-maxMint}. */ + function maxMint(address) public view virtual returns (uint256) { + return type(uint256).max; + } + + /** @dev See {IERC4626-maxWithdraw}. */ + function maxWithdraw(address owner) public view virtual returns (uint256) { + return _convertToAssets(balanceOf(owner), Math.Rounding.Floor); + } + + /** @dev See {IERC4626-maxRedeem}. */ + function maxRedeem(address owner) public view virtual returns (uint256) { + return balanceOf(owner); + } + + /** @dev See {IERC4626-previewDeposit}. */ + function previewDeposit(uint256 assets) public view virtual returns (uint256) { + return _convertToShares(assets, Math.Rounding.Floor); + } + + /** @dev See {IERC4626-previewMint}. */ + function previewMint(uint256 shares) public view virtual returns (uint256) { + return _convertToAssets(shares, Math.Rounding.Ceil); + } + + /** @dev See {IERC4626-previewWithdraw}. */ + function previewWithdraw(uint256 assets) public view virtual returns (uint256) { + return _convertToShares(assets, Math.Rounding.Ceil); + } + + /** @dev See {IERC4626-previewRedeem}. */ + function previewRedeem(uint256 shares) public view virtual returns (uint256) { + return _convertToAssets(shares, Math.Rounding.Floor); + } + + /** @dev See {IERC4626-deposit}. */ + function deposit(uint256 assets, address receiver) public virtual returns (uint256) { + uint256 maxAssets = maxDeposit(receiver); + if (assets > maxAssets) { + revert ERC4626ExceededMaxDeposit(receiver, assets, maxAssets); + } + + uint256 shares = previewDeposit(assets); + _deposit(_msgSender(), receiver, assets, shares); + + return shares; + } + + /** @dev See {IERC4626-mint}. */ + function mint(uint256 shares, address receiver) public virtual returns (uint256) { + uint256 maxShares = maxMint(receiver); + if (shares > maxShares) { + revert ERC4626ExceededMaxMint(receiver, shares, maxShares); + } + + uint256 assets = previewMint(shares); + _deposit(_msgSender(), receiver, assets, shares); + + return assets; + } + + /** @dev See {IERC4626-withdraw}. */ + function withdraw(uint256 assets, address receiver, address owner) public virtual returns (uint256) { + uint256 maxAssets = maxWithdraw(owner); + if (assets > maxAssets) { + revert ERC4626ExceededMaxWithdraw(owner, assets, maxAssets); + } + + uint256 shares = previewWithdraw(assets); + _withdraw(_msgSender(), receiver, owner, assets, shares); + + return shares; + } + + /** @dev See {IERC4626-redeem}. */ + function redeem(uint256 shares, address receiver, address owner) public virtual returns (uint256) { + uint256 maxShares = maxRedeem(owner); + if (shares > maxShares) { + revert ERC4626ExceededMaxRedeem(owner, shares, maxShares); + } + + uint256 assets = previewRedeem(shares); + _withdraw(_msgSender(), receiver, owner, assets, shares); + + return assets; + } + + /** + * @dev Internal conversion function (from assets to shares) with support for rounding direction. + */ + function _convertToShares(uint256 assets, Math.Rounding rounding) internal view virtual returns (uint256) { + return assets.mulDiv(totalSupply() + 10 ** _decimalsOffset(), totalAssets() + 1, rounding); + } + + /** + * @dev Internal conversion function (from shares to assets) with support for rounding direction. + */ + function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual returns (uint256) { + return shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding); + } + + /** + * @dev Deposit/mint common workflow. + */ + function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual { + // If _asset is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the + // `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer, + // calls the vault, which is assumed not malicious. + // + // Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the + // assets are transferred and before the shares are minted, which is a valid state. + // slither-disable-next-line reentrancy-no-eth + SafeERC20.safeTransferFrom(_asset, caller, address(this), assets); + _mint(receiver, shares); + + emit Deposit(caller, receiver, assets, shares); + } + + /** + * @dev Withdraw/redeem common workflow. + */ + function _withdraw( + address caller, + address receiver, + address owner, + uint256 assets, + uint256 shares + ) internal virtual { + if (caller != owner) { + _spendAllowance(owner, caller, shares); + } + + // If _asset is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the + // `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer, + // calls the vault, which is assumed not malicious. + // + // Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the + // shares are burned and after the assets are transferred, which is a valid state. + _burn(owner, shares); + SafeERC20.safeTransfer(_asset, receiver, assets); + + emit Withdraw(caller, receiver, owner, assets, shares); + } + + function _decimalsOffset() internal view virtual returns (uint8) { + return 0; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol new file mode 100644 index 00000000..e8c020b1 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "../IERC20.sol"; + +/** + * @dev Interface for the optional metadata functions from the ERC-20 standard. + */ +interface IERC20Metadata is IERC20 { + /** + * @dev Returns the name of the token. + */ + function name() external view returns (string memory); + + /** + * @dev Returns the symbol of the token. + */ + function symbol() external view returns (string memory); + + /** + * @dev Returns the decimals places of the token. + */ + function decimals() external view returns (uint8); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol new file mode 100644 index 00000000..a8ad26ed --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in + * https://eips.ethereum.org/EIPS/eip-2612[ERC-2612]. + * + * Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by + * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't + * need to send a transaction, and thus is not required to hold Ether at all. + * + * ==== Security Considerations + * + * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature + * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be + * considered as an intention to spend the allowance in any specific way. The second is that because permits have + * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should + * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be + * generally recommended is: + * + * ```solidity + * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public { + * try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {} + * doThing(..., value); + * } + * + * function doThing(..., uint256 value) public { + * token.safeTransferFrom(msg.sender, address(this), value); + * ... + * } + * ``` + * + * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of + * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also + * {SafeERC20-safeTransferFrom}). + * + * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so + * contracts should have entry points that don't rely on permit. + */ +interface IERC20Permit { + /** + * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, + * given ``owner``'s signed approval. + * + * IMPORTANT: The same issues {IERC20-approve} has related to transaction + * ordering also apply here. + * + * Emits an {Approval} event. + * + * Requirements: + * + * - `spender` cannot be the zero address. + * - `deadline` must be a timestamp in the future. + * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` + * over the EIP712-formatted function arguments. + * - the signature must use ``owner``'s current nonce (see {nonces}). + * + * For more information on the signature format, see the + * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP + * section]. + * + * CAUTION: See Security Considerations above. + */ + function permit( + address owner, + address spender, + uint256 value, + uint256 deadline, + uint8 v, + bytes32 r, + bytes32 s + ) external; + + /** + * @dev Returns the current nonce for `owner`. This value must be + * included whenever a signature is generated for {permit}. + * + * Every successful call to {permit} increases ``owner``'s nonce by one. This + * prevents a signature from being used multiple times. + */ + function nonces(address owner) external view returns (uint256); + + /** + * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. + */ + // solhint-disable-next-line func-name-mixedcase + function DOMAIN_SEPARATOR() external view returns (bytes32); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20TemporaryApproval.sol b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20TemporaryApproval.sol new file mode 100644 index 00000000..515b080e --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20TemporaryApproval.sol @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.24; + +import {IERC20, ERC20} from "../ERC20.sol"; +import {IERC7674} from "../../../interfaces/draft-IERC7674.sol"; +import {Math} from "../../../utils/math/Math.sol"; +import {SlotDerivation} from "../../../utils/SlotDerivation.sol"; +import {StorageSlot} from "../../../utils/StorageSlot.sol"; + +/** + * @dev Extension of {ERC20} that adds support for temporary allowances following ERC-7674. + * + * WARNING: This is a draft contract. The corresponding ERC is still subject to changes. + * + * _Available since v5.1._ + */ +abstract contract ERC20TemporaryApproval is ERC20, IERC7674 { + using SlotDerivation for bytes32; + using StorageSlot for bytes32; + using StorageSlot for StorageSlot.Uint256SlotType; + + // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20_TEMPORARY_APPROVAL_STORAGE")) - 1)) & ~bytes32(uint256(0xff)) + bytes32 private constant ERC20_TEMPORARY_APPROVAL_STORAGE = + 0xea2d0e77a01400d0111492b1321103eed560d8fe44b9a7c2410407714583c400; + + /** + * @dev {allowance} override that includes the temporary allowance when looking up the current allowance. If + * adding up the persistent and the temporary allowances result in an overflow, type(uint256).max is returned. + */ + function allowance(address owner, address spender) public view virtual override(IERC20, ERC20) returns (uint256) { + (bool success, uint256 amount) = Math.tryAdd( + super.allowance(owner, spender), + _temporaryAllowance(owner, spender) + ); + return success ? amount : type(uint256).max; + } + + /** + * @dev Internal getter for the current temporary allowance that `spender` has over `owner` tokens. + */ + function _temporaryAllowance(address owner, address spender) internal view virtual returns (uint256) { + return _temporaryAllowanceSlot(owner, spender).tload(); + } + + /** + * @dev Alternative to {approve} that sets a `value` amount of tokens as the temporary allowance of `spender` over + * the caller's tokens. + * + * Returns a boolean value indicating whether the operation succeeded. + * + * Requirements: + * - `spender` cannot be the zero address. + * + * Does NOT emit an {Approval} event. + */ + function temporaryApprove(address spender, uint256 value) public virtual returns (bool) { + _temporaryApprove(_msgSender(), spender, value); + return true; + } + + /** + * @dev Sets `value` as the temporary allowance of `spender` over the `owner` s tokens. + * + * This internal function is equivalent to `temporaryApprove`, and can be used to e.g. set automatic allowances + * for certain subsystems, etc. + * + * Requirements: + * - `owner` cannot be the zero address. + * - `spender` cannot be the zero address. + * + * Does NOT emit an {Approval} event. + */ + function _temporaryApprove(address owner, address spender, uint256 value) internal virtual { + if (owner == address(0)) { + revert ERC20InvalidApprover(address(0)); + } + if (spender == address(0)) { + revert ERC20InvalidSpender(address(0)); + } + _temporaryAllowanceSlot(owner, spender).tstore(value); + } + + /** + * @dev {_spendAllowance} override that consumes the temporary allowance (if any) before eventually falling back + * to consuming the persistent allowance. + * NOTE: This function skips calling `super._spendAllowance` if the temporary allowance + * is enough to cover the spending. + */ + function _spendAllowance(address owner, address spender, uint256 value) internal virtual override { + // load transient allowance + uint256 currentTemporaryAllowance = _temporaryAllowance(owner, spender); + + // Check and update (if needed) the temporary allowance + set remaining value + if (currentTemporaryAllowance > 0) { + // All value is covered by the infinite allowance. nothing left to spend, we can return early + if (currentTemporaryAllowance == type(uint256).max) { + return; + } + // check how much of the value is covered by the transient allowance + uint256 spendTemporaryAllowance = Math.min(currentTemporaryAllowance, value); + unchecked { + // decrease transient allowance accordingly + _temporaryApprove(owner, spender, currentTemporaryAllowance - spendTemporaryAllowance); + // update value necessary + value -= spendTemporaryAllowance; + } + } + // reduce any remaining value from the persistent allowance + if (value > 0) { + super._spendAllowance(owner, spender, value); + } + } + + function _temporaryAllowanceSlot( + address owner, + address spender + ) private pure returns (StorageSlot.Uint256SlotType) { + return ERC20_TEMPORARY_APPROVAL_STORAGE.deriveMapping(owner).deriveMapping(spender).asUint256(); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/utils/ERC1363Utils.sol b/dependencies/@openzeppelin/contracts/token/ERC20/utils/ERC1363Utils.sol new file mode 100644 index 00000000..f5c93136 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/utils/ERC1363Utils.sol @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC1363Receiver} from "../../../interfaces/IERC1363Receiver.sol"; +import {IERC1363Spender} from "../../../interfaces/IERC1363Spender.sol"; + +/** + * @dev Library that provides common ERC-1363 utility functions. + * + * See https://eips.ethereum.org/EIPS/eip-1363[ERC-1363]. + */ +library ERC1363Utils { + /** + * @dev Indicates a failure with the token `receiver`. Used in transfers. + * @param receiver Address to which tokens are being transferred. + */ + error ERC1363InvalidReceiver(address receiver); + + /** + * @dev Indicates a failure with the token `spender`. Used in approvals. + * @param spender Address that may be allowed to operate on tokens without being their owner. + */ + error ERC1363InvalidSpender(address spender); + + /** + * @dev Performs a call to {IERC1363Receiver-onTransferReceived} on a target address. + * + * Requirements: + * + * - The target has code (i.e. is a contract). + * - The target `to` must implement the {IERC1363Receiver} interface. + * - The target must return the {IERC1363Receiver-onTransferReceived} selector to accept the transfer. + */ + function checkOnERC1363TransferReceived( + address operator, + address from, + address to, + uint256 value, + bytes memory data + ) internal { + if (to.code.length == 0) { + revert ERC1363InvalidReceiver(to); + } + + try IERC1363Receiver(to).onTransferReceived(operator, from, value, data) returns (bytes4 retval) { + if (retval != IERC1363Receiver.onTransferReceived.selector) { + revert ERC1363InvalidReceiver(to); + } + } catch (bytes memory reason) { + if (reason.length == 0) { + revert ERC1363InvalidReceiver(to); + } else { + assembly ("memory-safe") { + revert(add(32, reason), mload(reason)) + } + } + } + } + + /** + * @dev Performs a call to {IERC1363Spender-onApprovalReceived} on a target address. + * + * Requirements: + * + * - The target has code (i.e. is a contract). + * - The target `spender` must implement the {IERC1363Spender} interface. + * - The target must return the {IERC1363Spender-onApprovalReceived} selector to accept the approval. + */ + function checkOnERC1363ApprovalReceived( + address operator, + address spender, + uint256 value, + bytes memory data + ) internal { + if (spender.code.length == 0) { + revert ERC1363InvalidSpender(spender); + } + + try IERC1363Spender(spender).onApprovalReceived(operator, value, data) returns (bytes4 retval) { + if (retval != IERC1363Spender.onApprovalReceived.selector) { + revert ERC1363InvalidSpender(spender); + } + } catch (bytes memory reason) { + if (reason.length == 0) { + revert ERC1363InvalidSpender(spender); + } else { + assembly ("memory-safe") { + revert(add(32, reason), mload(reason)) + } + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol b/dependencies/@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol new file mode 100644 index 00000000..ed41fb04 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol @@ -0,0 +1,185 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol) + +pragma solidity ^0.8.20; + +import {IERC20} from "../IERC20.sol"; +import {IERC1363} from "../../../interfaces/IERC1363.sol"; +import {Address} from "../../../utils/Address.sol"; + +/** + * @title SafeERC20 + * @dev Wrappers around ERC-20 operations that throw on failure (when the token + * contract returns false). Tokens that return no value (and instead revert or + * throw on failure) are also supported, non-reverting calls are assumed to be + * successful. + * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, + * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. + */ +library SafeERC20 { + /** + * @dev An operation with an ERC-20 token failed. + */ + error SafeERC20FailedOperation(address token); + + /** + * @dev Indicates a failed `decreaseAllowance` request. + */ + error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease); + + /** + * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value, + * non-reverting calls are assumed to be successful. + */ + function safeTransfer(IERC20 token, address to, uint256 value) internal { + _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value))); + } + + /** + * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the + * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful. + */ + function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal { + _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value))); + } + + /** + * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value, + * non-reverting calls are assumed to be successful. + */ + function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { + uint256 oldAllowance = token.allowance(address(this), spender); + forceApprove(token, spender, oldAllowance + value); + } + + /** + * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no + * value, non-reverting calls are assumed to be successful. + */ + function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal { + unchecked { + uint256 currentAllowance = token.allowance(address(this), spender); + if (currentAllowance < requestedDecrease) { + revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease); + } + forceApprove(token, spender, currentAllowance - requestedDecrease); + } + } + + /** + * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value, + * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval + * to be set to zero before setting it to a non-zero value, such as USDT. + */ + function forceApprove(IERC20 token, address spender, uint256 value) internal { + bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value)); + + if (!_callOptionalReturnBool(token, approvalCall)) { + _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0))); + _callOptionalReturn(token, approvalCall); + } + } + + /** + * @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no + * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when + * targeting contracts. + * + * Reverts if the returned value is other than `true`. + */ + function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal { + if (to.code.length == 0) { + safeTransfer(token, to, value); + } else if (!token.transferAndCall(to, value, data)) { + revert SafeERC20FailedOperation(address(token)); + } + } + + /** + * @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target + * has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when + * targeting contracts. + * + * Reverts if the returned value is other than `true`. + */ + function transferFromAndCallRelaxed( + IERC1363 token, + address from, + address to, + uint256 value, + bytes memory data + ) internal { + if (to.code.length == 0) { + safeTransferFrom(token, from, to, value); + } else if (!token.transferFromAndCall(from, to, value, data)) { + revert SafeERC20FailedOperation(address(token)); + } + } + + /** + * @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no + * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when + * targeting contracts. + * + * NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}. + * Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall} + * once without retrying, and relies on the returned value to be true. + * + * Reverts if the returned value is other than `true`. + */ + function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal { + if (to.code.length == 0) { + forceApprove(token, to, value); + } else if (!token.approveAndCall(to, value, data)) { + revert SafeERC20FailedOperation(address(token)); + } + } + + /** + * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement + * on the return value: the return value is optional (but if data is returned, it must not be false). + * @param token The token targeted by the call. + * @param data The call data (encoded using abi.encode or one of its variants). + * + * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements. + */ + function _callOptionalReturn(IERC20 token, bytes memory data) private { + uint256 returnSize; + uint256 returnValue; + assembly ("memory-safe") { + let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20) + // bubble errors + if iszero(success) { + let ptr := mload(0x40) + returndatacopy(ptr, 0, returndatasize()) + revert(ptr, returndatasize()) + } + returnSize := returndatasize() + returnValue := mload(0) + } + + if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) { + revert SafeERC20FailedOperation(address(token)); + } + } + + /** + * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement + * on the return value: the return value is optional (but if data is returned, it must not be false). + * @param token The token targeted by the call. + * @param data The call data (encoded using abi.encode or one of its variants). + * + * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead. + */ + function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) { + bool success; + uint256 returnSize; + uint256 returnValue; + assembly ("memory-safe") { + success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20) + returnSize := returndatasize() + returnValue := mload(0) + } + return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/ERC721.sol b/dependencies/@openzeppelin/contracts/token/ERC721/ERC721.sol new file mode 100644 index 00000000..df7ff505 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/ERC721.sol @@ -0,0 +1,456 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/ERC721.sol) + +pragma solidity ^0.8.20; + +import {IERC721} from "./IERC721.sol"; +import {IERC721Metadata} from "./extensions/IERC721Metadata.sol"; +import {ERC721Utils} from "./utils/ERC721Utils.sol"; +import {Context} from "../../utils/Context.sol"; +import {Strings} from "../../utils/Strings.sol"; +import {IERC165, ERC165} from "../../utils/introspection/ERC165.sol"; +import {IERC721Errors} from "../../interfaces/draft-IERC6093.sol"; + +/** + * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC-721] Non-Fungible Token Standard, including + * the Metadata extension, but not including the Enumerable extension, which is available separately as + * {ERC721Enumerable}. + */ +abstract contract ERC721 is Context, ERC165, IERC721, IERC721Metadata, IERC721Errors { + using Strings for uint256; + + // Token name + string private _name; + + // Token symbol + string private _symbol; + + mapping(uint256 tokenId => address) private _owners; + + mapping(address owner => uint256) private _balances; + + mapping(uint256 tokenId => address) private _tokenApprovals; + + mapping(address owner => mapping(address operator => bool)) private _operatorApprovals; + + /** + * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection. + */ + constructor(string memory name_, string memory symbol_) { + _name = name_; + _symbol = symbol_; + } + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) { + return + interfaceId == type(IERC721).interfaceId || + interfaceId == type(IERC721Metadata).interfaceId || + super.supportsInterface(interfaceId); + } + + /** + * @dev See {IERC721-balanceOf}. + */ + function balanceOf(address owner) public view virtual returns (uint256) { + if (owner == address(0)) { + revert ERC721InvalidOwner(address(0)); + } + return _balances[owner]; + } + + /** + * @dev See {IERC721-ownerOf}. + */ + function ownerOf(uint256 tokenId) public view virtual returns (address) { + return _requireOwned(tokenId); + } + + /** + * @dev See {IERC721Metadata-name}. + */ + function name() public view virtual returns (string memory) { + return _name; + } + + /** + * @dev See {IERC721Metadata-symbol}. + */ + function symbol() public view virtual returns (string memory) { + return _symbol; + } + + /** + * @dev See {IERC721Metadata-tokenURI}. + */ + function tokenURI(uint256 tokenId) public view virtual returns (string memory) { + _requireOwned(tokenId); + + string memory baseURI = _baseURI(); + return bytes(baseURI).length > 0 ? string.concat(baseURI, tokenId.toString()) : ""; + } + + /** + * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each + * token will be the concatenation of the `baseURI` and the `tokenId`. Empty + * by default, can be overridden in child contracts. + */ + function _baseURI() internal view virtual returns (string memory) { + return ""; + } + + /** + * @dev See {IERC721-approve}. + */ + function approve(address to, uint256 tokenId) public virtual { + _approve(to, tokenId, _msgSender()); + } + + /** + * @dev See {IERC721-getApproved}. + */ + function getApproved(uint256 tokenId) public view virtual returns (address) { + _requireOwned(tokenId); + + return _getApproved(tokenId); + } + + /** + * @dev See {IERC721-setApprovalForAll}. + */ + function setApprovalForAll(address operator, bool approved) public virtual { + _setApprovalForAll(_msgSender(), operator, approved); + } + + /** + * @dev See {IERC721-isApprovedForAll}. + */ + function isApprovedForAll(address owner, address operator) public view virtual returns (bool) { + return _operatorApprovals[owner][operator]; + } + + /** + * @dev See {IERC721-transferFrom}. + */ + function transferFrom(address from, address to, uint256 tokenId) public virtual { + if (to == address(0)) { + revert ERC721InvalidReceiver(address(0)); + } + // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists + // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here. + address previousOwner = _update(to, tokenId, _msgSender()); + if (previousOwner != from) { + revert ERC721IncorrectOwner(from, tokenId, previousOwner); + } + } + + /** + * @dev See {IERC721-safeTransferFrom}. + */ + function safeTransferFrom(address from, address to, uint256 tokenId) public { + safeTransferFrom(from, to, tokenId, ""); + } + + /** + * @dev See {IERC721-safeTransferFrom}. + */ + function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual { + transferFrom(from, to, tokenId); + ERC721Utils.checkOnERC721Received(_msgSender(), from, to, tokenId, data); + } + + /** + * @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist + * + * IMPORTANT: Any overrides to this function that add ownership of tokens not tracked by the + * core ERC-721 logic MUST be matched with the use of {_increaseBalance} to keep balances + * consistent with ownership. The invariant to preserve is that for any address `a` the value returned by + * `balanceOf(a)` must be equal to the number of tokens such that `_ownerOf(tokenId)` is `a`. + */ + function _ownerOf(uint256 tokenId) internal view virtual returns (address) { + return _owners[tokenId]; + } + + /** + * @dev Returns the approved address for `tokenId`. Returns 0 if `tokenId` is not minted. + */ + function _getApproved(uint256 tokenId) internal view virtual returns (address) { + return _tokenApprovals[tokenId]; + } + + /** + * @dev Returns whether `spender` is allowed to manage `owner`'s tokens, or `tokenId` in + * particular (ignoring whether it is owned by `owner`). + * + * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this + * assumption. + */ + function _isAuthorized(address owner, address spender, uint256 tokenId) internal view virtual returns (bool) { + return + spender != address(0) && + (owner == spender || isApprovedForAll(owner, spender) || _getApproved(tokenId) == spender); + } + + /** + * @dev Checks if `spender` can operate on `tokenId`, assuming the provided `owner` is the actual owner. + * Reverts if: + * - `spender` does not have approval from `owner` for `tokenId`. + * - `spender` does not have approval to manage all of `owner`'s assets. + * + * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this + * assumption. + */ + function _checkAuthorized(address owner, address spender, uint256 tokenId) internal view virtual { + if (!_isAuthorized(owner, spender, tokenId)) { + if (owner == address(0)) { + revert ERC721NonexistentToken(tokenId); + } else { + revert ERC721InsufficientApproval(spender, tokenId); + } + } + } + + /** + * @dev Unsafe write access to the balances, used by extensions that "mint" tokens using an {ownerOf} override. + * + * NOTE: the value is limited to type(uint128).max. This protect against _balance overflow. It is unrealistic that + * a uint256 would ever overflow from increments when these increments are bounded to uint128 values. + * + * WARNING: Increasing an account's balance using this function tends to be paired with an override of the + * {_ownerOf} function to resolve the ownership of the corresponding tokens so that balances and ownership + * remain consistent with one another. + */ + function _increaseBalance(address account, uint128 value) internal virtual { + unchecked { + _balances[account] += value; + } + } + + /** + * @dev Transfers `tokenId` from its current owner to `to`, or alternatively mints (or burns) if the current owner + * (or `to`) is the zero address. Returns the owner of the `tokenId` before the update. + * + * The `auth` argument is optional. If the value passed is non 0, then this function will check that + * `auth` is either the owner of the token, or approved to operate on the token (by the owner). + * + * Emits a {Transfer} event. + * + * NOTE: If overriding this function in a way that tracks balances, see also {_increaseBalance}. + */ + function _update(address to, uint256 tokenId, address auth) internal virtual returns (address) { + address from = _ownerOf(tokenId); + + // Perform (optional) operator check + if (auth != address(0)) { + _checkAuthorized(from, auth, tokenId); + } + + // Execute the update + if (from != address(0)) { + // Clear approval. No need to re-authorize or emit the Approval event + _approve(address(0), tokenId, address(0), false); + + unchecked { + _balances[from] -= 1; + } + } + + if (to != address(0)) { + unchecked { + _balances[to] += 1; + } + } + + _owners[tokenId] = to; + + emit Transfer(from, to, tokenId); + + return from; + } + + /** + * @dev Mints `tokenId` and transfers it to `to`. + * + * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible + * + * Requirements: + * + * - `tokenId` must not exist. + * - `to` cannot be the zero address. + * + * Emits a {Transfer} event. + */ + function _mint(address to, uint256 tokenId) internal { + if (to == address(0)) { + revert ERC721InvalidReceiver(address(0)); + } + address previousOwner = _update(to, tokenId, address(0)); + if (previousOwner != address(0)) { + revert ERC721InvalidSender(address(0)); + } + } + + /** + * @dev Mints `tokenId`, transfers it to `to` and checks for `to` acceptance. + * + * Requirements: + * + * - `tokenId` must not exist. + * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. + * + * Emits a {Transfer} event. + */ + function _safeMint(address to, uint256 tokenId) internal { + _safeMint(to, tokenId, ""); + } + + /** + * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is + * forwarded in {IERC721Receiver-onERC721Received} to contract recipients. + */ + function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual { + _mint(to, tokenId); + ERC721Utils.checkOnERC721Received(_msgSender(), address(0), to, tokenId, data); + } + + /** + * @dev Destroys `tokenId`. + * The approval is cleared when the token is burned. + * This is an internal function that does not check if the sender is authorized to operate on the token. + * + * Requirements: + * + * - `tokenId` must exist. + * + * Emits a {Transfer} event. + */ + function _burn(uint256 tokenId) internal { + address previousOwner = _update(address(0), tokenId, address(0)); + if (previousOwner == address(0)) { + revert ERC721NonexistentToken(tokenId); + } + } + + /** + * @dev Transfers `tokenId` from `from` to `to`. + * As opposed to {transferFrom}, this imposes no restrictions on msg.sender. + * + * Requirements: + * + * - `to` cannot be the zero address. + * - `tokenId` token must be owned by `from`. + * + * Emits a {Transfer} event. + */ + function _transfer(address from, address to, uint256 tokenId) internal { + if (to == address(0)) { + revert ERC721InvalidReceiver(address(0)); + } + address previousOwner = _update(to, tokenId, address(0)); + if (previousOwner == address(0)) { + revert ERC721NonexistentToken(tokenId); + } else if (previousOwner != from) { + revert ERC721IncorrectOwner(from, tokenId, previousOwner); + } + } + + /** + * @dev Safely transfers `tokenId` token from `from` to `to`, checking that contract recipients + * are aware of the ERC-721 standard to prevent tokens from being forever locked. + * + * `data` is additional data, it has no specified format and it is sent in call to `to`. + * + * This internal function is like {safeTransferFrom} in the sense that it invokes + * {IERC721Receiver-onERC721Received} on the receiver, and can be used to e.g. + * implement alternative mechanisms to perform token transfer, such as signature-based. + * + * Requirements: + * + * - `tokenId` token must exist and be owned by `from`. + * - `to` cannot be the zero address. + * - `from` cannot be the zero address. + * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. + * + * Emits a {Transfer} event. + */ + function _safeTransfer(address from, address to, uint256 tokenId) internal { + _safeTransfer(from, to, tokenId, ""); + } + + /** + * @dev Same as {xref-ERC721-_safeTransfer-address-address-uint256-}[`_safeTransfer`], with an additional `data` parameter which is + * forwarded in {IERC721Receiver-onERC721Received} to contract recipients. + */ + function _safeTransfer(address from, address to, uint256 tokenId, bytes memory data) internal virtual { + _transfer(from, to, tokenId); + ERC721Utils.checkOnERC721Received(_msgSender(), from, to, tokenId, data); + } + + /** + * @dev Approve `to` to operate on `tokenId` + * + * The `auth` argument is optional. If the value passed is non 0, then this function will check that `auth` is + * either the owner of the token, or approved to operate on all tokens held by this owner. + * + * Emits an {Approval} event. + * + * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument. + */ + function _approve(address to, uint256 tokenId, address auth) internal { + _approve(to, tokenId, auth, true); + } + + /** + * @dev Variant of `_approve` with an optional flag to enable or disable the {Approval} event. The event is not + * emitted in the context of transfers. + */ + function _approve(address to, uint256 tokenId, address auth, bool emitEvent) internal virtual { + // Avoid reading the owner unless necessary + if (emitEvent || auth != address(0)) { + address owner = _requireOwned(tokenId); + + // We do not use _isAuthorized because single-token approvals should not be able to call approve + if (auth != address(0) && owner != auth && !isApprovedForAll(owner, auth)) { + revert ERC721InvalidApprover(auth); + } + + if (emitEvent) { + emit Approval(owner, to, tokenId); + } + } + + _tokenApprovals[tokenId] = to; + } + + /** + * @dev Approve `operator` to operate on all of `owner` tokens + * + * Requirements: + * - operator can't be the address zero. + * + * Emits an {ApprovalForAll} event. + */ + function _setApprovalForAll(address owner, address operator, bool approved) internal virtual { + if (operator == address(0)) { + revert ERC721InvalidOperator(operator); + } + _operatorApprovals[owner][operator] = approved; + emit ApprovalForAll(owner, operator, approved); + } + + /** + * @dev Reverts if the `tokenId` doesn't have a current owner (it hasn't been minted, or it has been burned). + * Returns the owner. + * + * Overrides to ownership logic should be done to {_ownerOf}. + */ + function _requireOwned(uint256 tokenId) internal view returns (address) { + address owner = _ownerOf(tokenId); + if (owner == address(0)) { + revert ERC721NonexistentToken(tokenId); + } + return owner; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/IERC721.sol b/dependencies/@openzeppelin/contracts/token/ERC721/IERC721.sol new file mode 100644 index 00000000..d6ab6a47 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/IERC721.sol @@ -0,0 +1,135 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "../../utils/introspection/IERC165.sol"; + +/** + * @dev Required interface of an ERC-721 compliant contract. + */ +interface IERC721 is IERC165 { + /** + * @dev Emitted when `tokenId` token is transferred from `from` to `to`. + */ + event Transfer(address indexed from, address indexed to, uint256 indexed tokenId); + + /** + * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token. + */ + event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId); + + /** + * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets. + */ + event ApprovalForAll(address indexed owner, address indexed operator, bool approved); + + /** + * @dev Returns the number of tokens in ``owner``'s account. + */ + function balanceOf(address owner) external view returns (uint256 balance); + + /** + * @dev Returns the owner of the `tokenId` token. + * + * Requirements: + * + * - `tokenId` must exist. + */ + function ownerOf(uint256 tokenId) external view returns (address owner); + + /** + * @dev Safely transfers `tokenId` token from `from` to `to`. + * + * Requirements: + * + * - `from` cannot be the zero address. + * - `to` cannot be the zero address. + * - `tokenId` token must exist and be owned by `from`. + * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}. + * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon + * a safe transfer. + * + * Emits a {Transfer} event. + */ + function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external; + + /** + * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients + * are aware of the ERC-721 protocol to prevent tokens from being forever locked. + * + * Requirements: + * + * - `from` cannot be the zero address. + * - `to` cannot be the zero address. + * - `tokenId` token must exist and be owned by `from`. + * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or + * {setApprovalForAll}. + * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon + * a safe transfer. + * + * Emits a {Transfer} event. + */ + function safeTransferFrom(address from, address to, uint256 tokenId) external; + + /** + * @dev Transfers `tokenId` token from `from` to `to`. + * + * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC-721 + * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must + * understand this adds an external call which potentially creates a reentrancy vulnerability. + * + * Requirements: + * + * - `from` cannot be the zero address. + * - `to` cannot be the zero address. + * - `tokenId` token must be owned by `from`. + * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}. + * + * Emits a {Transfer} event. + */ + function transferFrom(address from, address to, uint256 tokenId) external; + + /** + * @dev Gives permission to `to` to transfer `tokenId` token to another account. + * The approval is cleared when the token is transferred. + * + * Only a single account can be approved at a time, so approving the zero address clears previous approvals. + * + * Requirements: + * + * - The caller must own the token or be an approved operator. + * - `tokenId` must exist. + * + * Emits an {Approval} event. + */ + function approve(address to, uint256 tokenId) external; + + /** + * @dev Approve or remove `operator` as an operator for the caller. + * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller. + * + * Requirements: + * + * - The `operator` cannot be the address zero. + * + * Emits an {ApprovalForAll} event. + */ + function setApprovalForAll(address operator, bool approved) external; + + /** + * @dev Returns the account approved for `tokenId` token. + * + * Requirements: + * + * - `tokenId` must exist. + */ + function getApproved(uint256 tokenId) external view returns (address operator); + + /** + * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`. + * + * See {setApprovalForAll} + */ + function isApprovedForAll(address owner, address operator) external view returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol b/dependencies/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol new file mode 100644 index 00000000..a53d0777 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721Receiver.sol) + +pragma solidity ^0.8.20; + +/** + * @title ERC-721 token receiver interface + * @dev Interface for any contract that wants to support safeTransfers + * from ERC-721 asset contracts. + */ +interface IERC721Receiver { + /** + * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom} + * by `operator` from `from`, this function is called. + * + * It must return its Solidity selector to confirm the token transfer. + * If any other value is returned or the interface is not implemented by the recipient, the transfer will be + * reverted. + * + * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`. + */ + function onERC721Received( + address operator, + address from, + uint256 tokenId, + bytes calldata data + ) external returns (bytes4); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/README.adoc b/dependencies/@openzeppelin/contracts/token/ERC721/README.adoc new file mode 100644 index 00000000..5554720d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/README.adoc @@ -0,0 +1,69 @@ += ERC-721 + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/token/erc721 + +This set of interfaces, contracts, and utilities are all related to the https://eips.ethereum.org/EIPS/eip-721[ERC-721 Non-Fungible Token Standard]. + +TIP: For a walk through on how to create an ERC-721 token read our xref:ROOT:erc721.adoc[ERC-721 guide]. + +The ERC specifies four interfaces: + +* {IERC721}: Core functionality required in all compliant implementation. +* {IERC721Metadata}: Optional extension that adds name, symbol, and token URI, almost always included. +* {IERC721Enumerable}: Optional extension that allows enumerating the tokens on chain, often not included since it requires large gas overhead. +* {IERC721Receiver}: An interface that must be implemented by contracts if they want to accept tokens through `safeTransferFrom`. + +OpenZeppelin Contracts provides implementations of all four interfaces: + +* {ERC721}: The core and metadata extensions, with a base URI mechanism. +* {ERC721Enumerable}: The enumerable extension. +* {ERC721Holder}: A bare bones implementation of the receiver interface. + +Additionally there are a few of other extensions: + +* {ERC721Consecutive}: An implementation of https://eips.ethereum.org/EIPS/eip-2309[ERC-2309] for minting batchs of tokens during construction, in accordance with ERC-721. +* {ERC721URIStorage}: A more flexible but more expensive way of storing metadata. +* {ERC721Votes}: Support for voting and vote delegation. +* {ERC721Royalty}: A way to signal royalty information following ERC-2981. +* {ERC721Pausable}: A primitive to pause contract operation. +* {ERC721Burnable}: A way for token holders to burn their own tokens. +* {ERC721Wrapper}: Wrapper to create an ERC-721 backed by another ERC-721, with deposit and withdraw methods. Useful in conjunction with {ERC721Votes}. + +NOTE: This core set of contracts is designed to be unopinionated, allowing developers to access the internal functions in ERC-721 (such as <>) and expose them as external functions in the way they prefer. + +== Core + +{{IERC721}} + +{{IERC721Metadata}} + +{{IERC721Enumerable}} + +{{ERC721}} + +{{ERC721Enumerable}} + +{{IERC721Receiver}} + +== Extensions + +{{ERC721Pausable}} + +{{ERC721Burnable}} + +{{ERC721Consecutive}} + +{{ERC721URIStorage}} + +{{ERC721Votes}} + +{{ERC721Royalty}} + +{{ERC721Wrapper}} + +== Utilities + +{{ERC721Holder}} + +{{ERC721Utils}} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol new file mode 100644 index 00000000..65cfc744 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Burnable.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {Context} from "../../../utils/Context.sol"; + +/** + * @title ERC-721 Burnable Token + * @dev ERC-721 Token that can be burned (destroyed). + */ +abstract contract ERC721Burnable is Context, ERC721 { + /** + * @dev Burns `tokenId`. See {ERC721-_burn}. + * + * Requirements: + * + * - The caller must own `tokenId` or be an approved operator. + */ + function burn(uint256 tokenId) public virtual { + // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists + // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here. + _update(address(0), tokenId, _msgSender()); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Consecutive.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Consecutive.sol new file mode 100644 index 00000000..8508a79f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Consecutive.sol @@ -0,0 +1,176 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Consecutive.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {IERC2309} from "../../../interfaces/IERC2309.sol"; +import {BitMaps} from "../../../utils/structs/BitMaps.sol"; +import {Checkpoints} from "../../../utils/structs/Checkpoints.sol"; + +/** + * @dev Implementation of the ERC-2309 "Consecutive Transfer Extension" as defined in + * https://eips.ethereum.org/EIPS/eip-2309[ERC-2309]. + * + * This extension allows the minting of large batches of tokens, during contract construction only. For upgradeable + * contracts this implies that batch minting is only available during proxy deployment, and not in subsequent upgrades. + * These batches are limited to 5000 tokens at a time by default to accommodate off-chain indexers. + * + * Using this extension removes the ability to mint single tokens during contract construction. This ability is + * regained after construction. During construction, only batch minting is allowed. + * + * IMPORTANT: This extension does not call the {_update} function for tokens minted in batch. Any logic added to this + * function through overrides will not be triggered when token are minted in batch. You may want to also override + * {_increaseBalance} or {_mintConsecutive} to account for these mints. + * + * IMPORTANT: When overriding {_mintConsecutive}, be careful about call ordering. {ownerOf} may return invalid + * values during the {_mintConsecutive} execution if the super call is not called first. To be safe, execute the + * super call before your custom logic. + */ +abstract contract ERC721Consecutive is IERC2309, ERC721 { + using BitMaps for BitMaps.BitMap; + using Checkpoints for Checkpoints.Trace160; + + Checkpoints.Trace160 private _sequentialOwnership; + BitMaps.BitMap private _sequentialBurn; + + /** + * @dev Batch mint is restricted to the constructor. + * Any batch mint not emitting the {IERC721-Transfer} event outside of the constructor + * is non ERC-721 compliant. + */ + error ERC721ForbiddenBatchMint(); + + /** + * @dev Exceeds the max amount of mints per batch. + */ + error ERC721ExceededMaxBatchMint(uint256 batchSize, uint256 maxBatch); + + /** + * @dev Individual minting is not allowed. + */ + error ERC721ForbiddenMint(); + + /** + * @dev Batch burn is not supported. + */ + error ERC721ForbiddenBatchBurn(); + + /** + * @dev Maximum size of a batch of consecutive tokens. This is designed to limit stress on off-chain indexing + * services that have to record one entry per token, and have protections against "unreasonably large" batches of + * tokens. + * + * NOTE: Overriding the default value of 5000 will not cause on-chain issues, but may result in the asset not being + * correctly supported by off-chain indexing services (including marketplaces). + */ + function _maxBatchSize() internal view virtual returns (uint96) { + return 5000; + } + + /** + * @dev See {ERC721-_ownerOf}. Override that checks the sequential ownership structure for tokens that have + * been minted as part of a batch, and not yet transferred. + */ + function _ownerOf(uint256 tokenId) internal view virtual override returns (address) { + address owner = super._ownerOf(tokenId); + + // If token is owned by the core, or beyond consecutive range, return base value + if (owner != address(0) || tokenId > type(uint96).max || tokenId < _firstConsecutiveId()) { + return owner; + } + + // Otherwise, check the token was not burned, and fetch ownership from the anchors + // Note: no need for safe cast, we know that tokenId <= type(uint96).max + return _sequentialBurn.get(tokenId) ? address(0) : address(_sequentialOwnership.lowerLookup(uint96(tokenId))); + } + + /** + * @dev Mint a batch of tokens of length `batchSize` for `to`. Returns the token id of the first token minted in the + * batch; if `batchSize` is 0, returns the number of consecutive ids minted so far. + * + * Requirements: + * + * - `batchSize` must not be greater than {_maxBatchSize}. + * - The function is called in the constructor of the contract (directly or indirectly). + * + * CAUTION: Does not emit a `Transfer` event. This is ERC-721 compliant as long as it is done inside of the + * constructor, which is enforced by this function. + * + * CAUTION: Does not invoke `onERC721Received` on the receiver. + * + * Emits a {IERC2309-ConsecutiveTransfer} event. + */ + function _mintConsecutive(address to, uint96 batchSize) internal virtual returns (uint96) { + uint96 next = _nextConsecutiveId(); + + // minting a batch of size 0 is a no-op + if (batchSize > 0) { + if (address(this).code.length > 0) { + revert ERC721ForbiddenBatchMint(); + } + if (to == address(0)) { + revert ERC721InvalidReceiver(address(0)); + } + + uint256 maxBatchSize = _maxBatchSize(); + if (batchSize > maxBatchSize) { + revert ERC721ExceededMaxBatchMint(batchSize, maxBatchSize); + } + + // push an ownership checkpoint & emit event + uint96 last = next + batchSize - 1; + _sequentialOwnership.push(last, uint160(to)); + + // The invariant required by this function is preserved because the new sequentialOwnership checkpoint + // is attributing ownership of `batchSize` new tokens to account `to`. + _increaseBalance(to, batchSize); + + emit ConsecutiveTransfer(next, last, address(0), to); + } + + return next; + } + + /** + * @dev See {ERC721-_update}. Override version that restricts normal minting to after construction. + * + * WARNING: Using {ERC721Consecutive} prevents minting during construction in favor of {_mintConsecutive}. + * After construction, {_mintConsecutive} is no longer available and minting through {_update} becomes available. + */ + function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) { + address previousOwner = super._update(to, tokenId, auth); + + // only mint after construction + if (previousOwner == address(0) && address(this).code.length == 0) { + revert ERC721ForbiddenMint(); + } + + // record burn + if ( + to == address(0) && // if we burn + tokenId < _nextConsecutiveId() && // and the tokenId was minted in a batch + !_sequentialBurn.get(tokenId) // and the token was never marked as burnt + ) { + _sequentialBurn.set(tokenId); + } + + return previousOwner; + } + + /** + * @dev Used to offset the first token id in {_nextConsecutiveId} + */ + function _firstConsecutiveId() internal view virtual returns (uint96) { + return 0; + } + + /** + * @dev Returns the next tokenId to mint using {_mintConsecutive}. It will return {_firstConsecutiveId} + * if no consecutive tokenId has been minted before. + */ + function _nextConsecutiveId() private view returns (uint96) { + (bool exists, uint96 latestId, ) = _sequentialOwnership.latestCheckpoint(); + return exists ? latestId + 1 : _firstConsecutiveId(); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol new file mode 100644 index 00000000..1bd43752 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Enumerable.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {IERC721Enumerable} from "./IERC721Enumerable.sol"; +import {IERC165} from "../../../utils/introspection/ERC165.sol"; + +/** + * @dev This implements an optional extension of {ERC721} defined in the ERC that adds enumerability + * of all the token ids in the contract as well as all token ids owned by each account. + * + * CAUTION: {ERC721} extensions that implement custom `balanceOf` logic, such as {ERC721Consecutive}, + * interfere with enumerability and should not be used together with {ERC721Enumerable}. + */ +abstract contract ERC721Enumerable is ERC721, IERC721Enumerable { + mapping(address owner => mapping(uint256 index => uint256)) private _ownedTokens; + mapping(uint256 tokenId => uint256) private _ownedTokensIndex; + + uint256[] private _allTokens; + mapping(uint256 tokenId => uint256) private _allTokensIndex; + + /** + * @dev An `owner`'s token query was out of bounds for `index`. + * + * NOTE: The owner being `address(0)` indicates a global out of bounds index. + */ + error ERC721OutOfBoundsIndex(address owner, uint256 index); + + /** + * @dev Batch mint is not allowed. + */ + error ERC721EnumerableForbiddenBatchMint(); + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC721) returns (bool) { + return interfaceId == type(IERC721Enumerable).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @dev See {IERC721Enumerable-tokenOfOwnerByIndex}. + */ + function tokenOfOwnerByIndex(address owner, uint256 index) public view virtual returns (uint256) { + if (index >= balanceOf(owner)) { + revert ERC721OutOfBoundsIndex(owner, index); + } + return _ownedTokens[owner][index]; + } + + /** + * @dev See {IERC721Enumerable-totalSupply}. + */ + function totalSupply() public view virtual returns (uint256) { + return _allTokens.length; + } + + /** + * @dev See {IERC721Enumerable-tokenByIndex}. + */ + function tokenByIndex(uint256 index) public view virtual returns (uint256) { + if (index >= totalSupply()) { + revert ERC721OutOfBoundsIndex(address(0), index); + } + return _allTokens[index]; + } + + /** + * @dev See {ERC721-_update}. + */ + function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) { + address previousOwner = super._update(to, tokenId, auth); + + if (previousOwner == address(0)) { + _addTokenToAllTokensEnumeration(tokenId); + } else if (previousOwner != to) { + _removeTokenFromOwnerEnumeration(previousOwner, tokenId); + } + if (to == address(0)) { + _removeTokenFromAllTokensEnumeration(tokenId); + } else if (previousOwner != to) { + _addTokenToOwnerEnumeration(to, tokenId); + } + + return previousOwner; + } + + /** + * @dev Private function to add a token to this extension's ownership-tracking data structures. + * @param to address representing the new owner of the given token ID + * @param tokenId uint256 ID of the token to be added to the tokens list of the given address + */ + function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private { + uint256 length = balanceOf(to) - 1; + _ownedTokens[to][length] = tokenId; + _ownedTokensIndex[tokenId] = length; + } + + /** + * @dev Private function to add a token to this extension's token tracking data structures. + * @param tokenId uint256 ID of the token to be added to the tokens list + */ + function _addTokenToAllTokensEnumeration(uint256 tokenId) private { + _allTokensIndex[tokenId] = _allTokens.length; + _allTokens.push(tokenId); + } + + /** + * @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that + * while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for + * gas optimizations e.g. when performing a transfer operation (avoiding double writes). + * This has O(1) time complexity, but alters the order of the _ownedTokens array. + * @param from address representing the previous owner of the given token ID + * @param tokenId uint256 ID of the token to be removed from the tokens list of the given address + */ + function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private { + // To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and + // then delete the last slot (swap and pop). + + uint256 lastTokenIndex = balanceOf(from); + uint256 tokenIndex = _ownedTokensIndex[tokenId]; + + mapping(uint256 index => uint256) storage _ownedTokensByOwner = _ownedTokens[from]; + + // When the token to delete is the last token, the swap operation is unnecessary + if (tokenIndex != lastTokenIndex) { + uint256 lastTokenId = _ownedTokensByOwner[lastTokenIndex]; + + _ownedTokensByOwner[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token + _ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index + } + + // This also deletes the contents at the last position of the array + delete _ownedTokensIndex[tokenId]; + delete _ownedTokensByOwner[lastTokenIndex]; + } + + /** + * @dev Private function to remove a token from this extension's token tracking data structures. + * This has O(1) time complexity, but alters the order of the _allTokens array. + * @param tokenId uint256 ID of the token to be removed from the tokens list + */ + function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private { + // To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and + // then delete the last slot (swap and pop). + + uint256 lastTokenIndex = _allTokens.length - 1; + uint256 tokenIndex = _allTokensIndex[tokenId]; + + // When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so + // rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding + // an 'if' statement (like in _removeTokenFromOwnerEnumeration) + uint256 lastTokenId = _allTokens[lastTokenIndex]; + + _allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token + _allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index + + // This also deletes the contents at the last position of the array + delete _allTokensIndex[tokenId]; + _allTokens.pop(); + } + + /** + * See {ERC721-_increaseBalance}. We need that to account tokens that were minted in batch + */ + function _increaseBalance(address account, uint128 amount) internal virtual override { + if (amount > 0) { + revert ERC721EnumerableForbiddenBatchMint(); + } + super._increaseBalance(account, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Pausable.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Pausable.sol new file mode 100644 index 00000000..81619c7f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Pausable.sol @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Pausable.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; + +/** + * @dev ERC-721 token with pausable token transfers, minting and burning. + * + * Useful for scenarios such as preventing trades until the end of an evaluation + * period, or having an emergency switch for freezing all token transfers in the + * event of a large bug. + * + * IMPORTANT: This contract does not include public pause and unpause functions. In + * addition to inheriting this contract, you must define both functions, invoking the + * {Pausable-_pause} and {Pausable-_unpause} internal functions, with appropriate + * access control, e.g. using {AccessControl} or {Ownable}. Not doing so will + * make the contract pause mechanism of the contract unreachable, and thus unusable. + */ +abstract contract ERC721Pausable is ERC721, Pausable { + /** + * @dev See {ERC721-_update}. + * + * Requirements: + * + * - the contract must not be paused. + */ + function _update( + address to, + uint256 tokenId, + address auth + ) internal virtual override whenNotPaused returns (address) { + return super._update(to, tokenId, auth); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Royalty.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Royalty.sol new file mode 100644 index 00000000..1e0b25af --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Royalty.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Royalty.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {ERC2981} from "../../common/ERC2981.sol"; + +/** + * @dev Extension of ERC-721 with the ERC-2981 NFT Royalty Standard, a standardized way to retrieve royalty payment + * information. + * + * Royalty information can be specified globally for all token ids via {ERC2981-_setDefaultRoyalty}, and/or individually + * for specific token ids via {ERC2981-_setTokenRoyalty}. The latter takes precedence over the first. + * + * IMPORTANT: ERC-2981 only specifies a way to signal royalty information and does not enforce its payment. See + * https://eips.ethereum.org/EIPS/eip-2981#optional-royalty-payments[Rationale] in the ERC. Marketplaces are expected to + * voluntarily pay royalties together with sales, but note that this standard is not yet widely supported. + */ +abstract contract ERC721Royalty is ERC2981, ERC721 { + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC721, ERC2981) returns (bool) { + return super.supportsInterface(interfaceId); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol new file mode 100644 index 00000000..562f815c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721URIStorage.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {Strings} from "../../../utils/Strings.sol"; +import {IERC4906} from "../../../interfaces/IERC4906.sol"; +import {IERC165} from "../../../interfaces/IERC165.sol"; + +/** + * @dev ERC-721 token with storage based token URI management. + */ +abstract contract ERC721URIStorage is IERC4906, ERC721 { + using Strings for uint256; + + // Interface ID as defined in ERC-4906. This does not correspond to a traditional interface ID as ERC-4906 only + // defines events and does not include any external function. + bytes4 private constant ERC4906_INTERFACE_ID = bytes4(0x49064906); + + // Optional mapping for token URIs + mapping(uint256 tokenId => string) private _tokenURIs; + + /** + * @dev See {IERC165-supportsInterface} + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(ERC721, IERC165) returns (bool) { + return interfaceId == ERC4906_INTERFACE_ID || super.supportsInterface(interfaceId); + } + + /** + * @dev See {IERC721Metadata-tokenURI}. + */ + function tokenURI(uint256 tokenId) public view virtual override returns (string memory) { + _requireOwned(tokenId); + + string memory _tokenURI = _tokenURIs[tokenId]; + string memory base = _baseURI(); + + // If there is no base URI, return the token URI. + if (bytes(base).length == 0) { + return _tokenURI; + } + // If both are set, concatenate the baseURI and tokenURI (via string.concat). + if (bytes(_tokenURI).length > 0) { + return string.concat(base, _tokenURI); + } + + return super.tokenURI(tokenId); + } + + /** + * @dev Sets `_tokenURI` as the tokenURI of `tokenId`. + * + * Emits {MetadataUpdate}. + */ + function _setTokenURI(uint256 tokenId, string memory _tokenURI) internal virtual { + _tokenURIs[tokenId] = _tokenURI; + emit MetadataUpdate(tokenId); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Votes.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Votes.sol new file mode 100644 index 00000000..4962cb00 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Votes.sol @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Votes.sol) + +pragma solidity ^0.8.20; + +import {ERC721} from "../ERC721.sol"; +import {Votes} from "../../../governance/utils/Votes.sol"; + +/** + * @dev Extension of ERC-721 to support voting and delegation as implemented by {Votes}, where each individual NFT counts + * as 1 vote unit. + * + * Tokens do not count as votes until they are delegated, because votes must be tracked which incurs an additional cost + * on every transfer. Token holders can either delegate to a trusted representative who will decide how to make use of + * the votes in governance decisions, or they can delegate to themselves to be their own representative. + */ +abstract contract ERC721Votes is ERC721, Votes { + /** + * @dev See {ERC721-_update}. Adjusts votes when tokens are transferred. + * + * Emits a {IVotes-DelegateVotesChanged} event. + */ + function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) { + address previousOwner = super._update(to, tokenId, auth); + + _transferVotingUnits(previousOwner, to, 1); + + return previousOwner; + } + + /** + * @dev Returns the balance of `account`. + * + * WARNING: Overriding this function will likely result in incorrect vote tracking. + */ + function _getVotingUnits(address account) internal view virtual override returns (uint256) { + return balanceOf(account); + } + + /** + * @dev See {ERC721-_increaseBalance}. We need that to account tokens that were minted in batch. + */ + function _increaseBalance(address account, uint128 amount) internal virtual override { + super._increaseBalance(account, amount); + _transferVotingUnits(address(0), account, amount); + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Wrapper.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Wrapper.sol new file mode 100644 index 00000000..0a8acacb --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/ERC721Wrapper.sol @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Wrapper.sol) + +pragma solidity ^0.8.20; + +import {IERC721, ERC721} from "../ERC721.sol"; +import {IERC721Receiver} from "../IERC721Receiver.sol"; + +/** + * @dev Extension of the ERC-721 token contract to support token wrapping. + * + * Users can deposit and withdraw an "underlying token" and receive a "wrapped token" with a matching tokenId. This is + * useful in conjunction with other modules. For example, combining this wrapping mechanism with {ERC721Votes} will allow + * the wrapping of an existing "basic" ERC-721 into a governance token. + */ +abstract contract ERC721Wrapper is ERC721, IERC721Receiver { + IERC721 private immutable _underlying; + + /** + * @dev The received ERC-721 token couldn't be wrapped. + */ + error ERC721UnsupportedToken(address token); + + constructor(IERC721 underlyingToken) { + _underlying = underlyingToken; + } + + /** + * @dev Allow a user to deposit underlying tokens and mint the corresponding tokenIds. + */ + function depositFor(address account, uint256[] memory tokenIds) public virtual returns (bool) { + uint256 length = tokenIds.length; + for (uint256 i = 0; i < length; ++i) { + uint256 tokenId = tokenIds[i]; + + // This is an "unsafe" transfer that doesn't call any hook on the receiver. With underlying() being trusted + // (by design of this contract) and no other contracts expected to be called from there, we are safe. + // slither-disable-next-line reentrancy-no-eth + underlying().transferFrom(_msgSender(), address(this), tokenId); + _safeMint(account, tokenId); + } + + return true; + } + + /** + * @dev Allow a user to burn wrapped tokens and withdraw the corresponding tokenIds of the underlying tokens. + */ + function withdrawTo(address account, uint256[] memory tokenIds) public virtual returns (bool) { + uint256 length = tokenIds.length; + for (uint256 i = 0; i < length; ++i) { + uint256 tokenId = tokenIds[i]; + // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists + // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here. + _update(address(0), tokenId, _msgSender()); + // Checks were already performed at this point, and there's no way to retake ownership or approval from + // the wrapped tokenId after this point, so it's safe to remove the reentrancy check for the next line. + // slither-disable-next-line reentrancy-no-eth + underlying().safeTransferFrom(address(this), account, tokenId); + } + + return true; + } + + /** + * @dev Overrides {IERC721Receiver-onERC721Received} to allow minting on direct ERC-721 transfers to + * this contract. + * + * In case there's data attached, it validates that the operator is this contract, so only trusted data + * is accepted from {depositFor}. + * + * WARNING: Doesn't work with unsafe transfers (eg. {IERC721-transferFrom}). Use {ERC721Wrapper-_recover} + * for recovering in that scenario. + */ + function onERC721Received(address, address from, uint256 tokenId, bytes memory) public virtual returns (bytes4) { + if (address(underlying()) != _msgSender()) { + revert ERC721UnsupportedToken(_msgSender()); + } + _safeMint(from, tokenId); + return IERC721Receiver.onERC721Received.selector; + } + + /** + * @dev Mint a wrapped token to cover any underlyingToken that would have been transferred by mistake. Internal + * function that can be exposed with access control if desired. + */ + function _recover(address account, uint256 tokenId) internal virtual returns (uint256) { + address owner = underlying().ownerOf(tokenId); + if (owner != address(this)) { + revert ERC721IncorrectOwner(address(this), tokenId, owner); + } + _safeMint(account, tokenId); + return tokenId; + } + + /** + * @dev Returns the underlying token. + */ + function underlying() public view virtual returns (IERC721) { + return _underlying; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol new file mode 100644 index 00000000..7a09cc6a --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/IERC721Enumerable.sol) + +pragma solidity ^0.8.20; + +import {IERC721} from "../IERC721.sol"; + +/** + * @title ERC-721 Non-Fungible Token Standard, optional enumeration extension + * @dev See https://eips.ethereum.org/EIPS/eip-721 + */ +interface IERC721Enumerable is IERC721 { + /** + * @dev Returns the total amount of tokens stored by the contract. + */ + function totalSupply() external view returns (uint256); + + /** + * @dev Returns a token ID owned by `owner` at a given `index` of its token list. + * Use along with {balanceOf} to enumerate all of ``owner``'s tokens. + */ + function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256); + + /** + * @dev Returns a token ID at a given `index` of all the tokens stored by the contract. + * Use along with {totalSupply} to enumerate all tokens. + */ + function tokenByIndex(uint256 index) external view returns (uint256); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol new file mode 100644 index 00000000..e9e00fab --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/IERC721Metadata.sol) + +pragma solidity ^0.8.20; + +import {IERC721} from "../IERC721.sol"; + +/** + * @title ERC-721 Non-Fungible Token Standard, optional metadata extension + * @dev See https://eips.ethereum.org/EIPS/eip-721 + */ +interface IERC721Metadata is IERC721 { + /** + * @dev Returns the token collection name. + */ + function name() external view returns (string memory); + + /** + * @dev Returns the token collection symbol. + */ + function symbol() external view returns (string memory); + + /** + * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token. + */ + function tokenURI(uint256 tokenId) external view returns (string memory); +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol b/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol new file mode 100644 index 00000000..6bb23ace --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/utils/ERC721Holder.sol) + +pragma solidity ^0.8.20; + +import {IERC721Receiver} from "../IERC721Receiver.sol"; + +/** + * @dev Implementation of the {IERC721Receiver} interface. + * + * Accepts all token transfers. + * Make sure the contract is able to use its token with {IERC721-safeTransferFrom}, {IERC721-approve} or + * {IERC721-setApprovalForAll}. + */ +abstract contract ERC721Holder is IERC721Receiver { + /** + * @dev See {IERC721Receiver-onERC721Received}. + * + * Always returns `IERC721Receiver.onERC721Received.selector`. + */ + function onERC721Received(address, address, uint256, bytes memory) public virtual returns (bytes4) { + return this.onERC721Received.selector; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Utils.sol b/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Utils.sol new file mode 100644 index 00000000..0e18f5cc --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/ERC721/utils/ERC721Utils.sol @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {IERC721Receiver} from "../IERC721Receiver.sol"; +import {IERC721Errors} from "../../../interfaces/draft-IERC6093.sol"; + +/** + * @dev Library that provide common ERC-721 utility functions. + * + * See https://eips.ethereum.org/EIPS/eip-721[ERC-721]. + * + * _Available since v5.1._ + */ +library ERC721Utils { + /** + * @dev Performs an acceptance check for the provided `operator` by calling {IERC721-onERC721Received} + * on the `to` address. The `operator` is generally the address that initiated the token transfer (i.e. `msg.sender`). + * + * The acceptance call is not executed and treated as a no-op if the target address doesn't contain code (i.e. an EOA). + * Otherwise, the recipient must implement {IERC721Receiver-onERC721Received} and return the acceptance magic value to accept + * the transfer. + */ + function checkOnERC721Received( + address operator, + address from, + address to, + uint256 tokenId, + bytes memory data + ) internal { + if (to.code.length > 0) { + try IERC721Receiver(to).onERC721Received(operator, from, tokenId, data) returns (bytes4 retval) { + if (retval != IERC721Receiver.onERC721Received.selector) { + // Token rejected + revert IERC721Errors.ERC721InvalidReceiver(to); + } + } catch (bytes memory reason) { + if (reason.length == 0) { + // non-IERC721Receiver implementer + revert IERC721Errors.ERC721InvalidReceiver(to); + } else { + assembly ("memory-safe") { + revert(add(32, reason), mload(reason)) + } + } + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/token/common/ERC2981.sol b/dependencies/@openzeppelin/contracts/token/common/ERC2981.sol new file mode 100644 index 00000000..7f56b275 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/common/ERC2981.sol @@ -0,0 +1,143 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (token/common/ERC2981.sol) + +pragma solidity ^0.8.20; + +import {IERC2981} from "../../interfaces/IERC2981.sol"; +import {IERC165, ERC165} from "../../utils/introspection/ERC165.sol"; + +/** + * @dev Implementation of the NFT Royalty Standard, a standardized way to retrieve royalty payment information. + * + * Royalty information can be specified globally for all token ids via {_setDefaultRoyalty}, and/or individually for + * specific token ids via {_setTokenRoyalty}. The latter takes precedence over the first. + * + * Royalty is specified as a fraction of sale price. {_feeDenominator} is overridable but defaults to 10000, meaning the + * fee is specified in basis points by default. + * + * IMPORTANT: ERC-2981 only specifies a way to signal royalty information and does not enforce its payment. See + * https://eips.ethereum.org/EIPS/eip-2981#optional-royalty-payments[Rationale] in the ERC. Marketplaces are expected to + * voluntarily pay royalties together with sales, but note that this standard is not yet widely supported. + */ +abstract contract ERC2981 is IERC2981, ERC165 { + struct RoyaltyInfo { + address receiver; + uint96 royaltyFraction; + } + + RoyaltyInfo private _defaultRoyaltyInfo; + mapping(uint256 tokenId => RoyaltyInfo) private _tokenRoyaltyInfo; + + /** + * @dev The default royalty set is invalid (eg. (numerator / denominator) >= 1). + */ + error ERC2981InvalidDefaultRoyalty(uint256 numerator, uint256 denominator); + + /** + * @dev The default royalty receiver is invalid. + */ + error ERC2981InvalidDefaultRoyaltyReceiver(address receiver); + + /** + * @dev The royalty set for an specific `tokenId` is invalid (eg. (numerator / denominator) >= 1). + */ + error ERC2981InvalidTokenRoyalty(uint256 tokenId, uint256 numerator, uint256 denominator); + + /** + * @dev The royalty receiver for `tokenId` is invalid. + */ + error ERC2981InvalidTokenRoyaltyReceiver(uint256 tokenId, address receiver); + + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC165) returns (bool) { + return interfaceId == type(IERC2981).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * @inheritdoc IERC2981 + */ + function royaltyInfo( + uint256 tokenId, + uint256 salePrice + ) public view virtual returns (address receiver, uint256 amount) { + RoyaltyInfo storage _royaltyInfo = _tokenRoyaltyInfo[tokenId]; + address royaltyReceiver = _royaltyInfo.receiver; + uint96 royaltyFraction = _royaltyInfo.royaltyFraction; + + if (royaltyReceiver == address(0)) { + royaltyReceiver = _defaultRoyaltyInfo.receiver; + royaltyFraction = _defaultRoyaltyInfo.royaltyFraction; + } + + uint256 royaltyAmount = (salePrice * royaltyFraction) / _feeDenominator(); + + return (royaltyReceiver, royaltyAmount); + } + + /** + * @dev The denominator with which to interpret the fee set in {_setTokenRoyalty} and {_setDefaultRoyalty} as a + * fraction of the sale price. Defaults to 10000 so fees are expressed in basis points, but may be customized by an + * override. + */ + function _feeDenominator() internal pure virtual returns (uint96) { + return 10000; + } + + /** + * @dev Sets the royalty information that all ids in this contract will default to. + * + * Requirements: + * + * - `receiver` cannot be the zero address. + * - `feeNumerator` cannot be greater than the fee denominator. + */ + function _setDefaultRoyalty(address receiver, uint96 feeNumerator) internal virtual { + uint256 denominator = _feeDenominator(); + if (feeNumerator > denominator) { + // Royalty fee will exceed the sale price + revert ERC2981InvalidDefaultRoyalty(feeNumerator, denominator); + } + if (receiver == address(0)) { + revert ERC2981InvalidDefaultRoyaltyReceiver(address(0)); + } + + _defaultRoyaltyInfo = RoyaltyInfo(receiver, feeNumerator); + } + + /** + * @dev Removes default royalty information. + */ + function _deleteDefaultRoyalty() internal virtual { + delete _defaultRoyaltyInfo; + } + + /** + * @dev Sets the royalty information for a specific token id, overriding the global default. + * + * Requirements: + * + * - `receiver` cannot be the zero address. + * - `feeNumerator` cannot be greater than the fee denominator. + */ + function _setTokenRoyalty(uint256 tokenId, address receiver, uint96 feeNumerator) internal virtual { + uint256 denominator = _feeDenominator(); + if (feeNumerator > denominator) { + // Royalty fee will exceed the sale price + revert ERC2981InvalidTokenRoyalty(tokenId, feeNumerator, denominator); + } + if (receiver == address(0)) { + revert ERC2981InvalidTokenRoyaltyReceiver(tokenId, address(0)); + } + + _tokenRoyaltyInfo[tokenId] = RoyaltyInfo(receiver, feeNumerator); + } + + /** + * @dev Resets royalty information for the token id back to the global default. + */ + function _resetTokenRoyalty(uint256 tokenId) internal virtual { + delete _tokenRoyaltyInfo[tokenId]; + } +} diff --git a/dependencies/@openzeppelin/contracts/token/common/README.adoc b/dependencies/@openzeppelin/contracts/token/common/README.adoc new file mode 100644 index 00000000..a70d90dd --- /dev/null +++ b/dependencies/@openzeppelin/contracts/token/common/README.adoc @@ -0,0 +1,10 @@ += Common (Tokens) + +Functionality that is common to multiple token standards. + +* {ERC2981}: NFT Royalties compatible with both ERC-721 and ERC-1155. +** For ERC-721 consider {ERC721Royalty} which clears the royalty information from storage on burn. + +== Contracts + +{{ERC2981}} diff --git a/dependencies/@openzeppelin/contracts/utils/Address.sol b/dependencies/@openzeppelin/contracts/utils/Address.sol new file mode 100644 index 00000000..40f01a93 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Address.sol @@ -0,0 +1,150 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol) + +pragma solidity ^0.8.20; + +import {Errors} from "./Errors.sol"; + +/** + * @dev Collection of functions related to the address type + */ +library Address { + /** + * @dev There's no code at `target` (it is not a contract). + */ + error AddressEmptyCode(address target); + + /** + * @dev Replacement for Solidity's `transfer`: sends `amount` wei to + * `recipient`, forwarding all available gas and reverting on errors. + * + * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost + * of certain opcodes, possibly making contracts go over the 2300 gas limit + * imposed by `transfer`, making them unable to receive funds via + * `transfer`. {sendValue} removes this limitation. + * + * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more]. + * + * IMPORTANT: because control is transferred to `recipient`, care must be + * taken to not create reentrancy vulnerabilities. Consider using + * {ReentrancyGuard} or the + * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. + */ + function sendValue(address payable recipient, uint256 amount) internal { + if (address(this).balance < amount) { + revert Errors.InsufficientBalance(address(this).balance, amount); + } + + (bool success, ) = recipient.call{value: amount}(""); + if (!success) { + revert Errors.FailedCall(); + } + } + + /** + * @dev Performs a Solidity function call using a low level `call`. A + * plain `call` is an unsafe replacement for a function call: use this + * function instead. + * + * If `target` reverts with a revert reason or custom error, it is bubbled + * up by this function (like regular Solidity function calls). However, if + * the call reverted with no returned reason, this function reverts with a + * {Errors.FailedCall} error. + * + * Returns the raw returned data. To convert to the expected return value, + * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. + * + * Requirements: + * + * - `target` must be a contract. + * - calling `target` with `data` must not revert. + */ + function functionCall(address target, bytes memory data) internal returns (bytes memory) { + return functionCallWithValue(target, data, 0); + } + + /** + * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], + * but also transferring `value` wei to `target`. + * + * Requirements: + * + * - the calling contract must have an ETH balance of at least `value`. + * - the called Solidity function must be `payable`. + */ + function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { + if (address(this).balance < value) { + revert Errors.InsufficientBalance(address(this).balance, value); + } + (bool success, bytes memory returndata) = target.call{value: value}(data); + return verifyCallResultFromTarget(target, success, returndata); + } + + /** + * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], + * but performing a static call. + */ + function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { + (bool success, bytes memory returndata) = target.staticcall(data); + return verifyCallResultFromTarget(target, success, returndata); + } + + /** + * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], + * but performing a delegate call. + */ + function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { + (bool success, bytes memory returndata) = target.delegatecall(data); + return verifyCallResultFromTarget(target, success, returndata); + } + + /** + * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target + * was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case + * of an unsuccessful call. + */ + function verifyCallResultFromTarget( + address target, + bool success, + bytes memory returndata + ) internal view returns (bytes memory) { + if (!success) { + _revert(returndata); + } else { + // only check if target is a contract if the call was successful and the return data is empty + // otherwise we already know that it was a contract + if (returndata.length == 0 && target.code.length == 0) { + revert AddressEmptyCode(target); + } + return returndata; + } + } + + /** + * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the + * revert reason or with a default {Errors.FailedCall} error. + */ + function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) { + if (!success) { + _revert(returndata); + } else { + return returndata; + } + } + + /** + * @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}. + */ + function _revert(bytes memory returndata) private pure { + // Look for revert reason and bubble it up if present + if (returndata.length > 0) { + // The easiest way to bubble the revert reason is using memory via assembly + assembly ("memory-safe") { + let returndata_size := mload(returndata) + revert(add(32, returndata), returndata_size) + } + } else { + revert Errors.FailedCall(); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Arrays.sol b/dependencies/@openzeppelin/contracts/utils/Arrays.sol new file mode 100644 index 00000000..432c8602 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Arrays.sol @@ -0,0 +1,482 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Arrays.sol) +// This file was procedurally generated from scripts/generate/templates/Arrays.js. + +pragma solidity ^0.8.20; + +import {Comparators} from "./Comparators.sol"; +import {SlotDerivation} from "./SlotDerivation.sol"; +import {StorageSlot} from "./StorageSlot.sol"; +import {Math} from "./math/Math.sol"; + +/** + * @dev Collection of functions related to array types. + */ +library Arrays { + using SlotDerivation for bytes32; + using StorageSlot for bytes32; + + /** + * @dev Sort an array of uint256 (in memory) following the provided comparator function. + * + * This function does the sorting "in place", meaning that it overrides the input. The object is returned for + * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array. + * + * NOTE: this function's cost is `O(n Β· log(n))` in average and `O(nΒ²)` in the worst case, with n the length of the + * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful + * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may + * consume more gas than is available in a block, leading to potential DoS. + * + * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way. + */ + function sort( + uint256[] memory array, + function(uint256, uint256) pure returns (bool) comp + ) internal pure returns (uint256[] memory) { + _quickSort(_begin(array), _end(array), comp); + return array; + } + + /** + * @dev Variant of {sort} that sorts an array of uint256 in increasing order. + */ + function sort(uint256[] memory array) internal pure returns (uint256[] memory) { + sort(array, Comparators.lt); + return array; + } + + /** + * @dev Sort an array of address (in memory) following the provided comparator function. + * + * This function does the sorting "in place", meaning that it overrides the input. The object is returned for + * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array. + * + * NOTE: this function's cost is `O(n Β· log(n))` in average and `O(nΒ²)` in the worst case, with n the length of the + * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful + * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may + * consume more gas than is available in a block, leading to potential DoS. + * + * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way. + */ + function sort( + address[] memory array, + function(address, address) pure returns (bool) comp + ) internal pure returns (address[] memory) { + sort(_castToUint256Array(array), _castToUint256Comp(comp)); + return array; + } + + /** + * @dev Variant of {sort} that sorts an array of address in increasing order. + */ + function sort(address[] memory array) internal pure returns (address[] memory) { + sort(_castToUint256Array(array), Comparators.lt); + return array; + } + + /** + * @dev Sort an array of bytes32 (in memory) following the provided comparator function. + * + * This function does the sorting "in place", meaning that it overrides the input. The object is returned for + * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array. + * + * NOTE: this function's cost is `O(n Β· log(n))` in average and `O(nΒ²)` in the worst case, with n the length of the + * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful + * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may + * consume more gas than is available in a block, leading to potential DoS. + * + * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way. + */ + function sort( + bytes32[] memory array, + function(bytes32, bytes32) pure returns (bool) comp + ) internal pure returns (bytes32[] memory) { + sort(_castToUint256Array(array), _castToUint256Comp(comp)); + return array; + } + + /** + * @dev Variant of {sort} that sorts an array of bytes32 in increasing order. + */ + function sort(bytes32[] memory array) internal pure returns (bytes32[] memory) { + sort(_castToUint256Array(array), Comparators.lt); + return array; + } + + /** + * @dev Performs a quick sort of a segment of memory. The segment sorted starts at `begin` (inclusive), and stops + * at end (exclusive). Sorting follows the `comp` comparator. + * + * Invariant: `begin <= end`. This is the case when initially called by {sort} and is preserved in subcalls. + * + * IMPORTANT: Memory locations between `begin` and `end` are not validated/zeroed. This function should + * be used only if the limits are within a memory array. + */ + function _quickSort(uint256 begin, uint256 end, function(uint256, uint256) pure returns (bool) comp) private pure { + unchecked { + if (end - begin < 0x40) return; + + // Use first element as pivot + uint256 pivot = _mload(begin); + // Position where the pivot should be at the end of the loop + uint256 pos = begin; + + for (uint256 it = begin + 0x20; it < end; it += 0x20) { + if (comp(_mload(it), pivot)) { + // If the value stored at the iterator's position comes before the pivot, we increment the + // position of the pivot and move the value there. + pos += 0x20; + _swap(pos, it); + } + } + + _swap(begin, pos); // Swap pivot into place + _quickSort(begin, pos, comp); // Sort the left side of the pivot + _quickSort(pos + 0x20, end, comp); // Sort the right side of the pivot + } + } + + /** + * @dev Pointer to the memory location of the first element of `array`. + */ + function _begin(uint256[] memory array) private pure returns (uint256 ptr) { + assembly ("memory-safe") { + ptr := add(array, 0x20) + } + } + + /** + * @dev Pointer to the memory location of the first memory word (32bytes) after `array`. This is the memory word + * that comes just after the last element of the array. + */ + function _end(uint256[] memory array) private pure returns (uint256 ptr) { + unchecked { + return _begin(array) + array.length * 0x20; + } + } + + /** + * @dev Load memory word (as a uint256) at location `ptr`. + */ + function _mload(uint256 ptr) private pure returns (uint256 value) { + assembly { + value := mload(ptr) + } + } + + /** + * @dev Swaps the elements memory location `ptr1` and `ptr2`. + */ + function _swap(uint256 ptr1, uint256 ptr2) private pure { + assembly { + let value1 := mload(ptr1) + let value2 := mload(ptr2) + mstore(ptr1, value2) + mstore(ptr2, value1) + } + } + + /// @dev Helper: low level cast address memory array to uint256 memory array + function _castToUint256Array(address[] memory input) private pure returns (uint256[] memory output) { + assembly { + output := input + } + } + + /// @dev Helper: low level cast bytes32 memory array to uint256 memory array + function _castToUint256Array(bytes32[] memory input) private pure returns (uint256[] memory output) { + assembly { + output := input + } + } + + /// @dev Helper: low level cast address comp function to uint256 comp function + function _castToUint256Comp( + function(address, address) pure returns (bool) input + ) private pure returns (function(uint256, uint256) pure returns (bool) output) { + assembly { + output := input + } + } + + /// @dev Helper: low level cast bytes32 comp function to uint256 comp function + function _castToUint256Comp( + function(bytes32, bytes32) pure returns (bool) input + ) private pure returns (function(uint256, uint256) pure returns (bool) output) { + assembly { + output := input + } + } + + /** + * @dev Searches a sorted `array` and returns the first index that contains + * a value greater or equal to `element`. If no such index exists (i.e. all + * values in the array are strictly less than `element`), the array length is + * returned. Time complexity O(log n). + * + * NOTE: The `array` is expected to be sorted in ascending order, and to + * contain no repeated elements. + * + * IMPORTANT: Deprecated. This implementation behaves as {lowerBound} but lacks + * support for repeated elements in the array. The {lowerBound} function should + * be used instead. + */ + function findUpperBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value > element) { + high = mid; + } else { + low = mid + 1; + } + } + + // At this point `low` is the exclusive upper bound. We will return the inclusive upper bound. + if (low > 0 && unsafeAccess(array, low - 1).value == element) { + return low - 1; + } else { + return low; + } + } + + /** + * @dev Searches an `array` sorted in ascending order and returns the first + * index that contains a value greater or equal than `element`. If no such index + * exists (i.e. all values in the array are strictly less than `element`), the array + * length is returned. Time complexity O(log n). + * + * See C++'s https://en.cppreference.com/w/cpp/algorithm/lower_bound[lower_bound]. + */ + function lowerBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value < element) { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } else { + high = mid; + } + } + + return low; + } + + /** + * @dev Searches an `array` sorted in ascending order and returns the first + * index that contains a value strictly greater than `element`. If no such index + * exists (i.e. all values in the array are strictly less than `element`), the array + * length is returned. Time complexity O(log n). + * + * See C++'s https://en.cppreference.com/w/cpp/algorithm/upper_bound[upper_bound]. + */ + function upperBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value > element) { + high = mid; + } else { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } + } + + return low; + } + + /** + * @dev Same as {lowerBound}, but with an array in memory. + */ + function lowerBoundMemory(uint256[] memory array, uint256 element) internal pure returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeMemoryAccess(array, mid) < element) { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } else { + high = mid; + } + } + + return low; + } + + /** + * @dev Same as {upperBound}, but with an array in memory. + */ + function upperBoundMemory(uint256[] memory array, uint256 element) internal pure returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeMemoryAccess(array, mid) > element) { + high = mid; + } else { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } + } + + return low; + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeAccess(address[] storage arr, uint256 pos) internal pure returns (StorageSlot.AddressSlot storage) { + bytes32 slot; + assembly ("memory-safe") { + slot := arr.slot + } + return slot.deriveArray().offset(pos).getAddressSlot(); + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeAccess(bytes32[] storage arr, uint256 pos) internal pure returns (StorageSlot.Bytes32Slot storage) { + bytes32 slot; + assembly ("memory-safe") { + slot := arr.slot + } + return slot.deriveArray().offset(pos).getBytes32Slot(); + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeAccess(uint256[] storage arr, uint256 pos) internal pure returns (StorageSlot.Uint256Slot storage) { + bytes32 slot; + assembly ("memory-safe") { + slot := arr.slot + } + return slot.deriveArray().offset(pos).getUint256Slot(); + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeMemoryAccess(address[] memory arr, uint256 pos) internal pure returns (address res) { + assembly { + res := mload(add(add(arr, 0x20), mul(pos, 0x20))) + } + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeMemoryAccess(bytes32[] memory arr, uint256 pos) internal pure returns (bytes32 res) { + assembly { + res := mload(add(add(arr, 0x20), mul(pos, 0x20))) + } + } + + /** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain `pos` is lower than the array length. + */ + function unsafeMemoryAccess(uint256[] memory arr, uint256 pos) internal pure returns (uint256 res) { + assembly { + res := mload(add(add(arr, 0x20), mul(pos, 0x20))) + } + } + + /** + * @dev Helper to set the length of an dynamic array. Directly writing to `.length` is forbidden. + * + * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased. + */ + function unsafeSetLength(address[] storage array, uint256 len) internal { + assembly ("memory-safe") { + sstore(array.slot, len) + } + } + + /** + * @dev Helper to set the length of an dynamic array. Directly writing to `.length` is forbidden. + * + * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased. + */ + function unsafeSetLength(bytes32[] storage array, uint256 len) internal { + assembly ("memory-safe") { + sstore(array.slot, len) + } + } + + /** + * @dev Helper to set the length of an dynamic array. Directly writing to `.length` is forbidden. + * + * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased. + */ + function unsafeSetLength(uint256[] storage array, uint256 len) internal { + assembly ("memory-safe") { + sstore(array.slot, len) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Base64.sol b/dependencies/@openzeppelin/contracts/utils/Base64.sol new file mode 100644 index 00000000..ef9431b5 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Base64.sol @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.2) (utils/Base64.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Provides a set of functions to operate with Base64 strings. + */ +library Base64 { + /** + * @dev Base64 Encoding/Decoding Table + * See sections 4 and 5 of https://datatracker.ietf.org/doc/html/rfc4648 + */ + string internal constant _TABLE = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + string internal constant _TABLE_URL = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + /** + * @dev Converts a `bytes` to its Bytes64 `string` representation. + */ + function encode(bytes memory data) internal pure returns (string memory) { + return _encode(data, _TABLE, true); + } + + /** + * @dev Converts a `bytes` to its Bytes64Url `string` representation. + * Output is not padded with `=` as specified in https://www.rfc-editor.org/rfc/rfc4648[rfc4648]. + */ + function encodeURL(bytes memory data) internal pure returns (string memory) { + return _encode(data, _TABLE_URL, false); + } + + /** + * @dev Internal table-agnostic conversion + */ + function _encode(bytes memory data, string memory table, bool withPadding) private pure returns (string memory) { + /** + * Inspired by Brecht Devos (Brechtpd) implementation - MIT licence + * https://github.com/Brechtpd/base64/blob/e78d9fd951e7b0977ddca77d92dc85183770daf4/base64.sol + */ + if (data.length == 0) return ""; + + // If padding is enabled, the final length should be `bytes` data length divided by 3 rounded up and then + // multiplied by 4 so that it leaves room for padding the last chunk + // - `data.length + 2` -> Prepare for division rounding up + // - `/ 3` -> Number of 3-bytes chunks (rounded up) + // - `4 *` -> 4 characters for each chunk + // This is equivalent to: 4 * Math.ceil(data.length / 3) + // + // If padding is disabled, the final length should be `bytes` data length multiplied by 4/3 rounded up as + // opposed to when padding is required to fill the last chunk. + // - `4 * data.length` -> 4 characters for each chunk + // - ` + 2` -> Prepare for division rounding up + // - `/ 3` -> Number of 3-bytes chunks (rounded up) + // This is equivalent to: Math.ceil((4 * data.length) / 3) + uint256 resultLength = withPadding ? 4 * ((data.length + 2) / 3) : (4 * data.length + 2) / 3; + + string memory result = new string(resultLength); + + assembly ("memory-safe") { + // Prepare the lookup table (skip the first "length" byte) + let tablePtr := add(table, 1) + + // Prepare result pointer, jump over length + let resultPtr := add(result, 0x20) + let dataPtr := data + let endPtr := add(data, mload(data)) + + // In some cases, the last iteration will read bytes after the end of the data. We cache the value, and + // set it to zero to make sure no dirty bytes are read in that section. + let afterPtr := add(endPtr, 0x20) + let afterCache := mload(afterPtr) + mstore(afterPtr, 0x00) + + // Run over the input, 3 bytes at a time + for { + + } lt(dataPtr, endPtr) { + + } { + // Advance 3 bytes + dataPtr := add(dataPtr, 3) + let input := mload(dataPtr) + + // To write each character, shift the 3 byte (24 bits) chunk + // 4 times in blocks of 6 bits for each character (18, 12, 6, 0) + // and apply logical AND with 0x3F to bitmask the least significant 6 bits. + // Use this as an index into the lookup table, mload an entire word + // so the desired character is in the least significant byte, and + // mstore8 this least significant byte into the result and continue. + + mstore8(resultPtr, mload(add(tablePtr, and(shr(18, input), 0x3F)))) + resultPtr := add(resultPtr, 1) // Advance + + mstore8(resultPtr, mload(add(tablePtr, and(shr(12, input), 0x3F)))) + resultPtr := add(resultPtr, 1) // Advance + + mstore8(resultPtr, mload(add(tablePtr, and(shr(6, input), 0x3F)))) + resultPtr := add(resultPtr, 1) // Advance + + mstore8(resultPtr, mload(add(tablePtr, and(input, 0x3F)))) + resultPtr := add(resultPtr, 1) // Advance + } + + // Reset the value that was cached + mstore(afterPtr, afterCache) + + if withPadding { + // When data `bytes` is not exactly 3 bytes long + // it is padded with `=` characters at the end + switch mod(mload(data), 3) + case 1 { + mstore8(sub(resultPtr, 1), 0x3d) + mstore8(sub(resultPtr, 2), 0x3d) + } + case 2 { + mstore8(sub(resultPtr, 1), 0x3d) + } + } + } + + return result; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Comparators.sol b/dependencies/@openzeppelin/contracts/utils/Comparators.sol new file mode 100644 index 00000000..c1073471 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Comparators.sol @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +/** + * @dev Provides a set of functions to compare values. + * + * _Available since v5.1._ + */ +library Comparators { + function lt(uint256 a, uint256 b) internal pure returns (bool) { + return a < b; + } + + function gt(uint256 a, uint256 b) internal pure returns (bool) { + return a > b; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Context.sol b/dependencies/@openzeppelin/contracts/utils/Context.sol new file mode 100644 index 00000000..4e535fe0 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Context.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Provides information about the current execution context, including the + * sender of the transaction and its data. While these are generally available + * via msg.sender and msg.data, they should not be accessed in such a direct + * manner, since when dealing with meta-transactions the account sending and + * paying for execution may not be the actual sender (as far as an application + * is concerned). + * + * This contract is only required for intermediate, library-like contracts. + */ +abstract contract Context { + function _msgSender() internal view virtual returns (address) { + return msg.sender; + } + + function _msgData() internal view virtual returns (bytes calldata) { + return msg.data; + } + + function _contextSuffixLength() internal view virtual returns (uint256) { + return 0; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Create2.sol b/dependencies/@openzeppelin/contracts/utils/Create2.sol new file mode 100644 index 00000000..121eb0c7 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Create2.sol @@ -0,0 +1,92 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Create2.sol) + +pragma solidity ^0.8.20; + +import {Errors} from "./Errors.sol"; + +/** + * @dev Helper to make usage of the `CREATE2` EVM opcode easier and safer. + * `CREATE2` can be used to compute in advance the address where a smart + * contract will be deployed, which allows for interesting new mechanisms known + * as 'counterfactual interactions'. + * + * See the https://eips.ethereum.org/EIPS/eip-1014#motivation[EIP] for more + * information. + */ +library Create2 { + /** + * @dev There's no code to deploy. + */ + error Create2EmptyBytecode(); + + /** + * @dev Deploys a contract using `CREATE2`. The address where the contract + * will be deployed can be known in advance via {computeAddress}. + * + * The bytecode for a contract can be obtained from Solidity with + * `type(contractName).creationCode`. + * + * Requirements: + * + * - `bytecode` must not be empty. + * - `salt` must have not been used for `bytecode` already. + * - the factory must have a balance of at least `amount`. + * - if `amount` is non-zero, `bytecode` must have a `payable` constructor. + */ + function deploy(uint256 amount, bytes32 salt, bytes memory bytecode) internal returns (address addr) { + if (address(this).balance < amount) { + revert Errors.InsufficientBalance(address(this).balance, amount); + } + if (bytecode.length == 0) { + revert Create2EmptyBytecode(); + } + assembly ("memory-safe") { + addr := create2(amount, add(bytecode, 0x20), mload(bytecode), salt) + // if no address was created, and returndata is not empty, bubble revert + if and(iszero(addr), not(iszero(returndatasize()))) { + let p := mload(0x40) + returndatacopy(p, 0, returndatasize()) + revert(p, returndatasize()) + } + } + if (addr == address(0)) { + revert Errors.FailedDeployment(); + } + } + + /** + * @dev Returns the address where a contract will be stored if deployed via {deploy}. Any change in the + * `bytecodeHash` or `salt` will result in a new destination address. + */ + function computeAddress(bytes32 salt, bytes32 bytecodeHash) internal view returns (address) { + return computeAddress(salt, bytecodeHash, address(this)); + } + + /** + * @dev Returns the address where a contract will be stored if deployed via {deploy} from a contract located at + * `deployer`. If `deployer` is this contract's address, returns the same value as {computeAddress}. + */ + function computeAddress(bytes32 salt, bytes32 bytecodeHash, address deployer) internal pure returns (address addr) { + assembly ("memory-safe") { + let ptr := mload(0x40) // Get free memory pointer + + // | | ↓ ptr ... ↓ ptr + 0x0B (start) ... ↓ ptr + 0x20 ... ↓ ptr + 0x40 ... | + // |-------------------|---------------------------------------------------------------------------| + // | bytecodeHash | CCCCCCCCCCCCC...CC | + // | salt | BBBBBBBBBBBBB...BB | + // | deployer | 000000...0000AAAAAAAAAAAAAAAAAAA...AA | + // | 0xFF | FF | + // |-------------------|---------------------------------------------------------------------------| + // | memory | 000000...00FFAAAAAAAAAAAAAAAAAAA...AABBBBBBBBBBBBB...BBCCCCCCCCCCCCC...CC | + // | keccak(start, 85) | ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ | + + mstore(add(ptr, 0x40), bytecodeHash) + mstore(add(ptr, 0x20), salt) + mstore(ptr, deployer) // Right-aligned with 12 preceding garbage bytes + let start := add(ptr, 0x0b) // The hashed data starts at the final garbage byte which we will set to 0xff + mstore8(start, 0xff) + addr := and(keccak256(start, 85), 0xffffffffffffffffffffffffffffffffffffffff) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Errors.sol b/dependencies/@openzeppelin/contracts/utils/Errors.sol new file mode 100644 index 00000000..715db953 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Errors.sol @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +/** + * @dev Collection of common custom errors used in multiple contracts + * + * IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library. + * It is recommended to avoid relying on the error API for critical functionality. + * + * _Available since v5.1._ + */ +library Errors { + /** + * @dev The ETH balance of the account is not enough to perform the operation. + */ + error InsufficientBalance(uint256 balance, uint256 needed); + + /** + * @dev A call to an address target failed. The target may have reverted. + */ + error FailedCall(); + + /** + * @dev The deployment failed. + */ + error FailedDeployment(); + + /** + * @dev A necessary precompile is missing. + */ + error MissingPrecompile(address); +} diff --git a/dependencies/@openzeppelin/contracts/utils/Multicall.sol b/dependencies/@openzeppelin/contracts/utils/Multicall.sol new file mode 100644 index 00000000..0dd5b4ad --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Multicall.sol @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.1) (utils/Multicall.sol) + +pragma solidity ^0.8.20; + +import {Address} from "./Address.sol"; +import {Context} from "./Context.sol"; + +/** + * @dev Provides a function to batch together multiple calls in a single external call. + * + * Consider any assumption about calldata validation performed by the sender may be violated if it's not especially + * careful about sending transactions invoking {multicall}. For example, a relay address that filters function + * selectors won't filter calls nested within a {multicall} operation. + * + * NOTE: Since 5.0.1 and 4.9.4, this contract identifies non-canonical contexts (i.e. `msg.sender` is not {_msgSender}). + * If a non-canonical context is identified, the following self `delegatecall` appends the last bytes of `msg.data` + * to the subcall. This makes it safe to use with {ERC2771Context}. Contexts that don't affect the resolution of + * {_msgSender} are not propagated to subcalls. + */ +abstract contract Multicall is Context { + /** + * @dev Receives and executes a batch of function calls on this contract. + * @custom:oz-upgrades-unsafe-allow-reachable delegatecall + */ + function multicall(bytes[] calldata data) external virtual returns (bytes[] memory results) { + bytes memory context = msg.sender == _msgSender() + ? new bytes(0) + : msg.data[msg.data.length - _contextSuffixLength():]; + + results = new bytes[](data.length); + for (uint256 i = 0; i < data.length; i++) { + results[i] = Address.functionDelegateCall(address(this), bytes.concat(data[i], context)); + } + return results; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Nonces.sol b/dependencies/@openzeppelin/contracts/utils/Nonces.sol new file mode 100644 index 00000000..37451ff9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Nonces.sol @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Nonces.sol) +pragma solidity ^0.8.20; + +/** + * @dev Provides tracking nonces for addresses. Nonces will only increment. + */ +abstract contract Nonces { + /** + * @dev The nonce used for an `account` is not the expected current nonce. + */ + error InvalidAccountNonce(address account, uint256 currentNonce); + + mapping(address account => uint256) private _nonces; + + /** + * @dev Returns the next unused nonce for an address. + */ + function nonces(address owner) public view virtual returns (uint256) { + return _nonces[owner]; + } + + /** + * @dev Consumes a nonce. + * + * Returns the current value and increments nonce. + */ + function _useNonce(address owner) internal virtual returns (uint256) { + // For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be + // decremented or reset. This guarantees that the nonce never overflows. + unchecked { + // It is important to do x++ and not ++x here. + return _nonces[owner]++; + } + } + + /** + * @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`. + */ + function _useCheckedNonce(address owner, uint256 nonce) internal virtual { + uint256 current = _useNonce(owner); + if (nonce != current) { + revert InvalidAccountNonce(owner, current); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Packing.sol b/dependencies/@openzeppelin/contracts/utils/Packing.sol new file mode 100644 index 00000000..4da311cf --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Packing.sol @@ -0,0 +1,1142 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/Packing.js. + +pragma solidity ^0.8.20; + +/** + * @dev Helper library packing and unpacking multiple values into bytesXX. + * + * Example usage: + * + * ```solidity + * library MyPacker { + * type MyType is bytes32; + * + * function _pack(address account, bytes4 selector, uint64 period) external pure returns (MyType) { + * bytes12 subpack = Packing.pack_4_8(selector, bytes8(period)); + * bytes32 pack = Packing.pack_20_12(bytes20(account), subpack); + * return MyType.wrap(pack); + * } + * + * function _unpack(MyType self) external pure returns (address, bytes4, uint64) { + * bytes32 pack = MyType.unwrap(self); + * return ( + * address(Packing.extract_32_20(pack, 0)), + * Packing.extract_32_4(pack, 20), + * uint64(Packing.extract_32_8(pack, 24)) + * ); + * } + * } + * ``` + * + * _Available since v5.1._ + */ +// solhint-disable func-name-mixedcase +library Packing { + error OutOfRangeAccess(); + + function pack_1_1(bytes1 left, bytes1 right) internal pure returns (bytes2 result) { + assembly ("memory-safe") { + left := and(left, shl(248, not(0))) + right := and(right, shl(248, not(0))) + result := or(left, shr(8, right)) + } + } + + function pack_2_2(bytes2 left, bytes2 right) internal pure returns (bytes4 result) { + assembly ("memory-safe") { + left := and(left, shl(240, not(0))) + right := and(right, shl(240, not(0))) + result := or(left, shr(16, right)) + } + } + + function pack_2_4(bytes2 left, bytes4 right) internal pure returns (bytes6 result) { + assembly ("memory-safe") { + left := and(left, shl(240, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(16, right)) + } + } + + function pack_2_6(bytes2 left, bytes6 right) internal pure returns (bytes8 result) { + assembly ("memory-safe") { + left := and(left, shl(240, not(0))) + right := and(right, shl(208, not(0))) + result := or(left, shr(16, right)) + } + } + + function pack_4_2(bytes4 left, bytes2 right) internal pure returns (bytes6 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(240, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_4(bytes4 left, bytes4 right) internal pure returns (bytes8 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_8(bytes4 left, bytes8 right) internal pure returns (bytes12 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_12(bytes4 left, bytes12 right) internal pure returns (bytes16 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(160, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_16(bytes4 left, bytes16 right) internal pure returns (bytes20 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(128, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_20(bytes4 left, bytes20 right) internal pure returns (bytes24 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(96, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_24(bytes4 left, bytes24 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(64, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_4_28(bytes4 left, bytes28 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(224, not(0))) + right := and(right, shl(32, not(0))) + result := or(left, shr(32, right)) + } + } + + function pack_6_2(bytes6 left, bytes2 right) internal pure returns (bytes8 result) { + assembly ("memory-safe") { + left := and(left, shl(208, not(0))) + right := and(right, shl(240, not(0))) + result := or(left, shr(48, right)) + } + } + + function pack_6_6(bytes6 left, bytes6 right) internal pure returns (bytes12 result) { + assembly ("memory-safe") { + left := and(left, shl(208, not(0))) + right := and(right, shl(208, not(0))) + result := or(left, shr(48, right)) + } + } + + function pack_8_4(bytes8 left, bytes4 right) internal pure returns (bytes12 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_8_8(bytes8 left, bytes8 right) internal pure returns (bytes16 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_8_12(bytes8 left, bytes12 right) internal pure returns (bytes20 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(160, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_8_16(bytes8 left, bytes16 right) internal pure returns (bytes24 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(128, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_8_20(bytes8 left, bytes20 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(96, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_8_24(bytes8 left, bytes24 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(192, not(0))) + right := and(right, shl(64, not(0))) + result := or(left, shr(64, right)) + } + } + + function pack_12_4(bytes12 left, bytes4 right) internal pure returns (bytes16 result) { + assembly ("memory-safe") { + left := and(left, shl(160, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(96, right)) + } + } + + function pack_12_8(bytes12 left, bytes8 right) internal pure returns (bytes20 result) { + assembly ("memory-safe") { + left := and(left, shl(160, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(96, right)) + } + } + + function pack_12_12(bytes12 left, bytes12 right) internal pure returns (bytes24 result) { + assembly ("memory-safe") { + left := and(left, shl(160, not(0))) + right := and(right, shl(160, not(0))) + result := or(left, shr(96, right)) + } + } + + function pack_12_16(bytes12 left, bytes16 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(160, not(0))) + right := and(right, shl(128, not(0))) + result := or(left, shr(96, right)) + } + } + + function pack_12_20(bytes12 left, bytes20 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(160, not(0))) + right := and(right, shl(96, not(0))) + result := or(left, shr(96, right)) + } + } + + function pack_16_4(bytes16 left, bytes4 right) internal pure returns (bytes20 result) { + assembly ("memory-safe") { + left := and(left, shl(128, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(128, right)) + } + } + + function pack_16_8(bytes16 left, bytes8 right) internal pure returns (bytes24 result) { + assembly ("memory-safe") { + left := and(left, shl(128, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(128, right)) + } + } + + function pack_16_12(bytes16 left, bytes12 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(128, not(0))) + right := and(right, shl(160, not(0))) + result := or(left, shr(128, right)) + } + } + + function pack_16_16(bytes16 left, bytes16 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(128, not(0))) + right := and(right, shl(128, not(0))) + result := or(left, shr(128, right)) + } + } + + function pack_20_4(bytes20 left, bytes4 right) internal pure returns (bytes24 result) { + assembly ("memory-safe") { + left := and(left, shl(96, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(160, right)) + } + } + + function pack_20_8(bytes20 left, bytes8 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(96, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(160, right)) + } + } + + function pack_20_12(bytes20 left, bytes12 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(96, not(0))) + right := and(right, shl(160, not(0))) + result := or(left, shr(160, right)) + } + } + + function pack_24_4(bytes24 left, bytes4 right) internal pure returns (bytes28 result) { + assembly ("memory-safe") { + left := and(left, shl(64, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(192, right)) + } + } + + function pack_24_8(bytes24 left, bytes8 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(64, not(0))) + right := and(right, shl(192, not(0))) + result := or(left, shr(192, right)) + } + } + + function pack_28_4(bytes28 left, bytes4 right) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + left := and(left, shl(32, not(0))) + right := and(right, shl(224, not(0))) + result := or(left, shr(224, right)) + } + } + + function extract_2_1(bytes2 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 1) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_2_1(bytes2 self, bytes1 value, uint8 offset) internal pure returns (bytes2 result) { + bytes1 oldValue = extract_2_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_4_1(bytes4 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 3) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_4_1(bytes4 self, bytes1 value, uint8 offset) internal pure returns (bytes4 result) { + bytes1 oldValue = extract_4_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_4_2(bytes4 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 2) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_4_2(bytes4 self, bytes2 value, uint8 offset) internal pure returns (bytes4 result) { + bytes2 oldValue = extract_4_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_6_1(bytes6 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 5) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_6_1(bytes6 self, bytes1 value, uint8 offset) internal pure returns (bytes6 result) { + bytes1 oldValue = extract_6_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_6_2(bytes6 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_6_2(bytes6 self, bytes2 value, uint8 offset) internal pure returns (bytes6 result) { + bytes2 oldValue = extract_6_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_6_4(bytes6 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 2) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_6_4(bytes6 self, bytes4 value, uint8 offset) internal pure returns (bytes6 result) { + bytes4 oldValue = extract_6_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_8_1(bytes8 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 7) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_8_1(bytes8 self, bytes1 value, uint8 offset) internal pure returns (bytes8 result) { + bytes1 oldValue = extract_8_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_8_2(bytes8 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 6) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_8_2(bytes8 self, bytes2 value, uint8 offset) internal pure returns (bytes8 result) { + bytes2 oldValue = extract_8_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_8_4(bytes8 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_8_4(bytes8 self, bytes4 value, uint8 offset) internal pure returns (bytes8 result) { + bytes4 oldValue = extract_8_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_8_6(bytes8 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 2) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_8_6(bytes8 self, bytes6 value, uint8 offset) internal pure returns (bytes8 result) { + bytes6 oldValue = extract_8_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_12_1(bytes12 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 11) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_12_1(bytes12 self, bytes1 value, uint8 offset) internal pure returns (bytes12 result) { + bytes1 oldValue = extract_12_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_12_2(bytes12 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 10) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_12_2(bytes12 self, bytes2 value, uint8 offset) internal pure returns (bytes12 result) { + bytes2 oldValue = extract_12_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_12_4(bytes12 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_12_4(bytes12 self, bytes4 value, uint8 offset) internal pure returns (bytes12 result) { + bytes4 oldValue = extract_12_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_12_6(bytes12 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 6) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_12_6(bytes12 self, bytes6 value, uint8 offset) internal pure returns (bytes12 result) { + bytes6 oldValue = extract_12_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_12_8(bytes12 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_12_8(bytes12 self, bytes8 value, uint8 offset) internal pure returns (bytes12 result) { + bytes8 oldValue = extract_12_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_1(bytes16 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 15) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_16_1(bytes16 self, bytes1 value, uint8 offset) internal pure returns (bytes16 result) { + bytes1 oldValue = extract_16_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_2(bytes16 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 14) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_16_2(bytes16 self, bytes2 value, uint8 offset) internal pure returns (bytes16 result) { + bytes2 oldValue = extract_16_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_4(bytes16 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 12) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_16_4(bytes16 self, bytes4 value, uint8 offset) internal pure returns (bytes16 result) { + bytes4 oldValue = extract_16_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_6(bytes16 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 10) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_16_6(bytes16 self, bytes6 value, uint8 offset) internal pure returns (bytes16 result) { + bytes6 oldValue = extract_16_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_8(bytes16 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_16_8(bytes16 self, bytes8 value, uint8 offset) internal pure returns (bytes16 result) { + bytes8 oldValue = extract_16_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_16_12(bytes16 self, uint8 offset) internal pure returns (bytes12 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(160, not(0))) + } + } + + function replace_16_12(bytes16 self, bytes12 value, uint8 offset) internal pure returns (bytes16 result) { + bytes12 oldValue = extract_16_12(self, offset); + assembly ("memory-safe") { + value := and(value, shl(160, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_1(bytes20 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 19) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_20_1(bytes20 self, bytes1 value, uint8 offset) internal pure returns (bytes20 result) { + bytes1 oldValue = extract_20_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_2(bytes20 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 18) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_20_2(bytes20 self, bytes2 value, uint8 offset) internal pure returns (bytes20 result) { + bytes2 oldValue = extract_20_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_4(bytes20 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 16) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_20_4(bytes20 self, bytes4 value, uint8 offset) internal pure returns (bytes20 result) { + bytes4 oldValue = extract_20_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_6(bytes20 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 14) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_20_6(bytes20 self, bytes6 value, uint8 offset) internal pure returns (bytes20 result) { + bytes6 oldValue = extract_20_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_8(bytes20 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 12) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_20_8(bytes20 self, bytes8 value, uint8 offset) internal pure returns (bytes20 result) { + bytes8 oldValue = extract_20_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_12(bytes20 self, uint8 offset) internal pure returns (bytes12 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(160, not(0))) + } + } + + function replace_20_12(bytes20 self, bytes12 value, uint8 offset) internal pure returns (bytes20 result) { + bytes12 oldValue = extract_20_12(self, offset); + assembly ("memory-safe") { + value := and(value, shl(160, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_20_16(bytes20 self, uint8 offset) internal pure returns (bytes16 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(128, not(0))) + } + } + + function replace_20_16(bytes20 self, bytes16 value, uint8 offset) internal pure returns (bytes20 result) { + bytes16 oldValue = extract_20_16(self, offset); + assembly ("memory-safe") { + value := and(value, shl(128, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_1(bytes24 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 23) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_24_1(bytes24 self, bytes1 value, uint8 offset) internal pure returns (bytes24 result) { + bytes1 oldValue = extract_24_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_2(bytes24 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 22) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_24_2(bytes24 self, bytes2 value, uint8 offset) internal pure returns (bytes24 result) { + bytes2 oldValue = extract_24_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_4(bytes24 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 20) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_24_4(bytes24 self, bytes4 value, uint8 offset) internal pure returns (bytes24 result) { + bytes4 oldValue = extract_24_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_6(bytes24 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 18) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_24_6(bytes24 self, bytes6 value, uint8 offset) internal pure returns (bytes24 result) { + bytes6 oldValue = extract_24_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_8(bytes24 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 16) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_24_8(bytes24 self, bytes8 value, uint8 offset) internal pure returns (bytes24 result) { + bytes8 oldValue = extract_24_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_12(bytes24 self, uint8 offset) internal pure returns (bytes12 result) { + if (offset > 12) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(160, not(0))) + } + } + + function replace_24_12(bytes24 self, bytes12 value, uint8 offset) internal pure returns (bytes24 result) { + bytes12 oldValue = extract_24_12(self, offset); + assembly ("memory-safe") { + value := and(value, shl(160, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_16(bytes24 self, uint8 offset) internal pure returns (bytes16 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(128, not(0))) + } + } + + function replace_24_16(bytes24 self, bytes16 value, uint8 offset) internal pure returns (bytes24 result) { + bytes16 oldValue = extract_24_16(self, offset); + assembly ("memory-safe") { + value := and(value, shl(128, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_24_20(bytes24 self, uint8 offset) internal pure returns (bytes20 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(96, not(0))) + } + } + + function replace_24_20(bytes24 self, bytes20 value, uint8 offset) internal pure returns (bytes24 result) { + bytes20 oldValue = extract_24_20(self, offset); + assembly ("memory-safe") { + value := and(value, shl(96, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_1(bytes28 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 27) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_28_1(bytes28 self, bytes1 value, uint8 offset) internal pure returns (bytes28 result) { + bytes1 oldValue = extract_28_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_2(bytes28 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 26) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_28_2(bytes28 self, bytes2 value, uint8 offset) internal pure returns (bytes28 result) { + bytes2 oldValue = extract_28_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_4(bytes28 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 24) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_28_4(bytes28 self, bytes4 value, uint8 offset) internal pure returns (bytes28 result) { + bytes4 oldValue = extract_28_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_6(bytes28 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 22) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_28_6(bytes28 self, bytes6 value, uint8 offset) internal pure returns (bytes28 result) { + bytes6 oldValue = extract_28_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_8(bytes28 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 20) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_28_8(bytes28 self, bytes8 value, uint8 offset) internal pure returns (bytes28 result) { + bytes8 oldValue = extract_28_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_12(bytes28 self, uint8 offset) internal pure returns (bytes12 result) { + if (offset > 16) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(160, not(0))) + } + } + + function replace_28_12(bytes28 self, bytes12 value, uint8 offset) internal pure returns (bytes28 result) { + bytes12 oldValue = extract_28_12(self, offset); + assembly ("memory-safe") { + value := and(value, shl(160, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_16(bytes28 self, uint8 offset) internal pure returns (bytes16 result) { + if (offset > 12) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(128, not(0))) + } + } + + function replace_28_16(bytes28 self, bytes16 value, uint8 offset) internal pure returns (bytes28 result) { + bytes16 oldValue = extract_28_16(self, offset); + assembly ("memory-safe") { + value := and(value, shl(128, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_20(bytes28 self, uint8 offset) internal pure returns (bytes20 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(96, not(0))) + } + } + + function replace_28_20(bytes28 self, bytes20 value, uint8 offset) internal pure returns (bytes28 result) { + bytes20 oldValue = extract_28_20(self, offset); + assembly ("memory-safe") { + value := and(value, shl(96, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_28_24(bytes28 self, uint8 offset) internal pure returns (bytes24 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(64, not(0))) + } + } + + function replace_28_24(bytes28 self, bytes24 value, uint8 offset) internal pure returns (bytes28 result) { + bytes24 oldValue = extract_28_24(self, offset); + assembly ("memory-safe") { + value := and(value, shl(64, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_1(bytes32 self, uint8 offset) internal pure returns (bytes1 result) { + if (offset > 31) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(248, not(0))) + } + } + + function replace_32_1(bytes32 self, bytes1 value, uint8 offset) internal pure returns (bytes32 result) { + bytes1 oldValue = extract_32_1(self, offset); + assembly ("memory-safe") { + value := and(value, shl(248, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_2(bytes32 self, uint8 offset) internal pure returns (bytes2 result) { + if (offset > 30) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(240, not(0))) + } + } + + function replace_32_2(bytes32 self, bytes2 value, uint8 offset) internal pure returns (bytes32 result) { + bytes2 oldValue = extract_32_2(self, offset); + assembly ("memory-safe") { + value := and(value, shl(240, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_4(bytes32 self, uint8 offset) internal pure returns (bytes4 result) { + if (offset > 28) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(224, not(0))) + } + } + + function replace_32_4(bytes32 self, bytes4 value, uint8 offset) internal pure returns (bytes32 result) { + bytes4 oldValue = extract_32_4(self, offset); + assembly ("memory-safe") { + value := and(value, shl(224, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_6(bytes32 self, uint8 offset) internal pure returns (bytes6 result) { + if (offset > 26) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(208, not(0))) + } + } + + function replace_32_6(bytes32 self, bytes6 value, uint8 offset) internal pure returns (bytes32 result) { + bytes6 oldValue = extract_32_6(self, offset); + assembly ("memory-safe") { + value := and(value, shl(208, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_8(bytes32 self, uint8 offset) internal pure returns (bytes8 result) { + if (offset > 24) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(192, not(0))) + } + } + + function replace_32_8(bytes32 self, bytes8 value, uint8 offset) internal pure returns (bytes32 result) { + bytes8 oldValue = extract_32_8(self, offset); + assembly ("memory-safe") { + value := and(value, shl(192, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_12(bytes32 self, uint8 offset) internal pure returns (bytes12 result) { + if (offset > 20) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(160, not(0))) + } + } + + function replace_32_12(bytes32 self, bytes12 value, uint8 offset) internal pure returns (bytes32 result) { + bytes12 oldValue = extract_32_12(self, offset); + assembly ("memory-safe") { + value := and(value, shl(160, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_16(bytes32 self, uint8 offset) internal pure returns (bytes16 result) { + if (offset > 16) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(128, not(0))) + } + } + + function replace_32_16(bytes32 self, bytes16 value, uint8 offset) internal pure returns (bytes32 result) { + bytes16 oldValue = extract_32_16(self, offset); + assembly ("memory-safe") { + value := and(value, shl(128, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_20(bytes32 self, uint8 offset) internal pure returns (bytes20 result) { + if (offset > 12) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(96, not(0))) + } + } + + function replace_32_20(bytes32 self, bytes20 value, uint8 offset) internal pure returns (bytes32 result) { + bytes20 oldValue = extract_32_20(self, offset); + assembly ("memory-safe") { + value := and(value, shl(96, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_24(bytes32 self, uint8 offset) internal pure returns (bytes24 result) { + if (offset > 8) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(64, not(0))) + } + } + + function replace_32_24(bytes32 self, bytes24 value, uint8 offset) internal pure returns (bytes32 result) { + bytes24 oldValue = extract_32_24(self, offset); + assembly ("memory-safe") { + value := and(value, shl(64, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } + + function extract_32_28(bytes32 self, uint8 offset) internal pure returns (bytes28 result) { + if (offset > 4) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := and(shl(mul(8, offset), self), shl(32, not(0))) + } + } + + function replace_32_28(bytes32 self, bytes28 value, uint8 offset) internal pure returns (bytes32 result) { + bytes28 oldValue = extract_32_28(self, offset); + assembly ("memory-safe") { + value := and(value, shl(32, not(0))) + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Panic.sol b/dependencies/@openzeppelin/contracts/utils/Panic.sol new file mode 100644 index 00000000..0e3c38c3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Panic.sol @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +/** + * @dev Helper library for emitting standardized panic codes. + * + * ```solidity + * contract Example { + * using Panic for uint256; + * + * // Use any of the declared internal constants + * function foo() { Panic.GENERIC.panic(); } + * + * // Alternatively + * function foo() { Panic.panic(Panic.GENERIC); } + * } + * ``` + * + * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil]. + * + * _Available since v5.1._ + */ +// slither-disable-next-line unused-state +library Panic { + /// @dev generic / unspecified error + uint256 internal constant GENERIC = 0x00; + /// @dev used by the assert() builtin + uint256 internal constant ASSERT = 0x01; + /// @dev arithmetic underflow or overflow + uint256 internal constant UNDER_OVERFLOW = 0x11; + /// @dev division or modulo by zero + uint256 internal constant DIVISION_BY_ZERO = 0x12; + /// @dev enum conversion error + uint256 internal constant ENUM_CONVERSION_ERROR = 0x21; + /// @dev invalid encoding in storage + uint256 internal constant STORAGE_ENCODING_ERROR = 0x22; + /// @dev empty array pop + uint256 internal constant EMPTY_ARRAY_POP = 0x31; + /// @dev array out of bounds access + uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32; + /// @dev resource error (too large allocation or too large array) + uint256 internal constant RESOURCE_ERROR = 0x41; + /// @dev calling invalid internal function + uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51; + + /// @dev Reverts with a panic code. Recommended to use with + /// the internal constants with predefined codes. + function panic(uint256 code) internal pure { + assembly ("memory-safe") { + mstore(0x00, 0x4e487b71) + mstore(0x20, code) + revert(0x1c, 0x24) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Pausable.sol b/dependencies/@openzeppelin/contracts/utils/Pausable.sol new file mode 100644 index 00000000..312f1cb9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Pausable.sol @@ -0,0 +1,119 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol) + +pragma solidity ^0.8.20; + +import {Context} from "../utils/Context.sol"; + +/** + * @dev Contract module which allows children to implement an emergency stop + * mechanism that can be triggered by an authorized account. + * + * This module is used through inheritance. It will make available the + * modifiers `whenNotPaused` and `whenPaused`, which can be applied to + * the functions of your contract. Note that they will not be pausable by + * simply including this module, only once the modifiers are put in place. + */ +abstract contract Pausable is Context { + bool private _paused; + + /** + * @dev Emitted when the pause is triggered by `account`. + */ + event Paused(address account); + + /** + * @dev Emitted when the pause is lifted by `account`. + */ + event Unpaused(address account); + + /** + * @dev The operation failed because the contract is paused. + */ + error EnforcedPause(); + + /** + * @dev The operation failed because the contract is not paused. + */ + error ExpectedPause(); + + /** + * @dev Initializes the contract in unpaused state. + */ + constructor() { + _paused = false; + } + + /** + * @dev Modifier to make a function callable only when the contract is not paused. + * + * Requirements: + * + * - The contract must not be paused. + */ + modifier whenNotPaused() { + _requireNotPaused(); + _; + } + + /** + * @dev Modifier to make a function callable only when the contract is paused. + * + * Requirements: + * + * - The contract must be paused. + */ + modifier whenPaused() { + _requirePaused(); + _; + } + + /** + * @dev Returns true if the contract is paused, and false otherwise. + */ + function paused() public view virtual returns (bool) { + return _paused; + } + + /** + * @dev Throws if the contract is paused. + */ + function _requireNotPaused() internal view virtual { + if (paused()) { + revert EnforcedPause(); + } + } + + /** + * @dev Throws if the contract is not paused. + */ + function _requirePaused() internal view virtual { + if (!paused()) { + revert ExpectedPause(); + } + } + + /** + * @dev Triggers stopped state. + * + * Requirements: + * + * - The contract must not be paused. + */ + function _pause() internal virtual whenNotPaused { + _paused = true; + emit Paused(_msgSender()); + } + + /** + * @dev Returns to normal state. + * + * Requirements: + * + * - The contract must be paused. + */ + function _unpause() internal virtual whenPaused { + _paused = false; + emit Unpaused(_msgSender()); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/README.adoc b/dependencies/@openzeppelin/contracts/utils/README.adoc new file mode 100644 index 00000000..4b40a967 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/README.adoc @@ -0,0 +1,141 @@ += Utilities + +[.readme-notice] +NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/utils + +Miscellaneous contracts and libraries containing utility functions you can use to improve security, work with new data types, or safely use low-level primitives. + + * {Math}, {SignedMath}: Implementation of various arithmetic functions. + * {SafeCast}: Checked downcasting functions to avoid silent truncation. + * {ECDSA}, {MessageHashUtils}: Libraries for interacting with ECDSA signatures. + * {P256}: Library for verifying and recovering public keys from secp256r1 signatures. + * {RSA}: Library with RSA PKCS#1 v1.5 signature verification utilities. + * {SignatureChecker}: A library helper to support regular ECDSA from EOAs as well as ERC-1271 signatures for smart contracts. + * {Hashes}: Commonly used hash functions. + * {MerkleProof}: Functions for verifying https://en.wikipedia.org/wiki/Merkle_tree[Merkle Tree] proofs. + * {EIP712}: Contract with functions to allow processing signed typed structure data according to https://eips.ethereum.org/EIPS/eip-712[EIP-712]. + * {ReentrancyGuard}: A modifier that can prevent reentrancy during certain functions. + * {ReentrancyGuardTransient}: Variant of {ReentrancyGuard} that uses transient storage (https://eips.ethereum.org/EIPS/eip-1153[EIP-1153]). + * {Pausable}: A common emergency response mechanism that can pause functionality while a remediation is pending. + * {Nonces}: Utility for tracking and verifying address nonces that only increment. + * {ERC165}, {ERC165Checker}: Utilities for inspecting interfaces supported by contracts. + * {BitMaps}: A simple library to manage boolean value mapped to a numerical index in an efficient way. + * {EnumerableMap}: A type like Solidity's https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`], but with key-value _enumeration_: this will let you know how many entries a mapping has, and iterate over them (which is not possible with `mapping`). + * {EnumerableSet}: Like {EnumerableMap}, but for https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets]. Can be used to store privileged accounts, issued IDs, etc. + * {DoubleEndedQueue}: An implementation of a https://en.wikipedia.org/wiki/Double-ended_queue[double ended queue] whose values can be removed added or remove from both sides. Useful for FIFO and LIFO structures. + * {CircularBuffer}: A data structure to store the last N values pushed to it. + * {Checkpoints}: A data structure to store values mapped to a strictly increasing key. Can be used for storing and accessing values over time. + * {Heap}: A library that implements a https://en.wikipedia.org/wiki/Binary_heap[binary heap] in storage. + * {MerkleTree}: A library with https://wikipedia.org/wiki/Merkle_Tree[Merkle Tree] data structures and helper functions. + * {Create2}: Wrapper around the https://blog.openzeppelin.com/getting-the-most-out-of-create2/[`CREATE2` EVM opcode] for safe use without having to deal with low-level assembly. + * {Address}: Collection of functions for overloading Solidity's https://docs.soliditylang.org/en/latest/types.html#address[`address`] type. + * {Arrays}: Collection of functions that operate on https://docs.soliditylang.org/en/latest/types.html#arrays[`arrays`]. + * {Base64}: On-chain base64 and base64URL encoding according to https://datatracker.ietf.org/doc/html/rfc4648[RFC-4648]. + * {Strings}: Common operations for strings formatting. + * {ShortString}: Library to encode (and decode) short strings into (or from) a single bytes32 slot for optimizing costs. Short strings are limited to 31 characters. + * {SlotDerivation}: Methods for deriving storage slot from ERC-7201 namespaces as well as from constructions such as mapping and arrays. + * {StorageSlot}: Methods for accessing specific storage slots formatted as common primitive types. Also include primitives for reading from and writing to transient storage (only value types are currently supported). + * {Multicall}: Abstract contract with a utility to allow batching together multiple calls in a single transaction. Useful for allowing EOAs to perform multiple operations at once. + * {Context}: A utility for abstracting the sender and calldata in the current execution context. + * {Packing}: A library for packing and unpacking multiple values into bytes32 + * {Panic}: A library to revert with https://docs.soliditylang.org/en/v0.8.20/control-structures.html#panic-via-assert-and-error-via-require[Solidity panic codes]. + * {Comparators}: A library that contains comparator functions to use with with the {Heap} library. + +[NOTE] +==== +Because Solidity does not support generic types, {EnumerableMap} and {EnumerableSet} are specialized to a limited number of key-value types. +==== + +== Math + +{{Math}} + +{{SignedMath}} + +{{SafeCast}} + +== Cryptography + +{{ECDSA}} + +{{P256}} + +{{RSA}} + +{{EIP712}} + +{{MessageHashUtils}} + +{{SignatureChecker}} + +{{Hashes}} + +{{MerkleProof}} + +== Security + +{{ReentrancyGuard}} + +{{ReentrancyGuardTransient}} + +{{Pausable}} + +{{Nonces}} + +== Introspection + +This set of interfaces and contracts deal with https://en.wikipedia.org/wiki/Type_introspection[type introspection] of contracts, that is, examining which functions can be called on them. This is usually referred to as a contract's _interface_. + +Ethereum contracts have no native concept of an interface, so applications must usually simply trust they are not making an incorrect call. For trusted setups this is a non-issue, but often unknown and untrusted third-party addresses need to be interacted with. There may even not be any direct calls to them! (e.g. ERC-20 tokens may be sent to a contract that lacks a way to transfer them out of it, locking them forever). In these cases, a contract _declaring_ its interface can be very helpful in preventing errors. + +{{IERC165}} + +{{ERC165}} + +{{ERC165Checker}} + +== Data Structures + +{{BitMaps}} + +{{EnumerableMap}} + +{{EnumerableSet}} + +{{DoubleEndedQueue}} + +{{CircularBuffer}} + +{{Checkpoints}} + +{{Heap}} + +{{MerkleTree}} + +== Libraries + +{{Create2}} + +{{Address}} + +{{Arrays}} + +{{Base64}} + +{{Strings}} + +{{ShortStrings}} + +{{SlotDerivation}} + +{{StorageSlot}} + +{{Multicall}} + +{{Context}} + +{{Packing}} + +{{Panic}} + +{{Comparators}} diff --git a/dependencies/@openzeppelin/contracts/utils/ReentrancyGuard.sol b/dependencies/@openzeppelin/contracts/utils/ReentrancyGuard.sol new file mode 100644 index 00000000..08185117 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/ReentrancyGuard.sol @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Contract module that helps prevent reentrant calls to a function. + * + * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier + * available, which can be applied to functions to make sure there are no nested + * (reentrant) calls to them. + * + * Note that because there is a single `nonReentrant` guard, functions marked as + * `nonReentrant` may not call one another. This can be worked around by making + * those functions `private`, and then adding `external` `nonReentrant` entry + * points to them. + * + * TIP: If EIP-1153 (transient storage) is available on the chain you're deploying at, + * consider using {ReentrancyGuardTransient} instead. + * + * TIP: If you would like to learn more about reentrancy and alternative ways + * to protect against it, check out our blog post + * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. + */ +abstract contract ReentrancyGuard { + // Booleans are more expensive than uint256 or any type that takes up a full + // word because each write operation emits an extra SLOAD to first read the + // slot's contents, replace the bits taken up by the boolean, and then write + // back. This is the compiler's defense against contract upgrades and + // pointer aliasing, and it cannot be disabled. + + // The values being non-zero value makes deployment a bit more expensive, + // but in exchange the refund on every call to nonReentrant will be lower in + // amount. Since refunds are capped to a percentage of the total + // transaction's gas, it is best to keep them low in cases like this one, to + // increase the likelihood of the full refund coming into effect. + uint256 private constant NOT_ENTERED = 1; + uint256 private constant ENTERED = 2; + + uint256 private _status; + + /** + * @dev Unauthorized reentrant call. + */ + error ReentrancyGuardReentrantCall(); + + constructor() { + _status = NOT_ENTERED; + } + + /** + * @dev Prevents a contract from calling itself, directly or indirectly. + * Calling a `nonReentrant` function from another `nonReentrant` + * function is not supported. It is possible to prevent this from happening + * by making the `nonReentrant` function external, and making it call a + * `private` function that does the actual work. + */ + modifier nonReentrant() { + _nonReentrantBefore(); + _; + _nonReentrantAfter(); + } + + function _nonReentrantBefore() private { + // On the first call to nonReentrant, _status will be NOT_ENTERED + if (_status == ENTERED) { + revert ReentrancyGuardReentrantCall(); + } + + // Any calls to nonReentrant after this point will fail + _status = ENTERED; + } + + function _nonReentrantAfter() private { + // By storing the original value once again, a refund is triggered (see + // https://eips.ethereum.org/EIPS/eip-2200) + _status = NOT_ENTERED; + } + + /** + * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a + * `nonReentrant` function in the call stack. + */ + function _reentrancyGuardEntered() internal view returns (bool) { + return _status == ENTERED; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/ReentrancyGuardTransient.sol b/dependencies/@openzeppelin/contracts/utils/ReentrancyGuardTransient.sol new file mode 100644 index 00000000..54df0a71 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/ReentrancyGuardTransient.sol @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.24; + +import {StorageSlot} from "./StorageSlot.sol"; + +/** + * @dev Variant of {ReentrancyGuard} that uses transient storage. + * + * NOTE: This variant only works on networks where EIP-1153 is available. + * + * _Available since v5.1._ + */ +abstract contract ReentrancyGuardTransient { + using StorageSlot for *; + + // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff)) + bytes32 private constant REENTRANCY_GUARD_STORAGE = + 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00; + + /** + * @dev Unauthorized reentrant call. + */ + error ReentrancyGuardReentrantCall(); + + /** + * @dev Prevents a contract from calling itself, directly or indirectly. + * Calling a `nonReentrant` function from another `nonReentrant` + * function is not supported. It is possible to prevent this from happening + * by making the `nonReentrant` function external, and making it call a + * `private` function that does the actual work. + */ + modifier nonReentrant() { + _nonReentrantBefore(); + _; + _nonReentrantAfter(); + } + + function _nonReentrantBefore() private { + // On the first call to nonReentrant, _status will be NOT_ENTERED + if (_reentrancyGuardEntered()) { + revert ReentrancyGuardReentrantCall(); + } + + // Any calls to nonReentrant after this point will fail + REENTRANCY_GUARD_STORAGE.asBoolean().tstore(true); + } + + function _nonReentrantAfter() private { + REENTRANCY_GUARD_STORAGE.asBoolean().tstore(false); + } + + /** + * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a + * `nonReentrant` function in the call stack. + */ + function _reentrancyGuardEntered() internal view returns (bool) { + return REENTRANCY_GUARD_STORAGE.asBoolean().tload(); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/ShortStrings.sol b/dependencies/@openzeppelin/contracts/utils/ShortStrings.sol new file mode 100644 index 00000000..78fc5cd9 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/ShortStrings.sol @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/ShortStrings.sol) + +pragma solidity ^0.8.20; + +import {StorageSlot} from "./StorageSlot.sol"; + +// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | +// | length | 0x BB | +type ShortString is bytes32; + +/** + * @dev This library provides functions to convert short memory strings + * into a `ShortString` type that can be used as an immutable variable. + * + * Strings of arbitrary length can be optimized using this library if + * they are short enough (up to 31 bytes) by packing them with their + * length (1 byte) in a single EVM word (32 bytes). Additionally, a + * fallback mechanism can be used for every other case. + * + * Usage example: + * + * ```solidity + * contract Named { + * using ShortStrings for *; + * + * ShortString private immutable _name; + * string private _nameFallback; + * + * constructor(string memory contractName) { + * _name = contractName.toShortStringWithFallback(_nameFallback); + * } + * + * function name() external view returns (string memory) { + * return _name.toStringWithFallback(_nameFallback); + * } + * } + * ``` + */ +library ShortStrings { + // Used as an identifier for strings longer than 31 bytes. + bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF; + + error StringTooLong(string str); + error InvalidShortString(); + + /** + * @dev Encode a string of at most 31 chars into a `ShortString`. + * + * This will trigger a `StringTooLong` error is the input string is too long. + */ + function toShortString(string memory str) internal pure returns (ShortString) { + bytes memory bstr = bytes(str); + if (bstr.length > 31) { + revert StringTooLong(str); + } + return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length)); + } + + /** + * @dev Decode a `ShortString` back to a "normal" string. + */ + function toString(ShortString sstr) internal pure returns (string memory) { + uint256 len = byteLength(sstr); + // using `new string(len)` would work locally but is not memory safe. + string memory str = new string(32); + assembly ("memory-safe") { + mstore(str, len) + mstore(add(str, 0x20), sstr) + } + return str; + } + + /** + * @dev Return the length of a `ShortString`. + */ + function byteLength(ShortString sstr) internal pure returns (uint256) { + uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF; + if (result > 31) { + revert InvalidShortString(); + } + return result; + } + + /** + * @dev Encode a string into a `ShortString`, or write it to storage if it is too long. + */ + function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) { + if (bytes(value).length < 32) { + return toShortString(value); + } else { + StorageSlot.getStringSlot(store).value = value; + return ShortString.wrap(FALLBACK_SENTINEL); + } + } + + /** + * @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}. + */ + function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) { + if (ShortString.unwrap(value) != FALLBACK_SENTINEL) { + return toString(value); + } else { + return store; + } + } + + /** + * @dev Return the length of a string that was encoded to `ShortString` or written to storage using + * {setWithFallback}. + * + * WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of + * actual characters as the UTF-8 encoding of a single character can span over multiple bytes. + */ + function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) { + if (ShortString.unwrap(value) != FALLBACK_SENTINEL) { + return byteLength(value); + } else { + return bytes(store).length; + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/SlotDerivation.sol b/dependencies/@openzeppelin/contracts/utils/SlotDerivation.sol new file mode 100644 index 00000000..83b9d563 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/SlotDerivation.sol @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/SlotDerivation.js. + +pragma solidity ^0.8.20; + +/** + * @dev Library for computing storage (and transient storage) locations from namespaces and deriving slots + * corresponding to standard patterns. The derivation method for array and mapping matches the storage layout used by + * the solidity language / compiler. + * + * See https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_storage.html#mappings-and-dynamic-arrays[Solidity docs for mappings and dynamic arrays.]. + * + * Example usage: + * ```solidity + * contract Example { + * // Add the library methods + * using StorageSlot for bytes32; + * using SlotDerivation for bytes32; + * + * // Declare a namespace + * string private constant _NAMESPACE = "" // eg. OpenZeppelin.Slot + * + * function setValueInNamespace(uint256 key, address newValue) internal { + * _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value = newValue; + * } + * + * function getValueInNamespace(uint256 key) internal view returns (address) { + * return _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value; + * } + * } + * ``` + * + * TIP: Consider using this library along with {StorageSlot}. + * + * NOTE: This library provides a way to manipulate storage locations in a non-standard way. Tooling for checking + * upgrade safety will ignore the slots accessed through this library. + * + * _Available since v5.1._ + */ +library SlotDerivation { + /** + * @dev Derive an ERC-7201 slot from a string (namespace). + */ + function erc7201Slot(string memory namespace) internal pure returns (bytes32 slot) { + assembly ("memory-safe") { + mstore(0x00, sub(keccak256(add(namespace, 0x20), mload(namespace)), 1)) + slot := and(keccak256(0x00, 0x20), not(0xff)) + } + } + + /** + * @dev Add an offset to a slot to get the n-th element of a structure or an array. + */ + function offset(bytes32 slot, uint256 pos) internal pure returns (bytes32 result) { + unchecked { + return bytes32(uint256(slot) + pos); + } + } + + /** + * @dev Derive the location of the first element in an array from the slot where the length is stored. + */ + function deriveArray(bytes32 slot) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, slot) + result := keccak256(0x00, 0x20) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, address key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, and(key, shr(96, not(0)))) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, bool key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, iszero(iszero(key))) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, bytes32 key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, key) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, uint256 key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, key) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, int256 key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, key) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, string memory key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + let length := mload(key) + let begin := add(key, 0x20) + let end := add(begin, length) + let cache := mload(end) + mstore(end, slot) + result := keccak256(begin, add(length, 0x20)) + mstore(end, cache) + } + } + + /** + * @dev Derive the location of a mapping element from the key. + */ + function deriveMapping(bytes32 slot, bytes memory key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + let length := mload(key) + let begin := add(key, 0x20) + let end := add(begin, length) + let cache := mload(end) + mstore(end, slot) + result := keccak256(begin, add(length, 0x20)) + mstore(end, cache) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/StorageSlot.sol b/dependencies/@openzeppelin/contracts/utils/StorageSlot.sol new file mode 100644 index 00000000..2e4f736d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/StorageSlot.sol @@ -0,0 +1,311 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol) +// This file was procedurally generated from scripts/generate/templates/StorageSlot.js. + +pragma solidity ^0.8.24; + +/** + * @dev Library for reading and writing primitive types to specific storage slots. + * + * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. + * This library helps with reading and writing to such slots without the need for inline assembly. + * + * The functions in this library return Slot structs that contain a `value` member that can be used to read or write. + * + * Example usage to set ERC-1967 implementation slot: + * ```solidity + * contract ERC1967 { + * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot. + * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; + * + * function _getImplementation() internal view returns (address) { + * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; + * } + * + * function _setImplementation(address newImplementation) internal { + * require(newImplementation.code.length > 0); + * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; + * } + * } + * ``` + * + * Since version 5.1, this library also support writing and reading value types to and from transient storage. + * + * * Example using transient storage: + * ```solidity + * contract Lock { + * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot. + * bytes32 internal constant _LOCK_SLOT = 0xf4678858b2b588224636b8522b729e7722d32fc491da849ed75b3fdf3c84f542; + * + * modifier locked() { + * require(!_LOCK_SLOT.asBoolean().tload()); + * + * _LOCK_SLOT.asBoolean().tstore(true); + * _; + * _LOCK_SLOT.asBoolean().tstore(false); + * } + * } + * ``` + * + * TIP: Consider using this library along with {SlotDerivation}. + */ +library StorageSlot { + struct AddressSlot { + address value; + } + + struct BooleanSlot { + bool value; + } + + struct Bytes32Slot { + bytes32 value; + } + + struct Uint256Slot { + uint256 value; + } + + struct Int256Slot { + int256 value; + } + + struct StringSlot { + string value; + } + + struct BytesSlot { + bytes value; + } + + /** + * @dev Returns an `AddressSlot` with member `value` located at `slot`. + */ + function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns a `BooleanSlot` with member `value` located at `slot`. + */ + function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns a `Bytes32Slot` with member `value` located at `slot`. + */ + function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns a `Uint256Slot` with member `value` located at `slot`. + */ + function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns a `Int256Slot` with member `value` located at `slot`. + */ + function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns a `StringSlot` with member `value` located at `slot`. + */ + function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns an `StringSlot` representation of the string storage pointer `store`. + */ + function getStringSlot(string storage store) internal pure returns (StringSlot storage r) { + assembly ("memory-safe") { + r.slot := store.slot + } + } + + /** + * @dev Returns a `BytesSlot` with member `value` located at `slot`. + */ + function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) { + assembly ("memory-safe") { + r.slot := slot + } + } + + /** + * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`. + */ + function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) { + assembly ("memory-safe") { + r.slot := store.slot + } + } + + /** + * @dev UDVT that represent a slot holding a address. + */ + type AddressSlotType is bytes32; + + /** + * @dev Cast an arbitrary slot to a AddressSlotType. + */ + function asAddress(bytes32 slot) internal pure returns (AddressSlotType) { + return AddressSlotType.wrap(slot); + } + + /** + * @dev UDVT that represent a slot holding a bool. + */ + type BooleanSlotType is bytes32; + + /** + * @dev Cast an arbitrary slot to a BooleanSlotType. + */ + function asBoolean(bytes32 slot) internal pure returns (BooleanSlotType) { + return BooleanSlotType.wrap(slot); + } + + /** + * @dev UDVT that represent a slot holding a bytes32. + */ + type Bytes32SlotType is bytes32; + + /** + * @dev Cast an arbitrary slot to a Bytes32SlotType. + */ + function asBytes32(bytes32 slot) internal pure returns (Bytes32SlotType) { + return Bytes32SlotType.wrap(slot); + } + + /** + * @dev UDVT that represent a slot holding a uint256. + */ + type Uint256SlotType is bytes32; + + /** + * @dev Cast an arbitrary slot to a Uint256SlotType. + */ + function asUint256(bytes32 slot) internal pure returns (Uint256SlotType) { + return Uint256SlotType.wrap(slot); + } + + /** + * @dev UDVT that represent a slot holding a int256. + */ + type Int256SlotType is bytes32; + + /** + * @dev Cast an arbitrary slot to a Int256SlotType. + */ + function asInt256(bytes32 slot) internal pure returns (Int256SlotType) { + return Int256SlotType.wrap(slot); + } + + /** + * @dev Load the value held at location `slot` in transient storage. + */ + function tload(AddressSlotType slot) internal view returns (address value) { + assembly ("memory-safe") { + value := tload(slot) + } + } + + /** + * @dev Store `value` at location `slot` in transient storage. + */ + function tstore(AddressSlotType slot, address value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } + } + + /** + * @dev Load the value held at location `slot` in transient storage. + */ + function tload(BooleanSlotType slot) internal view returns (bool value) { + assembly ("memory-safe") { + value := tload(slot) + } + } + + /** + * @dev Store `value` at location `slot` in transient storage. + */ + function tstore(BooleanSlotType slot, bool value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } + } + + /** + * @dev Load the value held at location `slot` in transient storage. + */ + function tload(Bytes32SlotType slot) internal view returns (bytes32 value) { + assembly ("memory-safe") { + value := tload(slot) + } + } + + /** + * @dev Store `value` at location `slot` in transient storage. + */ + function tstore(Bytes32SlotType slot, bytes32 value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } + } + + /** + * @dev Load the value held at location `slot` in transient storage. + */ + function tload(Uint256SlotType slot) internal view returns (uint256 value) { + assembly ("memory-safe") { + value := tload(slot) + } + } + + /** + * @dev Store `value` at location `slot` in transient storage. + */ + function tstore(Uint256SlotType slot, uint256 value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } + } + + /** + * @dev Load the value held at location `slot` in transient storage. + */ + function tload(Int256SlotType slot) internal view returns (int256 value) { + assembly ("memory-safe") { + value := tload(slot) + } + } + + /** + * @dev Store `value` at location `slot` in transient storage. + */ + function tstore(Int256SlotType slot, int256 value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/Strings.sol b/dependencies/@openzeppelin/contracts/utils/Strings.sol new file mode 100644 index 00000000..5448060b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/Strings.sol @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol) + +pragma solidity ^0.8.20; + +import {Math} from "./math/Math.sol"; +import {SignedMath} from "./math/SignedMath.sol"; + +/** + * @dev String operations. + */ +library Strings { + bytes16 private constant HEX_DIGITS = "0123456789abcdef"; + uint8 private constant ADDRESS_LENGTH = 20; + + /** + * @dev The `value` string doesn't fit in the specified `length`. + */ + error StringsInsufficientHexLength(uint256 value, uint256 length); + + /** + * @dev Converts a `uint256` to its ASCII `string` decimal representation. + */ + function toString(uint256 value) internal pure returns (string memory) { + unchecked { + uint256 length = Math.log10(value) + 1; + string memory buffer = new string(length); + uint256 ptr; + assembly ("memory-safe") { + ptr := add(buffer, add(32, length)) + } + while (true) { + ptr--; + assembly ("memory-safe") { + mstore8(ptr, byte(mod(value, 10), HEX_DIGITS)) + } + value /= 10; + if (value == 0) break; + } + return buffer; + } + } + + /** + * @dev Converts a `int256` to its ASCII `string` decimal representation. + */ + function toStringSigned(int256 value) internal pure returns (string memory) { + return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value))); + } + + /** + * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. + */ + function toHexString(uint256 value) internal pure returns (string memory) { + unchecked { + return toHexString(value, Math.log256(value) + 1); + } + } + + /** + * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. + */ + function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { + uint256 localValue = value; + bytes memory buffer = new bytes(2 * length + 2); + buffer[0] = "0"; + buffer[1] = "x"; + for (uint256 i = 2 * length + 1; i > 1; --i) { + buffer[i] = HEX_DIGITS[localValue & 0xf]; + localValue >>= 4; + } + if (localValue != 0) { + revert StringsInsufficientHexLength(value, length); + } + return string(buffer); + } + + /** + * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal + * representation. + */ + function toHexString(address addr) internal pure returns (string memory) { + return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH); + } + + /** + * @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal + * representation, according to EIP-55. + */ + function toChecksumHexString(address addr) internal pure returns (string memory) { + bytes memory buffer = bytes(toHexString(addr)); + + // hash the hex part of buffer (skip length + 2 bytes, length 40) + uint256 hashValue; + assembly ("memory-safe") { + hashValue := shr(96, keccak256(add(buffer, 0x22), 40)) + } + + for (uint256 i = 41; i > 1; --i) { + // possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f) + if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) { + // case shift by xoring with 0x20 + buffer[i] ^= 0x20; + } + hashValue >>= 4; + } + return string(buffer); + } + + /** + * @dev Returns true if the two strings are equal. + */ + function equal(string memory a, string memory b) internal pure returns (bool) { + return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b)); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/ECDSA.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/ECDSA.sol new file mode 100644 index 00000000..dc6534a8 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/ECDSA.sol @@ -0,0 +1,180 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations. + * + * These functions can be used to verify that a message was signed by the holder + * of the private keys of a given address. + */ +library ECDSA { + enum RecoverError { + NoError, + InvalidSignature, + InvalidSignatureLength, + InvalidSignatureS + } + + /** + * @dev The signature derives the `address(0)`. + */ + error ECDSAInvalidSignature(); + + /** + * @dev The signature has an invalid length. + */ + error ECDSAInvalidSignatureLength(uint256 length); + + /** + * @dev The signature has an S value that is in the upper half order. + */ + error ECDSAInvalidSignatureS(bytes32 s); + + /** + * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not + * return address(0) without also returning an error description. Errors are documented using an enum (error type) + * and a bytes32 providing additional information about the error. + * + * If no error is returned, then the address can be used for verification purposes. + * + * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures: + * this function rejects them by requiring the `s` value to be in the lower + * half order, and the `v` value to be either 27 or 28. + * + * IMPORTANT: `hash` _must_ be the result of a hash operation for the + * verification to be secure: it is possible to craft signatures that + * recover to arbitrary addresses for non-hashed data. A safe way to ensure + * this is by receiving a hash of the original message (which may otherwise + * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it. + * + * Documentation for signature generation: + * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js] + * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers] + */ + function tryRecover( + bytes32 hash, + bytes memory signature + ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) { + if (signature.length == 65) { + bytes32 r; + bytes32 s; + uint8 v; + // ecrecover takes the signature parameters, and the only way to get them + // currently is to use assembly. + assembly ("memory-safe") { + r := mload(add(signature, 0x20)) + s := mload(add(signature, 0x40)) + v := byte(0, mload(add(signature, 0x60))) + } + return tryRecover(hash, v, r, s); + } else { + return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length)); + } + } + + /** + * @dev Returns the address that signed a hashed message (`hash`) with + * `signature`. This address can then be used for verification purposes. + * + * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures: + * this function rejects them by requiring the `s` value to be in the lower + * half order, and the `v` value to be either 27 or 28. + * + * IMPORTANT: `hash` _must_ be the result of a hash operation for the + * verification to be secure: it is possible to craft signatures that + * recover to arbitrary addresses for non-hashed data. A safe way to ensure + * this is by receiving a hash of the original message (which may otherwise + * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it. + */ + function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { + (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature); + _throwError(error, errorArg); + return recovered; + } + + /** + * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately. + * + * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures] + */ + function tryRecover( + bytes32 hash, + bytes32 r, + bytes32 vs + ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) { + unchecked { + bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); + // We do not check for an overflow here since the shift operation results in 0 or 1. + uint8 v = uint8((uint256(vs) >> 255) + 27); + return tryRecover(hash, v, r, s); + } + } + + /** + * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately. + */ + function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) { + (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs); + _throwError(error, errorArg); + return recovered; + } + + /** + * @dev Overload of {ECDSA-tryRecover} that receives the `v`, + * `r` and `s` signature fields separately. + */ + function tryRecover( + bytes32 hash, + uint8 v, + bytes32 r, + bytes32 s + ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) { + // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature + // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines + // the valid range for s in (301): 0 < s < secp256k1n Γ· 2 + 1, and for v in (302): v ∈ {27, 28}. Most + // signatures from current libraries generate a unique signature with an s-value in the lower half order. + // + // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value + // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or + // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept + // these malleable signatures as well. + if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { + return (address(0), RecoverError.InvalidSignatureS, s); + } + + // If the signature is valid (and not malleable), return the signer address + address signer = ecrecover(hash, v, r, s); + if (signer == address(0)) { + return (address(0), RecoverError.InvalidSignature, bytes32(0)); + } + + return (signer, RecoverError.NoError, bytes32(0)); + } + + /** + * @dev Overload of {ECDSA-recover} that receives the `v`, + * `r` and `s` signature fields separately. + */ + function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) { + (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s); + _throwError(error, errorArg); + return recovered; + } + + /** + * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided. + */ + function _throwError(RecoverError error, bytes32 errorArg) private pure { + if (error == RecoverError.NoError) { + return; // no error: do nothing + } else if (error == RecoverError.InvalidSignature) { + revert ECDSAInvalidSignature(); + } else if (error == RecoverError.InvalidSignatureLength) { + revert ECDSAInvalidSignatureLength(uint256(errorArg)); + } else if (error == RecoverError.InvalidSignatureS) { + revert ECDSAInvalidSignatureS(errorArg); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/EIP712.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/EIP712.sol new file mode 100644 index 00000000..77c4c899 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/EIP712.sol @@ -0,0 +1,160 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/EIP712.sol) + +pragma solidity ^0.8.20; + +import {MessageHashUtils} from "./MessageHashUtils.sol"; +import {ShortStrings, ShortString} from "../ShortStrings.sol"; +import {IERC5267} from "../../interfaces/IERC5267.sol"; + +/** + * @dev https://eips.ethereum.org/EIPS/eip-712[EIP-712] is a standard for hashing and signing of typed structured data. + * + * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose + * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract + * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to + * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`. + * + * This contract implements the EIP-712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding + * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA + * ({_hashTypedDataV4}). + * + * The implementation of the domain separator was designed to be as efficient as possible while still properly updating + * the chain id to protect against replay attacks on an eventual fork of the chain. + * + * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method + * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. + * + * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain + * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the + * separator from the immutable values, which is cheaper than accessing a cached version in cold storage. + * + * @custom:oz-upgrades-unsafe-allow state-variable-immutable + */ +abstract contract EIP712 is IERC5267 { + using ShortStrings for *; + + bytes32 private constant TYPE_HASH = + keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); + + // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to + // invalidate the cached domain separator if the chain id changes. + bytes32 private immutable _cachedDomainSeparator; + uint256 private immutable _cachedChainId; + address private immutable _cachedThis; + + bytes32 private immutable _hashedName; + bytes32 private immutable _hashedVersion; + + ShortString private immutable _name; + ShortString private immutable _version; + string private _nameFallback; + string private _versionFallback; + + /** + * @dev Initializes the domain separator and parameter caches. + * + * The meaning of `name` and `version` is specified in + * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP-712]: + * + * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol. + * - `version`: the current major version of the signing domain. + * + * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart + * contract upgrade]. + */ + constructor(string memory name, string memory version) { + _name = name.toShortStringWithFallback(_nameFallback); + _version = version.toShortStringWithFallback(_versionFallback); + _hashedName = keccak256(bytes(name)); + _hashedVersion = keccak256(bytes(version)); + + _cachedChainId = block.chainid; + _cachedDomainSeparator = _buildDomainSeparator(); + _cachedThis = address(this); + } + + /** + * @dev Returns the domain separator for the current chain. + */ + function _domainSeparatorV4() internal view returns (bytes32) { + if (address(this) == _cachedThis && block.chainid == _cachedChainId) { + return _cachedDomainSeparator; + } else { + return _buildDomainSeparator(); + } + } + + function _buildDomainSeparator() private view returns (bytes32) { + return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this))); + } + + /** + * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this + * function returns the hash of the fully encoded EIP712 message for this domain. + * + * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example: + * + * ```solidity + * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode( + * keccak256("Mail(address to,string contents)"), + * mailTo, + * keccak256(bytes(mailContents)) + * ))); + * address signer = ECDSA.recover(digest, signature); + * ``` + */ + function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) { + return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash); + } + + /** + * @dev See {IERC-5267}. + */ + function eip712Domain() + public + view + virtual + returns ( + bytes1 fields, + string memory name, + string memory version, + uint256 chainId, + address verifyingContract, + bytes32 salt, + uint256[] memory extensions + ) + { + return ( + hex"0f", // 01111 + _EIP712Name(), + _EIP712Version(), + block.chainid, + address(this), + bytes32(0), + new uint256[](0) + ); + } + + /** + * @dev The name parameter for the EIP712 domain. + * + * NOTE: By default this function reads _name which is an immutable value. + * It only reads from storage if necessary (in case the value is too large to fit in a ShortString). + */ + // solhint-disable-next-line func-name-mixedcase + function _EIP712Name() internal view returns (string memory) { + return _name.toStringWithFallback(_nameFallback); + } + + /** + * @dev The version parameter for the EIP712 domain. + * + * NOTE: By default this function reads _version which is an immutable value. + * It only reads from storage if necessary (in case the value is too large to fit in a ShortString). + */ + // solhint-disable-next-line func-name-mixedcase + function _EIP712Version() internal view returns (string memory) { + return _version.toStringWithFallback(_versionFallback); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/Hashes.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/Hashes.sol new file mode 100644 index 00000000..0ed89b30 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/Hashes.sol @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +/** + * @dev Library of standard hash functions. + * + * _Available since v5.1._ + */ +library Hashes { + /** + * @dev Commutative Keccak256 hash of a sorted pair of bytes32. Frequently used when working with merkle proofs. + * + * NOTE: Equivalent to the `standardNodeHash` in our https://github.com/OpenZeppelin/merkle-tree[JavaScript library]. + */ + function commutativeKeccak256(bytes32 a, bytes32 b) internal pure returns (bytes32) { + return a < b ? _efficientKeccak256(a, b) : _efficientKeccak256(b, a); + } + + /** + * @dev Implementation of keccak256(abi.encode(a, b)) that doesn't allocate or expand memory. + */ + function _efficientKeccak256(bytes32 a, bytes32 b) private pure returns (bytes32 value) { + assembly ("memory-safe") { + mstore(0x00, a) + mstore(0x20, b) + value := keccak256(0x00, 0x40) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/MerkleProof.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/MerkleProof.sol new file mode 100644 index 00000000..a8658013 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/MerkleProof.sol @@ -0,0 +1,514 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MerkleProof.sol) +// This file was procedurally generated from scripts/generate/templates/MerkleProof.js. + +pragma solidity ^0.8.20; + +import {Hashes} from "./Hashes.sol"; + +/** + * @dev These functions deal with verification of Merkle Tree proofs. + * + * The tree and the proofs can be generated using our + * https://github.com/OpenZeppelin/merkle-tree[JavaScript library]. + * You will find a quickstart guide in the readme. + * + * WARNING: You should avoid using leaf values that are 64 bytes long prior to + * hashing, or use a hash function other than keccak256 for hashing leaves. + * This is because the concatenation of a sorted pair of internal nodes in + * the Merkle tree could be reinterpreted as a leaf value. + * OpenZeppelin's JavaScript library generates Merkle trees that are safe + * against this attack out of the box. + * + * IMPORTANT: Consider memory side-effects when using custom hashing functions + * that access memory in an unsafe way. + * + * NOTE: This library supports proof verification for merkle trees built using + * custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving + * leaf inclusion in trees built using non-commutative hashing functions requires + * additional logic that is not supported by this library. + */ +library MerkleProof { + /** + *@dev The multiproof provided is not valid. + */ + error MerkleProofInvalidMultiproof(); + + /** + * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree + * defined by `root`. For this, a `proof` must be provided, containing + * sibling hashes on the branch from the leaf to the root of the tree. Each + * pair of leaves and each pair of pre-images are assumed to be sorted. + * + * This version handles proofs in memory with the default hashing function. + */ + function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) { + return processProof(proof, leaf) == root; + } + + /** + * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up + * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt + * hash matches the root of the tree. When processing the proof, the pairs + * of leaves & pre-images are assumed to be sorted. + * + * This version handles proofs in memory with the default hashing function. + */ + function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) { + bytes32 computedHash = leaf; + for (uint256 i = 0; i < proof.length; i++) { + computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]); + } + return computedHash; + } + + /** + * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree + * defined by `root`. For this, a `proof` must be provided, containing + * sibling hashes on the branch from the leaf to the root of the tree. Each + * pair of leaves and each pair of pre-images are assumed to be sorted. + * + * This version handles proofs in memory with a custom hashing function. + */ + function verify( + bytes32[] memory proof, + bytes32 root, + bytes32 leaf, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bool) { + return processProof(proof, leaf, hasher) == root; + } + + /** + * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up + * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt + * hash matches the root of the tree. When processing the proof, the pairs + * of leaves & pre-images are assumed to be sorted. + * + * This version handles proofs in memory with a custom hashing function. + */ + function processProof( + bytes32[] memory proof, + bytes32 leaf, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bytes32) { + bytes32 computedHash = leaf; + for (uint256 i = 0; i < proof.length; i++) { + computedHash = hasher(computedHash, proof[i]); + } + return computedHash; + } + + /** + * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree + * defined by `root`. For this, a `proof` must be provided, containing + * sibling hashes on the branch from the leaf to the root of the tree. Each + * pair of leaves and each pair of pre-images are assumed to be sorted. + * + * This version handles proofs in calldata with the default hashing function. + */ + function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) { + return processProofCalldata(proof, leaf) == root; + } + + /** + * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up + * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt + * hash matches the root of the tree. When processing the proof, the pairs + * of leaves & pre-images are assumed to be sorted. + * + * This version handles proofs in calldata with the default hashing function. + */ + function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) { + bytes32 computedHash = leaf; + for (uint256 i = 0; i < proof.length; i++) { + computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]); + } + return computedHash; + } + + /** + * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree + * defined by `root`. For this, a `proof` must be provided, containing + * sibling hashes on the branch from the leaf to the root of the tree. Each + * pair of leaves and each pair of pre-images are assumed to be sorted. + * + * This version handles proofs in calldata with a custom hashing function. + */ + function verifyCalldata( + bytes32[] calldata proof, + bytes32 root, + bytes32 leaf, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bool) { + return processProofCalldata(proof, leaf, hasher) == root; + } + + /** + * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up + * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt + * hash matches the root of the tree. When processing the proof, the pairs + * of leaves & pre-images are assumed to be sorted. + * + * This version handles proofs in calldata with a custom hashing function. + */ + function processProofCalldata( + bytes32[] calldata proof, + bytes32 leaf, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bytes32) { + bytes32 computedHash = leaf; + for (uint256 i = 0; i < proof.length; i++) { + computedHash = hasher(computedHash, proof[i]); + } + return computedHash; + } + + /** + * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by + * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}. + * + * This version handles multiproofs in memory with the default hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details. + * + * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`. + * The `leaves` must be validated independently. See {processMultiProof}. + */ + function multiProofVerify( + bytes32[] memory proof, + bool[] memory proofFlags, + bytes32 root, + bytes32[] memory leaves + ) internal pure returns (bool) { + return processMultiProof(proof, proofFlags, leaves) == root; + } + + /** + * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction + * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another + * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false + * respectively. + * + * This version handles multiproofs in memory with the default hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree + * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the + * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer). + * + * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op, + * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not + * validating the leaves elsewhere. + */ + function processMultiProof( + bytes32[] memory proof, + bool[] memory proofFlags, + bytes32[] memory leaves + ) internal pure returns (bytes32 merkleRoot) { + // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by + // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the + // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of + // the Merkle tree. + uint256 leavesLen = leaves.length; + uint256 proofFlagsLen = proofFlags.length; + + // Check proof validity. + if (leavesLen + proof.length != proofFlagsLen + 1) { + revert MerkleProofInvalidMultiproof(); + } + + // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using + // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop". + bytes32[] memory hashes = new bytes32[](proofFlagsLen); + uint256 leafPos = 0; + uint256 hashPos = 0; + uint256 proofPos = 0; + // At each step, we compute the next hash using two values: + // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we + // get the next hash. + // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the + // `proof` array. + for (uint256 i = 0; i < proofFlagsLen; i++) { + bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]; + bytes32 b = proofFlags[i] + ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]) + : proof[proofPos++]; + hashes[i] = Hashes.commutativeKeccak256(a, b); + } + + if (proofFlagsLen > 0) { + if (proofPos != proof.length) { + revert MerkleProofInvalidMultiproof(); + } + unchecked { + return hashes[proofFlagsLen - 1]; + } + } else if (leavesLen > 0) { + return leaves[0]; + } else { + return proof[0]; + } + } + + /** + * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by + * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}. + * + * This version handles multiproofs in memory with a custom hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details. + * + * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`. + * The `leaves` must be validated independently. See {processMultiProof}. + */ + function multiProofVerify( + bytes32[] memory proof, + bool[] memory proofFlags, + bytes32 root, + bytes32[] memory leaves, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bool) { + return processMultiProof(proof, proofFlags, leaves, hasher) == root; + } + + /** + * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction + * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another + * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false + * respectively. + * + * This version handles multiproofs in memory with a custom hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree + * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the + * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer). + * + * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op, + * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not + * validating the leaves elsewhere. + */ + function processMultiProof( + bytes32[] memory proof, + bool[] memory proofFlags, + bytes32[] memory leaves, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bytes32 merkleRoot) { + // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by + // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the + // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of + // the Merkle tree. + uint256 leavesLen = leaves.length; + uint256 proofFlagsLen = proofFlags.length; + + // Check proof validity. + if (leavesLen + proof.length != proofFlagsLen + 1) { + revert MerkleProofInvalidMultiproof(); + } + + // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using + // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop". + bytes32[] memory hashes = new bytes32[](proofFlagsLen); + uint256 leafPos = 0; + uint256 hashPos = 0; + uint256 proofPos = 0; + // At each step, we compute the next hash using two values: + // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we + // get the next hash. + // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the + // `proof` array. + for (uint256 i = 0; i < proofFlagsLen; i++) { + bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]; + bytes32 b = proofFlags[i] + ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]) + : proof[proofPos++]; + hashes[i] = hasher(a, b); + } + + if (proofFlagsLen > 0) { + if (proofPos != proof.length) { + revert MerkleProofInvalidMultiproof(); + } + unchecked { + return hashes[proofFlagsLen - 1]; + } + } else if (leavesLen > 0) { + return leaves[0]; + } else { + return proof[0]; + } + } + + /** + * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by + * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}. + * + * This version handles multiproofs in calldata with the default hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details. + * + * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`. + * The `leaves` must be validated independently. See {processMultiProofCalldata}. + */ + function multiProofVerifyCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32 root, + bytes32[] memory leaves + ) internal pure returns (bool) { + return processMultiProofCalldata(proof, proofFlags, leaves) == root; + } + + /** + * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction + * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another + * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false + * respectively. + * + * This version handles multiproofs in calldata with the default hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree + * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the + * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer). + * + * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op, + * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not + * validating the leaves elsewhere. + */ + function processMultiProofCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32[] memory leaves + ) internal pure returns (bytes32 merkleRoot) { + // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by + // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the + // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of + // the Merkle tree. + uint256 leavesLen = leaves.length; + uint256 proofFlagsLen = proofFlags.length; + + // Check proof validity. + if (leavesLen + proof.length != proofFlagsLen + 1) { + revert MerkleProofInvalidMultiproof(); + } + + // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using + // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop". + bytes32[] memory hashes = new bytes32[](proofFlagsLen); + uint256 leafPos = 0; + uint256 hashPos = 0; + uint256 proofPos = 0; + // At each step, we compute the next hash using two values: + // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we + // get the next hash. + // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the + // `proof` array. + for (uint256 i = 0; i < proofFlagsLen; i++) { + bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]; + bytes32 b = proofFlags[i] + ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]) + : proof[proofPos++]; + hashes[i] = Hashes.commutativeKeccak256(a, b); + } + + if (proofFlagsLen > 0) { + if (proofPos != proof.length) { + revert MerkleProofInvalidMultiproof(); + } + unchecked { + return hashes[proofFlagsLen - 1]; + } + } else if (leavesLen > 0) { + return leaves[0]; + } else { + return proof[0]; + } + } + + /** + * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by + * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}. + * + * This version handles multiproofs in calldata with a custom hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details. + * + * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`. + * The `leaves` must be validated independently. See {processMultiProofCalldata}. + */ + function multiProofVerifyCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32 root, + bytes32[] memory leaves, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bool) { + return processMultiProofCalldata(proof, proofFlags, leaves, hasher) == root; + } + + /** + * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction + * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another + * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false + * respectively. + * + * This version handles multiproofs in calldata with a custom hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree + * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the + * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer). + * + * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op, + * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not + * validating the leaves elsewhere. + */ + function processMultiProofCalldata( + bytes32[] calldata proof, + bool[] calldata proofFlags, + bytes32[] memory leaves, + function(bytes32, bytes32) view returns (bytes32) hasher + ) internal view returns (bytes32 merkleRoot) { + // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by + // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the + // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of + // the Merkle tree. + uint256 leavesLen = leaves.length; + uint256 proofFlagsLen = proofFlags.length; + + // Check proof validity. + if (leavesLen + proof.length != proofFlagsLen + 1) { + revert MerkleProofInvalidMultiproof(); + } + + // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using + // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop". + bytes32[] memory hashes = new bytes32[](proofFlagsLen); + uint256 leafPos = 0; + uint256 hashPos = 0; + uint256 proofPos = 0; + // At each step, we compute the next hash using two values: + // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we + // get the next hash. + // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the + // `proof` array. + for (uint256 i = 0; i < proofFlagsLen; i++) { + bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]; + bytes32 b = proofFlags[i] + ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]) + : proof[proofPos++]; + hashes[i] = hasher(a, b); + } + + if (proofFlagsLen > 0) { + if (proofPos != proof.length) { + revert MerkleProofInvalidMultiproof(); + } + unchecked { + return hashes[proofFlagsLen - 1]; + } + } else if (leavesLen > 0) { + return leaves[0]; + } else { + return proof[0]; + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol new file mode 100644 index 00000000..35746ce7 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol) + +pragma solidity ^0.8.20; + +import {Strings} from "../Strings.sol"; + +/** + * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing. + * + * The library provides methods for generating a hash of a message that conforms to the + * https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712] + * specifications. + */ +library MessageHashUtils { + /** + * @dev Returns the keccak256 digest of an ERC-191 signed data with version + * `0x45` (`personal_sign` messages). + * + * The digest is calculated by prefixing a bytes32 `messageHash` with + * `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the + * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method. + * + * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with + * keccak256, although any bytes32 value can be safely used because the final digest will + * be re-hashed. + * + * See {ECDSA-recover}. + */ + function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) { + assembly ("memory-safe") { + mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash + mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix + digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20) + } + } + + /** + * @dev Returns the keccak256 digest of an ERC-191 signed data with version + * `0x45` (`personal_sign` messages). + * + * The digest is calculated by prefixing an arbitrary `message` with + * `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the + * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method. + * + * See {ECDSA-recover}. + */ + function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) { + return + keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message)); + } + + /** + * @dev Returns the keccak256 digest of an ERC-191 signed data with version + * `0x00` (data with intended validator). + * + * The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended + * `validator` address. Then hashing the result. + * + * See {ECDSA-recover}. + */ + function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) { + return keccak256(abi.encodePacked(hex"19_00", validator, data)); + } + + /** + * @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`). + * + * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with + * `\x19\x01` and hashing the result. It corresponds to the hash signed by the + * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712. + * + * See {ECDSA-recover}. + */ + function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) { + assembly ("memory-safe") { + let ptr := mload(0x40) + mstore(ptr, hex"19_01") + mstore(add(ptr, 0x02), domainSeparator) + mstore(add(ptr, 0x22), structHash) + digest := keccak256(ptr, 0x42) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/P256.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/P256.sol new file mode 100644 index 00000000..3028505b --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/P256.sol @@ -0,0 +1,369 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; +import {Errors} from "../Errors.sol"; + +/** + * @dev Implementation of secp256r1 verification and recovery functions. + * + * The secp256r1 curve (also known as P256) is a NIST standard curve with wide support in modern devices + * and cryptographic standards. Some notable examples include Apple's Secure Enclave and Android's Keystore + * as well as authentication protocols like FIDO2. + * + * Based on the original https://github.com/itsobvioustech/aa-passkeys-wallet/blob/d3d423f28a4d8dfcb203c7fa0c47f42592a7378e/src/Secp256r1.sol[implementation of itsobvioustech] (GNU General Public License v3.0). + * Heavily inspired in https://github.com/maxrobot/elliptic-solidity/blob/c4bb1b6e8ae89534d8db3a6b3a6b52219100520f/contracts/Secp256r1.sol[maxrobot] and + * https://github.com/tdrerup/elliptic-curve-solidity/blob/59a9c25957d4d190eff53b6610731d81a077a15e/contracts/curves/EllipticCurve.sol[tdrerup] implementations. + * + * _Available since v5.1._ + */ +library P256 { + struct JPoint { + uint256 x; + uint256 y; + uint256 z; + } + + /// @dev Generator (x component) + uint256 internal constant GX = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296; + /// @dev Generator (y component) + uint256 internal constant GY = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5; + /// @dev P (size of the field) + uint256 internal constant P = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF; + /// @dev N (order of G) + uint256 internal constant N = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551; + /// @dev A parameter of the weierstrass equation + uint256 internal constant A = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC; + /// @dev B parameter of the weierstrass equation + uint256 internal constant B = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B; + + /// @dev (P + 1) / 4. Useful to compute sqrt + uint256 private constant P1DIV4 = 0x3fffffffc0000000400000000000000000000000400000000000000000000000; + + /// @dev N/2 for excluding higher order `s` values + uint256 private constant HALF_N = 0x7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8; + + /** + * @dev Verifies a secp256r1 signature using the RIP-7212 precompile and falls back to the Solidity implementation + * if the precompile is not available. This version should work on all chains, but requires the deployment of more + * bytecode. + * + * @param h - hashed message + * @param r - signature half R + * @param s - signature half S + * @param qx - public key coordinate X + * @param qy - public key coordinate Y + * + * IMPORTANT: This function disallows signatures where the `s` value is above `N/2` to prevent malleability. + * To flip the `s` value, compute `s = N - s`. + */ + function verify(bytes32 h, bytes32 r, bytes32 s, bytes32 qx, bytes32 qy) internal view returns (bool) { + (bool valid, bool supported) = _tryVerifyNative(h, r, s, qx, qy); + return supported ? valid : verifySolidity(h, r, s, qx, qy); + } + + /** + * @dev Same as {verify}, but it will revert if the required precompile is not available. + * + * Make sure any logic (code or precompile) deployed at that address is the expected one, + * otherwise the returned value may be misinterpreted as a positive boolean. + */ + function verifyNative(bytes32 h, bytes32 r, bytes32 s, bytes32 qx, bytes32 qy) internal view returns (bool) { + (bool valid, bool supported) = _tryVerifyNative(h, r, s, qx, qy); + if (supported) { + return valid; + } else { + revert Errors.MissingPrecompile(address(0x100)); + } + } + + /** + * @dev Same as {verify}, but it will return false if the required precompile is not available. + */ + function _tryVerifyNative( + bytes32 h, + bytes32 r, + bytes32 s, + bytes32 qx, + bytes32 qy + ) private view returns (bool valid, bool supported) { + if (!_isProperSignature(r, s) || !isValidPublicKey(qx, qy)) { + return (false, true); // signature is invalid, and its not because the precompile is missing + } + + (bool success, bytes memory returndata) = address(0x100).staticcall(abi.encode(h, r, s, qx, qy)); + return (success && returndata.length == 0x20) ? (abi.decode(returndata, (bool)), true) : (false, false); + } + + /** + * @dev Same as {verify}, but only the Solidity implementation is used. + */ + function verifySolidity(bytes32 h, bytes32 r, bytes32 s, bytes32 qx, bytes32 qy) internal view returns (bool) { + if (!_isProperSignature(r, s) || !isValidPublicKey(qx, qy)) { + return false; + } + + JPoint[16] memory points = _preComputeJacobianPoints(uint256(qx), uint256(qy)); + uint256 w = Math.invModPrime(uint256(s), N); + uint256 u1 = mulmod(uint256(h), w, N); + uint256 u2 = mulmod(uint256(r), w, N); + (uint256 x, ) = _jMultShamir(points, u1, u2); + return ((x % N) == uint256(r)); + } + + /** + * @dev Public key recovery + * + * @param h - hashed message + * @param v - signature recovery param + * @param r - signature half R + * @param s - signature half S + * + * IMPORTANT: This function disallows signatures where the `s` value is above `N/2` to prevent malleability. + * To flip the `s` value, compute `s = N - s` and `v = 1 - v` if (`v = 0 | 1`). + */ + function recovery(bytes32 h, uint8 v, bytes32 r, bytes32 s) internal view returns (bytes32 x, bytes32 y) { + if (!_isProperSignature(r, s) || v > 1) { + return (0, 0); + } + + uint256 p = P; // cache P on the stack + uint256 rx = uint256(r); + uint256 ry2 = addmod(mulmod(addmod(mulmod(rx, rx, p), A, p), rx, p), B, p); // weierstrass equation yΒ² = xΒ³ + a.x + b + uint256 ry = Math.modExp(ry2, P1DIV4, p); // This formula for sqrt work because P ≑ 3 (mod 4) + if (mulmod(ry, ry, p) != ry2) return (0, 0); // Sanity check + if (ry % 2 != v) ry = p - ry; + + JPoint[16] memory points = _preComputeJacobianPoints(rx, ry); + uint256 w = Math.invModPrime(uint256(r), N); + uint256 u1 = mulmod(N - (uint256(h) % N), w, N); + uint256 u2 = mulmod(uint256(s), w, N); + (uint256 xU, uint256 yU) = _jMultShamir(points, u1, u2); + return (bytes32(xU), bytes32(yU)); + } + + /** + * @dev Checks if (x, y) are valid coordinates of a point on the curve. + * In particular this function checks that x < P and y < P. + */ + function isValidPublicKey(bytes32 x, bytes32 y) internal pure returns (bool result) { + assembly ("memory-safe") { + let p := P + let lhs := mulmod(y, y, p) // y^2 + let rhs := addmod(mulmod(addmod(mulmod(x, x, p), A, p), x, p), B, p) // ((x^2 + a) * x) + b = x^3 + ax + b + result := and(and(lt(x, p), lt(y, p)), eq(lhs, rhs)) // Should conform with the Weierstrass equation + } + } + + /** + * @dev Checks if (r, s) is a proper signature. + * In particular, this checks that `s` is in the "lower-range", making the signature non-malleable. + */ + function _isProperSignature(bytes32 r, bytes32 s) private pure returns (bool) { + return uint256(r) > 0 && uint256(r) < N && uint256(s) > 0 && uint256(s) <= HALF_N; + } + + /** + * @dev Reduce from jacobian to affine coordinates + * @param jx - jacobian coordinate x + * @param jy - jacobian coordinate y + * @param jz - jacobian coordinate z + * @return ax - affine coordinate x + * @return ay - affine coordinate y + */ + function _affineFromJacobian(uint256 jx, uint256 jy, uint256 jz) private view returns (uint256 ax, uint256 ay) { + if (jz == 0) return (0, 0); + uint256 p = P; // cache P on the stack + uint256 zinv = Math.invModPrime(jz, p); + assembly ("memory-safe") { + let zzinv := mulmod(zinv, zinv, p) + ax := mulmod(jx, zzinv, p) + ay := mulmod(jy, mulmod(zzinv, zinv, p), p) + } + } + + /** + * @dev Point addition on the jacobian coordinates + * Reference: https://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#addition-add-1998-cmo-2 + * + * Note that: + * + * - `addition-add-1998-cmo-2` doesn't support identical input points. This version is modified to use + * the `h` and `r` values computed by `addition-add-1998-cmo-2` to detect identical inputs, and fallback to + * `doubling-dbl-1998-cmo-2` if needed. + * - if one of the points is at infinity (i.e. `z=0`), the result is undefined. + */ + function _jAdd( + JPoint memory p1, + uint256 x2, + uint256 y2, + uint256 z2 + ) private pure returns (uint256 rx, uint256 ry, uint256 rz) { + assembly ("memory-safe") { + let p := P + let z1 := mload(add(p1, 0x40)) + let zz1 := mulmod(z1, z1, p) // zz1 = z1Β² + let s1 := mulmod(mload(add(p1, 0x20)), mulmod(mulmod(z2, z2, p), z2, p), p) // s1 = y1*z2Β³ + let r := addmod(mulmod(y2, mulmod(zz1, z1, p), p), sub(p, s1), p) // r = s2-s1 = y2*z1Β³-s1 = y2*z1Β³-y1*z2Β³ + let u1 := mulmod(mload(p1), mulmod(z2, z2, p), p) // u1 = x1*z2Β² + let h := addmod(mulmod(x2, zz1, p), sub(p, u1), p) // h = u2-u1 = x2*z1Β²-u1 = x2*z1Β²-x1*z2Β² + + // detect edge cases where inputs are identical + switch and(iszero(r), iszero(h)) + // case 0: points are different + case 0 { + let hh := mulmod(h, h, p) // hΒ² + + // x' = rΒ²-hΒ³-2*u1*hΒ² + rx := addmod( + addmod(mulmod(r, r, p), sub(p, mulmod(h, hh, p)), p), + sub(p, mulmod(2, mulmod(u1, hh, p), p)), + p + ) + // y' = r*(u1*hΒ²-x')-s1*hΒ³ + ry := addmod( + mulmod(r, addmod(mulmod(u1, hh, p), sub(p, rx), p), p), + sub(p, mulmod(s1, mulmod(h, hh, p), p)), + p + ) + // z' = h*z1*z2 + rz := mulmod(h, mulmod(z1, z2, p), p) + } + // case 1: points are equal + case 1 { + let x := x2 + let y := y2 + let z := z2 + let yy := mulmod(y, y, p) + let zz := mulmod(z, z, p) + let m := addmod(mulmod(3, mulmod(x, x, p), p), mulmod(A, mulmod(zz, zz, p), p), p) // m = 3*xΒ²+a*z⁴ + let s := mulmod(4, mulmod(x, yy, p), p) // s = 4*x*yΒ² + + // x' = t = mΒ²-2*s + rx := addmod(mulmod(m, m, p), sub(p, mulmod(2, s, p)), p) + + // y' = m*(s-t)-8*y⁴ = m*(s-x')-8*y⁴ + // cut the computation to avoid stack too deep + let rytmp1 := sub(p, mulmod(8, mulmod(yy, yy, p), p)) // -8*y⁴ + let rytmp2 := addmod(s, sub(p, rx), p) // s-x' + ry := addmod(mulmod(m, rytmp2, p), rytmp1, p) // m*(s-x')-8*y⁴ + + // z' = 2*y*z + rz := mulmod(2, mulmod(y, z, p), p) + } + } + } + + /** + * @dev Point doubling on the jacobian coordinates + * Reference: https://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 + */ + function _jDouble(uint256 x, uint256 y, uint256 z) private pure returns (uint256 rx, uint256 ry, uint256 rz) { + assembly ("memory-safe") { + let p := P + let yy := mulmod(y, y, p) + let zz := mulmod(z, z, p) + let m := addmod(mulmod(3, mulmod(x, x, p), p), mulmod(A, mulmod(zz, zz, p), p), p) // m = 3*xΒ²+a*z⁴ + let s := mulmod(4, mulmod(x, yy, p), p) // s = 4*x*yΒ² + + // x' = t = mΒ²-2*s + rx := addmod(mulmod(m, m, p), sub(p, mulmod(2, s, p)), p) + // y' = m*(s-t)-8*y⁴ = m*(s-x')-8*y⁴ + ry := addmod(mulmod(m, addmod(s, sub(p, rx), p), p), sub(p, mulmod(8, mulmod(yy, yy, p), p)), p) + // z' = 2*y*z + rz := mulmod(2, mulmod(y, z, p), p) + } + } + + /** + * @dev Compute GΒ·u1 + PΒ·u2 using the precomputed points for G and P (see {_preComputeJacobianPoints}). + * + * Uses Strauss Shamir trick for EC multiplication + * https://stackoverflow.com/questions/50993471/ec-scalar-multiplication-with-strauss-shamir-method + * + * We optimize this for 2 bits at a time rather than a single bit. The individual points for a single pass are + * precomputed. Overall this reduces the number of additions while keeping the same number of + * doublings + */ + function _jMultShamir( + JPoint[16] memory points, + uint256 u1, + uint256 u2 + ) private view returns (uint256 rx, uint256 ry) { + uint256 x = 0; + uint256 y = 0; + uint256 z = 0; + unchecked { + for (uint256 i = 0; i < 128; ++i) { + if (z > 0) { + (x, y, z) = _jDouble(x, y, z); + (x, y, z) = _jDouble(x, y, z); + } + // Read 2 bits of u1, and 2 bits of u2. Combining the two gives the lookup index in the table. + uint256 pos = ((u1 >> 252) & 0xc) | ((u2 >> 254) & 0x3); + // Points that have z = 0 are points at infinity. They are the additive 0 of the group + // - if the lookup point is a 0, we can skip it + // - otherwise: + // - if the current point (x, y, z) is 0, we use the lookup point as our new value (0+P=P) + // - if the current point (x, y, z) is not 0, both points are valid and we can use `_jAdd` + if (points[pos].z != 0) { + if (z == 0) { + (x, y, z) = (points[pos].x, points[pos].y, points[pos].z); + } else { + (x, y, z) = _jAdd(points[pos], x, y, z); + } + } + u1 <<= 2; + u2 <<= 2; + } + } + return _affineFromJacobian(x, y, z); + } + + /** + * @dev Precompute a matrice of useful jacobian points associated with a given P. This can be seen as a 4x4 matrix + * that contains combination of P and G (generator) up to 3 times each. See the table below: + * + * β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” + * β”‚ i β”‚ 0 1 2 3 β”‚ + * β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ + * β”‚ 0 β”‚ 0 p 2p 3p β”‚ + * β”‚ 4 β”‚ g g+p g+2p g+3p β”‚ + * β”‚ 8 β”‚ 2g 2g+p 2g+2p 2g+3p β”‚ + * β”‚ 12 β”‚ 3g 3g+p 3g+2p 3g+3p β”‚ + * β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ + * + * Note that `_jAdd` (and thus `_jAddPoint`) does not handle the case where one of the inputs is a point at + * infinity (z = 0). However, we know that since `N ≑ 1 mod 2` and `N ≑ 1 mod 3`, there is no point P such that + * 2P = 0 or 3P = 0. This guarantees that g, 2g, 3g, p, 2p, 3p are all non-zero, and that all `_jAddPoint` calls + * have valid inputs. + */ + function _preComputeJacobianPoints(uint256 px, uint256 py) private pure returns (JPoint[16] memory points) { + points[0x00] = JPoint(0, 0, 0); // 0,0 + points[0x01] = JPoint(px, py, 1); // 1,0 (p) + points[0x04] = JPoint(GX, GY, 1); // 0,1 (g) + points[0x02] = _jDoublePoint(points[0x01]); // 2,0 (2p) + points[0x08] = _jDoublePoint(points[0x04]); // 0,2 (2g) + points[0x03] = _jAddPoint(points[0x01], points[0x02]); // 3,0 (p+2p = 3p) + points[0x05] = _jAddPoint(points[0x01], points[0x04]); // 1,1 (p+g) + points[0x06] = _jAddPoint(points[0x02], points[0x04]); // 2,1 (2p+g) + points[0x07] = _jAddPoint(points[0x03], points[0x04]); // 3,1 (3p+g) + points[0x09] = _jAddPoint(points[0x01], points[0x08]); // 1,2 (p+2g) + points[0x0a] = _jAddPoint(points[0x02], points[0x08]); // 2,2 (2p+2g) + points[0x0b] = _jAddPoint(points[0x03], points[0x08]); // 3,2 (3p+2g) + points[0x0c] = _jAddPoint(points[0x04], points[0x08]); // 0,3 (g+2g = 3g) + points[0x0d] = _jAddPoint(points[0x01], points[0x0c]); // 1,3 (p+3g) + points[0x0e] = _jAddPoint(points[0x02], points[0x0c]); // 2,3 (2p+3g) + points[0x0f] = _jAddPoint(points[0x03], points[0x0c]); // 3,3 (3p+3g) + } + + function _jAddPoint(JPoint memory p1, JPoint memory p2) private pure returns (JPoint memory) { + (uint256 x, uint256 y, uint256 z) = _jAdd(p1, p2.x, p2.y, p2.z); + return JPoint(x, y, z); + } + + function _jDoublePoint(JPoint memory p) private pure returns (JPoint memory) { + (uint256 x, uint256 y, uint256 z) = _jDouble(p.x, p.y, p.z); + return JPoint(x, y, z); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/RSA.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/RSA.sol new file mode 100644 index 00000000..70c38fd1 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/RSA.sol @@ -0,0 +1,153 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; + +/** + * @dev RSA PKCS#1 v1.5 signature verification implementation according to https://datatracker.ietf.org/doc/html/rfc8017[RFC8017]. + * + * This library supports PKCS#1 v1.5 padding to avoid malleability via chosen plaintext attacks in practical implementations. + * The padding follows the EMSA-PKCS1-v1_5-ENCODE encoding definition as per section 9.2 of the RFC. This padding makes + * RSA semantically secure for signing messages. + * + * Inspired by https://github.com/adria0/SolRsaVerify/blob/79c6182cabb9102ea69d4a2e996816091d5f1cd1[AdriΓ  Massanet's work] (GNU General Public License v3.0). + * + * _Available since v5.1._ + */ +library RSA { + /** + * @dev Same as {pkcs1Sha256} but using SHA256 to calculate the digest of `data`. + */ + function pkcs1Sha256( + bytes memory data, + bytes memory s, + bytes memory e, + bytes memory n + ) internal view returns (bool) { + return pkcs1Sha256(sha256(data), s, e, n); + } + + /** + * @dev Verifies a PKCSv1.5 signature given a digest according to the verification + * method described in https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2[section 8.2.2 of RFC8017] with + * support for explicit or implicit NULL parameters in the DigestInfo (no other optional parameters are supported). + * + * IMPORTANT: For security reason, this function requires the signature and modulus to have a length of at least + * 2048 bits. If you use a smaller key, consider replacing it with a larger, more secure, one. + * + * WARNING: This verification algorithm doesn't prevent replayability. If called multiple times with the same + * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce + * or unique identifier in the message to prevent replay attacks. + * + * WARNING: This verification algorithm supports any exponent. NIST recommends using `65537` (or higher). + * That is the default value many libraries use, such as OpenSSL. Developers may choose to reject public keys + * using a low exponent out of security concerns. + * + * @param digest the digest to verify + * @param s is a buffer containing the signature + * @param e is the exponent of the public key + * @param n is the modulus of the public key + */ + function pkcs1Sha256(bytes32 digest, bytes memory s, bytes memory e, bytes memory n) internal view returns (bool) { + unchecked { + // cache and check length + uint256 length = n.length; + if ( + length < 0x100 || // Enforce 2048 bits minimum + length != s.length // signature must have the same length as the finite field + ) { + return false; + } + + // Verify that s < n to ensure there's only one valid signature for a given message + for (uint256 i = 0; i < length; i += 0x20) { + uint256 p = Math.min(i, length - 0x20); + bytes32 sp = _unsafeReadBytes32(s, p); + bytes32 np = _unsafeReadBytes32(n, p); + if (sp < np) { + // s < n in the upper bits (everything before is equal) β†’ s < n globally: ok + break; + } else if (sp > np || p == length - 0x20) { + // s > n in the upper bits (everything before is equal) β†’ s > n globally: fail + // or + // s = n and we are looking at the lower bits β†’ s = n globally: fail + return false; + } + } + + // RSAVP1 https://datatracker.ietf.org/doc/html/rfc8017#section-5.2.2 + // The previous check guarantees that n > 0. Therefore modExp cannot revert. + bytes memory buffer = Math.modExp(s, e, n); + + // Check that buffer is well encoded: + // buffer ::= 0x00 | 0x01 | PS | 0x00 | DigestInfo + // + // With + // - PS is padding filled with 0xFF + // - DigestInfo ::= SEQUENCE { + // digestAlgorithm AlgorithmIdentifier, + // [optional algorithm parameters] -- not currently supported + // digest OCTET STRING + // } + + // Get AlgorithmIdentifier from the DigestInfo, and set the config accordingly + // - params: includes 00 + first part of DigestInfo + // - mask: filter to check the params + // - offset: length of the suffix (including digest) + bytes32 params; // 0x00 | DigestInfo + bytes32 mask; + uint256 offset; + + // Digest is expected at the end of the buffer. Therefore if NULL param is present, + // it should be at 32 (digest) + 2 bytes from the end. To those 34 bytes, we add the + // OID (9 bytes) and its length (2 bytes) to get the position of the DigestInfo sequence, + // which is expected to have a length of 0x31 when the NULL param is present or 0x2f if not. + if (bytes1(_unsafeReadBytes32(buffer, length - 0x32)) == 0x31) { + offset = 0x34; + // 00 (1 byte) | SEQUENCE length (0x31) = 3031 (2 bytes) | SEQUENCE length (0x0d) = 300d (2 bytes) | OBJECT_IDENTIFIER length (0x09) = 0609 (2 bytes) + // SHA256 OID = 608648016503040201 (9 bytes) | NULL = 0500 (2 bytes) (explicit) | OCTET_STRING length (0x20) = 0420 (2 bytes) + params = 0x003031300d060960864801650304020105000420000000000000000000000000; + mask = 0xffffffffffffffffffffffffffffffffffffffff000000000000000000000000; // (20 bytes) + } else if (bytes1(_unsafeReadBytes32(buffer, length - 0x30)) == 0x2F) { + offset = 0x32; + // 00 (1 byte) | SEQUENCE length (0x2f) = 302f (2 bytes) | SEQUENCE length (0x0b) = 300b (2 bytes) | OBJECT_IDENTIFIER length (0x09) = 0609 (2 bytes) + // SHA256 OID = 608648016503040201 (9 bytes) | NULL = | OCTET_STRING length (0x20) = 0420 (2 bytes) + params = 0x00302f300b060960864801650304020104200000000000000000000000000000; + mask = 0xffffffffffffffffffffffffffffffffffff0000000000000000000000000000; // (18 bytes) + } else { + // unknown + return false; + } + + // Length is at least 0x100 and offset is at most 0x34, so this is safe. There is always some padding. + uint256 paddingEnd = length - offset; + + // The padding has variable (arbitrary) length, so we check it byte per byte in a loop. + // This is required to ensure non-malleability. Not checking would allow an attacker to + // use the padding to manipulate the message in order to create a valid signature out of + // multiple valid signatures. + for (uint256 i = 2; i < paddingEnd; ++i) { + if (bytes1(_unsafeReadBytes32(buffer, i)) != 0xFF) { + return false; + } + } + + // All the other parameters are small enough to fit in a bytes32, so we can check them directly. + return + bytes2(0x0001) == bytes2(_unsafeReadBytes32(buffer, 0x00)) && // 00 | 01 + // PS was checked in the loop + params == _unsafeReadBytes32(buffer, paddingEnd) & mask && // DigestInfo + // Optional parameters are not checked + digest == _unsafeReadBytes32(buffer, length - 0x20); // Digest + } + } + + /// @dev Reads a bytes32 from a bytes array without bounds checking. + function _unsafeReadBytes32(bytes memory array, uint256 offset) private pure returns (bytes32 result) { + // Memory safeness is guaranteed as long as the provided `array` is a Solidity-allocated bytes array + // and `offset` is within bounds. This is the case for all calls to this private function from {pkcs1Sha256}. + assembly ("memory-safe") { + result := mload(add(add(array, 0x20), offset)) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol b/dependencies/@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol new file mode 100644 index 00000000..9aaa2e07 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/SignatureChecker.sol) + +pragma solidity ^0.8.20; + +import {ECDSA} from "./ECDSA.sol"; +import {IERC1271} from "../../interfaces/IERC1271.sol"; + +/** + * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA + * signatures from externally owned accounts (EOAs) as well as ERC-1271 signatures from smart contract wallets like + * Argent and Safe Wallet (previously Gnosis Safe). + */ +library SignatureChecker { + /** + * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the + * signature is validated against that smart contract using ERC-1271, otherwise it's validated using `ECDSA.recover`. + * + * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus + * change through time. It could return true at block N and false at block N+1 (or the opposite). + */ + function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) { + if (signer.code.length == 0) { + (address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature); + return err == ECDSA.RecoverError.NoError && recovered == signer; + } else { + return isValidERC1271SignatureNow(signer, hash, signature); + } + } + + /** + * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated + * against the signer smart contract using ERC-1271. + * + * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus + * change through time. It could return true at block N and false at block N+1 (or the opposite). + */ + function isValidERC1271SignatureNow( + address signer, + bytes32 hash, + bytes memory signature + ) internal view returns (bool) { + (bool success, bytes memory result) = signer.staticcall( + abi.encodeCall(IERC1271.isValidSignature, (hash, signature)) + ); + return (success && + result.length >= 32 && + abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector)); + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/introspection/ERC165.sol b/dependencies/@openzeppelin/contracts/utils/introspection/ERC165.sol new file mode 100644 index 00000000..664b39fc --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/introspection/ERC165.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "./IERC165.sol"; + +/** + * @dev Implementation of the {IERC165} interface. + * + * Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check + * for the additional interface id that will be supported. For example: + * + * ```solidity + * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + * return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId); + * } + * ``` + */ +abstract contract ERC165 is IERC165 { + /** + * @dev See {IERC165-supportsInterface}. + */ + function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) { + return interfaceId == type(IERC165).interfaceId; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/introspection/ERC165Checker.sol b/dependencies/@openzeppelin/contracts/utils/introspection/ERC165Checker.sol new file mode 100644 index 00000000..a0ac72c2 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/introspection/ERC165Checker.sol @@ -0,0 +1,124 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165Checker.sol) + +pragma solidity ^0.8.20; + +import {IERC165} from "./IERC165.sol"; + +/** + * @dev Library used to query support of an interface declared via {IERC165}. + * + * Note that these functions return the actual result of the query: they do not + * `revert` if an interface is not supported. It is up to the caller to decide + * what to do in these cases. + */ +library ERC165Checker { + // As per the ERC-165 spec, no interface should ever match 0xffffffff + bytes4 private constant INTERFACE_ID_INVALID = 0xffffffff; + + /** + * @dev Returns true if `account` supports the {IERC165} interface. + */ + function supportsERC165(address account) internal view returns (bool) { + // Any contract that implements ERC-165 must explicitly indicate support of + // InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid + return + supportsERC165InterfaceUnchecked(account, type(IERC165).interfaceId) && + !supportsERC165InterfaceUnchecked(account, INTERFACE_ID_INVALID); + } + + /** + * @dev Returns true if `account` supports the interface defined by + * `interfaceId`. Support for {IERC165} itself is queried automatically. + * + * See {IERC165-supportsInterface}. + */ + function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) { + // query support of both ERC-165 as per the spec and support of _interfaceId + return supportsERC165(account) && supportsERC165InterfaceUnchecked(account, interfaceId); + } + + /** + * @dev Returns a boolean array where each value corresponds to the + * interfaces passed in and whether they're supported or not. This allows + * you to batch check interfaces for a contract where your expectation + * is that some interfaces may not be supported. + * + * See {IERC165-supportsInterface}. + */ + function getSupportedInterfaces( + address account, + bytes4[] memory interfaceIds + ) internal view returns (bool[] memory) { + // an array of booleans corresponding to interfaceIds and whether they're supported or not + bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length); + + // query support of ERC-165 itself + if (supportsERC165(account)) { + // query support of each interface in interfaceIds + for (uint256 i = 0; i < interfaceIds.length; i++) { + interfaceIdsSupported[i] = supportsERC165InterfaceUnchecked(account, interfaceIds[i]); + } + } + + return interfaceIdsSupported; + } + + /** + * @dev Returns true if `account` supports all the interfaces defined in + * `interfaceIds`. Support for {IERC165} itself is queried automatically. + * + * Batch-querying can lead to gas savings by skipping repeated checks for + * {IERC165} support. + * + * See {IERC165-supportsInterface}. + */ + function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) { + // query support of ERC-165 itself + if (!supportsERC165(account)) { + return false; + } + + // query support of each interface in interfaceIds + for (uint256 i = 0; i < interfaceIds.length; i++) { + if (!supportsERC165InterfaceUnchecked(account, interfaceIds[i])) { + return false; + } + } + + // all interfaces supported + return true; + } + + /** + * @notice Query if a contract implements an interface, does not check ERC-165 support + * @param account The address of the contract to query for support of an interface + * @param interfaceId The interface identifier, as specified in ERC-165 + * @return true if the contract at account indicates support of the interface with + * identifier interfaceId, false otherwise + * @dev Assumes that account contains a contract that supports ERC-165, otherwise + * the behavior of this method is undefined. This precondition can be checked + * with {supportsERC165}. + * + * Some precompiled contracts will falsely indicate support for a given interface, so caution + * should be exercised when using this function. + * + * Interface identification is specified in ERC-165. + */ + function supportsERC165InterfaceUnchecked(address account, bytes4 interfaceId) internal view returns (bool) { + // prepare call + bytes memory encodedParams = abi.encodeCall(IERC165.supportsInterface, (interfaceId)); + + // perform static call + bool success; + uint256 returnSize; + uint256 returnValue; + assembly ("memory-safe") { + success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20) + returnSize := returndatasize() + returnValue := mload(0x00) + } + + return success && returnSize >= 0x20 && returnValue > 0; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/introspection/IERC165.sol b/dependencies/@openzeppelin/contracts/utils/introspection/IERC165.sol new file mode 100644 index 00000000..bfbdf5dd --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/introspection/IERC165.sol @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol) + +pragma solidity ^0.8.20; + +/** + * @dev Interface of the ERC-165 standard, as defined in the + * https://eips.ethereum.org/EIPS/eip-165[ERC]. + * + * Implementers can declare support of contract interfaces, which can then be + * queried by others ({ERC165Checker}). + * + * For an implementation, see {ERC165}. + */ +interface IERC165 { + /** + * @dev Returns true if this contract implements the interface defined by + * `interfaceId`. See the corresponding + * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section] + * to learn more about how these ids are created. + * + * This function call must use less than 30 000 gas. + */ + function supportsInterface(bytes4 interfaceId) external view returns (bool); +} diff --git a/dependencies/@openzeppelin/contracts/utils/math/Math.sol b/dependencies/@openzeppelin/contracts/utils/math/Math.sol new file mode 100644 index 00000000..9e277f3f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/math/Math.sol @@ -0,0 +1,685 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol) + +pragma solidity ^0.8.20; + +import {Panic} from "../Panic.sol"; +import {SafeCast} from "./SafeCast.sol"; + +/** + * @dev Standard math utilities missing in the Solidity language. + */ +library Math { + enum Rounding { + Floor, // Toward negative infinity + Ceil, // Toward positive infinity + Trunc, // Toward zero + Expand // Away from zero + } + + /** + * @dev Returns the addition of two unsigned integers, with an success flag (no overflow). + */ + function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) { + unchecked { + uint256 c = a + b; + if (c < a) return (false, 0); + return (true, c); + } + } + + /** + * @dev Returns the subtraction of two unsigned integers, with an success flag (no overflow). + */ + function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) { + unchecked { + if (b > a) return (false, 0); + return (true, a - b); + } + } + + /** + * @dev Returns the multiplication of two unsigned integers, with an success flag (no overflow). + */ + function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) { + unchecked { + // Gas optimization: this is cheaper than requiring 'a' not being zero, but the + // benefit is lost if 'b' is also tested. + // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522 + if (a == 0) return (true, 0); + uint256 c = a * b; + if (c / a != b) return (false, 0); + return (true, c); + } + } + + /** + * @dev Returns the division of two unsigned integers, with a success flag (no division by zero). + */ + function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) { + unchecked { + if (b == 0) return (false, 0); + return (true, a / b); + } + } + + /** + * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero). + */ + function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) { + unchecked { + if (b == 0) return (false, 0); + return (true, a % b); + } + } + + /** + * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant. + * + * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone. + * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute + * one branch when needed, making this function more expensive. + */ + function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) { + unchecked { + // branchless ternary works because: + // b ^ (a ^ b) == a + // b ^ 0 == b + return b ^ ((a ^ b) * SafeCast.toUint(condition)); + } + } + + /** + * @dev Returns the largest of two numbers. + */ + function max(uint256 a, uint256 b) internal pure returns (uint256) { + return ternary(a > b, a, b); + } + + /** + * @dev Returns the smallest of two numbers. + */ + function min(uint256 a, uint256 b) internal pure returns (uint256) { + return ternary(a < b, a, b); + } + + /** + * @dev Returns the average of two numbers. The result is rounded towards + * zero. + */ + function average(uint256 a, uint256 b) internal pure returns (uint256) { + // (a + b) / 2 can overflow. + return (a & b) + (a ^ b) / 2; + } + + /** + * @dev Returns the ceiling of the division of two numbers. + * + * This differs from standard division with `/` in that it rounds towards infinity instead + * of rounding towards zero. + */ + function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { + if (b == 0) { + // Guarantee the same behavior as in a regular Solidity division. + Panic.panic(Panic.DIVISION_BY_ZERO); + } + + // The following calculation ensures accurate ceiling division without overflow. + // Since a is non-zero, (a - 1) / b will not overflow. + // The largest possible result occurs when (a - 1) / b is type(uint256).max, + // but the largest value we can obtain is type(uint256).max - 1, which happens + // when a = type(uint256).max and b = 1. + unchecked { + return SafeCast.toUint(a > 0) * ((a - 1) / b + 1); + } + } + + /** + * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or + * denominator == 0. + * + * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by + * Uniswap Labs also under MIT license. + */ + function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) { + unchecked { + // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2²⁡⁢ and mod 2²⁡⁢ - 1, then use + // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 + // variables such that product = prod1 * 2²⁡⁢ + prod0. + uint256 prod0 = x * y; // Least significant 256 bits of the product + uint256 prod1; // Most significant 256 bits of the product + assembly { + let mm := mulmod(x, y, not(0)) + prod1 := sub(sub(mm, prod0), lt(mm, prod0)) + } + + // Handle non-overflow cases, 256 by 256 division. + if (prod1 == 0) { + // Solidity will revert if denominator == 0, unlike the div opcode on its own. + // The surrounding unchecked block does not change this fact. + // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic. + return prod0 / denominator; + } + + // Make sure the result is less than 2²⁡⁢. Also prevents denominator == 0. + if (denominator <= prod1) { + Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW)); + } + + /////////////////////////////////////////////// + // 512 by 256 division. + /////////////////////////////////////////////// + + // Make division exact by subtracting the remainder from [prod1 prod0]. + uint256 remainder; + assembly { + // Compute remainder using mulmod. + remainder := mulmod(x, y, denominator) + + // Subtract 256 bit number from 512 bit number. + prod1 := sub(prod1, gt(remainder, prod0)) + prod0 := sub(prod0, remainder) + } + + // Factor powers of two out of denominator and compute largest power of two divisor of denominator. + // Always >= 1. See https://cs.stackexchange.com/q/138556/92363. + + uint256 twos = denominator & (0 - denominator); + assembly { + // Divide denominator by twos. + denominator := div(denominator, twos) + + // Divide [prod1 prod0] by twos. + prod0 := div(prod0, twos) + + // Flip twos such that it is 2²⁡⁢ / twos. If twos is zero, then it becomes one. + twos := add(div(sub(0, twos), twos), 1) + } + + // Shift in bits from prod1 into prod0. + prod0 |= prod1 * twos; + + // Invert denominator mod 2²⁡⁢. Now that denominator is an odd number, it has an inverse modulo 2²⁡⁢ such + // that denominator * inv ≑ 1 mod 2²⁡⁢. Compute the inverse by starting with a seed that is correct for + // four bits. That is, denominator * inv ≑ 1 mod 2⁴. + uint256 inverse = (3 * denominator) ^ 2; + + // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also + // works in modular arithmetic, doubling the correct bits in each step. + inverse *= 2 - denominator * inverse; // inverse mod 2⁸ + inverse *= 2 - denominator * inverse; // inverse mod 2¹⁢ + inverse *= 2 - denominator * inverse; // inverse mod 2Β³Β² + inverse *= 2 - denominator * inverse; // inverse mod 2⁢⁴ + inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸ + inverse *= 2 - denominator * inverse; // inverse mod 2²⁡⁢ + + // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. + // This will give us the correct result modulo 2²⁡⁢. Since the preconditions guarantee that the outcome is + // less than 2²⁡⁢, this is the final result. We don't need to compute the high bits of the result and prod1 + // is no longer required. + result = prod0 * inverse; + return result; + } + } + + /** + * @dev Calculates x * y / denominator with full precision, following the selected rounding direction. + */ + function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) { + return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0); + } + + /** + * @dev Calculate the modular multiplicative inverse of a number in Z/nZ. + * + * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0. + * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible. + * + * If the input value is not inversible, 0 is returned. + * + * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the + * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}. + */ + function invMod(uint256 a, uint256 n) internal pure returns (uint256) { + unchecked { + if (n == 0) return 0; + + // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version) + // Used to compute integers x and y such that: ax + ny = gcd(a, n). + // When the gcd is 1, then the inverse of a modulo n exists and it's x. + // ax + ny = 1 + // ax = 1 + (-y)n + // ax ≑ 1 (mod n) # x is the inverse of a modulo n + + // If the remainder is 0 the gcd is n right away. + uint256 remainder = a % n; + uint256 gcd = n; + + // Therefore the initial coefficients are: + // ax + ny = gcd(a, n) = n + // 0a + 1n = n + int256 x = 0; + int256 y = 1; + + while (remainder != 0) { + uint256 quotient = gcd / remainder; + + (gcd, remainder) = ( + // The old remainder is the next gcd to try. + remainder, + // Compute the next remainder. + // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd + // where gcd is at most n (capped to type(uint256).max) + gcd - remainder * quotient + ); + + (x, y) = ( + // Increment the coefficient of a. + y, + // Decrement the coefficient of n. + // Can overflow, but the result is casted to uint256 so that the + // next value of y is "wrapped around" to a value between 0 and n - 1. + x - y * int256(quotient) + ); + } + + if (gcd != 1) return 0; // No inverse exists. + return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative. + } + } + + /** + * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`. + * + * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is + * prime, then `a**(p-1) ≑ 1 mod p`. As a consequence, we have `a * a**(p-2) ≑ 1 mod p`, which means that + * `a**(p-2)` is the modular multiplicative inverse of a in Fp. + * + * NOTE: this function does NOT check that `p` is a prime greater than `2`. + */ + function invModPrime(uint256 a, uint256 p) internal view returns (uint256) { + unchecked { + return Math.modExp(a, p - 2, p); + } + } + + /** + * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m) + * + * Requirements: + * - modulus can't be zero + * - underlying staticcall to precompile must succeed + * + * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make + * sure the chain you're using it on supports the precompiled contract for modular exponentiation + * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, + * the underlying function will succeed given the lack of a revert, but the result may be incorrectly + * interpreted as 0. + */ + function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) { + (bool success, uint256 result) = tryModExp(b, e, m); + if (!success) { + Panic.panic(Panic.DIVISION_BY_ZERO); + } + return result; + } + + /** + * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m). + * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying + * to operate modulo 0 or if the underlying precompile reverted. + * + * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain + * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in + * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack + * of a revert, but the result may be incorrectly interpreted as 0. + */ + function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) { + if (m == 0) return (false, 0); + assembly ("memory-safe") { + let ptr := mload(0x40) + // | Offset | Content | Content (Hex) | + // |-----------|------------|--------------------------------------------------------------------| + // | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 | + // | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 | + // | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 | + // | 0x60:0x7f | value of b | 0x<.............................................................b> | + // | 0x80:0x9f | value of e | 0x<.............................................................e> | + // | 0xa0:0xbf | value of m | 0x<.............................................................m> | + mstore(ptr, 0x20) + mstore(add(ptr, 0x20), 0x20) + mstore(add(ptr, 0x40), 0x20) + mstore(add(ptr, 0x60), b) + mstore(add(ptr, 0x80), e) + mstore(add(ptr, 0xa0), m) + + // Given the result < m, it's guaranteed to fit in 32 bytes, + // so we can use the memory scratch space located at offset 0. + success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20) + result := mload(0x00) + } + } + + /** + * @dev Variant of {modExp} that supports inputs of arbitrary length. + */ + function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) { + (bool success, bytes memory result) = tryModExp(b, e, m); + if (!success) { + Panic.panic(Panic.DIVISION_BY_ZERO); + } + return result; + } + + /** + * @dev Variant of {tryModExp} that supports inputs of arbitrary length. + */ + function tryModExp( + bytes memory b, + bytes memory e, + bytes memory m + ) internal view returns (bool success, bytes memory result) { + if (_zeroBytes(m)) return (false, new bytes(0)); + + uint256 mLen = m.length; + + // Encode call args in result and move the free memory pointer + result = abi.encodePacked(b.length, e.length, mLen, b, e, m); + + assembly ("memory-safe") { + let dataPtr := add(result, 0x20) + // Write result on top of args to avoid allocating extra memory. + success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen) + // Overwrite the length. + // result.length > returndatasize() is guaranteed because returndatasize() == m.length + mstore(result, mLen) + // Set the memory pointer after the returned data. + mstore(0x40, add(dataPtr, mLen)) + } + } + + /** + * @dev Returns whether the provided byte array is zero. + */ + function _zeroBytes(bytes memory byteArray) private pure returns (bool) { + for (uint256 i = 0; i < byteArray.length; ++i) { + if (byteArray[i] != 0) { + return false; + } + } + return true; + } + + /** + * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded + * towards zero. + * + * This method is based on Newton's method for computing square roots; the algorithm is restricted to only + * using integer operations. + */ + function sqrt(uint256 a) internal pure returns (uint256) { + unchecked { + // Take care of easy edge cases when a == 0 or a == 1 + if (a <= 1) { + return a; + } + + // In this function, we use Newton's method to get a root of `f(x) := xΒ² - a`. It involves building a + // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between + // the current value as `Ξ΅_n = | x_n - sqrt(a) |`. + // + // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root + // of the target. (i.e. `2**(e-1) ≀ sqrt(a) < 2**e`). We know that `e ≀ 128` because `(2¹²⁸)Β² = 2²⁡⁢` is + // bigger than any uint256. + // + // By noticing that + // `2**(e-1) ≀ sqrt(a) < 2**e β†’ (2**(e-1))Β² ≀ a < (2**e)Β² β†’ 2**(2*e-2) ≀ a < 2**(2*e)` + // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar + // to the msb function. + uint256 aa = a; + uint256 xn = 1; + + if (aa >= (1 << 128)) { + aa >>= 128; + xn <<= 64; + } + if (aa >= (1 << 64)) { + aa >>= 64; + xn <<= 32; + } + if (aa >= (1 << 32)) { + aa >>= 32; + xn <<= 16; + } + if (aa >= (1 << 16)) { + aa >>= 16; + xn <<= 8; + } + if (aa >= (1 << 8)) { + aa >>= 8; + xn <<= 4; + } + if (aa >= (1 << 4)) { + aa >>= 4; + xn <<= 2; + } + if (aa >= (1 << 2)) { + xn <<= 1; + } + + // We now have x_n such that `x_n = 2**(e-1) ≀ sqrt(a) < 2**e = 2 * x_n`. This implies Ξ΅_n ≀ 2**(e-1). + // + // We can refine our estimation by noticing that the middle of that interval minimizes the error. + // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to Ξ΅_n ≀ 2**(e-2). + // This is going to be our x_0 (and Ξ΅_0) + xn = (3 * xn) >> 1; // Ξ΅_0 := | x_0 - sqrt(a) | ≀ 2**(e-2) + + // From here, Newton's method give us: + // x_{n+1} = (x_n + a / x_n) / 2 + // + // One should note that: + // x_{n+1}Β² - a = ((x_n + a / x_n) / 2)Β² - a + // = ((x_nΒ² + a) / (2 * x_n))Β² - a + // = (x_n⁴ + 2 * a * x_nΒ² + aΒ²) / (4 * x_nΒ²) - a + // = (x_n⁴ + 2 * a * x_nΒ² + aΒ² - 4 * a * x_nΒ²) / (4 * x_nΒ²) + // = (x_n⁴ - 2 * a * x_nΒ² + aΒ²) / (4 * x_nΒ²) + // = (x_nΒ² - a)Β² / (2 * x_n)Β² + // = ((x_nΒ² - a) / (2 * x_n))Β² + // β‰₯ 0 + // Which proves that for all n β‰₯ 1, sqrt(a) ≀ x_n + // + // This gives us the proof of quadratic convergence of the sequence: + // Ξ΅_{n+1} = | x_{n+1} - sqrt(a) | + // = | (x_n + a / x_n) / 2 - sqrt(a) | + // = | (x_nΒ² + a - 2*x_n*sqrt(a)) / (2 * x_n) | + // = | (x_n - sqrt(a))Β² / (2 * x_n) | + // = | Ξ΅_nΒ² / (2 * x_n) | + // = Ξ΅_nΒ² / | (2 * x_n) | + // + // For the first iteration, we have a special case where x_0 is known: + // Ξ΅_1 = Ξ΅_0Β² / | (2 * x_0) | + // ≀ (2**(e-2))Β² / (2 * (2**(e-1) + 2**(e-2))) + // ≀ 2**(2*e-4) / (3 * 2**(e-1)) + // ≀ 2**(e-3) / 3 + // ≀ 2**(e-3-log2(3)) + // ≀ 2**(e-4.5) + // + // For the following iterations, we use the fact that, 2**(e-1) ≀ sqrt(a) ≀ x_n: + // Ξ΅_{n+1} = Ξ΅_nΒ² / | (2 * x_n) | + // ≀ (2**(e-k))Β² / (2 * 2**(e-1)) + // ≀ 2**(2*e-2*k) / 2**e + // ≀ 2**(e-2*k) + xn = (xn + a / xn) >> 1; // Ξ΅_1 := | x_1 - sqrt(a) | ≀ 2**(e-4.5) -- special case, see above + xn = (xn + a / xn) >> 1; // Ξ΅_2 := | x_2 - sqrt(a) | ≀ 2**(e-9) -- general case with k = 4.5 + xn = (xn + a / xn) >> 1; // Ξ΅_3 := | x_3 - sqrt(a) | ≀ 2**(e-18) -- general case with k = 9 + xn = (xn + a / xn) >> 1; // Ξ΅_4 := | x_4 - sqrt(a) | ≀ 2**(e-36) -- general case with k = 18 + xn = (xn + a / xn) >> 1; // Ξ΅_5 := | x_5 - sqrt(a) | ≀ 2**(e-72) -- general case with k = 36 + xn = (xn + a / xn) >> 1; // Ξ΅_6 := | x_6 - sqrt(a) | ≀ 2**(e-144) -- general case with k = 72 + + // Because e ≀ 128 (as discussed during the first estimation phase), we know have reached a precision + // Ξ΅_6 ≀ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either + // sqrt(a) or sqrt(a) + 1. + return xn - SafeCast.toUint(xn > a / xn); + } + } + + /** + * @dev Calculates sqrt(a), following the selected rounding direction. + */ + function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { + unchecked { + uint256 result = sqrt(a); + return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a); + } + } + + /** + * @dev Return the log in base 2 of a positive value rounded towards zero. + * Returns 0 if given 0. + */ + function log2(uint256 value) internal pure returns (uint256) { + uint256 result = 0; + uint256 exp; + unchecked { + exp = 128 * SafeCast.toUint(value > (1 << 128) - 1); + value >>= exp; + result += exp; + + exp = 64 * SafeCast.toUint(value > (1 << 64) - 1); + value >>= exp; + result += exp; + + exp = 32 * SafeCast.toUint(value > (1 << 32) - 1); + value >>= exp; + result += exp; + + exp = 16 * SafeCast.toUint(value > (1 << 16) - 1); + value >>= exp; + result += exp; + + exp = 8 * SafeCast.toUint(value > (1 << 8) - 1); + value >>= exp; + result += exp; + + exp = 4 * SafeCast.toUint(value > (1 << 4) - 1); + value >>= exp; + result += exp; + + exp = 2 * SafeCast.toUint(value > (1 << 2) - 1); + value >>= exp; + result += exp; + + result += SafeCast.toUint(value > 1); + } + return result; + } + + /** + * @dev Return the log in base 2, following the selected rounding direction, of a positive value. + * Returns 0 if given 0. + */ + function log2(uint256 value, Rounding rounding) internal pure returns (uint256) { + unchecked { + uint256 result = log2(value); + return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value); + } + } + + /** + * @dev Return the log in base 10 of a positive value rounded towards zero. + * Returns 0 if given 0. + */ + function log10(uint256 value) internal pure returns (uint256) { + uint256 result = 0; + unchecked { + if (value >= 10 ** 64) { + value /= 10 ** 64; + result += 64; + } + if (value >= 10 ** 32) { + value /= 10 ** 32; + result += 32; + } + if (value >= 10 ** 16) { + value /= 10 ** 16; + result += 16; + } + if (value >= 10 ** 8) { + value /= 10 ** 8; + result += 8; + } + if (value >= 10 ** 4) { + value /= 10 ** 4; + result += 4; + } + if (value >= 10 ** 2) { + value /= 10 ** 2; + result += 2; + } + if (value >= 10 ** 1) { + result += 1; + } + } + return result; + } + + /** + * @dev Return the log in base 10, following the selected rounding direction, of a positive value. + * Returns 0 if given 0. + */ + function log10(uint256 value, Rounding rounding) internal pure returns (uint256) { + unchecked { + uint256 result = log10(value); + return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value); + } + } + + /** + * @dev Return the log in base 256 of a positive value rounded towards zero. + * Returns 0 if given 0. + * + * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string. + */ + function log256(uint256 value) internal pure returns (uint256) { + uint256 result = 0; + uint256 isGt; + unchecked { + isGt = SafeCast.toUint(value > (1 << 128) - 1); + value >>= isGt * 128; + result += isGt * 16; + + isGt = SafeCast.toUint(value > (1 << 64) - 1); + value >>= isGt * 64; + result += isGt * 8; + + isGt = SafeCast.toUint(value > (1 << 32) - 1); + value >>= isGt * 32; + result += isGt * 4; + + isGt = SafeCast.toUint(value > (1 << 16) - 1); + value >>= isGt * 16; + result += isGt * 2; + + result += SafeCast.toUint(value > (1 << 8) - 1); + } + return result; + } + + /** + * @dev Return the log in base 256, following the selected rounding direction, of a positive value. + * Returns 0 if given 0. + */ + function log256(uint256 value, Rounding rounding) internal pure returns (uint256) { + unchecked { + uint256 result = log256(value); + return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value); + } + } + + /** + * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers. + */ + function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) { + return uint8(rounding) % 2 == 1; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/math/SafeCast.sol b/dependencies/@openzeppelin/contracts/utils/math/SafeCast.sol new file mode 100644 index 00000000..36832006 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/math/SafeCast.sol @@ -0,0 +1,1162 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SafeCast.sol) +// This file was procedurally generated from scripts/generate/templates/SafeCast.js. + +pragma solidity ^0.8.20; + +/** + * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow + * checks. + * + * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can + * easily result in undesired exploitation or bugs, since developers usually + * assume that overflows raise errors. `SafeCast` restores this intuition by + * reverting the transaction when such an operation overflows. + * + * Using this library instead of the unchecked operations eliminates an entire + * class of bugs, so it's recommended to use it always. + */ +library SafeCast { + /** + * @dev Value doesn't fit in an uint of `bits` size. + */ + error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value); + + /** + * @dev An int value doesn't fit in an uint of `bits` size. + */ + error SafeCastOverflowedIntToUint(int256 value); + + /** + * @dev Value doesn't fit in an int of `bits` size. + */ + error SafeCastOverflowedIntDowncast(uint8 bits, int256 value); + + /** + * @dev An uint value doesn't fit in an int of `bits` size. + */ + error SafeCastOverflowedUintToInt(uint256 value); + + /** + * @dev Returns the downcasted uint248 from uint256, reverting on + * overflow (when the input is greater than largest uint248). + * + * Counterpart to Solidity's `uint248` operator. + * + * Requirements: + * + * - input must fit into 248 bits + */ + function toUint248(uint256 value) internal pure returns (uint248) { + if (value > type(uint248).max) { + revert SafeCastOverflowedUintDowncast(248, value); + } + return uint248(value); + } + + /** + * @dev Returns the downcasted uint240 from uint256, reverting on + * overflow (when the input is greater than largest uint240). + * + * Counterpart to Solidity's `uint240` operator. + * + * Requirements: + * + * - input must fit into 240 bits + */ + function toUint240(uint256 value) internal pure returns (uint240) { + if (value > type(uint240).max) { + revert SafeCastOverflowedUintDowncast(240, value); + } + return uint240(value); + } + + /** + * @dev Returns the downcasted uint232 from uint256, reverting on + * overflow (when the input is greater than largest uint232). + * + * Counterpart to Solidity's `uint232` operator. + * + * Requirements: + * + * - input must fit into 232 bits + */ + function toUint232(uint256 value) internal pure returns (uint232) { + if (value > type(uint232).max) { + revert SafeCastOverflowedUintDowncast(232, value); + } + return uint232(value); + } + + /** + * @dev Returns the downcasted uint224 from uint256, reverting on + * overflow (when the input is greater than largest uint224). + * + * Counterpart to Solidity's `uint224` operator. + * + * Requirements: + * + * - input must fit into 224 bits + */ + function toUint224(uint256 value) internal pure returns (uint224) { + if (value > type(uint224).max) { + revert SafeCastOverflowedUintDowncast(224, value); + } + return uint224(value); + } + + /** + * @dev Returns the downcasted uint216 from uint256, reverting on + * overflow (when the input is greater than largest uint216). + * + * Counterpart to Solidity's `uint216` operator. + * + * Requirements: + * + * - input must fit into 216 bits + */ + function toUint216(uint256 value) internal pure returns (uint216) { + if (value > type(uint216).max) { + revert SafeCastOverflowedUintDowncast(216, value); + } + return uint216(value); + } + + /** + * @dev Returns the downcasted uint208 from uint256, reverting on + * overflow (when the input is greater than largest uint208). + * + * Counterpart to Solidity's `uint208` operator. + * + * Requirements: + * + * - input must fit into 208 bits + */ + function toUint208(uint256 value) internal pure returns (uint208) { + if (value > type(uint208).max) { + revert SafeCastOverflowedUintDowncast(208, value); + } + return uint208(value); + } + + /** + * @dev Returns the downcasted uint200 from uint256, reverting on + * overflow (when the input is greater than largest uint200). + * + * Counterpart to Solidity's `uint200` operator. + * + * Requirements: + * + * - input must fit into 200 bits + */ + function toUint200(uint256 value) internal pure returns (uint200) { + if (value > type(uint200).max) { + revert SafeCastOverflowedUintDowncast(200, value); + } + return uint200(value); + } + + /** + * @dev Returns the downcasted uint192 from uint256, reverting on + * overflow (when the input is greater than largest uint192). + * + * Counterpart to Solidity's `uint192` operator. + * + * Requirements: + * + * - input must fit into 192 bits + */ + function toUint192(uint256 value) internal pure returns (uint192) { + if (value > type(uint192).max) { + revert SafeCastOverflowedUintDowncast(192, value); + } + return uint192(value); + } + + /** + * @dev Returns the downcasted uint184 from uint256, reverting on + * overflow (when the input is greater than largest uint184). + * + * Counterpart to Solidity's `uint184` operator. + * + * Requirements: + * + * - input must fit into 184 bits + */ + function toUint184(uint256 value) internal pure returns (uint184) { + if (value > type(uint184).max) { + revert SafeCastOverflowedUintDowncast(184, value); + } + return uint184(value); + } + + /** + * @dev Returns the downcasted uint176 from uint256, reverting on + * overflow (when the input is greater than largest uint176). + * + * Counterpart to Solidity's `uint176` operator. + * + * Requirements: + * + * - input must fit into 176 bits + */ + function toUint176(uint256 value) internal pure returns (uint176) { + if (value > type(uint176).max) { + revert SafeCastOverflowedUintDowncast(176, value); + } + return uint176(value); + } + + /** + * @dev Returns the downcasted uint168 from uint256, reverting on + * overflow (when the input is greater than largest uint168). + * + * Counterpart to Solidity's `uint168` operator. + * + * Requirements: + * + * - input must fit into 168 bits + */ + function toUint168(uint256 value) internal pure returns (uint168) { + if (value > type(uint168).max) { + revert SafeCastOverflowedUintDowncast(168, value); + } + return uint168(value); + } + + /** + * @dev Returns the downcasted uint160 from uint256, reverting on + * overflow (when the input is greater than largest uint160). + * + * Counterpart to Solidity's `uint160` operator. + * + * Requirements: + * + * - input must fit into 160 bits + */ + function toUint160(uint256 value) internal pure returns (uint160) { + if (value > type(uint160).max) { + revert SafeCastOverflowedUintDowncast(160, value); + } + return uint160(value); + } + + /** + * @dev Returns the downcasted uint152 from uint256, reverting on + * overflow (when the input is greater than largest uint152). + * + * Counterpart to Solidity's `uint152` operator. + * + * Requirements: + * + * - input must fit into 152 bits + */ + function toUint152(uint256 value) internal pure returns (uint152) { + if (value > type(uint152).max) { + revert SafeCastOverflowedUintDowncast(152, value); + } + return uint152(value); + } + + /** + * @dev Returns the downcasted uint144 from uint256, reverting on + * overflow (when the input is greater than largest uint144). + * + * Counterpart to Solidity's `uint144` operator. + * + * Requirements: + * + * - input must fit into 144 bits + */ + function toUint144(uint256 value) internal pure returns (uint144) { + if (value > type(uint144).max) { + revert SafeCastOverflowedUintDowncast(144, value); + } + return uint144(value); + } + + /** + * @dev Returns the downcasted uint136 from uint256, reverting on + * overflow (when the input is greater than largest uint136). + * + * Counterpart to Solidity's `uint136` operator. + * + * Requirements: + * + * - input must fit into 136 bits + */ + function toUint136(uint256 value) internal pure returns (uint136) { + if (value > type(uint136).max) { + revert SafeCastOverflowedUintDowncast(136, value); + } + return uint136(value); + } + + /** + * @dev Returns the downcasted uint128 from uint256, reverting on + * overflow (when the input is greater than largest uint128). + * + * Counterpart to Solidity's `uint128` operator. + * + * Requirements: + * + * - input must fit into 128 bits + */ + function toUint128(uint256 value) internal pure returns (uint128) { + if (value > type(uint128).max) { + revert SafeCastOverflowedUintDowncast(128, value); + } + return uint128(value); + } + + /** + * @dev Returns the downcasted uint120 from uint256, reverting on + * overflow (when the input is greater than largest uint120). + * + * Counterpart to Solidity's `uint120` operator. + * + * Requirements: + * + * - input must fit into 120 bits + */ + function toUint120(uint256 value) internal pure returns (uint120) { + if (value > type(uint120).max) { + revert SafeCastOverflowedUintDowncast(120, value); + } + return uint120(value); + } + + /** + * @dev Returns the downcasted uint112 from uint256, reverting on + * overflow (when the input is greater than largest uint112). + * + * Counterpart to Solidity's `uint112` operator. + * + * Requirements: + * + * - input must fit into 112 bits + */ + function toUint112(uint256 value) internal pure returns (uint112) { + if (value > type(uint112).max) { + revert SafeCastOverflowedUintDowncast(112, value); + } + return uint112(value); + } + + /** + * @dev Returns the downcasted uint104 from uint256, reverting on + * overflow (when the input is greater than largest uint104). + * + * Counterpart to Solidity's `uint104` operator. + * + * Requirements: + * + * - input must fit into 104 bits + */ + function toUint104(uint256 value) internal pure returns (uint104) { + if (value > type(uint104).max) { + revert SafeCastOverflowedUintDowncast(104, value); + } + return uint104(value); + } + + /** + * @dev Returns the downcasted uint96 from uint256, reverting on + * overflow (when the input is greater than largest uint96). + * + * Counterpart to Solidity's `uint96` operator. + * + * Requirements: + * + * - input must fit into 96 bits + */ + function toUint96(uint256 value) internal pure returns (uint96) { + if (value > type(uint96).max) { + revert SafeCastOverflowedUintDowncast(96, value); + } + return uint96(value); + } + + /** + * @dev Returns the downcasted uint88 from uint256, reverting on + * overflow (when the input is greater than largest uint88). + * + * Counterpart to Solidity's `uint88` operator. + * + * Requirements: + * + * - input must fit into 88 bits + */ + function toUint88(uint256 value) internal pure returns (uint88) { + if (value > type(uint88).max) { + revert SafeCastOverflowedUintDowncast(88, value); + } + return uint88(value); + } + + /** + * @dev Returns the downcasted uint80 from uint256, reverting on + * overflow (when the input is greater than largest uint80). + * + * Counterpart to Solidity's `uint80` operator. + * + * Requirements: + * + * - input must fit into 80 bits + */ + function toUint80(uint256 value) internal pure returns (uint80) { + if (value > type(uint80).max) { + revert SafeCastOverflowedUintDowncast(80, value); + } + return uint80(value); + } + + /** + * @dev Returns the downcasted uint72 from uint256, reverting on + * overflow (when the input is greater than largest uint72). + * + * Counterpart to Solidity's `uint72` operator. + * + * Requirements: + * + * - input must fit into 72 bits + */ + function toUint72(uint256 value) internal pure returns (uint72) { + if (value > type(uint72).max) { + revert SafeCastOverflowedUintDowncast(72, value); + } + return uint72(value); + } + + /** + * @dev Returns the downcasted uint64 from uint256, reverting on + * overflow (when the input is greater than largest uint64). + * + * Counterpart to Solidity's `uint64` operator. + * + * Requirements: + * + * - input must fit into 64 bits + */ + function toUint64(uint256 value) internal pure returns (uint64) { + if (value > type(uint64).max) { + revert SafeCastOverflowedUintDowncast(64, value); + } + return uint64(value); + } + + /** + * @dev Returns the downcasted uint56 from uint256, reverting on + * overflow (when the input is greater than largest uint56). + * + * Counterpart to Solidity's `uint56` operator. + * + * Requirements: + * + * - input must fit into 56 bits + */ + function toUint56(uint256 value) internal pure returns (uint56) { + if (value > type(uint56).max) { + revert SafeCastOverflowedUintDowncast(56, value); + } + return uint56(value); + } + + /** + * @dev Returns the downcasted uint48 from uint256, reverting on + * overflow (when the input is greater than largest uint48). + * + * Counterpart to Solidity's `uint48` operator. + * + * Requirements: + * + * - input must fit into 48 bits + */ + function toUint48(uint256 value) internal pure returns (uint48) { + if (value > type(uint48).max) { + revert SafeCastOverflowedUintDowncast(48, value); + } + return uint48(value); + } + + /** + * @dev Returns the downcasted uint40 from uint256, reverting on + * overflow (when the input is greater than largest uint40). + * + * Counterpart to Solidity's `uint40` operator. + * + * Requirements: + * + * - input must fit into 40 bits + */ + function toUint40(uint256 value) internal pure returns (uint40) { + if (value > type(uint40).max) { + revert SafeCastOverflowedUintDowncast(40, value); + } + return uint40(value); + } + + /** + * @dev Returns the downcasted uint32 from uint256, reverting on + * overflow (when the input is greater than largest uint32). + * + * Counterpart to Solidity's `uint32` operator. + * + * Requirements: + * + * - input must fit into 32 bits + */ + function toUint32(uint256 value) internal pure returns (uint32) { + if (value > type(uint32).max) { + revert SafeCastOverflowedUintDowncast(32, value); + } + return uint32(value); + } + + /** + * @dev Returns the downcasted uint24 from uint256, reverting on + * overflow (when the input is greater than largest uint24). + * + * Counterpart to Solidity's `uint24` operator. + * + * Requirements: + * + * - input must fit into 24 bits + */ + function toUint24(uint256 value) internal pure returns (uint24) { + if (value > type(uint24).max) { + revert SafeCastOverflowedUintDowncast(24, value); + } + return uint24(value); + } + + /** + * @dev Returns the downcasted uint16 from uint256, reverting on + * overflow (when the input is greater than largest uint16). + * + * Counterpart to Solidity's `uint16` operator. + * + * Requirements: + * + * - input must fit into 16 bits + */ + function toUint16(uint256 value) internal pure returns (uint16) { + if (value > type(uint16).max) { + revert SafeCastOverflowedUintDowncast(16, value); + } + return uint16(value); + } + + /** + * @dev Returns the downcasted uint8 from uint256, reverting on + * overflow (when the input is greater than largest uint8). + * + * Counterpart to Solidity's `uint8` operator. + * + * Requirements: + * + * - input must fit into 8 bits + */ + function toUint8(uint256 value) internal pure returns (uint8) { + if (value > type(uint8).max) { + revert SafeCastOverflowedUintDowncast(8, value); + } + return uint8(value); + } + + /** + * @dev Converts a signed int256 into an unsigned uint256. + * + * Requirements: + * + * - input must be greater than or equal to 0. + */ + function toUint256(int256 value) internal pure returns (uint256) { + if (value < 0) { + revert SafeCastOverflowedIntToUint(value); + } + return uint256(value); + } + + /** + * @dev Returns the downcasted int248 from int256, reverting on + * overflow (when the input is less than smallest int248 or + * greater than largest int248). + * + * Counterpart to Solidity's `int248` operator. + * + * Requirements: + * + * - input must fit into 248 bits + */ + function toInt248(int256 value) internal pure returns (int248 downcasted) { + downcasted = int248(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(248, value); + } + } + + /** + * @dev Returns the downcasted int240 from int256, reverting on + * overflow (when the input is less than smallest int240 or + * greater than largest int240). + * + * Counterpart to Solidity's `int240` operator. + * + * Requirements: + * + * - input must fit into 240 bits + */ + function toInt240(int256 value) internal pure returns (int240 downcasted) { + downcasted = int240(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(240, value); + } + } + + /** + * @dev Returns the downcasted int232 from int256, reverting on + * overflow (when the input is less than smallest int232 or + * greater than largest int232). + * + * Counterpart to Solidity's `int232` operator. + * + * Requirements: + * + * - input must fit into 232 bits + */ + function toInt232(int256 value) internal pure returns (int232 downcasted) { + downcasted = int232(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(232, value); + } + } + + /** + * @dev Returns the downcasted int224 from int256, reverting on + * overflow (when the input is less than smallest int224 or + * greater than largest int224). + * + * Counterpart to Solidity's `int224` operator. + * + * Requirements: + * + * - input must fit into 224 bits + */ + function toInt224(int256 value) internal pure returns (int224 downcasted) { + downcasted = int224(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(224, value); + } + } + + /** + * @dev Returns the downcasted int216 from int256, reverting on + * overflow (when the input is less than smallest int216 or + * greater than largest int216). + * + * Counterpart to Solidity's `int216` operator. + * + * Requirements: + * + * - input must fit into 216 bits + */ + function toInt216(int256 value) internal pure returns (int216 downcasted) { + downcasted = int216(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(216, value); + } + } + + /** + * @dev Returns the downcasted int208 from int256, reverting on + * overflow (when the input is less than smallest int208 or + * greater than largest int208). + * + * Counterpart to Solidity's `int208` operator. + * + * Requirements: + * + * - input must fit into 208 bits + */ + function toInt208(int256 value) internal pure returns (int208 downcasted) { + downcasted = int208(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(208, value); + } + } + + /** + * @dev Returns the downcasted int200 from int256, reverting on + * overflow (when the input is less than smallest int200 or + * greater than largest int200). + * + * Counterpart to Solidity's `int200` operator. + * + * Requirements: + * + * - input must fit into 200 bits + */ + function toInt200(int256 value) internal pure returns (int200 downcasted) { + downcasted = int200(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(200, value); + } + } + + /** + * @dev Returns the downcasted int192 from int256, reverting on + * overflow (when the input is less than smallest int192 or + * greater than largest int192). + * + * Counterpart to Solidity's `int192` operator. + * + * Requirements: + * + * - input must fit into 192 bits + */ + function toInt192(int256 value) internal pure returns (int192 downcasted) { + downcasted = int192(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(192, value); + } + } + + /** + * @dev Returns the downcasted int184 from int256, reverting on + * overflow (when the input is less than smallest int184 or + * greater than largest int184). + * + * Counterpart to Solidity's `int184` operator. + * + * Requirements: + * + * - input must fit into 184 bits + */ + function toInt184(int256 value) internal pure returns (int184 downcasted) { + downcasted = int184(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(184, value); + } + } + + /** + * @dev Returns the downcasted int176 from int256, reverting on + * overflow (when the input is less than smallest int176 or + * greater than largest int176). + * + * Counterpart to Solidity's `int176` operator. + * + * Requirements: + * + * - input must fit into 176 bits + */ + function toInt176(int256 value) internal pure returns (int176 downcasted) { + downcasted = int176(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(176, value); + } + } + + /** + * @dev Returns the downcasted int168 from int256, reverting on + * overflow (when the input is less than smallest int168 or + * greater than largest int168). + * + * Counterpart to Solidity's `int168` operator. + * + * Requirements: + * + * - input must fit into 168 bits + */ + function toInt168(int256 value) internal pure returns (int168 downcasted) { + downcasted = int168(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(168, value); + } + } + + /** + * @dev Returns the downcasted int160 from int256, reverting on + * overflow (when the input is less than smallest int160 or + * greater than largest int160). + * + * Counterpart to Solidity's `int160` operator. + * + * Requirements: + * + * - input must fit into 160 bits + */ + function toInt160(int256 value) internal pure returns (int160 downcasted) { + downcasted = int160(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(160, value); + } + } + + /** + * @dev Returns the downcasted int152 from int256, reverting on + * overflow (when the input is less than smallest int152 or + * greater than largest int152). + * + * Counterpart to Solidity's `int152` operator. + * + * Requirements: + * + * - input must fit into 152 bits + */ + function toInt152(int256 value) internal pure returns (int152 downcasted) { + downcasted = int152(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(152, value); + } + } + + /** + * @dev Returns the downcasted int144 from int256, reverting on + * overflow (when the input is less than smallest int144 or + * greater than largest int144). + * + * Counterpart to Solidity's `int144` operator. + * + * Requirements: + * + * - input must fit into 144 bits + */ + function toInt144(int256 value) internal pure returns (int144 downcasted) { + downcasted = int144(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(144, value); + } + } + + /** + * @dev Returns the downcasted int136 from int256, reverting on + * overflow (when the input is less than smallest int136 or + * greater than largest int136). + * + * Counterpart to Solidity's `int136` operator. + * + * Requirements: + * + * - input must fit into 136 bits + */ + function toInt136(int256 value) internal pure returns (int136 downcasted) { + downcasted = int136(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(136, value); + } + } + + /** + * @dev Returns the downcasted int128 from int256, reverting on + * overflow (when the input is less than smallest int128 or + * greater than largest int128). + * + * Counterpart to Solidity's `int128` operator. + * + * Requirements: + * + * - input must fit into 128 bits + */ + function toInt128(int256 value) internal pure returns (int128 downcasted) { + downcasted = int128(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(128, value); + } + } + + /** + * @dev Returns the downcasted int120 from int256, reverting on + * overflow (when the input is less than smallest int120 or + * greater than largest int120). + * + * Counterpart to Solidity's `int120` operator. + * + * Requirements: + * + * - input must fit into 120 bits + */ + function toInt120(int256 value) internal pure returns (int120 downcasted) { + downcasted = int120(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(120, value); + } + } + + /** + * @dev Returns the downcasted int112 from int256, reverting on + * overflow (when the input is less than smallest int112 or + * greater than largest int112). + * + * Counterpart to Solidity's `int112` operator. + * + * Requirements: + * + * - input must fit into 112 bits + */ + function toInt112(int256 value) internal pure returns (int112 downcasted) { + downcasted = int112(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(112, value); + } + } + + /** + * @dev Returns the downcasted int104 from int256, reverting on + * overflow (when the input is less than smallest int104 or + * greater than largest int104). + * + * Counterpart to Solidity's `int104` operator. + * + * Requirements: + * + * - input must fit into 104 bits + */ + function toInt104(int256 value) internal pure returns (int104 downcasted) { + downcasted = int104(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(104, value); + } + } + + /** + * @dev Returns the downcasted int96 from int256, reverting on + * overflow (when the input is less than smallest int96 or + * greater than largest int96). + * + * Counterpart to Solidity's `int96` operator. + * + * Requirements: + * + * - input must fit into 96 bits + */ + function toInt96(int256 value) internal pure returns (int96 downcasted) { + downcasted = int96(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(96, value); + } + } + + /** + * @dev Returns the downcasted int88 from int256, reverting on + * overflow (when the input is less than smallest int88 or + * greater than largest int88). + * + * Counterpart to Solidity's `int88` operator. + * + * Requirements: + * + * - input must fit into 88 bits + */ + function toInt88(int256 value) internal pure returns (int88 downcasted) { + downcasted = int88(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(88, value); + } + } + + /** + * @dev Returns the downcasted int80 from int256, reverting on + * overflow (when the input is less than smallest int80 or + * greater than largest int80). + * + * Counterpart to Solidity's `int80` operator. + * + * Requirements: + * + * - input must fit into 80 bits + */ + function toInt80(int256 value) internal pure returns (int80 downcasted) { + downcasted = int80(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(80, value); + } + } + + /** + * @dev Returns the downcasted int72 from int256, reverting on + * overflow (when the input is less than smallest int72 or + * greater than largest int72). + * + * Counterpart to Solidity's `int72` operator. + * + * Requirements: + * + * - input must fit into 72 bits + */ + function toInt72(int256 value) internal pure returns (int72 downcasted) { + downcasted = int72(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(72, value); + } + } + + /** + * @dev Returns the downcasted int64 from int256, reverting on + * overflow (when the input is less than smallest int64 or + * greater than largest int64). + * + * Counterpart to Solidity's `int64` operator. + * + * Requirements: + * + * - input must fit into 64 bits + */ + function toInt64(int256 value) internal pure returns (int64 downcasted) { + downcasted = int64(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(64, value); + } + } + + /** + * @dev Returns the downcasted int56 from int256, reverting on + * overflow (when the input is less than smallest int56 or + * greater than largest int56). + * + * Counterpart to Solidity's `int56` operator. + * + * Requirements: + * + * - input must fit into 56 bits + */ + function toInt56(int256 value) internal pure returns (int56 downcasted) { + downcasted = int56(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(56, value); + } + } + + /** + * @dev Returns the downcasted int48 from int256, reverting on + * overflow (when the input is less than smallest int48 or + * greater than largest int48). + * + * Counterpart to Solidity's `int48` operator. + * + * Requirements: + * + * - input must fit into 48 bits + */ + function toInt48(int256 value) internal pure returns (int48 downcasted) { + downcasted = int48(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(48, value); + } + } + + /** + * @dev Returns the downcasted int40 from int256, reverting on + * overflow (when the input is less than smallest int40 or + * greater than largest int40). + * + * Counterpart to Solidity's `int40` operator. + * + * Requirements: + * + * - input must fit into 40 bits + */ + function toInt40(int256 value) internal pure returns (int40 downcasted) { + downcasted = int40(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(40, value); + } + } + + /** + * @dev Returns the downcasted int32 from int256, reverting on + * overflow (when the input is less than smallest int32 or + * greater than largest int32). + * + * Counterpart to Solidity's `int32` operator. + * + * Requirements: + * + * - input must fit into 32 bits + */ + function toInt32(int256 value) internal pure returns (int32 downcasted) { + downcasted = int32(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(32, value); + } + } + + /** + * @dev Returns the downcasted int24 from int256, reverting on + * overflow (when the input is less than smallest int24 or + * greater than largest int24). + * + * Counterpart to Solidity's `int24` operator. + * + * Requirements: + * + * - input must fit into 24 bits + */ + function toInt24(int256 value) internal pure returns (int24 downcasted) { + downcasted = int24(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(24, value); + } + } + + /** + * @dev Returns the downcasted int16 from int256, reverting on + * overflow (when the input is less than smallest int16 or + * greater than largest int16). + * + * Counterpart to Solidity's `int16` operator. + * + * Requirements: + * + * - input must fit into 16 bits + */ + function toInt16(int256 value) internal pure returns (int16 downcasted) { + downcasted = int16(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(16, value); + } + } + + /** + * @dev Returns the downcasted int8 from int256, reverting on + * overflow (when the input is less than smallest int8 or + * greater than largest int8). + * + * Counterpart to Solidity's `int8` operator. + * + * Requirements: + * + * - input must fit into 8 bits + */ + function toInt8(int256 value) internal pure returns (int8 downcasted) { + downcasted = int8(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(8, value); + } + } + + /** + * @dev Converts an unsigned uint256 into a signed int256. + * + * Requirements: + * + * - input must be less than or equal to maxInt256. + */ + function toInt256(uint256 value) internal pure returns (int256) { + // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive + if (value > uint256(type(int256).max)) { + revert SafeCastOverflowedUintToInt(value); + } + return int256(value); + } + + /** + * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump. + */ + function toUint(bool b) internal pure returns (uint256 u) { + assembly ("memory-safe") { + u := iszero(iszero(b)) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/math/SignedMath.sol b/dependencies/@openzeppelin/contracts/utils/math/SignedMath.sol new file mode 100644 index 00000000..502f4ecb --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/math/SignedMath.sol @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol) + +pragma solidity ^0.8.20; + +import {SafeCast} from "./SafeCast.sol"; + +/** + * @dev Standard signed math utilities missing in the Solidity language. + */ +library SignedMath { + /** + * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant. + * + * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone. + * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute + * one branch when needed, making this function more expensive. + */ + function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) { + unchecked { + // branchless ternary works because: + // b ^ (a ^ b) == a + // b ^ 0 == b + return b ^ ((a ^ b) * int256(SafeCast.toUint(condition))); + } + } + + /** + * @dev Returns the largest of two signed numbers. + */ + function max(int256 a, int256 b) internal pure returns (int256) { + return ternary(a > b, a, b); + } + + /** + * @dev Returns the smallest of two signed numbers. + */ + function min(int256 a, int256 b) internal pure returns (int256) { + return ternary(a < b, a, b); + } + + /** + * @dev Returns the average of two signed numbers without overflow. + * The result is rounded towards zero. + */ + function average(int256 a, int256 b) internal pure returns (int256) { + // Formula from the book "Hacker's Delight" + int256 x = (a & b) + ((a ^ b) >> 1); + return x + (int256(uint256(x) >> 255) & (a ^ b)); + } + + /** + * @dev Returns the absolute unsigned value of a signed value. + */ + function abs(int256 n) internal pure returns (uint256) { + unchecked { + // Formula from the "Bit Twiddling Hacks" by Sean Eron Anderson. + // Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift, + // taking advantage of the most significant (or "sign" bit) in two's complement representation. + // This opcode adds new most significant bits set to the value of the previous most significant bit. As a result, + // the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative). + int256 mask = n >> 255; + + // A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it. + return uint256((n + mask) ^ mask); + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/BitMaps.sol b/dependencies/@openzeppelin/contracts/utils/structs/BitMaps.sol new file mode 100644 index 00000000..40cceb90 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/BitMaps.sol @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/BitMaps.sol) +pragma solidity ^0.8.20; + +/** + * @dev Library for managing uint256 to bool mapping in a compact and efficient way, provided the keys are sequential. + * Largely inspired by Uniswap's https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol[merkle-distributor]. + * + * BitMaps pack 256 booleans across each bit of a single 256-bit slot of `uint256` type. + * Hence booleans corresponding to 256 _sequential_ indices would only consume a single slot, + * unlike the regular `bool` which would consume an entire slot for a single value. + * + * This results in gas savings in two ways: + * + * - Setting a zero value to non-zero only once every 256 times + * - Accessing the same warm slot for every 256 _sequential_ indices + */ +library BitMaps { + struct BitMap { + mapping(uint256 bucket => uint256) _data; + } + + /** + * @dev Returns whether the bit at `index` is set. + */ + function get(BitMap storage bitmap, uint256 index) internal view returns (bool) { + uint256 bucket = index >> 8; + uint256 mask = 1 << (index & 0xff); + return bitmap._data[bucket] & mask != 0; + } + + /** + * @dev Sets the bit at `index` to the boolean `value`. + */ + function setTo(BitMap storage bitmap, uint256 index, bool value) internal { + if (value) { + set(bitmap, index); + } else { + unset(bitmap, index); + } + } + + /** + * @dev Sets the bit at `index`. + */ + function set(BitMap storage bitmap, uint256 index) internal { + uint256 bucket = index >> 8; + uint256 mask = 1 << (index & 0xff); + bitmap._data[bucket] |= mask; + } + + /** + * @dev Unsets the bit at `index`. + */ + function unset(BitMap storage bitmap, uint256 index) internal { + uint256 bucket = index >> 8; + uint256 mask = 1 << (index & 0xff); + bitmap._data[bucket] &= ~mask; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/Checkpoints.sol b/dependencies/@openzeppelin/contracts/utils/structs/Checkpoints.sol new file mode 100644 index 00000000..39e18a1f --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/Checkpoints.sol @@ -0,0 +1,630 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/Checkpoints.sol) +// This file was procedurally generated from scripts/generate/templates/Checkpoints.js. + +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; + +/** + * @dev This library defines the `Trace*` struct, for checkpointing values as they change at different points in + * time, and later looking up past values by block number. See {Votes} as an example. + * + * To create a history of checkpoints define a variable type `Checkpoints.Trace*` in your contract, and store a new + * checkpoint for the current transaction block using the {push} function. + */ +library Checkpoints { + /** + * @dev A value was attempted to be inserted on a past checkpoint. + */ + error CheckpointUnorderedInsertion(); + + struct Trace224 { + Checkpoint224[] _checkpoints; + } + + struct Checkpoint224 { + uint32 _key; + uint224 _value; + } + + /** + * @dev Pushes a (`key`, `value`) pair into a Trace224 so that it is stored as the checkpoint. + * + * Returns previous value and new value. + * + * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint32).max` key set will disable the + * library. + */ + function push( + Trace224 storage self, + uint32 key, + uint224 value + ) internal returns (uint224 oldValue, uint224 newValue) { + return _insert(self._checkpoints, key, value); + } + + /** + * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if + * there is none. + */ + function lowerLookup(Trace224 storage self, uint32 key) internal view returns (uint224) { + uint256 len = self._checkpoints.length; + uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len); + return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + */ + function upperLookup(Trace224 storage self, uint32 key) internal view returns (uint224) { + uint256 len = self._checkpoints.length; + uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + * + * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high + * keys). + */ + function upperLookupRecent(Trace224 storage self, uint32 key) internal view returns (uint224) { + uint256 len = self._checkpoints.length; + + uint256 low = 0; + uint256 high = len; + + if (len > 5) { + uint256 mid = len - Math.sqrt(len); + if (key < _unsafeAccess(self._checkpoints, mid)._key) { + high = mid; + } else { + low = mid + 1; + } + } + + uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); + + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. + */ + function latest(Trace224 storage self) internal view returns (uint224) { + uint256 pos = self._checkpoints.length; + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value + * in the most recent checkpoint. + */ + function latestCheckpoint(Trace224 storage self) internal view returns (bool exists, uint32 _key, uint224 _value) { + uint256 pos = self._checkpoints.length; + if (pos == 0) { + return (false, 0, 0); + } else { + Checkpoint224 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1); + return (true, ckpt._key, ckpt._value); + } + } + + /** + * @dev Returns the number of checkpoint. + */ + function length(Trace224 storage self) internal view returns (uint256) { + return self._checkpoints.length; + } + + /** + * @dev Returns checkpoint at given position. + */ + function at(Trace224 storage self, uint32 pos) internal view returns (Checkpoint224 memory) { + return self._checkpoints[pos]; + } + + /** + * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, + * or by updating the last one. + */ + function _insert( + Checkpoint224[] storage self, + uint32 key, + uint224 value + ) private returns (uint224 oldValue, uint224 newValue) { + uint256 pos = self.length; + + if (pos > 0) { + Checkpoint224 storage last = _unsafeAccess(self, pos - 1); + uint32 lastKey = last._key; + uint224 lastValue = last._value; + + // Checkpoint keys must be non-decreasing. + if (lastKey > key) { + revert CheckpointUnorderedInsertion(); + } + + // Update or push new checkpoint + if (lastKey == key) { + last._value = value; + } else { + self.push(Checkpoint224({_key: key, _value: value})); + } + return (lastValue, value); + } else { + self.push(Checkpoint224({_key: key, _value: value})); + return (0, value); + } + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _upperBinaryLookup( + Checkpoint224[] storage self, + uint32 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key > key) { + high = mid; + } else { + low = mid + 1; + } + } + return high; + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _lowerBinaryLookup( + Checkpoint224[] storage self, + uint32 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key < key) { + low = mid + 1; + } else { + high = mid; + } + } + return high; + } + + /** + * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. + */ + function _unsafeAccess( + Checkpoint224[] storage self, + uint256 pos + ) private pure returns (Checkpoint224 storage result) { + assembly { + mstore(0, self.slot) + result.slot := add(keccak256(0, 0x20), pos) + } + } + + struct Trace208 { + Checkpoint208[] _checkpoints; + } + + struct Checkpoint208 { + uint48 _key; + uint208 _value; + } + + /** + * @dev Pushes a (`key`, `value`) pair into a Trace208 so that it is stored as the checkpoint. + * + * Returns previous value and new value. + * + * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint48).max` key set will disable the + * library. + */ + function push( + Trace208 storage self, + uint48 key, + uint208 value + ) internal returns (uint208 oldValue, uint208 newValue) { + return _insert(self._checkpoints, key, value); + } + + /** + * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if + * there is none. + */ + function lowerLookup(Trace208 storage self, uint48 key) internal view returns (uint208) { + uint256 len = self._checkpoints.length; + uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len); + return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + */ + function upperLookup(Trace208 storage self, uint48 key) internal view returns (uint208) { + uint256 len = self._checkpoints.length; + uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + * + * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high + * keys). + */ + function upperLookupRecent(Trace208 storage self, uint48 key) internal view returns (uint208) { + uint256 len = self._checkpoints.length; + + uint256 low = 0; + uint256 high = len; + + if (len > 5) { + uint256 mid = len - Math.sqrt(len); + if (key < _unsafeAccess(self._checkpoints, mid)._key) { + high = mid; + } else { + low = mid + 1; + } + } + + uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); + + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. + */ + function latest(Trace208 storage self) internal view returns (uint208) { + uint256 pos = self._checkpoints.length; + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value + * in the most recent checkpoint. + */ + function latestCheckpoint(Trace208 storage self) internal view returns (bool exists, uint48 _key, uint208 _value) { + uint256 pos = self._checkpoints.length; + if (pos == 0) { + return (false, 0, 0); + } else { + Checkpoint208 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1); + return (true, ckpt._key, ckpt._value); + } + } + + /** + * @dev Returns the number of checkpoint. + */ + function length(Trace208 storage self) internal view returns (uint256) { + return self._checkpoints.length; + } + + /** + * @dev Returns checkpoint at given position. + */ + function at(Trace208 storage self, uint32 pos) internal view returns (Checkpoint208 memory) { + return self._checkpoints[pos]; + } + + /** + * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, + * or by updating the last one. + */ + function _insert( + Checkpoint208[] storage self, + uint48 key, + uint208 value + ) private returns (uint208 oldValue, uint208 newValue) { + uint256 pos = self.length; + + if (pos > 0) { + Checkpoint208 storage last = _unsafeAccess(self, pos - 1); + uint48 lastKey = last._key; + uint208 lastValue = last._value; + + // Checkpoint keys must be non-decreasing. + if (lastKey > key) { + revert CheckpointUnorderedInsertion(); + } + + // Update or push new checkpoint + if (lastKey == key) { + last._value = value; + } else { + self.push(Checkpoint208({_key: key, _value: value})); + } + return (lastValue, value); + } else { + self.push(Checkpoint208({_key: key, _value: value})); + return (0, value); + } + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _upperBinaryLookup( + Checkpoint208[] storage self, + uint48 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key > key) { + high = mid; + } else { + low = mid + 1; + } + } + return high; + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _lowerBinaryLookup( + Checkpoint208[] storage self, + uint48 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key < key) { + low = mid + 1; + } else { + high = mid; + } + } + return high; + } + + /** + * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. + */ + function _unsafeAccess( + Checkpoint208[] storage self, + uint256 pos + ) private pure returns (Checkpoint208 storage result) { + assembly { + mstore(0, self.slot) + result.slot := add(keccak256(0, 0x20), pos) + } + } + + struct Trace160 { + Checkpoint160[] _checkpoints; + } + + struct Checkpoint160 { + uint96 _key; + uint160 _value; + } + + /** + * @dev Pushes a (`key`, `value`) pair into a Trace160 so that it is stored as the checkpoint. + * + * Returns previous value and new value. + * + * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint96).max` key set will disable the + * library. + */ + function push( + Trace160 storage self, + uint96 key, + uint160 value + ) internal returns (uint160 oldValue, uint160 newValue) { + return _insert(self._checkpoints, key, value); + } + + /** + * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if + * there is none. + */ + function lowerLookup(Trace160 storage self, uint96 key) internal view returns (uint160) { + uint256 len = self._checkpoints.length; + uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len); + return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + */ + function upperLookup(Trace160 storage self, uint96 key) internal view returns (uint160) { + uint256 len = self._checkpoints.length; + uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + * + * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high + * keys). + */ + function upperLookupRecent(Trace160 storage self, uint96 key) internal view returns (uint160) { + uint256 len = self._checkpoints.length; + + uint256 low = 0; + uint256 high = len; + + if (len > 5) { + uint256 mid = len - Math.sqrt(len); + if (key < _unsafeAccess(self._checkpoints, mid)._key) { + high = mid; + } else { + low = mid + 1; + } + } + + uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); + + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. + */ + function latest(Trace160 storage self) internal view returns (uint160) { + uint256 pos = self._checkpoints.length; + return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; + } + + /** + * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value + * in the most recent checkpoint. + */ + function latestCheckpoint(Trace160 storage self) internal view returns (bool exists, uint96 _key, uint160 _value) { + uint256 pos = self._checkpoints.length; + if (pos == 0) { + return (false, 0, 0); + } else { + Checkpoint160 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1); + return (true, ckpt._key, ckpt._value); + } + } + + /** + * @dev Returns the number of checkpoint. + */ + function length(Trace160 storage self) internal view returns (uint256) { + return self._checkpoints.length; + } + + /** + * @dev Returns checkpoint at given position. + */ + function at(Trace160 storage self, uint32 pos) internal view returns (Checkpoint160 memory) { + return self._checkpoints[pos]; + } + + /** + * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, + * or by updating the last one. + */ + function _insert( + Checkpoint160[] storage self, + uint96 key, + uint160 value + ) private returns (uint160 oldValue, uint160 newValue) { + uint256 pos = self.length; + + if (pos > 0) { + Checkpoint160 storage last = _unsafeAccess(self, pos - 1); + uint96 lastKey = last._key; + uint160 lastValue = last._value; + + // Checkpoint keys must be non-decreasing. + if (lastKey > key) { + revert CheckpointUnorderedInsertion(); + } + + // Update or push new checkpoint + if (lastKey == key) { + last._value = value; + } else { + self.push(Checkpoint160({_key: key, _value: value})); + } + return (lastValue, value); + } else { + self.push(Checkpoint160({_key: key, _value: value})); + return (0, value); + } + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _upperBinaryLookup( + Checkpoint160[] storage self, + uint96 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key > key) { + high = mid; + } else { + low = mid + 1; + } + } + return high; + } + + /** + * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high` + * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive + * `high`. + * + * WARNING: `high` should not be greater than the array's length. + */ + function _lowerBinaryLookup( + Checkpoint160[] storage self, + uint96 key, + uint256 low, + uint256 high + ) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid)._key < key) { + low = mid + 1; + } else { + high = mid; + } + } + return high; + } + + /** + * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. + */ + function _unsafeAccess( + Checkpoint160[] storage self, + uint256 pos + ) private pure returns (Checkpoint160 storage result) { + assembly { + mstore(0, self.slot) + result.slot := add(keccak256(0, 0x20), pos) + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/CircularBuffer.sol b/dependencies/@openzeppelin/contracts/utils/structs/CircularBuffer.sol new file mode 100644 index 00000000..cf1afbbd --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/CircularBuffer.sol @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; +import {Arrays} from "../Arrays.sol"; +import {Panic} from "../Panic.sol"; + +/** + * @dev A fixed-size buffer for keeping `bytes32` items in storage. + * + * This data structure allows for pushing elements to it, and when its length exceeds the specified fixed size, + * new items take the place of the oldest element in the buffer, keeping at most `N` elements in the + * structure. + * + * Elements can't be removed but the data structure can be cleared. See {clear}. + * + * Complexity: + * - insertion ({push}): O(1) + * - lookup ({last}): O(1) + * - inclusion ({includes}): O(N) (worst case) + * - reset ({clear}): O(1) + * + * * The struct is called `Bytes32CircularBuffer`. Other types can be cast to and from `bytes32`. This data structure + * can only be used in storage, and not in memory. + * + * Example usage: + * + * ```solidity + * contract Example { + * // Add the library methods + * using CircularBuffer for CircularBuffer.Bytes32CircularBuffer; + * + * // Declare a buffer storage variable + * CircularBuffer.Bytes32CircularBuffer private myBuffer; + * } + * ``` + * + * _Available since v5.1._ + */ +library CircularBuffer { + /** + * @dev Error emitted when trying to setup a buffer with a size of 0. + */ + error InvalidBufferSize(); + + /** + * @dev Counts the number of items that have been pushed to the buffer. The residuo modulo _data.length indicates + * where the next value should be stored. + * + * Struct members have an underscore prefix indicating that they are "private" and should not be read or written to + * directly. Use the functions provided below instead. Modifying the struct manually may violate assumptions and + * lead to unexpected behavior. + * + * In a full buffer: + * - The most recently pushed item (last) is at data[(index - 1) % data.length] + * - The oldest item (first) is at data[index % data.length] + */ + struct Bytes32CircularBuffer { + uint256 _count; + bytes32[] _data; + } + + /** + * @dev Initialize a new CircularBuffer of given size. + * + * If the CircularBuffer was already setup and used, calling that function again will reset it to a blank state. + * + * NOTE: The size of the buffer will affect the execution of {includes} function, as it has a complexity of O(N). + * Consider a large buffer size may render the function unusable. + */ + function setup(Bytes32CircularBuffer storage self, uint256 size) internal { + if (size == 0) revert InvalidBufferSize(); + clear(self); + Arrays.unsafeSetLength(self._data, size); + } + + /** + * @dev Clear all data in the buffer without resetting memory, keeping the existing size. + */ + function clear(Bytes32CircularBuffer storage self) internal { + self._count = 0; + } + + /** + * @dev Push a new value to the buffer. If the buffer is already full, the new value replaces the oldest value in + * the buffer. + */ + function push(Bytes32CircularBuffer storage self, bytes32 value) internal { + uint256 index = self._count++; + uint256 modulus = self._data.length; + Arrays.unsafeAccess(self._data, index % modulus).value = value; + } + + /** + * @dev Number of values currently in the buffer. This value is 0 for an empty buffer, and cannot exceed the size of + * the buffer. + */ + function count(Bytes32CircularBuffer storage self) internal view returns (uint256) { + return Math.min(self._count, self._data.length); + } + + /** + * @dev Length of the buffer. This is the maximum number of elements kept in the buffer. + */ + function length(Bytes32CircularBuffer storage self) internal view returns (uint256) { + return self._data.length; + } + + /** + * @dev Getter for the i-th value in the buffer, from the end. + * + * Reverts with {Panic-ARRAY_OUT_OF_BOUNDS} if trying to access an element that was not pushed, or that was + * dropped to make room for newer elements. + */ + function last(Bytes32CircularBuffer storage self, uint256 i) internal view returns (bytes32) { + uint256 index = self._count; + uint256 modulus = self._data.length; + uint256 total = Math.min(index, modulus); // count(self) + if (i >= total) { + Panic.panic(Panic.ARRAY_OUT_OF_BOUNDS); + } + return Arrays.unsafeAccess(self._data, (index - i - 1) % modulus).value; + } + + /** + * @dev Check if a given value is in the buffer. + */ + function includes(Bytes32CircularBuffer storage self, bytes32 value) internal view returns (bool) { + uint256 index = self._count; + uint256 modulus = self._data.length; + uint256 total = Math.min(index, modulus); // count(self) + for (uint256 i = 0; i < total; ++i) { + if (Arrays.unsafeAccess(self._data, (index - i - 1) % modulus).value == value) { + return true; + } + } + return false; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/DoubleEndedQueue.sol b/dependencies/@openzeppelin/contracts/utils/structs/DoubleEndedQueue.sol new file mode 100644 index 00000000..48f0d68c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/DoubleEndedQueue.sol @@ -0,0 +1,156 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/DoubleEndedQueue.sol) +pragma solidity ^0.8.20; + +import {Panic} from "../Panic.sol"; + +/** + * @dev A sequence of items with the ability to efficiently push and pop items (i.e. insert and remove) on both ends of + * the sequence (called front and back). Among other access patterns, it can be used to implement efficient LIFO and + * FIFO queues. Storage use is optimized, and all operations are O(1) constant time. This includes {clear}, given that + * the existing queue contents are left in storage. + * + * The struct is called `Bytes32Deque`. Other types can be cast to and from `bytes32`. This data structure can only be + * used in storage, and not in memory. + * ```solidity + * DoubleEndedQueue.Bytes32Deque queue; + * ``` + */ +library DoubleEndedQueue { + /** + * @dev Indices are 128 bits so begin and end are packed in a single storage slot for efficient access. + * + * Struct members have an underscore prefix indicating that they are "private" and should not be read or written to + * directly. Use the functions provided below instead. Modifying the struct manually may violate assumptions and + * lead to unexpected behavior. + * + * The first item is at data[begin] and the last item is at data[end - 1]. This range can wrap around. + */ + struct Bytes32Deque { + uint128 _begin; + uint128 _end; + mapping(uint128 index => bytes32) _data; + } + + /** + * @dev Inserts an item at the end of the queue. + * + * Reverts with {Panic-RESOURCE_ERROR} if the queue is full. + */ + function pushBack(Bytes32Deque storage deque, bytes32 value) internal { + unchecked { + uint128 backIndex = deque._end; + if (backIndex + 1 == deque._begin) Panic.panic(Panic.RESOURCE_ERROR); + deque._data[backIndex] = value; + deque._end = backIndex + 1; + } + } + + /** + * @dev Removes the item at the end of the queue and returns it. + * + * Reverts with {Panic-EMPTY_ARRAY_POP} if the queue is empty. + */ + function popBack(Bytes32Deque storage deque) internal returns (bytes32 value) { + unchecked { + uint128 backIndex = deque._end; + if (backIndex == deque._begin) Panic.panic(Panic.EMPTY_ARRAY_POP); + --backIndex; + value = deque._data[backIndex]; + delete deque._data[backIndex]; + deque._end = backIndex; + } + } + + /** + * @dev Inserts an item at the beginning of the queue. + * + * Reverts with {Panic-RESOURCE_ERROR} if the queue is full. + */ + function pushFront(Bytes32Deque storage deque, bytes32 value) internal { + unchecked { + uint128 frontIndex = deque._begin - 1; + if (frontIndex == deque._end) Panic.panic(Panic.RESOURCE_ERROR); + deque._data[frontIndex] = value; + deque._begin = frontIndex; + } + } + + /** + * @dev Removes the item at the beginning of the queue and returns it. + * + * Reverts with {Panic-EMPTY_ARRAY_POP} if the queue is empty. + */ + function popFront(Bytes32Deque storage deque) internal returns (bytes32 value) { + unchecked { + uint128 frontIndex = deque._begin; + if (frontIndex == deque._end) Panic.panic(Panic.EMPTY_ARRAY_POP); + value = deque._data[frontIndex]; + delete deque._data[frontIndex]; + deque._begin = frontIndex + 1; + } + } + + /** + * @dev Returns the item at the beginning of the queue. + * + * Reverts with {Panic-ARRAY_OUT_OF_BOUNDS} if the queue is empty. + */ + function front(Bytes32Deque storage deque) internal view returns (bytes32 value) { + if (empty(deque)) Panic.panic(Panic.ARRAY_OUT_OF_BOUNDS); + return deque._data[deque._begin]; + } + + /** + * @dev Returns the item at the end of the queue. + * + * Reverts with {Panic-ARRAY_OUT_OF_BOUNDS} if the queue is empty. + */ + function back(Bytes32Deque storage deque) internal view returns (bytes32 value) { + if (empty(deque)) Panic.panic(Panic.ARRAY_OUT_OF_BOUNDS); + unchecked { + return deque._data[deque._end - 1]; + } + } + + /** + * @dev Return the item at a position in the queue given by `index`, with the first item at 0 and last item at + * `length(deque) - 1`. + * + * Reverts with {Panic-ARRAY_OUT_OF_BOUNDS} if the index is out of bounds. + */ + function at(Bytes32Deque storage deque, uint256 index) internal view returns (bytes32 value) { + if (index >= length(deque)) Panic.panic(Panic.ARRAY_OUT_OF_BOUNDS); + // By construction, length is a uint128, so the check above ensures that index can be safely downcast to uint128 + unchecked { + return deque._data[deque._begin + uint128(index)]; + } + } + + /** + * @dev Resets the queue back to being empty. + * + * NOTE: The current items are left behind in storage. This does not affect the functioning of the queue, but misses + * out on potential gas refunds. + */ + function clear(Bytes32Deque storage deque) internal { + deque._begin = 0; + deque._end = 0; + } + + /** + * @dev Returns the number of items in the queue. + */ + function length(Bytes32Deque storage deque) internal view returns (uint256) { + unchecked { + return uint256(deque._end - deque._begin); + } + } + + /** + * @dev Returns true if the queue is empty. + */ + function empty(Bytes32Deque storage deque) internal view returns (bool) { + return deque._end == deque._begin; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/EnumerableMap.sol b/dependencies/@openzeppelin/contracts/utils/structs/EnumerableMap.sol new file mode 100644 index 00000000..d86e57f6 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/EnumerableMap.sol @@ -0,0 +1,905 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/EnumerableMap.sol) +// This file was procedurally generated from scripts/generate/templates/EnumerableMap.js. + +pragma solidity ^0.8.20; + +import {EnumerableSet} from "./EnumerableSet.sol"; + +/** + * @dev Library for managing an enumerable variant of Solidity's + * https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`] + * type. + * + * Maps have the following properties: + * + * - Entries are added, removed, and checked for existence in constant time + * (O(1)). + * - Entries are enumerated in O(n). No guarantees are made on the ordering. + * + * ```solidity + * contract Example { + * // Add the library methods + * using EnumerableMap for EnumerableMap.UintToAddressMap; + * + * // Declare a set state variable + * EnumerableMap.UintToAddressMap private myMap; + * } + * ``` + * + * The following map types are supported: + * + * - `uint256 -> address` (`UintToAddressMap`) since v3.0.0 + * - `address -> uint256` (`AddressToUintMap`) since v4.6.0 + * - `bytes32 -> bytes32` (`Bytes32ToBytes32Map`) since v4.6.0 + * - `uint256 -> uint256` (`UintToUintMap`) since v4.7.0 + * - `bytes32 -> uint256` (`Bytes32ToUintMap`) since v4.7.0 + * - `uint256 -> bytes32` (`UintToBytes32Map`) since v5.1.0 + * - `address -> address` (`AddressToAddressMap`) since v5.1.0 + * - `address -> bytes32` (`AddressToBytes32Map`) since v5.1.0 + * - `bytes32 -> address` (`Bytes32ToAddressMap`) since v5.1.0 + * + * [WARNING] + * ==== + * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure + * unusable. + * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. + * + * In order to clean an EnumerableMap, you can either remove all elements one by one or create a fresh instance using an + * array of EnumerableMap. + * ==== + */ +library EnumerableMap { + using EnumerableSet for EnumerableSet.Bytes32Set; + + // To implement this library for multiple types with as little code repetition as possible, we write it in + // terms of a generic Map type with bytes32 keys and values. The Map implementation uses private functions, + // and user-facing implementations such as `UintToAddressMap` are just wrappers around the underlying Map. + // This means that we can only create new EnumerableMaps for types that fit in bytes32. + + /** + * @dev Query for a nonexistent map key. + */ + error EnumerableMapNonexistentKey(bytes32 key); + + struct Bytes32ToBytes32Map { + // Storage of keys + EnumerableSet.Bytes32Set _keys; + mapping(bytes32 key => bytes32) _values; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(Bytes32ToBytes32Map storage map, bytes32 key, bytes32 value) internal returns (bool) { + map._values[key] = value; + return map._keys.add(key); + } + + /** + * @dev Removes a key-value pair from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(Bytes32ToBytes32Map storage map, bytes32 key) internal returns (bool) { + delete map._values[key]; + return map._keys.remove(key); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool) { + return map._keys.contains(key); + } + + /** + * @dev Returns the number of key-value pairs in the map. O(1). + */ + function length(Bytes32ToBytes32Map storage map) internal view returns (uint256) { + return map._keys.length(); + } + + /** + * @dev Returns the key-value pair stored at position `index` in the map. O(1). + * + * Note that there are no guarantees on the ordering of entries inside the + * array, and it may change when more entries are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(Bytes32ToBytes32Map storage map, uint256 index) internal view returns (bytes32 key, bytes32 value) { + bytes32 atKey = map._keys.at(index); + return (atKey, map._values[atKey]); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool exists, bytes32 value) { + bytes32 val = map._values[key]; + if (val == bytes32(0)) { + return (contains(map, key), bytes32(0)); + } else { + return (true, val); + } + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bytes32) { + bytes32 value = map._values[key]; + if (value == 0 && !contains(map, key)) { + revert EnumerableMapNonexistentKey(key); + } + return value; + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(Bytes32ToBytes32Map storage map) internal view returns (bytes32[] memory) { + return map._keys.values(); + } + + // UintToUintMap + + struct UintToUintMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(UintToUintMap storage map, uint256 key, uint256 value) internal returns (bool) { + return set(map._inner, bytes32(key), bytes32(value)); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(UintToUintMap storage map, uint256 key) internal returns (bool) { + return remove(map._inner, bytes32(key)); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(UintToUintMap storage map, uint256 key) internal view returns (bool) { + return contains(map._inner, bytes32(key)); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(UintToUintMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(UintToUintMap storage map, uint256 index) internal view returns (uint256 key, uint256 value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (uint256(atKey), uint256(val)); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(UintToUintMap storage map, uint256 key) internal view returns (bool exists, uint256 value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(key)); + return (success, uint256(val)); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(UintToUintMap storage map, uint256 key) internal view returns (uint256) { + return uint256(get(map._inner, bytes32(key))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(UintToUintMap storage map) internal view returns (uint256[] memory) { + bytes32[] memory store = keys(map._inner); + uint256[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // UintToAddressMap + + struct UintToAddressMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(UintToAddressMap storage map, uint256 key, address value) internal returns (bool) { + return set(map._inner, bytes32(key), bytes32(uint256(uint160(value)))); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(UintToAddressMap storage map, uint256 key) internal returns (bool) { + return remove(map._inner, bytes32(key)); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(UintToAddressMap storage map, uint256 key) internal view returns (bool) { + return contains(map._inner, bytes32(key)); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(UintToAddressMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(UintToAddressMap storage map, uint256 index) internal view returns (uint256 key, address value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (uint256(atKey), address(uint160(uint256(val)))); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(UintToAddressMap storage map, uint256 key) internal view returns (bool exists, address value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(key)); + return (success, address(uint160(uint256(val)))); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(UintToAddressMap storage map, uint256 key) internal view returns (address) { + return address(uint160(uint256(get(map._inner, bytes32(key))))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(UintToAddressMap storage map) internal view returns (uint256[] memory) { + bytes32[] memory store = keys(map._inner); + uint256[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // UintToBytes32Map + + struct UintToBytes32Map { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(UintToBytes32Map storage map, uint256 key, bytes32 value) internal returns (bool) { + return set(map._inner, bytes32(key), value); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(UintToBytes32Map storage map, uint256 key) internal returns (bool) { + return remove(map._inner, bytes32(key)); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(UintToBytes32Map storage map, uint256 key) internal view returns (bool) { + return contains(map._inner, bytes32(key)); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(UintToBytes32Map storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(UintToBytes32Map storage map, uint256 index) internal view returns (uint256 key, bytes32 value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (uint256(atKey), val); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(UintToBytes32Map storage map, uint256 key) internal view returns (bool exists, bytes32 value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(key)); + return (success, val); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(UintToBytes32Map storage map, uint256 key) internal view returns (bytes32) { + return get(map._inner, bytes32(key)); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(UintToBytes32Map storage map) internal view returns (uint256[] memory) { + bytes32[] memory store = keys(map._inner); + uint256[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // AddressToUintMap + + struct AddressToUintMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(AddressToUintMap storage map, address key, uint256 value) internal returns (bool) { + return set(map._inner, bytes32(uint256(uint160(key))), bytes32(value)); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(AddressToUintMap storage map, address key) internal returns (bool) { + return remove(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(AddressToUintMap storage map, address key) internal view returns (bool) { + return contains(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(AddressToUintMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(AddressToUintMap storage map, uint256 index) internal view returns (address key, uint256 value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (address(uint160(uint256(atKey))), uint256(val)); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(AddressToUintMap storage map, address key) internal view returns (bool exists, uint256 value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(uint256(uint160(key)))); + return (success, uint256(val)); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(AddressToUintMap storage map, address key) internal view returns (uint256) { + return uint256(get(map._inner, bytes32(uint256(uint160(key))))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(AddressToUintMap storage map) internal view returns (address[] memory) { + bytes32[] memory store = keys(map._inner); + address[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // AddressToAddressMap + + struct AddressToAddressMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(AddressToAddressMap storage map, address key, address value) internal returns (bool) { + return set(map._inner, bytes32(uint256(uint160(key))), bytes32(uint256(uint160(value)))); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(AddressToAddressMap storage map, address key) internal returns (bool) { + return remove(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(AddressToAddressMap storage map, address key) internal view returns (bool) { + return contains(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(AddressToAddressMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(AddressToAddressMap storage map, uint256 index) internal view returns (address key, address value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (address(uint160(uint256(atKey))), address(uint160(uint256(val)))); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(AddressToAddressMap storage map, address key) internal view returns (bool exists, address value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(uint256(uint160(key)))); + return (success, address(uint160(uint256(val)))); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(AddressToAddressMap storage map, address key) internal view returns (address) { + return address(uint160(uint256(get(map._inner, bytes32(uint256(uint160(key))))))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(AddressToAddressMap storage map) internal view returns (address[] memory) { + bytes32[] memory store = keys(map._inner); + address[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // AddressToBytes32Map + + struct AddressToBytes32Map { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(AddressToBytes32Map storage map, address key, bytes32 value) internal returns (bool) { + return set(map._inner, bytes32(uint256(uint160(key))), value); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(AddressToBytes32Map storage map, address key) internal returns (bool) { + return remove(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(AddressToBytes32Map storage map, address key) internal view returns (bool) { + return contains(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(AddressToBytes32Map storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(AddressToBytes32Map storage map, uint256 index) internal view returns (address key, bytes32 value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (address(uint160(uint256(atKey))), val); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(AddressToBytes32Map storage map, address key) internal view returns (bool exists, bytes32 value) { + (bool success, bytes32 val) = tryGet(map._inner, bytes32(uint256(uint160(key)))); + return (success, val); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(AddressToBytes32Map storage map, address key) internal view returns (bytes32) { + return get(map._inner, bytes32(uint256(uint160(key)))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(AddressToBytes32Map storage map) internal view returns (address[] memory) { + bytes32[] memory store = keys(map._inner); + address[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // Bytes32ToUintMap + + struct Bytes32ToUintMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(Bytes32ToUintMap storage map, bytes32 key, uint256 value) internal returns (bool) { + return set(map._inner, key, bytes32(value)); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(Bytes32ToUintMap storage map, bytes32 key) internal returns (bool) { + return remove(map._inner, key); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(Bytes32ToUintMap storage map, bytes32 key) internal view returns (bool) { + return contains(map._inner, key); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(Bytes32ToUintMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(Bytes32ToUintMap storage map, uint256 index) internal view returns (bytes32 key, uint256 value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (atKey, uint256(val)); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(Bytes32ToUintMap storage map, bytes32 key) internal view returns (bool exists, uint256 value) { + (bool success, bytes32 val) = tryGet(map._inner, key); + return (success, uint256(val)); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(Bytes32ToUintMap storage map, bytes32 key) internal view returns (uint256) { + return uint256(get(map._inner, key)); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(Bytes32ToUintMap storage map) internal view returns (bytes32[] memory) { + bytes32[] memory store = keys(map._inner); + bytes32[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // Bytes32ToAddressMap + + struct Bytes32ToAddressMap { + Bytes32ToBytes32Map _inner; + } + + /** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ + function set(Bytes32ToAddressMap storage map, bytes32 key, address value) internal returns (bool) { + return set(map._inner, key, bytes32(uint256(uint160(value)))); + } + + /** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ + function remove(Bytes32ToAddressMap storage map, bytes32 key) internal returns (bool) { + return remove(map._inner, key); + } + + /** + * @dev Returns true if the key is in the map. O(1). + */ + function contains(Bytes32ToAddressMap storage map, bytes32 key) internal view returns (bool) { + return contains(map._inner, key); + } + + /** + * @dev Returns the number of elements in the map. O(1). + */ + function length(Bytes32ToAddressMap storage map) internal view returns (uint256) { + return length(map._inner); + } + + /** + * @dev Returns the element stored at position `index` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(Bytes32ToAddressMap storage map, uint256 index) internal view returns (bytes32 key, address value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (atKey, address(uint160(uint256(val)))); + } + + /** + * @dev Tries to returns the value associated with `key`. O(1). + * Does not revert if `key` is not in the map. + */ + function tryGet(Bytes32ToAddressMap storage map, bytes32 key) internal view returns (bool exists, address value) { + (bool success, bytes32 val) = tryGet(map._inner, key); + return (success, address(uint160(uint256(val)))); + } + + /** + * @dev Returns the value associated with `key`. O(1). + * + * Requirements: + * + * - `key` must be in the map. + */ + function get(Bytes32ToAddressMap storage map, bytes32 key) internal view returns (address) { + return address(uint160(uint256(get(map._inner, key)))); + } + + /** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function keys(Bytes32ToAddressMap storage map) internal view returns (bytes32[] memory) { + bytes32[] memory store = keys(map._inner); + bytes32[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/EnumerableSet.sol b/dependencies/@openzeppelin/contracts/utils/structs/EnumerableSet.sol new file mode 100644 index 00000000..90fcfa9d --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/EnumerableSet.sol @@ -0,0 +1,375 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/EnumerableSet.sol) +// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js. + +pragma solidity ^0.8.20; + +/** + * @dev Library for managing + * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive + * types. + * + * Sets have the following properties: + * + * - Elements are added, removed, and checked for existence in constant time + * (O(1)). + * - Elements are enumerated in O(n). No guarantees are made on the ordering. + * + * ```solidity + * contract Example { + * // Add the library methods + * using EnumerableSet for EnumerableSet.AddressSet; + * + * // Declare a set state variable + * EnumerableSet.AddressSet private mySet; + * } + * ``` + * + * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`) + * and `uint256` (`UintSet`) are supported. + * + * [WARNING] + * ==== + * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure + * unusable. + * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. + * + * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an + * array of EnumerableSet. + * ==== + */ +library EnumerableSet { + // To implement this library for multiple types with as little code + // repetition as possible, we write it in terms of a generic Set type with + // bytes32 values. + // The Set implementation uses private functions, and user-facing + // implementations (such as AddressSet) are just wrappers around the + // underlying Set. + // This means that we can only create new EnumerableSets for types that fit + // in bytes32. + + struct Set { + // Storage of set values + bytes32[] _values; + // Position is the index of the value in the `values` array plus 1. + // Position 0 is used to mean a value is not in the set. + mapping(bytes32 value => uint256) _positions; + } + + /** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ + function _add(Set storage set, bytes32 value) private returns (bool) { + if (!_contains(set, value)) { + set._values.push(value); + // The value is stored at length-1, but we add 1 to all indexes + // and use 0 as a sentinel value + set._positions[value] = set._values.length; + return true; + } else { + return false; + } + } + + /** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ + function _remove(Set storage set, bytes32 value) private returns (bool) { + // We cache the value's position to prevent multiple reads from the same storage slot + uint256 position = set._positions[value]; + + if (position != 0) { + // Equivalent to contains(set, value) + // To delete an element from the _values array in O(1), we swap the element to delete with the last one in + // the array, and then remove the last element (sometimes called as 'swap and pop'). + // This modifies the order of the array, as noted in {at}. + + uint256 valueIndex = position - 1; + uint256 lastIndex = set._values.length - 1; + + if (valueIndex != lastIndex) { + bytes32 lastValue = set._values[lastIndex]; + + // Move the lastValue to the index where the value to delete is + set._values[valueIndex] = lastValue; + // Update the tracked position of the lastValue (that was just moved) + set._positions[lastValue] = position; + } + + // Delete the slot where the moved value was stored + set._values.pop(); + + // Delete the tracked position for the deleted slot + delete set._positions[value]; + + return true; + } else { + return false; + } + } + + /** + * @dev Returns true if the value is in the set. O(1). + */ + function _contains(Set storage set, bytes32 value) private view returns (bool) { + return set._positions[value] != 0; + } + + /** + * @dev Returns the number of values on the set. O(1). + */ + function _length(Set storage set) private view returns (uint256) { + return set._values.length; + } + + /** + * @dev Returns the value stored at position `index` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function _at(Set storage set, uint256 index) private view returns (bytes32) { + return set._values[index]; + } + + /** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function _values(Set storage set) private view returns (bytes32[] memory) { + return set._values; + } + + // Bytes32Set + + struct Bytes32Set { + Set _inner; + } + + /** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ + function add(Bytes32Set storage set, bytes32 value) internal returns (bool) { + return _add(set._inner, value); + } + + /** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ + function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) { + return _remove(set._inner, value); + } + + /** + * @dev Returns true if the value is in the set. O(1). + */ + function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) { + return _contains(set._inner, value); + } + + /** + * @dev Returns the number of values in the set. O(1). + */ + function length(Bytes32Set storage set) internal view returns (uint256) { + return _length(set._inner); + } + + /** + * @dev Returns the value stored at position `index` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) { + return _at(set._inner, index); + } + + /** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function values(Bytes32Set storage set) internal view returns (bytes32[] memory) { + bytes32[] memory store = _values(set._inner); + bytes32[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // AddressSet + + struct AddressSet { + Set _inner; + } + + /** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ + function add(AddressSet storage set, address value) internal returns (bool) { + return _add(set._inner, bytes32(uint256(uint160(value)))); + } + + /** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ + function remove(AddressSet storage set, address value) internal returns (bool) { + return _remove(set._inner, bytes32(uint256(uint160(value)))); + } + + /** + * @dev Returns true if the value is in the set. O(1). + */ + function contains(AddressSet storage set, address value) internal view returns (bool) { + return _contains(set._inner, bytes32(uint256(uint160(value)))); + } + + /** + * @dev Returns the number of values in the set. O(1). + */ + function length(AddressSet storage set) internal view returns (uint256) { + return _length(set._inner); + } + + /** + * @dev Returns the value stored at position `index` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(AddressSet storage set, uint256 index) internal view returns (address) { + return address(uint160(uint256(_at(set._inner, index)))); + } + + /** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function values(AddressSet storage set) internal view returns (address[] memory) { + bytes32[] memory store = _values(set._inner); + address[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } + + // UintSet + + struct UintSet { + Set _inner; + } + + /** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ + function add(UintSet storage set, uint256 value) internal returns (bool) { + return _add(set._inner, bytes32(value)); + } + + /** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ + function remove(UintSet storage set, uint256 value) internal returns (bool) { + return _remove(set._inner, bytes32(value)); + } + + /** + * @dev Returns true if the value is in the set. O(1). + */ + function contains(UintSet storage set, uint256 value) internal view returns (bool) { + return _contains(set._inner, bytes32(value)); + } + + /** + * @dev Returns the number of values in the set. O(1). + */ + function length(UintSet storage set) internal view returns (uint256) { + return _length(set._inner); + } + + /** + * @dev Returns the value stored at position `index` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - `index` must be strictly less than {length}. + */ + function at(UintSet storage set, uint256 index) internal view returns (uint256) { + return uint256(_at(set._inner, index)); + } + + /** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ + function values(UintSet storage set) internal view returns (uint256[] memory) { + bytes32[] memory store = _values(set._inner); + uint256[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/Heap.sol b/dependencies/@openzeppelin/contracts/utils/structs/Heap.sol new file mode 100644 index 00000000..d33dfbec --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/Heap.sol @@ -0,0 +1,255 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; +import {SafeCast} from "../math/SafeCast.sol"; +import {Comparators} from "../Comparators.sol"; +import {Arrays} from "../Arrays.sol"; +import {Panic} from "../Panic.sol"; +import {StorageSlot} from "../StorageSlot.sol"; + +/** + * @dev Library for managing https://en.wikipedia.org/wiki/Binary_heap[binary heap] that can be used as + * https://en.wikipedia.org/wiki/Priority_queue[priority queue]. + * + * Heaps are represented as a tree of values where the first element (index 0) is the root, and where the node at + * index i is the child of the node at index (i-1)/2 and the parent of nodes at index 2*i+1 and 2*i+2. Each node + * stores an element of the heap. + * + * The structure is ordered so that each node is bigger than its parent. An immediate consequence is that the + * highest priority value is the one at the root. This value can be looked up in constant time (O(1)) at + * `heap.tree[0]` + * + * The structure is designed to perform the following operations with the corresponding complexities: + * + * * peek (get the highest priority value): O(1) + * * insert (insert a value): O(log(n)) + * * pop (remove the highest priority value): O(log(n)) + * * replace (replace the highest priority value with a new value): O(log(n)) + * * length (get the number of elements): O(1) + * * clear (remove all elements): O(1) + * + * IMPORTANT: This library allows for the use of custom comparator functions. Given that manipulating + * memory can lead to unexpected behavior. Consider verifying that the comparator does not manipulate + * the Heap's state directly and that it follows the Solidity memory safety rules. + * + * _Available since v5.1._ + */ +library Heap { + using Arrays for *; + using Math for *; + using SafeCast for *; + + /** + * @dev Binary heap that supports values of type uint256. + * + * Each element of that structure uses one storage slot. + */ + struct Uint256Heap { + uint256[] tree; + } + + /** + * @dev Lookup the root element of the heap. + */ + function peek(Uint256Heap storage self) internal view returns (uint256) { + // self.tree[0] will `ARRAY_ACCESS_OUT_OF_BOUNDS` panic if heap is empty. + return self.tree[0]; + } + + /** + * @dev Remove (and return) the root element for the heap using the default comparator. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function pop(Uint256Heap storage self) internal returns (uint256) { + return pop(self, Comparators.lt); + } + + /** + * @dev Remove (and return) the root element for the heap using the provided comparator. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function pop( + Uint256Heap storage self, + function(uint256, uint256) view returns (bool) comp + ) internal returns (uint256) { + unchecked { + uint256 size = length(self); + if (size == 0) Panic.panic(Panic.EMPTY_ARRAY_POP); + + // cache + uint256 rootValue = self.tree.unsafeAccess(0).value; + uint256 lastValue = self.tree.unsafeAccess(size - 1).value; + + // swap last leaf with root, shrink tree and re-heapify + self.tree.pop(); + self.tree.unsafeAccess(0).value = lastValue; + _siftDown(self, size - 1, 0, lastValue, comp); + + return rootValue; + } + } + + /** + * @dev Insert a new element in the heap using the default comparator. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function insert(Uint256Heap storage self, uint256 value) internal { + insert(self, value, Comparators.lt); + } + + /** + * @dev Insert a new element in the heap using the provided comparator. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function insert( + Uint256Heap storage self, + uint256 value, + function(uint256, uint256) view returns (bool) comp + ) internal { + uint256 size = length(self); + + // push new item and re-heapify + self.tree.push(value); + _siftUp(self, size, value, comp); + } + + /** + * @dev Return the root element for the heap, and replace it with a new value, using the default comparator. + * This is equivalent to using {pop} and {insert}, but requires only one rebalancing operation. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function replace(Uint256Heap storage self, uint256 newValue) internal returns (uint256) { + return replace(self, newValue, Comparators.lt); + } + + /** + * @dev Return the root element for the heap, and replace it with a new value, using the provided comparator. + * This is equivalent to using {pop} and {insert}, but requires only one rebalancing operation. + * + * NOTE: All inserting and removal from a heap should always be done using the same comparator. Mixing comparator + * during the lifecycle of a heap will result in undefined behavior. + */ + function replace( + Uint256Heap storage self, + uint256 newValue, + function(uint256, uint256) view returns (bool) comp + ) internal returns (uint256) { + uint256 size = length(self); + if (size == 0) Panic.panic(Panic.EMPTY_ARRAY_POP); + + // cache + uint256 oldValue = self.tree.unsafeAccess(0).value; + + // replace and re-heapify + self.tree.unsafeAccess(0).value = newValue; + _siftDown(self, size, 0, newValue, comp); + + return oldValue; + } + + /** + * @dev Returns the number of elements in the heap. + */ + function length(Uint256Heap storage self) internal view returns (uint256) { + return self.tree.length; + } + + /** + * @dev Removes all elements in the heap. + */ + function clear(Uint256Heap storage self) internal { + self.tree.unsafeSetLength(0); + } + + /** + * @dev Swap node `i` and `j` in the tree. + */ + function _swap(Uint256Heap storage self, uint256 i, uint256 j) private { + StorageSlot.Uint256Slot storage ni = self.tree.unsafeAccess(i); + StorageSlot.Uint256Slot storage nj = self.tree.unsafeAccess(j); + (ni.value, nj.value) = (nj.value, ni.value); + } + + /** + * @dev Perform heap maintenance on `self`, starting at `index` (with the `value`), using `comp` as a + * comparator, and moving toward the leaves of the underlying tree. + * + * NOTE: This is a private function that is called in a trusted context with already cached parameters. `size` + * and `value` could be extracted from `self` and `index`, but that would require redundant storage read. These + * parameters are not verified. It is the caller role to make sure the parameters are correct. + */ + function _siftDown( + Uint256Heap storage self, + uint256 size, + uint256 index, + uint256 value, + function(uint256, uint256) view returns (bool) comp + ) private { + unchecked { + // Check if there is a risk of overflow when computing the indices of the child nodes. If that is the case, + // there cannot be child nodes in the tree, so sifting is done. + if (index >= type(uint256).max / 2) return; + + // Compute the indices of the potential child nodes + uint256 lIndex = 2 * index + 1; + uint256 rIndex = 2 * index + 2; + + // Three cases: + // 1. Both children exist: sifting may continue on one of the branch (selection required) + // 2. Only left child exist: sifting may continue on the left branch (no selection required) + // 3. Neither child exist: sifting is done + if (rIndex < size) { + uint256 lValue = self.tree.unsafeAccess(lIndex).value; + uint256 rValue = self.tree.unsafeAccess(rIndex).value; + if (comp(lValue, value) || comp(rValue, value)) { + uint256 cIndex = comp(lValue, rValue).ternary(lIndex, rIndex); + _swap(self, index, cIndex); + _siftDown(self, size, cIndex, value, comp); + } + } else if (lIndex < size) { + uint256 lValue = self.tree.unsafeAccess(lIndex).value; + if (comp(lValue, value)) { + _swap(self, index, lIndex); + _siftDown(self, size, lIndex, value, comp); + } + } + } + } + + /** + * @dev Perform heap maintenance on `self`, starting at `index` (with the `value`), using `comp` as a + * comparator, and moving toward the root of the underlying tree. + * + * NOTE: This is a private function that is called in a trusted context with already cached parameters. `value` + * could be extracted from `self` and `index`, but that would require redundant storage read. These parameters are not + * verified. It is the caller role to make sure the parameters are correct. + */ + function _siftUp( + Uint256Heap storage self, + uint256 index, + uint256 value, + function(uint256, uint256) view returns (bool) comp + ) private { + unchecked { + while (index > 0) { + uint256 parentIndex = (index - 1) / 2; + uint256 parentValue = self.tree.unsafeAccess(parentIndex).value; + if (comp(parentValue, value)) break; + _swap(self, index, parentIndex); + index = parentIndex; + } + } + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/structs/MerkleTree.sol b/dependencies/@openzeppelin/contracts/utils/structs/MerkleTree.sol new file mode 100644 index 00000000..6a78c4b3 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/structs/MerkleTree.sol @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Hashes} from "../cryptography/Hashes.sol"; +import {Arrays} from "../Arrays.sol"; +import {Panic} from "../Panic.sol"; + +/** + * @dev Library for managing https://wikipedia.org/wiki/Merkle_Tree[Merkle Tree] data structures. + * + * Each tree is a complete binary tree with the ability to sequentially insert leaves, changing them from a zero to a + * non-zero value and updating its root. This structure allows inserting commitments (or other entries) that are not + * stored, but can be proven to be part of the tree at a later time if the root is kept. See {MerkleProof}. + * + * A tree is defined by the following parameters: + * + * * Depth: The number of levels in the tree, it also defines the maximum number of leaves as 2**depth. + * * Zero value: The value that represents an empty leaf. Used to avoid regular zero values to be part of the tree. + * * Hashing function: A cryptographic hash function used to produce internal nodes. Defaults to {Hashes-commutativeKeccak256}. + * + * NOTE: Building trees using non-commutative hashing functions (i.e. `H(a, b) != H(b, a)`) is supported. However, + * proving the inclusion of a leaf in such trees is not possible with the {MerkleProof} library since it only supports + * _commutative_ hashing functions. + * + * _Available since v5.1._ + */ +library MerkleTree { + /** + * @dev A complete `bytes32` Merkle tree. + * + * The `sides` and `zero` arrays are set to have a length equal to the depth of the tree during setup. + * + * Struct members have an underscore prefix indicating that they are "private" and should not be read or written to + * directly. Use the functions provided below instead. Modifying the struct manually may violate assumptions and + * lead to unexpected behavior. + * + * NOTE: The `root` and the updates history is not stored within the tree. Consider using a secondary structure to + * store a list of historical roots from the values returned from {setup} and {push} (e.g. a mapping, {BitMaps} or + * {Checkpoints}). + * + * WARNING: Updating any of the tree's parameters after the first insertion will result in a corrupted tree. + */ + struct Bytes32PushTree { + uint256 _nextLeafIndex; + bytes32[] _sides; + bytes32[] _zeros; + } + + /** + * @dev Initialize a {Bytes32PushTree} using {Hashes-commutativeKeccak256} to hash internal nodes. + * The capacity of the tree (i.e. number of leaves) is set to `2**treeDepth`. + * + * Calling this function on MerkleTree that was already setup and used will reset it to a blank state. + * + * Once a tree is setup, any push to it must use the same hashing function. This means that values + * should be pushed to it using the default {xref-MerkleTree-push-struct-MerkleTree-Bytes32PushTree-bytes32-}[push] function. + * + * IMPORTANT: The zero value should be carefully chosen since it will be stored in the tree representing + * empty leaves. It should be a value that is not expected to be part of the tree. + */ + function setup(Bytes32PushTree storage self, uint8 treeDepth, bytes32 zero) internal returns (bytes32 initialRoot) { + return setup(self, treeDepth, zero, Hashes.commutativeKeccak256); + } + + /** + * @dev Same as {xref-MerkleTree-setup-struct-MerkleTree-Bytes32PushTree-uint8-bytes32-}[setup], but allows to specify a custom hashing function. + * + * Once a tree is setup, any push to it must use the same hashing function. This means that values + * should be pushed to it using the custom push function, which should be the same one as used during the setup. + * + * IMPORTANT: Providing a custom hashing function is a security-sensitive operation since it may + * compromise the soundness of the tree. + * + * NOTE: Consider verifying that the hashing function does not manipulate the memory state directly and that it + * follows the Solidity memory safety rules. Otherwise, it may lead to unexpected behavior. + */ + function setup( + Bytes32PushTree storage self, + uint8 treeDepth, + bytes32 zero, + function(bytes32, bytes32) view returns (bytes32) fnHash + ) internal returns (bytes32 initialRoot) { + // Store depth in the dynamic array + Arrays.unsafeSetLength(self._sides, treeDepth); + Arrays.unsafeSetLength(self._zeros, treeDepth); + + // Build each root of zero-filled subtrees + bytes32 currentZero = zero; + for (uint32 i = 0; i < treeDepth; ++i) { + Arrays.unsafeAccess(self._zeros, i).value = currentZero; + currentZero = fnHash(currentZero, currentZero); + } + + // Set the first root + self._nextLeafIndex = 0; + + return currentZero; + } + + /** + * @dev Insert a new leaf in the tree, and compute the new root. Returns the position of the inserted leaf in the + * tree, and the resulting root. + * + * Hashing the leaf before calling this function is recommended as a protection against + * second pre-image attacks. + * + * This variant uses {Hashes-commutativeKeccak256} to hash internal nodes. It should only be used on merkle trees + * that were setup using the same (default) hashing function (i.e. by calling + * {xref-MerkleTree-setup-struct-MerkleTree-Bytes32PushTree-uint8-bytes32-}[the default setup] function). + */ + function push(Bytes32PushTree storage self, bytes32 leaf) internal returns (uint256 index, bytes32 newRoot) { + return push(self, leaf, Hashes.commutativeKeccak256); + } + + /** + * @dev Insert a new leaf in the tree, and compute the new root. Returns the position of the inserted leaf in the + * tree, and the resulting root. + * + * Hashing the leaf before calling this function is recommended as a protection against + * second pre-image attacks. + * + * This variant uses a custom hashing function to hash internal nodes. It should only be called with the same + * function as the one used during the initial setup of the merkle tree. + */ + function push( + Bytes32PushTree storage self, + bytes32 leaf, + function(bytes32, bytes32) view returns (bytes32) fnHash + ) internal returns (uint256 index, bytes32 newRoot) { + // Cache read + uint256 treeDepth = depth(self); + + // Get leaf index + index = self._nextLeafIndex++; + + // Check if tree is full. + if (index >= 1 << treeDepth) { + Panic.panic(Panic.RESOURCE_ERROR); + } + + // Rebuild branch from leaf to root + uint256 currentIndex = index; + bytes32 currentLevelHash = leaf; + for (uint32 i = 0; i < treeDepth; i++) { + // Reaching the parent node, is currentLevelHash the left child? + bool isLeft = currentIndex % 2 == 0; + + // If so, next time we will come from the right, so we need to save it + if (isLeft) { + Arrays.unsafeAccess(self._sides, i).value = currentLevelHash; + } + + // Compute the current node hash by using the hash function + // with either its sibling (side) or the zero value for that level. + currentLevelHash = fnHash( + isLeft ? currentLevelHash : Arrays.unsafeAccess(self._sides, i).value, + isLeft ? Arrays.unsafeAccess(self._zeros, i).value : currentLevelHash + ); + + // Update node index + currentIndex >>= 1; + } + + return (index, currentLevelHash); + } + + /** + * @dev Tree's depth (set at initialization) + */ + function depth(Bytes32PushTree storage self) internal view returns (uint256) { + return self._zeros.length; + } +} diff --git a/dependencies/@openzeppelin/contracts/utils/types/Time.sol b/dependencies/@openzeppelin/contracts/utils/types/Time.sol new file mode 100644 index 00000000..1f729515 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/utils/types/Time.sol @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (utils/types/Time.sol) + +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; +import {SafeCast} from "../math/SafeCast.sol"; + +/** + * @dev This library provides helpers for manipulating time-related objects. + * + * It uses the following types: + * - `uint48` for timepoints + * - `uint32` for durations + * + * While the library doesn't provide specific types for timepoints and duration, it does provide: + * - a `Delay` type to represent duration that can be programmed to change value automatically at a given point + * - additional helper functions + */ +library Time { + using Time for *; + + /** + * @dev Get the block timestamp as a Timepoint. + */ + function timestamp() internal view returns (uint48) { + return SafeCast.toUint48(block.timestamp); + } + + /** + * @dev Get the block number as a Timepoint. + */ + function blockNumber() internal view returns (uint48) { + return SafeCast.toUint48(block.number); + } + + // ==================================================== Delay ===================================================== + /** + * @dev A `Delay` is a uint32 duration that can be programmed to change value automatically at a given point in the + * future. The "effect" timepoint describes when the transitions happens from the "old" value to the "new" value. + * This allows updating the delay applied to some operation while keeping some guarantees. + * + * In particular, the {update} function guarantees that if the delay is reduced, the old delay still applies for + * some time. For example if the delay is currently 7 days to do an upgrade, the admin should not be able to set + * the delay to 0 and upgrade immediately. If the admin wants to reduce the delay, the old delay (7 days) should + * still apply for some time. + * + * + * The `Delay` type is 112 bits long, and packs the following: + * + * ``` + * | [uint48]: effect date (timepoint) + * | | [uint32]: value before (duration) + * ↓ ↓ ↓ [uint32]: value after (duration) + * 0xAAAAAAAAAAAABBBBBBBBCCCCCCCC + * ``` + * + * NOTE: The {get} and {withUpdate} functions operate using timestamps. Block number based delays are not currently + * supported. + */ + type Delay is uint112; + + /** + * @dev Wrap a duration into a Delay to add the one-step "update in the future" feature + */ + function toDelay(uint32 duration) internal pure returns (Delay) { + return Delay.wrap(duration); + } + + /** + * @dev Get the value at a given timepoint plus the pending value and effect timepoint if there is a scheduled + * change after this timepoint. If the effect timepoint is 0, then the pending value should not be considered. + */ + function _getFullAt( + Delay self, + uint48 timepoint + ) private pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) { + (valueBefore, valueAfter, effect) = self.unpack(); + return effect <= timepoint ? (valueAfter, 0, 0) : (valueBefore, valueAfter, effect); + } + + /** + * @dev Get the current value plus the pending value and effect timepoint if there is a scheduled change. If the + * effect timepoint is 0, then the pending value should not be considered. + */ + function getFull(Delay self) internal view returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) { + return _getFullAt(self, timestamp()); + } + + /** + * @dev Get the current value. + */ + function get(Delay self) internal view returns (uint32) { + (uint32 delay, , ) = self.getFull(); + return delay; + } + + /** + * @dev Update a Delay object so that it takes a new duration after a timepoint that is automatically computed to + * enforce the old delay at the moment of the update. Returns the updated Delay object and the timestamp when the + * new delay becomes effective. + */ + function withUpdate( + Delay self, + uint32 newValue, + uint32 minSetback + ) internal view returns (Delay updatedDelay, uint48 effect) { + uint32 value = self.get(); + uint32 setback = uint32(Math.max(minSetback, value > newValue ? value - newValue : 0)); + effect = timestamp() + setback; + return (pack(value, newValue, effect), effect); + } + + /** + * @dev Split a delay into its components: valueBefore, valueAfter and effect (transition timepoint). + */ + function unpack(Delay self) internal pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) { + uint112 raw = Delay.unwrap(self); + + valueAfter = uint32(raw); + valueBefore = uint32(raw >> 32); + effect = uint48(raw >> 64); + + return (valueBefore, valueAfter, effect); + } + + /** + * @dev pack the components into a Delay object. + */ + function pack(uint32 valueBefore, uint32 valueAfter, uint48 effect) internal pure returns (Delay) { + return Delay.wrap((uint112(effect) << 64) | (uint112(valueBefore) << 32) | uint112(valueAfter)); + } +} diff --git a/dependencies/@openzeppelin/contracts/vendor/compound/ICompoundTimelock.sol b/dependencies/@openzeppelin/contracts/vendor/compound/ICompoundTimelock.sol new file mode 100644 index 00000000..320eea1c --- /dev/null +++ b/dependencies/@openzeppelin/contracts/vendor/compound/ICompoundTimelock.sol @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: MIT +// OpenZeppelin Contracts (last updated v5.0.0) (vendor/compound/ICompoundTimelock.sol) + +pragma solidity ^0.8.20; + +/** + * https://github.com/compound-finance/compound-protocol/blob/master/contracts/Timelock.sol[Compound timelock] interface + */ +interface ICompoundTimelock { + event NewAdmin(address indexed newAdmin); + event NewPendingAdmin(address indexed newPendingAdmin); + event NewDelay(uint256 indexed newDelay); + event CancelTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + event ExecuteTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + event QueueTransaction( + bytes32 indexed txHash, + address indexed target, + uint256 value, + string signature, + bytes data, + uint256 eta + ); + + receive() external payable; + + // solhint-disable-next-line func-name-mixedcase + function GRACE_PERIOD() external view returns (uint256); + + // solhint-disable-next-line func-name-mixedcase + function MINIMUM_DELAY() external view returns (uint256); + + // solhint-disable-next-line func-name-mixedcase + function MAXIMUM_DELAY() external view returns (uint256); + + function admin() external view returns (address); + + function pendingAdmin() external view returns (address); + + function delay() external view returns (uint256); + + function queuedTransactions(bytes32) external view returns (bool); + + function setDelay(uint256) external; + + function acceptAdmin() external; + + function setPendingAdmin(address) external; + + function queueTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) external returns (bytes32); + + function cancelTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) external; + + function executeTransaction( + address target, + uint256 value, + string memory signature, + bytes memory data, + uint256 eta + ) external payable returns (bytes memory); +} diff --git a/dependencies/@openzeppelin/contracts/vendor/compound/LICENSE b/dependencies/@openzeppelin/contracts/vendor/compound/LICENSE new file mode 100644 index 00000000..7da23247 --- /dev/null +++ b/dependencies/@openzeppelin/contracts/vendor/compound/LICENSE @@ -0,0 +1,11 @@ +Copyright 2020 Compound Labs, Inc. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/dependencies/@openzeppelin/foundry.toml b/dependencies/@openzeppelin/foundry.toml new file mode 100644 index 00000000..3f60b7cb --- /dev/null +++ b/dependencies/@openzeppelin/foundry.toml @@ -0,0 +1,14 @@ +[profile.default] +solc_version = '0.8.24' +evm_version = 'cancun' +optimizer = true +optimizer-runs = 200 +src = 'contracts' +out = 'out' +libs = ['node_modules', 'lib'] +test = 'test' +cache_path = 'cache_forge' + +[fuzz] +runs = 5000 +max_test_rejects = 150000 diff --git a/dependencies/@openzeppelin/fv-requirements.txt b/dependencies/@openzeppelin/fv-requirements.txt new file mode 100644 index 00000000..608b4de2 --- /dev/null +++ b/dependencies/@openzeppelin/fv-requirements.txt @@ -0,0 +1,4 @@ +certora-cli==4.13.1 +# File uses a custom name (fv-requirements.txt) so that it isn't picked by Netlify's build +# whose latest Python version is 0.3.8, incompatible with most recent versions of Halmos +halmos==0.2.0 diff --git a/dependencies/@openzeppelin/hardhat.config.js b/dependencies/@openzeppelin/hardhat.config.js new file mode 100644 index 00000000..d39d3d07 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat.config.js @@ -0,0 +1,124 @@ +/// ENVVAR +// - COMPILER: compiler version (default: 0.8.24) +// - SRC: contracts folder to compile (default: contracts) +// - RUNS: number of optimization runs (default: 200) +// - IR: enable IR compilation (default: false) +// - COVERAGE: enable coverage report (default: false) +// - GAS: enable gas report (default: false) +// - COINMARKETCAP: coinmarketcap api key for USD value in gas report +// - CI: output gas report to file instead of stdout + +const fs = require('fs'); +const path = require('path'); + +const { argv } = require('yargs/yargs')() + .env('') + .options({ + // Compilation settings + compiler: { + alias: 'compileVersion', + type: 'string', + default: '0.8.24', + }, + src: { + alias: 'source', + type: 'string', + default: 'contracts', + }, + runs: { + alias: 'optimizationRuns', + type: 'number', + default: 200, + }, + ir: { + alias: 'enableIR', + type: 'boolean', + default: false, + }, + evm: { + alias: 'evmVersion', + type: 'string', + default: 'cancun', + }, + // Extra modules + coverage: { + type: 'boolean', + default: false, + }, + gas: { + alias: 'enableGasReport', + type: 'boolean', + default: false, + }, + coinmarketcap: { + alias: 'coinmarketcapApiKey', + type: 'string', + }, + }); + +require('@nomicfoundation/hardhat-chai-matchers'); +require('@nomicfoundation/hardhat-ethers'); +require('hardhat-exposed'); +require('hardhat-gas-reporter'); +require('hardhat-ignore-warnings'); +require('solidity-coverage'); +require('solidity-docgen'); + +for (const f of fs.readdirSync(path.join(__dirname, 'hardhat'))) { + require(path.join(__dirname, 'hardhat', f)); +} + +/** + * @type import('hardhat/config').HardhatUserConfig + */ +module.exports = { + solidity: { + version: argv.compiler, + settings: { + optimizer: { + enabled: true, + runs: argv.runs, + }, + evmVersion: argv.evm, + viaIR: argv.ir, + outputSelection: { '*': { '*': ['storageLayout'] } }, + }, + }, + warnings: { + 'contracts-exposed/**/*': { + 'code-size': 'off', + 'initcode-size': 'off', + }, + '*': { + 'code-size': true, + 'unused-param': !argv.coverage, // coverage causes unused-param warnings + 'transient-storage': false, + default: 'error', + }, + }, + networks: { + hardhat: { + hardfork: argv.evm, + // Exposed contracts often exceed the maximum contract size. For normal contract, + // we rely on the `code-size` compiler warning, that will cause a compilation error. + allowUnlimitedContractSize: true, + initialBaseFeePerGas: argv.coverage ? 0 : undefined, + }, + }, + exposed: { + imports: true, + initializers: true, + exclude: ['vendor/**/*', '**/*WithInit.sol'], + }, + gasReporter: { + enabled: argv.gas, + showMethodSig: true, + includeBytecodeInJSON: true, + currency: 'USD', + coinmarketcap: argv.coinmarketcap, + }, + paths: { + sources: argv.src, + }, + docgen: require('./docs/config'), +}; diff --git a/dependencies/@openzeppelin/hardhat/async-test-sanity.js b/dependencies/@openzeppelin/hardhat/async-test-sanity.js new file mode 100644 index 00000000..c05e5bd4 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/async-test-sanity.js @@ -0,0 +1,3 @@ +process.on('unhandledRejection', reason => { + throw new Error(reason); +}); diff --git a/dependencies/@openzeppelin/hardhat/env-artifacts.js b/dependencies/@openzeppelin/hardhat/env-artifacts.js new file mode 100644 index 00000000..e97ae646 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/env-artifacts.js @@ -0,0 +1,29 @@ +const { HardhatError } = require('hardhat/internal/core/errors'); + +function isExpectedError(e, suffix) { + // HH700: Artifact not found - from https://hardhat.org/hardhat-runner/docs/errors#HH700 + return HardhatError.isHardhatError(e) && e.number === 700 && suffix !== ''; +} + +// Modifies the artifact require functions so that instead of X it loads the XUpgradeable contract. +// This allows us to run the same test suite on both the original and the transpiled and renamed Upgradeable contracts. +extendEnvironment(hre => { + const suffixes = ['UpgradeableWithInit', 'Upgradeable', '']; + + // Ethers + const originalReadArtifact = hre.artifacts.readArtifact; + hre.artifacts.readArtifact = async function (name) { + for (const suffix of suffixes) { + try { + return await originalReadArtifact.call(this, name + suffix); + } catch (e) { + if (isExpectedError(e, suffix)) { + continue; + } else { + throw e; + } + } + } + throw new Error('Unreachable'); + }; +}); diff --git a/dependencies/@openzeppelin/hardhat/ignore-unreachable-warnings.js b/dependencies/@openzeppelin/hardhat/ignore-unreachable-warnings.js new file mode 100644 index 00000000..8e3e3434 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/ignore-unreachable-warnings.js @@ -0,0 +1,45 @@ +// Warnings about unreachable code are emitted with a source location that corresponds to the unreachable code. +// We have some testing contracts that purposely cause unreachable code, but said code is in the library contracts, and +// with hardhat-ignore-warnings we are not able to selectively ignore them without potentially ignoring relevant +// warnings that we don't want to miss. +// Thus, we need to handle these warnings separately. We force Hardhat to compile them in a separate compilation job and +// then ignore the warnings about unreachable code that come from that compilation job. + +const { task } = require('hardhat/config'); +const { + TASK_COMPILE_SOLIDITY_GET_COMPILATION_JOB_FOR_FILE, + TASK_COMPILE_SOLIDITY_COMPILE, +} = require('hardhat/builtin-tasks/task-names'); + +const marker = Symbol('unreachable'); +const markedCache = new WeakMap(); + +task(TASK_COMPILE_SOLIDITY_GET_COMPILATION_JOB_FOR_FILE, async (params, _, runSuper) => { + const job = await runSuper(params); + // If the file is in the unreachable directory, we make a copy of the config and mark it, which will cause it to get + // compiled separately (along with the other marked files). + if (params.file.sourceName.startsWith('contracts/mocks/') && /\bunreachable\b/.test(params.file.sourceName)) { + const originalConfig = job.solidityConfig; + let markedConfig = markedCache.get(originalConfig); + if (markedConfig === undefined) { + markedConfig = { ...originalConfig, [marker]: true }; + markedCache.set(originalConfig, markedConfig); + } + job.solidityConfig = markedConfig; + } + return job; +}); + +const W_UNREACHABLE_CODE = '5740'; + +task(TASK_COMPILE_SOLIDITY_COMPILE, async (params, _, runSuper) => { + const marked = params.compilationJob.solidityConfig[marker]; + const result = await runSuper(params); + if (marked) { + result.output = { + ...result.output, + errors: result.output.errors?.filter(e => e.severity !== 'warning' || e.errorCode !== W_UNREACHABLE_CODE), + }; + } + return result; +}); diff --git a/dependencies/@openzeppelin/hardhat/remappings.js b/dependencies/@openzeppelin/hardhat/remappings.js new file mode 100644 index 00000000..cd9984d4 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/remappings.js @@ -0,0 +1,18 @@ +const fs = require('fs'); +const { task } = require('hardhat/config'); +const { TASK_COMPILE_GET_REMAPPINGS } = require('hardhat/builtin-tasks/task-names'); + +task(TASK_COMPILE_GET_REMAPPINGS).setAction((taskArgs, env, runSuper) => + runSuper().then(remappings => + Object.assign( + remappings, + Object.fromEntries( + fs + .readFileSync('remappings.txt', 'utf-8') + .split('\n') + .filter(Boolean) + .map(line => line.trim().split('=')), + ), + ), + ), +); diff --git a/dependencies/@openzeppelin/hardhat/skip-foundry-tests.js b/dependencies/@openzeppelin/hardhat/skip-foundry-tests.js new file mode 100644 index 00000000..965ba37c --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/skip-foundry-tests.js @@ -0,0 +1,6 @@ +const { subtask } = require('hardhat/config'); +const { TASK_COMPILE_SOLIDITY_GET_SOURCE_PATHS } = require('hardhat/builtin-tasks/task-names'); + +subtask(TASK_COMPILE_SOLIDITY_GET_SOURCE_PATHS).setAction(async (_, __, runSuper) => + (await runSuper()).filter(path => !path.endsWith('.t.sol')), +); diff --git a/dependencies/@openzeppelin/hardhat/task-test-get-files.js b/dependencies/@openzeppelin/hardhat/task-test-get-files.js new file mode 100644 index 00000000..108f40a4 --- /dev/null +++ b/dependencies/@openzeppelin/hardhat/task-test-get-files.js @@ -0,0 +1,25 @@ +const { internalTask } = require('hardhat/config'); +const { TASK_TEST_GET_TEST_FILES } = require('hardhat/builtin-tasks/task-names'); + +// Modifies `hardhat test` to skip the proxy tests after proxies are removed by the transpiler for upgradeability. + +internalTask(TASK_TEST_GET_TEST_FILES).setAction(async (args, hre, runSuper) => { + const path = require('path'); + const { promises: fs } = require('fs'); + + const hasProxies = await fs + .access(path.join(hre.config.paths.sources, 'proxy/Proxy.sol')) + .then(() => true) + .catch(() => false); + + const ignoredIfProxy = [ + 'proxy/beacon/BeaconProxy.test.js', + 'proxy/beacon/UpgradeableBeacon.test.js', + 'proxy/ERC1967/ERC1967Proxy.test.js', + 'proxy/transparent/ProxyAdmin.test.js', + 'proxy/transparent/TransparentUpgradeableProxy.test.js', + 'proxy/utils/UUPSUpgradeable.test.js', + ].map(p => path.join(hre.config.paths.tests, p)); + + return (await runSuper(args)).filter(file => hasProxies || !ignoredIfProxy.includes(file)); +}); diff --git a/dependencies/@openzeppelin/logo.svg b/dependencies/@openzeppelin/logo.svg new file mode 100644 index 00000000..f1e14c2b --- /dev/null +++ b/dependencies/@openzeppelin/logo.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/dependencies/@openzeppelin/netlify.toml b/dependencies/@openzeppelin/netlify.toml new file mode 100644 index 00000000..0447f41a --- /dev/null +++ b/dependencies/@openzeppelin/netlify.toml @@ -0,0 +1,3 @@ +[build] +command = "npm run docs" +publish = "build/site" diff --git a/dependencies/@openzeppelin/package.json b/dependencies/@openzeppelin/package.json new file mode 100644 index 00000000..f7c0f519 --- /dev/null +++ b/dependencies/@openzeppelin/package.json @@ -0,0 +1,89 @@ +{ + "name": "openzeppelin-solidity", + "description": "Secure Smart Contract library for Solidity", + "version": "5.0.2", + "private": true, + "files": [ + "/contracts/**/*.sol", + "!/contracts/mocks/**/*" + ], + "scripts": { + "compile": "hardhat compile", + "compile:harnesses": "env SRC=./certora/harnesses hardhat compile", + "coverage": "scripts/checks/coverage.sh", + "docs": "npm run prepare-docs && oz-docs", + "docs:watch": "oz-docs watch contracts docs/templates docs/config.js", + "prepare": "scripts/prepare.sh", + "prepare-docs": "scripts/prepare-docs.sh", + "lint": "npm run lint:js && npm run lint:sol", + "lint:fix": "npm run lint:js:fix && npm run lint:sol:fix", + "lint:js": "prettier --log-level warn --ignore-path .gitignore '**/*.{js,ts}' --check && eslint --ignore-path .gitignore .", + "lint:js:fix": "prettier --log-level warn --ignore-path .gitignore '**/*.{js,ts}' --write && eslint --ignore-path .gitignore . --fix", + "lint:sol": "prettier --log-level warn --ignore-path .gitignore '{contracts,test}/**/*.sol' --check && solhint '{contracts,test}/**/*.sol'", + "lint:sol:fix": "prettier --log-level warn --ignore-path .gitignore '{contracts,test}/**/*.sol' --write", + "clean": "hardhat clean && rimraf build contracts/build", + "prepack": "scripts/prepack.sh", + "generate": "scripts/generate/run.js", + "version": "scripts/release/version.sh", + "test": "hardhat test", + "test:inheritance": "scripts/checks/inheritance-ordering.js artifacts/build-info/*", + "test:generation": "scripts/checks/generation.sh", + "gas-report": "env ENABLE_GAS_REPORT=true npm run test", + "slither": "npm run clean && slither ." + }, + "repository": { + "type": "git", + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts.git" + }, + "keywords": [ + "solidity", + "ethereum", + "smart", + "contracts", + "security", + "zeppelin" + ], + "author": "OpenZeppelin Community ", + "license": "MIT", + "bugs": { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/issues" + }, + "homepage": "https://openzeppelin.com/contracts/", + "devDependencies": { + "@changesets/changelog-github": "^0.5.0", + "@changesets/cli": "^2.26.0", + "@changesets/pre": "^2.0.0", + "@changesets/read": "^0.6.0", + "@nomicfoundation/hardhat-chai-matchers": "^2.0.6", + "@nomicfoundation/hardhat-ethers": "^3.0.4", + "@nomicfoundation/hardhat-network-helpers": "^1.0.3", + "@openzeppelin/docs-utils": "^0.1.5", + "@openzeppelin/merkle-tree": "^1.0.7", + "@openzeppelin/upgrade-safe-transpiler": "^0.3.32", + "@openzeppelin/upgrades-core": "^1.20.6", + "chai": "^4.2.0", + "eslint": "^8.30.0", + "eslint-config-prettier": "^9.0.0", + "ethers": "^6.7.1", + "glob": "^11.0.0", + "graphlib": "^2.1.8", + "hardhat": "^2.22.2", + "hardhat-exposed": "^0.3.15", + "hardhat-gas-reporter": "^2.0.0", + "hardhat-ignore-warnings": "^0.2.11", + "lodash.startcase": "^4.4.0", + "micromatch": "^4.0.2", + "p-limit": "^3.1.0", + "prettier": "^3.0.0", + "prettier-plugin-solidity": "^1.1.0", + "rimraf": "^6.0.0", + "semver": "^7.3.5", + "solhint": "^5.0.0", + "solhint-plugin-openzeppelin": "file:scripts/solhint-custom", + "solidity-ast": "^0.4.50", + "solidity-coverage": "^0.8.5", + "solidity-docgen": "^0.6.0-beta.29", + "undici": "^6.11.1", + "yargs": "^17.0.0" + } +} diff --git a/dependencies/@openzeppelin/remappings.txt b/dependencies/@openzeppelin/remappings.txt new file mode 100644 index 00000000..304d1386 --- /dev/null +++ b/dependencies/@openzeppelin/remappings.txt @@ -0,0 +1 @@ +@openzeppelin/contracts/=contracts/ diff --git a/dependencies/@openzeppelin/renovate.json b/dependencies/@openzeppelin/renovate.json new file mode 100644 index 00000000..c0b97d8d --- /dev/null +++ b/dependencies/@openzeppelin/renovate.json @@ -0,0 +1,4 @@ +{ + "extends": ["github>OpenZeppelin/configs"], + "labels": ["ignore-changeset"] +} diff --git a/dependencies/@openzeppelin/scripts/checks/compare-layout.js b/dependencies/@openzeppelin/scripts/checks/compare-layout.js new file mode 100644 index 00000000..64ff4398 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/compare-layout.js @@ -0,0 +1,20 @@ +const fs = require('fs'); +const { getStorageUpgradeReport } = require('@openzeppelin/upgrades-core/dist/storage'); + +const { ref, head } = require('yargs').argv; + +const oldLayout = JSON.parse(fs.readFileSync(ref)); +const newLayout = JSON.parse(fs.readFileSync(head)); + +for (const name in oldLayout) { + if (name in newLayout) { + const report = getStorageUpgradeReport(oldLayout[name], newLayout[name], {}); + if (!report.ok) { + console.log(`Storage layout incompatibility found in ${name}:`); + console.log(report.explain()); + process.exitCode = 1; + } + } else { + console.log(`WARNING: ${name} is missing from the current branch`); + } +} diff --git a/dependencies/@openzeppelin/scripts/checks/compareGasReports.js b/dependencies/@openzeppelin/scripts/checks/compareGasReports.js new file mode 100755 index 00000000..2c7b4dc2 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/compareGasReports.js @@ -0,0 +1,247 @@ +#!/usr/bin/env node + +const fs = require('fs'); +const chalk = require('chalk'); +const { argv } = require('yargs') + .env() + .options({ + style: { + type: 'string', + choices: ['shell', 'markdown'], + default: 'shell', + }, + hideEqual: { + type: 'boolean', + default: true, + }, + strictTesting: { + type: 'boolean', + default: false, + }, + }); + +// Deduce base tx cost from the percentage denominator +const BASE_TX_COST = 21000; + +// Utilities +function sum(...args) { + return args.reduce((a, b) => a + b, 0); +} + +function average(...args) { + return sum(...args) / args.length; +} + +function variation(current, previous, offset = 0) { + return { + value: current, + delta: current - previous, + prcnt: (100 * (current - previous)) / (previous - offset), + }; +} + +// Report class +class Report { + // Read report file + static load(filepath) { + return JSON.parse(fs.readFileSync(filepath, 'utf8')); + } + + // Compare two reports + static compare(update, ref, opts = { hideEqual: true, strictTesting: false }) { + if (JSON.stringify(update.options?.solcInfo) !== JSON.stringify(ref.options?.solcInfo)) { + console.warn('WARNING: Reports produced with non matching metadata'); + } + + // gasReporter 1.0.0 uses ".info", but 2.0.0 uses ".data" + const updateInfo = update.info ?? update.data; + const refInfo = ref.info ?? ref.data; + + const deployments = updateInfo.deployments + .map(contract => + Object.assign(contract, { previousVersion: refInfo.deployments.find(({ name }) => name === contract.name) }), + ) + .filter(contract => contract.gasData?.length && contract.previousVersion?.gasData?.length) + .flatMap(contract => [ + { + contract: contract.name, + method: '[bytecode length]', + avg: variation(contract.bytecode.length / 2 - 1, contract.previousVersion.bytecode.length / 2 - 1), + }, + { + contract: contract.name, + method: '[construction cost]', + avg: variation( + ...[contract.gasData, contract.previousVersion.gasData].map(x => Math.round(average(...x))), + BASE_TX_COST, + ), + }, + ]) + .sort((a, b) => `${a.contract}:${a.method}`.localeCompare(`${b.contract}:${b.method}`)); + + const methods = Object.keys(updateInfo.methods) + .filter(key => refInfo.methods[key]) + .filter(key => updateInfo.methods[key].numberOfCalls > 0) + .filter( + key => !opts.strictTesting || updateInfo.methods[key].numberOfCalls === refInfo.methods[key].numberOfCalls, + ) + .map(key => ({ + contract: refInfo.methods[key].contract, + method: refInfo.methods[key].fnSig, + min: variation(...[updateInfo, refInfo].map(x => Math.min(...x.methods[key].gasData)), BASE_TX_COST), + max: variation(...[updateInfo, refInfo].map(x => Math.max(...x.methods[key].gasData)), BASE_TX_COST), + avg: variation(...[updateInfo, refInfo].map(x => Math.round(average(...x.methods[key].gasData))), BASE_TX_COST), + })) + .sort((a, b) => `${a.contract}:${a.method}`.localeCompare(`${b.contract}:${b.method}`)); + + return [] + .concat(deployments, methods) + .filter(row => !opts.hideEqual || row.min?.delta || row.max?.delta || row.avg?.delta); + } +} + +// Display +function center(text, length) { + return text.padStart((text.length + length) / 2).padEnd(length); +} + +function plusSign(num) { + return num > 0 ? '+' : ''; +} + +function formatCellShell(cell) { + const format = chalk[cell?.delta > 0 ? 'red' : cell?.delta < 0 ? 'green' : 'reset']; + return [ + format((!isFinite(cell?.value) ? '-' : cell.value.toString()).padStart(8)), + format((!isFinite(cell?.delta) ? '-' : plusSign(cell.delta) + cell.delta.toString()).padStart(8)), + format((!isFinite(cell?.prcnt) ? '-' : plusSign(cell.prcnt) + cell.prcnt.toFixed(2) + '%').padStart(8)), + ]; +} + +function formatCmpShell(rows) { + const contractLength = Math.max(8, ...rows.map(({ contract }) => contract.length)); + const methodLength = Math.max(7, ...rows.map(({ method }) => method.length)); + + const COLS = [ + { txt: '', length: 0 }, + { txt: 'Contract', length: contractLength }, + { txt: 'Method', length: methodLength }, + { txt: 'Min', length: 30 }, + { txt: 'Max', length: 30 }, + { txt: 'Avg', length: 30 }, + { txt: '', length: 0 }, + ]; + const HEADER = COLS.map(entry => chalk.bold(center(entry.txt, entry.length || 0))) + .join(' | ') + .trim(); + const SEPARATOR = COLS.map(({ length }) => (length > 0 ? '-'.repeat(length + 2) : '')) + .join('|') + .trim(); + + return [ + '', + HEADER, + ...rows.map(entry => + [ + '', + chalk.grey(entry.contract.padEnd(contractLength)), + entry.method.padEnd(methodLength), + ...formatCellShell(entry.min), + ...formatCellShell(entry.max), + ...formatCellShell(entry.avg), + '', + ] + .join(' | ') + .trim(), + ), + '', + ] + .join(`\n${SEPARATOR}\n`) + .trim(); +} + +function alignPattern(align) { + switch (align) { + case 'left': + case undefined: + return ':-'; + case 'right': + return '-:'; + case 'center': + return ':-:'; + } +} + +function trend(value) { + return value > 0 ? ':x:' : value < 0 ? ':heavy_check_mark:' : ':heavy_minus_sign:'; +} + +function formatCellMarkdown(cell) { + return [ + !isFinite(cell?.value) ? '-' : cell.value.toString(), + !isFinite(cell?.delta) ? '-' : plusSign(cell.delta) + cell.delta.toString(), + !isFinite(cell?.prcnt) ? '-' : plusSign(cell.prcnt) + cell.prcnt.toFixed(2) + '% ' + trend(cell.delta), + ]; +} + +function formatCmpMarkdown(rows) { + const COLS = [ + { txt: '' }, + { txt: 'Contract', align: 'left' }, + { txt: 'Method', align: 'left' }, + { txt: 'Min', align: 'right' }, + { txt: '(+/-)', align: 'right' }, + { txt: '%', align: 'right' }, + { txt: 'Max', align: 'right' }, + { txt: '(+/-)', align: 'right' }, + { txt: '%', align: 'right' }, + { txt: 'Avg', align: 'right' }, + { txt: '(+/-)', align: 'right' }, + { txt: '%', align: 'right' }, + { txt: '' }, + ]; + const HEADER = COLS.map(entry => entry.txt) + .join(' | ') + .trim(); + const SEPARATOR = COLS.map(entry => (entry.txt ? alignPattern(entry.align) : '')) + .join('|') + .trim(); + + return [ + '# Changes to gas costs', + '', + HEADER, + SEPARATOR, + rows + .map(entry => + [ + '', + entry.contract, + entry.method, + ...formatCellMarkdown(entry.min), + ...formatCellMarkdown(entry.max), + ...formatCellMarkdown(entry.avg), + '', + ] + .join(' | ') + .trim(), + ) + .join('\n'), + '', + ] + .join('\n') + .trim(); +} + +// MAIN +const report = Report.compare(Report.load(argv._[0]), Report.load(argv._[1]), argv); + +switch (argv.style) { + case 'markdown': + console.log(formatCmpMarkdown(report)); + break; + case 'shell': + default: + console.log(formatCmpShell(report)); + break; +} diff --git a/dependencies/@openzeppelin/scripts/checks/coverage.sh b/dependencies/@openzeppelin/scripts/checks/coverage.sh new file mode 100755 index 00000000..a591069c --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/coverage.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +set -euo pipefail + +export COVERAGE=true +export FOUNDRY_FUZZ_RUNS=10 + +# Hardhat coverage +hardhat coverage + +if [ "${CI:-"false"}" == "true" ]; then + # Foundry coverage + forge coverage --report lcov --ir-minimum + # Remove zero hits + sed -i '/,0/d' lcov.info +fi + +# Reports are then uploaded to Codecov automatically by workflow, and merged. diff --git a/dependencies/@openzeppelin/scripts/checks/extract-layout.js b/dependencies/@openzeppelin/scripts/checks/extract-layout.js new file mode 100644 index 00000000..d0b99653 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/extract-layout.js @@ -0,0 +1,38 @@ +const fs = require('fs'); +const { findAll, astDereferencer, srcDecoder } = require('solidity-ast/utils'); +const { extractStorageLayout } = require('@openzeppelin/upgrades-core/dist/storage/extract'); + +const { _ } = require('yargs').argv; + +const skipPath = ['contracts/mocks/', 'contracts-exposed/']; +const skipKind = ['interface', 'library']; + +function extractLayouts(path) { + const layout = {}; + const { input, output } = JSON.parse(fs.readFileSync(path)); + + const decoder = srcDecoder(input, output); + const deref = astDereferencer(output); + + for (const src in output.contracts) { + if (skipPath.some(prefix => src.startsWith(prefix))) { + continue; + } + + for (const contractDef of findAll('ContractDefinition', output.sources[src].ast)) { + if (skipKind.includes(contractDef.contractKind)) { + continue; + } + + layout[contractDef.name] = extractStorageLayout( + contractDef, + decoder, + deref, + output.contracts[src][contractDef.name].storageLayout, + ); + } + } + return layout; +} + +console.log(JSON.stringify(Object.assign(..._.map(extractLayouts)))); diff --git a/dependencies/@openzeppelin/scripts/checks/generation.sh b/dependencies/@openzeppelin/scripts/checks/generation.sh new file mode 100755 index 00000000..00d609f9 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/generation.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -euo pipefail + +npm run generate +git diff -R --exit-code diff --git a/dependencies/@openzeppelin/scripts/checks/inheritance-ordering.js b/dependencies/@openzeppelin/scripts/checks/inheritance-ordering.js new file mode 100755 index 00000000..72aa37ef --- /dev/null +++ b/dependencies/@openzeppelin/scripts/checks/inheritance-ordering.js @@ -0,0 +1,54 @@ +#!/usr/bin/env node + +const path = require('path'); +const graphlib = require('graphlib'); +const { findAll } = require('solidity-ast/utils'); +const { _: artifacts } = require('yargs').argv; + +for (const artifact of artifacts) { + const { output: solcOutput } = require(path.resolve(__dirname, '../..', artifact)); + + const graph = new graphlib.Graph({ directed: true }); + const names = {}; + const linearized = []; + + for (const source in solcOutput.contracts) { + if (['contracts-exposed/', 'contracts/mocks/'].some(pattern => source.startsWith(pattern))) { + continue; + } + + for (const contractDef of findAll('ContractDefinition', solcOutput.sources[source].ast)) { + names[contractDef.id] = contractDef.name; + linearized.push(contractDef.linearizedBaseContracts); + + contractDef.linearizedBaseContracts.forEach((c1, i, contracts) => + contracts.slice(i + 1).forEach(c2 => { + graph.setEdge(c1, c2); + }), + ); + } + } + + /// graphlib.alg.findCycles will not find minimal cycles. + /// We are only interested int cycles of lengths 2 (needs proof) + graph.nodes().forEach((x, i, nodes) => + nodes + .slice(i + 1) + .filter(y => graph.hasEdge(x, y) && graph.hasEdge(y, x)) + .forEach(y => { + console.log(`Conflict between ${names[x]} and ${names[y]} detected in the following dependency chains:`); + linearized + .filter(chain => chain.includes(parseInt(x)) && chain.includes(parseInt(y))) + .forEach(chain => { + const comp = chain.indexOf(parseInt(x)) < chain.indexOf(parseInt(y)) ? '>' : '<'; + console.log(`- ${names[x]} ${comp} ${names[y]} in ${names[chain.find(Boolean)]}`); + // console.log(`- ${names[x]} ${comp} ${names[y]}: ${chain.reverse().map(id => names[id]).join(', ')}`); + }); + process.exitCode = 1; + }), + ); +} + +if (!process.exitCode) { + console.log('Contract ordering is consistent.'); +} diff --git a/dependencies/@openzeppelin/scripts/gen-nav.js b/dependencies/@openzeppelin/scripts/gen-nav.js new file mode 100644 index 00000000..de3d0dab --- /dev/null +++ b/dependencies/@openzeppelin/scripts/gen-nav.js @@ -0,0 +1,41 @@ +#!/usr/bin/env node + +const path = require('path'); +const glob = require('glob'); +const startCase = require('lodash.startcase'); + +const baseDir = process.argv[2]; + +const files = glob.sync(baseDir + '/**/*.adoc').map(f => path.relative(baseDir, f)); + +console.log('.API'); + +function getPageTitle(directory) { + switch (directory) { + case 'metatx': + return 'Meta Transactions'; + case 'common': + return 'Common (Tokens)'; + default: + return startCase(directory); + } +} + +const links = files.map(file => { + const doc = file.replace(baseDir, ''); + const title = path.parse(file).name; + + return { + xref: `* xref:${doc}[${getPageTitle(title)}]`, + title, + }; +}); + +// Case-insensitive sort based on titles (so 'token/ERC20' gets sorted as 'erc20') +const sortedLinks = links.sort(function (a, b) { + return a.title.toLowerCase().localeCompare(b.title.toLowerCase(), undefined, { numeric: true }); +}); + +for (const link of sortedLinks) { + console.log(link.xref); +} diff --git a/dependencies/@openzeppelin/scripts/generate/format-lines.js b/dependencies/@openzeppelin/scripts/generate/format-lines.js new file mode 100644 index 00000000..fa3d6b12 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/format-lines.js @@ -0,0 +1,16 @@ +function formatLines(...lines) { + return [...indentEach(0, lines)].join('\n') + '\n'; +} + +function* indentEach(indent, lines) { + for (const line of lines) { + if (Array.isArray(line)) { + yield* indentEach(indent + 1, line); + } else { + const padding = ' '.repeat(indent); + yield* line.split('\n').map(subline => (subline === '' ? '' : padding + subline)); + } + } +} + +module.exports = formatLines; diff --git a/dependencies/@openzeppelin/scripts/generate/helpers/sanitize.js b/dependencies/@openzeppelin/scripts/generate/helpers/sanitize.js new file mode 100644 index 00000000..e680ec1b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/helpers/sanitize.js @@ -0,0 +1,5 @@ +module.exports = { + address: expr => `and(${expr}, shr(96, not(0)))`, + bool: expr => `iszero(iszero(${expr}))`, + bytes: (expr, size) => `and(${expr}, shl(${256 - 8 * size}, not(0)))`, +}; diff --git a/dependencies/@openzeppelin/scripts/generate/run.js b/dependencies/@openzeppelin/scripts/generate/run.js new file mode 100755 index 00000000..c28d1175 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/run.js @@ -0,0 +1,56 @@ +#!/usr/bin/env node + +// const cp = require('child_process'); +const fs = require('fs'); +const path = require('path'); +const format = require('./format-lines'); + +function getVersion(path) { + try { + return fs.readFileSync(path, 'utf8').match(/\/\/ OpenZeppelin Contracts \(last updated v[^)]+\)/)[0]; + } catch (err) { + return null; + } +} + +function generateFromTemplate(file, template, outputPrefix = '') { + const script = path.relative(path.join(__dirname, '../..'), __filename); + const input = path.join(path.dirname(script), template); + const output = path.join(outputPrefix, file); + const version = getVersion(output); + const content = format( + '// SPDX-License-Identifier: MIT', + ...(version ? [version + ` (${file})`] : []), + `// This file was procedurally generated from ${input}.`, + '', + require(template).trimEnd(), + ); + + fs.writeFileSync(output, content); + // cp.execFileSync('prettier', ['--write', output]); +} + +// Contracts +for (const [file, template] of Object.entries({ + 'utils/cryptography/MerkleProof.sol': './templates/MerkleProof.js', + 'utils/math/SafeCast.sol': './templates/SafeCast.js', + 'utils/structs/Checkpoints.sol': './templates/Checkpoints.js', + 'utils/structs/EnumerableSet.sol': './templates/EnumerableSet.js', + 'utils/structs/EnumerableMap.sol': './templates/EnumerableMap.js', + 'utils/SlotDerivation.sol': './templates/SlotDerivation.js', + 'utils/StorageSlot.sol': './templates/StorageSlot.js', + 'utils/Arrays.sol': './templates/Arrays.js', + 'utils/Packing.sol': './templates/Packing.js', + 'mocks/StorageSlotMock.sol': './templates/StorageSlotMock.js', +})) { + generateFromTemplate(file, template, './contracts/'); +} + +// Tests +for (const [file, template] of Object.entries({ + 'utils/structs/Checkpoints.t.sol': './templates/Checkpoints.t.js', + 'utils/Packing.t.sol': './templates/Packing.t.js', + 'utils/SlotDerivation.t.sol': './templates/SlotDerivation.t.js', +})) { + generateFromTemplate(file, template, './test/'); +} diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Arrays.js b/dependencies/@openzeppelin/scripts/generate/templates/Arrays.js new file mode 100644 index 00000000..0d3676a7 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Arrays.js @@ -0,0 +1,384 @@ +const format = require('../format-lines'); +const { capitalize } = require('../../helpers'); +const { TYPES } = require('./Arrays.opts'); + +const header = `\ +pragma solidity ^0.8.20; + +import {Comparators} from "./Comparators.sol"; +import {SlotDerivation} from "./SlotDerivation.sol"; +import {StorageSlot} from "./StorageSlot.sol"; +import {Math} from "./math/Math.sol"; + +/** + * @dev Collection of functions related to array types. + */ +`; + +const sort = type => `\ +/** + * @dev Sort an array of ${type} (in memory) following the provided comparator function. + * + * This function does the sorting "in place", meaning that it overrides the input. The object is returned for + * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array. + * + * NOTE: this function's cost is \`O(n Β· log(n))\` in average and \`O(nΒ²)\` in the worst case, with n the length of the + * array. Using it in view functions that are executed through \`eth_call\` is safe, but one should be very careful + * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may + * consume more gas than is available in a block, leading to potential DoS. + * + * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way. + */ +function sort( + ${type}[] memory array, + function(${type}, ${type}) pure returns (bool) comp +) internal pure returns (${type}[] memory) { + ${ + type === 'uint256' + ? '_quickSort(_begin(array), _end(array), comp);' + : 'sort(_castToUint256Array(array), _castToUint256Comp(comp));' + } + return array; +} + +/** + * @dev Variant of {sort} that sorts an array of ${type} in increasing order. + */ +function sort(${type}[] memory array) internal pure returns (${type}[] memory) { + ${type === 'uint256' ? 'sort(array, Comparators.lt);' : 'sort(_castToUint256Array(array), Comparators.lt);'} + return array; +} +`; + +const quickSort = `\ +/** + * @dev Performs a quick sort of a segment of memory. The segment sorted starts at \`begin\` (inclusive), and stops + * at end (exclusive). Sorting follows the \`comp\` comparator. + * + * Invariant: \`begin <= end\`. This is the case when initially called by {sort} and is preserved in subcalls. + * + * IMPORTANT: Memory locations between \`begin\` and \`end\` are not validated/zeroed. This function should + * be used only if the limits are within a memory array. + */ +function _quickSort(uint256 begin, uint256 end, function(uint256, uint256) pure returns (bool) comp) private pure { + unchecked { + if (end - begin < 0x40) return; + + // Use first element as pivot + uint256 pivot = _mload(begin); + // Position where the pivot should be at the end of the loop + uint256 pos = begin; + + for (uint256 it = begin + 0x20; it < end; it += 0x20) { + if (comp(_mload(it), pivot)) { + // If the value stored at the iterator's position comes before the pivot, we increment the + // position of the pivot and move the value there. + pos += 0x20; + _swap(pos, it); + } + } + + _swap(begin, pos); // Swap pivot into place + _quickSort(begin, pos, comp); // Sort the left side of the pivot + _quickSort(pos + 0x20, end, comp); // Sort the right side of the pivot + } +} + +/** + * @dev Pointer to the memory location of the first element of \`array\`. + */ +function _begin(uint256[] memory array) private pure returns (uint256 ptr) { + assembly ("memory-safe") { + ptr := add(array, 0x20) + } +} + +/** + * @dev Pointer to the memory location of the first memory word (32bytes) after \`array\`. This is the memory word + * that comes just after the last element of the array. + */ +function _end(uint256[] memory array) private pure returns (uint256 ptr) { + unchecked { + return _begin(array) + array.length * 0x20; + } +} + +/** + * @dev Load memory word (as a uint256) at location \`ptr\`. + */ +function _mload(uint256 ptr) private pure returns (uint256 value) { + assembly { + value := mload(ptr) + } +} + +/** + * @dev Swaps the elements memory location \`ptr1\` and \`ptr2\`. + */ +function _swap(uint256 ptr1, uint256 ptr2) private pure { + assembly { + let value1 := mload(ptr1) + let value2 := mload(ptr2) + mstore(ptr1, value2) + mstore(ptr2, value1) + } +} +`; + +const castArray = type => `\ +/// @dev Helper: low level cast ${type} memory array to uint256 memory array +function _castToUint256Array(${type}[] memory input) private pure returns (uint256[] memory output) { + assembly { + output := input + } +} +`; + +const castComparator = type => `\ +/// @dev Helper: low level cast ${type} comp function to uint256 comp function +function _castToUint256Comp( + function(${type}, ${type}) pure returns (bool) input +) private pure returns (function(uint256, uint256) pure returns (bool) output) { + assembly { + output := input + } +} +`; + +const search = `\ +/** + * @dev Searches a sorted \`array\` and returns the first index that contains + * a value greater or equal to \`element\`. If no such index exists (i.e. all + * values in the array are strictly less than \`element\`), the array length is + * returned. Time complexity O(log n). + * + * NOTE: The \`array\` is expected to be sorted in ascending order, and to + * contain no repeated elements. + * + * IMPORTANT: Deprecated. This implementation behaves as {lowerBound} but lacks + * support for repeated elements in the array. The {lowerBound} function should + * be used instead. + */ +function findUpperBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value > element) { + high = mid; + } else { + low = mid + 1; + } + } + + // At this point \`low\` is the exclusive upper bound. We will return the inclusive upper bound. + if (low > 0 && unsafeAccess(array, low - 1).value == element) { + return low - 1; + } else { + return low; + } +} + +/** + * @dev Searches an \`array\` sorted in ascending order and returns the first + * index that contains a value greater or equal than \`element\`. If no such index + * exists (i.e. all values in the array are strictly less than \`element\`), the array + * length is returned. Time complexity O(log n). + * + * See C++'s https://en.cppreference.com/w/cpp/algorithm/lower_bound[lower_bound]. + */ +function lowerBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value < element) { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } else { + high = mid; + } + } + + return low; +} + +/** + * @dev Searches an \`array\` sorted in ascending order and returns the first + * index that contains a value strictly greater than \`element\`. If no such index + * exists (i.e. all values in the array are strictly less than \`element\`), the array + * length is returned. Time complexity O(log n). + * + * See C++'s https://en.cppreference.com/w/cpp/algorithm/upper_bound[upper_bound]. + */ +function upperBound(uint256[] storage array, uint256 element) internal view returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeAccess(array, mid).value > element) { + high = mid; + } else { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } + } + + return low; +} + +/** + * @dev Same as {lowerBound}, but with an array in memory. + */ +function lowerBoundMemory(uint256[] memory array, uint256 element) internal pure returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeMemoryAccess(array, mid) < element) { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } else { + high = mid; + } + } + + return low; +} + +/** + * @dev Same as {upperBound}, but with an array in memory. + */ +function upperBoundMemory(uint256[] memory array, uint256 element) internal pure returns (uint256) { + uint256 low = 0; + uint256 high = array.length; + + if (high == 0) { + return 0; + } + + while (low < high) { + uint256 mid = Math.average(low, high); + + // Note that mid will always be strictly less than high (i.e. it will be a valid array index) + // because Math.average rounds towards zero (it does integer division with truncation). + if (unsafeMemoryAccess(array, mid) > element) { + high = mid; + } else { + // this cannot overflow because mid < high + unchecked { + low = mid + 1; + } + } + } + + return low; +} +`; + +const unsafeAccessStorage = type => `\ +/** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain \`pos\` is lower than the array length. + */ +function unsafeAccess(${type}[] storage arr, uint256 pos) internal pure returns (StorageSlot.${capitalize( + type, +)}Slot storage) { + bytes32 slot; + assembly ("memory-safe") { + slot := arr.slot + } + return slot.deriveArray().offset(pos).get${capitalize(type)}Slot(); +} +`; + +const unsafeAccessMemory = type => `\ +/** + * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check. + * + * WARNING: Only use if you are certain \`pos\` is lower than the array length. + */ +function unsafeMemoryAccess(${type}[] memory arr, uint256 pos) internal pure returns (${type} res) { + assembly { + res := mload(add(add(arr, 0x20), mul(pos, 0x20))) + } +} +`; + +const unsafeSetLength = type => `\ +/** + * @dev Helper to set the length of an dynamic array. Directly writing to \`.length\` is forbidden. + * + * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased. + */ +function unsafeSetLength(${type}[] storage array, uint256 len) internal { + assembly ("memory-safe") { + sstore(array.slot, len) + } +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library Arrays {', + format( + [].concat( + 'using SlotDerivation for bytes32;', + 'using StorageSlot for bytes32;', + '', + // sorting, comparator, helpers and internal + sort('uint256'), + TYPES.filter(type => type !== 'uint256').map(sort), + quickSort, + TYPES.filter(type => type !== 'uint256').map(castArray), + TYPES.filter(type => type !== 'uint256').map(castComparator), + // lookup + search, + // unsafe (direct) storage and memory access + TYPES.map(unsafeAccessStorage), + TYPES.map(unsafeAccessMemory), + TYPES.map(unsafeSetLength), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Arrays.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/Arrays.opts.js new file mode 100644 index 00000000..67f32997 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Arrays.opts.js @@ -0,0 +1,3 @@ +const TYPES = ['address', 'bytes32', 'uint256']; + +module.exports = { TYPES }; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.js b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.js new file mode 100644 index 00000000..d418b117 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.js @@ -0,0 +1,243 @@ +const format = require('../format-lines'); +const { OPTS } = require('./Checkpoints.opts'); + +// TEMPLATE +const header = `\ +pragma solidity ^0.8.20; + +import {Math} from "../math/Math.sol"; + +/** + * @dev This library defines the \`Trace*\` struct, for checkpointing values as they change at different points in + * time, and later looking up past values by block number. See {Votes} as an example. + * + * To create a history of checkpoints define a variable type \`Checkpoints.Trace*\` in your contract, and store a new + * checkpoint for the current transaction block using the {push} function. + */ +`; + +const errors = `\ +/** + * @dev A value was attempted to be inserted on a past checkpoint. + */ +error CheckpointUnorderedInsertion(); +`; + +const template = opts => `\ +struct ${opts.historyTypeName} { + ${opts.checkpointTypeName}[] ${opts.checkpointFieldName}; +} + +struct ${opts.checkpointTypeName} { + ${opts.keyTypeName} ${opts.keyFieldName}; + ${opts.valueTypeName} ${opts.valueFieldName}; +} + +/** + * @dev Pushes a (\`key\`, \`value\`) pair into a ${opts.historyTypeName} so that it is stored as the checkpoint. + * + * Returns previous value and new value. + * + * IMPORTANT: Never accept \`key\` as a user input, since an arbitrary \`type(${opts.keyTypeName}).max\` key set will disable the + * library. + */ +function push( + ${opts.historyTypeName} storage self, + ${opts.keyTypeName} key, + ${opts.valueTypeName} value +) internal returns (${opts.valueTypeName} oldValue, ${opts.valueTypeName} newValue) { + return _insert(self.${opts.checkpointFieldName}, key, value); +} + +/** + * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if + * there is none. + */ +function lowerLookup(${opts.historyTypeName} storage self, ${opts.keyTypeName} key) internal view returns (${opts.valueTypeName}) { + uint256 len = self.${opts.checkpointFieldName}.length; + uint256 pos = _lowerBinaryLookup(self.${opts.checkpointFieldName}, key, 0, len); + return pos == len ? 0 : _unsafeAccess(self.${opts.checkpointFieldName}, pos).${opts.valueFieldName}; +} + +/** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + */ +function upperLookup(${opts.historyTypeName} storage self, ${opts.keyTypeName} key) internal view returns (${opts.valueTypeName}) { + uint256 len = self.${opts.checkpointFieldName}.length; + uint256 pos = _upperBinaryLookup(self.${opts.checkpointFieldName}, key, 0, len); + return pos == 0 ? 0 : _unsafeAccess(self.${opts.checkpointFieldName}, pos - 1).${opts.valueFieldName}; +} + +/** + * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero + * if there is none. + * + * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high + * keys). + */ +function upperLookupRecent(${opts.historyTypeName} storage self, ${opts.keyTypeName} key) internal view returns (${opts.valueTypeName}) { + uint256 len = self.${opts.checkpointFieldName}.length; + + uint256 low = 0; + uint256 high = len; + + if (len > 5) { + uint256 mid = len - Math.sqrt(len); + if (key < _unsafeAccess(self.${opts.checkpointFieldName}, mid)._key) { + high = mid; + } else { + low = mid + 1; + } + } + + uint256 pos = _upperBinaryLookup(self.${opts.checkpointFieldName}, key, low, high); + + return pos == 0 ? 0 : _unsafeAccess(self.${opts.checkpointFieldName}, pos - 1).${opts.valueFieldName}; +} + +/** + * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. + */ +function latest(${opts.historyTypeName} storage self) internal view returns (${opts.valueTypeName}) { + uint256 pos = self.${opts.checkpointFieldName}.length; + return pos == 0 ? 0 : _unsafeAccess(self.${opts.checkpointFieldName}, pos - 1).${opts.valueFieldName}; +} + +/** + * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value + * in the most recent checkpoint. + */ +function latestCheckpoint(${opts.historyTypeName} storage self) internal view returns (bool exists, ${opts.keyTypeName} ${opts.keyFieldName}, ${opts.valueTypeName} ${opts.valueFieldName}) { + uint256 pos = self.${opts.checkpointFieldName}.length; + if (pos == 0) { + return (false, 0, 0); + } else { + ${opts.checkpointTypeName} storage ckpt = _unsafeAccess(self.${opts.checkpointFieldName}, pos - 1); + return (true, ckpt.${opts.keyFieldName}, ckpt.${opts.valueFieldName}); + } +} + +/** + * @dev Returns the number of checkpoint. + */ +function length(${opts.historyTypeName} storage self) internal view returns (uint256) { + return self.${opts.checkpointFieldName}.length; +} + +/** + * @dev Returns checkpoint at given position. + */ +function at(${opts.historyTypeName} storage self, uint32 pos) internal view returns (${opts.checkpointTypeName} memory) { + return self.${opts.checkpointFieldName}[pos]; +} + +/** + * @dev Pushes a (\`key\`, \`value\`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, + * or by updating the last one. + */ +function _insert( + ${opts.checkpointTypeName}[] storage self, + ${opts.keyTypeName} key, + ${opts.valueTypeName} value +) private returns (${opts.valueTypeName} oldValue, ${opts.valueTypeName} newValue) { + uint256 pos = self.length; + + if (pos > 0) { + ${opts.checkpointTypeName} storage last = _unsafeAccess(self, pos - 1); + ${opts.keyTypeName} lastKey = last.${opts.keyFieldName}; + ${opts.valueTypeName} lastValue = last.${opts.valueFieldName}; + + // Checkpoint keys must be non-decreasing. + if (lastKey > key) { + revert CheckpointUnorderedInsertion(); + } + + // Update or push new checkpoint + if (lastKey == key) { + last.${opts.valueFieldName} = value; + } else { + self.push(${opts.checkpointTypeName}({${opts.keyFieldName}: key, ${opts.valueFieldName}: value})); + } + return (lastValue, value); + } else { + self.push(${opts.checkpointTypeName}({${opts.keyFieldName}: key, ${opts.valueFieldName}: value})); + return (0, value); + } +} + +/** + * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or \`high\` + * if there is none. \`low\` and \`high\` define a section where to do the search, with inclusive \`low\` and exclusive + * \`high\`. + * + * WARNING: \`high\` should not be greater than the array's length. + */ +function _upperBinaryLookup( + ${opts.checkpointTypeName}[] storage self, + ${opts.keyTypeName} key, + uint256 low, + uint256 high +) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid).${opts.keyFieldName} > key) { + high = mid; + } else { + low = mid + 1; + } + } + return high; +} + +/** + * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or \`high\` + * if there is none. \`low\` and \`high\` define a section where to do the search, with inclusive \`low\` and exclusive + * \`high\`. + * + * WARNING: \`high\` should not be greater than the array's length. + */ +function _lowerBinaryLookup( + ${opts.checkpointTypeName}[] storage self, + ${opts.keyTypeName} key, + uint256 low, + uint256 high +) private view returns (uint256) { + while (low < high) { + uint256 mid = Math.average(low, high); + if (_unsafeAccess(self, mid).${opts.keyFieldName} < key) { + low = mid + 1; + } else { + high = mid; + } + } + return high; +} + +/** + * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. + */ +function _unsafeAccess( + ${opts.checkpointTypeName}[] storage self, + uint256 pos +) private pure returns (${opts.checkpointTypeName} storage result) { + assembly { + mstore(0, self.slot) + result.slot := add(keccak256(0, 0x20), pos) + } +} +`; +/* eslint-enable max-len */ + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library Checkpoints {', + format( + [].concat( + errors, + OPTS.map(opts => template(opts)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.opts.js new file mode 100644 index 00000000..08b7b910 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.opts.js @@ -0,0 +1,17 @@ +// OPTIONS +const VALUE_SIZES = [224, 208, 160]; + +const defaultOpts = size => ({ + historyTypeName: `Trace${size}`, + checkpointTypeName: `Checkpoint${size}`, + checkpointFieldName: '_checkpoints', + keyTypeName: `uint${256 - size}`, + keyFieldName: '_key', + valueTypeName: `uint${size}`, + valueFieldName: '_value', +}); + +module.exports = { + VALUE_SIZES, + OPTS: VALUE_SIZES.map(size => defaultOpts(size)), +}; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.t.js b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.t.js new file mode 100644 index 00000000..dd564e59 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Checkpoints.t.js @@ -0,0 +1,138 @@ +const format = require('../format-lines'); +const { capitalize } = require('../../helpers'); +const { OPTS } = require('./Checkpoints.opts.js'); + +// TEMPLATE +const header = `\ +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol"; +import {Checkpoints} from "@openzeppelin/contracts/utils/structs/Checkpoints.sol"; +`; + +/* eslint-disable max-len */ +const template = opts => `\ +using Checkpoints for Checkpoints.${opts.historyTypeName}; + +// Maximum gap between keys used during the fuzzing tests: the \`_prepareKeys\` function with make sure that +// key#n+1 is in the [key#n, key#n + _KEY_MAX_GAP] range. +uint8 internal constant _KEY_MAX_GAP = 64; + +Checkpoints.${opts.historyTypeName} internal _ckpts; + +// helpers +function _bound${capitalize(opts.keyTypeName)}(${opts.keyTypeName} x, ${opts.keyTypeName} min, ${ + opts.keyTypeName +} max) internal pure returns (${opts.keyTypeName}) { + return SafeCast.to${capitalize(opts.keyTypeName)}(bound(uint256(x), uint256(min), uint256(max))); +} + +function _prepareKeys(${opts.keyTypeName}[] memory keys, ${opts.keyTypeName} maxSpread) internal pure { + ${opts.keyTypeName} lastKey = 0; + for (uint256 i = 0; i < keys.length; ++i) { + ${opts.keyTypeName} key = _bound${capitalize(opts.keyTypeName)}(keys[i], lastKey, lastKey + maxSpread); + keys[i] = key; + lastKey = key; + } +} + +function _assertLatestCheckpoint(bool exist, ${opts.keyTypeName} key, ${opts.valueTypeName} value) internal { + (bool _exist, ${opts.keyTypeName} _key, ${opts.valueTypeName} _value) = _ckpts.latestCheckpoint(); + assertEq(_exist, exist); + assertEq(_key, key); + assertEq(_value, value); +} + +// tests +function testPush(${opts.keyTypeName}[] memory keys, ${opts.valueTypeName}[] memory values, ${ + opts.keyTypeName +} pastKey) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + // initial state + assertEq(_ckpts.length(), 0); + assertEq(_ckpts.latest(), 0); + _assertLatestCheckpoint(false, 0, 0); + + uint256 duplicates = 0; + for (uint256 i = 0; i < keys.length; ++i) { + ${opts.keyTypeName} key = keys[i]; + ${opts.valueTypeName} value = values[i % values.length]; + if (i > 0 && key == keys[i - 1]) ++duplicates; + + // push + _ckpts.push(key, value); + + // check length & latest + assertEq(_ckpts.length(), i + 1 - duplicates); + assertEq(_ckpts.latest(), value); + _assertLatestCheckpoint(true, key, value); + } + + if (keys.length > 0) { + ${opts.keyTypeName} lastKey = keys[keys.length - 1]; + if (lastKey > 0) { + pastKey = _bound${capitalize(opts.keyTypeName)}(pastKey, 0, lastKey - 1); + + vm.expectRevert(); + this.push(pastKey, values[keys.length % values.length]); + } + } +} + +// used to test reverts +function push(${opts.keyTypeName} key, ${opts.valueTypeName} value) external { + _ckpts.push(key, value); +} + +function testLookup(${opts.keyTypeName}[] memory keys, ${opts.valueTypeName}[] memory values, ${ + opts.keyTypeName +} lookup) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + ${opts.keyTypeName} lastKey = keys.length == 0 ? 0 : keys[keys.length - 1]; + lookup = _bound${capitalize(opts.keyTypeName)}(lookup, 0, lastKey + _KEY_MAX_GAP); + + ${opts.valueTypeName} upper = 0; + ${opts.valueTypeName} lower = 0; + ${opts.keyTypeName} lowerKey = type(${opts.keyTypeName}).max; + for (uint256 i = 0; i < keys.length; ++i) { + ${opts.keyTypeName} key = keys[i]; + ${opts.valueTypeName} value = values[i % values.length]; + + // push + _ckpts.push(key, value); + + // track expected result of lookups + if (key <= lookup) { + upper = value; + } + // find the first key that is not smaller than the lookup key + if (key >= lookup && (i == 0 || keys[i - 1] < lookup)) { + lowerKey = key; + } + if (key == lowerKey) { + lower = value; + } + } + + // check lookup + assertEq(_ckpts.lowerLookup(lookup), lower); + assertEq(_ckpts.upperLookup(lookup), upper); + assertEq(_ckpts.upperLookupRecent(lookup), upper); +} +`; + +// GENERATE +module.exports = format( + header, + ...OPTS.flatMap(opts => [ + `contract Checkpoints${opts.historyTypeName}Test is Test {`, + [template(opts).trimEnd()], + '}', + '', + ]), +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.js b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.js new file mode 100644 index 00000000..fc896f8f --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.js @@ -0,0 +1,274 @@ +const format = require('../format-lines'); +const { fromBytes32, toBytes32 } = require('./conversion'); +const { TYPES } = require('./EnumerableMap.opts'); + +/* eslint-disable max-len */ +const header = `\ +pragma solidity ^0.8.20; + +import {EnumerableSet} from "./EnumerableSet.sol"; + +/** + * @dev Library for managing an enumerable variant of Solidity's + * https://solidity.readthedocs.io/en/latest/types.html#mapping-types[\`mapping\`] + * type. + * + * Maps have the following properties: + * + * - Entries are added, removed, and checked for existence in constant time + * (O(1)). + * - Entries are enumerated in O(n). No guarantees are made on the ordering. + * + * \`\`\`solidity + * contract Example { + * // Add the library methods + * using EnumerableMap for EnumerableMap.UintToAddressMap; + * + * // Declare a set state variable + * EnumerableMap.UintToAddressMap private myMap; + * } + * \`\`\` + * + * The following map types are supported: + * + * - \`uint256 -> address\` (\`UintToAddressMap\`) since v3.0.0 + * - \`address -> uint256\` (\`AddressToUintMap\`) since v4.6.0 + * - \`bytes32 -> bytes32\` (\`Bytes32ToBytes32Map\`) since v4.6.0 + * - \`uint256 -> uint256\` (\`UintToUintMap\`) since v4.7.0 + * - \`bytes32 -> uint256\` (\`Bytes32ToUintMap\`) since v4.7.0 + * - \`uint256 -> bytes32\` (\`UintToBytes32Map\`) since v5.1.0 + * - \`address -> address\` (\`AddressToAddressMap\`) since v5.1.0 + * - \`address -> bytes32\` (\`AddressToBytes32Map\`) since v5.1.0 + * - \`bytes32 -> address\` (\`Bytes32ToAddressMap\`) since v5.1.0 + * + * [WARNING] + * ==== + * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure + * unusable. + * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. + * + * In order to clean an EnumerableMap, you can either remove all elements one by one or create a fresh instance using an + * array of EnumerableMap. + * ==== + */ +`; +/* eslint-enable max-len */ + +const defaultMap = `\ +// To implement this library for multiple types with as little code repetition as possible, we write it in +// terms of a generic Map type with bytes32 keys and values. The Map implementation uses private functions, +// and user-facing implementations such as \`UintToAddressMap\` are just wrappers around the underlying Map. +// This means that we can only create new EnumerableMaps for types that fit in bytes32. + +/** + * @dev Query for a nonexistent map key. + */ +error EnumerableMapNonexistentKey(bytes32 key); + +struct Bytes32ToBytes32Map { + // Storage of keys + EnumerableSet.Bytes32Set _keys; + mapping(bytes32 key => bytes32) _values; +} + +/** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ +function set(Bytes32ToBytes32Map storage map, bytes32 key, bytes32 value) internal returns (bool) { + map._values[key] = value; + return map._keys.add(key); +} + +/** + * @dev Removes a key-value pair from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ +function remove(Bytes32ToBytes32Map storage map, bytes32 key) internal returns (bool) { + delete map._values[key]; + return map._keys.remove(key); +} + +/** + * @dev Returns true if the key is in the map. O(1). + */ +function contains(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool) { + return map._keys.contains(key); +} + +/** + * @dev Returns the number of key-value pairs in the map. O(1). + */ +function length(Bytes32ToBytes32Map storage map) internal view returns (uint256) { + return map._keys.length(); +} + +/** + * @dev Returns the key-value pair stored at position \`index\` in the map. O(1). + * + * Note that there are no guarantees on the ordering of entries inside the + * array, and it may change when more entries are added or removed. + * + * Requirements: + * + * - \`index\` must be strictly less than {length}. + */ +function at(Bytes32ToBytes32Map storage map, uint256 index) internal view returns (bytes32 key, bytes32 value) { + bytes32 atKey = map._keys.at(index); + return (atKey, map._values[atKey]); +} + +/** + * @dev Tries to returns the value associated with \`key\`. O(1). + * Does not revert if \`key\` is not in the map. + */ +function tryGet(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool exists, bytes32 value) { + bytes32 val = map._values[key]; + if (val == bytes32(0)) { + return (contains(map, key), bytes32(0)); + } else { + return (true, val); + } +} + +/** + * @dev Returns the value associated with \`key\`. O(1). + * + * Requirements: + * + * - \`key\` must be in the map. + */ +function get(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bytes32) { + bytes32 value = map._values[key]; + if (value == 0 && !contains(map, key)) { + revert EnumerableMapNonexistentKey(key); + } + return value; +} + +/** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ +function keys(Bytes32ToBytes32Map storage map) internal view returns (bytes32[] memory) { + return map._keys.values(); +} +`; + +const customMap = ({ name, keyType, valueType }) => `\ +// ${name} + +struct ${name} { + Bytes32ToBytes32Map _inner; +} + +/** + * @dev Adds a key-value pair to a map, or updates the value for an existing + * key. O(1). + * + * Returns true if the key was added to the map, that is if it was not + * already present. + */ +function set(${name} storage map, ${keyType} key, ${valueType} value) internal returns (bool) { + return set(map._inner, ${toBytes32(keyType, 'key')}, ${toBytes32(valueType, 'value')}); +} + +/** + * @dev Removes a value from a map. O(1). + * + * Returns true if the key was removed from the map, that is if it was present. + */ +function remove(${name} storage map, ${keyType} key) internal returns (bool) { + return remove(map._inner, ${toBytes32(keyType, 'key')}); +} + +/** + * @dev Returns true if the key is in the map. O(1). + */ +function contains(${name} storage map, ${keyType} key) internal view returns (bool) { + return contains(map._inner, ${toBytes32(keyType, 'key')}); +} + +/** + * @dev Returns the number of elements in the map. O(1). + */ +function length(${name} storage map) internal view returns (uint256) { + return length(map._inner); +} + +/** + * @dev Returns the element stored at position \`index\` in the map. O(1). + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - \`index\` must be strictly less than {length}. + */ +function at(${name} storage map, uint256 index) internal view returns (${keyType} key, ${valueType} value) { + (bytes32 atKey, bytes32 val) = at(map._inner, index); + return (${fromBytes32(keyType, 'atKey')}, ${fromBytes32(valueType, 'val')}); +} + +/** + * @dev Tries to returns the value associated with \`key\`. O(1). + * Does not revert if \`key\` is not in the map. + */ +function tryGet(${name} storage map, ${keyType} key) internal view returns (bool exists, ${valueType} value) { + (bool success, bytes32 val) = tryGet(map._inner, ${toBytes32(keyType, 'key')}); + return (success, ${fromBytes32(valueType, 'val')}); +} + +/** + * @dev Returns the value associated with \`key\`. O(1). + * + * Requirements: + * + * - \`key\` must be in the map. + */ +function get(${name} storage map, ${keyType} key) internal view returns (${valueType}) { + return ${fromBytes32(valueType, `get(map._inner, ${toBytes32(keyType, 'key')})`)}; +} + +/** + * @dev Return the an array containing all the keys + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the map grows to a point where copying to memory consumes too much gas to fit in a block. + */ +function keys(${name} storage map) internal view returns (${keyType}[] memory) { + bytes32[] memory store = keys(map._inner); + ${keyType}[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library EnumerableMap {', + format( + [].concat( + 'using EnumerableSet for EnumerableSet.Bytes32Set;', + '', + defaultMap, + TYPES.map(details => customMap(details)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.opts.js new file mode 100644 index 00000000..d26ab05b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableMap.opts.js @@ -0,0 +1,19 @@ +const { capitalize } = require('../../helpers'); + +const mapType = str => (str == 'uint256' ? 'Uint' : capitalize(str)); + +const formatType = (keyType, valueType) => ({ + name: `${mapType(keyType)}To${mapType(valueType)}Map`, + keyType, + valueType, +}); + +const TYPES = ['uint256', 'address', 'bytes32'] + .flatMap((key, _, array) => array.map(value => [key, value])) + .slice(0, -1) // remove bytes32 β†’ byte32 (last one) that is already defined + .map(args => formatType(...args)); + +module.exports = { + TYPES, + formatType, +}; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.js b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.js new file mode 100644 index 00000000..351466b1 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.js @@ -0,0 +1,249 @@ +const format = require('../format-lines'); +const { fromBytes32, toBytes32 } = require('./conversion'); +const { TYPES } = require('./EnumerableSet.opts'); + +/* eslint-disable max-len */ +const header = `\ +pragma solidity ^0.8.20; + +/** + * @dev Library for managing + * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive + * types. + * + * Sets have the following properties: + * + * - Elements are added, removed, and checked for existence in constant time + * (O(1)). + * - Elements are enumerated in O(n). No guarantees are made on the ordering. + * + * \`\`\`solidity + * contract Example { + * // Add the library methods + * using EnumerableSet for EnumerableSet.AddressSet; + * + * // Declare a set state variable + * EnumerableSet.AddressSet private mySet; + * } + * \`\`\` + * + * As of v3.3.0, sets of type \`bytes32\` (\`Bytes32Set\`), \`address\` (\`AddressSet\`) + * and \`uint256\` (\`UintSet\`) are supported. + * + * [WARNING] + * ==== + * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure + * unusable. + * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. + * + * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an + * array of EnumerableSet. + * ==== + */ +`; +/* eslint-enable max-len */ + +const defaultSet = `\ +// To implement this library for multiple types with as little code +// repetition as possible, we write it in terms of a generic Set type with +// bytes32 values. +// The Set implementation uses private functions, and user-facing +// implementations (such as AddressSet) are just wrappers around the +// underlying Set. +// This means that we can only create new EnumerableSets for types that fit +// in bytes32. + +struct Set { + // Storage of set values + bytes32[] _values; + // Position is the index of the value in the \`values\` array plus 1. + // Position 0 is used to mean a value is not in the set. + mapping(bytes32 value => uint256) _positions; +} + +/** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ +function _add(Set storage set, bytes32 value) private returns (bool) { + if (!_contains(set, value)) { + set._values.push(value); + // The value is stored at length-1, but we add 1 to all indexes + // and use 0 as a sentinel value + set._positions[value] = set._values.length; + return true; + } else { + return false; + } +} + +/** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ +function _remove(Set storage set, bytes32 value) private returns (bool) { + // We cache the value's position to prevent multiple reads from the same storage slot + uint256 position = set._positions[value]; + + if (position != 0) { + // Equivalent to contains(set, value) + // To delete an element from the _values array in O(1), we swap the element to delete with the last one in + // the array, and then remove the last element (sometimes called as 'swap and pop'). + // This modifies the order of the array, as noted in {at}. + + uint256 valueIndex = position - 1; + uint256 lastIndex = set._values.length - 1; + + if (valueIndex != lastIndex) { + bytes32 lastValue = set._values[lastIndex]; + + // Move the lastValue to the index where the value to delete is + set._values[valueIndex] = lastValue; + // Update the tracked position of the lastValue (that was just moved) + set._positions[lastValue] = position; + } + + // Delete the slot where the moved value was stored + set._values.pop(); + + // Delete the tracked position for the deleted slot + delete set._positions[value]; + + return true; + } else { + return false; + } +} + +/** + * @dev Returns true if the value is in the set. O(1). + */ +function _contains(Set storage set, bytes32 value) private view returns (bool) { + return set._positions[value] != 0; +} + +/** + * @dev Returns the number of values on the set. O(1). + */ +function _length(Set storage set) private view returns (uint256) { + return set._values.length; +} + +/** + * @dev Returns the value stored at position \`index\` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - \`index\` must be strictly less than {length}. + */ +function _at(Set storage set, uint256 index) private view returns (bytes32) { + return set._values[index]; +} + +/** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ +function _values(Set storage set) private view returns (bytes32[] memory) { + return set._values; +} +`; + +const customSet = ({ name, type }) => `\ +// ${name} + +struct ${name} { + Set _inner; +} + +/** + * @dev Add a value to a set. O(1). + * + * Returns true if the value was added to the set, that is if it was not + * already present. + */ +function add(${name} storage set, ${type} value) internal returns (bool) { + return _add(set._inner, ${toBytes32(type, 'value')}); +} + +/** + * @dev Removes a value from a set. O(1). + * + * Returns true if the value was removed from the set, that is if it was + * present. + */ +function remove(${name} storage set, ${type} value) internal returns (bool) { + return _remove(set._inner, ${toBytes32(type, 'value')}); +} + +/** + * @dev Returns true if the value is in the set. O(1). + */ +function contains(${name} storage set, ${type} value) internal view returns (bool) { + return _contains(set._inner, ${toBytes32(type, 'value')}); +} + +/** + * @dev Returns the number of values in the set. O(1). + */ +function length(${name} storage set) internal view returns (uint256) { + return _length(set._inner); +} + +/** + * @dev Returns the value stored at position \`index\` in the set. O(1). + * + * Note that there are no guarantees on the ordering of values inside the + * array, and it may change when more values are added or removed. + * + * Requirements: + * + * - \`index\` must be strictly less than {length}. + */ +function at(${name} storage set, uint256 index) internal view returns (${type}) { + return ${fromBytes32(type, '_at(set._inner, index)')}; +} + +/** + * @dev Return the entire set in an array + * + * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed + * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that + * this function has an unbounded cost, and using it as part of a state-changing function may render the function + * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. + */ +function values(${name} storage set) internal view returns (${type}[] memory) { + bytes32[] memory store = _values(set._inner); + ${type}[] memory result; + + assembly ("memory-safe") { + result := store + } + + return result; +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library EnumerableSet {', + format( + [].concat( + defaultSet, + TYPES.map(details => customSet(details)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.opts.js new file mode 100644 index 00000000..739f0acd --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/EnumerableSet.opts.js @@ -0,0 +1,12 @@ +const { capitalize } = require('../../helpers'); + +const mapType = str => (str == 'uint256' ? 'Uint' : capitalize(str)); + +const formatType = type => ({ + name: `${mapType(type)}Set`, + type, +}); + +const TYPES = ['bytes32', 'address', 'uint256'].map(formatType); + +module.exports = { TYPES, formatType }; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.js b/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.js new file mode 100644 index 00000000..6711a87e --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.js @@ -0,0 +1,189 @@ +const format = require('../format-lines'); +const { OPTS } = require('./MerkleProof.opts'); + +const DEFAULT_HASH = 'Hashes.commutativeKeccak256'; + +const formatArgsSingleLine = (...args) => args.filter(Boolean).join(', '); +const formatArgsMultiline = (...args) => '\n' + format(args.filter(Boolean).join(',\0').split('\0')); + +// TEMPLATE +const header = `\ +pragma solidity ^0.8.20; + +import {Hashes} from "./Hashes.sol"; + +/** + * @dev These functions deal with verification of Merkle Tree proofs. + * + * The tree and the proofs can be generated using our + * https://github.com/OpenZeppelin/merkle-tree[JavaScript library]. + * You will find a quickstart guide in the readme. + * + * WARNING: You should avoid using leaf values that are 64 bytes long prior to + * hashing, or use a hash function other than keccak256 for hashing leaves. + * This is because the concatenation of a sorted pair of internal nodes in + * the Merkle tree could be reinterpreted as a leaf value. + * OpenZeppelin's JavaScript library generates Merkle trees that are safe + * against this attack out of the box. + * + * IMPORTANT: Consider memory side-effects when using custom hashing functions + * that access memory in an unsafe way. + * + * NOTE: This library supports proof verification for merkle trees built using + * custom _commutative_ hashing functions (i.e. \`H(a, b) == H(b, a)\`). Proving + * leaf inclusion in trees built using non-commutative hashing functions requires + * additional logic that is not supported by this library. + */ +`; + +const errors = `\ +/** + *@dev The multiproof provided is not valid. + */ +error MerkleProofInvalidMultiproof(); +`; + +/* eslint-disable max-len */ +const templateProof = ({ suffix, location, visibility, hash }) => `\ +/** + * @dev Returns true if a \`leaf\` can be proved to be a part of a Merkle tree + * defined by \`root\`. For this, a \`proof\` must be provided, containing + * sibling hashes on the branch from the leaf to the root of the tree. Each + * pair of leaves and each pair of pre-images are assumed to be sorted. + * + * This version handles proofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function. + */ +function verify${suffix}(${(hash ? formatArgsMultiline : formatArgsSingleLine)( + `bytes32[] ${location} proof`, + 'bytes32 root', + 'bytes32 leaf', + hash && `function(bytes32, bytes32) view returns (bytes32) ${hash}`, +)}) internal ${visibility} returns (bool) { + return processProof${suffix}(proof, leaf${hash ? `, ${hash}` : ''}) == root; +} + +/** + * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up + * from \`leaf\` using \`proof\`. A \`proof\` is valid if and only if the rebuilt + * hash matches the root of the tree. When processing the proof, the pairs + * of leaves & pre-images are assumed to be sorted. + * + * This version handles proofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function. + */ +function processProof${suffix}(${(hash ? formatArgsMultiline : formatArgsSingleLine)( + `bytes32[] ${location} proof`, + 'bytes32 leaf', + hash && `function(bytes32, bytes32) view returns (bytes32) ${hash}`, +)}) internal ${visibility} returns (bytes32) { + bytes32 computedHash = leaf; + for (uint256 i = 0; i < proof.length; i++) { + computedHash = ${hash ?? DEFAULT_HASH}(computedHash, proof[i]); + } + return computedHash; +} +`; + +const templateMultiProof = ({ suffix, location, visibility, hash }) => `\ +/** + * @dev Returns true if the \`leaves\` can be simultaneously proven to be a part of a Merkle tree defined by + * \`root\`, according to \`proof\` and \`proofFlags\` as described in {processMultiProof}. + * + * This version handles multiproofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details. + * + * NOTE: Consider the case where \`root == proof[0] && leaves.length == 0\` as it will return \`true\`. + * The \`leaves\` must be validated independently. See {processMultiProof${suffix}}. + */ +function multiProofVerify${suffix}(${formatArgsMultiline( + `bytes32[] ${location} proof`, + `bool[] ${location} proofFlags`, + 'bytes32 root', + `bytes32[] memory leaves`, + hash && `function(bytes32, bytes32) view returns (bytes32) ${hash}`, +)}) internal ${visibility} returns (bool) { + return processMultiProof${suffix}(proof, proofFlags, leaves${hash ? `, ${hash}` : ''}) == root; +} + +/** + * @dev Returns the root of a tree reconstructed from \`leaves\` and sibling nodes in \`proof\`. The reconstruction + * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another + * leaf/inner node or a proof sibling node, depending on whether each \`proofFlags\` item is true or false + * respectively. + * + * This version handles multiproofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function. + * + * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree + * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the + * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer). + * + * NOTE: The _empty set_ (i.e. the case where \`proof.length == 1 && leaves.length == 0\`) is considered a no-op, + * and therefore a valid multiproof (i.e. it returns \`proof[0]\`). Consider disallowing this case if you're not + * validating the leaves elsewhere. + */ +function processMultiProof${suffix}(${formatArgsMultiline( + `bytes32[] ${location} proof`, + `bool[] ${location} proofFlags`, + `bytes32[] memory leaves`, + hash && `function(bytes32, bytes32) view returns (bytes32) ${hash}`, +)}) internal ${visibility} returns (bytes32 merkleRoot) { + // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by + // consuming and producing values on a queue. The queue starts with the \`leaves\` array, then goes onto the + // \`hashes\` array. At the end of the process, the last hash in the \`hashes\` array should contain the root of + // the Merkle tree. + uint256 leavesLen = leaves.length; + uint256 proofFlagsLen = proofFlags.length; + + // Check proof validity. + if (leavesLen + proof.length != proofFlagsLen + 1) { + revert MerkleProofInvalidMultiproof(); + } + + // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using + // \`xxx[xxxPos++]\`, which return the current value and increment the pointer, thus mimicking a queue's "pop". + bytes32[] memory hashes = new bytes32[](proofFlagsLen); + uint256 leafPos = 0; + uint256 hashPos = 0; + uint256 proofPos = 0; + // At each step, we compute the next hash using two values: + // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we + // get the next hash. + // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the + // \`proof\` array. + for (uint256 i = 0; i < proofFlagsLen; i++) { + bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]; + bytes32 b = proofFlags[i] + ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++]) + : proof[proofPos++]; + hashes[i] = ${hash ?? DEFAULT_HASH}(a, b); + } + + if (proofFlagsLen > 0) { + if (proofPos != proof.length) { + revert MerkleProofInvalidMultiproof(); + } + unchecked { + return hashes[proofFlagsLen - 1]; + } + } else if (leavesLen > 0) { + return leaves[0]; + } else { + return proof[0]; + } +} +`; +/* eslint-enable max-len */ + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library MerkleProof {', + format( + [].concat( + errors, + OPTS.flatMap(opts => templateProof(opts)), + OPTS.flatMap(opts => templateMultiProof(opts)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.opts.js new file mode 100644 index 00000000..911f2392 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/MerkleProof.opts.js @@ -0,0 +1,11 @@ +const { product } = require('../../helpers'); + +const OPTS = product( + [ + { suffix: '', location: 'memory' }, + { suffix: 'Calldata', location: 'calldata' }, + ], + [{ visibility: 'pure' }, { visibility: 'view', hash: 'hasher' }], +).map(objs => Object.assign({}, ...objs)); + +module.exports = { OPTS }; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Packing.js b/dependencies/@openzeppelin/scripts/generate/templates/Packing.js new file mode 100644 index 00000000..9f3b7716 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Packing.js @@ -0,0 +1,92 @@ +const format = require('../format-lines'); +const sanitize = require('../helpers/sanitize'); +const { product } = require('../../helpers'); +const { SIZES } = require('./Packing.opts'); + +// TEMPLATE +const header = `\ +pragma solidity ^0.8.20; + +/** + * @dev Helper library packing and unpacking multiple values into bytesXX. + * + * Example usage: + * + * \`\`\`solidity + * library MyPacker { + * type MyType is bytes32; + * + * function _pack(address account, bytes4 selector, uint64 period) external pure returns (MyType) { + * bytes12 subpack = Packing.pack_4_8(selector, bytes8(period)); + * bytes32 pack = Packing.pack_20_12(bytes20(account), subpack); + * return MyType.wrap(pack); + * } + * + * function _unpack(MyType self) external pure returns (address, bytes4, uint64) { + * bytes32 pack = MyType.unwrap(self); + * return ( + * address(Packing.extract_32_20(pack, 0)), + * Packing.extract_32_4(pack, 20), + * uint64(Packing.extract_32_8(pack, 24)) + * ); + * } + * } + * \`\`\` + * + * _Available since v5.1._ + */ +// solhint-disable func-name-mixedcase +`; + +const errors = `\ +error OutOfRangeAccess(); +`; + +const pack = (left, right) => `\ +function pack_${left}_${right}(bytes${left} left, bytes${right} right) internal pure returns (bytes${ + left + right +} result) { + assembly ("memory-safe") { + left := ${sanitize.bytes('left', left)} + right := ${sanitize.bytes('right', right)} + result := or(left, shr(${8 * left}, right)) + } +} +`; + +const extract = (outer, inner) => `\ +function extract_${outer}_${inner}(bytes${outer} self, uint8 offset) internal pure returns (bytes${inner} result) { + if (offset > ${outer - inner}) revert OutOfRangeAccess(); + assembly ("memory-safe") { + result := ${sanitize.bytes('shl(mul(8, offset), self)', inner)} + } +} +`; + +const replace = (outer, inner) => `\ +function replace_${outer}_${inner}(bytes${outer} self, bytes${inner} value, uint8 offset) internal pure returns (bytes${outer} result) { + bytes${inner} oldValue = extract_${outer}_${inner}(self, offset); + assembly ("memory-safe") { + value := ${sanitize.bytes('value', inner)} + result := xor(self, shr(mul(8, offset), xor(oldValue, value))) + } +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library Packing {', + format( + [].concat( + errors, + product(SIZES, SIZES) + .filter(([left, right]) => SIZES.includes(left + right)) + .map(([left, right]) => pack(left, right)), + product(SIZES, SIZES) + .filter(([outer, inner]) => outer > inner) + .flatMap(([outer, inner]) => [extract(outer, inner), replace(outer, inner)]), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Packing.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/Packing.opts.js new file mode 100644 index 00000000..de9ab77f --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Packing.opts.js @@ -0,0 +1,3 @@ +module.exports = { + SIZES: [1, 2, 4, 6, 8, 12, 16, 20, 24, 28, 32], +}; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Packing.t.js b/dependencies/@openzeppelin/scripts/generate/templates/Packing.t.js new file mode 100644 index 00000000..56e9c0cc --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Packing.t.js @@ -0,0 +1,48 @@ +const format = require('../format-lines'); +const { product } = require('../../helpers'); +const { SIZES } = require('./Packing.opts'); + +// TEMPLATE +const header = `\ +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Packing} from "@openzeppelin/contracts/utils/Packing.sol"; +`; + +const testPack = (left, right) => `\ +function testPack(bytes${left} left, bytes${right} right) external { + assertEq(left, Packing.pack_${left}_${right}(left, right).extract_${left + right}_${left}(0)); + assertEq(right, Packing.pack_${left}_${right}(left, right).extract_${left + right}_${right}(${left})); +} +`; + +const testReplace = (outer, inner) => `\ +function testReplace(bytes${outer} container, bytes${inner} newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, ${outer - inner})); + + bytes${inner} oldValue = container.extract_${outer}_${inner}(offset); + + assertEq(newValue, container.replace_${outer}_${inner}(newValue, offset).extract_${outer}_${inner}(offset)); + assertEq(container, container.replace_${outer}_${inner}(newValue, offset).replace_${outer}_${inner}(oldValue, offset)); +} +`; + +// GENERATE +module.exports = format( + header, + 'contract PackingTest is Test {', + format( + [].concat( + 'using Packing for *;', + '', + product(SIZES, SIZES) + .filter(([left, right]) => SIZES.includes(left + right)) + .map(([left, right]) => testPack(left, right)), + product(SIZES, SIZES) + .filter(([outer, inner]) => outer > inner) + .map(([outer, inner]) => testReplace(outer, inner)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/SafeCast.js b/dependencies/@openzeppelin/scripts/generate/templates/SafeCast.js new file mode 100644 index 00000000..a3b32e3f --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/SafeCast.js @@ -0,0 +1,138 @@ +const format = require('../format-lines'); +const { range } = require('../../helpers'); + +const LENGTHS = range(8, 256, 8).reverse(); // 248 β†’ 8 (in steps of 8) + +const header = `\ +pragma solidity ^0.8.20; + +/** + * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow + * checks. + * + * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can + * easily result in undesired exploitation or bugs, since developers usually + * assume that overflows raise errors. \`SafeCast\` restores this intuition by + * reverting the transaction when such an operation overflows. + * + * Using this library instead of the unchecked operations eliminates an entire + * class of bugs, so it's recommended to use it always. + */ +`; + +const errors = `\ +/** + * @dev Value doesn't fit in an uint of \`bits\` size. + */ +error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value); + +/** + * @dev An int value doesn't fit in an uint of \`bits\` size. + */ +error SafeCastOverflowedIntToUint(int256 value); + +/** + * @dev Value doesn't fit in an int of \`bits\` size. + */ +error SafeCastOverflowedIntDowncast(uint8 bits, int256 value); + +/** + * @dev An uint value doesn't fit in an int of \`bits\` size. + */ +error SafeCastOverflowedUintToInt(uint256 value); +`; + +const toUintDownCast = length => `\ +/** + * @dev Returns the downcasted uint${length} from uint256, reverting on + * overflow (when the input is greater than largest uint${length}). + * + * Counterpart to Solidity's \`uint${length}\` operator. + * + * Requirements: + * + * - input must fit into ${length} bits + */ +function toUint${length}(uint256 value) internal pure returns (uint${length}) { + if (value > type(uint${length}).max) { + revert SafeCastOverflowedUintDowncast(${length}, value); + } + return uint${length}(value); +} +`; + +/* eslint-disable max-len */ +const toIntDownCast = length => `\ +/** + * @dev Returns the downcasted int${length} from int256, reverting on + * overflow (when the input is less than smallest int${length} or + * greater than largest int${length}). + * + * Counterpart to Solidity's \`int${length}\` operator. + * + * Requirements: + * + * - input must fit into ${length} bits + */ +function toInt${length}(int256 value) internal pure returns (int${length} downcasted) { + downcasted = int${length}(value); + if (downcasted != value) { + revert SafeCastOverflowedIntDowncast(${length}, value); + } +} +`; +/* eslint-enable max-len */ + +const toInt = length => `\ +/** + * @dev Converts an unsigned uint${length} into a signed int${length}. + * + * Requirements: + * + * - input must be less than or equal to maxInt${length}. + */ +function toInt${length}(uint${length} value) internal pure returns (int${length}) { + // Note: Unsafe cast below is okay because \`type(int${length}).max\` is guaranteed to be positive + if (value > uint${length}(type(int${length}).max)) { + revert SafeCastOverflowedUintToInt(value); + } + return int${length}(value); +} +`; + +const toUint = length => `\ +/** + * @dev Converts a signed int${length} into an unsigned uint${length}. + * + * Requirements: + * + * - input must be greater than or equal to 0. + */ +function toUint${length}(int${length} value) internal pure returns (uint${length}) { + if (value < 0) { + revert SafeCastOverflowedIntToUint(value); + } + return uint${length}(value); +} +`; + +const boolToUint = `\ +/** + * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump. + */ +function toUint(bool b) internal pure returns (uint256 u) { + assembly ("memory-safe") { + u := iszero(iszero(b)) + } +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library SafeCast {', + format( + [].concat(errors, LENGTHS.map(toUintDownCast), toUint(256), LENGTHS.map(toIntDownCast), toInt(256), boolToUint), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/Slot.opts.js b/dependencies/@openzeppelin/scripts/generate/templates/Slot.opts.js new file mode 100644 index 00000000..3eca2bcf --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/Slot.opts.js @@ -0,0 +1,15 @@ +const { capitalize } = require('../../helpers'); + +const TYPES = [ + { type: 'address', isValueType: true }, + { type: 'bool', isValueType: true, name: 'Boolean' }, + { type: 'bytes32', isValueType: true, variants: ['bytes4'] }, + { type: 'uint256', isValueType: true, variants: ['uint32'] }, + { type: 'int256', isValueType: true, variants: ['int32'] }, + { type: 'string', isValueType: false }, + { type: 'bytes', isValueType: false }, +].map(type => Object.assign(type, { name: type.name ?? capitalize(type.type) })); + +Object.assign(TYPES, Object.fromEntries(TYPES.map(entry => [entry.type, entry]))); + +module.exports = { TYPES }; diff --git a/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.js b/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.js new file mode 100644 index 00000000..ec4d244b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.js @@ -0,0 +1,119 @@ +const format = require('../format-lines'); +const sanitize = require('../helpers/sanitize'); +const { TYPES } = require('./Slot.opts'); + +const header = `\ +pragma solidity ^0.8.20; + +/** + * @dev Library for computing storage (and transient storage) locations from namespaces and deriving slots + * corresponding to standard patterns. The derivation method for array and mapping matches the storage layout used by + * the solidity language / compiler. + * + * See https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_storage.html#mappings-and-dynamic-arrays[Solidity docs for mappings and dynamic arrays.]. + * + * Example usage: + * \`\`\`solidity + * contract Example { + * // Add the library methods + * using StorageSlot for bytes32; + * using SlotDerivation for bytes32; + * + * // Declare a namespace + * string private constant _NAMESPACE = "" // eg. OpenZeppelin.Slot + * + * function setValueInNamespace(uint256 key, address newValue) internal { + * _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value = newValue; + * } + * + * function getValueInNamespace(uint256 key) internal view returns (address) { + * return _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value; + * } + * } + * \`\`\` + * + * TIP: Consider using this library along with {StorageSlot}. + * + * NOTE: This library provides a way to manipulate storage locations in a non-standard way. Tooling for checking + * upgrade safety will ignore the slots accessed through this library. + * + * _Available since v5.1._ + */ +`; + +const namespace = `\ +/** + * @dev Derive an ERC-7201 slot from a string (namespace). + */ +function erc7201Slot(string memory namespace) internal pure returns (bytes32 slot) { + assembly ("memory-safe") { + mstore(0x00, sub(keccak256(add(namespace, 0x20), mload(namespace)), 1)) + slot := and(keccak256(0x00, 0x20), not(0xff)) + } +} +`; + +const array = `\ +/** + * @dev Add an offset to a slot to get the n-th element of a structure or an array. + */ +function offset(bytes32 slot, uint256 pos) internal pure returns (bytes32 result) { + unchecked { + return bytes32(uint256(slot) + pos); + } +} + +/** + * @dev Derive the location of the first element in an array from the slot where the length is stored. + */ +function deriveArray(bytes32 slot) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, slot) + result := keccak256(0x00, 0x20) + } +} +`; + +const mapping = ({ type }) => `\ +/** + * @dev Derive the location of a mapping element from the key. + */ +function deriveMapping(bytes32 slot, ${type} key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + mstore(0x00, ${(sanitize[type] ?? (x => x))('key')}) + mstore(0x20, slot) + result := keccak256(0x00, 0x40) + } +} +`; + +const mapping2 = ({ type }) => `\ +/** + * @dev Derive the location of a mapping element from the key. + */ +function deriveMapping(bytes32 slot, ${type} memory key) internal pure returns (bytes32 result) { + assembly ("memory-safe") { + let length := mload(key) + let begin := add(key, 0x20) + let end := add(begin, length) + let cache := mload(end) + mstore(end, slot) + result := keccak256(begin, add(length, 0x20)) + mstore(end, cache) + } +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library SlotDerivation {', + format( + [].concat( + namespace, + array, + TYPES.map(type => (type.isValueType ? mapping(type) : mapping2(type))), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.t.js b/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.t.js new file mode 100644 index 00000000..f03e1fc2 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/SlotDerivation.t.js @@ -0,0 +1,127 @@ +const format = require('../format-lines'); +const { capitalize } = require('../../helpers'); +const { TYPES } = require('./Slot.opts'); + +const header = `\ +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SymTest} from "halmos-cheatcodes/SymTest.sol"; +import {SlotDerivation} from "@openzeppelin/contracts/utils/SlotDerivation.sol"; +`; + +const array = `\ +bytes[] private _array; + +function symbolicDeriveArray(uint256 length, uint256 offset) public { + vm.assume(length > 0); + vm.assume(offset < length); + _assertDeriveArray(length, offset); +} + +function testDeriveArray(uint256 length, uint256 offset) public { + length = bound(length, 1, type(uint256).max); + offset = bound(offset, 0, length - 1); + _assertDeriveArray(length, offset); +} + +function _assertDeriveArray(uint256 length, uint256 offset) public { + bytes32 baseSlot; + assembly { + baseSlot := _array.slot + sstore(baseSlot, length) // store length so solidity access does not revert + } + + bytes storage derived = _array[offset]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveArray().offset(offset), derivedSlot); +} +`; + +const mapping = ({ type, name }) => `\ +mapping(${type} => bytes) private _${type}Mapping; + +function testSymbolicDeriveMapping${name}(${type} key) public { + bytes32 baseSlot; + assembly { + baseSlot := _${type}Mapping.slot + } + + bytes storage derived = _${type}Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); +} +`; + +const mappingDirty = ({ type, name }) => `\ +function testSymbolicDeriveMapping${name}Dirty(bytes32 dirtyKey) public { + ${type} key; + assembly { + key := dirtyKey + } + + // run the "normal" test using a potentially dirty value + testSymbolicDeriveMapping${name}(key); +} +`; + +const boundedMapping = ({ type, name }) => `\ +mapping(${type} => bytes) private _${type}Mapping; + +function testDeriveMapping${name}(${type} memory key) public { + _assertDeriveMapping${name}(key); +} + +function symbolicDeriveMapping${name}() public { + _assertDeriveMapping${name}(svm.create${name}(256, "DeriveMapping${name}Input")); +} + +function _assertDeriveMapping${name}(${type} memory key) internal { + bytes32 baseSlot; + assembly { + baseSlot := _${type}Mapping.slot + } + + bytes storage derived = _${type}Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); +} +`; + +// GENERATE +module.exports = format( + header, + 'contract SlotDerivationTest is Test, SymTest {', + format( + [].concat( + 'using SlotDerivation for bytes32;', + '', + array, + TYPES.flatMap(type => + [].concat( + type, + (type.variants ?? []).map(variant => ({ + type: variant, + name: capitalize(variant), + isValueType: type.isValueType, + })), + ), + ).map(type => (type.isValueType ? mapping(type) : boundedMapping(type))), + mappingDirty(TYPES.bool), + mappingDirty(TYPES.address), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/StorageSlot.js b/dependencies/@openzeppelin/scripts/generate/templates/StorageSlot.js new file mode 100644 index 00000000..7a00f5e2 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/StorageSlot.js @@ -0,0 +1,131 @@ +const format = require('../format-lines'); +const { TYPES } = require('./Slot.opts'); + +const header = `\ +pragma solidity ^0.8.24; + +/** + * @dev Library for reading and writing primitive types to specific storage slots. + * + * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. + * This library helps with reading and writing to such slots without the need for inline assembly. + * + * The functions in this library return Slot structs that contain a \`value\` member that can be used to read or write. + * + * Example usage to set ERC-1967 implementation slot: + * \`\`\`solidity + * contract ERC1967 { + * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot. + * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; + * + * function _getImplementation() internal view returns (address) { + * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; + * } + * + * function _setImplementation(address newImplementation) internal { + * require(newImplementation.code.length > 0); + * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; + * } + * } + * \`\`\` + * + * Since version 5.1, this library also support writing and reading value types to and from transient storage. + * + * * Example using transient storage: + * \`\`\`solidity + * contract Lock { + * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot. + * bytes32 internal constant _LOCK_SLOT = 0xf4678858b2b588224636b8522b729e7722d32fc491da849ed75b3fdf3c84f542; + * + * modifier locked() { + * require(!_LOCK_SLOT.asBoolean().tload()); + * + * _LOCK_SLOT.asBoolean().tstore(true); + * _; + * _LOCK_SLOT.asBoolean().tstore(false); + * } + * } + * \`\`\` + * + * TIP: Consider using this library along with {SlotDerivation}. + */ +`; + +const struct = ({ type, name }) => `\ +struct ${name}Slot { + ${type} value; +} +`; + +const get = ({ name }) => `\ +/** + * @dev Returns ${ + name.toLowerCase().startsWith('a') ? 'an' : 'a' + } \`${name}Slot\` with member \`value\` located at \`slot\`. + */ +function get${name}Slot(bytes32 slot) internal pure returns (${name}Slot storage r) { + assembly ("memory-safe") { + r.slot := slot + } +} +`; + +const getStorage = ({ type, name }) => `\ +/** + * @dev Returns an \`${name}Slot\` representation of the ${type} storage pointer \`store\`. + */ +function get${name}Slot(${type} storage store) internal pure returns (${name}Slot storage r) { + assembly ("memory-safe") { + r.slot := store.slot + } +} +`; + +const udvt = ({ type, name }) => `\ +/** + * @dev UDVT that represent a slot holding a ${type}. + */ +type ${name}SlotType is bytes32; + +/** + * @dev Cast an arbitrary slot to a ${name}SlotType. + */ +function as${name}(bytes32 slot) internal pure returns (${name}SlotType) { + return ${name}SlotType.wrap(slot); +} +`; + +const transient = ({ type, name }) => `\ +/** + * @dev Load the value held at location \`slot\` in transient storage. + */ +function tload(${name}SlotType slot) internal view returns (${type} value) { + assembly ("memory-safe") { + value := tload(slot) + } +} + +/** + * @dev Store \`value\` at location \`slot\` in transient storage. + */ +function tstore(${name}SlotType slot, ${type} value) internal { + assembly ("memory-safe") { + tstore(slot, value) + } +} +`; + +// GENERATE +module.exports = format( + header.trimEnd(), + 'library StorageSlot {', + format( + [].concat( + TYPES.map(type => struct(type)), + TYPES.flatMap(type => [get(type), !type.isValueType && getStorage(type)].filter(Boolean)), + TYPES.filter(type => type.isValueType).map(type => udvt(type)), + TYPES.filter(type => type.isValueType).map(type => transient(type)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/StorageSlotMock.js b/dependencies/@openzeppelin/scripts/generate/templates/StorageSlotMock.js new file mode 100644 index 00000000..623a6759 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/StorageSlotMock.js @@ -0,0 +1,70 @@ +const format = require('../format-lines'); +const { TYPES } = require('./Slot.opts'); + +const header = `\ +pragma solidity ^0.8.24; + +import {Multicall} from "../utils/Multicall.sol"; +import {StorageSlot} from "../utils/StorageSlot.sol"; +`; + +const storageSetValueType = ({ type, name }) => `\ +function set${name}Slot(bytes32 slot, ${type} value) public { + slot.get${name}Slot().value = value; +} +`; + +const storageGetValueType = ({ type, name }) => `\ +function get${name}Slot(bytes32 slot) public view returns (${type}) { + return slot.get${name}Slot().value; +} +`; + +const storageSetNonValueType = ({ type, name }) => `\ +mapping(uint256 key => ${type}) public ${type}Map; + +function set${name}Slot(bytes32 slot, ${type} calldata value) public { + slot.get${name}Slot().value = value; +} + +function set${name}Storage(uint256 key, ${type} calldata value) public { + ${type}Map[key].get${name}Slot().value = value; +} + +function get${name}Slot(bytes32 slot) public view returns (${type} memory) { + return slot.get${name}Slot().value; +} + +function get${name}Storage(uint256 key) public view returns (${type} memory) { + return ${type}Map[key].get${name}Slot().value; +} +`; + +const transient = ({ type, name }) => `\ +event ${name}Value(bytes32 slot, ${type} value); + +function tload${name}(bytes32 slot) public { + emit ${name}Value(slot, slot.as${name}().tload()); +} + +function tstore(bytes32 slot, ${type} value) public { + slot.as${name}().tstore(value); +} +`; + +// GENERATE +module.exports = format( + header, + 'contract StorageSlotMock is Multicall {', + format( + [].concat( + 'using StorageSlot for *;', + '', + TYPES.filter(type => type.isValueType).map(type => storageSetValueType(type)), + TYPES.filter(type => type.isValueType).map(type => storageGetValueType(type)), + TYPES.filter(type => !type.isValueType).map(type => storageSetNonValueType(type)), + TYPES.filter(type => type.isValueType).map(type => transient(type)), + ), + ).trimEnd(), + '}', +); diff --git a/dependencies/@openzeppelin/scripts/generate/templates/conversion.js b/dependencies/@openzeppelin/scripts/generate/templates/conversion.js new file mode 100644 index 00000000..9221f7c2 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/generate/templates/conversion.js @@ -0,0 +1,30 @@ +function toBytes32(type, value) { + switch (type) { + case 'bytes32': + return value; + case 'uint256': + return `bytes32(${value})`; + case 'address': + return `bytes32(uint256(uint160(${value})))`; + default: + throw new Error(`Conversion from ${type} to bytes32 not supported`); + } +} + +function fromBytes32(type, value) { + switch (type) { + case 'bytes32': + return value; + case 'uint256': + return `uint256(${value})`; + case 'address': + return `address(uint160(uint256(${value})))`; + default: + throw new Error(`Conversion from bytes32 to ${type} not supported`); + } +} + +module.exports = { + toBytes32, + fromBytes32, +}; diff --git a/dependencies/@openzeppelin/scripts/git-user-config.sh b/dependencies/@openzeppelin/scripts/git-user-config.sh new file mode 100644 index 00000000..e7b81c3e --- /dev/null +++ b/dependencies/@openzeppelin/scripts/git-user-config.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -euo pipefail -x + +git config user.name 'github-actions' +git config user.email '41898282+github-actions[bot]@users.noreply.github.com' diff --git a/dependencies/@openzeppelin/scripts/helpers.js b/dependencies/@openzeppelin/scripts/helpers.js new file mode 100644 index 00000000..d28c0866 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/helpers.js @@ -0,0 +1,7 @@ +const iterate = require('../test/helpers/iterate'); +const strings = require('../test/helpers/strings'); + +module.exports = { + ...iterate, + ...strings, +}; diff --git a/dependencies/@openzeppelin/scripts/prepack.sh b/dependencies/@openzeppelin/scripts/prepack.sh new file mode 100755 index 00000000..6af10329 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/prepack.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -euo pipefail +shopt -s globstar + +# cross platform `mkdir -p` +mkdirp() { + node -e "fs.mkdirSync('$1', { recursive: true })" +} + +# cd to the root of the repo +cd "$(git rev-parse --show-toplevel)" + +npm run clean + +env COMPILE_MODE=production npm run compile + +mkdirp contracts/build/contracts +cp artifacts/contracts/**/*.json contracts/build/contracts +rm contracts/build/contracts/*.dbg.json +node scripts/remove-ignored-artifacts.js + +cp README.md contracts/ diff --git a/dependencies/@openzeppelin/scripts/prepare-docs.sh b/dependencies/@openzeppelin/scripts/prepare-docs.sh new file mode 100755 index 00000000..d1317b09 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/prepare-docs.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -euo pipefail +shopt -s globstar + +OUTDIR="$(node -p 'require("./docs/config.js").outputDir')" + +if [ ! -d node_modules ]; then + npm ci +fi + +rm -rf "$OUTDIR" + +hardhat docgen + +# copy examples and adjust imports +examples_source_dir="contracts/mocks/docs" +examples_target_dir="docs/modules/api/examples" + +for f in "$examples_source_dir"/**/*.sol; do + name="${f/#"$examples_source_dir/"/}" + mkdir -p "$examples_target_dir/$(dirname "$name")" + sed -Ee '/^import/s|"(\.\./)+|"@openzeppelin/contracts/|' "$f" > "$examples_target_dir/$name" +done + +node scripts/gen-nav.js "$OUTDIR" > "$OUTDIR/../nav.adoc" diff --git a/dependencies/@openzeppelin/scripts/prepare.sh b/dependencies/@openzeppelin/scripts/prepare.sh new file mode 100755 index 00000000..a7d74227 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/prepare.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if git status &>/dev/null; then git config core.hooksPath .githooks; fi diff --git a/dependencies/@openzeppelin/scripts/release/format-changelog.js b/dependencies/@openzeppelin/scripts/release/format-changelog.js new file mode 100755 index 00000000..b8bcc8c7 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/format-changelog.js @@ -0,0 +1,33 @@ +#!/usr/bin/env node + +// Adjusts the format of the changelog that changesets generates. +// This is run automatically when npm version is run. + +const fs = require('fs'); +const changelog = fs.readFileSync('CHANGELOG.md', 'utf8'); + +// Groups: +// - 1: Pull Request Number and URL +// - 2: Changeset entry +const RELEASE_LINE_REGEX = /^- (\[#.*?\]\(.*?\))?.*?! - (.*)$/gm; + +// Captures vX.Y.Z or vX.Y.Z-rc.W +const VERSION_TITLE_REGEX = /^## (\d+\.\d+\.\d+(-rc\.\d+)?)$/gm; + +const isPrerelease = process.env.PRERELEASE === 'true'; + +const formatted = changelog + // Remove titles + .replace(/^### Major Changes\n\n/gm, '') + .replace(/^### Minor Changes\n\n/gm, '') + .replace(/^### Patch Changes\n\n/gm, '') + // Remove extra whitespace between items + .replace(/^(- \[.*\n)\n(?=-)/gm, '$1') + // Format each release line + .replace(RELEASE_LINE_REGEX, (_, pr, entry) => (pr ? `- ${entry} (${pr})` : `- ${entry}`)) + // Add date to new version + .replace(VERSION_TITLE_REGEX, `\n## $1 (${new Date().toISOString().split('T')[0]})`) + // Conditionally allow vX.Y.Z.rc-.W sections only in prerelease + .replace(/^## \d\.\d\.\d-rc\S+[^]+?(?=^#)/gm, section => (isPrerelease ? section : '')); + +fs.writeFileSync('CHANGELOG.md', formatted); diff --git a/dependencies/@openzeppelin/scripts/release/synchronize-versions.js b/dependencies/@openzeppelin/scripts/release/synchronize-versions.js new file mode 100755 index 00000000..15aa2599 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/synchronize-versions.js @@ -0,0 +1,15 @@ +#!/usr/bin/env node + +// Synchronizes the version in contracts/package.json with the one in package.json. +// This is run automatically when npm version is run. + +const fs = require('fs'); + +setVersion('package.json', 'contracts/package.json'); + +function setVersion(from, to) { + const fromJson = JSON.parse(fs.readFileSync(from)); + const toJson = JSON.parse(fs.readFileSync(to)); + toJson.version = fromJson.version; + fs.writeFileSync(to, JSON.stringify(toJson, null, 2) + '\n'); +} diff --git a/dependencies/@openzeppelin/scripts/release/update-comment.js b/dependencies/@openzeppelin/scripts/release/update-comment.js new file mode 100755 index 00000000..9d6df269 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/update-comment.js @@ -0,0 +1,34 @@ +#!/usr/bin/env node +const fs = require('fs'); +const proc = require('child_process'); +const semver = require('semver'); +const run = (cmd, ...args) => proc.execFileSync(cmd, args, { encoding: 'utf8' }).trim(); + +const gitStatus = run('git', 'status', '--porcelain', '-uno', 'contracts/**/*.sol'); +if (gitStatus.length > 0) { + console.error('Contracts directory is not clean'); + process.exit(1); +} + +const { version } = require('../../package.json'); + +// Get latest tag according to semver. +const [tag] = run('git', 'tag') + .split(/\r?\n/) + .filter(semver.coerce) // check version can be processed + .filter(v => semver.satisfies(v, `< ${version}`)) // ignores prereleases unless currently a prerelease + .sort(semver.rcompare); + +// Ordering tag β†’ HEAD is important here. +const files = run('git', 'diff', tag, 'HEAD', '--name-only', 'contracts/**/*.sol') + .split(/\r?\n/) + .filter(file => file && !file.match(/mock/i) && fs.existsSync(file)); + +for (const file of files) { + const current = fs.readFileSync(file, 'utf8'); + const updated = current.replace( + /(\/\/ SPDX-License-Identifier:.*)$(\n\/\/ OpenZeppelin Contracts .*$)?/m, + `$1\n// OpenZeppelin Contracts (last updated v${version}) (${file.replace('contracts/', '')})`, + ); + fs.writeFileSync(file, updated); +} diff --git a/dependencies/@openzeppelin/scripts/release/version.sh b/dependencies/@openzeppelin/scripts/release/version.sh new file mode 100755 index 00000000..7b0ddead --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/version.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -euo pipefail + +changeset version + +scripts/release/format-changelog.js +scripts/release/synchronize-versions.js +scripts/release/update-comment.js + +oz-docs update-version diff --git a/dependencies/@openzeppelin/scripts/release/workflow/exit-prerelease.sh b/dependencies/@openzeppelin/scripts/release/workflow/exit-prerelease.sh new file mode 100644 index 00000000..bcf9b9ae --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/exit-prerelease.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -euo pipefail + +npx changeset pre exit rc +git add . +git commit -m "Exit release candidate" +git push origin diff --git a/dependencies/@openzeppelin/scripts/release/workflow/github-release.js b/dependencies/@openzeppelin/scripts/release/workflow/github-release.js new file mode 100644 index 00000000..f213106b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/github-release.js @@ -0,0 +1,48 @@ +const { readFileSync } = require('fs'); +const { join } = require('path'); +const { version } = require(join(__dirname, '../../../package.json')); + +module.exports = async ({ github, context }) => { + const changelog = readFileSync('CHANGELOG.md', 'utf8'); + + await github.rest.repos.createRelease({ + owner: context.repo.owner, + repo: context.repo.repo, + tag_name: `v${version}`, + target_commitish: github.ref_name, + body: extractSection(changelog, version), + prerelease: process.env.PRERELEASE === 'true', + }); +}; + +// From https://github.com/frangio/extract-changelog/blob/master/src/utils/word-regexp.ts +function makeWordRegExp(word) { + const start = word.length > 0 && /\b/.test(word[0]) ? '\\b' : ''; + const end = word.length > 0 && /\b/.test(word[word.length - 1]) ? '\\b' : ''; + return new RegExp(start + [...word].map(c => (/[a-z0-9]/i.test(c) ? c : '\\' + c)).join('') + end); +} + +// From https://github.com/frangio/extract-changelog/blob/master/src/core.ts +function extractSection(document, wantedHeading) { + // ATX Headings as defined in GitHub Flavored Markdown (https://github.github.com/gfm/#atx-headings) + const heading = /^ {0,3}(?#{1,6})(?: [ \t\v\f]*(?.*?)[ \t\v\f]*)?(?:[\n\r]+|$)/gm; + + const wantedHeadingRe = makeWordRegExp(wantedHeading); + + let start, end; + + for (const m of document.matchAll(heading)) { + if (!start) { + if (m.groups.text.search(wantedHeadingRe) === 0) { + start = m; + } + } else if (m.groups.lead.length <= start.groups.lead.length) { + end = m; + break; + } + } + + if (start) { + return document.slice(start.index + start[0].length, end?.index); + } +} diff --git a/dependencies/@openzeppelin/scripts/release/workflow/integrity-check.sh b/dependencies/@openzeppelin/scripts/release/workflow/integrity-check.sh new file mode 100644 index 00000000..86e99f92 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/integrity-check.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -euo pipefail + +CHECKSUMS="$RUNNER_TEMP/checksums.txt" + +# Extract tarball content into a tmp directory +tar xf "$TARBALL" -C "$RUNNER_TEMP" + +# Move to extracted directory +cd "$RUNNER_TEMP/package" + +# Checksum all Solidity files +find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS" + +# Back to directory with git contents +cd "$GITHUB_WORKSPACE/contracts" + +# Check against tarball contents +shasum -c "$CHECKSUMS" diff --git a/dependencies/@openzeppelin/scripts/release/workflow/pack.sh b/dependencies/@openzeppelin/scripts/release/workflow/pack.sh new file mode 100644 index 00000000..ce30712f --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/pack.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -euo pipefail + +dist_tag() { + PACKAGE_JSON_NAME="$(jq -r .name ./package.json)" + LATEST_NPM_VERSION="$(npm info "$PACKAGE_JSON_NAME" version)" + PACKAGE_JSON_VERSION="$(jq -r .version ./package.json)" + + if [ "$PRERELEASE" = "true" ]; then + echo "next" + elif npx semver -r ">$LATEST_NPM_VERSION" "$PACKAGE_JSON_VERSION" > /dev/null; then + echo "latest" + else + # This is a patch for an older version + # npm can't publish without a tag + echo "tmp" + fi +} + +cd contracts +TARBALL="$(npm pack | tee /dev/stderr | tail -1)" +echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT +echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT +echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT +cd .. diff --git a/dependencies/@openzeppelin/scripts/release/workflow/publish.sh b/dependencies/@openzeppelin/scripts/release/workflow/publish.sh new file mode 100644 index 00000000..e490e5d0 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/publish.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -euo pipefail + +PACKAGE_JSON_NAME="$(tar xfO "$TARBALL" package/package.json | jq -r .name)" +PACKAGE_JSON_VERSION="$(tar xfO "$TARBALL" package/package.json | jq -r .version)" + +# Intentionally escape $ to avoid interpolation and writing the token to disk +echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc + +# Actual publish +npm publish "$TARBALL" --tag "$TAG" + +# Clean up tags +delete_tag() { + npm dist-tag rm "$PACKAGE_JSON_NAME" "$1" +} + +if [ "$TAG" = tmp ]; then + delete_tag "$TAG" +elif [ "$TAG" = latest ]; then + # Delete the next tag if it exists and is a prerelease for what is currently being published + if npm dist-tag ls "$PACKAGE_JSON_NAME" | grep -q "next: $PACKAGE_JSON_VERSION"; then + delete_tag next + fi +fi diff --git a/dependencies/@openzeppelin/scripts/release/workflow/rerun.js b/dependencies/@openzeppelin/scripts/release/workflow/rerun.js new file mode 100644 index 00000000..f48ce6ea --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/rerun.js @@ -0,0 +1,7 @@ +module.exports = ({ github, context }) => + github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'release-cycle.yml', + ref: process.env.REF || process.env.GITHUB_REF_NAME, + }); diff --git a/dependencies/@openzeppelin/scripts/release/workflow/set-changesets-pr-title.js b/dependencies/@openzeppelin/scripts/release/workflow/set-changesets-pr-title.js new file mode 100644 index 00000000..59b03b22 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/set-changesets-pr-title.js @@ -0,0 +1,17 @@ +const { coerce, inc, rsort } = require('semver'); +const { join } = require('path'); +const { version } = require(join(__dirname, '../../../package.json')); + +module.exports = async ({ core }) => { + // Variables not in the context + const refName = process.env.GITHUB_REF_NAME; + + // Compare package.json version's next patch vs. first version patch + // A recently opened branch will give the next patch for the previous minor + // So, we get the max against the patch 0 of the release branch's version + const branchPatch0 = coerce(refName.replace('release-v', '')).version; + const packageJsonNextPatch = inc(version, 'patch'); + const [nextVersion] = rsort([branchPatch0, packageJsonNextPatch], false); + + core.exportVariable('TITLE', `Release v${nextVersion}`); +}; diff --git a/dependencies/@openzeppelin/scripts/release/workflow/start.sh b/dependencies/@openzeppelin/scripts/release/workflow/start.sh new file mode 100644 index 00000000..7683ec5b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/start.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Set changeset status location +# This is needed because `changeset status --output` only works with relative routes +CHANGESETS_STATUS_JSON="$(realpath --relative-to=. "$RUNNER_TEMP/status.json")" + +# Save changeset status to temp file +npx changeset status --output="$CHANGESETS_STATUS_JSON" + +# Defensive assertion. SHOULD NOT BE REACHED +if [ "$(jq '.releases | length' "$CHANGESETS_STATUS_JSON")" != 1 ]; then + echo "::error file=$CHANGESETS_STATUS_JSON::The status doesn't contain only 1 release" + exit 1; +fi; + +# Create branch +BRANCH_SUFFIX="$(jq -r '.releases[0].newVersion | gsub("\\.\\d+$"; "")' $CHANGESETS_STATUS_JSON)" +RELEASE_BRANCH="release-v$BRANCH_SUFFIX" +git checkout -b "$RELEASE_BRANCH" + +# Output branch +echo "branch=$RELEASE_BRANCH" >> $GITHUB_OUTPUT + +# Enter in prerelease state +npx changeset pre enter rc +git add . +git commit -m "Start release candidate" + +# Push branch +if ! git push origin "$RELEASE_BRANCH"; then + echo "::error file=scripts/release/start.sh::Can't push $RELEASE_BRANCH. Did you forget to run this workflow from $RELEASE_BRANCH?" + exit 1 +fi diff --git a/dependencies/@openzeppelin/scripts/release/workflow/state.js b/dependencies/@openzeppelin/scripts/release/workflow/state.js new file mode 100644 index 00000000..914e8de0 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/release/workflow/state.js @@ -0,0 +1,112 @@ +const { readPreState } = require('@changesets/pre'); +const { default: readChangesets } = require('@changesets/read'); +const { join } = require('path'); +const { fetch } = require('undici'); +const { version, name: packageName } = require(join(__dirname, '../../../contracts/package.json')); + +module.exports = async ({ github, context, core }) => { + const state = await getState({ github, context, core }); + + function setOutput(key, value) { + core.info(`State ${key} = ${value}`); + core.setOutput(key, value); + } + + // Jobs to trigger + setOutput('start', shouldRunStart(state)); + setOutput('promote', shouldRunPromote(state)); + setOutput('changesets', shouldRunChangesets(state)); + setOutput('publish', shouldRunPublish(state)); + setOutput('merge', shouldRunMerge(state)); + + // Global Variables + setOutput('is_prerelease', state.prerelease); +}; + +function shouldRunStart({ isMaster, isWorkflowDispatch, botRun }) { + return isMaster && isWorkflowDispatch && !botRun; +} + +function shouldRunPromote({ isReleaseBranch, isWorkflowDispatch, botRun }) { + return isReleaseBranch && isWorkflowDispatch && !botRun; +} + +function shouldRunChangesets({ isReleaseBranch, isPush, isWorkflowDispatch, botRun }) { + return (isReleaseBranch && isPush) || (isReleaseBranch && isWorkflowDispatch && botRun); +} + +function shouldRunPublish({ isReleaseBranch, isPush, hasPendingChangesets, isPublishedOnNpm }) { + return isReleaseBranch && isPush && !hasPendingChangesets && !isPublishedOnNpm; +} + +function shouldRunMerge({ + isReleaseBranch, + isPush, + prerelease, + isCurrentFinalVersion, + hasPendingChangesets, + prBackExists, +}) { + return isReleaseBranch && isPush && !prerelease && isCurrentFinalVersion && !hasPendingChangesets && !prBackExists; +} + +async function getState({ github, context, core }) { + // Variables not in the context + const refName = process.env.GITHUB_REF_NAME; + const botRun = process.env.TRIGGERING_ACTOR === 'github-actions[bot]'; + + const { changesets, preState } = await readChangesetState(); + + // Static vars + const state = { + refName, + hasPendingChangesets: changesets.length > 0, + prerelease: preState?.mode === 'pre', + isMaster: refName === 'master', + isReleaseBranch: refName.startsWith('release-v'), + isWorkflowDispatch: context.eventName === 'workflow_dispatch', + isPush: context.eventName === 'push', + isCurrentFinalVersion: !version.includes('-rc.'), + botRun, + }; + + // Async vars + const { data: prs } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + head: `${context.repo.owner}:merge/${state.refName}`, + base: 'master', + state: 'open', + }); + + state.prBackExists = prs.length !== 0; + + state.isPublishedOnNpm = await isPublishedOnNpm(packageName, version); + + // Log every state value in debug mode + if (core.isDebug()) for (const [key, value] of Object.entries(state)) core.debug(`${key}: ${value}`); + + return state; +} + +// From https://github.com/changesets/action/blob/v1.4.1/src/readChangesetState.ts +async function readChangesetState(cwd = process.cwd()) { + const preState = await readPreState(cwd); + const isInPreMode = preState !== undefined && preState.mode === 'pre'; + + let changesets = await readChangesets(cwd); + + if (isInPreMode) { + changesets = changesets.filter(x => !preState.changesets.includes(x.id)); + } + + return { + preState: isInPreMode ? preState : undefined, + changesets, + }; +} + +async function isPublishedOnNpm(package, version) { + const res = await fetch(`https://registry.npmjs.com/${package}/${version}`); + return res.ok; +} diff --git a/dependencies/@openzeppelin/scripts/remove-ignored-artifacts.js b/dependencies/@openzeppelin/scripts/remove-ignored-artifacts.js new file mode 100644 index 00000000..e156032b --- /dev/null +++ b/dependencies/@openzeppelin/scripts/remove-ignored-artifacts.js @@ -0,0 +1,45 @@ +#!/usr/bin/env node + +// This script removes the build artifacts of ignored contracts. + +const fs = require('fs'); +const path = require('path'); +const match = require('micromatch'); + +function readJSON(path) { + return JSON.parse(fs.readFileSync(path)); +} + +const pkgFiles = readJSON('package.json').files; + +// Get only negated patterns. +const ignorePatterns = pkgFiles + .filter(pat => pat.startsWith('!')) + // Remove the negation part. Makes micromatch usage more intuitive. + .map(pat => pat.slice(1)); + +const ignorePatternsSubtrees = ignorePatterns + // Add **/* to ignore all files contained in the directories. + .concat(ignorePatterns.map(pat => path.join(pat, '**/*'))) + .map(p => p.replace(/^\//, '')); + +const artifactsDir = 'contracts/build/contracts'; +const buildinfo = 'artifacts/build-info'; +const filenames = fs.readdirSync(buildinfo); + +let n = 0; + +for (const filename of filenames) { + const solcOutput = readJSON(path.join(buildinfo, filename)).output; + for (const sourcePath in solcOutput.contracts) { + const ignore = match.any(sourcePath, ignorePatternsSubtrees); + if (ignore) { + for (const contract in solcOutput.contracts[sourcePath]) { + fs.unlinkSync(path.join(artifactsDir, contract + '.json')); + n += 1; + } + } + } +} + +console.error(`Removed ${n} mock artifacts`); diff --git a/dependencies/@openzeppelin/scripts/solhint-custom/index.js b/dependencies/@openzeppelin/scripts/solhint-custom/index.js new file mode 100644 index 00000000..9625027e --- /dev/null +++ b/dependencies/@openzeppelin/scripts/solhint-custom/index.js @@ -0,0 +1,84 @@ +const path = require('path'); +const minimatch = require('minimatch'); + +// Files matching these patterns will be ignored unless a rule has `static global = true` +const ignore = ['contracts/mocks/**/*', 'test/**/*']; + +class Base { + constructor(reporter, config, source, fileName) { + this.reporter = reporter; + this.ignored = this.constructor.global || ignore.some(p => minimatch(path.normalize(fileName), p)); + this.ruleId = this.constructor.ruleId; + if (this.ruleId === undefined) { + throw Error('missing ruleId static property'); + } + } + + error(node, message) { + if (!this.ignored) { + this.reporter.error(node, this.ruleId, message); + } + } +} + +module.exports = [ + class extends Base { + static ruleId = 'interface-names'; + + ContractDefinition(node) { + if (node.kind === 'interface' && !/^I[A-Z]/.test(node.name)) { + this.error(node, 'Interface names should have a capital I prefix'); + } + } + }, + + class extends Base { + static ruleId = 'private-variables'; + + VariableDeclaration(node) { + const constantOrImmutable = node.isDeclaredConst || node.isImmutable; + if (node.isStateVar && !constantOrImmutable && node.visibility !== 'private') { + this.error(node, 'State variables must be private'); + } + } + }, + + class extends Base { + static ruleId = 'leading-underscore'; + + VariableDeclaration(node) { + if (node.isDeclaredConst) { + // TODO: expand visibility and fix + if (node.visibility === 'private' && /^_/.test(node.name)) { + this.error(node, 'Constant variables should not have leading underscore'); + } + } else if (node.visibility === 'private' && !/^_/.test(node.name)) { + this.error(node, 'Non-constant private variables must have leading underscore'); + } + } + + FunctionDefinition(node) { + if (node.visibility === 'private' || (node.visibility === 'internal' && node.parent.kind !== 'library')) { + if (!/^_/.test(node.name)) { + this.error(node, 'Private and internal functions must have leading underscore'); + } + } + if (node.visibility === 'internal' && node.parent.kind === 'library') { + if (/^_/.test(node.name)) { + this.error(node, 'Library internal functions should not have leading underscore'); + } + } + } + }, + + // TODO: re-enable and fix + // class extends Base { + // static ruleId = 'no-external-virtual'; + // + // FunctionDefinition(node) { + // if (node.visibility == 'external' && node.isVirtual) { + // this.error(node, 'Functions should not be external and virtual'); + // } + // } + // }, +]; diff --git a/dependencies/@openzeppelin/scripts/solhint-custom/package.json b/dependencies/@openzeppelin/scripts/solhint-custom/package.json new file mode 100644 index 00000000..075eb929 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/solhint-custom/package.json @@ -0,0 +1,5 @@ +{ + "name": "solhint-plugin-openzeppelin", + "version": "0.0.0", + "private": true +} diff --git a/dependencies/@openzeppelin/scripts/update-docs-branch.js b/dependencies/@openzeppelin/scripts/update-docs-branch.js new file mode 100644 index 00000000..324ba0c6 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/update-docs-branch.js @@ -0,0 +1,65 @@ +const proc = require('child_process'); +const read = cmd => proc.execSync(cmd, { encoding: 'utf8' }).trim(); +const run = cmd => { + proc.execSync(cmd, { stdio: 'inherit' }); +}; +const tryRead = cmd => { + try { + return read(cmd); + } catch (e) { + return undefined; + } +}; + +const releaseBranchRegex = /^release-v(?(?\d+)\.(?\d+)(?:\.(?\d+))?)$/; + +const currentBranch = read('git rev-parse --abbrev-ref HEAD'); +const match = currentBranch.match(releaseBranchRegex); + +if (!match) { + console.error('Not currently on a release branch'); + process.exit(1); +} + +const pkgVersion = require('../package.json').version; + +if (pkgVersion.includes('-') && !pkgVersion.includes('.0.0-')) { + console.error('Refusing to update docs: non-major prerelease detected'); + process.exit(0); +} + +const current = match.groups; +const docsBranch = `docs-v${current.major}.x`; + +// Fetch remotes and find the docs branch if it exists +run('git fetch --all --no-tags'); +const matchingDocsBranches = tryRead(`git rev-parse --glob='*/${docsBranch}'`); + +if (!matchingDocsBranches) { + // Create the branch + run(`git checkout --orphan ${docsBranch}`); +} else { + const [publishedRef, ...others] = new Set(matchingDocsBranches.split('\n')); + if (others.length > 0) { + console.error( + `Found conflicting ${docsBranch} branches.\n` + + 'Either local branch is outdated or there are multiple matching remote branches.', + ); + process.exit(1); + } + const publishedVersion = JSON.parse(read(`git show ${publishedRef}:package.json`)).version; + const publishedMinor = publishedVersion.match(/\d+\.(?\d+)\.\d+/).groups.minor; + if (current.minor < publishedMinor) { + console.error('Refusing to update docs: newer version is published'); + process.exit(0); + } + + run('git checkout --quiet --detach'); + run(`git reset --soft ${publishedRef}`); + run(`git checkout ${docsBranch}`); +} + +run('npm run prepare-docs'); +run('git add -f docs'); // --force needed because generated docs files are gitignored +run('git commit -m "Update docs"'); +run(`git checkout ${currentBranch}`); diff --git a/dependencies/@openzeppelin/scripts/upgradeable/README.md b/dependencies/@openzeppelin/scripts/upgradeable/README.md new file mode 100644 index 00000000..2309f9e1 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/README.md @@ -0,0 +1,21 @@ +The upgradeable variant of OpenZeppelin Contracts is automatically generated from the original Solidity code. We call this process "transpilation" and it is implemented by our [Upgradeability Transpiler](https://github.com/OpenZeppelin/openzeppelin-transpiler/). + +When the `master` branch or `release-v*` branches are updated, the code is transpiled and pushed to [OpenZeppelin/openzeppelin-contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) by the `upgradeable.yml` workflow. + +## `transpile.sh` + +Applies patches and invokes the transpiler with the command line flags we need for our requirements (for example, excluding certain files). + +## `transpile-onto.sh` + +``` +bash scripts/upgradeable/transpile-onto.sh [] +``` + +Transpiles the contents of the current git branch and commits the result as a new commit on branch ``. If branch `` doesn't exist, it will copy the commit history of `[]` (this is used in GitHub Actions, but is usually not necessary locally). + +## `patch-apply.sh` & `patch-save.sh` + +Some of the upgradeable contract variants require ad-hoc changes that are not implemented by the transpiler. These changes are implemented by patches stored in `upgradeable.patch` in this directory. `patch-apply.sh` applies these patches. + +If the patches fail to apply due to changes in the repo, the conflicts have to be resolved manually. Once fixed, `patch-save.sh` will take the changes staged in Git and update `upgradeable.patch` to match. diff --git a/dependencies/@openzeppelin/scripts/upgradeable/patch-apply.sh b/dependencies/@openzeppelin/scripts/upgradeable/patch-apply.sh new file mode 100755 index 00000000..d9e17589 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/patch-apply.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +set -euo pipefail + +DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")" +PATCH="$DIRNAME/upgradeable.patch" + +error() { + echo Error: "$*" >&2 + exit 1 +} + +if ! git diff-files --quiet ":!$PATCH" || ! git diff-index --quiet HEAD ":!$PATCH"; then + error "Repository must have no staged or unstaged changes" +fi + +if ! git apply -3 "$PATCH"; then + error "Fix conflicts and run $DIRNAME/patch-save.sh" +fi diff --git a/dependencies/@openzeppelin/scripts/upgradeable/patch-save.sh b/dependencies/@openzeppelin/scripts/upgradeable/patch-save.sh new file mode 100755 index 00000000..111e6f15 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/patch-save.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +set -euo pipefail + +DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")" +PATCH="$DIRNAME/upgradeable.patch" + +error() { + echo Error: "$*" >&2 + exit 1 +} + +if ! git diff-files --quiet ":!$PATCH"; then + error "Unstaged changes. Stage to include in patch or temporarily stash." +fi + +git diff-index --cached --patch --output="$PATCH" HEAD +git restore --staged --worktree ":!$PATCH" diff --git a/dependencies/@openzeppelin/scripts/upgradeable/transpile-onto.sh b/dependencies/@openzeppelin/scripts/upgradeable/transpile-onto.sh new file mode 100644 index 00000000..b8508f0c --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/transpile-onto.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [ $# -lt 1 ]; then + echo "usage: bash $0 []" >&2 + exit 1 +fi + +set -x + +target="$1" +base="${2-}" + +bash scripts/upgradeable/transpile.sh + +commit="$(git rev-parse --short HEAD)" +start_branch="$(git rev-parse --abbrev-ref HEAD)" + +git add contracts + +# detach from the current branch to avoid making changes to it +git checkout --quiet --detach + +# switch to the target branch, creating it if necessary +if git rev-parse -q --verify "$target"; then + # if the branch exists, make it the current HEAD without checking out its contents + git reset --soft "$target" + git checkout "$target" +else + # if the branch doesn't exist, create it as an orphan and check it out + git checkout --orphan "$target" + if [ -n "$base" ] && git rev-parse -q --verify "$base"; then + # if base was specified and it exists, set it as the branch history + git reset --soft "$base" + fi +fi + +# abort if there are no changes to commit at this point +if git diff --quiet --cached; then + exit +fi + +if [[ -v SUBMODULE_REMOTE ]]; then + lib=lib/openzeppelin-contracts + git submodule add -b "${base#origin/}" "$SUBMODULE_REMOTE" "$lib" + git -C "$lib" checkout "$commit" + git add "$lib" +fi + +git commit -m "Transpile $commit" + +# return to original branch +git checkout "$start_branch" diff --git a/dependencies/@openzeppelin/scripts/upgradeable/transpile.sh b/dependencies/@openzeppelin/scripts/upgradeable/transpile.sh new file mode 100644 index 00000000..f7c848c1 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/transpile.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +set -euo pipefail -x + +VERSION="$(jq -r .version contracts/package.json)" +DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")" + +bash "$DIRNAME/patch-apply.sh" +sed -i'' -e "s//$VERSION/g" "contracts/package.json" +git add contracts/package.json + +npm run clean +npm run compile + +build_info=($(jq -r '.input.sources | keys | if any(test("^contracts/mocks/.*\\bunreachable\\b")) then empty else input_filename end' artifacts/build-info/*)) +build_info_num=${#build_info[@]} + +if [ $build_info_num -ne 1 ]; then + echo "found $build_info_num relevant build info files but expected just 1" + exit 1 +fi + +# -D: delete original and excluded files +# -b: use this build info file +# -i: use included Initializable +# -x: exclude proxy-related contracts with a few exceptions +# -p: emit public initializer +# -n: use namespaces +# -N: exclude from namespaces transformation +# -q: partial transpilation using @openzeppelin/contracts as peer project +npx @openzeppelin/upgrade-safe-transpiler -D \ + -b "$build_info" \ + -i contracts/proxy/utils/Initializable.sol \ + -x 'contracts-exposed/**/*' \ + -x 'contracts/proxy/**/*' \ + -x '!contracts/proxy/Clones.sol' \ + -x '!contracts/proxy/ERC1967/ERC1967Storage.sol' \ + -x '!contracts/proxy/ERC1967/ERC1967Utils.sol' \ + -x '!contracts/proxy/utils/UUPSUpgradeable.sol' \ + -x '!contracts/proxy/beacon/IBeacon.sol' \ + -p 'contracts/access/manager/AccessManager.sol' \ + -p 'contracts/finance/VestingWallet.sol' \ + -p 'contracts/governance/TimelockController.sol' \ + -p 'contracts/metatx/ERC2771Forwarder.sol' \ + -n \ + -N 'contracts/mocks/**/*' \ + -q '@openzeppelin/' + +# delete compilation artifacts of vanilla code +npm run clean diff --git a/dependencies/@openzeppelin/scripts/upgradeable/upgradeable.patch b/dependencies/@openzeppelin/scripts/upgradeable/upgradeable.patch new file mode 100644 index 00000000..458ecd43 --- /dev/null +++ b/dependencies/@openzeppelin/scripts/upgradeable/upgradeable.patch @@ -0,0 +1,361 @@ +diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md +deleted file mode 100644 +index 35ad097ff..000000000 +--- a/.github/ISSUE_TEMPLATE/bug_report.md ++++ /dev/null +@@ -1,21 +0,0 @@ +---- +-name: Bug report +-about: Report a bug in OpenZeppelin Contracts +- +---- +- +- +- +- +- +-**πŸ’» Environment** +- +- +- +-**πŸ“ Details** +- +- +- +-**πŸ”’ Code to reproduce bug** +- +- +diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml +index 4018cef29..d343a53d8 100644 +--- a/.github/ISSUE_TEMPLATE/config.yml ++++ b/.github/ISSUE_TEMPLATE/config.yml +@@ -1,4 +1,8 @@ ++blank_issues_enabled: false + contact_links: ++ - name: Bug Reports & Feature Requests ++ url: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/new/choose ++ about: Visit the OpenZeppelin Contracts repository + - name: Questions & Support Requests + url: https://forum.openzeppelin.com/c/support/contracts/18 + about: Ask in the OpenZeppelin Forum +diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md +deleted file mode 100644 +index ff596b0c3..000000000 +--- a/.github/ISSUE_TEMPLATE/feature_request.md ++++ /dev/null +@@ -1,14 +0,0 @@ +---- +-name: Feature request +-about: Suggest an idea for OpenZeppelin Contracts +- +---- +- +-**🧐 Motivation** +- +- +-**πŸ“ Details** +- +- +- +- +diff --git a/README.md b/README.md +index fa7b4e31e..4799b6376 100644 +--- a/README.md ++++ b/README.md +@@ -19,6 +19,9 @@ + > [!IMPORTANT] + > OpenZeppelin Contracts uses semantic versioning to communicate backwards compatibility of its API and storage layout. For upgradeable contracts, the storage layout of different major versions should be assumed incompatible, for example, it is unsafe to upgrade from 4.9.3 to 5.0.0. Learn more at [Backwards Compatibility](https://docs.openzeppelin.com/contracts/backwards-compatibility). + +++> [!NOTE] +++> You are looking at the upgradeable variant of OpenZeppelin Contracts. Be sure to review the documentation on [Using OpenZeppelin Contracts with Upgrades](https://docs.openzeppelin.com/contracts/upgradeable). +++ + ## Overview + + ### Installation +@@ -26,7 +29,7 @@ + #### Hardhat (npm) + + ``` +-$ npm install @openzeppelin/contracts ++$ npm install @openzeppelin/contracts-upgradeable + ``` + + #### Foundry (git) +@@ -38,10 +41,10 @@ $ npm install @openzeppelin/contracts + > Foundry installs the latest version initially, but subsequent `forge update` commands will use the `master` branch. + + ``` +-$ forge install OpenZeppelin/openzeppelin-contracts ++$ forge install OpenZeppelin/openzeppelin-contracts-upgradeable + ``` + +-Add `@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/` in `remappings.txt.` ++Add `@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/` in `remappings.txt.` + + ### Usage + +@@ -50,10 +53,11 @@ Once installed, you can use the contracts in the library by importing them: + ```solidity + pragma solidity ^0.8.20; + +-import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol"; ++import {ERC721Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol"; + +-contract MyCollectible is ERC721 { +- constructor() ERC721("MyCollectible", "MCO") { ++contract MyCollectible is ERC721Upgradeable { ++ function initialize() initializer public { ++ __ERC721_init("MyCollectible", "MCO"); + } + } + ``` +diff --git a/contracts/package.json b/contracts/package.json +index 845e8c403..8dc181b91 100644 +--- a/contracts/package.json ++++ b/contracts/package.json +@@ -1,5 +1,5 @@ + { +- "name": "@openzeppelin/contracts", ++ "name": "@openzeppelin/contracts-upgradeable", + "description": "Secure Smart Contract library for Solidity", + "version": "5.0.2", + "files": [ +@@ -13,7 +13,7 @@ + }, + "repository": { + "type": "git", +- "url": "https://github.com/OpenZeppelin/openzeppelin-contracts.git" ++ "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable.git" + }, + "keywords": [ + "solidity", +@@ -28,5 +28,8 @@ + "bugs": { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/issues" + }, +- "homepage": "https://openzeppelin.com/contracts/" ++ "homepage": "https://openzeppelin.com/contracts/", ++ "peerDependencies": { ++ "@openzeppelin/contracts": "" ++ } + } +diff --git a/contracts/utils/cryptography/EIP712.sol b/contracts/utils/cryptography/EIP712.sol +index 77c4c8990..602467f40 100644 +--- a/contracts/utils/cryptography/EIP712.sol ++++ b/contracts/utils/cryptography/EIP712.sol +@@ -4,7 +4,6 @@ + pragma solidity ^0.8.20; + + import {MessageHashUtils} from "./MessageHashUtils.sol"; +-import {ShortStrings, ShortString} from "../ShortStrings.sol"; + import {IERC5267} from "../../interfaces/IERC5267.sol"; + + /** +@@ -28,28 +27,18 @@ import {IERC5267} from "../../interfaces/IERC5267.sol"; + * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain + * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the + * separator from the immutable values, which is cheaper than accessing a cached version in cold storage. +- * +- * @custom:oz-upgrades-unsafe-allow state-variable-immutable + */ + abstract contract EIP712 is IERC5267 { +- using ShortStrings for *; +- + bytes32 private constant TYPE_HASH = + keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); + +- // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to +- // invalidate the cached domain separator if the chain id changes. +- bytes32 private immutable _cachedDomainSeparator; +- uint256 private immutable _cachedChainId; +- address private immutable _cachedThis; +- ++ /// @custom:oz-renamed-from _HASHED_NAME + bytes32 private immutable _hashedName; ++ /// @custom:oz-renamed-from _HASHED_VERSION + bytes32 private immutable _hashedVersion; + +- ShortString private immutable _name; +- ShortString private immutable _version; +- string private _nameFallback; +- string private _versionFallback; ++ string private _name; ++ string private _version; + + /** + * @dev Initializes the domain separator and parameter caches. +@@ -64,29 +53,23 @@ abstract contract EIP712 is IERC5267 { + * contract upgrade]. + */ + constructor(string memory name, string memory version) { +- _name = name.toShortStringWithFallback(_nameFallback); +- _version = version.toShortStringWithFallback(_versionFallback); +- _hashedName = keccak256(bytes(name)); +- _hashedVersion = keccak256(bytes(version)); +- +- _cachedChainId = block.chainid; +- _cachedDomainSeparator = _buildDomainSeparator(); +- _cachedThis = address(this); ++ _name = name; ++ _version = version; ++ ++ // Reset prior values in storage if upgrading ++ _hashedName = 0; ++ _hashedVersion = 0; + } + + /** + * @dev Returns the domain separator for the current chain. + */ + function _domainSeparatorV4() internal view returns (bytes32) { +- if (address(this) == _cachedThis && block.chainid == _cachedChainId) { +- return _cachedDomainSeparator; +- } else { +- return _buildDomainSeparator(); +- } ++ return _buildDomainSeparator(); + } + + function _buildDomainSeparator() private view returns (bytes32) { +- return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this))); ++ return keccak256(abi.encode(TYPE_HASH, _EIP712NameHash(), _EIP712VersionHash(), block.chainid, address(this))); + } + + /** +@@ -125,6 +108,10 @@ abstract contract EIP712 is IERC5267 { + uint256[] memory extensions + ) + { ++ // If the hashed name and version in storage are non-zero, the contract hasn't been properly initialized ++ // and the EIP712 domain is not reliable, as it will be missing name and version. ++ require(_hashedName == 0 && _hashedVersion == 0, "EIP712: Uninitialized"); ++ + return ( + hex"0f", // 01111 + _EIP712Name(), +@@ -139,22 +126,62 @@ abstract contract EIP712 is IERC5267 { + /** + * @dev The name parameter for the EIP712 domain. + * +- * NOTE: By default this function reads _name which is an immutable value. +- * It only reads from storage if necessary (in case the value is too large to fit in a ShortString). ++ * NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs ++ * are a concern. + */ +- // solhint-disable-next-line func-name-mixedcase +- function _EIP712Name() internal view returns (string memory) { +- return _name.toStringWithFallback(_nameFallback); ++ function _EIP712Name() internal view virtual returns (string memory) { ++ return _name; + } + + /** + * @dev The version parameter for the EIP712 domain. + * +- * NOTE: By default this function reads _version which is an immutable value. +- * It only reads from storage if necessary (in case the value is too large to fit in a ShortString). ++ * NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs ++ * are a concern. + */ +- // solhint-disable-next-line func-name-mixedcase +- function _EIP712Version() internal view returns (string memory) { +- return _version.toStringWithFallback(_versionFallback); ++ function _EIP712Version() internal view virtual returns (string memory) { ++ return _version; ++ } ++ ++ /** ++ * @dev The hash of the name parameter for the EIP712 domain. ++ * ++ * NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Name` instead. ++ */ ++ function _EIP712NameHash() internal view returns (bytes32) { ++ string memory name = _EIP712Name(); ++ if (bytes(name).length > 0) { ++ return keccak256(bytes(name)); ++ } else { ++ // If the name is empty, the contract may have been upgraded without initializing the new storage. ++ // We return the name hash in storage if non-zero, otherwise we assume the name is empty by design. ++ bytes32 hashedName = _hashedName; ++ if (hashedName != 0) { ++ return hashedName; ++ } else { ++ return keccak256(""); ++ } ++ } ++ } ++ ++ /** ++ * @dev The hash of the version parameter for the EIP712 domain. ++ * ++ * NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Version` instead. ++ */ ++ function _EIP712VersionHash() internal view returns (bytes32) { ++ string memory version = _EIP712Version(); ++ if (bytes(version).length > 0) { ++ return keccak256(bytes(version)); ++ } else { ++ // If the version is empty, the contract may have been upgraded without initializing the new storage. ++ // We return the version hash in storage if non-zero, otherwise we assume the version is empty by design. ++ bytes32 hashedVersion = _hashedVersion; ++ if (hashedVersion != 0) { ++ return hashedVersion; ++ } else { ++ return keccak256(""); ++ } ++ } + } + } +diff --git a/package.json b/package.json +index c4b358e10..96ab2559c 100644 +--- a/package.json ++++ b/package.json +@@ -32,7 +32,7 @@ + }, + "repository": { + "type": "git", +- "url": "https://github.com/OpenZeppelin/openzeppelin-contracts.git" ++ "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable.git" + }, + "keywords": [ + "solidity", +diff --git a/remappings.txt b/remappings.txt +index 304d1386a..a1cd63bee 100644 +--- a/remappings.txt ++++ b/remappings.txt +@@ -1 +1,2 @@ +-@openzeppelin/contracts/=contracts/ ++@openzeppelin/contracts-upgradeable/=contracts/ ++@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/ +diff --git a/test/utils/cryptography/EIP712.test.js b/test/utils/cryptography/EIP712.test.js +index 2b6e7fa97..268e0d29d 100644 +--- a/test/utils/cryptography/EIP712.test.js ++++ b/test/utils/cryptography/EIP712.test.js +@@ -47,27 +47,6 @@ describe('EIP712', function () { + const rebuildDomain = await getDomain(this.eip712); + expect(rebuildDomain).to.be.deep.equal(this.domain); + }); +- +- if (shortOrLong === 'short') { +- // Long strings are in storage, and the proxy will not be properly initialized unless +- // the upgradeable contract variant is used and the initializer is invoked. +- +- it('adjusts when behind proxy', async function () { +- const factory = await ethers.deployContract('$Clones'); +- +- const clone = await factory +- .$clone(this.eip712) +- .then(tx => tx.wait()) +- .then(receipt => receipt.logs.find(ev => ev.fragment.name == 'return$clone_address').args.instance) +- .then(address => ethers.getContractAt('$EIP712Verifier', address)); +- +- const expectedDomain = { ...this.domain, verifyingContract: clone.target }; +- expect(await getDomain(clone)).to.be.deep.equal(expectedDomain); +- +- const expectedSeparator = await domainSeparator(expectedDomain); +- expect(await clone.$_domainSeparatorV4()).to.equal(expectedSeparator); +- }); +- } + }); + + it('hash digest', async function () { diff --git a/dependencies/@openzeppelin/slither.config.json b/dependencies/@openzeppelin/slither.config.json new file mode 100644 index 00000000..069da1f3 --- /dev/null +++ b/dependencies/@openzeppelin/slither.config.json @@ -0,0 +1,5 @@ +{ + "detectors_to_run": "arbitrary-send-erc20,array-by-reference,incorrect-shift,name-reused,rtlo,suicidal,uninitialized-state,uninitialized-storage,arbitrary-send-erc20-permit,controlled-array-length,controlled-delegatecall,delegatecall-loop,msg-value-loop,reentrancy-eth,unchecked-transfer,weak-prng,domain-separator-collision,erc20-interface,erc721-interface,locked-ether,mapping-deletion,shadowing-abstract,tautology,write-after-write,boolean-cst,reentrancy-no-eth,reused-constructor,tx-origin,unchecked-lowlevel,unchecked-send,variable-scope,void-cst,events-access,events-maths,incorrect-unary,boolean-equal,cyclomatic-complexity,deprecated-standards,erc20-indexed,function-init-state,pragma,unused-state,reentrancy-unlimited-gas,constable-states,immutable-states,var-read-using-this", + "filter_paths": "contracts/mocks,contracts-exposed", + "compile_force_framework": "hardhat" +} diff --git a/dependencies/@openzeppelin/solhint.config.js b/dependencies/@openzeppelin/solhint.config.js new file mode 100644 index 00000000..f0bd7994 --- /dev/null +++ b/dependencies/@openzeppelin/solhint.config.js @@ -0,0 +1,26 @@ +const customRules = require('./scripts/solhint-custom'); + +const rules = [ + 'avoid-tx-origin', + 'const-name-snakecase', + 'contract-name-camelcase', + 'event-name-camelcase', + 'explicit-types', + 'func-name-mixedcase', + 'func-param-name-mixedcase', + 'imports-on-top', + 'modifier-name-mixedcase', + 'no-console', + 'no-global-import', + 'no-unused-vars', + 'quotes', + 'use-forbidden-name', + 'var-name-mixedcase', + 'visibility-modifier-order', + ...customRules.map(r => `openzeppelin/${r.ruleId}`), +]; + +module.exports = { + plugins: ['openzeppelin'], + rules: Object.fromEntries(rules.map(r => [r, 'error'])), +}; diff --git a/dependencies/@openzeppelin/test/TESTING.md b/dependencies/@openzeppelin/test/TESTING.md new file mode 100644 index 00000000..a5ee9323 --- /dev/null +++ b/dependencies/@openzeppelin/test/TESTING.md @@ -0,0 +1,3 @@ +## Testing + +Unit test are critical to OpenZeppelin Contracts. They help ensure code quality and mitigate against security vulnerabilities. The directory structure within the `/test` directory corresponds to the `/contracts` directory. diff --git a/dependencies/@openzeppelin/test/access/AccessControl.behavior.js b/dependencies/@openzeppelin/test/access/AccessControl.behavior.js new file mode 100644 index 00000000..b7ae2a95 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/AccessControl.behavior.js @@ -0,0 +1,874 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const time = require('../helpers/time'); + +const { shouldSupportInterfaces } = require('../utils/introspection/SupportsInterface.behavior'); + +const DEFAULT_ADMIN_ROLE = ethers.ZeroHash; +const ROLE = ethers.id('ROLE'); +const OTHER_ROLE = ethers.id('OTHER_ROLE'); + +function shouldBehaveLikeAccessControl() { + beforeEach(async function () { + [this.authorized, this.other, this.otherAdmin] = this.accounts; + }); + + shouldSupportInterfaces(['AccessControl']); + + describe('default admin', function () { + it('deployer has default admin role', async function () { + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)).to.be.true; + }); + + it("other roles's admin is the default admin role", async function () { + expect(await this.mock.getRoleAdmin(ROLE)).to.equal(DEFAULT_ADMIN_ROLE); + }); + + it("default admin role's admin is itself", async function () { + expect(await this.mock.getRoleAdmin(DEFAULT_ADMIN_ROLE)).to.equal(DEFAULT_ADMIN_ROLE); + }); + }); + + describe('granting', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + }); + + it('non-admin cannot grant role to other accounts', async function () { + await expect(this.mock.connect(this.other).grantRole(ROLE, this.authorized)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + it('accounts can be granted a role multiple times', async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + await expect(this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized)).to.not.emit( + this.mock, + 'RoleGranted', + ); + }); + }); + + describe('revoking', function () { + it('roles that are not had can be revoked', async function () { + expect(await this.mock.hasRole(ROLE, this.authorized)).to.be.false; + + await expect(this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.authorized)).to.not.emit( + this.mock, + 'RoleRevoked', + ); + }); + + describe('with granted role', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + }); + + it('admin can revoke role', async function () { + await expect(this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.authorized)) + .to.emit(this.mock, 'RoleRevoked') + .withArgs(ROLE, this.authorized, this.defaultAdmin); + + expect(await this.mock.hasRole(ROLE, this.authorized)).to.be.false; + }); + + it('non-admin cannot revoke role', async function () { + await expect(this.mock.connect(this.other).revokeRole(ROLE, this.authorized)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + it('a role can be revoked multiple times', async function () { + await this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.authorized); + + await expect(this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.authorized)).to.not.emit( + this.mock, + 'RoleRevoked', + ); + }); + }); + }); + + describe('renouncing', function () { + it('roles that are not had can be renounced', async function () { + await expect(this.mock.connect(this.authorized).renounceRole(ROLE, this.authorized)).to.not.emit( + this.mock, + 'RoleRevoked', + ); + }); + + describe('with granted role', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + }); + + it('bearer can renounce role', async function () { + await expect(this.mock.connect(this.authorized).renounceRole(ROLE, this.authorized)) + .to.emit(this.mock, 'RoleRevoked') + .withArgs(ROLE, this.authorized, this.authorized); + + expect(await this.mock.hasRole(ROLE, this.authorized)).to.be.false; + }); + + it('only the sender can renounce their roles', async function () { + await expect( + this.mock.connect(this.defaultAdmin).renounceRole(ROLE, this.authorized), + ).to.be.revertedWithCustomError(this.mock, 'AccessControlBadConfirmation'); + }); + + it('a role can be renounced multiple times', async function () { + await this.mock.connect(this.authorized).renounceRole(ROLE, this.authorized); + + await expect(this.mock.connect(this.authorized).renounceRole(ROLE, this.authorized)).not.to.emit( + this.mock, + 'RoleRevoked', + ); + }); + }); + }); + + describe('setting role admin', function () { + beforeEach(async function () { + await expect(this.mock.$_setRoleAdmin(ROLE, OTHER_ROLE)) + .to.emit(this.mock, 'RoleAdminChanged') + .withArgs(ROLE, DEFAULT_ADMIN_ROLE, OTHER_ROLE); + + await this.mock.connect(this.defaultAdmin).grantRole(OTHER_ROLE, this.otherAdmin); + }); + + it("a role's admin role can be changed", async function () { + expect(await this.mock.getRoleAdmin(ROLE)).to.equal(OTHER_ROLE); + }); + + it('the new admin can grant roles', async function () { + await expect(this.mock.connect(this.otherAdmin).grantRole(ROLE, this.authorized)) + .to.emit(this.mock, 'RoleGranted') + .withArgs(ROLE, this.authorized, this.otherAdmin); + }); + + it('the new admin can revoke roles', async function () { + await this.mock.connect(this.otherAdmin).grantRole(ROLE, this.authorized); + await expect(this.mock.connect(this.otherAdmin).revokeRole(ROLE, this.authorized)) + .to.emit(this.mock, 'RoleRevoked') + .withArgs(ROLE, this.authorized, this.otherAdmin); + }); + + it("a role's previous admins no longer grant roles", async function () { + await expect(this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.defaultAdmin, OTHER_ROLE); + }); + + it("a role's previous admins no longer revoke roles", async function () { + await expect(this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.authorized)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.defaultAdmin, OTHER_ROLE); + }); + }); + + describe('onlyRole modifier', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + }); + + it('do not revert if sender has role', async function () { + await this.mock.connect(this.authorized).$_checkRole(ROLE); + }); + + it("revert if sender doesn't have role #1", async function () { + await expect(this.mock.connect(this.other).$_checkRole(ROLE)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, ROLE); + }); + + it("revert if sender doesn't have role #2", async function () { + await expect(this.mock.connect(this.authorized).$_checkRole(OTHER_ROLE)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.authorized, OTHER_ROLE); + }); + }); + + describe('internal functions', function () { + describe('_grantRole', function () { + it('return true if the account does not have the role', async function () { + await expect(this.mock.$_grantRole(ROLE, this.authorized)) + .to.emit(this.mock, 'return$_grantRole') + .withArgs(true); + }); + + it('return false if the account has the role', async function () { + await this.mock.$_grantRole(ROLE, this.authorized); + + await expect(this.mock.$_grantRole(ROLE, this.authorized)) + .to.emit(this.mock, 'return$_grantRole') + .withArgs(false); + }); + }); + + describe('_revokeRole', function () { + it('return true if the account has the role', async function () { + await this.mock.$_grantRole(ROLE, this.authorized); + + await expect(this.mock.$_revokeRole(ROLE, this.authorized)) + .to.emit(this.mock, 'return$_revokeRole') + .withArgs(true); + }); + + it('return false if the account does not have the role', async function () { + await expect(this.mock.$_revokeRole(ROLE, this.authorized)) + .to.emit(this.mock, 'return$_revokeRole') + .withArgs(false); + }); + }); + }); +} + +function shouldBehaveLikeAccessControlEnumerable() { + beforeEach(async function () { + [this.authorized, this.other, this.otherAdmin, this.otherAuthorized] = this.accounts; + }); + + shouldSupportInterfaces(['AccessControlEnumerable']); + + describe('enumerating', function () { + it('role bearers can be enumerated', async function () { + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.authorized); + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.other); + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.otherAuthorized); + await this.mock.connect(this.defaultAdmin).revokeRole(ROLE, this.other); + + const expectedMembers = [this.authorized.address, this.otherAuthorized.address]; + + const memberCount = await this.mock.getRoleMemberCount(ROLE); + const members = []; + for (let i = 0; i < memberCount; ++i) { + members.push(await this.mock.getRoleMember(ROLE, i)); + } + + expect(memberCount).to.equal(expectedMembers.length); + expect(members).to.deep.equal(expectedMembers); + expect(await this.mock.getRoleMembers(ROLE)).to.deep.equal(expectedMembers); + }); + + it('role enumeration should be in sync after renounceRole call', async function () { + expect(await this.mock.getRoleMemberCount(ROLE)).to.equal(0); + await this.mock.connect(this.defaultAdmin).grantRole(ROLE, this.defaultAdmin); + expect(await this.mock.getRoleMemberCount(ROLE)).to.equal(1); + await this.mock.connect(this.defaultAdmin).renounceRole(ROLE, this.defaultAdmin); + expect(await this.mock.getRoleMemberCount(ROLE)).to.equal(0); + }); + }); +} + +function shouldBehaveLikeAccessControlDefaultAdminRules() { + shouldSupportInterfaces(['AccessControlDefaultAdminRules']); + + beforeEach(async function () { + [this.newDefaultAdmin, this.other] = this.accounts; + }); + + for (const getter of ['owner', 'defaultAdmin']) { + describe(`${getter}()`, function () { + it('has a default set to the initial default admin', async function () { + const value = await this.mock[getter](); + expect(value).to.equal(this.defaultAdmin); + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, value)).to.be.true; + }); + + it('changes if the default admin changes', async function () { + // Starts an admin transfer + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin); + + // Wait for acceptance + await time.increaseBy.timestamp(this.delay + 1n, false); + await this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer(); + + const value = await this.mock[getter](); + expect(value).to.equal(this.newDefaultAdmin); + }); + }); + } + + describe('pendingDefaultAdmin()', function () { + it('returns 0 if no pending default admin transfer', async function () { + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + + describe('when there is a scheduled default admin transfer', function () { + beforeEach('begins admin transfer', async function () { + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin); + }); + + for (const [fromSchedule, tag] of [ + [-1n, 'before'], + [0n, 'exactly when'], + [1n, 'after'], + ]) { + it(`returns pending admin and schedule ${tag} it passes if not accepted`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdmin(); + await time.increaseTo.timestamp(firstSchedule + fromSchedule); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(this.newDefaultAdmin); + expect(schedule).to.equal(firstSchedule); + }); + } + + it('returns 0 after schedule passes and the transfer was accepted', async function () { + // Wait after schedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdmin(); + await time.increaseTo.timestamp(firstSchedule + 1n, false); + + // Accepts + await this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer(); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + }); + }); + + describe('defaultAdminDelay()', function () { + it('returns the current delay', async function () { + expect(await this.mock.defaultAdminDelay()).to.equal(this.delay); + }); + + describe('when there is a scheduled delay change', function () { + const newDelay = 0x1337n; // Any change + + beforeEach('begins delay change', async function () { + await this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(newDelay); + }); + + for (const [fromSchedule, tag, expectNew, delayTag] of [ + [-1n, 'before', false, 'old'], + [0n, 'exactly when', false, 'old'], + [1n, 'after', true, 'new'], + ]) { + it(`returns ${delayTag} delay ${tag} delay schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule } = await this.mock.pendingDefaultAdminDelay(); + await time.increaseTo.timestamp(schedule + fromSchedule); + + const currentDelay = await this.mock.defaultAdminDelay(); + expect(currentDelay).to.equal(expectNew ? newDelay : this.delay); + }); + } + }); + }); + + describe('pendingDefaultAdminDelay()', function () { + it('returns 0 if not set', async function () { + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(0); + expect(schedule).to.equal(0); + }); + + describe('when there is a scheduled delay change', function () { + const newDelay = 0x1337n; // Any change + + beforeEach('begins admin transfer', async function () { + await this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(newDelay); + }); + + for (const [fromSchedule, tag, expectedDelay, delayTag, expectZeroSchedule] of [ + [-1n, 'before', newDelay, 'new'], + [0n, 'exactly when', newDelay, 'new'], + [1n, 'after', 0, 'zero', true], + ]) { + it(`returns ${delayTag} delay ${tag} delay schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdminDelay(); + await time.increaseTo.timestamp(firstSchedule + fromSchedule); + + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(expectedDelay); + expect(schedule).to.equal(expectZeroSchedule ? 0 : firstSchedule); + }); + } + }); + }); + + describe('defaultAdminDelayIncreaseWait()', function () { + it('should return 5 days (default)', async function () { + expect(await this.mock.defaultAdminDelayIncreaseWait()).to.equal(time.duration.days(5)); + }); + }); + + it('should revert if granting default admin role', async function () { + await expect( + this.mock.connect(this.defaultAdmin).grantRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin), + ).to.be.revertedWithCustomError(this.mock, 'AccessControlEnforcedDefaultAdminRules'); + }); + + it('should revert if revoking default admin role', async function () { + await expect( + this.mock.connect(this.defaultAdmin).revokeRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin), + ).to.be.revertedWithCustomError(this.mock, 'AccessControlEnforcedDefaultAdminRules'); + }); + + it("should revert if defaultAdmin's admin is changed", async function () { + await expect(this.mock.$_setRoleAdmin(DEFAULT_ADMIN_ROLE, OTHER_ROLE)).to.be.revertedWithCustomError( + this.mock, + 'AccessControlEnforcedDefaultAdminRules', + ); + }); + + it('should not grant the default admin role twice', async function () { + await expect(this.mock.$_grantRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)).to.be.revertedWithCustomError( + this.mock, + 'AccessControlEnforcedDefaultAdminRules', + ); + }); + + describe('begins a default admin transfer', function () { + it('reverts if called by non default admin accounts', async function () { + await expect(this.mock.connect(this.other).beginDefaultAdminTransfer(this.newDefaultAdmin)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + describe('when there is no pending delay nor pending admin transfer', function () { + it('should set pending default admin and schedule', async function () { + const nextBlockTimestamp = (await time.clock.timestamp()) + 1n; + const acceptSchedule = nextBlockTimestamp + this.delay; + + await time.increaseTo.timestamp(nextBlockTimestamp, false); // set timestamp but don't mine the block yet + await expect(this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin)) + .to.emit(this.mock, 'DefaultAdminTransferScheduled') + .withArgs(this.newDefaultAdmin, acceptSchedule); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(this.newDefaultAdmin); + expect(schedule).to.equal(acceptSchedule); + }); + }); + + describe('when there is a pending admin transfer', function () { + beforeEach('sets a pending default admin transfer', async function () { + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin); + this.acceptSchedule = (await time.clock.timestamp()) + this.delay; + }); + + for (const [fromSchedule, tag] of [ + [-1n, 'before'], + [0n, 'exactly when'], + [1n, 'after'], + ]) { + it(`should be able to begin a transfer again ${tag} acceptSchedule passes`, async function () { + // Wait until schedule + fromSchedule + await time.increaseTo.timestamp(this.acceptSchedule + fromSchedule, false); + + // defaultAdmin changes its mind and begin again to another address + await expect(this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.other)).to.emit( + this.mock, + 'DefaultAdminTransferCanceled', // Cancellation is always emitted since it was never accepted + ); + const newSchedule = (await time.clock.timestamp()) + this.delay; + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(this.other); + expect(schedule).to.equal(newSchedule); + }); + } + + it('should not emit a cancellation event if the new default admin accepted', async function () { + // Wait until the acceptSchedule has passed + await time.increaseTo.timestamp(this.acceptSchedule + 1n, false); + + // Accept and restart + await this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer(); + await expect(this.mock.connect(this.newDefaultAdmin).beginDefaultAdminTransfer(this.other)).to.not.emit( + this.mock, + 'DefaultAdminTransferCanceled', + ); + }); + }); + + describe('when there is a pending delay', function () { + const newDelay = time.duration.hours(3); + + beforeEach('schedule a delay change', async function () { + await this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(newDelay); + ({ schedule: this.effectSchedule } = await this.mock.pendingDefaultAdminDelay()); + }); + + for (const [fromSchedule, schedulePassed, expectNewDelay] of [ + [-1n, 'before', false], + [0n, 'exactly when', false], + [1n, 'after', true], + ]) { + it(`should set the ${ + expectNewDelay ? 'new' : 'old' + } delay and apply it to next default admin transfer schedule ${schedulePassed} effectSchedule passed`, async function () { + // Wait until the expected fromSchedule time + const nextBlockTimestamp = this.effectSchedule + fromSchedule; + await time.increaseTo.timestamp(nextBlockTimestamp, false); + + // Start the new default admin transfer and get its schedule + const expectedDelay = expectNewDelay ? newDelay : this.delay; + const expectedAcceptSchedule = nextBlockTimestamp + expectedDelay; + await expect(this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin)) + .to.emit(this.mock, 'DefaultAdminTransferScheduled') + .withArgs(this.newDefaultAdmin, expectedAcceptSchedule); + + // Check that the schedule corresponds with the new delay + const { newAdmin, schedule: transferSchedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(this.newDefaultAdmin); + expect(transferSchedule).to.equal(expectedAcceptSchedule); + }); + } + }); + }); + + describe('accepts transfer admin', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin); + this.acceptSchedule = (await time.clock.timestamp()) + this.delay; + }); + + it('should revert if caller is not pending default admin', async function () { + await time.increaseTo.timestamp(this.acceptSchedule + 1n, false); + await expect(this.mock.connect(this.other).acceptDefaultAdminTransfer()) + .to.be.revertedWithCustomError(this.mock, 'AccessControlInvalidDefaultAdmin') + .withArgs(this.other); + }); + + describe('when caller is pending default admin and delay has passed', function () { + beforeEach(async function () { + await time.increaseTo.timestamp(this.acceptSchedule + 1n, false); + }); + + it('accepts a transfer and changes default admin', async function () { + // Emit events + await expect(this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer()) + .to.emit(this.mock, 'RoleRevoked') + .withArgs(DEFAULT_ADMIN_ROLE, this.defaultAdmin, this.newDefaultAdmin) + .to.emit(this.mock, 'RoleGranted') + .withArgs(DEFAULT_ADMIN_ROLE, this.newDefaultAdmin, this.newDefaultAdmin); + + // Storage changes + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)).to.be.false; + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, this.newDefaultAdmin)).to.be.true; + expect(await this.mock.owner()).to.equal(this.newDefaultAdmin); + + // Resets pending default admin and schedule + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + }); + + describe('schedule not passed', function () { + for (const [fromSchedule, tag] of [ + [-1n, 'less'], + [0n, 'equal'], + ]) { + it(`should revert if block.timestamp is ${tag} to schedule`, async function () { + await time.increaseTo.timestamp(this.acceptSchedule + fromSchedule, false); + await expect(this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer()) + .to.be.revertedWithCustomError(this.mock, 'AccessControlEnforcedDefaultAdminDelay') + .withArgs(this.acceptSchedule); + }); + } + }); + }); + + describe('cancels a default admin transfer', function () { + it('reverts if called by non default admin accounts', async function () { + await expect(this.mock.connect(this.other).cancelDefaultAdminTransfer()) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + describe('when there is a pending default admin transfer', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(this.newDefaultAdmin); + this.acceptSchedule = (await time.clock.timestamp()) + this.delay; + }); + + for (const [fromSchedule, tag] of [ + [-1n, 'before'], + [0n, 'exactly when'], + [1n, 'after'], + ]) { + it(`resets pending default admin and schedule ${tag} transfer schedule passes`, async function () { + // Advance until passed delay + await time.increaseTo.timestamp(this.acceptSchedule + fromSchedule, false); + + await expect(this.mock.connect(this.defaultAdmin).cancelDefaultAdminTransfer()).to.emit( + this.mock, + 'DefaultAdminTransferCanceled', + ); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + } + + it('should revert if the previous default admin tries to accept', async function () { + await this.mock.connect(this.defaultAdmin).cancelDefaultAdminTransfer(); + + // Advance until passed delay + await time.increaseTo.timestamp(this.acceptSchedule + 1n, false); + + // Previous pending default admin should not be able to accept after cancellation. + await expect(this.mock.connect(this.newDefaultAdmin).acceptDefaultAdminTransfer()) + .to.be.revertedWithCustomError(this.mock, 'AccessControlInvalidDefaultAdmin') + .withArgs(this.newDefaultAdmin); + }); + }); + + describe('when there is no pending default admin transfer', function () { + it('should succeed without changes', async function () { + await expect(this.mock.connect(this.defaultAdmin).cancelDefaultAdminTransfer()).to.not.emit( + this.mock, + 'DefaultAdminTransferCanceled', + ); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + }); + }); + + describe('renounces admin', function () { + beforeEach(async function () { + await this.mock.connect(this.defaultAdmin).beginDefaultAdminTransfer(ethers.ZeroAddress); + this.expectedSchedule = (await time.clock.timestamp()) + this.delay; + }); + + it('reverts if caller is not default admin', async function () { + await time.increaseBy.timestamp(this.delay + 1n, false); + await expect( + this.mock.connect(this.defaultAdmin).renounceRole(DEFAULT_ADMIN_ROLE, this.other), + ).to.be.revertedWithCustomError(this.mock, 'AccessControlBadConfirmation'); + }); + + it("renouncing the admin role when not an admin doesn't affect the schedule", async function () { + await time.increaseBy.timestamp(this.delay + 1n, false); + await this.mock.connect(this.other).renounceRole(DEFAULT_ADMIN_ROLE, this.other); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(this.expectedSchedule); + }); + + it('keeps defaultAdmin consistent with hasRole if another non-defaultAdmin user renounces the DEFAULT_ADMIN_ROLE', async function () { + await time.increaseBy.timestamp(this.delay + 1n, false); + + // This passes because it's a noop + await this.mock.connect(this.other).renounceRole(DEFAULT_ADMIN_ROLE, this.other); + + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)).to.be.true; + expect(await this.mock.defaultAdmin()).to.equal(this.defaultAdmin); + }); + + it('renounces role', async function () { + await time.increaseBy.timestamp(this.delay + 1n, false); + await expect(this.mock.connect(this.defaultAdmin).renounceRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)) + .to.emit(this.mock, 'RoleRevoked') + .withArgs(DEFAULT_ADMIN_ROLE, this.defaultAdmin, this.defaultAdmin); + + expect(await this.mock.hasRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)).to.be.false; + expect(await this.mock.defaultAdmin()).to.equal(ethers.ZeroAddress); + expect(await this.mock.owner()).to.equal(ethers.ZeroAddress); + + const { newAdmin, schedule } = await this.mock.pendingDefaultAdmin(); + expect(newAdmin).to.equal(ethers.ZeroAddress); + expect(schedule).to.equal(0); + }); + + it('allows to recover access using the internal _grantRole', async function () { + await time.increaseBy.timestamp(this.delay + 1n, false); + await this.mock.connect(this.defaultAdmin).renounceRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin); + + await expect(this.mock.connect(this.defaultAdmin).$_grantRole(DEFAULT_ADMIN_ROLE, this.other)) + .to.emit(this.mock, 'RoleGranted') + .withArgs(DEFAULT_ADMIN_ROLE, this.other, this.defaultAdmin); + }); + + describe('schedule not passed', function () { + for (const [fromSchedule, tag] of [ + [-1n, 'less'], + [0n, 'equal'], + ]) { + it(`reverts if block.timestamp is ${tag} to schedule`, async function () { + await time.increaseBy.timestamp(this.delay + fromSchedule, false); + await expect(this.mock.connect(this.defaultAdmin).renounceRole(DEFAULT_ADMIN_ROLE, this.defaultAdmin)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlEnforcedDefaultAdminDelay') + .withArgs(this.expectedSchedule); + }); + } + }); + }); + + describe('changes delay', function () { + it('reverts if called by non default admin accounts', async function () { + await expect(this.mock.connect(this.other).changeDefaultAdminDelay(time.duration.hours(4))) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + for (const [delayDifference, delayChangeType] of [ + [time.duration.hours(-1), 'decreased'], + [time.duration.hours(1), 'increased'], + [time.duration.days(5), 'increased to more than 5 days'], + ]) { + describe(`when the delay is ${delayChangeType}`, function () { + beforeEach(function () { + this.newDefaultAdminDelay = this.delay + delayDifference; + }); + + it('begins the delay change to the new delay', async function () { + // Calculate expected values + const capWait = await this.mock.defaultAdminDelayIncreaseWait(); + const minWait = capWait < this.newDefaultAdminDelay ? capWait : this.newDefaultAdminDelay; + const changeDelay = + this.newDefaultAdminDelay <= this.delay ? this.delay - this.newDefaultAdminDelay : minWait; + const nextBlockTimestamp = (await time.clock.timestamp()) + 1n; + const effectSchedule = nextBlockTimestamp + changeDelay; + + await time.increaseTo.timestamp(nextBlockTimestamp, false); + + // Begins the change + await expect(this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(this.newDefaultAdminDelay)) + .to.emit(this.mock, 'DefaultAdminDelayChangeScheduled') + .withArgs(this.newDefaultAdminDelay, effectSchedule); + + // Assert + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(this.newDefaultAdminDelay); + expect(schedule).to.equal(effectSchedule); + }); + + describe('scheduling again', function () { + beforeEach('schedule once', async function () { + await this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(this.newDefaultAdminDelay); + }); + + for (const [fromSchedule, tag] of [ + [-1n, 'before'], + [0n, 'exactly when'], + [1n, 'after'], + ]) { + const passed = fromSchedule > 0; + + it(`succeeds ${tag} the delay schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdminDelay(); + const nextBlockTimestamp = firstSchedule + fromSchedule; + await time.increaseTo.timestamp(nextBlockTimestamp, false); + + // Calculate expected values + const anotherNewDefaultAdminDelay = this.newDefaultAdminDelay + time.duration.hours(2); + const capWait = await this.mock.defaultAdminDelayIncreaseWait(); + const minWait = capWait < anotherNewDefaultAdminDelay ? capWait : anotherNewDefaultAdminDelay; + const effectSchedule = nextBlockTimestamp + minWait; + + // Default admin changes its mind and begins another delay change + await expect(this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(anotherNewDefaultAdminDelay)) + .to.emit(this.mock, 'DefaultAdminDelayChangeScheduled') + .withArgs(anotherNewDefaultAdminDelay, effectSchedule); + + // Assert + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(anotherNewDefaultAdminDelay); + expect(schedule).to.equal(effectSchedule); + }); + + const emit = passed ? 'not emit' : 'emit'; + it(`should ${emit} a cancellation event ${tag} the delay schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdminDelay(); + await time.increaseTo.timestamp(firstSchedule + fromSchedule, false); + + // Default admin changes its mind and begins another delay change + const anotherNewDefaultAdminDelay = this.newDefaultAdminDelay + time.duration.hours(2); + + const expected = expect( + this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(anotherNewDefaultAdminDelay), + ); + if (passed) { + await expected.to.not.emit(this.mock, 'DefaultAdminDelayChangeCanceled'); + } else { + await expected.to.emit(this.mock, 'DefaultAdminDelayChangeCanceled'); + } + }); + } + }); + }); + } + }); + + describe('rollbacks a delay change', function () { + it('reverts if called by non default admin accounts', async function () { + await expect(this.mock.connect(this.other).rollbackDefaultAdminDelay()) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, DEFAULT_ADMIN_ROLE); + }); + + describe('when there is a pending delay', function () { + beforeEach('set pending delay', async function () { + await this.mock.connect(this.defaultAdmin).changeDefaultAdminDelay(time.duration.hours(12)); + }); + + for (const [fromSchedule, tag] of [ + [-1n, 'before'], + [0n, 'exactly when'], + [1n, 'after'], + ]) { + const passed = fromSchedule > 0; + + it(`resets pending delay and schedule ${tag} delay change schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdminDelay(); + await time.increaseTo.timestamp(firstSchedule + fromSchedule, false); + + await this.mock.connect(this.defaultAdmin).rollbackDefaultAdminDelay(); + + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(0); + expect(schedule).to.equal(0); + }); + + const emit = passed ? 'not emit' : 'emit'; + it(`should ${emit} a cancellation event ${tag} the delay schedule passes`, async function () { + // Wait until schedule + fromSchedule + const { schedule: firstSchedule } = await this.mock.pendingDefaultAdminDelay(); + await time.increaseTo.timestamp(firstSchedule + fromSchedule, false); + + const expected = expect(this.mock.connect(this.defaultAdmin).rollbackDefaultAdminDelay()); + if (passed) { + await expected.to.not.emit(this.mock, 'DefaultAdminDelayChangeCanceled'); + } else { + await expected.to.emit(this.mock, 'DefaultAdminDelayChangeCanceled'); + } + }); + } + }); + + describe('when there is no pending delay', function () { + it('succeeds without changes', async function () { + await this.mock.connect(this.defaultAdmin).rollbackDefaultAdminDelay(); + + const { newDelay, schedule } = await this.mock.pendingDefaultAdminDelay(); + expect(newDelay).to.equal(0); + expect(schedule).to.equal(0); + }); + }); + }); +} + +module.exports = { + DEFAULT_ADMIN_ROLE, + shouldBehaveLikeAccessControl, + shouldBehaveLikeAccessControlEnumerable, + shouldBehaveLikeAccessControlDefaultAdminRules, +}; diff --git a/dependencies/@openzeppelin/test/access/AccessControl.test.js b/dependencies/@openzeppelin/test/access/AccessControl.test.js new file mode 100644 index 00000000..5c70cdc6 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/AccessControl.test.js @@ -0,0 +1,19 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { DEFAULT_ADMIN_ROLE, shouldBehaveLikeAccessControl } = require('./AccessControl.behavior'); + +async function fixture() { + const [defaultAdmin, ...accounts] = await ethers.getSigners(); + const mock = await ethers.deployContract('$AccessControl'); + await mock.$_grantRole(DEFAULT_ADMIN_ROLE, defaultAdmin); + return { mock, defaultAdmin, accounts }; +} + +describe('AccessControl', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeAccessControl(); +}); diff --git a/dependencies/@openzeppelin/test/access/Ownable.test.js b/dependencies/@openzeppelin/test/access/Ownable.test.js new file mode 100644 index 00000000..2d9b561a --- /dev/null +++ b/dependencies/@openzeppelin/test/access/Ownable.test.js @@ -0,0 +1,79 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [owner, other] = await ethers.getSigners(); + const ownable = await ethers.deployContract('$Ownable', [owner]); + return { owner, other, ownable }; +} + +describe('Ownable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('emits ownership transfer events during construction', async function () { + await expect(this.ownable.deploymentTransaction()) + .to.emit(this.ownable, 'OwnershipTransferred') + .withArgs(ethers.ZeroAddress, this.owner); + }); + + it('rejects zero address for initialOwner', async function () { + await expect(ethers.deployContract('$Ownable', [ethers.ZeroAddress])) + .to.be.revertedWithCustomError({ interface: this.ownable.interface }, 'OwnableInvalidOwner') + .withArgs(ethers.ZeroAddress); + }); + + it('has an owner', async function () { + expect(await this.ownable.owner()).to.equal(this.owner); + }); + + describe('transfer ownership', function () { + it('changes owner after transfer', async function () { + await expect(this.ownable.connect(this.owner).transferOwnership(this.other)) + .to.emit(this.ownable, 'OwnershipTransferred') + .withArgs(this.owner, this.other); + + expect(await this.ownable.owner()).to.equal(this.other); + }); + + it('prevents non-owners from transferring', async function () { + await expect(this.ownable.connect(this.other).transferOwnership(this.other)) + .to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount') + .withArgs(this.other); + }); + + it('guards ownership against stuck state', async function () { + await expect(this.ownable.connect(this.owner).transferOwnership(ethers.ZeroAddress)) + .to.be.revertedWithCustomError(this.ownable, 'OwnableInvalidOwner') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('renounce ownership', function () { + it('loses ownership after renouncement', async function () { + await expect(this.ownable.connect(this.owner).renounceOwnership()) + .to.emit(this.ownable, 'OwnershipTransferred') + .withArgs(this.owner, ethers.ZeroAddress); + + expect(await this.ownable.owner()).to.equal(ethers.ZeroAddress); + }); + + it('prevents non-owners from renouncement', async function () { + await expect(this.ownable.connect(this.other).renounceOwnership()) + .to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount') + .withArgs(this.other); + }); + + it('allows to recover access using the internal _transferOwnership', async function () { + await this.ownable.connect(this.owner).renounceOwnership(); + + await expect(this.ownable.$_transferOwnership(this.other)) + .to.emit(this.ownable, 'OwnershipTransferred') + .withArgs(ethers.ZeroAddress, this.other); + + expect(await this.ownable.owner()).to.equal(this.other); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/access/Ownable2Step.test.js b/dependencies/@openzeppelin/test/access/Ownable2Step.test.js new file mode 100644 index 00000000..5620a249 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/Ownable2Step.test.js @@ -0,0 +1,102 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [owner, accountA, accountB] = await ethers.getSigners(); + const ownable2Step = await ethers.deployContract('$Ownable2Step', [owner]); + return { + ownable2Step, + owner, + accountA, + accountB, + }; +} + +describe('Ownable2Step', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('transfer ownership', function () { + it('starting a transfer does not change owner', async function () { + await expect(this.ownable2Step.connect(this.owner).transferOwnership(this.accountA)) + .to.emit(this.ownable2Step, 'OwnershipTransferStarted') + .withArgs(this.owner, this.accountA); + + expect(await this.ownable2Step.owner()).to.equal(this.owner); + expect(await this.ownable2Step.pendingOwner()).to.equal(this.accountA); + }); + + it('changes owner after transfer', async function () { + await this.ownable2Step.connect(this.owner).transferOwnership(this.accountA); + + await expect(this.ownable2Step.connect(this.accountA).acceptOwnership()) + .to.emit(this.ownable2Step, 'OwnershipTransferred') + .withArgs(this.owner, this.accountA); + + expect(await this.ownable2Step.owner()).to.equal(this.accountA); + expect(await this.ownable2Step.pendingOwner()).to.equal(ethers.ZeroAddress); + }); + + it('guards transfer against invalid user', async function () { + await this.ownable2Step.connect(this.owner).transferOwnership(this.accountA); + + await expect(this.ownable2Step.connect(this.accountB).acceptOwnership()) + .to.be.revertedWithCustomError(this.ownable2Step, 'OwnableUnauthorizedAccount') + .withArgs(this.accountB); + }); + }); + + describe('renouncing ownership', function () { + it('changes owner after renouncing ownership', async function () { + await expect(this.ownable2Step.connect(this.owner).renounceOwnership()) + .to.emit(this.ownable2Step, 'OwnershipTransferred') + .withArgs(this.owner, ethers.ZeroAddress); + + // If renounceOwnership is removed from parent an alternative is needed ... + // without it is difficult to cleanly renounce with the two step process + // see: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3620#discussion_r957930388 + expect(await this.ownable2Step.owner()).to.equal(ethers.ZeroAddress); + }); + + it('pending owner resets after renouncing ownership', async function () { + await this.ownable2Step.connect(this.owner).transferOwnership(this.accountA); + expect(await this.ownable2Step.pendingOwner()).to.equal(this.accountA); + + await this.ownable2Step.connect(this.owner).renounceOwnership(); + expect(await this.ownable2Step.pendingOwner()).to.equal(ethers.ZeroAddress); + + await expect(this.ownable2Step.connect(this.accountA).acceptOwnership()) + .to.be.revertedWithCustomError(this.ownable2Step, 'OwnableUnauthorizedAccount') + .withArgs(this.accountA); + }); + + it('allows to recover access using the internal _transferOwnership', async function () { + await this.ownable2Step.connect(this.owner).renounceOwnership(); + + await expect(this.ownable2Step.$_transferOwnership(this.accountA)) + .to.emit(this.ownable2Step, 'OwnershipTransferred') + .withArgs(ethers.ZeroAddress, this.accountA); + + expect(await this.ownable2Step.owner()).to.equal(this.accountA); + }); + + it('allows the owner to cancel an initiated ownership transfer by setting newOwner to zero address', async function () { + // initiate ownership transfer to accountA + await this.ownable2Step.connect(this.owner).transferOwnership(this.accountA); + expect(await this.ownable2Step.pendingOwner()).to.equal(this.accountA); + + // cancel the ownership transfer by setting newOwner to zero address + await expect(this.ownable2Step.connect(this.owner).transferOwnership(ethers.ZeroAddress)) + .to.emit(this.ownable2Step, 'OwnershipTransferStarted') + .withArgs(this.owner, ethers.ZeroAddress); + expect(await this.ownable2Step.pendingOwner()).to.equal(ethers.ZeroAddress); + + // verify that accountA cannot accept ownership anymore + await expect(this.ownable2Step.connect(this.accountA).acceptOwnership()) + .to.be.revertedWithCustomError(this.ownable2Step, 'OwnableUnauthorizedAccount') + .withArgs(this.accountA); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/access/extensions/AccessControlDefaultAdminRules.test.js b/dependencies/@openzeppelin/test/access/extensions/AccessControlDefaultAdminRules.test.js new file mode 100644 index 00000000..48036fd9 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/extensions/AccessControlDefaultAdminRules.test.js @@ -0,0 +1,32 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const time = require('../../helpers/time'); + +const { + shouldBehaveLikeAccessControl, + shouldBehaveLikeAccessControlDefaultAdminRules, +} = require('../AccessControl.behavior'); + +async function fixture() { + const delay = time.duration.hours(10); + const [defaultAdmin, ...accounts] = await ethers.getSigners(); + const mock = await ethers.deployContract('$AccessControlDefaultAdminRules', [delay, defaultAdmin]); + return { mock, defaultAdmin, delay, accounts }; +} + +describe('AccessControlDefaultAdminRules', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('initial admin not zero', async function () { + await expect(ethers.deployContract('$AccessControlDefaultAdminRules', [this.delay, ethers.ZeroAddress])) + .to.be.revertedWithCustomError(this.mock, 'AccessControlInvalidDefaultAdmin') + .withArgs(ethers.ZeroAddress); + }); + + shouldBehaveLikeAccessControl(); + shouldBehaveLikeAccessControlDefaultAdminRules(); +}); diff --git a/dependencies/@openzeppelin/test/access/extensions/AccessControlEnumerable.test.js b/dependencies/@openzeppelin/test/access/extensions/AccessControlEnumerable.test.js new file mode 100644 index 00000000..ea1a8c46 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/extensions/AccessControlEnumerable.test.js @@ -0,0 +1,24 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { + DEFAULT_ADMIN_ROLE, + shouldBehaveLikeAccessControl, + shouldBehaveLikeAccessControlEnumerable, +} = require('../AccessControl.behavior'); + +async function fixture() { + const [defaultAdmin, ...accounts] = await ethers.getSigners(); + const mock = await ethers.deployContract('$AccessControlEnumerable'); + await mock.$_grantRole(DEFAULT_ADMIN_ROLE, defaultAdmin); + return { mock, defaultAdmin, accounts }; +} + +describe('AccessControlEnumerable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeAccessControl(); + shouldBehaveLikeAccessControlEnumerable(); +}); diff --git a/dependencies/@openzeppelin/test/access/manager/AccessManaged.test.js b/dependencies/@openzeppelin/test/access/manager/AccessManaged.test.js new file mode 100644 index 00000000..d666b5e6 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/manager/AccessManaged.test.js @@ -0,0 +1,146 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { impersonate } = require('../../helpers/account'); +const time = require('../../helpers/time'); + +async function fixture() { + const [admin, roleMember, other] = await ethers.getSigners(); + + const authority = await ethers.deployContract('$AccessManager', [admin]); + const managed = await ethers.deployContract('$AccessManagedTarget', [authority]); + + const anotherAuthority = await ethers.deployContract('$AccessManager', [admin]); + const authorityObserveIsConsuming = await ethers.deployContract('$AuthorityObserveIsConsuming'); + + await impersonate(authority.target); + const authorityAsSigner = await ethers.getSigner(authority.target); + + return { + roleMember, + other, + authorityAsSigner, + authority, + managed, + authorityObserveIsConsuming, + anotherAuthority, + }; +} + +describe('AccessManaged', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('sets authority and emits AuthorityUpdated event during construction', async function () { + await expect(this.managed.deploymentTransaction()) + .to.emit(this.managed, 'AuthorityUpdated') + .withArgs(this.authority); + }); + + describe('restricted modifier', function () { + beforeEach(async function () { + this.selector = this.managed.fnRestricted.getFragment().selector; + this.role = 42n; + await this.authority.$_setTargetFunctionRole(this.managed, this.selector, this.role); + await this.authority.$_grantRole(this.role, this.roleMember, 0, 0); + }); + + it('succeeds when role is granted without execution delay', async function () { + await this.managed.connect(this.roleMember)[this.selector](); + }); + + it('reverts when role is not granted', async function () { + await expect(this.managed.connect(this.other)[this.selector]()) + .to.be.revertedWithCustomError(this.managed, 'AccessManagedUnauthorized') + .withArgs(this.other); + }); + + it('panics in short calldata', async function () { + // We avoid adding the `restricted` modifier to the fallback function because other tests may depend on it + // being accessible without restrictions. We check for the internal `_checkCanCall` instead. + await expect(this.managed.$_checkCanCall(this.roleMember, '0x1234')).to.be.reverted; + }); + + describe('when role is granted with execution delay', function () { + beforeEach(async function () { + const executionDelay = 911n; + await this.authority.$_grantRole(this.role, this.roleMember, 0, executionDelay); + }); + + it('reverts if the operation is not scheduled', async function () { + const fn = this.managed.interface.getFunction(this.selector); + const calldata = this.managed.interface.encodeFunctionData(fn, []); + const opId = await this.authority.hashOperation(this.roleMember, this.managed, calldata); + + await expect(this.managed.connect(this.roleMember)[this.selector]()) + .to.be.revertedWithCustomError(this.authority, 'AccessManagerNotScheduled') + .withArgs(opId); + }); + + it('succeeds if the operation is scheduled', async function () { + // Arguments + const delay = time.duration.hours(12); + const fn = this.managed.interface.getFunction(this.selector); + const calldata = this.managed.interface.encodeFunctionData(fn, []); + + // Schedule + const scheduledAt = (await time.clock.timestamp()) + 1n; + const when = scheduledAt + delay; + await time.increaseTo.timestamp(scheduledAt, false); + await this.authority.connect(this.roleMember).schedule(this.managed, calldata, when); + + // Set execution date + await time.increaseTo.timestamp(when, false); + + // Shouldn't revert + await this.managed.connect(this.roleMember)[this.selector](); + }); + }); + }); + + describe('setAuthority', function () { + it('reverts if the caller is not the authority', async function () { + await expect(this.managed.connect(this.other).setAuthority(this.other)) + .to.be.revertedWithCustomError(this.managed, 'AccessManagedUnauthorized') + .withArgs(this.other); + }); + + it('reverts if the new authority is not a valid authority', async function () { + await expect(this.managed.connect(this.authorityAsSigner).setAuthority(this.other)) + .to.be.revertedWithCustomError(this.managed, 'AccessManagedInvalidAuthority') + .withArgs(this.other); + }); + + it('sets authority and emits AuthorityUpdated event', async function () { + await expect(this.managed.connect(this.authorityAsSigner).setAuthority(this.anotherAuthority)) + .to.emit(this.managed, 'AuthorityUpdated') + .withArgs(this.anotherAuthority); + + expect(await this.managed.authority()).to.equal(this.anotherAuthority); + }); + }); + + describe('isConsumingScheduledOp', function () { + beforeEach(async function () { + await this.managed.connect(this.authorityAsSigner).setAuthority(this.authorityObserveIsConsuming); + }); + + it('returns bytes4(0) when not consuming operation', async function () { + expect(await this.managed.isConsumingScheduledOp()).to.equal('0x00000000'); + }); + + it('returns isConsumingScheduledOp selector when consuming operation', async function () { + const isConsumingScheduledOp = this.managed.interface.getFunction('isConsumingScheduledOp()'); + const fnRestricted = this.managed.fnRestricted.getFragment(); + await expect(this.managed.connect(this.other).fnRestricted()) + .to.emit(this.authorityObserveIsConsuming, 'ConsumeScheduledOpCalled') + .withArgs( + this.other, + this.managed.interface.encodeFunctionData(fnRestricted, []), + isConsumingScheduledOp.selector, + ); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/access/manager/AccessManager.behavior.js b/dependencies/@openzeppelin/test/access/manager/AccessManager.behavior.js new file mode 100644 index 00000000..385da578 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/manager/AccessManager.behavior.js @@ -0,0 +1,257 @@ +const { expect } = require('chai'); + +const { + LIKE_COMMON_IS_EXECUTING, + LIKE_COMMON_GET_ACCESS, + LIKE_COMMON_SCHEDULABLE, + testAsSchedulableOperation, + testAsRestrictedOperation, + testAsDelayedOperation, + testAsCanCall, + testAsHasRole, +} = require('./AccessManager.predicate'); + +// ============ ADMIN OPERATION ============ + +/** + * @requires this.{manager,roles,calldata,role} + */ +function shouldBehaveLikeDelayedAdminOperation() { + const getAccessPath = LIKE_COMMON_GET_ACCESS; + testAsDelayedOperation.mineDelay = true; + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.afterGrantDelay = + testAsDelayedOperation; + getAccessPath.requiredRoleIsGranted.roleGrantingIsNotDelayed.callerHasAnExecutionDelay = function () { + beforeEach('set execution delay', async function () { + this.scheduleIn = this.executionDelay; // For testAsDelayedOperation + }); + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }; + + beforeEach('set target as manager', function () { + this.target = this.manager; + }); + + testAsRestrictedOperation({ + callerIsTheManager: LIKE_COMMON_IS_EXECUTING, + callerIsNotTheManager() { + testAsHasRole({ + publicRoleIsRequired() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.target, 'AccessManagerUnauthorizedAccount') + .withArgs( + this.caller, + this.roles.ADMIN.id, // Although PUBLIC is required, target function role doesn't apply to admin ops + ); + }); + }, + specificRoleIsRequired: getAccessPath, + }); + }, + }); +} + +/** + * @requires this.{manager,roles,calldata,role} + */ +function shouldBehaveLikeNotDelayedAdminOperation() { + const getAccessPath = LIKE_COMMON_GET_ACCESS; + + function testScheduleOperation(mineDelay) { + return function self() { + self.mineDelay = mineDelay; + beforeEach('set execution delay', async function () { + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }; + } + + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.afterGrantDelay = + testScheduleOperation(true); + getAccessPath.requiredRoleIsGranted.roleGrantingIsNotDelayed.callerHasAnExecutionDelay = testScheduleOperation(false); + + beforeEach('set target as manager', function () { + this.target = this.manager; + }); + + testAsRestrictedOperation({ + callerIsTheManager: LIKE_COMMON_IS_EXECUTING, + callerIsNotTheManager() { + testAsHasRole({ + publicRoleIsRequired() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.target, 'AccessManagerUnauthorizedAccount') + .withArgs( + this.caller, + this.roles.ADMIN.id, // Although PUBLIC_ROLE is required, admin ops are not subject to target function roles + ); + }); + }, + specificRoleIsRequired: getAccessPath, + }); + }, + }); +} + +/** + * @requires this.{manager,roles,calldata,role} + */ +function shouldBehaveLikeRoleAdminOperation(roleAdmin) { + const getAccessPath = LIKE_COMMON_GET_ACCESS; + + function afterGrantDelay() { + afterGrantDelay.mineDelay = true; + beforeEach('set execution delay', async function () { + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + } + + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.afterGrantDelay = afterGrantDelay; + getAccessPath.requiredRoleIsGranted.roleGrantingIsNotDelayed.callerHasAnExecutionDelay = afterGrantDelay; + + beforeEach('set target as manager', function () { + this.target = this.manager; + }); + + testAsRestrictedOperation({ + callerIsTheManager: LIKE_COMMON_IS_EXECUTING, + callerIsNotTheManager() { + testAsHasRole({ + publicRoleIsRequired() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.target, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, roleAdmin); + }); + }, + specificRoleIsRequired: getAccessPath, + }); + }, + }); +} + +// ============ RESTRICTED OPERATION ============ + +/** + * @requires this.{manager,roles,calldata,role} + */ +function shouldBehaveLikeAManagedRestrictedOperation() { + function revertUnauthorized() { + it('reverts as AccessManagedUnauthorized', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.target, 'AccessManagedUnauthorized') + .withArgs(this.caller); + }); + } + + const getAccessPath = LIKE_COMMON_GET_ACCESS; + + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.beforeGrantDelay = + revertUnauthorized; + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasNoExecutionDelay.beforeGrantDelay = + revertUnauthorized; + getAccessPath.requiredRoleIsNotGranted = revertUnauthorized; + + function testScheduleOperation(mineDelay) { + return function self() { + self.mineDelay = mineDelay; + beforeEach('sets execution delay', async function () { + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }; + } + + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.afterGrantDelay = + testScheduleOperation(true); + getAccessPath.requiredRoleIsGranted.roleGrantingIsNotDelayed.callerHasAnExecutionDelay = testScheduleOperation(false); + + const isExecutingPath = LIKE_COMMON_IS_EXECUTING; + isExecutingPath.notExecuting = revertUnauthorized; + + testAsCanCall({ + closed: revertUnauthorized, + open: { + callerIsTheManager: isExecutingPath, + callerIsNotTheManager: { + publicRoleIsRequired() { + it('succeeds called directly', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + + it('succeeds via execute', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + specificRoleIsRequired: getAccessPath, + }, + }, + }); +} + +/** + * @requires this.{target,manager,roles,calldata,role} + */ +function shouldBehaveLikeASelfRestrictedOperation() { + function revertUnauthorized() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, this.role?.id ?? 0n); + }); + } + + const getAccessPath = LIKE_COMMON_GET_ACCESS; + + function testScheduleOperation(mineDelay) { + return function self() { + self.mineDelay = mineDelay; + beforeEach('sets execution delay', async function () { + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }; + } + + getAccessPath.requiredRoleIsGranted.roleGrantingIsDelayed.callerHasAnExecutionDelay.afterGrantDelay = + testScheduleOperation(true); + getAccessPath.requiredRoleIsGranted.roleGrantingIsNotDelayed.callerHasAnExecutionDelay = testScheduleOperation(false); + + beforeEach('set target as manager', function () { + this.target = this.manager; + }); + + const isExecutingPath = LIKE_COMMON_IS_EXECUTING; + isExecutingPath.notExecuting = revertUnauthorized; + + testAsCanCall({ + closed: revertUnauthorized, + open: { + callerIsTheManager: isExecutingPath, + callerIsNotTheManager: { + publicRoleIsRequired() { + it('succeeds called directly', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + + it('succeeds via execute', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + specificRoleIsRequired: getAccessPath, + }, + }, + }); +} + +module.exports = { + shouldBehaveLikeDelayedAdminOperation, + shouldBehaveLikeNotDelayedAdminOperation, + shouldBehaveLikeRoleAdminOperation, + shouldBehaveLikeAManagedRestrictedOperation, + shouldBehaveLikeASelfRestrictedOperation, +}; diff --git a/dependencies/@openzeppelin/test/access/manager/AccessManager.predicate.js b/dependencies/@openzeppelin/test/access/manager/AccessManager.predicate.js new file mode 100644 index 00000000..8b4c5f4b --- /dev/null +++ b/dependencies/@openzeppelin/test/access/manager/AccessManager.predicate.js @@ -0,0 +1,456 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { setStorageAt } = require('@nomicfoundation/hardhat-network-helpers'); + +const { EXECUTION_ID_STORAGE_SLOT, EXPIRATION, prepareOperation } = require('../../helpers/access-manager'); +const { impersonate } = require('../../helpers/account'); +const time = require('../../helpers/time'); + +// ============ COMMON PREDICATES ============ + +const LIKE_COMMON_IS_EXECUTING = { + executing() { + it('succeeds', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + }, + notExecuting() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, this.role.id); + }); + }, +}; + +const LIKE_COMMON_GET_ACCESS = { + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, this.role.id); + }); + }, + afterGrantDelay: undefined, // Diverges if there's an operation delay or not + }, + callerHasNoExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, this.role.id); + }); + }, + afterGrantDelay() { + it('succeeds called directly', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + + it('succeeds via execute', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay: undefined, // Diverges if there's an operation to schedule or not + callerHasNoExecutionDelay() { + it('succeeds called directly', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + + it('succeeds via execute', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('reverts as AccessManagerUnauthorizedAccount', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedAccount') + .withArgs(this.caller, this.role.id); + }); + }, +}; + +const LIKE_COMMON_SCHEDULABLE = { + scheduled: { + before() { + it('reverts as AccessManagerNotReady', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotReady') + .withArgs(this.operationId); + }); + }, + after() { + it('succeeds called directly', async function () { + await this.caller.sendTransaction({ to: this.target, data: this.calldata }); + }); + + it('succeeds via execute', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + expired() { + it('reverts as AccessManagerExpired', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerExpired') + .withArgs(this.operationId); + }); + }, + }, + notScheduled() { + it('reverts as AccessManagerNotScheduled', async function () { + await expect(this.caller.sendTransaction({ to: this.target, data: this.calldata })) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled') + .withArgs(this.operationId); + }); + }, +}; + +// ============ MODE ============ + +/** + * @requires this.{manager,target} + */ +function testAsClosable({ closed, open }) { + describe('when the manager is closed', function () { + beforeEach('close', async function () { + await this.manager.$_setTargetClosed(this.target, true); + }); + + closed(); + }); + + describe('when the manager is open', function () { + beforeEach('open', async function () { + await this.manager.$_setTargetClosed(this.target, false); + }); + + open(); + }); +} + +// ============ DELAY ============ + +/** + * @requires this.{delay} + */ +function testAsDelay(type, { before, after }) { + beforeEach('define timestamp when delay takes effect', async function () { + const timestamp = await time.clock.timestamp(); + this.delayEffect = timestamp + this.delay; + }); + + describe(`when ${type} delay has not taken effect yet`, function () { + beforeEach(`set next block timestamp before ${type} takes effect`, async function () { + await time.increaseTo.timestamp(this.delayEffect - 1n, !!before.mineDelay); + }); + + before(); + }); + + describe(`when ${type} delay has taken effect`, function () { + beforeEach(`set next block timestamp when ${type} takes effect`, async function () { + await time.increaseTo.timestamp(this.delayEffect, !!after.mineDelay); + }); + + after(); + }); +} + +// ============ OPERATION ============ + +/** + * @requires this.{manager,scheduleIn,caller,target,calldata} + */ +function testAsSchedulableOperation({ scheduled: { before, after, expired }, notScheduled }) { + describe('when operation is scheduled', function () { + beforeEach('schedule operation', async function () { + if (this.caller.target) { + await impersonate(this.caller.target); + this.caller = await ethers.getSigner(this.caller.target); + } + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.scheduleIn, + }); + await schedule(); + this.operationId = operationId; + }); + + describe('when operation is not ready for execution', function () { + beforeEach('set next block time before operation is ready', async function () { + this.scheduledAt = await time.clock.timestamp(); + const schedule = await this.manager.getSchedule(this.operationId); + await time.increaseTo.timestamp(schedule - 1n, !!before.mineDelay); + }); + + before(); + }); + + describe('when operation is ready for execution', function () { + beforeEach('set next block time when operation is ready for execution', async function () { + this.scheduledAt = await time.clock.timestamp(); + const schedule = await this.manager.getSchedule(this.operationId); + await time.increaseTo.timestamp(schedule, !!after.mineDelay); + }); + + after(); + }); + + describe('when operation has expired', function () { + beforeEach('set next block time when operation expired', async function () { + this.scheduledAt = await time.clock.timestamp(); + const schedule = await this.manager.getSchedule(this.operationId); + await time.increaseTo.timestamp(schedule + EXPIRATION, !!expired.mineDelay); + }); + + expired(); + }); + }); + + describe('when operation is not scheduled', function () { + beforeEach('set expected operationId', async function () { + this.operationId = await this.manager.hashOperation(this.caller, this.target, this.calldata); + + // Assert operation is not scheduled + expect(await this.manager.getSchedule(this.operationId)).to.equal(0n); + }); + + notScheduled(); + }); +} + +/** + * @requires this.{manager,roles,target,calldata} + */ +function testAsRestrictedOperation({ callerIsTheManager: { executing, notExecuting }, callerIsNotTheManager }) { + describe('when the call comes from the manager (msg.sender == manager)', function () { + beforeEach('define caller as manager', async function () { + this.caller = this.manager; + if (this.caller.target) { + await impersonate(this.caller.target); + this.caller = await ethers.getSigner(this.caller.target); + } + }); + + describe('when _executionId is in storage for target and selector', function () { + beforeEach('set _executionId flag from calldata and target', async function () { + const executionId = ethers.keccak256( + ethers.AbiCoder.defaultAbiCoder().encode( + ['address', 'bytes4'], + [this.target.target, this.calldata.substring(0, 10)], + ), + ); + await setStorageAt(this.manager.target, EXECUTION_ID_STORAGE_SLOT, executionId); + }); + + executing(); + }); + + describe('when _executionId does not match target and selector', notExecuting); + }); + + describe('when the call does not come from the manager (msg.sender != manager)', function () { + beforeEach('define non manager caller', function () { + this.caller = this.roles.SOME.members[0]; + }); + + callerIsNotTheManager(); + }); +} + +/** + * @requires this.{manager,scheduleIn,caller,target,calldata,executionDelay} + */ +function testAsDelayedOperation() { + describe('with operation delay', function () { + describe('when operation delay is greater than execution delay', function () { + beforeEach('set operation delay', async function () { + this.operationDelay = this.executionDelay + time.duration.hours(1); + await this.manager.$_setTargetAdminDelay(this.target, this.operationDelay); + this.scheduleIn = this.operationDelay; // For testAsSchedulableOperation + }); + + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }); + + describe('when operation delay is shorter than execution delay', function () { + beforeEach('set operation delay', async function () { + this.operationDelay = this.executionDelay - time.duration.hours(1); + await this.manager.$_setTargetAdminDelay(this.target, this.operationDelay); + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }); + }); + + describe('without operation delay', function () { + beforeEach('set operation delay', async function () { + this.operationDelay = 0n; + await this.manager.$_setTargetAdminDelay(this.target, this.operationDelay); + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }); +} + +// ============ METHOD ============ + +/** + * @requires this.{manager,roles,role,target,calldata} + */ +function testAsCanCall({ + closed, + open: { + callerIsTheManager, + callerIsNotTheManager: { publicRoleIsRequired, specificRoleIsRequired }, + }, +}) { + testAsClosable({ + closed, + open() { + testAsRestrictedOperation({ + callerIsTheManager, + callerIsNotTheManager() { + testAsHasRole({ + publicRoleIsRequired, + specificRoleIsRequired, + }); + }, + }); + }, + }); +} + +/** + * @requires this.{target,calldata,roles,role} + */ +function testAsHasRole({ publicRoleIsRequired, specificRoleIsRequired }) { + describe('when the function requires the caller to be granted with the PUBLIC_ROLE', function () { + beforeEach('set target function role as PUBLIC_ROLE', async function () { + this.role = this.roles.PUBLIC; + await this.manager + .connect(this.roles.ADMIN.members[0]) + .$_setTargetFunctionRole(this.target, this.calldata.substring(0, 10), this.role.id); + }); + + publicRoleIsRequired(); + }); + + describe('when the function requires the caller to be granted with a role other than PUBLIC_ROLE', function () { + beforeEach('set target function role as PUBLIC_ROLE', async function () { + await this.manager + .connect(this.roles.ADMIN.members[0]) + .$_setTargetFunctionRole(this.target, this.calldata.substring(0, 10), this.role.id); + }); + + testAsGetAccess(specificRoleIsRequired); + }); +} + +/** + * @requires this.{manager,role,caller} + */ +function testAsGetAccess({ + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + // Because both grant and execution delay are set within the same $_grantRole call + // it's not possible to create a set of tests that diverge between grant and execution delay. + // Therefore, the testAsDelay arguments are renamed for clarity: + // before => beforeGrantDelay + // after => afterGrantDelay + callerHasAnExecutionDelay: { beforeGrantDelay: case1, afterGrantDelay: case2 }, + callerHasNoExecutionDelay: { beforeGrantDelay: case3, afterGrantDelay: case4 }, + }, + roleGrantingIsNotDelayed: { callerHasAnExecutionDelay: case5, callerHasNoExecutionDelay: case6 }, + }, + requiredRoleIsNotGranted, +}) { + describe('when the required role is granted to the caller', function () { + describe('when role granting is delayed', function () { + beforeEach('define delay', function () { + this.grantDelay = time.duration.minutes(3); + this.delay = this.grantDelay; // For testAsDelay + }); + + describe('when caller has an execution delay', function () { + beforeEach('set role and delay', async function () { + this.executionDelay = time.duration.hours(10); + this.delay = this.grantDelay; + await this.manager.$_grantRole(this.role.id, this.caller, this.grantDelay, this.executionDelay); + }); + + testAsDelay('grant', { before: case1, after: case2 }); + }); + + describe('when caller has no execution delay', function () { + beforeEach('set role and delay', async function () { + this.executionDelay = 0n; + await this.manager.$_grantRole(this.role.id, this.caller, this.grantDelay, this.executionDelay); + }); + + testAsDelay('grant', { before: case3, after: case4 }); + }); + }); + + describe('when role granting is not delayed', function () { + beforeEach('define delay', function () { + this.grantDelay = 0n; + }); + + describe('when caller has an execution delay', function () { + beforeEach('set role and delay', async function () { + this.executionDelay = time.duration.hours(10); + await this.manager.$_grantRole(this.role.id, this.caller, this.grantDelay, this.executionDelay); + }); + + case5(); + }); + + describe('when caller has no execution delay', function () { + beforeEach('set role and delay', async function () { + this.executionDelay = 0n; + await this.manager.$_grantRole(this.role.id, this.caller, this.grantDelay, this.executionDelay); + }); + + case6(); + }); + }); + }); + + describe('when role is not granted', function () { + // Because this helper can be composed with other helpers, it's possible + // that role has been set already by another helper. + // Although this is highly unlikely, we check for it here to avoid false positives. + beforeEach('assert role is unset', async function () { + const { since } = await this.manager.getAccess(this.role.id, this.caller); + expect(since).to.equal(0n); + }); + + requiredRoleIsNotGranted(); + }); +} + +module.exports = { + LIKE_COMMON_IS_EXECUTING, + LIKE_COMMON_GET_ACCESS, + LIKE_COMMON_SCHEDULABLE, + testAsClosable, + testAsDelay, + testAsSchedulableOperation, + testAsRestrictedOperation, + testAsDelayedOperation, + testAsCanCall, + testAsHasRole, + testAsGetAccess, +}; diff --git a/dependencies/@openzeppelin/test/access/manager/AccessManager.test.js b/dependencies/@openzeppelin/test/access/manager/AccessManager.test.js new file mode 100644 index 00000000..7726831b --- /dev/null +++ b/dependencies/@openzeppelin/test/access/manager/AccessManager.test.js @@ -0,0 +1,2489 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { impersonate } = require('../../helpers/account'); +const { MAX_UINT48 } = require('../../helpers/constants'); +const { selector } = require('../../helpers/methods'); +const time = require('../../helpers/time'); + +const { + buildBaseRoles, + formatAccess, + EXPIRATION, + MINSETBACK, + EXECUTION_ID_STORAGE_SLOT, + CONSUMING_SCHEDULE_STORAGE_SLOT, + prepareOperation, + hashOperation, +} = require('../../helpers/access-manager'); + +const { + shouldBehaveLikeDelayedAdminOperation, + shouldBehaveLikeNotDelayedAdminOperation, + shouldBehaveLikeRoleAdminOperation, + shouldBehaveLikeAManagedRestrictedOperation, + shouldBehaveLikeASelfRestrictedOperation, +} = require('./AccessManager.behavior'); + +const { + LIKE_COMMON_SCHEDULABLE, + testAsClosable, + testAsDelay, + testAsSchedulableOperation, + testAsCanCall, + testAsHasRole, + testAsGetAccess, +} = require('./AccessManager.predicate'); + +async function fixture() { + const [admin, roleAdmin, roleGuardian, member, user, other] = await ethers.getSigners(); + + // Build roles + const roles = buildBaseRoles(); + + // Add members + roles.ADMIN.members = [admin]; + roles.SOME_ADMIN.members = [roleAdmin]; + roles.SOME_GUARDIAN.members = [roleGuardian]; + roles.SOME.members = [member]; + roles.PUBLIC.members = [admin, roleAdmin, roleGuardian, member, user, other]; + + const manager = await ethers.deployContract('$AccessManagerMock', [admin]); + const target = await ethers.deployContract('$AccessManagedTarget', [manager]); + + for (const { id: roleId, admin, guardian, members } of Object.values(roles)) { + if (roleId === roles.PUBLIC.id) continue; // Every address belong to public and is locked + if (roleId === roles.ADMIN.id) continue; // Admin set during construction and is locked + + // Set admin role avoiding default + if (admin.id !== roles.ADMIN.id) { + await manager.$_setRoleAdmin(roleId, admin.id); + } + + // Set guardian role avoiding default + if (guardian.id !== roles.ADMIN.id) { + await manager.$_setRoleGuardian(roleId, guardian.id); + } + + // Grant role to members + for (const member of members) { + await manager.$_grantRole(roleId, member, 0, 0); + } + } + + return { + admin, + roleAdmin, + user, + other, + roles, + manager, + target, + }; +} + +// This test suite is made using the following tools: +// +// * Predicates: Functions with common conditional setups without assertions. +// * Behaviors: Functions with common assertions. +// +// The behavioral tests are built by composing predicates and are used as templates +// for testing access to restricted functions. +// +// Similarly, unit tests in this suite will use predicates to test subsets of these +// behaviors and are helped by common assertions provided for some of the predicates. +// +// The predicates can be identified by the `testAs*` prefix while the behaviors +// are prefixed with `shouldBehave*`. The common assertions for predicates are +// defined as constants. +describe('AccessManager', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('during construction', function () { + it('grants admin role to initialAdmin', async function () { + const manager = await ethers.deployContract('$AccessManager', [this.other]); + expect(await manager.hasRole(this.roles.ADMIN.id, this.other).then(formatAccess)).to.be.deep.equal([true, '0']); + }); + + it('rejects zero address for initialAdmin', async function () { + await expect(ethers.deployContract('$AccessManager', [ethers.ZeroAddress])) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerInvalidInitialAdmin') + .withArgs(ethers.ZeroAddress); + }); + + it('initializes setup roles correctly', async function () { + for (const { id: roleId, admin, guardian, members } of Object.values(this.roles)) { + expect(await this.manager.getRoleAdmin(roleId)).to.equal(admin.id); + expect(await this.manager.getRoleGuardian(roleId)).to.equal(guardian.id); + + for (const user of this.roles.PUBLIC.members) { + expect(await this.manager.hasRole(roleId, user).then(formatAccess)).to.be.deep.equal([ + members.includes(user), + '0', + ]); + } + } + }); + }); + + describe('getters', function () { + describe('#canCall', function () { + beforeEach('set calldata', function () { + this.calldata = '0x12345678'; + this.role = { id: 379204n }; + }); + + testAsCanCall({ + closed() { + it('should return false and no delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.other, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }, + open: { + callerIsTheManager: { + executing() { + it('should return true and no delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.true; + expect(delay).to.equal(0n); + }); + }, + notExecuting() { + it('should return false and no delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }, + }, + callerIsNotTheManager: { + publicRoleIsRequired() { + it('should return true and no delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.true; + expect(delay).to.equal(0n); + }); + }, + specificRoleIsRequired: { + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('should return false and no execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + beforeEach('sets execution delay', function () { + this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation + }); + + testAsSchedulableOperation({ + scheduled: { + before: function self() { + self.mineDelay = true; + + it('should return false and execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(this.executionDelay); + }); + }, + after: function self() { + self.mineDelay = true; + + it('should return false and execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(this.executionDelay); + }); + }, + expired: function self() { + self.mineDelay = true; + + it('should return false and execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(this.executionDelay); + }); + }, + }, + notScheduled() { + it('should return false and execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(this.executionDelay); + }); + }, + }); + }, + }, + callerHasNoExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('should return false and no execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('should return true and no execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.true; + expect(delay).to.equal(0n); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay() { + it('should return false and execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(this.executionDelay); + }); + }, + callerHasNoExecutionDelay() { + it('should return true and no execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.true; + expect(delay).to.equal(0n); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('should return false and no execution delay', async function () { + const { immediate, delay } = await this.manager.canCall( + this.caller, + this.target, + this.calldata.substring(0, 10), + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }, + }, + }, + }, + }); + }); + + describe('#expiration', function () { + it('has a 7 days default expiration', async function () { + expect(await this.manager.expiration()).to.equal(EXPIRATION); + }); + }); + + describe('#minSetback', function () { + it('has a 5 days default minimum setback', async function () { + expect(await this.manager.minSetback()).to.equal(MINSETBACK); + }); + }); + + describe('#isTargetClosed', function () { + testAsClosable({ + closed() { + it('returns true', async function () { + expect(await this.manager.isTargetClosed(this.target)).to.be.true; + }); + }, + open() { + it('returns false', async function () { + expect(await this.manager.isTargetClosed(this.target)).to.be.false; + }); + }, + }); + }); + + describe('#getTargetFunctionRole', function () { + const methodSelector = selector('something(address,bytes)'); + + it('returns the target function role', async function () { + const roleId = 21498n; + await this.manager.$_setTargetFunctionRole(this.target, methodSelector, roleId); + + expect(await this.manager.getTargetFunctionRole(this.target, methodSelector)).to.equal(roleId); + }); + + it('returns the ADMIN role if not set', async function () { + expect(await this.manager.getTargetFunctionRole(this.target, methodSelector)).to.equal(this.roles.ADMIN.id); + }); + }); + + describe('#getTargetAdminDelay', function () { + describe('when the target admin delay is setup', function () { + beforeEach('set target admin delay', async function () { + this.oldDelay = await this.manager.getTargetAdminDelay(this.target); + this.newDelay = time.duration.days(10); + + await this.manager.$_setTargetAdminDelay(this.target, this.newDelay); + this.delay = MINSETBACK; // For testAsDelay + }); + + testAsDelay('effect', { + before: function self() { + self.mineDelay = true; + + it('returns the old target admin delay', async function () { + expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(this.oldDelay); + }); + }, + after: function self() { + self.mineDelay = true; + + it('returns the new target admin delay', async function () { + expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(this.newDelay); + }); + }, + }); + }); + + it('returns the 0 if not set', async function () { + expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(0n); + }); + }); + + describe('#getRoleAdmin', function () { + const roleId = 5234907n; + + it('returns the role admin', async function () { + const adminId = 789433n; + + await this.manager.$_setRoleAdmin(roleId, adminId); + + expect(await this.manager.getRoleAdmin(roleId)).to.equal(adminId); + }); + + it('returns the ADMIN role if not set', async function () { + expect(await this.manager.getRoleAdmin(roleId)).to.equal(this.roles.ADMIN.id); + }); + }); + + describe('#getRoleGuardian', function () { + const roleId = 5234907n; + + it('returns the role guardian', async function () { + const guardianId = 789433n; + + await this.manager.$_setRoleGuardian(roleId, guardianId); + + expect(await this.manager.getRoleGuardian(roleId)).to.equal(guardianId); + }); + + it('returns the ADMIN role if not set', async function () { + expect(await this.manager.getRoleGuardian(roleId)).to.equal(this.roles.ADMIN.id); + }); + }); + + describe('#getRoleGrantDelay', function () { + const roleId = 9248439n; + + describe('when the grant admin delay is setup', function () { + beforeEach('set grant admin delay', async function () { + this.oldDelay = await this.manager.getRoleGrantDelay(roleId); + this.newDelay = time.duration.days(11); + + await this.manager.$_setGrantDelay(roleId, this.newDelay); + this.delay = MINSETBACK; // For testAsDelay + }); + + testAsDelay('grant', { + before: function self() { + self.mineDelay = true; + + it('returns the old role grant delay', async function () { + expect(await this.manager.getRoleGrantDelay(roleId)).to.equal(this.oldDelay); + }); + }, + after: function self() { + self.mineDelay = true; + + it('returns the new role grant delay', async function () { + expect(await this.manager.getRoleGrantDelay(roleId)).to.equal(this.newDelay); + }); + }, + }); + }); + + it('returns 0 if delay is not set', async function () { + expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(0n); + }); + }); + + describe('#getAccess', function () { + beforeEach('set role', function () { + this.role = { id: 9452n }; + this.caller = this.user; + }); + + testAsGetAccess({ + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('role is not in effect and execution delay is set', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(this.delayEffect); // inEffectSince + expect(access[1]).to.equal(this.executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Not in effect yet + expect(await time.clock.timestamp()).to.lt(access[0]); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('access has role in effect and execution delay is set', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + + expect(access[0]).to.equal(this.delayEffect); // inEffectSince + expect(access[1]).to.equal(this.executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await time.clock.timestamp()).to.equal(access[0]); + }); + }, + }, + callerHasNoExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('access has role not in effect without execution delay', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(this.delayEffect); // inEffectSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Not in effect yet + expect(await time.clock.timestamp()).to.lt(access[0]); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('role is in effect without execution delay', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(this.delayEffect); // inEffectSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await time.clock.timestamp()).to.equal(access[0]); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay() { + it('access has role in effect and execution delay is set', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(await time.clock.timestamp()); // inEffectSince + expect(access[1]).to.equal(this.executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await time.clock.timestamp()).to.equal(access[0]); + }); + }, + callerHasNoExecutionDelay() { + it('access has role in effect without execution delay', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(await time.clock.timestamp()); // inEffectSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await time.clock.timestamp()).to.equal(access[0]); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('has empty access', async function () { + const access = await this.manager.getAccess(this.role.id, this.caller); + expect(access[0]).to.equal(0n); // inEffectSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + }); + }, + }); + }); + + describe('#hasRole', function () { + beforeEach('setup testAsHasRole', function () { + this.role = { id: 49832n }; + this.calldata = '0x12345678'; + this.caller = this.user; + }); + + testAsHasRole({ + publicRoleIsRequired() { + it('has PUBLIC role', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.true; + expect(executionDelay).to.equal('0'); + }); + }, + specificRoleIsRequired: { + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('does not have role but execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.false; + expect(executionDelay).to.equal(this.executionDelay); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('has role and execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.true; + expect(executionDelay).to.equal(this.executionDelay); + }); + }, + }, + callerHasNoExecutionDelay: { + beforeGrantDelay: function self() { + self.mineDelay = true; + + it('does not have role nor execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.false; + expect(executionDelay).to.equal('0'); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('has role and no execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.true; + expect(executionDelay).to.equal('0'); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay() { + it('has role and execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.true; + expect(executionDelay).to.equal(this.executionDelay); + }); + }, + callerHasNoExecutionDelay() { + it('has role and no execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.true; + expect(executionDelay).to.equal('0'); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('has no role and no execution delay', async function () { + const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller); + expect(isMember).to.be.false; + expect(executionDelay).to.equal('0'); + }); + }, + }, + }); + }); + + describe('#getSchedule', function () { + beforeEach('set role and calldata', async function () { + const fnRestricted = this.target.fnRestricted.getFragment().selector; + this.caller = this.user; + this.role = { id: 493590n }; + await this.manager.$_setTargetFunctionRole(this.target, fnRestricted, this.role.id); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay + + this.calldata = this.target.interface.encodeFunctionData(fnRestricted, []); + this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation + }); + + testAsSchedulableOperation({ + scheduled: { + before: function self() { + self.mineDelay = true; + + it('returns schedule in the future', async function () { + const schedule = await this.manager.getSchedule(this.operationId); + expect(schedule).to.equal(this.scheduledAt + this.scheduleIn); + expect(schedule).to.gt(await time.clock.timestamp()); + }); + }, + after: function self() { + self.mineDelay = true; + + it('returns schedule', async function () { + const schedule = await this.manager.getSchedule(this.operationId); + expect(schedule).to.equal(this.scheduledAt + this.scheduleIn); + expect(schedule).to.equal(await time.clock.timestamp()); + }); + }, + expired: function self() { + self.mineDelay = true; + + it('returns 0', async function () { + expect(await this.manager.getSchedule(this.operationId)).to.equal(0n); + }); + }, + }, + notScheduled() { + it('defaults to 0', async function () { + expect(await this.manager.getSchedule(this.operationId)).to.equal(0n); + }); + }, + }); + }); + + describe('#getNonce', function () { + describe('when operation is scheduled', function () { + beforeEach('schedule operation', async function () { + const fnRestricted = this.target.fnRestricted.getFragment().selector; + this.caller = this.user; + this.role = { id: 4209043n }; + await this.manager.$_setTargetFunctionRole(this.target, fnRestricted, this.role.id); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay + + this.calldata = this.target.interface.encodeFunctionData(fnRestricted, []); + this.delay = time.duration.days(10); + + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await schedule(); + this.operationId = operationId; + }); + + it('returns nonce', async function () { + expect(await this.manager.getNonce(this.operationId)).to.equal(1n); + }); + }); + + describe('when is not scheduled', function () { + it('returns default 0', async function () { + expect(await this.manager.getNonce(ethers.id('operation'))).to.equal(0n); + }); + }); + }); + + describe('#hashOperation', function () { + it('returns an operationId', async function () { + const args = [this.user, this.other, '0x123543']; + expect(await this.manager.hashOperation(...args)).to.equal(hashOperation(...args)); + }); + }); + }); + + describe('admin operations', function () { + beforeEach('set required role', function () { + this.role = this.roles.ADMIN; + }); + + describe('subject to a delay', function () { + describe('#labelRole', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [123443, 'TEST']; + const method = this.manager.interface.getFunction('labelRole(uint64,string)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeDelayedAdminOperation(); + }); + + it('emits an event with the label', async function () { + await expect(this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Some label')) + .to.emit(this.manager, 'RoleLabel') + .withArgs(this.roles.SOME.id, 'Some label'); + }); + + it('updates label on a second call', async function () { + await this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Some label'); + + await expect(this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Updated label')) + .to.emit(this.manager, 'RoleLabel') + .withArgs(this.roles.SOME.id, 'Updated label'); + }); + + it('reverts labeling PUBLIC_ROLE', async function () { + await expect(this.manager.connect(this.admin).labelRole(this.roles.PUBLIC.id, 'Some label')) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + it('reverts labeling ADMIN_ROLE', async function () { + await expect(this.manager.connect(this.admin).labelRole(this.roles.ADMIN.id, 'Some label')) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.ADMIN.id); + }); + }); + + describe('#setRoleAdmin', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [93445, 84532]; + const method = this.manager.interface.getFunction('setRoleAdmin(uint64,uint64)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeDelayedAdminOperation(); + }); + + it("sets any role's admin if called by an admin", async function () { + expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.equal(this.roles.SOME_ADMIN.id); + + await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.SOME.id, this.roles.ADMIN.id)) + .to.emit(this.manager, 'RoleAdminChanged') + .withArgs(this.roles.SOME.id, this.roles.ADMIN.id); + + expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.equal(this.roles.ADMIN.id); + }); + + it('reverts setting PUBLIC_ROLE admin', async function () { + await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.PUBLIC.id, this.roles.ADMIN.id)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + it('reverts setting ADMIN_ROLE admin', async function () { + await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.ADMIN.id, this.roles.ADMIN.id)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.ADMIN.id); + }); + }); + + describe('#setRoleGuardian', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [93445, 84532]; + const method = this.manager.interface.getFunction('setRoleGuardian(uint64,uint64)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeDelayedAdminOperation(); + }); + + it("sets any role's guardian if called by an admin", async function () { + expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.equal(this.roles.SOME_GUARDIAN.id); + + await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.SOME.id, this.roles.ADMIN.id)) + .to.emit(this.manager, 'RoleGuardianChanged') + .withArgs(this.roles.SOME.id, this.roles.ADMIN.id); + + expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.equal(this.roles.ADMIN.id); + }); + + it('reverts setting PUBLIC_ROLE admin', async function () { + await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.PUBLIC.id, this.roles.ADMIN.id)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + it('reverts setting ADMIN_ROLE admin', async function () { + await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.ADMIN.id, this.roles.ADMIN.id)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.ADMIN.id); + }); + }); + + describe('#setGrantDelay', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [984910, time.duration.days(2)]; + const method = this.manager.interface.getFunction('setGrantDelay(uint64,uint32)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeDelayedAdminOperation(); + }); + + it('reverts setting grant delay for the PUBLIC_ROLE', async function () { + await expect(this.manager.connect(this.admin).setGrantDelay(this.roles.PUBLIC.id, 69n)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + describe('when increasing the delay', function () { + const oldDelay = 10n; + const newDelay = 100n; + + beforeEach('sets old delay', async function () { + this.role = this.roles.SOME; + await this.manager.$_setGrantDelay(this.role.id, oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay); + }); + + it('increases the delay after minsetback', async function () { + const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay); + const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse); + await expect(txResponse) + .to.emit(this.manager, 'RoleGrantDelayChanged') + .withArgs(this.role.id, newDelay, setGrantDelayAt + MINSETBACK); + + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay); + }); + }); + + describe('when reducing the delay', function () { + const oldDelay = time.duration.days(10); + + beforeEach('sets old delay', async function () { + this.role = this.roles.SOME; + await this.manager.$_setGrantDelay(this.role.id, oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay); + }); + + describe('when the delay difference is shorter than minimum setback', function () { + const newDelay = oldDelay - 1n; + + it('increases the delay after minsetback', async function () { + const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay); + const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse); + await expect(txResponse) + .to.emit(this.manager, 'RoleGrantDelayChanged') + .withArgs(this.role.id, newDelay, setGrantDelayAt + MINSETBACK); + + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay); + }); + }); + + describe('when the delay difference is longer than minimum setback', function () { + const newDelay = 1n; + + beforeEach('assert delay difference is higher than minsetback', function () { + expect(oldDelay - newDelay).to.gt(MINSETBACK); + }); + + it('increases the delay after delay difference', async function () { + const setback = oldDelay - newDelay; + + const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay); + const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse); + + await expect(txResponse) + .to.emit(this.manager, 'RoleGrantDelayChanged') + .withArgs(this.role.id, newDelay, setGrantDelayAt + setback); + + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay); + await time.increaseBy.timestamp(setback); + expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay); + }); + }); + }); + }); + + describe('#setTargetAdminDelay', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [this.other.address, time.duration.days(3)]; + const method = this.manager.interface.getFunction('setTargetAdminDelay(address,uint32)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeDelayedAdminOperation(); + }); + + describe('when increasing the delay', function () { + const oldDelay = time.duration.days(10); + const newDelay = time.duration.days(11); + + beforeEach('sets old delay', async function () { + await this.manager.$_setTargetAdminDelay(this.other, oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay); + }); + + it('increases the delay after minsetback', async function () { + const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay); + const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse); + await expect(txResponse) + .to.emit(this.manager, 'TargetAdminDelayUpdated') + .withArgs(this.other, newDelay, setTargetAdminDelayAt + MINSETBACK); + + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay); + }); + }); + + describe('when reducing the delay', function () { + const oldDelay = time.duration.days(10); + + beforeEach('sets old delay', async function () { + await this.manager.$_setTargetAdminDelay(this.other, oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay); + }); + + describe('when the delay difference is shorter than minimum setback', function () { + const newDelay = oldDelay - 1n; + + it('increases the delay after minsetback', async function () { + const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay); + const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse); + await expect(txResponse) + .to.emit(this.manager, 'TargetAdminDelayUpdated') + .withArgs(this.other, newDelay, setTargetAdminDelayAt + MINSETBACK); + + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay); + await time.increaseBy.timestamp(MINSETBACK); + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay); + }); + }); + + describe('when the delay difference is longer than minimum setback', function () { + const newDelay = 1n; + + beforeEach('assert delay difference is higher than minsetback', function () { + expect(oldDelay - newDelay).to.gt(MINSETBACK); + }); + + it('increases the delay after delay difference', async function () { + const setback = oldDelay - newDelay; + + const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay); + const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse); + + await expect(txResponse) + .to.emit(this.manager, 'TargetAdminDelayUpdated') + .withArgs(this.other, newDelay, setTargetAdminDelayAt + setback); + + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay); + await time.increaseBy.timestamp(setback); + expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay); + }); + }); + }); + }); + }); + + describe('not subject to a delay', function () { + describe('#updateAuthority', function () { + beforeEach('create a target and a new authority', async function () { + this.newAuthority = await ethers.deployContract('$AccessManager', [this.admin]); + this.newManagedTarget = await ethers.deployContract('$AccessManagedTarget', [this.manager]); + }); + + describe('restrictions', function () { + beforeEach('set method and args', function () { + this.calldata = this.manager.interface.encodeFunctionData('updateAuthority(address,address)', [ + this.newManagedTarget.target, + this.newAuthority.target, + ]); + }); + + shouldBehaveLikeNotDelayedAdminOperation(); + }); + + it('changes the authority', async function () { + expect(await this.newManagedTarget.authority()).to.equal(this.manager); + + await expect(this.manager.connect(this.admin).updateAuthority(this.newManagedTarget, this.newAuthority)) + .to.emit(this.newManagedTarget, 'AuthorityUpdated') // Managed contract is responsible of notifying the change through an event + .withArgs(this.newAuthority); + + expect(await this.newManagedTarget.authority()).to.equal(this.newAuthority); + }); + }); + + describe('#setTargetClosed', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [this.other.address, true]; + const method = this.manager.interface.getFunction('setTargetClosed(address,bool)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeNotDelayedAdminOperation(); + }); + + it('closes and opens a target', async function () { + await expect(this.manager.connect(this.admin).setTargetClosed(this.target, true)) + .to.emit(this.manager, 'TargetClosed') + .withArgs(this.target, true); + expect(await this.manager.isTargetClosed(this.target)).to.be.true; + + await expect(this.manager.connect(this.admin).setTargetClosed(this.target, false)) + .to.emit(this.manager, 'TargetClosed') + .withArgs(this.target, false); + expect(await this.manager.isTargetClosed(this.target)).to.be.false; + }); + + describe('when the target is the manager', async function () { + it('closes and opens the manager', async function () { + await expect(this.manager.connect(this.admin).setTargetClosed(this.manager, true)) + .to.emit(this.manager, 'TargetClosed') + .withArgs(this.manager, true); + expect(await this.manager.isTargetClosed(this.manager)).to.be.true; + + await expect(this.manager.connect(this.admin).setTargetClosed(this.manager, false)) + .to.emit(this.manager, 'TargetClosed') + .withArgs(this.manager, false); + expect(await this.manager.isTargetClosed(this.manager)).to.be.false; + }); + }); + }); + + describe('#setTargetFunctionRole', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [this.other.address, ['0x12345678'], 443342]; + const method = this.manager.interface.getFunction('setTargetFunctionRole(address,bytes4[],uint64)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeNotDelayedAdminOperation(); + }); + + const sigs = ['someFunction()', 'someOtherFunction(uint256)', 'oneMoreFunction(address,uint8)'].map(selector); + + it('sets function roles', async function () { + for (const sig of sigs) { + expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal(this.roles.ADMIN.id); + } + + const allowRole = await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.target, sigs, this.roles.SOME.id); + + for (const sig of sigs) { + await expect(allowRole) + .to.emit(this.manager, 'TargetFunctionRoleUpdated') + .withArgs(this.target, sig, this.roles.SOME.id); + expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal(this.roles.SOME.id); + } + + await expect( + this.manager.connect(this.admin).setTargetFunctionRole(this.target, [sigs[1]], this.roles.SOME_ADMIN.id), + ) + .to.emit(this.manager, 'TargetFunctionRoleUpdated') + .withArgs(this.target, sigs[1], this.roles.SOME_ADMIN.id); + + for (const sig of sigs) { + expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal( + sig == sigs[1] ? this.roles.SOME_ADMIN.id : this.roles.SOME.id, + ); + } + }); + }); + + describe('role admin operations', function () { + const ANOTHER_ADMIN = 0xdeadc0de1n; + const ANOTHER_ROLE = 0xdeadc0de2n; + + beforeEach('set required role', async function () { + // Make admin a member of ANOTHER_ADMIN + await this.manager.$_grantRole(ANOTHER_ADMIN, this.admin, 0, 0); + await this.manager.$_setRoleAdmin(ANOTHER_ROLE, ANOTHER_ADMIN); + + this.role = { id: ANOTHER_ADMIN }; + await this.manager.$_grantRole(this.role.id, this.user, 0, 0); + }); + + describe('#grantRole', function () { + describe('restrictions', function () { + beforeEach('set method and args', function () { + const args = [ANOTHER_ROLE, this.other.address, 0]; + const method = this.manager.interface.getFunction('grantRole(uint64,address,uint32)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + }); + + shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN); + }); + + it('reverts when granting PUBLIC_ROLE', async function () { + await expect(this.manager.connect(this.admin).grantRole(this.roles.PUBLIC.id, this.user, 0)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + describe('when the user is not a role member', function () { + describe('with grant delay', function () { + beforeEach('set grant delay and grant role', async function () { + // Delay granting + this.grantDelay = time.duration.weeks(2); + await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay); + await time.increaseBy.timestamp(MINSETBACK); + + // Grant role + this.executionDelay = time.duration.days(3); + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + + this.txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, this.executionDelay); + this.delay = this.grantDelay; // For testAsDelay + }); + + testAsDelay('grant', { + before: function self() { + self.mineDelay = true; + + it('does not grant role to the user yet', async function () { + const timestamp = await time.clockFromReceipt.timestamp(this.txResponse); + await expect(this.txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.executionDelay, timestamp + this.grantDelay, true); + + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(timestamp + this.grantDelay); // inEffectSince + expect(access[1]).to.equal(this.executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Not in effect yet + const currentTimestamp = await time.clock.timestamp(); + expect(currentTimestamp).to.be.lt(access[0]); + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + this.executionDelay.toString(), + ]); + }); + }, + after: function self() { + self.mineDelay = true; + + it('grants role to the user', async function () { + const timestamp = await time.clockFromReceipt.timestamp(this.txResponse); + await expect(this.txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.executionDelay, timestamp + this.grantDelay, true); + + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(timestamp + this.grantDelay); // inEffectSince + expect(access[1]).to.equal(this.executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + const currentTimestamp = await time.clock.timestamp(); + expect(currentTimestamp).to.equal(access[0]); + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.executionDelay.toString(), + ]); + }); + }, + }); + }); + + describe('without grant delay', function () { + beforeEach('set granting delay', async function () { + // Delay granting + this.grantDelay = 0; + await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay); + await time.increaseBy.timestamp(MINSETBACK); + }); + + it('immediately grants the role to the user', async function () { + const executionDelay = time.duration.days(6); + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + const txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, executionDelay); + const grantedAt = await time.clockFromReceipt.timestamp(txResponse); + await expect(txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, executionDelay, grantedAt, true); + + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(grantedAt); // inEffectSince + expect(access[1]).to.equal(executionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + const currentTimestamp = await time.clock.timestamp(); + expect(currentTimestamp).to.equal(access[0]); + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + executionDelay.toString(), + ]); + }); + }); + }); + + describe('when the user is already a role member', function () { + beforeEach('make user role member', async function () { + this.previousExecutionDelay = time.duration.days(6); + await this.manager.$_grantRole(ANOTHER_ROLE, this.user, 0, this.previousExecutionDelay); + this.oldAccess = await this.manager.getAccess(ANOTHER_ROLE, this.user); + }); + + describe('with grant delay', function () { + beforeEach('set granting delay', async function () { + // Delay granting + const grantDelay = time.duration.weeks(2); + await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay); + await time.increaseBy.timestamp(MINSETBACK); + }); + + describe('when increasing the execution delay', function () { + beforeEach('set increased new execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + + this.newExecutionDelay = this.previousExecutionDelay + time.duration.days(4); + }); + + it('emits event and immediately changes the execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + const txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay); + const timestamp = await time.clockFromReceipt.timestamp(txResponse); + + await expect(txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.newExecutionDelay, timestamp, false); + + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.newExecutionDelay.toString(), + ]); + }); + }); + + describe('when decreasing the execution delay', function () { + beforeEach('decrease execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + + this.newExecutionDelay = this.previousExecutionDelay - time.duration.days(4); + this.txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay); + this.grantTimestamp = await time.clockFromReceipt.timestamp(this.txResponse); + + this.delay = this.previousExecutionDelay - this.newExecutionDelay; // For testAsDelay + }); + + it('emits event', async function () { + await expect(this.txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.newExecutionDelay, this.grantTimestamp + this.delay, false); + }); + + testAsDelay('execution delay effect', { + before: function self() { + self.mineDelay = true; + + it('does not change the execution delay yet', async function () { + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.previousExecutionDelay); // currentDelay + expect(access[2]).to.equal(this.newExecutionDelay); // pendingDelay + expect(access[3]).to.equal(this.grantTimestamp + this.delay); // pendingDelayEffect + + // Not in effect yet + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + }); + }, + after: function self() { + self.mineDelay = true; + + it('changes the execution delay', async function () { + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.newExecutionDelay.toString(), + ]); + }); + }, + }); + }); + }); + + describe('without grant delay', function () { + beforeEach('set granting delay', async function () { + // Delay granting + const grantDelay = 0; + await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay); + await time.increaseBy.timestamp(MINSETBACK); + }); + + describe('when increasing the execution delay', function () { + beforeEach('set increased new execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + + this.newExecutionDelay = this.previousExecutionDelay + time.duration.days(4); + }); + + it('emits event and immediately changes the execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + const txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay); + const timestamp = await time.clockFromReceipt.timestamp(txResponse); + + await expect(txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.newExecutionDelay, timestamp, false); + + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.newExecutionDelay.toString(), + ]); + }); + }); + + describe('when decreasing the execution delay', function () { + beforeEach('decrease execution delay', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + + this.newExecutionDelay = this.previousExecutionDelay - time.duration.days(4); + this.txResponse = await this.manager + .connect(this.admin) + .grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay); + this.grantTimestamp = await time.clockFromReceipt.timestamp(this.txResponse); + + this.delay = this.previousExecutionDelay - this.newExecutionDelay; // For testAsDelay + }); + + it('emits event', async function () { + await expect(this.txResponse) + .to.emit(this.manager, 'RoleGranted') + .withArgs(ANOTHER_ROLE, this.user, this.newExecutionDelay, this.grantTimestamp + this.delay, false); + }); + + testAsDelay('execution delay effect', { + before: function self() { + self.mineDelay = true; + + it('does not change the execution delay yet', async function () { + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.previousExecutionDelay); // currentDelay + expect(access[2]).to.equal(this.newExecutionDelay); // pendingDelay + expect(access[3]).to.equal(this.grantTimestamp + this.delay); // pendingDelayEffect + + // Not in effect yet + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.previousExecutionDelay.toString(), + ]); + }); + }, + after: function self() { + self.mineDelay = true; + + it('changes the execution delay', async function () { + // Access is correctly stored + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + + expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince + expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // pendingDelayEffect + + // Already in effect + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + this.newExecutionDelay.toString(), + ]); + }); + }, + }); + }); + }); + }); + }); + + describe('#revokeRole', function () { + describe('restrictions', function () { + beforeEach('set method and args', async function () { + const args = [ANOTHER_ROLE, this.other.address]; + const method = this.manager.interface.getFunction('revokeRole(uint64,address)'); + this.calldata = this.manager.interface.encodeFunctionData(method, args); + + // Need to be set before revoking + await this.manager.$_grantRole(...args, 0, 0); + }); + + shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN); + }); + + describe('when role has been granted', function () { + beforeEach('grant role with grant delay', async function () { + this.grantDelay = time.duration.weeks(1); + await this.manager.$_grantRole(ANOTHER_ROLE, this.user, this.grantDelay, 0); + + this.delay = this.grantDelay; // For testAsDelay + }); + + testAsDelay('grant', { + before: function self() { + self.mineDelay = true; + + it('revokes a granted role that will take effect in the future', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + + await expect(this.manager.connect(this.admin).revokeRole(ANOTHER_ROLE, this.user)) + .to.emit(this.manager, 'RoleRevoked') + .withArgs(ANOTHER_ROLE, this.user); + + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(0n); // inRoleSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // effect + }); + }, + after: function self() { + self.mineDelay = true; + + it('revokes a granted role that already took effect', async function () { + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + true, + '0', + ]); + + await expect(this.manager.connect(this.admin).revokeRole(ANOTHER_ROLE, this.user)) + .to.emit(this.manager, 'RoleRevoked') + .withArgs(ANOTHER_ROLE, this.user); + + expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + + const access = await this.manager.getAccess(ANOTHER_ROLE, this.user); + expect(access[0]).to.equal(0n); // inRoleSince + expect(access[1]).to.equal(0n); // currentDelay + expect(access[2]).to.equal(0n); // pendingDelay + expect(access[3]).to.equal(0n); // effect + }); + }, + }); + }); + + describe('when role has not been granted', function () { + it('has no effect', async function () { + expect(await this.manager.hasRole(this.roles.SOME.id, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + await expect(this.manager.connect(this.roleAdmin).revokeRole(this.roles.SOME.id, this.user)).to.not.emit( + this.manager, + 'RoleRevoked', + ); + expect(await this.manager.hasRole(this.roles.SOME.id, this.user).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + }); + }); + + it('reverts revoking PUBLIC_ROLE', async function () { + await expect(this.manager.connect(this.admin).revokeRole(this.roles.PUBLIC.id, this.user)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + }); + }); + + describe('self role operations', function () { + describe('#renounceRole', function () { + beforeEach('grant role', async function () { + this.role = { id: 783164n }; + this.caller = this.user; + await this.manager.$_grantRole(this.role.id, this.caller, 0, 0); + }); + + it('renounces a role', async function () { + expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([ + true, + '0', + ]); + await expect(this.manager.connect(this.caller).renounceRole(this.role.id, this.caller)) + .to.emit(this.manager, 'RoleRevoked') + .withArgs(this.role.id, this.caller); + expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([ + false, + '0', + ]); + }); + + it('reverts if renouncing the PUBLIC_ROLE', async function () { + await expect(this.manager.connect(this.caller).renounceRole(this.roles.PUBLIC.id, this.caller)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole') + .withArgs(this.roles.PUBLIC.id); + }); + + it('reverts if renouncing with bad caller confirmation', async function () { + await expect( + this.manager.connect(this.caller).renounceRole(this.role.id, this.other), + ).to.be.revertedWithCustomError(this.manager, 'AccessManagerBadConfirmation'); + }); + }); + }); + }); + }); + + describe('access managed self operations', function () { + describe('when calling a restricted target function', function () { + const method = 'fnRestricted()'; + + beforeEach('set required role', async function () { + this.role = { id: 785913n }; + await this.manager.$_setTargetFunctionRole( + this.manager, + this.manager[method].getFragment().selector, + this.role.id, + ); + }); + + describe('restrictions', function () { + beforeEach('set method and args', function () { + this.caller = this.user; + this.calldata = this.manager.interface.encodeFunctionData(method, []); + }); + + shouldBehaveLikeASelfRestrictedOperation(); + }); + + it('succeeds called by a role member', async function () { + await this.manager.$_grantRole(this.role.id, this.user, 0, 0); + + await expect(this.manager.connect(this.user)[method]()) + .to.emit(this.manager, 'CalledRestricted') + .withArgs(this.user); + }); + }); + + describe('when calling a non-restricted target function', function () { + const method = 'fnUnrestricted()'; + + beforeEach('set required role', async function () { + this.role = { id: 879435n }; + await this.manager.$_setTargetFunctionRole( + this.manager, + this.manager[method].getFragment().selector, + this.role.id, + ); + }); + + it('succeeds called by anyone', async function () { + await expect(this.manager.connect(this.user)[method]()) + .to.emit(this.manager, 'CalledUnrestricted') + .withArgs(this.user); + }); + }); + }); + + describe('access managed target operations', function () { + describe('when calling a restricted target function', function () { + const method = 'fnRestricted()'; + + beforeEach('set required role', async function () { + this.role = { id: 3597243n }; + await this.manager.$_setTargetFunctionRole( + this.target, + this.target[method].getFragment().selector, + this.role.id, + ); + }); + + describe('restrictions', function () { + beforeEach('set method and args', function () { + this.caller = this.user; + this.calldata = this.target.interface.encodeFunctionData(method, []); + }); + + shouldBehaveLikeAManagedRestrictedOperation(); + }); + + it('succeeds called by a role member', async function () { + await this.manager.$_grantRole(this.role.id, this.user, 0, 0); + + await expect(this.target.connect(this.user)[method]()) + .to.emit(this.target, 'CalledRestricted') + .withArgs(this.user); + }); + }); + + describe('when calling a non-restricted target function', function () { + const method = 'fnUnrestricted()'; + + beforeEach('set required role', async function () { + this.role = { id: 879435n }; + await this.manager.$_setTargetFunctionRole( + this.target, + this.target[method].getFragment().selector, + this.role.id, + ); + }); + + it('succeeds called by anyone', async function () { + await expect(this.target.connect(this.user)[method]()) + .to.emit(this.target, 'CalledUnrestricted') + .withArgs(this.user); + }); + }); + }); + + describe('#schedule', function () { + beforeEach('set target function role', async function () { + this.method = this.target.fnRestricted.getFragment(); + this.role = { id: 498305n }; + this.caller = this.user; + + await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay + + this.calldata = this.target.interface.encodeFunctionData(this.method, []); + this.delay = time.duration.weeks(2); + }); + + describe('restrictions', function () { + testAsCanCall({ + closed() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await expect(schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + open: { + callerIsTheManager: { + executing() { + it.skip('is not reachable because schedule is not restrictable'); + }, + notExecuting() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await expect(schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + callerIsNotTheManager: { + publicRoleIsRequired() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + specificRoleIsRequired: { + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + afterGrantDelay() { + it('succeeds', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48); + }); + }, + }, + callerHasNoExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + afterGrantDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay() { + it('succeeds', async function () { + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + + await schedule(); + }); + }, + callerHasNoExecutionDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + // prepareOperation is not used here because it alters the next block timestamp + await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await expect(schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + }, + }, + }); + }); + + it('schedules an operation at the specified execution date if it is larger than caller execution delay', async function () { + const { operationId, scheduledAt, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + + const txResponse = await schedule(); + + expect(await this.manager.getSchedule(operationId)).to.equal(scheduledAt + this.delay); + await expect(txResponse) + .to.emit(this.manager, 'OperationScheduled') + .withArgs(operationId, '1', scheduledAt + this.delay, this.caller, this.target, this.calldata); + }); + + it('schedules an operation at the minimum execution date if no specified execution date (when == 0)', async function () { + const executionDelay = await time.duration.hours(72); + await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay); + + const txResponse = await this.manager.connect(this.caller).schedule(this.target, this.calldata, 0); + const scheduledAt = await time.clockFromReceipt.timestamp(txResponse); + + const operationId = await this.manager.hashOperation(this.caller, this.target, this.calldata); + + expect(await this.manager.getSchedule(operationId)).to.equal(scheduledAt + executionDelay); + await expect(txResponse) + .to.emit(this.manager, 'OperationScheduled') + .withArgs(operationId, '1', scheduledAt + executionDelay, this.caller, this.target, this.calldata); + }); + + it('increases the nonce of an operation scheduled more than once', async function () { + // Setup and check initial nonce + const expectedOperationId = hashOperation(this.caller, this.target, this.calldata); + expect(await this.manager.getNonce(expectedOperationId)).to.equal('0'); + + // Schedule + const op1 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await expect(op1.schedule()) + .to.emit(this.manager, 'OperationScheduled') + .withArgs(op1.operationId, 1n, op1.scheduledAt + this.delay, this.caller, this.target, this.calldata); + expect(expectedOperationId).to.equal(op1.operationId); + + // Consume + await time.increaseBy.timestamp(this.delay); + await this.manager.$_consumeScheduledOp(expectedOperationId); + + // Check nonce + expect(await this.manager.getNonce(expectedOperationId)).to.equal('1'); + + // Schedule again + const op2 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + await expect(op2.schedule()) + .to.emit(this.manager, 'OperationScheduled') + .withArgs(op2.operationId, 2n, op2.scheduledAt + this.delay, this.caller, this.target, this.calldata); + expect(expectedOperationId).to.equal(op2.operationId); + + // Check final nonce + expect(await this.manager.getNonce(expectedOperationId)).to.equal('2'); + }); + + it('reverts if the specified execution date is before the current timestamp + caller execution delay', async function () { + const executionDelay = time.duration.weeks(1) + this.delay; + await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay); + + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + + await expect(schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + + it('reverts if an operation is already schedule', async function () { + const op1 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + + await op1.schedule(); + + const op2 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.delay, + }); + + await expect(op2.schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerAlreadyScheduled') + .withArgs(op1.operationId); + }); + + it('panics scheduling calldata with less than 4 bytes', async function () { + const calldata = '0x1234'; // 2 bytes + + // Managed contract + const op1 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: calldata, + delay: this.delay, + }); + await expect(op1.schedule()).to.be.revertedWithoutReason(); + + // Manager contract + const op2 = await prepareOperation(this.manager, { + caller: this.caller, + target: this.manager, + calldata: calldata, + delay: this.delay, + }); + await expect(op2.schedule()).to.be.revertedWithoutReason(); + }); + + it('reverts scheduling an unknown operation to the manager', async function () { + const calldata = '0x12345678'; + + const { schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.manager, + calldata, + delay: this.delay, + }); + + await expect(schedule()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.manager, calldata); + }); + }); + + describe('#execute', function () { + beforeEach('set target function role', async function () { + this.method = this.target.fnRestricted.getFragment(); + this.role = { id: 9825430n }; + this.caller = this.user; + + await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 0); + + this.calldata = this.target.interface.encodeFunctionData(this.method, []); + }); + + describe('restrictions', function () { + testAsCanCall({ + closed() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + open: { + callerIsTheManager: { + executing() { + it('succeeds', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + notExecuting() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + callerIsNotTheManager: { + publicRoleIsRequired() { + it('succeeds', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + specificRoleIsRequired: { + requiredRoleIsGranted: { + roleGrantingIsDelayed: { + callerHasAnExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + beforeEach('define schedule delay', function () { + this.scheduleIn = time.duration.days(21); // For testAsSchedulableOperation + }); + + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }, + }, + callerHasNoExecutionDelay: { + beforeGrantDelay() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + afterGrantDelay: function self() { + self.mineDelay = true; + + it('succeeds', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + }, + }, + roleGrantingIsNotDelayed: { + callerHasAnExecutionDelay() { + beforeEach('define schedule delay', function () { + this.scheduleIn = time.duration.days(15); // For testAsSchedulableOperation + }); + + testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE); + }, + callerHasNoExecutionDelay() { + it('succeeds', async function () { + await this.manager.connect(this.caller).execute(this.target, this.calldata); + }); + }, + }, + }, + requiredRoleIsNotGranted() { + it('reverts as AccessManagerUnauthorizedCall', async function () { + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.caller, this.target, this.calldata.substring(0, 10)); + }); + }, + }, + }, + }, + }); + }); + + it('executes with a delay consuming the scheduled operation', async function () { + const delay = time.duration.hours(4); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed + + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay, + }); + await schedule(); + await time.increaseBy.timestamp(delay); + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.emit(this.manager, 'OperationExecuted') + .withArgs(operationId, 1n); + + expect(await this.manager.getSchedule(operationId)).to.equal(0n); + }); + + it('executes with no delay consuming a scheduled operation', async function () { + const delay = time.duration.hours(4); + + // give caller an execution delay + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); + + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay, + }); + await schedule(); + + // remove the execution delay + await this.manager.$_grantRole(this.role.id, this.caller, 0, 0); + + await time.increaseBy.timestamp(delay); + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.emit(this.manager, 'OperationExecuted') + .withArgs(operationId, 1n); + + expect(await this.manager.getSchedule(operationId)).to.equal(0n); + }); + + it('keeps the original _executionId after finishing the call', async function () { + const executionIdBefore = await ethers.provider.getStorage(this.manager, EXECUTION_ID_STORAGE_SLOT); + await this.manager.connect(this.caller).execute(this.target, this.calldata); + const executionIdAfter = await ethers.provider.getStorage(this.manager, EXECUTION_ID_STORAGE_SLOT); + expect(executionIdBefore).to.equal(executionIdAfter); + }); + + it('reverts executing twice', async function () { + const delay = time.duration.hours(2); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed + + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay, + }); + await schedule(); + await time.increaseBy.timestamp(delay); + await this.manager.connect(this.caller).execute(this.target, this.calldata); + await expect(this.manager.connect(this.caller).execute(this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled') + .withArgs(operationId); + }); + }); + + describe('#consumeScheduledOp', function () { + beforeEach('define scheduling parameters', async function () { + const method = this.target.fnRestricted.getFragment(); + this.caller = await ethers.getSigner(this.target.target); + await impersonate(this.caller.address); + this.calldata = this.target.interface.encodeFunctionData(method, []); + this.role = { id: 9834983n }; + + await this.manager.$_setTargetFunctionRole(this.target, method.selector, this.role.id); + await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay + + this.scheduleIn = time.duration.hours(10); // For testAsSchedulableOperation + }); + + describe('when caller is not consuming scheduled operation', function () { + beforeEach('set consuming false', async function () { + await this.target.setIsConsumingScheduledOp(false, ethers.toBeHex(CONSUMING_SCHEDULE_STORAGE_SLOT, 32)); + }); + + it('reverts as AccessManagerUnauthorizedConsume', async function () { + await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedConsume') + .withArgs(this.caller); + }); + }); + + describe('when caller is consuming scheduled operation', function () { + beforeEach('set consuming true', async function () { + await this.target.setIsConsumingScheduledOp(true, ethers.toBeHex(CONSUMING_SCHEDULE_STORAGE_SLOT, 32)); + }); + + testAsSchedulableOperation({ + scheduled: { + before() { + it('reverts as AccessManagerNotReady', async function () { + await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotReady') + .withArgs(this.operationId); + }); + }, + after() { + it('consumes the scheduled operation and resets timepoint', async function () { + expect(await this.manager.getSchedule(this.operationId)).to.equal(this.scheduledAt + this.scheduleIn); + + await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata)) + .to.emit(this.manager, 'OperationExecuted') + .withArgs(this.operationId, 1n); + expect(await this.manager.getSchedule(this.operationId)).to.equal(0n); + }); + }, + expired() { + it('reverts as AccessManagerExpired', async function () { + await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerExpired') + .withArgs(this.operationId); + }); + }, + }, + notScheduled() { + it('reverts as AccessManagerNotScheduled', async function () { + await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled') + .withArgs(this.operationId); + }); + }, + }); + }); + }); + + describe('#cancelScheduledOp', function () { + beforeEach('setup scheduling', async function () { + this.method = this.target.fnRestricted.getFragment(); + this.caller = this.roles.SOME.members[0]; + await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.roles.SOME.id); + await this.manager.$_grantRole(this.roles.SOME.id, this.caller, 0, 1); // nonzero execution delay + + this.calldata = this.target.interface.encodeFunctionData(this.method, []); + this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation + }); + + testAsSchedulableOperation({ + scheduled: { + before() { + describe('when caller is the scheduler', function () { + it('succeeds', async function () { + await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata); + }); + }); + + describe('when caller is an admin', function () { + it('succeeds', async function () { + await this.manager.connect(this.roles.ADMIN.members[0]).cancel(this.caller, this.target, this.calldata); + }); + }); + + describe('when caller is the role guardian', function () { + it('succeeds', async function () { + await this.manager + .connect(this.roles.SOME_GUARDIAN.members[0]) + .cancel(this.caller, this.target, this.calldata); + }); + }); + + describe('when caller is any other account', function () { + it('reverts as AccessManagerUnauthorizedCancel', async function () { + await expect(this.manager.connect(this.other).cancel(this.caller, this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCancel') + .withArgs(this.other, this.caller, this.target, this.method.selector); + }); + }); + }, + after() { + it('succeeds', async function () { + await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata); + }); + }, + expired() { + it('succeeds', async function () { + await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata); + }); + }, + }, + notScheduled() { + it('reverts as AccessManagerNotScheduled', async function () { + await expect(this.manager.cancel(this.caller, this.target, this.calldata)) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled') + .withArgs(this.operationId); + }); + }, + }); + + it('cancels an operation and resets schedule', async function () { + const { operationId, schedule } = await prepareOperation(this.manager, { + caller: this.caller, + target: this.target, + calldata: this.calldata, + delay: this.scheduleIn, + }); + await schedule(); + await expect(this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata)) + .to.emit(this.manager, 'OperationCanceled') + .withArgs(operationId, 1n); + expect(await this.manager.getSchedule(operationId)).to.equal('0'); + }); + }); + + describe('with Ownable target contract', function () { + const roleId = 1n; + + beforeEach(async function () { + this.ownable = await ethers.deployContract('$Ownable', [this.manager]); + + // add user to role + await this.manager.$_grantRole(roleId, this.user, 0, 0); + }); + + it('initial state', async function () { + expect(await this.ownable.owner()).to.equal(this.manager); + }); + + describe('Contract is closed', function () { + beforeEach(async function () { + await this.manager.$_setTargetClosed(this.ownable, true); + }); + + it('directly call: reverts', async function () { + await expect(this.ownable.connect(this.user).$_checkOwner()) + .to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount') + .withArgs(this.user); + }); + + it('relayed call (with role): reverts', async function () { + await expect( + this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector), + ) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.user, this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + + it('relayed call (without role): reverts', async function () { + await expect( + this.manager.connect(this.other).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector), + ) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.other, this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + }); + + describe('Contract is managed', function () { + describe('function is open to specific role', function () { + beforeEach(async function () { + await this.manager.$_setTargetFunctionRole( + this.ownable, + this.ownable.$_checkOwner.getFragment().selector, + roleId, + ); + }); + + it('directly call: reverts', async function () { + await expect(this.ownable.connect(this.user).$_checkOwner()) + .to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount') + .withArgs(this.user); + }); + + it('relayed call (with role): success', async function () { + await this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + + it('relayed call (without role): reverts', async function () { + await expect( + this.manager.connect(this.other).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector), + ) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall') + .withArgs(this.other, this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + }); + + describe('function is open to public role', function () { + beforeEach(async function () { + await this.manager.$_setTargetFunctionRole( + this.ownable, + this.ownable.$_checkOwner.getFragment().selector, + this.roles.PUBLIC.id, + ); + }); + + it('directly call: reverts', async function () { + await expect(this.ownable.connect(this.user).$_checkOwner()) + .to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount') + .withArgs(this.user); + }); + + it('relayed call (with role): success', async function () { + await this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + + it('relayed call (without role): success', async function () { + await this.manager + .connect(this.other) + .execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector); + }); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/access/manager/AuthorityUtils.test.js b/dependencies/@openzeppelin/test/access/manager/AuthorityUtils.test.js new file mode 100644 index 00000000..905913f1 --- /dev/null +++ b/dependencies/@openzeppelin/test/access/manager/AuthorityUtils.test.js @@ -0,0 +1,102 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [user, other] = await ethers.getSigners(); + + const mock = await ethers.deployContract('$AuthorityUtils'); + const notAuthorityMock = await ethers.deployContract('NotAuthorityMock'); + const authorityNoDelayMock = await ethers.deployContract('AuthorityNoDelayMock'); + const authorityDelayMock = await ethers.deployContract('AuthorityDelayMock'); + const authorityNoResponse = await ethers.deployContract('AuthorityNoResponse'); + + return { + user, + other, + mock, + notAuthorityMock, + authorityNoDelayMock, + authorityDelayMock, + authorityNoResponse, + }; +} + +describe('AuthorityUtils', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('canCallWithDelay', function () { + describe('when authority does not have a canCall function', function () { + beforeEach(async function () { + this.authority = this.notAuthorityMock; + }); + + it('returns (immediate = 0, delay = 0)', async function () { + const { immediate, delay } = await this.mock.$canCallWithDelay( + this.authority, + this.user, + this.other, + '0x12345678', + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }); + + describe('when authority has no delay', function () { + beforeEach(async function () { + this.authority = this.authorityNoDelayMock; + this.immediate = true; + await this.authority._setImmediate(this.immediate); + }); + + it('returns (immediate, delay = 0)', async function () { + const { immediate, delay } = await this.mock.$canCallWithDelay( + this.authority, + this.user, + this.other, + '0x12345678', + ); + expect(immediate).to.equal(this.immediate); + expect(delay).to.equal(0n); + }); + }); + + describe('when authority replies with a delay', function () { + beforeEach(async function () { + this.authority = this.authorityDelayMock; + }); + + for (const immediate of [true, false]) { + for (const delay of [0n, 42n]) { + it(`returns (immediate=${immediate}, delay=${delay})`, async function () { + await this.authority._setImmediate(immediate); + await this.authority._setDelay(delay); + const result = await this.mock.$canCallWithDelay(this.authority, this.user, this.other, '0x12345678'); + expect(result.immediate).to.equal(immediate); + expect(result.delay).to.equal(delay); + }); + } + } + }); + + describe('when authority replies with empty data', function () { + beforeEach(async function () { + this.authority = this.authorityNoResponse; + }); + + it('returns (immediate = 0, delay = 0)', async function () { + const { immediate, delay } = await this.mock.$canCallWithDelay( + this.authority, + this.user, + this.other, + '0x12345678', + ); + expect(immediate).to.be.false; + expect(delay).to.equal(0n); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/finance/VestingWallet.behavior.js b/dependencies/@openzeppelin/test/finance/VestingWallet.behavior.js new file mode 100644 index 00000000..b45ffeec --- /dev/null +++ b/dependencies/@openzeppelin/test/finance/VestingWallet.behavior.js @@ -0,0 +1,87 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const time = require('../helpers/time'); + +async function envSetup(mock, beneficiary, token) { + return { + eth: { + checkRelease: async (tx, amount) => { + await expect(tx).to.changeEtherBalances([mock, beneficiary], [-amount, amount]); + }, + setupFailure: async () => { + const beneficiaryMock = await ethers.deployContract('EtherReceiverMock'); + await beneficiaryMock.setAcceptEther(false); + await mock.connect(beneficiary).transferOwnership(beneficiaryMock); + return { args: [], error: [mock, 'FailedCall'] }; + }, + releasedEvent: 'EtherReleased', + args: [], + }, + token: { + checkRelease: async (tx, amount) => { + await expect(tx).to.emit(token, 'Transfer').withArgs(mock, beneficiary, amount); + await expect(tx).to.changeTokenBalances(token, [mock, beneficiary], [-amount, amount]); + }, + setupFailure: async () => { + const pausableToken = await ethers.deployContract('$ERC20Pausable', ['Name', 'Symbol']); + await pausableToken.$_pause(); + return { + args: [ethers.Typed.address(pausableToken)], + error: [pausableToken, 'EnforcedPause'], + }; + }, + releasedEvent: 'ERC20Released', + args: [ethers.Typed.address(token)], + }, + }; +} + +function shouldBehaveLikeVesting() { + it('check vesting schedule', async function () { + for (const timestamp of this.schedule) { + await time.increaseTo.timestamp(timestamp); + const vesting = this.vestingFn(timestamp); + + expect(await this.mock.vestedAmount(...this.args, timestamp)).to.equal(vesting); + expect(await this.mock.releasable(...this.args)).to.equal(vesting); + } + }); + + it('execute vesting schedule', async function () { + let released = 0n; + { + const tx = await this.mock.release(...this.args); + await expect(tx) + .to.emit(this.mock, this.releasedEvent) + .withArgs(...this.args, 0); + + await this.checkRelease(tx, 0n); + } + + for (const timestamp of this.schedule) { + await time.increaseTo.timestamp(timestamp, false); + const vested = this.vestingFn(timestamp); + + const tx = await this.mock.release(...this.args); + await expect(tx).to.emit(this.mock, this.releasedEvent); + + await this.checkRelease(tx, vested - released); + released = vested; + } + }); + + it('should revert on transaction failure', async function () { + const { args, error } = await this.setupFailure(); + + for (const timestamp of this.schedule) { + await time.increaseTo.timestamp(timestamp); + + await expect(this.mock.release(...args)).to.be.revertedWithCustomError(...error); + } + }); +} + +module.exports = { + envSetup, + shouldBehaveLikeVesting, +}; diff --git a/dependencies/@openzeppelin/test/finance/VestingWallet.test.js b/dependencies/@openzeppelin/test/finance/VestingWallet.test.js new file mode 100644 index 00000000..b89258d6 --- /dev/null +++ b/dependencies/@openzeppelin/test/finance/VestingWallet.test.js @@ -0,0 +1,65 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { min } = require('../helpers/math'); +const time = require('../helpers/time'); + +const { envSetup, shouldBehaveLikeVesting } = require('./VestingWallet.behavior'); + +async function fixture() { + const amount = ethers.parseEther('100'); + const duration = time.duration.years(4); + const start = (await time.clock.timestamp()) + time.duration.hours(1); + + const [sender, beneficiary] = await ethers.getSigners(); + const mock = await ethers.deployContract('VestingWallet', [beneficiary, start, duration]); + + const token = await ethers.deployContract('$ERC20', ['Name', 'Symbol']); + await token.$_mint(mock, amount); + await sender.sendTransaction({ to: mock, value: amount }); + + const env = await envSetup(mock, beneficiary, token); + + const schedule = Array.from({ length: 64 }, (_, i) => (BigInt(i) * duration) / 60n + start); + const vestingFn = timestamp => min(amount, (amount * (timestamp - start)) / duration); + + return { mock, duration, start, beneficiary, schedule, vestingFn, env }; +} + +describe('VestingWallet', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('rejects zero address for beneficiary', async function () { + await expect(ethers.deployContract('VestingWallet', [ethers.ZeroAddress, this.start, this.duration])) + .revertedWithCustomError(this.mock, 'OwnableInvalidOwner') + .withArgs(ethers.ZeroAddress); + }); + + it('check vesting contract', async function () { + expect(await this.mock.owner()).to.equal(this.beneficiary); + expect(await this.mock.start()).to.equal(this.start); + expect(await this.mock.duration()).to.equal(this.duration); + expect(await this.mock.end()).to.equal(this.start + this.duration); + }); + + describe('vesting schedule', function () { + describe('Eth vesting', function () { + beforeEach(async function () { + Object.assign(this, this.env.eth); + }); + + shouldBehaveLikeVesting(); + }); + + describe('ERC20 vesting', function () { + beforeEach(async function () { + Object.assign(this, this.env.token); + }); + + shouldBehaveLikeVesting(); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/finance/VestingWalletCliff.test.js b/dependencies/@openzeppelin/test/finance/VestingWalletCliff.test.js new file mode 100644 index 00000000..799b24c4 --- /dev/null +++ b/dependencies/@openzeppelin/test/finance/VestingWalletCliff.test.js @@ -0,0 +1,70 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { min } = require('../helpers/math'); +const time = require('../helpers/time'); + +const { envSetup, shouldBehaveLikeVesting } = require('./VestingWallet.behavior'); + +async function fixture() { + const amount = ethers.parseEther('100'); + const duration = time.duration.years(4); + const start = (await time.clock.timestamp()) + time.duration.hours(1); + const cliffDuration = time.duration.years(1); + const cliff = start + cliffDuration; + + const [sender, beneficiary] = await ethers.getSigners(); + const mock = await ethers.deployContract('$VestingWalletCliff', [beneficiary, start, duration, cliffDuration]); + + const token = await ethers.deployContract('$ERC20', ['Name', 'Symbol']); + await token.$_mint(mock, amount); + await sender.sendTransaction({ to: mock, value: amount }); + + const env = await envSetup(mock, beneficiary, token); + + const schedule = Array.from({ length: 64 }, (_, i) => (BigInt(i) * duration) / 60n + start); + const vestingFn = timestamp => min(amount, timestamp < cliff ? 0n : (amount * (timestamp - start)) / duration); + + return { mock, duration, start, beneficiary, cliff, schedule, vestingFn, env }; +} + +describe('VestingWalletCliff', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('rejects a larger cliff than vesting duration', async function () { + await expect( + ethers.deployContract('$VestingWalletCliff', [this.beneficiary, this.start, this.duration, this.duration + 1n]), + ) + .revertedWithCustomError(this.mock, 'InvalidCliffDuration') + .withArgs(this.duration + 1n, this.duration); + }); + + it('check vesting contract', async function () { + expect(await this.mock.owner()).to.equal(this.beneficiary); + expect(await this.mock.start()).to.equal(this.start); + expect(await this.mock.duration()).to.equal(this.duration); + expect(await this.mock.end()).to.equal(this.start + this.duration); + expect(await this.mock.cliff()).to.equal(this.cliff); + }); + + describe('vesting schedule', function () { + describe('Eth vesting', function () { + beforeEach(async function () { + Object.assign(this, this.env.eth); + }); + + shouldBehaveLikeVesting(); + }); + + describe('ERC20 vesting', function () { + beforeEach(async function () { + Object.assign(this, this.env.token); + }); + + shouldBehaveLikeVesting(); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/governance/Governor.t.sol b/dependencies/@openzeppelin/test/governance/Governor.t.sol new file mode 100644 index 00000000..958461ab --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/Governor.t.sol @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Strings} from "@openzeppelin/contracts/utils/Strings.sol"; +import {Governor} from "@openzeppelin/contracts/governance/Governor.sol"; + +contract GovernorInternalTest is Test, Governor { + constructor() Governor("") {} + + function testValidDescriptionForProposer(string memory description, address proposer, bool includeProposer) public { + if (includeProposer) { + description = string.concat(description, "#proposer=", Strings.toHexString(proposer)); + } + assertTrue(_isValidDescriptionForProposer(proposer, description)); + } + + function testInvalidDescriptionForProposer( + string memory description, + address commitProposer, + address actualProposer + ) public { + vm.assume(commitProposer != actualProposer); + description = string.concat(description, "#proposer=", Strings.toHexString(commitProposer)); + assertFalse(_isValidDescriptionForProposer(actualProposer, description)); + } + + // We don't need to truly implement the missing functions because we are just testing + // internal helpers. + + function clock() public pure override returns (uint48) {} + + // solhint-disable-next-line func-name-mixedcase + function CLOCK_MODE() public pure override returns (string memory) {} + + // solhint-disable-next-line func-name-mixedcase + function COUNTING_MODE() public pure virtual override returns (string memory) {} + + function votingDelay() public pure virtual override returns (uint256) {} + + function votingPeriod() public pure virtual override returns (uint256) {} + + function quorum(uint256) public pure virtual override returns (uint256) {} + + function hasVoted(uint256, address) public pure virtual override returns (bool) {} + + function _quorumReached(uint256) internal pure virtual override returns (bool) {} + + function _voteSucceeded(uint256) internal pure virtual override returns (bool) {} + + function _getVotes(address, uint256, bytes memory) internal pure virtual override returns (uint256) {} + + function _countVote(uint256, address, uint8, uint256, bytes memory) internal virtual override returns (uint256) {} +} diff --git a/dependencies/@openzeppelin/test/governance/Governor.test.js b/dependencies/@openzeppelin/test/governance/Governor.test.js new file mode 100644 index 00000000..3e48ccfe --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/Governor.test.js @@ -0,0 +1,992 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../helpers/governance'); +const { getDomain, Ballot } = require('../helpers/eip712'); +const { ProposalState, VoteType } = require('../helpers/enums'); +const time = require('../helpers/time'); + +const { shouldSupportInterfaces } = require('../utils/introspection/SupportsInterface.behavior'); +const { shouldBehaveLikeERC6372 } = require('./utils/ERC6372.behavior'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, + { Token: '$ERC20VotesLegacyMock', mode: 'blocknumber' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +const signBallot = account => (contract, message) => + getDomain(contract).then(domain => account.signTypedData(domain, { Ballot }, message)); + +async function deployToken(contractName) { + try { + return await ethers.deployContract(contractName, [tokenName, tokenSymbol, tokenName, version]); + } catch (error) { + if (error.message == 'incorrect number of arguments to constructor') { + // ERC20VotesLegacyMock has a different construction that uses version='1' by default. + return ethers.deployContract(contractName, [tokenName, tokenSymbol, tokenName]); + } + throw error; + } +} + +describe('Governor', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, proposer, voter1, voter2, voter3, voter4, userEOA] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await deployToken(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorMock', [ + name, // name + votingDelay, // initialVotingDelay + votingPeriod, // initialVotingPeriod + 0n, // initialProposalThreshold + token, // tokenAddress + 10n, // quorumNumeratorValue + ]); + + await owner.sendTransaction({ to: mock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token: token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token: token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token: token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token: token, to: voter4, value: ethers.parseEther('2') }); + + return { + owner, + proposer, + voter1, + voter2, + voter3, + voter4, + userEOA, + receiver, + token, + mock, + helper, + }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + // initiate fresh proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + '', + ); + }); + + shouldSupportInterfaces(['ERC1155Receiver', 'Governor']); + shouldBehaveLikeERC6372(mode); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0)).to.equal(0n); + expect(await this.mock.COUNTING_MODE()).to.equal('support=bravo&quorum=for,abstain'); + }); + + it('nominal workflow', async function () { + // Before + expect(await this.mock.proposalProposer(this.proposal.id)).to.equal(ethers.ZeroAddress); + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.false; + expect(await ethers.provider.getBalance(this.mock)).to.equal(value); + expect(await ethers.provider.getBalance(this.receiver)).to.equal(0n); + + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(0n); + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.false; + + // Run proposal + const txPropose = await this.helper.connect(this.proposer).propose(); + const timepoint = await time.clockFromReceipt[mode](txPropose); + + await expect(txPropose) + .to.emit(this.mock, 'ProposalCreated') + .withArgs( + this.proposal.id, + this.proposer, + this.proposal.targets, + this.proposal.values, + this.proposal.signatures, + this.proposal.data, + timepoint + votingDelay, + timepoint + votingDelay + votingPeriod, + this.proposal.description, + ); + + await this.helper.waitForSnapshot(); + + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For, reason: 'This is nice' })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter1, this.proposal.id, VoteType.For, ethers.parseEther('10'), 'This is nice'); + + await expect(this.helper.connect(this.voter2).vote({ support: VoteType.For })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter2, this.proposal.id, VoteType.For, ethers.parseEther('7'), ''); + + await expect(this.helper.connect(this.voter3).vote({ support: VoteType.Against })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter3, this.proposal.id, VoteType.Against, ethers.parseEther('5'), ''); + + await expect(this.helper.connect(this.voter4).vote({ support: VoteType.Abstain })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter4, this.proposal.id, VoteType.Abstain, ethers.parseEther('2'), ''); + + await this.helper.waitForDeadline(); + + const txExecute = await this.helper.execute(); + + await expect(txExecute).to.emit(this.mock, 'ProposalExecuted').withArgs(this.proposal.id); + + await expect(txExecute).to.emit(this.receiver, 'MockFunctionCalled'); + + // After + expect(await this.mock.proposalProposer(this.proposal.id)).to.equal(this.proposer); + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.true; + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.receiver)).to.equal(value); + + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(0n); + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.false; + }); + + it('send ethers', async function () { + this.helper.setProposal( + [ + { + target: this.userEOA.address, + value, + }, + ], + '', + ); + + // Run proposal + await expect(async () => { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + return this.helper.execute(); + }).to.changeEtherBalances([this.mock, this.userEOA], [-value, value]); + }); + + describe('vote with signature', function () { + it('votes with an EOA signature', async function () { + await this.token.connect(this.voter1).delegate(this.userEOA); + + const nonce = await this.mock.nonces(this.userEOA); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await expect( + this.helper.vote({ + support: VoteType.For, + voter: this.userEOA.address, + nonce, + signature: signBallot(this.userEOA), + }), + ) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.userEOA, this.proposal.id, VoteType.For, ethers.parseEther('10'), ''); + + await this.helper.waitForDeadline(); + await this.helper.execute(); + + // After + expect(await this.mock.hasVoted(this.proposal.id, this.userEOA)).to.be.true; + expect(await this.mock.nonces(this.userEOA)).to.equal(nonce + 1n); + }); + + it('votes with a valid EIP-1271 signature', async function () { + const wallet = await ethers.deployContract('ERC1271WalletMock', [this.userEOA]); + + await this.token.connect(this.voter1).delegate(wallet); + + const nonce = await this.mock.nonces(this.userEOA); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await expect( + this.helper.vote({ + support: VoteType.For, + voter: wallet.target, + nonce, + signature: signBallot(this.userEOA), + }), + ) + .to.emit(this.mock, 'VoteCast') + .withArgs(wallet, this.proposal.id, VoteType.For, ethers.parseEther('10'), ''); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + // After + expect(await this.mock.hasVoted(this.proposal.id, wallet)).to.be.true; + expect(await this.mock.nonces(wallet)).to.equal(nonce + 1n); + }); + + afterEach('no other votes are cast', async function () { + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.false; + }); + }); + + describe('should revert', function () { + describe('on propose', function () { + it('if proposal already exists', async function () { + await this.helper.propose(); + await expect(this.helper.propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs(this.proposal.id, ProposalState.Pending, ethers.ZeroHash); + }); + + it('if proposer has below threshold votes', async function () { + const votes = ethers.parseEther('10'); + const threshold = ethers.parseEther('1000'); + await this.mock.$_setProposalThreshold(threshold); + await expect(this.helper.connect(this.voter1).propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInsufficientProposerVotes') + .withArgs(this.voter1, votes, threshold); + }); + }); + + describe('on vote', function () { + it('if proposal does not exist', async function () { + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('if voting has not started', async function () { + await this.helper.propose(); + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Pending, + GovernorHelper.proposalStatesToBitMap([ProposalState.Active]), + ); + }); + + it('if support value is invalid', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await expect(this.helper.vote({ support: 255 })).to.be.revertedWithCustomError( + this.mock, + 'GovernorInvalidVoteType', + ); + }); + + it('if vote was already casted', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.be.revertedWithCustomError(this.mock, 'GovernorAlreadyCastVote') + .withArgs(this.voter1); + }); + + it('if voting is over', async function () { + await this.helper.propose(); + await this.helper.waitForDeadline(); + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Defeated, + GovernorHelper.proposalStatesToBitMap([ProposalState.Active]), + ); + }); + }); + + describe('on vote by signature', function () { + beforeEach(async function () { + await this.token.connect(this.voter1).delegate(this.userEOA); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + }); + + it('if signature does not match signer', async function () { + const nonce = await this.mock.nonces(this.userEOA); + + function tamper(str, index, mask) { + const arrayStr = ethers.getBytes(str); + arrayStr[index] ^= mask; + return ethers.hexlify(arrayStr); + } + + const voteParams = { + support: VoteType.For, + voter: this.userEOA.address, + nonce, + signature: (...args) => signBallot(this.userEOA)(...args).then(sig => tamper(sig, 42, 0xff)), + }; + + await expect(this.helper.vote(voteParams)) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidSignature') + .withArgs(voteParams.voter); + }); + + it('if vote nonce is incorrect', async function () { + const nonce = await this.mock.nonces(this.userEOA); + + const voteParams = { + support: VoteType.For, + voter: this.userEOA.address, + nonce: nonce + 1n, + signature: signBallot(this.userEOA), + }; + + await expect(this.helper.vote(voteParams)) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidSignature') + .withArgs(voteParams.voter); + }); + }); + + describe('on queue', function () { + it('always', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await expect(this.helper.queue()).to.be.revertedWithCustomError(this.mock, 'GovernorQueueNotImplemented'); + }); + }); + + describe('on execute', function () { + it('if proposal does not exist', async function () { + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('if quorum is not reached', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter3).vote({ support: VoteType.For }); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Active, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('if score not reached', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.Against }); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Active, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('if voting is not over', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Active, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('if receiver revert without reason', async function () { + this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunctionRevertsNoReason'), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await expect(this.helper.execute()).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + + it('if receiver revert with reason', async function () { + this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunctionRevertsReason'), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await expect(this.helper.execute()).to.be.revertedWith('CallReceiverMock: reverting'); + }); + + it('if proposal was already executed', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + }); + }); + + describe('state', function () { + it('Unset', async function () { + await expect(this.mock.state(this.proposal.id)) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('Pending & Active', async function () { + await this.helper.propose(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Pending); + await this.helper.waitForSnapshot(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Pending); + await this.helper.waitForSnapshot(1n); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Active); + }); + + it('Defeated', async function () { + await this.helper.propose(); + await this.helper.waitForDeadline(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Active); + await this.helper.waitForDeadline(1n); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Defeated); + }); + + it('Succeeded', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Active); + await this.helper.waitForDeadline(1n); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Succeeded); + }); + + it('Executed', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Executed); + }); + }); + + describe('cancel', function () { + describe('internal', function () { + it('before proposal', async function () { + await expect(this.helper.cancel('internal')) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('after proposal', async function () { + await this.helper.propose(); + + await this.helper.cancel('internal'); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await this.helper.waitForSnapshot(); + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Active]), + ); + }); + + it('after vote', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + + await this.helper.cancel('internal'); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await this.helper.waitForDeadline(); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('after deadline', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await this.helper.cancel('internal'); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('after execution', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + await expect(this.helper.cancel('internal')) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap( + [ProposalState.Canceled, ProposalState.Expired, ProposalState.Executed], + { inverted: true }, + ), + ); + }); + }); + + describe('public', function () { + it('before proposal', async function () { + await expect(this.helper.cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('after proposal', async function () { + await this.helper.propose(); + + await this.helper.cancel('external'); + }); + + it('after proposal - restricted to proposer', async function () { + await this.helper.connect(this.proposer).propose(); + + await expect(this.helper.connect(this.owner).cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyProposer') + .withArgs(this.owner); + }); + + it('after vote started', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(1n); // snapshot + 1 block + + await expect(this.helper.cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Active, + GovernorHelper.proposalStatesToBitMap([ProposalState.Pending]), + ); + }); + + it('after vote', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + + await expect(this.helper.cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Active, + GovernorHelper.proposalStatesToBitMap([ProposalState.Pending]), + ); + }); + + it('after deadline', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Succeeded, + GovernorHelper.proposalStatesToBitMap([ProposalState.Pending]), + ); + }); + + it('after execution', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + await expect(this.helper.cancel('external')) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap([ProposalState.Pending]), + ); + }); + }); + }); + + describe('proposal length', function () { + it('empty', async function () { + this.helper.setProposal([], ''); + + await expect(this.helper.propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidProposalLength') + .withArgs(0, 0, 0); + }); + + it('mismatch #1', async function () { + this.helper.setProposal( + { + targets: [], + values: [0n], + data: [this.receiver.interface.encodeFunctionData('mockFunction')], + }, + '', + ); + await expect(this.helper.propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidProposalLength') + .withArgs(0, 1, 1); + }); + + it('mismatch #2', async function () { + this.helper.setProposal( + { + targets: [this.receiver.target], + values: [], + data: [this.receiver.interface.encodeFunctionData('mockFunction')], + }, + '', + ); + await expect(this.helper.propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidProposalLength') + .withArgs(1, 1, 0); + }); + + it('mismatch #3', async function () { + this.helper.setProposal( + { + targets: [this.receiver.target], + values: [0n], + data: [], + }, + '', + ); + await expect(this.helper.propose()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidProposalLength') + .withArgs(1, 0, 1); + }); + }); + + describe('frontrun protection using description suffix', function () { + function shouldPropose() { + it('proposer can propose', async function () { + const txPropose = await this.helper.connect(this.proposer).propose(); + + await expect(txPropose) + .to.emit(this.mock, 'ProposalCreated') + .withArgs( + this.proposal.id, + this.proposer, + this.proposal.targets, + this.proposal.values, + this.proposal.signatures, + this.proposal.data, + (await time.clockFromReceipt[mode](txPropose)) + votingDelay, + (await time.clockFromReceipt[mode](txPropose)) + votingDelay + votingPeriod, + this.proposal.description, + ); + }); + + it('someone else can propose', async function () { + const txPropose = await this.helper.connect(this.voter1).propose(); + + await expect(txPropose) + .to.emit(this.mock, 'ProposalCreated') + .withArgs( + this.proposal.id, + this.voter1, + this.proposal.targets, + this.proposal.values, + this.proposal.signatures, + this.proposal.data, + (await time.clockFromReceipt[mode](txPropose)) + votingDelay, + (await time.clockFromReceipt[mode](txPropose)) + votingDelay + votingPeriod, + this.proposal.description, + ); + }); + } + + describe('without protection', function () { + describe('without suffix', function () { + shouldPropose(); + }); + + describe('with different suffix', function () { + beforeEach(function () { + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + `#wrong-suffix=${this.proposer}`, + ); + }); + + shouldPropose(); + }); + + describe('with proposer suffix but bad address part', function () { + beforeEach(function () { + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + `#proposer=0x3C44CdDdB6a900fa2b585dd299e03d12FA429XYZ`, // XYZ are not a valid hex char + ); + }); + + shouldPropose(); + }); + }); + + describe('with protection via proposer suffix', function () { + beforeEach(function () { + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + `#proposer=${this.proposer}`, + ); + }); + + shouldPropose(); + }); + }); + + describe('onlyGovernance updates', function () { + it('setVotingDelay is protected', async function () { + await expect(this.mock.connect(this.owner).setVotingDelay(0n)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('setVotingPeriod is protected', async function () { + await expect(this.mock.connect(this.owner).setVotingPeriod(32n)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('setProposalThreshold is protected', async function () { + await expect(this.mock.connect(this.owner).setProposalThreshold(1_000_000_000_000_000_000n)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can setVotingDelay through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setVotingDelay', [0n]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.mock, 'VotingDelaySet').withArgs(4n, 0n); + + expect(await this.mock.votingDelay()).to.equal(0n); + }); + + it('can setVotingPeriod through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setVotingPeriod', [32n]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.mock, 'VotingPeriodSet').withArgs(16n, 32n); + + expect(await this.mock.votingPeriod()).to.equal(32n); + }); + + it('cannot setVotingPeriod to 0 through governance', async function () { + const votingPeriod = 0n; + + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setVotingPeriod', [votingPeriod]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidVotingPeriod') + .withArgs(votingPeriod); + }); + + it('can setProposalThreshold to 0 through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setProposalThreshold', [1_000_000_000_000_000_000n]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()) + .to.emit(this.mock, 'ProposalThresholdSet') + .withArgs(0n, 1_000_000_000_000_000_000n); + + expect(await this.mock.proposalThreshold()).to.equal(1_000_000_000_000_000_000n); + }); + }); + + describe('safe receive', function () { + describe('ERC721', function () { + const tokenId = 1n; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC721', ['Non Fungible Token', 'NFT']); + await this.token.$_mint(this.owner, tokenId); + }); + + it('can receive an ERC721 safeTransfer', async function () { + await this.token.connect(this.owner).safeTransferFrom(this.owner, this.mock, tokenId); + }); + }); + + describe('ERC1155', function () { + const tokenIds = { + 1: 1000n, + 2: 2000n, + 3: 3000n, + }; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC1155', ['https://token-cdn-domain/{id}.json']); + await this.token.$_mintBatch(this.owner, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + + it('can receive ERC1155 safeTransfer', async function () { + await this.token.connect(this.owner).safeTransferFrom( + this.owner, + this.mock, + ...Object.entries(tokenIds)[0], // id + amount + '0x', + ); + }); + + it('can receive ERC1155 safeBatchTransfer', async function () { + await this.token + .connect(this.owner) + .safeBatchTransferFrom(this.owner, this.mock, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/TimelockController.test.js b/dependencies/@openzeppelin/test/governance/TimelockController.test.js new file mode 100644 index 00000000..08410d46 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/TimelockController.test.js @@ -0,0 +1,1279 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { GovernorHelper } = require('../helpers/governance'); +const { OperationState } = require('../helpers/enums'); +const time = require('../helpers/time'); + +const { shouldSupportInterfaces } = require('../utils/introspection/SupportsInterface.behavior'); + +const salt = '0x025e7b0be353a74631ad648c667493c0e1cd31caa4cc2d3520fdc171ea0cc726'; // a random value + +const MINDELAY = time.duration.days(1); +const DEFAULT_ADMIN_ROLE = ethers.ZeroHash; +const PROPOSER_ROLE = ethers.id('PROPOSER_ROLE'); +const EXECUTOR_ROLE = ethers.id('EXECUTOR_ROLE'); +const CANCELLER_ROLE = ethers.id('CANCELLER_ROLE'); + +const getAddress = obj => obj.address ?? obj.target ?? obj; + +function genOperation(target, value, data, predecessor, salt) { + const id = ethers.keccak256( + ethers.AbiCoder.defaultAbiCoder().encode( + ['address', 'uint256', 'bytes', 'uint256', 'bytes32'], + [getAddress(target), value, data, predecessor, salt], + ), + ); + return { id, target, value, data, predecessor, salt }; +} + +function genOperationBatch(targets, values, payloads, predecessor, salt) { + const id = ethers.keccak256( + ethers.AbiCoder.defaultAbiCoder().encode( + ['address[]', 'uint256[]', 'bytes[]', 'uint256', 'bytes32'], + [targets.map(getAddress), values, payloads, predecessor, salt], + ), + ); + return { id, targets, values, payloads, predecessor, salt }; +} + +async function fixture() { + const [admin, proposer, canceller, executor, other] = await ethers.getSigners(); + + const mock = await ethers.deployContract('TimelockController', [MINDELAY, [proposer], [executor], admin]); + const callreceivermock = await ethers.deployContract('CallReceiverMock'); + const implementation2 = await ethers.deployContract('Implementation2'); + + expect(await mock.hasRole(CANCELLER_ROLE, proposer)).to.be.true; + await mock.connect(admin).revokeRole(CANCELLER_ROLE, proposer); + await mock.connect(admin).grantRole(CANCELLER_ROLE, canceller); + + return { + admin, + proposer, + canceller, + executor, + other, + mock, + callreceivermock, + implementation2, + }; +} + +describe('TimelockController', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldSupportInterfaces(['ERC1155Receiver']); + + it('initial state', async function () { + expect(await this.mock.getMinDelay()).to.equal(MINDELAY); + + expect(await this.mock.DEFAULT_ADMIN_ROLE()).to.equal(DEFAULT_ADMIN_ROLE); + expect(await this.mock.PROPOSER_ROLE()).to.equal(PROPOSER_ROLE); + expect(await this.mock.EXECUTOR_ROLE()).to.equal(EXECUTOR_ROLE); + expect(await this.mock.CANCELLER_ROLE()).to.equal(CANCELLER_ROLE); + + expect( + await Promise.all( + [PROPOSER_ROLE, CANCELLER_ROLE, EXECUTOR_ROLE].map(role => this.mock.hasRole(role, this.proposer)), + ), + ).to.deep.equal([true, false, false]); + + expect( + await Promise.all( + [PROPOSER_ROLE, CANCELLER_ROLE, EXECUTOR_ROLE].map(role => this.mock.hasRole(role, this.canceller)), + ), + ).to.deep.equal([false, true, false]); + + expect( + await Promise.all( + [PROPOSER_ROLE, CANCELLER_ROLE, EXECUTOR_ROLE].map(role => this.mock.hasRole(role, this.executor)), + ), + ).to.deep.equal([false, false, true]); + }); + + it('optional admin', async function () { + const mock = await ethers.deployContract('TimelockController', [ + MINDELAY, + [this.proposer], + [this.executor], + ethers.ZeroAddress, + ]); + expect(await mock.hasRole(DEFAULT_ADMIN_ROLE, this.admin)).to.be.false; + expect(await mock.hasRole(DEFAULT_ADMIN_ROLE, mock.target)).to.be.true; + }); + + describe('methods', function () { + describe('operation hashing', function () { + it('hashOperation', async function () { + this.operation = genOperation( + '0x29cebefe301c6ce1bb36b58654fea275e1cacc83', + '0xf94fdd6e21da21d2', + '0xa3bc5104', + '0xba41db3be0a9929145cfe480bd0f1f003689104d275ae912099f925df424ef94', + '0x60d9109846ab510ed75c15f979ae366a8a2ace11d34ba9788c13ac296db50e6e', + ); + expect( + await this.mock.hashOperation( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ).to.equal(this.operation.id); + }); + + it('hashOperationBatch', async function () { + this.operation = genOperationBatch( + Array(8).fill('0x2d5f21620e56531c1d59c2df9b8e95d129571f71'), + Array(8).fill('0x2b993cfce932ccee'), + Array(8).fill('0xcf51966b'), + '0xce8f45069cc71d25f71ba05062de1a3974f9849b004de64a70998bca9d29c2e7', + '0x8952d74c110f72bfe5accdf828c74d53a7dfb71235dfa8a1e8c75d8576b372ff', + ); + expect( + await this.mock.hashOperationBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ).to.equal(this.operation.id); + }); + }); + describe('simple', function () { + describe('schedule', function () { + beforeEach(async function () { + this.operation = genOperation( + '0x31754f590B97fD975Eb86938f18Cc304E264D2F2', + 0n, + '0x3bf92ccc', + ethers.ZeroHash, + salt, + ); + }); + + it('proposer can schedule', async function () { + const tx = await this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + + await expect(tx) + .to.emit(this.mock, 'CallScheduled') + .withArgs( + this.operation.id, + 0n, + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + MINDELAY, + ) + .to.emit(this.mock, 'CallSalt') + .withArgs(this.operation.id, this.operation.salt); + + expect(await this.mock.getTimestamp(this.operation.id)).to.equal( + (await time.clockFromReceipt.timestamp(tx)) + MINDELAY, + ); + }); + + it('prevent overwriting active operation', async function () { + await this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + + await expect( + this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Unset)); + }); + + it('prevent non-proposer from committing', async function () { + await expect( + this.mock + .connect(this.other) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, PROPOSER_ROLE); + }); + + it('enforce minimum delay', async function () { + await expect( + this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY - 1n, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInsufficientDelay') + .withArgs(MINDELAY - 1n, MINDELAY); + }); + + it('schedule operation with salt zero', async function () { + await expect( + this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + ethers.ZeroHash, + MINDELAY, + ), + ).to.not.emit(this.mock, 'CallSalt'); + }); + }); + + describe('execute', function () { + beforeEach(async function () { + this.operation = genOperation( + '0xAe22104DCD970750610E6FE15E623468A98b15f7', + 0n, + '0x13e414de', + ethers.ZeroHash, + '0xc1059ed2dc130227aa1d1d539ac94c641306905c020436c636e19e3fab56fc7f', + ); + }); + + it('revert if operation is not scheduled', async function () { + await expect( + this.mock + .connect(this.executor) + .execute( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + describe('with scheduled operation', function () { + beforeEach(async function () { + await this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + }); + + it('revert if execution comes too early 1/2', async function () { + await expect( + this.mock + .connect(this.executor) + .execute( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + it('revert if execution comes too early 2/2', async function () { + // -1 is too tight, test sometime fails + await this.mock.getTimestamp(this.operation.id).then(clock => time.increaseTo.timestamp(clock - 5n)); + + await expect( + this.mock + .connect(this.executor) + .execute( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + describe('on time', function () { + beforeEach(async function () { + await this.mock.getTimestamp(this.operation.id).then(time.increaseTo.timestamp); + }); + + it('executor can reveal', async function () { + await expect( + this.mock + .connect(this.executor) + .execute( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.emit(this.mock, 'CallExecuted') + .withArgs(this.operation.id, 0n, this.operation.target, this.operation.value, this.operation.data); + }); + + it('prevent non-executor from revealing', async function () { + await expect( + this.mock + .connect(this.other) + .execute( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, EXECUTOR_ROLE); + }); + + it('prevents reentrancy execution', async function () { + // Create operation + const reentrant = await ethers.deployContract('$TimelockReentrant'); + const reentrantOperation = genOperation( + reentrant, + 0n, + reentrant.interface.encodeFunctionData('reenter'), + ethers.ZeroHash, + salt, + ); + + // Schedule so it can be executed + await this.mock + .connect(this.proposer) + .schedule( + reentrantOperation.target, + reentrantOperation.value, + reentrantOperation.data, + reentrantOperation.predecessor, + reentrantOperation.salt, + MINDELAY, + ); + + // Advance on time to make the operation executable + await this.mock.getTimestamp(reentrantOperation.id).then(time.increaseTo.timestamp); + + // Grant executor role to the reentrant contract + await this.mock.connect(this.admin).grantRole(EXECUTOR_ROLE, reentrant); + + // Prepare reenter + const data = this.mock.interface.encodeFunctionData('execute', [ + getAddress(reentrantOperation.target), + reentrantOperation.value, + reentrantOperation.data, + reentrantOperation.predecessor, + reentrantOperation.salt, + ]); + await reentrant.enableRentrancy(this.mock, data); + + // Expect to fail + await expect( + this.mock + .connect(this.executor) + .execute( + reentrantOperation.target, + reentrantOperation.value, + reentrantOperation.data, + reentrantOperation.predecessor, + reentrantOperation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(reentrantOperation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + + // Disable reentrancy + await reentrant.disableReentrancy(); + const nonReentrantOperation = reentrantOperation; // Not anymore + + // Try again successfully + await expect( + this.mock + .connect(this.executor) + .execute( + nonReentrantOperation.target, + nonReentrantOperation.value, + nonReentrantOperation.data, + nonReentrantOperation.predecessor, + nonReentrantOperation.salt, + ), + ) + .to.emit(this.mock, 'CallExecuted') + .withArgs( + nonReentrantOperation.id, + 0n, + getAddress(nonReentrantOperation), + nonReentrantOperation.value, + nonReentrantOperation.data, + ); + }); + }); + }); + }); + }); + + describe('batch', function () { + describe('schedule', function () { + beforeEach(async function () { + this.operation = genOperationBatch( + Array(8).fill('0xEd912250835c812D4516BBD80BdaEA1bB63a293C'), + Array(8).fill(0n), + Array(8).fill('0x2fcb7a88'), + ethers.ZeroHash, + '0x6cf9d042ade5de78bed9ffd075eb4b2a4f6b1736932c2dc8af517d6e066f51f5', + ); + }); + + it('proposer can schedule', async function () { + const tx = this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + for (const i in this.operation.targets) { + await expect(tx) + .to.emit(this.mock, 'CallScheduled') + .withArgs( + this.operation.id, + i, + getAddress(this.operation.targets[i]), + this.operation.values[i], + this.operation.payloads[i], + this.operation.predecessor, + MINDELAY, + ) + .to.emit(this.mock, 'CallSalt') + .withArgs(this.operation.id, this.operation.salt); + } + + expect(await this.mock.getTimestamp(this.operation.id)).to.equal( + (await time.clockFromReceipt.timestamp(tx)) + MINDELAY, + ); + }); + + it('prevent overwriting active operation', async function () { + await this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + + await expect( + this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Unset)); + }); + + it('length of batch parameter must match #1', async function () { + await expect( + this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + [], + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInvalidOperationLength') + .withArgs(this.operation.targets.length, this.operation.payloads.length, 0n); + }); + + it('length of batch parameter must match #1', async function () { + await expect( + this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + [], + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInvalidOperationLength') + .withArgs(this.operation.targets.length, 0n, this.operation.payloads.length); + }); + + it('prevent non-proposer from committing', async function () { + await expect( + this.mock + .connect(this.other) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, PROPOSER_ROLE); + }); + + it('enforce minimum delay', async function () { + await expect( + this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY - 1n, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInsufficientDelay') + .withArgs(MINDELAY - 1n, MINDELAY); + }); + }); + + describe('execute', function () { + beforeEach(async function () { + this.operation = genOperationBatch( + Array(8).fill('0x76E53CcEb05131Ef5248553bEBDb8F70536830b1'), + Array(8).fill(0n), + Array(8).fill('0x58a60f63'), + ethers.ZeroHash, + '0x9545eeabc7a7586689191f78a5532443698538e54211b5bd4d7dc0fc0102b5c7', + ); + }); + + it('revert if operation is not scheduled', async function () { + await expect( + this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + describe('with scheduled operation', function () { + beforeEach(async function () { + await this.mock + .connect(this.proposer) + .scheduleBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + }); + + it('revert if execution comes too early 1/2', async function () { + await expect( + this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + it('revert if execution comes too early 2/2', async function () { + // -1 is to tight, test sometime fails + await this.mock.getTimestamp(this.operation.id).then(clock => time.increaseTo.timestamp(clock - 5n)); + + await expect( + this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(this.operation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + describe('on time', function () { + beforeEach(async function () { + await this.mock.getTimestamp(this.operation.id).then(time.increaseTo.timestamp); + }); + + it('executor can reveal', async function () { + const tx = this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ); + for (const i in this.operation.targets) { + await expect(tx) + .to.emit(this.mock, 'CallExecuted') + .withArgs( + this.operation.id, + i, + this.operation.targets[i], + this.operation.values[i], + this.operation.payloads[i], + ); + } + }); + + it('prevent non-executor from revealing', async function () { + await expect( + this.mock + .connect(this.other) + .executeBatch( + this.operation.targets, + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, EXECUTOR_ROLE); + }); + + it('length mismatch #1', async function () { + await expect( + this.mock + .connect(this.executor) + .executeBatch( + [], + this.operation.values, + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInvalidOperationLength') + .withArgs(0, this.operation.payloads.length, this.operation.values.length); + }); + + it('length mismatch #2', async function () { + await expect( + this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + [], + this.operation.payloads, + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInvalidOperationLength') + .withArgs(this.operation.targets.length, this.operation.payloads.length, 0n); + }); + + it('length mismatch #3', async function () { + await expect( + this.mock + .connect(this.executor) + .executeBatch( + this.operation.targets, + this.operation.values, + [], + this.operation.predecessor, + this.operation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockInvalidOperationLength') + .withArgs(this.operation.targets.length, 0n, this.operation.values.length); + }); + + it('prevents reentrancy execution', async function () { + // Create operation + const reentrant = await ethers.deployContract('$TimelockReentrant'); + const reentrantBatchOperation = genOperationBatch( + [reentrant], + [0n], + [reentrant.interface.encodeFunctionData('reenter')], + ethers.ZeroHash, + salt, + ); + + // Schedule so it can be executed + await this.mock + .connect(this.proposer) + .scheduleBatch( + reentrantBatchOperation.targets, + reentrantBatchOperation.values, + reentrantBatchOperation.payloads, + reentrantBatchOperation.predecessor, + reentrantBatchOperation.salt, + MINDELAY, + ); + + // Advance on time to make the operation executable + await this.mock.getTimestamp(reentrantBatchOperation.id).then(time.increaseTo.timestamp); + + // Grant executor role to the reentrant contract + await this.mock.connect(this.admin).grantRole(EXECUTOR_ROLE, reentrant); + + // Prepare reenter + const data = this.mock.interface.encodeFunctionData('executeBatch', [ + reentrantBatchOperation.targets.map(getAddress), + reentrantBatchOperation.values, + reentrantBatchOperation.payloads, + reentrantBatchOperation.predecessor, + reentrantBatchOperation.salt, + ]); + await reentrant.enableRentrancy(this.mock, data); + + // Expect to fail + await expect( + this.mock + .connect(this.executor) + .executeBatch( + reentrantBatchOperation.targets, + reentrantBatchOperation.values, + reentrantBatchOperation.payloads, + reentrantBatchOperation.predecessor, + reentrantBatchOperation.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs(reentrantBatchOperation.id, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + + // Disable reentrancy + await reentrant.disableReentrancy(); + const nonReentrantBatchOperation = reentrantBatchOperation; // Not anymore + + // Try again successfully + const tx = this.mock + .connect(this.executor) + .executeBatch( + nonReentrantBatchOperation.targets, + nonReentrantBatchOperation.values, + nonReentrantBatchOperation.payloads, + nonReentrantBatchOperation.predecessor, + nonReentrantBatchOperation.salt, + ); + for (const i in nonReentrantBatchOperation.targets) { + await expect(tx) + .to.emit(this.mock, 'CallExecuted') + .withArgs( + nonReentrantBatchOperation.id, + i, + nonReentrantBatchOperation.targets[i], + nonReentrantBatchOperation.values[i], + nonReentrantBatchOperation.payloads[i], + ); + } + }); + }); + }); + + it('partial execution', async function () { + const operation = genOperationBatch( + [this.callreceivermock, this.callreceivermock, this.callreceivermock], + [0n, 0n, 0n], + [ + this.callreceivermock.interface.encodeFunctionData('mockFunction'), + this.callreceivermock.interface.encodeFunctionData('mockFunctionRevertsNoReason'), + this.callreceivermock.interface.encodeFunctionData('mockFunction'), + ], + ethers.ZeroHash, + '0x8ac04aa0d6d66b8812fb41d39638d37af0a9ab11da507afd65c509f8ed079d3e', + ); + + await this.mock + .connect(this.proposer) + .scheduleBatch( + operation.targets, + operation.values, + operation.payloads, + operation.predecessor, + operation.salt, + MINDELAY, + ); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + await expect( + this.mock + .connect(this.executor) + .executeBatch( + operation.targets, + operation.values, + operation.payloads, + operation.predecessor, + operation.salt, + ), + ).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + }); + }); + + describe('cancel', function () { + beforeEach(async function () { + this.operation = genOperation( + '0xC6837c44AA376dbe1d2709F13879E040CAb653ca', + 0n, + '0x296e58dd', + ethers.ZeroHash, + '0xa2485763600634800df9fc9646fb2c112cf98649c55f63dd1d9c7d13a64399d9', + ); + await this.mock + .connect(this.proposer) + .schedule( + this.operation.target, + this.operation.value, + this.operation.data, + this.operation.predecessor, + this.operation.salt, + MINDELAY, + ); + }); + + it('canceller can cancel', async function () { + await expect(this.mock.connect(this.canceller).cancel(this.operation.id)) + .to.emit(this.mock, 'Cancelled') + .withArgs(this.operation.id); + }); + + it('cannot cancel invalid operation', async function () { + await expect(this.mock.connect(this.canceller).cancel(ethers.ZeroHash)) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexpectedOperationState') + .withArgs( + ethers.ZeroHash, + GovernorHelper.proposalStatesToBitMap([OperationState.Waiting, OperationState.Ready]), + ); + }); + + it('prevent non-canceller from canceling', async function () { + await expect(this.mock.connect(this.other).cancel(this.operation.id)) + .to.be.revertedWithCustomError(this.mock, 'AccessControlUnauthorizedAccount') + .withArgs(this.other, CANCELLER_ROLE); + }); + }); + }); + + describe('maintenance', function () { + it('prevent unauthorized maintenance', async function () { + await expect(this.mock.connect(this.other).updateDelay(0n)) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnauthorizedCaller') + .withArgs(this.other); + }); + + it('timelock scheduled maintenance', async function () { + const newDelay = time.duration.hours(6); + const operation = genOperation( + this.mock, + 0n, + this.mock.interface.encodeFunctionData('updateDelay', [newDelay]), + ethers.ZeroHash, + '0xf8e775b2c5f4d66fb5c7fa800f35ef518c262b6014b3c0aee6ea21bff157f108', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt), + ) + .to.emit(this.mock, 'MinDelayChange') + .withArgs(MINDELAY, newDelay); + + expect(await this.mock.getMinDelay()).to.equal(newDelay); + }); + }); + + describe('dependency', function () { + beforeEach(async function () { + this.operation1 = genOperation( + '0xdE66bD4c97304200A95aE0AadA32d6d01A867E39', + 0n, + '0x01dc731a', + ethers.ZeroHash, + '0x64e932133c7677402ead2926f86205e2ca4686aebecf5a8077627092b9bb2feb', + ); + this.operation2 = genOperation( + '0x3c7944a3F1ee7fc8c5A5134ba7c79D11c3A1FCa3', + 0n, + '0x8f531849', + this.operation1.id, + '0x036e1311cac523f9548e6461e29fb1f8f9196b91910a41711ea22f5de48df07d', + ); + await this.mock + .connect(this.proposer) + .schedule( + this.operation1.target, + this.operation1.value, + this.operation1.data, + this.operation1.predecessor, + this.operation1.salt, + MINDELAY, + ); + await this.mock + .connect(this.proposer) + .schedule( + this.operation2.target, + this.operation2.value, + this.operation2.data, + this.operation2.predecessor, + this.operation2.salt, + MINDELAY, + ); + + await this.mock.getTimestamp(this.operation2.id).then(time.increaseTo.timestamp); + }); + + it('cannot execute before dependency', async function () { + await expect( + this.mock + .connect(this.executor) + .execute( + this.operation2.target, + this.operation2.value, + this.operation2.data, + this.operation2.predecessor, + this.operation2.salt, + ), + ) + .to.be.revertedWithCustomError(this.mock, 'TimelockUnexecutedPredecessor') + .withArgs(this.operation1.id); + }); + + it('can execute after dependency', async function () { + await this.mock + .connect(this.executor) + .execute( + this.operation1.target, + this.operation1.value, + this.operation1.data, + this.operation1.predecessor, + this.operation1.salt, + ); + await this.mock + .connect(this.executor) + .execute( + this.operation2.target, + this.operation2.value, + this.operation2.data, + this.operation2.predecessor, + this.operation2.salt, + ); + }); + }); + + describe('usage scenario', function () { + this.timeout(10000); + + it('call', async function () { + const operation = genOperation( + this.implementation2, + 0n, + this.implementation2.interface.encodeFunctionData('setValue', [42n]), + ethers.ZeroHash, + '0x8043596363daefc89977b25f9d9b4d06c3910959ef0c4d213557a903e1b555e2', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + await this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt); + + expect(await this.implementation2.getValue()).to.equal(42n); + }); + + it('call reverting', async function () { + const operation = genOperation( + this.callreceivermock, + 0n, + this.callreceivermock.interface.encodeFunctionData('mockFunctionRevertsNoReason'), + ethers.ZeroHash, + '0xb1b1b276fdf1a28d1e00537ea73b04d56639128b08063c1a2f70a52e38cba693', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt), + ).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + + it('call throw', async function () { + const operation = genOperation( + this.callreceivermock, + 0n, + this.callreceivermock.interface.encodeFunctionData('mockFunctionThrows'), + ethers.ZeroHash, + '0xe5ca79f295fc8327ee8a765fe19afb58f4a0cbc5053642bfdd7e73bc68e0fc67', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + // Targeted function reverts with a panic code (0x1) + the timelock bubble the panic code + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt), + ).to.be.revertedWithPanic(PANIC_CODES.ASSERTION_ERROR); + }); + + it('call out of gas', async function () { + const operation = genOperation( + this.callreceivermock, + 0n, + this.callreceivermock.interface.encodeFunctionData('mockFunctionOutOfGas'), + ethers.ZeroHash, + '0xf3274ce7c394c5b629d5215723563a744b817e1730cca5587c567099a14578fd', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, { + gasLimit: '100000', + }), + ).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + + it('call payable with eth', async function () { + const operation = genOperation( + this.callreceivermock, + 1, + this.callreceivermock.interface.encodeFunctionData('mockFunction'), + ethers.ZeroHash, + '0x5ab73cd33477dcd36c1e05e28362719d0ed59a7b9ff14939de63a43073dc1f44', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(0n); + + await this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, { + value: 1, + }); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(1n); + }); + + it('call nonpayable with eth', async function () { + const operation = genOperation( + this.callreceivermock, + 1, + this.callreceivermock.interface.encodeFunctionData('mockFunctionNonPayable'), + ethers.ZeroHash, + '0xb78edbd920c7867f187e5aa6294ae5a656cfbf0dea1ccdca3751b740d0f2bdf8', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(0n); + + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt), + ).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(0n); + }); + + it('call reverting with eth', async function () { + const operation = genOperation( + this.callreceivermock, + 1, + this.callreceivermock.interface.encodeFunctionData('mockFunctionRevertsNoReason'), + ethers.ZeroHash, + '0xdedb4563ef0095db01d81d3f2decf57cf83e4a72aa792af14c43a792b56f4de6', + ); + + await this.mock + .connect(this.proposer) + .schedule(operation.target, operation.value, operation.data, operation.predecessor, operation.salt, MINDELAY); + + await this.mock.getTimestamp(operation.id).then(time.increaseTo.timestamp); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(0n); + + await expect( + this.mock + .connect(this.executor) + .execute(operation.target, operation.value, operation.data, operation.predecessor, operation.salt), + ).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.callreceivermock)).to.equal(0n); + }); + }); + + describe('safe receive', function () { + describe('ERC721', function () { + const tokenId = 1n; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC721', ['Non Fungible Token', 'NFT']); + await this.token.$_mint(this.other, tokenId); + }); + + it('can receive an ERC721 safeTransfer', async function () { + await this.token.connect(this.other).safeTransferFrom(this.other, this.mock, tokenId); + }); + }); + + describe('ERC1155', function () { + const tokenIds = { + 1: 1000n, + 2: 2000n, + 3: 3000n, + }; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC1155', ['https://token-cdn-domain/{id}.json']); + await this.token.$_mintBatch(this.other, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + + it('can receive ERC1155 safeTransfer', async function () { + await this.token.connect(this.other).safeTransferFrom( + this.other, + this.mock, + ...Object.entries(tokenIds)[0n], // id + amount + '0x', + ); + }); + + it('can receive ERC1155 safeBatchTransfer', async function () { + await this.token + .connect(this.other) + .safeBatchTransferFrom(this.other, this.mock, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorCountingFractional.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorCountingFractional.test.js new file mode 100644 index 00000000..393dbad7 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorCountingFractional.test.js @@ -0,0 +1,248 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { VoteType } = require('../../helpers/enums'); +const { zip } = require('../../helpers/iterate'); +const { sum } = require('../../helpers/math'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +describe('GovernorCountingFractional', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, proposer, voter1, voter2, voter3, voter4, other] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorFractionalMock', [ + name, // name + votingDelay, // initialVotingDelay + votingPeriod, // initialVotingPeriod + 0n, // initialProposalThreshold + token, // tokenAddress + 10n, // quorumNumeratorValue + ]); + + await owner.sendTransaction({ to: mock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { owner, proposer, voter1, voter2, voter3, voter4, other, receiver, token, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // default proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + value, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + }, + ], + '', + ); + }); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.COUNTING_MODE()).to.equal( + 'support=bravo,fractional&quorum=for,abstain¶ms=fractional', + ); + }); + + it('nominal is unaffected', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For, reason: 'This is nice' }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.true; + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.receiver)).to.equal(value); + }); + + describe('voting with a fraction of the weight', function () { + it('twice', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([0n, 0n, 0n]); + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.equal(false); + expect(await this.mock.usedVotes(this.proposal.id, this.voter2)).to.equal(0n); + + const steps = [ + ['0', '2', '1'], + ['1', '0', '1'], + ].map(votes => votes.map(vote => ethers.parseEther(vote))); + + for (const votes of steps) { + const params = ethers.solidityPacked(['uint128', 'uint128', 'uint128'], votes); + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Parameters, + reason: 'no particular reason', + params, + }), + ) + .to.emit(this.mock, 'VoteCastWithParams') + .withArgs( + this.voter2, + this.proposal.id, + VoteType.Parameters, + sum(...votes), + 'no particular reason', + params, + ); + } + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal(zip(...steps).map(v => sum(...v))); + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.equal(true); + expect(await this.mock.usedVotes(this.proposal.id, this.voter2)).to.equal(sum(...[].concat(...steps))); + }); + + it('fractional then nominal', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([0n, 0n, 0n]); + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.equal(false); + expect(await this.mock.usedVotes(this.proposal.id, this.voter2)).to.equal(0n); + + const weight = ethers.parseEther('7'); + const fractional = ['1', '2', '1'].map(ethers.parseEther); + + const params = ethers.solidityPacked(['uint128', 'uint128', 'uint128'], fractional); + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Parameters, + reason: 'no particular reason', + params, + }), + ) + .to.emit(this.mock, 'VoteCastWithParams') + .withArgs( + this.voter2, + this.proposal.id, + VoteType.Parameters, + sum(...fractional), + 'no particular reason', + params, + ); + + await expect(this.helper.connect(this.voter2).vote({ support: VoteType.Against })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter2, this.proposal.id, VoteType.Against, weight - sum(...fractional), ''); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([ + weight - sum(...fractional.slice(1)), + ...fractional.slice(1), + ]); + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.equal(true); + expect(await this.mock.usedVotes(this.proposal.id, this.voter2)).to.equal(weight); + }); + + it('revert if params spend more than available', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + const weight = ethers.parseEther('7'); + const fractional = ['0', '1000', '0'].map(ethers.parseEther); + + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Parameters, + reason: 'no particular reason', + params: ethers.solidityPacked(['uint128', 'uint128', 'uint128'], fractional), + }), + ) + .to.be.revertedWithCustomError(this.mock, 'GovernorExceedRemainingWeight') + .withArgs(this.voter2, sum(...fractional), weight); + }); + + it('revert if no weight remaining', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Parameters, + reason: 'no particular reason', + params: ethers.solidityPacked(['uint128', 'uint128', 'uint128'], [0n, 1n, 0n]), + }), + ) + .to.be.revertedWithCustomError(this.mock, 'GovernorAlreadyCastVote') + .withArgs(this.voter2); + }); + + it('revert if params are not properly formatted #1', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Parameters, + reason: 'no particular reason', + params: ethers.solidityPacked(['uint128', 'uint128'], [0n, 1n]), + }), + ).to.be.revertedWithCustomError(this.mock, 'GovernorInvalidVoteParams'); + }); + + it('revert if params are not properly formatted #2', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.Against, + reason: 'no particular reason', + params: ethers.solidityPacked(['uint128', 'uint128', 'uint128'], [0n, 1n, 0n]), + }), + ).to.be.revertedWithCustomError(this.mock, 'GovernorInvalidVoteParams'); + }); + + it('revert if vote type is invalid', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + await expect(this.helper.connect(this.voter2).vote({ support: 128n })).to.be.revertedWithCustomError( + this.mock, + 'GovernorInvalidVoteType', + ); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorERC721.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorERC721.test.js new file mode 100644 index 00000000..1ae5508d --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorERC721.test.js @@ -0,0 +1,131 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { VoteType } = require('../../helpers/enums'); + +const TOKENS = [ + { Token: '$ERC721Votes', mode: 'blocknumber' }, + { Token: '$ERC721VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockNFToken'; +const tokenSymbol = 'MTKN'; +const NFT0 = 0n; +const NFT1 = 1n; +const NFT2 = 2n; +const NFT3 = 3n; +const NFT4 = 4n; +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +describe('GovernorERC721', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, voter1, voter2, voter3, voter4] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorMock', [ + name, // name + votingDelay, // initialVotingDelay + votingPeriod, // initialVotingPeriod + 0n, // initialProposalThreshold + token, // tokenAddress + 10n, // quorumNumeratorValue + ]); + + await owner.sendTransaction({ to: mock, value }); + await Promise.all([NFT0, NFT1, NFT2, NFT3, NFT4].map(tokenId => token.$_mint(owner, tokenId))); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, tokenId: NFT0 }); + await helper.connect(owner).delegate({ token, to: voter2, tokenId: NFT1 }); + await helper.connect(owner).delegate({ token, to: voter2, tokenId: NFT2 }); + await helper.connect(owner).delegate({ token, to: voter3, tokenId: NFT3 }); + await helper.connect(owner).delegate({ token, to: voter4, tokenId: NFT4 }); + + return { + owner, + voter1, + voter2, + voter3, + voter4, + receiver, + token, + mock, + helper, + }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + // initiate fresh proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + '', + ); + }); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0n)).to.equal(0n); + + expect(await this.token.getVotes(this.voter1)).to.equal(1n); // NFT0 + expect(await this.token.getVotes(this.voter2)).to.equal(2n); // NFT1 & NFT2 + expect(await this.token.getVotes(this.voter3)).to.equal(1n); // NFT3 + expect(await this.token.getVotes(this.voter4)).to.equal(1n); // NFT4 + }); + + it('voting with ERC721 token', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + + await expect(this.helper.connect(this.voter1).vote({ support: VoteType.For })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter1, this.proposal.id, VoteType.For, 1n, ''); + + await expect(this.helper.connect(this.voter2).vote({ support: VoteType.For })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter2, this.proposal.id, VoteType.For, 2n, ''); + + await expect(this.helper.connect(this.voter3).vote({ support: VoteType.Against })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter3, this.proposal.id, VoteType.Against, 1n, ''); + + await expect(this.helper.connect(this.voter4).vote({ support: VoteType.Abstain })) + .to.emit(this.mock, 'VoteCast') + .withArgs(this.voter4, this.proposal.id, VoteType.Abstain, 1n, ''); + + await this.helper.waitForDeadline(); + await this.helper.execute(); + + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter3)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter4)).to.be.true; + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([ + 1n, // againstVotes + 3n, // forVotes + 1n, // abstainVotes + ]); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorPreventLateQuorum.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorPreventLateQuorum.test.js new file mode 100644 index 00000000..aac0e689 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorPreventLateQuorum.test.js @@ -0,0 +1,185 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { ProposalState, VoteType } = require('../../helpers/enums'); +const time = require('../../helpers/time'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const lateQuorumVoteExtension = 8n; +const quorum = ethers.parseEther('1'); +const value = ethers.parseEther('1'); + +describe('GovernorPreventLateQuorum', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, proposer, voter1, voter2, voter3, voter4] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorPreventLateQuorumMock', [ + name, // name + votingDelay, // initialVotingDelay + votingPeriod, // initialVotingPeriod + 0n, // initialProposalThreshold + token, // tokenAddress + lateQuorumVoteExtension, + quorum, + ]); + + await owner.sendTransaction({ to: mock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { owner, proposer, voter1, voter2, voter3, voter4, receiver, token, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + // initiate fresh proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + '', + ); + }); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0)).to.equal(quorum); + expect(await this.mock.lateQuorumVoteExtension()).to.equal(lateQuorumVoteExtension); + }); + + it('nominal workflow unaffected', async function () { + const txPropose = await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter3)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter4)).to.be.true; + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([ + ethers.parseEther('5'), // againstVotes + ethers.parseEther('17'), // forVotes + ethers.parseEther('2'), // abstainVotes + ]); + + const voteStart = (await time.clockFromReceipt[mode](txPropose)) + votingDelay; + const voteEnd = (await time.clockFromReceipt[mode](txPropose)) + votingDelay + votingPeriod; + expect(await this.mock.proposalSnapshot(this.proposal.id)).to.equal(voteStart); + expect(await this.mock.proposalDeadline(this.proposal.id)).to.equal(voteEnd); + + await expect(txPropose) + .to.emit(this.mock, 'ProposalCreated') + .withArgs( + this.proposal.id, + this.proposer, + this.proposal.targets, + this.proposal.values, + this.proposal.signatures, + this.proposal.data, + voteStart, + voteEnd, + this.proposal.description, + ); + }); + + it('Delay is extended to prevent last minute take-over', async function () { + const txPropose = await this.helper.connect(this.proposer).propose(); + + // compute original schedule + const snapshotTimepoint = (await time.clockFromReceipt[mode](txPropose)) + votingDelay; + const deadlineTimepoint = (await time.clockFromReceipt[mode](txPropose)) + votingDelay + votingPeriod; + expect(await this.mock.proposalSnapshot(this.proposal.id)).to.equal(snapshotTimepoint); + expect(await this.mock.proposalDeadline(this.proposal.id)).to.equal(deadlineTimepoint); + // wait for the last minute to vote + await this.helper.waitForDeadline(-1n); + const txVote = await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + + // cannot execute yet + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Active); + + // compute new extended schedule + const extendedDeadline = (await time.clockFromReceipt[mode](txVote)) + lateQuorumVoteExtension; + expect(await this.mock.proposalSnapshot(this.proposal.id)).to.equal(snapshotTimepoint); + expect(await this.mock.proposalDeadline(this.proposal.id)).to.equal(extendedDeadline); + + // still possible to vote + await this.helper.connect(this.voter1).vote({ support: VoteType.Against }); + + await this.helper.waitForDeadline(); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Active); + await this.helper.waitForDeadline(1n); + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Defeated); + + // check extension event + await expect(txVote).to.emit(this.mock, 'ProposalExtended').withArgs(this.proposal.id, extendedDeadline); + }); + + describe('onlyGovernance updates', function () { + it('setLateQuorumVoteExtension is protected', async function () { + await expect(this.mock.connect(this.owner).setLateQuorumVoteExtension(0n)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can setLateQuorumVoteExtension through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setLateQuorumVoteExtension', [0n]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()) + .to.emit(this.mock, 'LateQuorumVoteExtensionSet') + .withArgs(lateQuorumVoteExtension, 0n); + + expect(await this.mock.lateQuorumVoteExtension()).to.equal(0n); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorStorage.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorStorage.test.js new file mode 100644 index 00000000..ef56fa53 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorStorage.test.js @@ -0,0 +1,155 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { GovernorHelper, timelockSalt } = require('../../helpers/governance'); +const { VoteType } = require('../../helpers/enums'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const DEFAULT_ADMIN_ROLE = ethers.ZeroHash; +const PROPOSER_ROLE = ethers.id('PROPOSER_ROLE'); +const EXECUTOR_ROLE = ethers.id('EXECUTOR_ROLE'); +const CANCELLER_ROLE = ethers.id('CANCELLER_ROLE'); + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); +const delay = 3600n; + +describe('GovernorStorage', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [deployer, owner, proposer, voter1, voter2, voter3, voter4] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const timelock = await ethers.deployContract('TimelockController', [delay, [], [], deployer]); + const mock = await ethers.deployContract('$GovernorStorageMock', [ + name, + votingDelay, + votingPeriod, + 0n, + timelock, + token, + 0n, + ]); + + await owner.sendTransaction({ to: timelock, value }); + await token.$_mint(owner, tokenSupply); + await timelock.grantRole(PROPOSER_ROLE, mock); + await timelock.grantRole(PROPOSER_ROLE, owner); + await timelock.grantRole(CANCELLER_ROLE, mock); + await timelock.grantRole(CANCELLER_ROLE, owner); + await timelock.grantRole(EXECUTOR_ROLE, ethers.ZeroAddress); + await timelock.revokeRole(DEFAULT_ADMIN_ROLE, deployer); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { deployer, owner, proposer, voter1, voter2, voter3, voter4, receiver, token, timelock, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + // initiate fresh proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + value, + }, + ], + '', + ); + this.proposal.timelockid = await this.timelock.hashOperationBatch( + ...this.proposal.shortProposal.slice(0, 3), + ethers.ZeroHash, + timelockSalt(this.mock.target, this.proposal.shortProposal[3]), + ); + }); + + describe('proposal indexing', function () { + it('before propose', async function () { + expect(await this.mock.proposalCount()).to.equal(0n); + + await expect(this.mock.proposalDetailsAt(0n)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + + await expect(this.mock.proposalDetails(this.proposal.id)) + .to.be.revertedWithCustomError(this.mock, 'GovernorNonexistentProposal') + .withArgs(this.proposal.id); + }); + + it('after propose', async function () { + await this.helper.propose(); + + expect(await this.mock.proposalCount()).to.equal(1n); + + expect(await this.mock.proposalDetailsAt(0n)).to.deep.equal([ + this.proposal.id, + this.proposal.targets, + this.proposal.values, + this.proposal.data, + this.proposal.descriptionHash, + ]); + + expect(await this.mock.proposalDetails(this.proposal.id)).to.deep.equal([ + this.proposal.targets, + this.proposal.values, + this.proposal.data, + this.proposal.descriptionHash, + ]); + }); + }); + + it('queue and execute by id', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + + await expect(this.mock.queue(this.proposal.id)) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, anyValue) + .to.emit(this.timelock, 'CallScheduled') + .withArgs(this.proposal.timelockid, ...Array(6).fill(anyValue)) + .to.emit(this.timelock, 'CallSalt') + .withArgs(this.proposal.timelockid, anyValue); + + await this.helper.waitForEta(); + + await expect(this.mock.execute(this.proposal.id)) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.timelock, 'CallExecuted') + .withArgs(this.proposal.timelockid, ...Array(4).fill(anyValue)) + .to.emit(this.receiver, 'MockFunctionCalled'); + }); + + it('cancel by id', async function () { + await this.helper.connect(this.proposer).propose(); + await expect(this.mock.connect(this.proposer).cancel(this.proposal.id)) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockAccess.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockAccess.test.js new file mode 100644 index 00000000..c3d3b326 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockAccess.test.js @@ -0,0 +1,864 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { hashOperation } = require('../../helpers/access-manager'); +const { max } = require('../../helpers/math'); +const { selector } = require('../../helpers/methods'); +const { ProposalState, VoteType } = require('../../helpers/enums'); +const time = require('../../helpers/time'); + +function prepareOperation({ sender, target, value = 0n, data = '0x' }) { + return { + id: hashOperation(sender, target, data), + operation: { target, value, data }, + selector: data.slice(0, 10).padEnd(10, '0'), + }; +} + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +describe('GovernorTimelockAccess', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [admin, voter1, voter2, voter3, voter4, other] = await ethers.getSigners(); + + const manager = await ethers.deployContract('$AccessManager', [admin]); + const receiver = await ethers.deployContract('$AccessManagedTarget', [manager]); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorTimelockAccessMock', [ + name, + votingDelay, + votingPeriod, + 0n, + manager, + 0n, + token, + 0n, + ]); + + await admin.sendTransaction({ to: mock, value }); + await token.$_mint(admin, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(admin).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(admin).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(admin).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(admin).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { admin, voter1, voter2, voter3, voter4, other, manager, receiver, token, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // restricted proposal + this.restricted = prepareOperation({ + sender: this.mock.target, + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('fnRestricted'), + }); + + this.unrestricted = prepareOperation({ + sender: this.mock.target, + target: this.receiver.target, + data: this.receiver.interface.encodeFunctionData('fnUnrestricted'), + }); + + this.fallback = prepareOperation({ + sender: this.mock.target, + target: this.receiver.target, + data: '0x1234', + }); + }); + + it('accepts ether transfers', async function () { + await this.admin.sendTransaction({ to: this.mock, value: 1n }); + }); + + it('post deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0n)).to.equal(0n); + + expect(await this.mock.accessManager()).to.equal(this.manager); + }); + + it('sets base delay (seconds)', async function () { + const baseDelay = time.duration.hours(10n); + + // Only through governance + await expect(this.mock.connect(this.voter1).setBaseDelaySeconds(baseDelay)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.voter1); + + this.proposal = await this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setBaseDelaySeconds', [baseDelay]), + }, + ], + 'descr', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.mock, 'BaseDelaySet').withArgs(0n, baseDelay); + + expect(await this.mock.baseDelaySeconds()).to.equal(baseDelay); + }); + + it('sets access manager ignored', async function () { + const selectors = ['0x12345678', '0x87654321', '0xabcdef01']; + + // Only through governance + await expect(this.mock.connect(this.voter1).setAccessManagerIgnored(this.other, selectors, true)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.voter1); + + // Ignore + await this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setAccessManagerIgnored', [ + this.other.address, + selectors, + true, + ]), + }, + ], + 'descr', + ); + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + const ignoreReceipt = this.helper.execute(); + for (const selector of selectors) { + await expect(ignoreReceipt) + .to.emit(this.mock, 'AccessManagerIgnoredSet') + .withArgs(this.other, selector, true); + expect(await this.mock.isAccessManagerIgnored(this.other, selector)).to.be.true; + } + + // Unignore + await this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setAccessManagerIgnored', [ + this.other.address, + selectors, + false, + ]), + }, + ], + 'descr', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + const unignoreReceipt = this.helper.execute(); + for (const selector of selectors) { + await expect(unignoreReceipt) + .to.emit(this.mock, 'AccessManagerIgnoredSet') + .withArgs(this.other, selector, false); + expect(await this.mock.isAccessManagerIgnored(this.other, selector)).to.be.false; + } + }); + + it('sets access manager ignored when target is the governor', async function () { + const selectors = ['0x12345678', '0x87654321', '0xabcdef01']; + + await this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('setAccessManagerIgnored', [ + this.mock.target, + selectors, + true, + ]), + }, + ], + 'descr', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + const tx = this.helper.execute(); + for (const selector of selectors) { + await expect(tx).to.emit(this.mock, 'AccessManagerIgnoredSet').withArgs(this.mock, selector, true); + expect(await this.mock.isAccessManagerIgnored(this.mock, selector)).to.be.true; + } + }); + + it('does not need to queue proposals with no delay', async function () { + const roleId = 1n; + const executionDelay = 0n; + const baseDelay = 0n; + + // Set execution delay + await this.manager.connect(this.admin).setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + await this.helper.setProposal([this.restricted.operation], 'descr'); + await this.helper.propose(); + expect(await this.mock.proposalNeedsQueuing(this.helper.currentProposal.id)).to.be.false; + }); + + it('needs to queue proposals with any delay', async function () { + const roleId = 1n; + const delays = [ + [time.duration.hours(1n), time.duration.hours(2n)], + [time.duration.hours(2n), time.duration.hours(1n)], + ]; + + for (const [executionDelay, baseDelay] of delays) { + // Set execution delay + await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + await this.helper.setProposal( + [this.restricted.operation], + `executionDelay=${executionDelay.toString()}}baseDelay=${baseDelay.toString()}}`, + ); + await this.helper.propose(); + expect(await this.mock.proposalNeedsQueuing(this.helper.currentProposal.id)).to.be.true; + } + }); + + describe('execution plan', function () { + it('returns plan for delayed operations', async function () { + const roleId = 1n; + const delays = [ + [time.duration.hours(1n), time.duration.hours(2n)], + [time.duration.hours(2n), time.duration.hours(1n)], + ]; + + for (const [executionDelay, baseDelay] of delays) { + // Set execution delay + await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + this.proposal = await this.helper.setProposal( + [this.restricted.operation], + `executionDelay=${executionDelay.toString()}}baseDelay=${baseDelay.toString()}}`, + ); + await this.helper.propose(); + + expect(await this.mock.proposalExecutionPlan(this.proposal.id)).to.deep.equal([ + max(baseDelay, executionDelay), + [true], + [true], + ]); + } + }); + + it('returns plan for not delayed operations', async function () { + const roleId = 1n; + const executionDelay = 0n; + const baseDelay = 0n; + + // Set execution delay + await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + this.proposal = await this.helper.setProposal([this.restricted.operation], `descr`); + await this.helper.propose(); + + expect(await this.mock.proposalExecutionPlan(this.proposal.id)).to.deep.equal([0n, [true], [false]]); + }); + + it('returns plan for an operation ignoring the manager', async function () { + await this.mock.$_setAccessManagerIgnored(this.receiver, this.restricted.selector, true); + + const roleId = 1n; + const delays = [ + [time.duration.hours(1n), time.duration.hours(2n)], + [time.duration.hours(2n), time.duration.hours(1n)], + ]; + + for (const [executionDelay, baseDelay] of delays) { + // Set execution delay + await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + this.proposal = await this.helper.setProposal( + [this.restricted.operation], + `executionDelay=${executionDelay.toString()}}baseDelay=${baseDelay.toString()}}`, + ); + await this.helper.propose(); + + expect(await this.mock.proposalExecutionPlan(this.proposal.id)).to.deep.equal([ + baseDelay, + [false], + [false], + ]); + } + }); + }); + + describe('base delay only', function () { + for (const [delay, queue] of [ + [0, true], + [0, false], + [1000, true], + ]) { + it(`delay ${delay}, ${queue ? 'with' : 'without'} queuing`, async function () { + await this.mock.$_setBaseDelaySeconds(delay); + + this.proposal = await this.helper.setProposal([this.unrestricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + if (await this.mock.proposalNeedsQueuing(this.proposal.id)) { + expect(await this.helper.queue()) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, anyValue); + } + if (delay > 0) { + await this.helper.waitForEta(); + } + await expect(this.helper.execute()) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.receiver, 'CalledUnrestricted'); + }); + } + }); + + it('reverts when an operation is executed before eta', async function () { + const delay = time.duration.hours(2n); + await this.mock.$_setBaseDelaySeconds(delay); + + this.proposal = await this.helper.setProposal([this.unrestricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnmetDelay') + .withArgs(this.proposal.id, await this.mock.proposalEta(this.proposal.id)); + }); + + it('reverts with a proposal including multiple operations but one of those was cancelled in the manager', async function () { + const delay = time.duration.hours(2n); + const roleId = 1n; + + await this.manager.connect(this.admin).setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, delay); + + // Set proposals + const original = new GovernorHelper(this.mock, mode); + await original.setProposal([this.restricted.operation, this.unrestricted.operation], 'descr'); + + // Go through all the governance process + await original.propose(); + await original.waitForSnapshot(); + await original.connect(this.voter1).vote({ support: VoteType.For }); + await original.waitForDeadline(); + await original.queue(); + await original.waitForEta(); + + // Suddenly cancel one of the proposed operations in the manager + await this.manager + .connect(this.admin) + .cancel(this.mock, this.restricted.operation.target, this.restricted.operation.data); + + // Reschedule the same operation in a different proposal to avoid "AccessManagerNotScheduled" error + const rescheduled = new GovernorHelper(this.mock, mode); + await rescheduled.setProposal([this.restricted.operation], 'descr'); + await rescheduled.propose(); + await rescheduled.waitForSnapshot(); + await rescheduled.connect(this.voter1).vote({ support: VoteType.For }); + await rescheduled.waitForDeadline(); + await rescheduled.queue(); // This will schedule it again in the manager + await rescheduled.waitForEta(); + + // Attempt to execute + await expect(original.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorMismatchedNonce') + .withArgs(original.currentProposal.id, 1, 2); + }); + + it('single operation with access manager delay', async function () { + const delay = 1000n; + const roleId = 1n; + + await this.manager.connect(this.admin).setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, delay); + + this.proposal = await this.helper.setProposal([this.restricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + const txQueue = await this.helper.queue(); + await this.helper.waitForEta(); + const txExecute = await this.helper.execute(); + + await expect(txQueue) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, anyValue) + .to.emit(this.manager, 'OperationScheduled') + .withArgs( + this.restricted.id, + 1n, + (await time.clockFromReceipt.timestamp(txQueue)) + delay, + this.mock.target, + this.restricted.operation.target, + this.restricted.operation.data, + ); + + await expect(txExecute) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.manager, 'OperationExecuted') + .withArgs(this.restricted.id, 1n) + .to.emit(this.receiver, 'CalledRestricted'); + }); + + it('bundle of varied operations', async function () { + const managerDelay = 1000n; + const roleId = 1n; + const baseDelay = managerDelay * 2n; + + await this.mock.$_setBaseDelaySeconds(baseDelay); + + await this.manager.connect(this.admin).setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, managerDelay); + + this.proposal = await this.helper.setProposal( + [this.restricted.operation, this.unrestricted.operation, this.fallback.operation], + 'descr', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + const txQueue = await this.helper.queue(); + await this.helper.waitForEta(); + const txExecute = await this.helper.execute(); + + await expect(txQueue) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, anyValue) + .to.emit(this.manager, 'OperationScheduled') + .withArgs( + this.restricted.id, + 1n, + (await time.clockFromReceipt.timestamp(txQueue)) + baseDelay, + this.mock.target, + this.restricted.operation.target, + this.restricted.operation.data, + ); + + await expect(txExecute) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.manager, 'OperationExecuted') + .withArgs(this.restricted.id, 1n) + .to.emit(this.receiver, 'CalledRestricted') + .to.emit(this.receiver, 'CalledUnrestricted') + .to.emit(this.receiver, 'CalledFallback'); + }); + + describe('cancel', function () { + const delay = 1000n; + const roleId = 1n; + + beforeEach(async function () { + await this.manager + .connect(this.admin) + .setTargetFunctionRole(this.receiver, [this.restricted.selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, delay); + }); + + it('cancels restricted with delay after queue (internal)', async function () { + this.proposal = await this.helper.setProposal([this.restricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id) + .to.emit(this.manager, 'OperationCanceled') + .withArgs(this.restricted.id, 1n); + + await this.helper.waitForEta(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('cancels restricted with queueing if the same operation is part of a more recent proposal (internal)', async function () { + // Set proposals + const original = new GovernorHelper(this.mock, mode); + await original.setProposal([this.restricted.operation], 'descr'); + + // Go through all the governance process + await original.propose(); + await original.waitForSnapshot(); + await original.connect(this.voter1).vote({ support: VoteType.For }); + await original.waitForDeadline(); + await original.queue(); + + // Cancel the operation in the manager + await this.manager + .connect(this.admin) + .cancel(this.mock, this.restricted.operation.target, this.restricted.operation.data); + + // Another proposal is added with the same operation + const rescheduled = new GovernorHelper(this.mock, mode); + await rescheduled.setProposal([this.restricted.operation], 'another descr'); + + // Queue the new proposal + await rescheduled.propose(); + await rescheduled.waitForSnapshot(); + await rescheduled.connect(this.voter1).vote({ support: VoteType.For }); + await rescheduled.waitForDeadline(); + await rescheduled.queue(); // This will schedule it again in the manager + + // Cancel + const eta = await this.mock.proposalEta(rescheduled.currentProposal.id); + + await expect(original.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(original.currentProposal.id); + + await time.clock.timestamp().then(clock => time.increaseTo.timestamp(max(clock + 1n, eta))); + + await expect(original.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + original.currentProposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('cancels unrestricted with queueing (internal)', async function () { + this.proposal = await this.helper.setProposal([this.unrestricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + const eta = await this.mock.proposalEta(this.proposal.id); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + await time.clock.timestamp().then(clock => time.increaseTo.timestamp(max(clock + 1n, eta))); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('cancels unrestricted without queueing (internal)', async function () { + this.proposal = await this.helper.setProposal([this.unrestricted.operation], 'descr'); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('cancels calls already canceled by guardian', async function () { + const operationA = { target: this.receiver.target, data: this.restricted.selector + '00' }; + const operationB = { target: this.receiver.target, data: this.restricted.selector + '01' }; + const operationC = { target: this.receiver.target, data: this.restricted.selector + '02' }; + const operationAId = hashOperation(this.mock.target, operationA.target, operationA.data); + const operationBId = hashOperation(this.mock.target, operationB.target, operationB.data); + + const proposal1 = new GovernorHelper(this.mock, mode); + const proposal2 = new GovernorHelper(this.mock, mode); + proposal1.setProposal([operationA, operationB], 'proposal A+B'); + proposal2.setProposal([operationA, operationC], 'proposal A+C'); + + for (const p of [proposal1, proposal2]) { + await p.propose(); + await p.waitForSnapshot(); + await p.connect(this.voter1).vote({ support: VoteType.For }); + await p.waitForDeadline(); + } + + // Can queue the first proposal + await proposal1.queue(); + + // Cannot queue the second proposal: operation A already scheduled with delay + await expect(proposal2.queue()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerAlreadyScheduled') + .withArgs(operationAId); + + // Admin cancels operation B on the manager + await this.manager.connect(this.admin).cancel(this.mock, operationB.target, operationB.data); + + // Still cannot queue the second proposal: operation A already scheduled with delay + await expect(proposal2.queue()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerAlreadyScheduled') + .withArgs(operationAId); + + await proposal1.waitForEta(); + + // Cannot execute first proposal: operation B has been canceled + await expect(proposal1.execute()) + .to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled') + .withArgs(operationBId); + + // Cancel the first proposal to release operation A + await proposal1.cancel('internal'); + + // can finally queue the second proposal + await proposal2.queue(); + + await proposal2.waitForEta(); + + // Can execute second proposal + await proposal2.execute(); + }); + }); + + describe('ignore AccessManager', function () { + it('defaults', async function () { + expect(await this.mock.isAccessManagerIgnored(this.receiver, this.restricted.selector)).to.be.false; + expect(await this.mock.isAccessManagerIgnored(this.mock, '0x12341234')).to.be.true; + }); + + it('internal setter', async function () { + await expect(this.mock.$_setAccessManagerIgnored(this.receiver, this.restricted.selector, true)) + .to.emit(this.mock, 'AccessManagerIgnoredSet') + .withArgs(this.receiver, this.restricted.selector, true); + + expect(await this.mock.isAccessManagerIgnored(this.receiver, this.restricted.selector)).to.be.true; + + await expect(this.mock.$_setAccessManagerIgnored(this.mock, '0x12341234', false)) + .to.emit(this.mock, 'AccessManagerIgnoredSet') + .withArgs(this.mock, '0x12341234', false); + + expect(await this.mock.isAccessManagerIgnored(this.mock, '0x12341234')).to.be.false; + }); + + it('external setter', async function () { + const setAccessManagerIgnored = (...args) => + this.mock.interface.encodeFunctionData('setAccessManagerIgnored', args); + + await this.helper.setProposal( + [ + { + target: this.mock.target, + data: setAccessManagerIgnored( + this.receiver.target, + [this.restricted.selector, this.unrestricted.selector], + true, + ), + }, + { + target: this.mock.target, + data: setAccessManagerIgnored(this.mock.target, ['0x12341234', '0x67896789'], false), + }, + ], + 'descr', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.mock, 'AccessManagerIgnoredSet'); + + expect(await this.mock.isAccessManagerIgnored(this.receiver, this.restricted.selector)).to.be.true; + expect(await this.mock.isAccessManagerIgnored(this.receiver, this.unrestricted.selector)).to.be.true; + expect(await this.mock.isAccessManagerIgnored(this.mock, '0x12341234')).to.be.false; + expect(await this.mock.isAccessManagerIgnored(this.mock, '0x67896789')).to.be.false; + }); + + it('locked function', async function () { + const setAccessManagerIgnored = selector('setAccessManagerIgnored(address,bytes4[],bool)'); + + await expect( + this.mock.$_setAccessManagerIgnored(this.mock, setAccessManagerIgnored, true), + ).to.be.revertedWithCustomError(this.mock, 'GovernorLockedIgnore'); + + await this.mock.$_setAccessManagerIgnored(this.receiver, setAccessManagerIgnored, true); + }); + + it('ignores access manager', async function () { + const amount = 100n; + const target = this.token.target; + const data = this.token.interface.encodeFunctionData('transfer', [this.voter4.address, amount]); + const selector = data.slice(0, 10); + await this.token.$_mint(this.mock, amount); + + const roleId = 1n; + await this.manager.connect(this.admin).setTargetFunctionRole(target, [selector], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, 0); + + await this.helper.setProposal([{ target, data }], 'descr #1'); + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.manager, 0n, amount); + + await this.mock.$_setAccessManagerIgnored(target, selector, true); + + await this.helper.setProposal([{ target, data }], 'descr #2'); + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.token, 'Transfer').withArgs(this.mock, this.voter4, amount); + }); + }); + + describe('operating on an Ownable contract', function () { + const method = selector('$_checkOwner()'); + + beforeEach(async function () { + this.ownable = await ethers.deployContract('$Ownable', [this.manager]); + this.operation = { + target: this.ownable.target, + data: this.ownable.interface.encodeFunctionData('$_checkOwner'), + }; + }); + + it('succeeds with delay', async function () { + const roleId = 1n; + const executionDelay = time.duration.hours(2n); + const baseDelay = time.duration.hours(1n); + + // Set execution delay + await this.manager.connect(this.admin).setTargetFunctionRole(this.ownable, [method], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + await this.helper.setProposal([this.operation], `descr`); + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + await this.helper.execute(); // Don't revert + }); + + it('succeeds without delay', async function () { + const roleId = 1n; + const executionDelay = 0n; + const baseDelay = 0n; + + // Set execution delay + await this.manager.connect(this.admin).setTargetFunctionRole(this.ownable, [method], roleId); + await this.manager.connect(this.admin).grantRole(roleId, this.mock, executionDelay); + + // Set base delay + await this.mock.$_setBaseDelaySeconds(baseDelay); + + await this.helper.setProposal([this.operation], `descr`); + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); // Don't revert + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockCompound.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockCompound.test.js new file mode 100644 index 00000000..545bf359 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockCompound.test.js @@ -0,0 +1,448 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { ProposalState, VoteType } = require('../../helpers/enums'); +const time = require('../../helpers/time'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); +const defaultDelay = time.duration.days(2n); + +describe('GovernorTimelockCompound', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [deployer, owner, voter1, voter2, voter3, voter4, other] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const predictGovernor = await deployer + .getNonce() + .then(nonce => ethers.getCreateAddress({ from: deployer.address, nonce: nonce + 1 })); + const timelock = await ethers.deployContract('CompTimelock', [predictGovernor, defaultDelay]); + const mock = await ethers.deployContract('$GovernorTimelockCompoundMock', [ + name, + votingDelay, + votingPeriod, + 0n, + timelock, + token, + 0n, + ]); + + await owner.sendTransaction({ to: timelock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { deployer, owner, voter1, voter2, voter3, voter4, other, receiver, token, mock, timelock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // default proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + value, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + }, + ], + '', + ); + }); + + it("doesn't accept ether transfers", async function () { + await expect(this.owner.sendTransaction({ to: this.mock, value: 1n })).to.be.revertedWithCustomError( + this.mock, + 'GovernorDisabledDeposit', + ); + }); + + it('post deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0n)).to.equal(0n); + + expect(await this.mock.timelock()).to.equal(this.timelock); + expect(await this.timelock.admin()).to.equal(this.mock); + }); + + it('nominal', async function () { + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(0n); + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.true; + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + const txQueue = await this.helper.queue(); + + const eta = (await time.clockFromReceipt.timestamp(txQueue)) + defaultDelay; + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(eta); + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.true; + + await this.helper.waitForEta(); + const txExecute = await this.helper.execute(); + + await expect(txQueue) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, eta) + .to.emit(this.timelock, 'QueueTransaction') + .withArgs(...Array(5).fill(anyValue), eta); + + await expect(txExecute) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.timelock, 'ExecuteTransaction') + .withArgs(...Array(5).fill(anyValue), eta) + .to.emit(this.receiver, 'MockFunctionCalled'); + }); + + describe('should revert', function () { + describe('on queue', function () { + it('if already queued', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await expect(this.helper.queue()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Queued, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded]), + ); + }); + + it('if proposal contains duplicate calls', async function () { + const action = { + target: this.token.target, + data: this.token.interface.encodeFunctionData('approve', [this.receiver.target, ethers.MaxUint256]), + }; + const { id } = this.helper.setProposal([action, action], ''); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await expect(this.helper.queue()) + .to.be.revertedWithCustomError(this.mock, 'GovernorAlreadyQueuedProposal') + .withArgs(id); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorNotQueuedProposal') + .withArgs(id); + }); + }); + + describe('on execute', function () { + it('if not queued', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(1n); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Succeeded); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorNotQueuedProposal') + .withArgs(this.proposal.id); + }); + + it('if too early', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Queued); + + await expect(this.helper.execute()).to.be.rejectedWith( + "Timelock::executeTransaction: Transaction hasn't surpassed time lock", + ); + }); + + it('if too late', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(time.duration.days(30)); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Expired); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Expired, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('if already executed', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + await this.helper.execute(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + }); + + describe('on safe receive', function () { + describe('ERC721', function () { + const tokenId = 1n; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC721', ['Non Fungible Token', 'NFT']); + await this.token.$_mint(this.owner, tokenId); + }); + + it("can't receive an ERC721 safeTransfer", async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom(this.owner, this.mock, tokenId), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + }); + + describe('ERC1155', function () { + const tokenIds = { + 1: 1000n, + 2: 2000n, + 3: 3000n, + }; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC1155', ['https://token-cdn-domain/{id}.json']); + await this.token.$_mintBatch(this.owner, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + + it("can't receive ERC1155 safeTransfer", async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom( + this.owner, + this.mock, + ...Object.entries(tokenIds)[0], // id + amount + '0x', + ), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + + it("can't receive ERC1155 safeBatchTransfer", async function () { + await expect( + this.token + .connect(this.owner) + .safeBatchTransferFrom(this.owner, this.mock, Object.keys(tokenIds), Object.values(tokenIds), '0x'), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + }); + }); + }); + + describe('cancel', function () { + it('cancel before queue prevents scheduling', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await expect(this.helper.queue()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded]), + ); + }); + + it('cancel after queue prevents executing', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + }); + + describe('onlyGovernance', function () { + describe('relay', function () { + beforeEach(async function () { + await this.token.$_mint(this.mock, 1); + }); + + it('is protected', async function () { + await expect( + this.mock + .connect(this.owner) + .relay(this.token, 0, this.token.interface.encodeFunctionData('transfer', [this.other.address, 1n])), + ) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can be executed through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('relay', [ + this.token.target, + 0n, + this.token.interface.encodeFunctionData('transfer', [this.other.address, 1n]), + ]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + const txExecute = this.helper.execute(); + + await expect(txExecute).to.changeTokenBalances(this.token, [this.mock, this.other], [-1n, 1n]); + + await expect(txExecute).to.emit(this.token, 'Transfer').withArgs(this.mock, this.other, 1n); + }); + }); + + describe('updateTimelock', function () { + beforeEach(async function () { + this.newTimelock = await ethers.deployContract('CompTimelock', [this.mock, time.duration.days(7n)]); + }); + + it('is protected', async function () { + await expect(this.mock.connect(this.owner).updateTimelock(this.newTimelock)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can be executed through governance to', async function () { + this.helper.setProposal( + [ + { + target: this.timelock.target, + data: this.timelock.interface.encodeFunctionData('setPendingAdmin', [this.owner.address]), + }, + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('updateTimelock', [this.newTimelock.target]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + await expect(this.helper.execute()) + .to.emit(this.mock, 'TimelockChange') + .withArgs(this.timelock, this.newTimelock); + + expect(await this.mock.timelock()).to.equal(this.newTimelock); + }); + }); + + it('can transfer timelock to new governor', async function () { + const newGovernor = await ethers.deployContract('$GovernorTimelockCompoundMock', [ + name, + 8n, + 32n, + 0n, + this.timelock, + this.token, + 0n, + ]); + + this.helper.setProposal( + [ + { + target: this.timelock.target, + data: this.timelock.interface.encodeFunctionData('setPendingAdmin', [newGovernor.target]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + await expect(this.helper.execute()).to.emit(this.timelock, 'NewPendingAdmin').withArgs(newGovernor); + + await newGovernor.__acceptAdmin(); + expect(await this.timelock.admin()).to.equal(newGovernor); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockControl.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockControl.test.js new file mode 100644 index 00000000..c1156a50 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorTimelockControl.test.js @@ -0,0 +1,504 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { GovernorHelper, timelockSalt } = require('../../helpers/governance'); +const { OperationState, ProposalState, VoteType } = require('../../helpers/enums'); +const time = require('../../helpers/time'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const DEFAULT_ADMIN_ROLE = ethers.ZeroHash; +const PROPOSER_ROLE = ethers.id('PROPOSER_ROLE'); +const EXECUTOR_ROLE = ethers.id('EXECUTOR_ROLE'); +const CANCELLER_ROLE = ethers.id('CANCELLER_ROLE'); + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); +const delay = time.duration.hours(1n); + +describe('GovernorTimelockControl', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [deployer, owner, voter1, voter2, voter3, voter4, other] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const timelock = await ethers.deployContract('TimelockController', [delay, [], [], deployer]); + const mock = await ethers.deployContract('$GovernorTimelockControlMock', [ + name, + votingDelay, + votingPeriod, + 0n, + timelock, + token, + 0n, + ]); + + await owner.sendTransaction({ to: timelock, value }); + await token.$_mint(owner, tokenSupply); + await timelock.grantRole(PROPOSER_ROLE, mock); + await timelock.grantRole(PROPOSER_ROLE, owner); + await timelock.grantRole(CANCELLER_ROLE, mock); + await timelock.grantRole(CANCELLER_ROLE, owner); + await timelock.grantRole(EXECUTOR_ROLE, ethers.ZeroAddress); + await timelock.revokeRole(DEFAULT_ADMIN_ROLE, deployer); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { deployer, owner, voter1, voter2, voter3, voter4, other, receiver, token, mock, timelock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // default proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + value, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + }, + ], + '', + ); + + this.proposal.timelockid = await this.timelock.hashOperationBatch( + ...this.proposal.shortProposal.slice(0, 3), + ethers.ZeroHash, + timelockSalt(this.mock.target, this.proposal.shortProposal[3]), + ); + }); + + it("doesn't accept ether transfers", async function () { + await expect(this.owner.sendTransaction({ to: this.mock, value: 1n })).to.be.revertedWithCustomError( + this.mock, + 'GovernorDisabledDeposit', + ); + }); + + it('post deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0n)).to.equal(0n); + + expect(await this.mock.timelock()).to.equal(this.timelock); + }); + + it('nominal', async function () { + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(0n); + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.true; + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + + expect(await this.mock.proposalNeedsQueuing(this.proposal.id)).to.be.true; + const txQueue = await this.helper.queue(); + + const eta = (await time.clockFromReceipt.timestamp(txQueue)) + delay; + expect(await this.mock.proposalEta(this.proposal.id)).to.equal(eta); + await this.helper.waitForEta(); + + const txExecute = this.helper.execute(); + + await expect(txQueue) + .to.emit(this.mock, 'ProposalQueued') + .withArgs(this.proposal.id, anyValue) + .to.emit(this.timelock, 'CallScheduled') + .withArgs(this.proposal.timelockid, ...Array(6).fill(anyValue)) + .to.emit(this.timelock, 'CallSalt') + .withArgs(this.proposal.timelockid, anyValue); + + await expect(txExecute) + .to.emit(this.mock, 'ProposalExecuted') + .withArgs(this.proposal.id) + .to.emit(this.timelock, 'CallExecuted') + .withArgs(this.proposal.timelockid, ...Array(4).fill(anyValue)) + .to.emit(this.receiver, 'MockFunctionCalled'); + }); + + describe('should revert', function () { + describe('on queue', function () { + it('if already queued', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await expect(this.helper.queue()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Queued, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded]), + ); + }); + }); + + describe('on execute', function () { + it('if not queued', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(1n); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Succeeded); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.timelock, 'TimelockUnexpectedOperationState') + .withArgs(this.proposal.timelockid, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + it('if too early', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Queued); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.timelock, 'TimelockUnexpectedOperationState') + .withArgs(this.proposal.timelockid, GovernorHelper.proposalStatesToBitMap(OperationState.Ready)); + }); + + it('if already executed', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + await this.helper.execute(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('if already executed by another proposer', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + await this.timelock.executeBatch( + ...this.proposal.shortProposal.slice(0, 3), + ethers.ZeroHash, + timelockSalt(this.mock.target, this.proposal.shortProposal[3]), + ); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Executed, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + }); + }); + + describe('cancel', function () { + it('cancel before queue prevents scheduling', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await expect(this.helper.queue()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded]), + ); + }); + + it('cancel after queue prevents executing', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + await expect(this.helper.cancel('internal')) + .to.emit(this.mock, 'ProposalCanceled') + .withArgs(this.proposal.id); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Canceled, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + it('cancel on timelock is reflected on governor', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Queued); + + await expect(this.timelock.connect(this.owner).cancel(this.proposal.timelockid)) + .to.emit(this.timelock, 'Cancelled') + .withArgs(this.proposal.timelockid); + + expect(await this.mock.state(this.proposal.id)).to.equal(ProposalState.Canceled); + }); + }); + + describe('onlyGovernance', function () { + describe('relay', function () { + beforeEach(async function () { + await this.token.$_mint(this.mock, 1); + }); + + it('is protected', async function () { + await expect( + this.mock + .connect(this.owner) + .relay(this.token, 0n, this.token.interface.encodeFunctionData('transfer', [this.other.address, 1n])), + ) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can be executed through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('relay', [ + this.token.target, + 0n, + this.token.interface.encodeFunctionData('transfer', [this.other.address, 1n]), + ]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + const txExecute = await this.helper.execute(); + + await expect(txExecute).to.changeTokenBalances(this.token, [this.mock, this.other], [-1n, 1n]); + + await expect(txExecute).to.emit(this.token, 'Transfer').withArgs(this.mock, this.other, 1n); + }); + + it('is payable and can transfer eth to EOA', async function () { + const t2g = 128n; // timelock to governor + const g2o = 100n; // governor to eoa (other) + + this.helper.setProposal( + [ + { + target: this.mock.target, + value: t2g, + data: this.mock.interface.encodeFunctionData('relay', [this.other.address, g2o, '0x']), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + await expect(this.helper.execute()).to.changeEtherBalances( + [this.timelock, this.mock, this.other], + [-t2g, t2g - g2o, g2o], + ); + }); + + it('protected against other proposers', async function () { + const call = [ + this.mock, + 0n, + this.mock.interface.encodeFunctionData('relay', [ethers.ZeroAddress, 0n, '0x']), + ethers.ZeroHash, + ethers.ZeroHash, + ]; + + await this.timelock.connect(this.owner).schedule(...call, delay); + + await time.increaseBy.timestamp(delay); + + // Error bubbled up from Governor + await expect(this.timelock.connect(this.owner).execute(...call)).to.be.revertedWithPanic( + PANIC_CODES.POP_ON_EMPTY_ARRAY, + ); + }); + }); + + describe('updateTimelock', function () { + beforeEach(async function () { + this.newTimelock = await ethers.deployContract('TimelockController', [ + delay, + [this.mock], + [this.mock], + ethers.ZeroAddress, + ]); + }); + + it('is protected', async function () { + await expect(this.mock.connect(this.owner).updateTimelock(this.newTimelock)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can be executed through governance to', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('updateTimelock', [this.newTimelock.target]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + + await expect(this.helper.execute()) + .to.emit(this.mock, 'TimelockChange') + .withArgs(this.timelock, this.newTimelock); + + expect(await this.mock.timelock()).to.equal(this.newTimelock); + }); + }); + + describe('on safe receive', function () { + describe('ERC721', function () { + const tokenId = 1n; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC721', ['Non Fungible Token', 'NFT']); + await this.token.$_mint(this.owner, tokenId); + }); + + it("can't receive an ERC721 safeTransfer", async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom(this.owner, this.mock, tokenId), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + }); + + describe('ERC1155', function () { + const tokenIds = { + 1: 1000n, + 2: 2000n, + 3: 3000n, + }; + + beforeEach(async function () { + this.token = await ethers.deployContract('$ERC1155', ['https://token-cdn-domain/{id}.json']); + await this.token.$_mintBatch(this.owner, Object.keys(tokenIds), Object.values(tokenIds), '0x'); + }); + + it("can't receive ERC1155 safeTransfer", async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom( + this.owner, + this.mock, + ...Object.entries(tokenIds)[0], // id + amount + '0x', + ), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + + it("can't receive ERC1155 safeBatchTransfer", async function () { + await expect( + this.token + .connect(this.owner) + .safeBatchTransferFrom(this.owner, this.mock, Object.keys(tokenIds), Object.values(tokenIds), '0x'), + ).to.be.revertedWithCustomError(this.mock, 'GovernorDisabledDeposit'); + }); + }); + }); + }); + + it('clear queue of pending governor calls', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('nonGovernanceFunction'), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.queue(); + await this.helper.waitForEta(); + await this.helper.execute(); + + // This path clears _governanceCall as part of the afterExecute call, + // but we have not way to check that the cleanup actually happened other + // then coverage reports. + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorVotesQuorumFraction.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorVotesQuorumFraction.test.js new file mode 100644 index 00000000..368e396f --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorVotesQuorumFraction.test.js @@ -0,0 +1,165 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture, mine } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { ProposalState, VoteType } = require('../../helpers/enums'); +const time = require('../../helpers/time'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const ratio = 8n; // percents +const newRatio = 6n; // percents +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +describe('GovernorVotesQuorumFraction', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, voter1, voter2, voter3, voter4] = await ethers.getSigners(); + + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorMock', [name, votingDelay, votingPeriod, 0n, token, ratio]); + + await owner.sendTransaction({ to: mock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { owner, voter1, voter2, voter3, voter4, receiver, token, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // default proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + value, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + }, + ], + '', + ); + }); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + expect(await this.mock.quorum(0)).to.equal(0n); + expect(await this.mock.quorumNumerator()).to.equal(ratio); + expect(await this.mock.quorumDenominator()).to.equal(100n); + expect(await time.clock[mode]().then(clock => this.mock.quorum(clock - 1n))).to.equal( + (tokenSupply * ratio) / 100n, + ); + }); + + it('quorum reached', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + }); + + it('quorum not reached', async function () { + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorUnexpectedProposalState') + .withArgs( + this.proposal.id, + ProposalState.Defeated, + GovernorHelper.proposalStatesToBitMap([ProposalState.Succeeded, ProposalState.Queued]), + ); + }); + + describe('onlyGovernance updates', function () { + it('updateQuorumNumerator is protected', async function () { + await expect(this.mock.connect(this.owner).updateQuorumNumerator(newRatio)) + .to.be.revertedWithCustomError(this.mock, 'GovernorOnlyExecutor') + .withArgs(this.owner); + }); + + it('can updateQuorumNumerator through governance', async function () { + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('updateQuorumNumerator', [newRatio]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + await expect(this.helper.execute()).to.emit(this.mock, 'QuorumNumeratorUpdated').withArgs(ratio, newRatio); + + expect(await this.mock.quorumNumerator()).to.equal(newRatio); + expect(await this.mock.quorumDenominator()).to.equal(100n); + + // it takes one block for the new quorum to take effect + expect(await time.clock[mode]().then(blockNumber => this.mock.quorum(blockNumber - 1n))).to.equal( + (tokenSupply * ratio) / 100n, + ); + + await mine(); + + expect(await time.clock[mode]().then(blockNumber => this.mock.quorum(blockNumber - 1n))).to.equal( + (tokenSupply * newRatio) / 100n, + ); + }); + + it('cannot updateQuorumNumerator over the maximum', async function () { + const quorumNumerator = 101n; + this.helper.setProposal( + [ + { + target: this.mock.target, + data: this.mock.interface.encodeFunctionData('updateQuorumNumerator', [quorumNumerator]), + }, + ], + '', + ); + + await this.helper.propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For }); + await this.helper.waitForDeadline(); + + const quorumDenominator = await this.mock.quorumDenominator(); + + await expect(this.helper.execute()) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidQuorumFraction') + .withArgs(quorumNumerator, quorumDenominator); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/extensions/GovernorWithParams.test.js b/dependencies/@openzeppelin/test/governance/extensions/GovernorWithParams.test.js new file mode 100644 index 00000000..37e15f5c --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/extensions/GovernorWithParams.test.js @@ -0,0 +1,245 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { GovernorHelper } = require('../../helpers/governance'); +const { VoteType } = require('../../helpers/enums'); +const { getDomain, ExtendedBallot } = require('../../helpers/eip712'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'OZ-Governor'; +const version = '1'; +const tokenName = 'MockToken'; +const tokenSymbol = 'MTKN'; +const tokenSupply = ethers.parseEther('100'); +const votingDelay = 4n; +const votingPeriod = 16n; +const value = ethers.parseEther('1'); + +const params = { + decoded: [42n, 'These are my params'], + encoded: ethers.AbiCoder.defaultAbiCoder().encode(['uint256', 'string'], [42n, 'These are my params']), +}; + +describe('GovernorWithParams', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + const [owner, proposer, voter1, voter2, voter3, voter4, other] = await ethers.getSigners(); + const receiver = await ethers.deployContract('CallReceiverMock'); + + const token = await ethers.deployContract(Token, [tokenName, tokenSymbol, version]); + const mock = await ethers.deployContract('$GovernorWithParamsMock', [name, token]); + + await owner.sendTransaction({ to: mock, value }); + await token.$_mint(owner, tokenSupply); + + const helper = new GovernorHelper(mock, mode); + await helper.connect(owner).delegate({ token, to: voter1, value: ethers.parseEther('10') }); + await helper.connect(owner).delegate({ token, to: voter2, value: ethers.parseEther('7') }); + await helper.connect(owner).delegate({ token, to: voter3, value: ethers.parseEther('5') }); + await helper.connect(owner).delegate({ token, to: voter4, value: ethers.parseEther('2') }); + + return { owner, proposer, voter1, voter2, voter3, voter4, other, receiver, token, mock, helper }; + }; + + describe(`using ${Token}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + + // default proposal + this.proposal = this.helper.setProposal( + [ + { + target: this.receiver.target, + value, + data: this.receiver.interface.encodeFunctionData('mockFunction'), + }, + ], + '', + ); + }); + + it('deployment check', async function () { + expect(await this.mock.name()).to.equal(name); + expect(await this.mock.token()).to.equal(this.token); + expect(await this.mock.votingDelay()).to.equal(votingDelay); + expect(await this.mock.votingPeriod()).to.equal(votingPeriod); + }); + + it('nominal is unaffected', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + await this.helper.connect(this.voter1).vote({ support: VoteType.For, reason: 'This is nice' }); + await this.helper.connect(this.voter2).vote({ support: VoteType.For }); + await this.helper.connect(this.voter3).vote({ support: VoteType.Against }); + await this.helper.connect(this.voter4).vote({ support: VoteType.Abstain }); + await this.helper.waitForDeadline(); + await this.helper.execute(); + + expect(await this.mock.hasVoted(this.proposal.id, this.owner)).to.be.false; + expect(await this.mock.hasVoted(this.proposal.id, this.voter1)).to.be.true; + expect(await this.mock.hasVoted(this.proposal.id, this.voter2)).to.be.true; + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + expect(await ethers.provider.getBalance(this.receiver)).to.equal(value); + }); + + it('Voting with params is properly supported', async function () { + await this.helper.connect(this.proposer).propose(); + await this.helper.waitForSnapshot(); + + const weight = ethers.parseEther('7') - params.decoded[0]; + + await expect( + this.helper.connect(this.voter2).vote({ + support: VoteType.For, + reason: 'no particular reason', + params: params.encoded, + }), + ) + .to.emit(this.mock, 'CountParams') + .withArgs(...params.decoded) + .to.emit(this.mock, 'VoteCastWithParams') + .withArgs( + this.voter2.address, + this.proposal.id, + VoteType.For, + weight, + 'no particular reason', + params.encoded, + ); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([0n, weight, 0n]); + }); + + describe('voting by signature', function () { + it('supports EOA signatures', async function () { + await this.token.connect(this.voter2).delegate(this.other); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + + // Prepare vote + const weight = ethers.parseEther('7') - params.decoded[0]; + const nonce = await this.mock.nonces(this.other); + const data = { + proposalId: this.proposal.id, + support: VoteType.For, + voter: this.other.address, + nonce, + reason: 'no particular reason', + params: params.encoded, + signature: (contract, message) => + getDomain(contract).then(domain => this.other.signTypedData(domain, { ExtendedBallot }, message)), + }; + + // Vote + await expect(this.helper.vote(data)) + .to.emit(this.mock, 'CountParams') + .withArgs(...params.decoded) + .to.emit(this.mock, 'VoteCastWithParams') + .withArgs(data.voter, data.proposalId, data.support, weight, data.reason, data.params); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([0n, weight, 0n]); + expect(await this.mock.nonces(this.other)).to.equal(nonce + 1n); + }); + + it('supports EIP-1271 signature signatures', async function () { + const wallet = await ethers.deployContract('ERC1271WalletMock', [this.other]); + await this.token.connect(this.voter2).delegate(wallet); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + + // Prepare vote + const weight = ethers.parseEther('7') - params.decoded[0]; + const nonce = await this.mock.nonces(this.other); + const data = { + proposalId: this.proposal.id, + support: VoteType.For, + voter: wallet.target, + nonce, + reason: 'no particular reason', + params: params.encoded, + signature: (contract, message) => + getDomain(contract).then(domain => this.other.signTypedData(domain, { ExtendedBallot }, message)), + }; + + // Vote + await expect(this.helper.vote(data)) + .to.emit(this.mock, 'CountParams') + .withArgs(...params.decoded) + .to.emit(this.mock, 'VoteCastWithParams') + .withArgs(data.voter, data.proposalId, data.support, weight, data.reason, data.params); + + expect(await this.mock.proposalVotes(this.proposal.id)).to.deep.equal([0n, weight, 0n]); + expect(await this.mock.nonces(wallet)).to.equal(nonce + 1n); + }); + + it('reverts if signature does not match signer', async function () { + await this.token.connect(this.voter2).delegate(this.other); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + + // Prepare vote + const nonce = await this.mock.nonces(this.other); + const data = { + proposalId: this.proposal.id, + support: VoteType.For, + voter: this.other.address, + nonce, + reason: 'no particular reason', + params: params.encoded, + // tampered signature + signature: (contract, message) => + getDomain(contract) + .then(domain => this.other.signTypedData(domain, { ExtendedBallot }, message)) + .then(signature => { + const tamperedSig = ethers.toBeArray(signature); + tamperedSig[42] ^= 0xff; + return ethers.hexlify(tamperedSig); + }), + }; + + // Vote + await expect(this.helper.vote(data)) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidSignature') + .withArgs(data.voter); + }); + + it('reverts if vote nonce is incorrect', async function () { + await this.token.connect(this.voter2).delegate(this.other); + + // Run proposal + await this.helper.propose(); + await this.helper.waitForSnapshot(); + + // Prepare vote + const nonce = await this.mock.nonces(this.other); + const data = { + proposalId: this.proposal.id, + support: VoteType.For, + voter: this.other.address, + nonce: nonce + 1n, + reason: 'no particular reason', + params: params.encoded, + signature: (contract, message) => + getDomain(contract).then(domain => this.other.signTypedData(domain, { ExtendedBallot }, message)), + }; + + // Vote + await expect(this.helper.vote(data)) + .to.be.revertedWithCustomError(this.mock, 'GovernorInvalidSignature') + .withArgs(data.voter); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/governance/utils/ERC6372.behavior.js b/dependencies/@openzeppelin/test/governance/utils/ERC6372.behavior.js new file mode 100644 index 00000000..32f27b59 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/utils/ERC6372.behavior.js @@ -0,0 +1,28 @@ +const { expect } = require('chai'); +const time = require('../../helpers/time'); + +function shouldBehaveLikeERC6372(mode = 'blocknumber') { + describe(`ERC-6372 behavior in ${mode} mode`, function () { + beforeEach(async function () { + this.mock = this.mock ?? this.token ?? this.votes; + }); + + it('should have a correct clock value', async function () { + const currentClock = await this.mock.clock(); + const expectedClock = await time.clock[mode](); + expect(currentClock).to.equal(expectedClock, `Clock mismatch in ${mode} mode`); + }); + + it('should have the correct CLOCK_MODE parameters', async function () { + const clockModeParams = new URLSearchParams(await this.mock.CLOCK_MODE()); + const expectedFromValue = mode === 'blocknumber' ? 'default' : null; + + expect(clockModeParams.get('mode')).to.equal(mode, `Expected mode to be ${mode}`); + expect(clockModeParams.get('from')).to.equal(expectedFromValue, `Expected 'from' to be ${expectedFromValue}`); + }); + }); +} + +module.exports = { + shouldBehaveLikeERC6372, +}; diff --git a/dependencies/@openzeppelin/test/governance/utils/Votes.behavior.js b/dependencies/@openzeppelin/test/governance/utils/Votes.behavior.js new file mode 100644 index 00000000..09977013 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/utils/Votes.behavior.js @@ -0,0 +1,325 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { mine } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getDomain, Delegation } = require('../../helpers/eip712'); +const time = require('../../helpers/time'); + +const { shouldBehaveLikeERC6372 } = require('./ERC6372.behavior'); + +function shouldBehaveLikeVotes(tokens, { mode = 'blocknumber', fungible = true }) { + beforeEach(async function () { + [this.delegator, this.delegatee, this.alice, this.bob, this.other] = this.accounts; + this.domain = await getDomain(this.votes); + }); + + shouldBehaveLikeERC6372(mode); + + const getWeight = token => (fungible ? token : 1n); + + describe('run votes workflow', function () { + it('initial nonce is 0', async function () { + expect(await this.votes.nonces(this.alice)).to.equal(0n); + }); + + describe('delegation with signature', function () { + const token = tokens[0]; + + it('delegation without tokens', async function () { + expect(await this.votes.delegates(this.alice)).to.equal(ethers.ZeroAddress); + + await expect(this.votes.connect(this.alice).delegate(this.alice)) + .to.emit(this.votes, 'DelegateChanged') + .withArgs(this.alice, ethers.ZeroAddress, this.alice) + .to.not.emit(this.votes, 'DelegateVotesChanged'); + + expect(await this.votes.delegates(this.alice)).to.equal(this.alice); + }); + + it('delegation with tokens', async function () { + await this.votes.$_mint(this.alice, token); + const weight = getWeight(token); + + expect(await this.votes.delegates(this.alice)).to.equal(ethers.ZeroAddress); + + const tx = await this.votes.connect(this.alice).delegate(this.alice); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.votes, 'DelegateChanged') + .withArgs(this.alice, ethers.ZeroAddress, this.alice) + .to.emit(this.votes, 'DelegateVotesChanged') + .withArgs(this.alice, 0n, weight); + + expect(await this.votes.delegates(this.alice)).to.equal(this.alice); + expect(await this.votes.getVotes(this.alice)).to.equal(weight); + expect(await this.votes.getPastVotes(this.alice, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.votes.getPastVotes(this.alice, timepoint)).to.equal(weight); + }); + + it('delegation update', async function () { + await this.votes.connect(this.alice).delegate(this.alice); + await this.votes.$_mint(this.alice, token); + const weight = getWeight(token); + + expect(await this.votes.delegates(this.alice)).to.equal(this.alice); + expect(await this.votes.getVotes(this.alice)).to.equal(weight); + expect(await this.votes.getVotes(this.bob)).to.equal(0); + + const tx = await this.votes.connect(this.alice).delegate(this.bob); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.votes, 'DelegateChanged') + .withArgs(this.alice, this.alice, this.bob) + .to.emit(this.votes, 'DelegateVotesChanged') + .withArgs(this.alice, weight, 0) + .to.emit(this.votes, 'DelegateVotesChanged') + .withArgs(this.bob, 0, weight); + + expect(await this.votes.delegates(this.alice)).to.equal(this.bob); + expect(await this.votes.getVotes(this.alice)).to.equal(0n); + expect(await this.votes.getVotes(this.bob)).to.equal(weight); + + expect(await this.votes.getPastVotes(this.alice, timepoint - 1n)).to.equal(weight); + expect(await this.votes.getPastVotes(this.bob, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.votes.getPastVotes(this.alice, timepoint)).to.equal(0n); + expect(await this.votes.getPastVotes(this.bob, timepoint)).to.equal(weight); + }); + + describe('with signature', function () { + const nonce = 0n; + + it('accept signed delegation', async function () { + await this.votes.$_mint(this.delegator, token); + const weight = getWeight(token); + + const { r, s, v } = await this.delegator + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.delegatee.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + expect(await this.votes.delegates(this.delegator)).to.equal(ethers.ZeroAddress); + + const tx = await this.votes.delegateBySig(this.delegatee, nonce, ethers.MaxUint256, v, r, s); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.votes, 'DelegateChanged') + .withArgs(this.delegator, ethers.ZeroAddress, this.delegatee) + .to.emit(this.votes, 'DelegateVotesChanged') + .withArgs(this.delegatee, 0, weight); + + expect(await this.votes.delegates(this.delegator.address)).to.equal(this.delegatee); + expect(await this.votes.getVotes(this.delegator.address)).to.equal(0n); + expect(await this.votes.getVotes(this.delegatee)).to.equal(weight); + expect(await this.votes.getPastVotes(this.delegatee, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.votes.getPastVotes(this.delegatee, timepoint)).to.equal(weight); + }); + + it('rejects reused signature', async function () { + const { r, s, v } = await this.delegator + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.delegatee.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + await this.votes.delegateBySig(this.delegatee, nonce, ethers.MaxUint256, v, r, s); + + await expect(this.votes.delegateBySig(this.delegatee, nonce, ethers.MaxUint256, v, r, s)) + .to.be.revertedWithCustomError(this.votes, 'InvalidAccountNonce') + .withArgs(this.delegator, nonce + 1n); + }); + + it('rejects bad delegatee', async function () { + const { r, s, v } = await this.delegator + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.delegatee.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + const tx = await this.votes.delegateBySig(this.other, nonce, ethers.MaxUint256, v, r, s); + const receipt = await tx.wait(); + + const [delegateChanged] = receipt.logs.filter( + log => this.votes.interface.parseLog(log)?.name === 'DelegateChanged', + ); + const { args } = this.votes.interface.parseLog(delegateChanged); + expect(args.delegator).to.not.be.equal(this.delegator); + expect(args.fromDelegate).to.equal(ethers.ZeroAddress); + expect(args.toDelegate).to.equal(this.other); + }); + + it('rejects bad nonce', async function () { + const { r, s, v } = await this.delegator + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.delegatee.address, + nonce: nonce + 1n, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + await expect(this.votes.delegateBySig(this.delegatee, nonce + 1n, ethers.MaxUint256, v, r, s)) + .to.be.revertedWithCustomError(this.votes, 'InvalidAccountNonce') + .withArgs(this.delegator, 0); + }); + + it('rejects expired permit', async function () { + const expiry = (await time.clock.timestamp()) - 1n; + const { r, s, v } = await this.delegator + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.delegatee.address, + nonce, + expiry, + }, + ) + .then(ethers.Signature.from); + + await expect(this.votes.delegateBySig(this.delegatee, nonce, expiry, v, r, s)) + .to.be.revertedWithCustomError(this.votes, 'VotesExpiredSignature') + .withArgs(expiry); + }); + }); + }); + + describe('getPastTotalSupply', function () { + beforeEach(async function () { + await this.votes.connect(this.alice).delegate(this.alice); + }); + + it('reverts if block number >= current block', async function () { + const timepoint = 5e10; + const clock = await this.votes.clock(); + await expect(this.votes.getPastTotalSupply(timepoint)) + .to.be.revertedWithCustomError(this.votes, 'ERC5805FutureLookup') + .withArgs(timepoint, clock); + }); + + it('returns 0 if there are no checkpoints', async function () { + expect(await this.votes.getPastTotalSupply(0n)).to.equal(0n); + }); + + it('returns the correct checkpointed total supply', async function () { + const weight = tokens.map(token => getWeight(token)); + + // t0 = mint #0 + const t0 = await this.votes.$_mint(this.alice, tokens[0]); + await mine(); + // t1 = mint #1 + const t1 = await this.votes.$_mint(this.alice, tokens[1]); + await mine(); + // t2 = burn #1 + const t2 = await this.votes.$_burn(...(fungible ? [this.alice] : []), tokens[1]); + await mine(); + // t3 = mint #2 + const t3 = await this.votes.$_mint(this.alice, tokens[2]); + await mine(); + // t4 = burn #0 + const t4 = await this.votes.$_burn(...(fungible ? [this.alice] : []), tokens[0]); + await mine(); + // t5 = burn #2 + const t5 = await this.votes.$_burn(...(fungible ? [this.alice] : []), tokens[2]); + await mine(); + + t0.timepoint = await time.clockFromReceipt[mode](t0); + t1.timepoint = await time.clockFromReceipt[mode](t1); + t2.timepoint = await time.clockFromReceipt[mode](t2); + t3.timepoint = await time.clockFromReceipt[mode](t3); + t4.timepoint = await time.clockFromReceipt[mode](t4); + t5.timepoint = await time.clockFromReceipt[mode](t5); + + expect(await this.votes.getPastTotalSupply(t0.timepoint - 1n)).to.equal(0); + expect(await this.votes.getPastTotalSupply(t0.timepoint)).to.equal(weight[0]); + expect(await this.votes.getPastTotalSupply(t0.timepoint + 1n)).to.equal(weight[0]); + expect(await this.votes.getPastTotalSupply(t1.timepoint)).to.equal(weight[0] + weight[1]); + expect(await this.votes.getPastTotalSupply(t1.timepoint + 1n)).to.equal(weight[0] + weight[1]); + expect(await this.votes.getPastTotalSupply(t2.timepoint)).to.equal(weight[0]); + expect(await this.votes.getPastTotalSupply(t2.timepoint + 1n)).to.equal(weight[0]); + expect(await this.votes.getPastTotalSupply(t3.timepoint)).to.equal(weight[0] + weight[2]); + expect(await this.votes.getPastTotalSupply(t3.timepoint + 1n)).to.equal(weight[0] + weight[2]); + expect(await this.votes.getPastTotalSupply(t4.timepoint)).to.equal(weight[2]); + expect(await this.votes.getPastTotalSupply(t4.timepoint + 1n)).to.equal(weight[2]); + expect(await this.votes.getPastTotalSupply(t5.timepoint)).to.equal(0); + await expect(this.votes.getPastTotalSupply(t5.timepoint + 1n)) + .to.be.revertedWithCustomError(this.votes, 'ERC5805FutureLookup') + .withArgs(t5.timepoint + 1n, t5.timepoint + 1n); + }); + }); + + // The following tests are an adaptation of + // https://github.com/compound-finance/compound-protocol/blob/master/tests/Governance/CompTest.js. + describe('Compound test suite', function () { + beforeEach(async function () { + await this.votes.$_mint(this.alice, tokens[0]); + await this.votes.$_mint(this.alice, tokens[1]); + await this.votes.$_mint(this.alice, tokens[2]); + }); + + describe('getPastVotes', function () { + it('reverts if block number >= current block', async function () { + const clock = await this.votes.clock(); + const timepoint = 5e10; // far in the future + await expect(this.votes.getPastVotes(this.bob, timepoint)) + .to.be.revertedWithCustomError(this.votes, 'ERC5805FutureLookup') + .withArgs(timepoint, clock); + }); + + it('returns 0 if there are no checkpoints', async function () { + expect(await this.votes.getPastVotes(this.bob, 0n)).to.equal(0n); + }); + + it('returns the latest block if >= last checkpoint block', async function () { + const delegate = await this.votes.connect(this.alice).delegate(this.bob); + const timepoint = await time.clockFromReceipt[mode](delegate); + await mine(2); + + const latest = await this.votes.getVotes(this.bob); + expect(await this.votes.getPastVotes(this.bob, timepoint)).to.equal(latest); + expect(await this.votes.getPastVotes(this.bob, timepoint + 1n)).to.equal(latest); + }); + + it('returns zero if < first checkpoint block', async function () { + await mine(); + const delegate = await this.votes.connect(this.alice).delegate(this.bob); + const timepoint = await time.clockFromReceipt[mode](delegate); + await mine(2); + + expect(await this.votes.getPastVotes(this.bob, timepoint - 1n)).to.equal(0n); + }); + }); + }); + }); +} + +module.exports = { + shouldBehaveLikeVotes, +}; diff --git a/dependencies/@openzeppelin/test/governance/utils/Votes.test.js b/dependencies/@openzeppelin/test/governance/utils/Votes.test.js new file mode 100644 index 00000000..7acacfc6 --- /dev/null +++ b/dependencies/@openzeppelin/test/governance/utils/Votes.test.js @@ -0,0 +1,102 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { sum } = require('../../helpers/math'); +const { zip } = require('../../helpers/iterate'); +const time = require('../../helpers/time'); + +const { shouldBehaveLikeVotes } = require('./Votes.behavior'); + +const MODES = { + blocknumber: '$VotesMock', + timestamp: '$VotesTimestampMock', +}; + +const AMOUNTS = [ethers.parseEther('10000000'), 10n, 20n]; + +describe('Votes', function () { + for (const [mode, artifact] of Object.entries(MODES)) { + const fixture = async () => { + const accounts = await ethers.getSigners(); + + const amounts = Object.fromEntries( + zip( + accounts.slice(0, AMOUNTS.length).map(({ address }) => address), + AMOUNTS, + ), + ); + + const name = 'My Vote'; + const version = '1'; + const votes = await ethers.deployContract(artifact, [name, version]); + + return { accounts, amounts, votes, name, version }; + }; + + describe(`vote with ${mode}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeVotes(AMOUNTS, { mode, fungible: true }); + + it('starts with zero votes', async function () { + expect(await this.votes.getTotalSupply()).to.equal(0n); + }); + + describe('performs voting operations', function () { + beforeEach(async function () { + this.txs = []; + for (const [account, amount] of Object.entries(this.amounts)) { + this.txs.push(await this.votes.$_mint(account, amount)); + } + }); + + it('reverts if block number >= current block', async function () { + const lastTxTimepoint = await time.clockFromReceipt[mode](this.txs.at(-1)); + const clock = await this.votes.clock(); + await expect(this.votes.getPastTotalSupply(lastTxTimepoint)) + .to.be.revertedWithCustomError(this.votes, 'ERC5805FutureLookup') + .withArgs(lastTxTimepoint, clock); + }); + + it('delegates', async function () { + expect(await this.votes.getVotes(this.accounts[0])).to.equal(0n); + expect(await this.votes.getVotes(this.accounts[1])).to.equal(0n); + expect(await this.votes.delegates(this.accounts[0])).to.equal(ethers.ZeroAddress); + expect(await this.votes.delegates(this.accounts[1])).to.equal(ethers.ZeroAddress); + + await this.votes.delegate(this.accounts[0], ethers.Typed.address(this.accounts[0])); + + expect(await this.votes.getVotes(this.accounts[0])).to.equal(this.amounts[this.accounts[0].address]); + expect(await this.votes.getVotes(this.accounts[1])).to.equal(0n); + expect(await this.votes.delegates(this.accounts[0])).to.equal(this.accounts[0]); + expect(await this.votes.delegates(this.accounts[1])).to.equal(ethers.ZeroAddress); + + await this.votes.delegate(this.accounts[1], ethers.Typed.address(this.accounts[0])); + + expect(await this.votes.getVotes(this.accounts[0])).to.equal( + this.amounts[this.accounts[0].address] + this.amounts[this.accounts[1].address], + ); + expect(await this.votes.getVotes(this.accounts[1])).to.equal(0n); + expect(await this.votes.delegates(this.accounts[0])).to.equal(this.accounts[0]); + expect(await this.votes.delegates(this.accounts[1])).to.equal(this.accounts[0]); + }); + + it('cross delegates', async function () { + await this.votes.delegate(this.accounts[0], ethers.Typed.address(this.accounts[1])); + await this.votes.delegate(this.accounts[1], ethers.Typed.address(this.accounts[0])); + + expect(await this.votes.getVotes(this.accounts[0])).to.equal(this.amounts[this.accounts[1].address]); + expect(await this.votes.getVotes(this.accounts[1])).to.equal(this.amounts[this.accounts[0].address]); + }); + + it('returns total amount of votes', async function () { + const totalSupply = sum(...Object.values(this.amounts)); + expect(await this.votes.getTotalSupply()).to.equal(totalSupply); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/helpers/access-manager.js b/dependencies/@openzeppelin/test/helpers/access-manager.js new file mode 100644 index 00000000..3b834305 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/access-manager.js @@ -0,0 +1,85 @@ +const { ethers } = require('hardhat'); + +const { MAX_UINT64 } = require('./constants'); +const time = require('./time'); +const { upgradeableSlot } = require('./storage'); + +function buildBaseRoles() { + const roles = { + ADMIN: { + id: 0n, + }, + SOME_ADMIN: { + id: 17n, + }, + SOME_GUARDIAN: { + id: 35n, + }, + SOME: { + id: 42n, + }, + PUBLIC: { + id: MAX_UINT64, + }, + }; + + // Names + Object.entries(roles).forEach(([name, role]) => (role.name = name)); + + // Defaults + for (const role of Object.keys(roles)) { + roles[role].admin = roles.ADMIN; + roles[role].guardian = roles.ADMIN; + } + + // Admins + roles.SOME.admin = roles.SOME_ADMIN; + + // Guardians + roles.SOME.guardian = roles.SOME_GUARDIAN; + + return roles; +} + +const formatAccess = access => [access[0], access[1].toString()]; + +const MINSETBACK = time.duration.days(5); +const EXPIRATION = time.duration.weeks(1); + +const EXECUTION_ID_STORAGE_SLOT = upgradeableSlot('AccessManager', 3n); +const CONSUMING_SCHEDULE_STORAGE_SLOT = upgradeableSlot('AccessManaged', 0n); + +/** + * @requires this.{manager, caller, target, calldata} + */ +async function prepareOperation(manager, { caller, target, calldata, delay }) { + const scheduledAt = (await time.clock.timestamp()) + 1n; + await time.increaseTo.timestamp(scheduledAt, false); // Fix next block timestamp for predictability + + return { + schedule: () => manager.connect(caller).schedule(target, calldata, scheduledAt + delay), + scheduledAt, + operationId: hashOperation(caller, target, calldata), + }; +} + +const lazyGetAddress = addressable => addressable.address ?? addressable.target ?? addressable; + +const hashOperation = (caller, target, data) => + ethers.keccak256( + ethers.AbiCoder.defaultAbiCoder().encode( + ['address', 'address', 'bytes'], + [lazyGetAddress(caller), lazyGetAddress(target), data], + ), + ); + +module.exports = { + buildBaseRoles, + formatAccess, + MINSETBACK, + EXPIRATION, + EXECUTION_ID_STORAGE_SLOT, + CONSUMING_SCHEDULE_STORAGE_SLOT, + prepareOperation, + hashOperation, +}; diff --git a/dependencies/@openzeppelin/test/helpers/account.js b/dependencies/@openzeppelin/test/helpers/account.js new file mode 100644 index 00000000..96874b16 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/account.js @@ -0,0 +1,14 @@ +const { ethers } = require('hardhat'); +const { impersonateAccount, setBalance } = require('@nomicfoundation/hardhat-network-helpers'); + +// Hardhat default balance +const DEFAULT_BALANCE = 10000n * ethers.WeiPerEther; + +const impersonate = (account, balance = DEFAULT_BALANCE) => + impersonateAccount(account) + .then(() => setBalance(account, balance)) + .then(() => ethers.getSigner(account)); + +module.exports = { + impersonate, +}; diff --git a/dependencies/@openzeppelin/test/helpers/constants.js b/dependencies/@openzeppelin/test/helpers/constants.js new file mode 100644 index 00000000..4dfda5ea --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/constants.js @@ -0,0 +1,4 @@ +module.exports = { + MAX_UINT48: 2n ** 48n - 1n, + MAX_UINT64: 2n ** 64n - 1n, +}; diff --git a/dependencies/@openzeppelin/test/helpers/deploy.js b/dependencies/@openzeppelin/test/helpers/deploy.js new file mode 100644 index 00000000..0d4b9563 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/deploy.js @@ -0,0 +1,14 @@ +const { artifacts, ethers } = require('hardhat'); +const { setCode } = require('@nomicfoundation/hardhat-network-helpers'); +const { generators } = require('./random'); + +const forceDeployCode = (name, address = generators.address(), runner = ethers.provider) => + artifacts + .readArtifact(name) + .then(({ abi, deployedBytecode }) => + setCode(address, deployedBytecode).then(() => new ethers.Contract(address, abi, runner)), + ); + +module.exports = { + forceDeployCode, +}; diff --git a/dependencies/@openzeppelin/test/helpers/eip712-types.js b/dependencies/@openzeppelin/test/helpers/eip712-types.js new file mode 100644 index 00000000..b2b6ccf8 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/eip712-types.js @@ -0,0 +1,52 @@ +const { mapValues } = require('./iterate'); + +const formatType = schema => Object.entries(schema).map(([name, type]) => ({ name, type })); + +module.exports = mapValues( + { + EIP712Domain: { + name: 'string', + version: 'string', + chainId: 'uint256', + verifyingContract: 'address', + salt: 'bytes32', + }, + Permit: { + owner: 'address', + spender: 'address', + value: 'uint256', + nonce: 'uint256', + deadline: 'uint256', + }, + Ballot: { + proposalId: 'uint256', + support: 'uint8', + voter: 'address', + nonce: 'uint256', + }, + ExtendedBallot: { + proposalId: 'uint256', + support: 'uint8', + voter: 'address', + nonce: 'uint256', + reason: 'string', + params: 'bytes', + }, + Delegation: { + delegatee: 'address', + nonce: 'uint256', + expiry: 'uint256', + }, + ForwardRequest: { + from: 'address', + to: 'address', + value: 'uint256', + gas: 'uint256', + nonce: 'uint256', + deadline: 'uint48', + data: 'bytes', + }, + }, + formatType, +); +module.exports.formatType = formatType; diff --git a/dependencies/@openzeppelin/test/helpers/eip712.js b/dependencies/@openzeppelin/test/helpers/eip712.js new file mode 100644 index 00000000..3843ac02 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/eip712.js @@ -0,0 +1,45 @@ +const { ethers } = require('hardhat'); +const types = require('./eip712-types'); + +async function getDomain(contract) { + const { fields, name, version, chainId, verifyingContract, salt, extensions } = await contract.eip712Domain(); + + if (extensions.length > 0) { + throw Error('Extensions not implemented'); + } + + const domain = { + name, + version, + chainId, + verifyingContract, + salt, + }; + + for (const [i, { name }] of types.EIP712Domain.entries()) { + if (!(fields & (1 << i))) { + delete domain[name]; + } + } + + return domain; +} + +function domainType(domain) { + return types.EIP712Domain.filter(({ name }) => domain[name] !== undefined); +} + +function hashTypedData(domain, structHash) { + return ethers.solidityPackedKeccak256( + ['bytes', 'bytes32', 'bytes32'], + ['0x1901', ethers.TypedDataEncoder.hashDomain(domain), structHash], + ); +} + +module.exports = { + getDomain, + domainType, + domainSeparator: ethers.TypedDataEncoder.hashDomain, + hashTypedData, + ...types, +}; diff --git a/dependencies/@openzeppelin/test/helpers/enums.js b/dependencies/@openzeppelin/test/helpers/enums.js new file mode 100644 index 00000000..f95767ab --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/enums.js @@ -0,0 +1,12 @@ +function Enum(...options) { + return Object.fromEntries(options.map((key, i) => [key, BigInt(i)])); +} + +module.exports = { + Enum, + ProposalState: Enum('Pending', 'Active', 'Canceled', 'Defeated', 'Succeeded', 'Queued', 'Expired', 'Executed'), + VoteType: Object.assign(Enum('Against', 'For', 'Abstain'), { Parameters: 255n }), + Rounding: Enum('Floor', 'Ceil', 'Trunc', 'Expand'), + OperationState: Enum('Unset', 'Waiting', 'Ready', 'Done'), + RevertType: Enum('None', 'RevertWithoutMessage', 'RevertWithMessage', 'RevertWithCustomError', 'Panic'), +}; diff --git a/dependencies/@openzeppelin/test/helpers/governance.js b/dependencies/@openzeppelin/test/helpers/governance.js new file mode 100644 index 00000000..dce5927b --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/governance.js @@ -0,0 +1,198 @@ +const { ethers } = require('hardhat'); +const { ProposalState } = require('./enums'); +const { unique } = require('./iterate'); +const time = require('./time'); + +const timelockSalt = (address, descriptionHash) => + ethers.toBeHex((ethers.toBigInt(address) << 96n) ^ ethers.toBigInt(descriptionHash), 32); + +class GovernorHelper { + constructor(governor, mode = 'blocknumber') { + this.governor = governor; + this.mode = mode; + } + + connect(account) { + this.governor = this.governor.connect(account); + return this; + } + + /// Setter and getters + /** + * Specify a proposal either as + * 1) an array of objects [{ target, value, data }] + * 2) an object of arrays { targets: [], values: [], data: [] } + */ + setProposal(actions, description) { + if (Array.isArray(actions)) { + this.targets = actions.map(a => a.target); + this.values = actions.map(a => a.value || 0n); + this.data = actions.map(a => a.data || '0x'); + } else { + ({ targets: this.targets, values: this.values, data: this.data } = actions); + } + this.description = description; + return this; + } + + get id() { + return ethers.keccak256( + ethers.AbiCoder.defaultAbiCoder().encode(['address[]', 'uint256[]', 'bytes[]', 'bytes32'], this.shortProposal), + ); + } + + // used for checking events + get signatures() { + return this.data.map(() => ''); + } + + get descriptionHash() { + return ethers.id(this.description); + } + + // condensed version for queueing end executing + get shortProposal() { + return [this.targets, this.values, this.data, this.descriptionHash]; + } + + // full version for proposing + get fullProposal() { + return [this.targets, this.values, this.data, this.description]; + } + + get currentProposal() { + return this; + } + + /// Proposal lifecycle + delegate(delegation) { + return Promise.all([ + delegation.token.connect(delegation.to).delegate(delegation.to), + delegation.value === undefined || + delegation.token.connect(this.governor.runner).transfer(delegation.to, delegation.value), + delegation.tokenId === undefined || + delegation.token + .ownerOf(delegation.tokenId) + .then(owner => + delegation.token.connect(this.governor.runner).transferFrom(owner, delegation.to, delegation.tokenId), + ), + ]); + } + + propose() { + return this.governor.propose(...this.fullProposal); + } + + queue() { + return this.governor.queue(...this.shortProposal); + } + + execute() { + return this.governor.execute(...this.shortProposal); + } + + cancel(visibility = 'external') { + switch (visibility) { + case 'external': + return this.governor.cancel(...this.shortProposal); + + case 'internal': + return this.governor.$_cancel(...this.shortProposal); + + default: + throw new Error(`unsupported visibility "${visibility}"`); + } + } + + async vote(vote = {}) { + let method = 'castVote'; // default + let args = [this.id, vote.support]; // base + + if (vote.signature) { + const sign = await vote.signature(this.governor, this.forgeMessage(vote)); + if (vote.params || vote.reason) { + method = 'castVoteWithReasonAndParamsBySig'; + args.push(vote.voter, vote.reason ?? '', vote.params ?? '0x', sign); + } else { + method = 'castVoteBySig'; + args.push(vote.voter, sign); + } + } else if (vote.params) { + method = 'castVoteWithReasonAndParams'; + args.push(vote.reason ?? '', vote.params); + } else if (vote.reason) { + method = 'castVoteWithReason'; + args.push(vote.reason); + } + + return await this.governor[method](...args); + } + + /// Clock helpers + async waitForSnapshot(offset = 0n) { + const timepoint = await this.governor.proposalSnapshot(this.id); + return time.increaseTo[this.mode](timepoint + offset); + } + + async waitForDeadline(offset = 0n) { + const timepoint = await this.governor.proposalDeadline(this.id); + return time.increaseTo[this.mode](timepoint + offset); + } + + async waitForEta(offset = 0n) { + const timestamp = await this.governor.proposalEta(this.id); + return time.increaseTo.timestamp(timestamp + offset); + } + + /// Other helpers + forgeMessage(vote = {}) { + const message = { proposalId: this.id, support: vote.support, voter: vote.voter, nonce: vote.nonce }; + + if (vote.params || vote.reason) { + message.reason = vote.reason ?? ''; + message.params = vote.params ?? '0x'; + } + + return message; + } + + /** + * Encodes a list ProposalStates into a bytes32 representation where each bit enabled corresponds to + * the underlying position in the `ProposalState` enum. For example: + * + * 0x000...10000 + * ^^^^^^------ ... + * ^----- Succeeded + * ^---- Defeated + * ^--- Canceled + * ^-- Active + * ^- Pending + */ + static proposalStatesToBitMap(proposalStates, options = {}) { + if (!Array.isArray(proposalStates)) { + proposalStates = [proposalStates]; + } + const statesCount = ethers.toBigInt(Object.keys(ProposalState).length); + let result = 0n; + + for (const state of unique(proposalStates)) { + if (state < 0n || state >= statesCount) { + expect.fail(`ProposalState ${state} out of possible states (0...${statesCount}-1)`); + } else { + result |= 1n << state; + } + } + + if (options.inverted) { + const mask = 2n ** statesCount - 1n; + result = result ^ mask; + } + + return ethers.toBeHex(result, 32); + } +} + +module.exports = { + GovernorHelper, + timelockSalt, +}; diff --git a/dependencies/@openzeppelin/test/helpers/iterate.js b/dependencies/@openzeppelin/test/helpers/iterate.js new file mode 100644 index 00000000..c7403d52 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/iterate.js @@ -0,0 +1,36 @@ +module.exports = { + // ================================================= Array helpers ================================================= + + // Cut an array into an array of sized-length arrays + // Example: chunk([1,2,3,4,5,6,7,8], 3) β†’ [[1,2,3],[4,5,6],[7,8]] + chunk: (array, size = 1) => + Array.from({ length: Math.ceil(array.length / size) }, (_, i) => array.slice(i * size, i * size + size)), + + // Cartesian cross product of an array of arrays + // Example: product([1,2],[a,b,c],[true]) β†’ [[1,a,true],[1,b,true],[1,c,true],[2,a,true],[2,b,true],[2,c,true]] + product: (...arrays) => arrays.reduce((a, b) => a.flatMap(ai => b.map(bi => [...ai, bi])), [[]]), + + // Range from start to end in increment + // Example: range(17,42,7) β†’ [17,24,31,38] + range: (start, stop = undefined, step = 1) => { + if (stop == undefined) { + stop = start; + start = 0; + } + return start < stop ? Array.from({ length: (stop - start + step - 1) / step }, (_, i) => start + i * step) : []; + }, + + // Unique elements, with an optional getter function + // Example: unique([1,1,2,3,4,8,1,3,8,13,42]) β†’ [1,2,3,4,8,13,42] + unique: (array, op = x => x) => array.filter((obj, i) => array.findIndex(entry => op(obj) === op(entry)) === i), + + // Zip arrays together. If some arrays are smaller, undefined is used as a filler. + // Example: zip([1,2],[a,b,c],[true]) β†’ [[1,a,true],[2,b,undefined],[undefined,c,undefined]] + zip: (...args) => Array.from({ length: Math.max(...args.map(arg => arg.length)) }, (_, i) => args.map(arg => arg[i])), + + // ================================================ Object helpers ================================================= + + // Create a new object by mapping the values through a function, keeping the keys + // Example: mapValues({a:1,b:2,c:3}, x => x**2) β†’ {a:1,b:4,c:9} + mapValues: (obj, fn) => Object.fromEntries(Object.entries(obj).map(([k, v]) => [k, fn(v)])), +}; diff --git a/dependencies/@openzeppelin/test/helpers/math.js b/dependencies/@openzeppelin/test/helpers/math.js new file mode 100644 index 00000000..133254ae --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/math.js @@ -0,0 +1,33 @@ +// Array of number or bigint +const max = (...values) => values.slice(1).reduce((x, y) => (x > y ? x : y), values.at(0)); +const min = (...values) => values.slice(1).reduce((x, y) => (x < y ? x : y), values.at(0)); +const sum = (...values) => values.slice(1).reduce((x, y) => x + y, values.at(0)); + +// Computes modexp without BigInt overflow for large numbers +function modExp(b, e, m) { + let result = 1n; + + // If e is a power of two, modexp can be calculated as: + // for (let result = b, i = 0; i < log2(e); i++) result = modexp(result, 2, m) + // + // Given any natural number can be written in terms of powers of 2 (i.e. binary) + // then modexp can be calculated for any e, by multiplying b**i for all i where + // binary(e)[i] is 1 (i.e. a power of two). + for (let base = b % m; e > 0n; base = base ** 2n % m) { + // Least significant bit is 1 + if (e % 2n == 1n) { + result = (result * base) % m; + } + + e /= 2n; // Binary pop + } + + return result; +} + +module.exports = { + min, + max, + sum, + modExp, +}; diff --git a/dependencies/@openzeppelin/test/helpers/methods.js b/dependencies/@openzeppelin/test/helpers/methods.js new file mode 100644 index 00000000..a4918972 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/methods.js @@ -0,0 +1,14 @@ +const { ethers } = require('hardhat'); + +const selector = signature => ethers.FunctionFragment.from(signature).selector; + +const interfaceId = signatures => + ethers.toBeHex( + signatures.reduce((acc, signature) => acc ^ ethers.toBigInt(selector(signature)), 0n), + 4, + ); + +module.exports = { + selector, + interfaceId, +}; diff --git a/dependencies/@openzeppelin/test/helpers/random.js b/dependencies/@openzeppelin/test/helpers/random.js new file mode 100644 index 00000000..3adeed0a --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/random.js @@ -0,0 +1,19 @@ +const { ethers } = require('hardhat'); + +const generators = { + address: () => ethers.Wallet.createRandom().address, + bytes32: () => ethers.hexlify(ethers.randomBytes(32)), + uint256: () => ethers.toBigInt(ethers.randomBytes(32)), + int256: () => ethers.toBigInt(ethers.randomBytes(32)) + ethers.MinInt256, + hexBytes: length => ethers.hexlify(ethers.randomBytes(length)), +}; + +generators.address.zero = ethers.ZeroAddress; +generators.bytes32.zero = ethers.ZeroHash; +generators.uint256.zero = 0n; +generators.int256.zero = 0n; +generators.hexBytes.zero = '0x'; + +module.exports = { + generators, +}; diff --git a/dependencies/@openzeppelin/test/helpers/storage.js b/dependencies/@openzeppelin/test/helpers/storage.js new file mode 100644 index 00000000..a75a3060 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/storage.js @@ -0,0 +1,48 @@ +const { ethers } = require('hardhat'); +const { setStorageAt } = require('@nomicfoundation/hardhat-network-helpers'); + +const ImplementationLabel = 'eip1967.proxy.implementation'; +const AdminLabel = 'eip1967.proxy.admin'; +const BeaconLabel = 'eip1967.proxy.beacon'; + +const erc1967Slot = label => ethers.toBeHex(ethers.toBigInt(ethers.id(label)) - 1n); +const erc7201Slot = label => ethers.toBeHex(ethers.toBigInt(ethers.keccak256(erc1967Slot(label))) & ~0xffn); +const erc7201format = contractName => `openzeppelin.storage.${contractName}`; + +const getSlot = (address, slot) => + ethers.provider.getStorage(address, ethers.isBytesLike(slot) ? slot : erc1967Slot(slot)); + +const setSlot = (address, slot, value) => + Promise.all([ + ethers.isAddressable(address) ? address.getAddress() : Promise.resolve(address), + ethers.isAddressable(value) ? value.getAddress() : Promise.resolve(value), + ]).then(([address, value]) => setStorageAt(address, ethers.isBytesLike(slot) ? slot : erc1967Slot(slot), value)); + +const getAddressInSlot = (address, slot) => + getSlot(address, slot).then(slotValue => ethers.AbiCoder.defaultAbiCoder().decode(['address'], slotValue)[0]); + +const upgradeableSlot = (contractName, offset) => { + try { + // Try to get the artifact paths, will throw if it doesn't exist + artifacts._getArtifactPathSync(`${contractName}Upgradeable`); + return offset + ethers.toBigInt(erc7201Slot(erc7201format(contractName))); + } catch (_) { + return offset; + } +}; + +module.exports = { + ImplementationLabel, + AdminLabel, + BeaconLabel, + ImplementationSlot: erc1967Slot(ImplementationLabel), + AdminSlot: erc1967Slot(AdminLabel), + BeaconSlot: erc1967Slot(BeaconLabel), + erc1967Slot, + erc7201Slot, + erc7201format, + setSlot, + getSlot, + getAddressInSlot, + upgradeableSlot, +}; diff --git a/dependencies/@openzeppelin/test/helpers/strings.js b/dependencies/@openzeppelin/test/helpers/strings.js new file mode 100644 index 00000000..4f34099d --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/strings.js @@ -0,0 +1,5 @@ +module.exports = { + // Capitalize the first char of a string + // Example: capitalize('uint256') β†’ 'Uint256' + capitalize: str => str.charAt(0).toUpperCase() + str.slice(1), +}; diff --git a/dependencies/@openzeppelin/test/helpers/time.js b/dependencies/@openzeppelin/test/helpers/time.js new file mode 100644 index 00000000..f6ccc3ca --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/time.js @@ -0,0 +1,30 @@ +const { ethers } = require('hardhat'); +const { time, mine, mineUpTo } = require('@nomicfoundation/hardhat-network-helpers'); +const { mapValues } = require('./iterate'); + +const clock = { + blocknumber: () => time.latestBlock().then(ethers.toBigInt), + timestamp: () => time.latest().then(ethers.toBigInt), +}; +const clockFromReceipt = { + blocknumber: receipt => Promise.resolve(ethers.toBigInt(receipt.blockNumber)), + timestamp: receipt => ethers.provider.getBlock(receipt.blockNumber).then(block => ethers.toBigInt(block.timestamp)), +}; +const increaseBy = { + blockNumber: mine, + timestamp: (delay, mine = true) => + time.latest().then(clock => increaseTo.timestamp(clock + ethers.toNumber(delay), mine)), +}; +const increaseTo = { + blocknumber: mineUpTo, + timestamp: (to, mine = true) => (mine ? time.increaseTo(to) : time.setNextBlockTimestamp(to)), +}; +const duration = mapValues(time.duration, fn => n => ethers.toBigInt(fn(ethers.toNumber(n)))); + +module.exports = { + clock, + clockFromReceipt, + increaseBy, + increaseTo, + duration, +}; diff --git a/dependencies/@openzeppelin/test/helpers/txpool.js b/dependencies/@openzeppelin/test/helpers/txpool.js new file mode 100644 index 00000000..f01327b2 --- /dev/null +++ b/dependencies/@openzeppelin/test/helpers/txpool.js @@ -0,0 +1,29 @@ +const { network } = require('hardhat'); +const { expect } = require('chai'); +const { mine } = require('@nomicfoundation/hardhat-network-helpers'); + +const { unique } = require('./iterate'); + +async function batchInBlock(txs) { + try { + // disable auto-mining + await network.provider.send('evm_setAutomine', [false]); + // send all transactions + const responses = await Promise.all(txs.map(fn => fn())); + // mine one block + await mine(); + // fetch receipts + const receipts = await Promise.all(responses.map(response => response.wait())); + // Sanity check, all tx should be in the same block + expect(unique(receipts.map(receipt => receipt.blockNumber))).to.have.lengthOf(1); + // return responses + return receipts; + } finally { + // enable auto-mining + await network.provider.send('evm_setAutomine', [true]); + } +} + +module.exports = { + batchInBlock, +}; diff --git a/dependencies/@openzeppelin/test/metatx/ERC2771Context.test.js b/dependencies/@openzeppelin/test/metatx/ERC2771Context.test.js new file mode 100644 index 00000000..15da61da --- /dev/null +++ b/dependencies/@openzeppelin/test/metatx/ERC2771Context.test.js @@ -0,0 +1,133 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { impersonate } = require('../helpers/account'); +const { getDomain, ForwardRequest } = require('../helpers/eip712'); +const { MAX_UINT48 } = require('../helpers/constants'); + +const { shouldBehaveLikeRegularContext } = require('../utils/Context.behavior'); + +async function fixture() { + const [sender, other] = await ethers.getSigners(); + + const forwarder = await ethers.deployContract('ERC2771Forwarder', []); + const forwarderAsSigner = await impersonate(forwarder.target); + const context = await ethers.deployContract('ERC2771ContextMock', [forwarder]); + const domain = await getDomain(forwarder); + const types = { ForwardRequest }; + + return { sender, other, forwarder, forwarderAsSigner, context, domain, types }; +} + +describe('ERC2771Context', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('recognize trusted forwarder', async function () { + expect(await this.context.isTrustedForwarder(this.forwarder)).to.be.true; + }); + + it('returns the trusted forwarder', async function () { + expect(await this.context.trustedForwarder()).to.equal(this.forwarder); + }); + + describe('when called directly', function () { + shouldBehaveLikeRegularContext(); + }); + + describe('when receiving a relayed call', function () { + describe('msgSender', function () { + it('returns the relayed transaction original sender', async function () { + const nonce = await this.forwarder.nonces(this.sender); + const data = this.context.interface.encodeFunctionData('msgSender'); + + const req = { + from: await this.sender.getAddress(), + to: await this.context.getAddress(), + value: 0n, + data, + gas: 100000n, + nonce, + deadline: MAX_UINT48, + }; + + req.signature = await this.sender.signTypedData(this.domain, this.types, req); + + expect(await this.forwarder.verify(req)).to.be.true; + + await expect(this.forwarder.execute(req)).to.emit(this.context, 'Sender').withArgs(this.sender); + }); + + it('returns the original sender when calldata length is less than 20 bytes (address length)', async function () { + // The forwarder doesn't produce calls with calldata length less than 20 bytes so `this.forwarderAsSigner` is used instead. + await expect(this.context.connect(this.forwarderAsSigner).msgSender()) + .to.emit(this.context, 'Sender') + .withArgs(this.forwarder); + }); + }); + + describe('msgData', function () { + it('returns the relayed transaction original data', async function () { + const args = [42n, 'OpenZeppelin']; + + const nonce = await this.forwarder.nonces(this.sender); + const data = this.context.interface.encodeFunctionData('msgData', args); + + const req = { + from: await this.sender.getAddress(), + to: await this.context.getAddress(), + value: 0n, + data, + gas: 100000n, + nonce, + deadline: MAX_UINT48, + }; + + req.signature = this.sender.signTypedData(this.domain, this.types, req); + + expect(await this.forwarder.verify(req)).to.be.true; + + await expect(this.forwarder.execute(req)) + .to.emit(this.context, 'Data') + .withArgs(data, ...args); + }); + }); + + it('returns the full original data when calldata length is less than 20 bytes (address length)', async function () { + const data = this.context.interface.encodeFunctionData('msgDataShort'); + + // The forwarder doesn't produce calls with calldata length less than 20 bytes so `this.forwarderAsSigner` is used instead. + await expect(await this.context.connect(this.forwarderAsSigner).msgDataShort()) + .to.emit(this.context, 'DataShort') + .withArgs(data); + }); + }); + + it('multicall poison attack', async function () { + const nonce = await this.forwarder.nonces(this.sender); + const data = this.context.interface.encodeFunctionData('multicall', [ + [ + // poisonned call to 'msgSender()' + ethers.concat([this.context.interface.encodeFunctionData('msgSender'), this.other.address]), + ], + ]); + + const req = { + from: await this.sender.getAddress(), + to: await this.context.getAddress(), + value: 0n, + data, + gas: 100000n, + nonce, + deadline: MAX_UINT48, + }; + + req.signature = await this.sender.signTypedData(this.domain, this.types, req); + + expect(await this.forwarder.verify(req)).to.be.true; + + await expect(this.forwarder.execute(req)).to.emit(this.context, 'Sender').withArgs(this.sender); + }); +}); diff --git a/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.t.sol b/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.t.sol new file mode 100644 index 00000000..d69b4750 --- /dev/null +++ b/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.t.sol @@ -0,0 +1,165 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {ERC2771Forwarder} from "@openzeppelin/contracts/metatx/ERC2771Forwarder.sol"; +import {CallReceiverMockTrustingForwarder, CallReceiverMock} from "@openzeppelin/contracts/mocks/CallReceiverMock.sol"; + +struct ForwardRequest { + address from; + address to; + uint256 value; + uint256 gas; + uint256 nonce; + uint48 deadline; + bytes data; +} + +contract ERC2771ForwarderMock is ERC2771Forwarder { + constructor(string memory name) ERC2771Forwarder(name) {} + + function structHash(ForwardRequest calldata request) external view returns (bytes32) { + return + _hashTypedDataV4( + keccak256( + abi.encode( + _FORWARD_REQUEST_TYPEHASH, + request.from, + request.to, + request.value, + request.gas, + request.nonce, + request.deadline, + keccak256(request.data) + ) + ) + ); + } +} + +contract ERC2771ForwarderTest is Test { + ERC2771ForwarderMock internal _erc2771Forwarder; + CallReceiverMockTrustingForwarder internal _receiver; + + uint256 internal _signerPrivateKey; + uint256 internal _relayerPrivateKey; + + address internal _signer; + address internal _relayer; + + uint256 internal constant _MAX_ETHER = 10_000_000; // To avoid overflow + + function setUp() public { + _erc2771Forwarder = new ERC2771ForwarderMock("ERC2771Forwarder"); + _receiver = new CallReceiverMockTrustingForwarder(address(_erc2771Forwarder)); + + _signerPrivateKey = 0xA11CE; + _relayerPrivateKey = 0xB0B; + + _signer = vm.addr(_signerPrivateKey); + _relayer = vm.addr(_relayerPrivateKey); + } + + function _forgeRequestData( + uint256 value, + uint256 nonce, + uint48 deadline, + bytes memory data + ) private view returns (ERC2771Forwarder.ForwardRequestData memory) { + ForwardRequest memory request = ForwardRequest({ + from: _signer, + to: address(_receiver), + value: value, + gas: 30000, + nonce: nonce, + deadline: deadline, + data: data + }); + + bytes32 digest = _erc2771Forwarder.structHash(request); + (uint8 v, bytes32 r, bytes32 s) = vm.sign(_signerPrivateKey, digest); + bytes memory signature = abi.encodePacked(r, s, v); + + return + ERC2771Forwarder.ForwardRequestData({ + from: request.from, + to: request.to, + value: request.value, + gas: request.gas, + deadline: request.deadline, + data: request.data, + signature: signature + }); + } + + function testExecuteAvoidsETHStuck(uint256 initialBalance, uint256 value, bool targetReverts) public { + initialBalance = bound(initialBalance, 0, _MAX_ETHER); + value = bound(value, 0, _MAX_ETHER); + + vm.deal(address(_erc2771Forwarder), initialBalance); + + uint256 nonce = _erc2771Forwarder.nonces(_signer); + + vm.deal(address(this), value); + + ERC2771Forwarder.ForwardRequestData memory requestData = _forgeRequestData({ + value: value, + nonce: nonce, + deadline: uint48(block.timestamp + 1), + data: targetReverts + ? abi.encodeCall(CallReceiverMock.mockFunctionRevertsNoReason, ()) + : abi.encodeCall(CallReceiverMock.mockFunction, ()) + }); + + if (targetReverts) { + vm.expectRevert(); + } + + _erc2771Forwarder.execute{value: value}(requestData); + assertEq(address(_erc2771Forwarder).balance, initialBalance); + } + + function testExecuteBatchAvoidsETHStuck(uint256 initialBalance, uint256 batchSize, uint256 value) public { + batchSize = bound(batchSize, 1, 10); + initialBalance = bound(initialBalance, 0, _MAX_ETHER); + value = bound(value, 0, _MAX_ETHER); + + vm.deal(address(_erc2771Forwarder), initialBalance); + uint256 nonce = _erc2771Forwarder.nonces(_signer); + + ERC2771Forwarder.ForwardRequestData[] memory batchRequestDatas = new ERC2771Forwarder.ForwardRequestData[]( + batchSize + ); + + uint256 expectedRefund; + + for (uint256 i = 0; i < batchSize; ++i) { + bytes memory data; + bool succeed = uint256(keccak256(abi.encodePacked(initialBalance, i))) % 2 == 0; + + if (succeed) { + data = abi.encodeCall(CallReceiverMock.mockFunction, ()); + } else { + expectedRefund += value; + data = abi.encodeCall(CallReceiverMock.mockFunctionRevertsNoReason, ()); + } + + batchRequestDatas[i] = _forgeRequestData({ + value: value, + nonce: nonce + i, + deadline: uint48(block.timestamp + 1), + data: data + }); + } + + address payable refundReceiver = payable(address(0xebe)); + uint256 totalValue = value * batchSize; + + vm.deal(address(this), totalValue); + _erc2771Forwarder.executeBatch{value: totalValue}(batchRequestDatas, refundReceiver); + + assertEq(address(_erc2771Forwarder).balance, initialBalance); + assertEq(refundReceiver.balance, expectedRefund); + } +} diff --git a/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.test.js b/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.test.js new file mode 100644 index 00000000..8653ad70 --- /dev/null +++ b/dependencies/@openzeppelin/test/metatx/ERC2771Forwarder.test.js @@ -0,0 +1,461 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getDomain, ForwardRequest } = require('../helpers/eip712'); +const { sum } = require('../helpers/math'); +const time = require('../helpers/time'); + +async function fixture() { + const [sender, refundReceiver, another, ...accounts] = await ethers.getSigners(); + + const forwarder = await ethers.deployContract('ERC2771Forwarder', ['ERC2771Forwarder']); + const receiver = await ethers.deployContract('CallReceiverMockTrustingForwarder', [forwarder]); + const domain = await getDomain(forwarder); + const types = { ForwardRequest }; + + const forgeRequest = async (override = {}, signer = sender) => { + const req = { + from: await signer.getAddress(), + to: await receiver.getAddress(), + value: 0n, + data: receiver.interface.encodeFunctionData('mockFunction'), + gas: 100000n, + deadline: (await time.clock.timestamp()) + 60n, + nonce: await forwarder.nonces(sender), + ...override, + }; + req.signature = await signer.signTypedData(domain, types, req); + return req; + }; + + const estimateRequest = request => + ethers.provider.estimateGas({ + from: forwarder, + to: request.to, + data: ethers.solidityPacked(['bytes', 'address'], [request.data, request.from]), + value: request.value, + gasLimit: request.gas, + }); + + return { + sender, + refundReceiver, + another, + accounts, + forwarder, + receiver, + forgeRequest, + estimateRequest, + domain, + types, + }; +} + +// values or function to tamper with a signed request. +const tamperedValues = { + from: ethers.Wallet.createRandom().address, + to: ethers.Wallet.createRandom().address, + value: ethers.parseEther('0.5'), + data: '0x1742', + signature: s => { + const t = ethers.toBeArray(s); + t[42] ^= 0xff; + return ethers.hexlify(t); + }, +}; + +describe('ERC2771Forwarder', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('verify', function () { + describe('with valid signature', function () { + it('returns true without altering the nonce', async function () { + const request = await this.forgeRequest(); + expect(await this.forwarder.nonces(request.from)).to.equal(request.nonce); + expect(await this.forwarder.verify(request)).to.be.true; + expect(await this.forwarder.nonces(request.from)).to.equal(request.nonce); + }); + }); + + describe('with tampered values', function () { + for (const [key, value] of Object.entries(tamperedValues)) { + it(`returns false with tampered ${key}`, async function () { + const request = await this.forgeRequest(); + request[key] = typeof value == 'function' ? value(request[key]) : value; + + expect(await this.forwarder.verify(request)).to.be.false; + }); + } + + it('returns false with valid signature for non-current nonce', async function () { + const request = await this.forgeRequest({ nonce: 1337n }); + expect(await this.forwarder.verify(request)).to.be.false; + }); + + it('returns false with valid signature for expired deadline', async function () { + const request = await this.forgeRequest({ deadline: (await time.clock.timestamp()) - 1n }); + expect(await this.forwarder.verify(request)).to.be.false; + }); + }); + }); + + describe('execute', function () { + describe('with valid requests', function () { + it('emits an event and consumes nonce for a successful request', async function () { + const request = await this.forgeRequest(); + + expect(await this.forwarder.nonces(request.from)).to.equal(request.nonce); + + await expect(this.forwarder.execute(request)) + .to.emit(this.receiver, 'MockFunctionCalled') + .to.emit(this.forwarder, 'ExecutedForwardRequest') + .withArgs(request.from, request.nonce, true); + + expect(await this.forwarder.nonces(request.from)).to.equal(request.nonce + 1n); + }); + + it('reverts with an unsuccessful request', async function () { + const request = await this.forgeRequest({ + data: this.receiver.interface.encodeFunctionData('mockFunctionRevertsNoReason'), + }); + + await expect(this.forwarder.execute(request)).to.be.revertedWithCustomError(this.forwarder, 'FailedCall'); + }); + }); + + describe('with tampered request', function () { + for (const [key, value] of Object.entries(tamperedValues)) { + it(`reverts with tampered ${key}`, async function () { + const request = await this.forgeRequest(); + request[key] = typeof value == 'function' ? value(request[key]) : value; + + const promise = this.forwarder.execute(request, { value: key == 'value' ? value : 0 }); + if (key != 'to') { + await expect(promise) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderInvalidSigner') + .withArgs(ethers.verifyTypedData(this.domain, this.types, request, request.signature), request.from); + } else { + await expect(promise) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771UntrustfulTarget') + .withArgs(request.to, this.forwarder); + } + }); + } + + it('reverts with valid signature for non-current nonce', async function () { + const request = await this.forgeRequest(); + + // consume nonce + await this.forwarder.execute(request); + + // nonce has changed + await expect(this.forwarder.execute(request)) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderInvalidSigner') + .withArgs( + ethers.verifyTypedData( + this.domain, + this.types, + { ...request, nonce: request.nonce + 1n }, + request.signature, + ), + request.from, + ); + }); + + it('reverts with valid signature for expired deadline', async function () { + const request = await this.forgeRequest({ deadline: (await time.clock.timestamp()) - 1n }); + + await expect(this.forwarder.execute(request)) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderExpiredRequest') + .withArgs(request.deadline); + }); + + it('reverts with valid signature but mismatched value', async function () { + const request = await this.forgeRequest({ value: 100n }); + + await expect(this.forwarder.execute(request)) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderMismatchedValue') + .withArgs(request.value, 0n); + }); + }); + + it('bubbles out of gas', async function () { + const request = await this.forgeRequest({ + data: this.receiver.interface.encodeFunctionData('mockFunctionOutOfGas'), + gas: 1_000_000n, + }); + + const gasLimit = 100_000n; + await expect(this.forwarder.execute(request, { gasLimit })).to.be.revertedWithoutReason(); + + const { gasUsed } = await ethers.provider + .getBlock('latest') + .then(block => block.getTransaction(0)) + .then(tx => ethers.provider.getTransactionReceipt(tx.hash)); + + expect(gasUsed).to.equal(gasLimit); + }); + + it('bubbles out of gas forced by the relayer', async function () { + const request = await this.forgeRequest(); + + // If there's an incentive behind executing requests, a malicious relayer could grief + // the forwarder by executing requests and providing a top-level call gas limit that + // is too low to successfully finish the request after the 63/64 rule. + + // We set the baseline to the gas limit consumed by a successful request if it was executed + // normally. Note this includes the 21000 buffer that also the relayer will be charged to + // start a request execution. + const estimate = await this.estimateRequest(request); + + // Because the relayer call consumes gas until the `CALL` opcode, the gas left after failing + // the subcall won't enough to finish the top level call (after testing), so we add a + // moderated buffer. + const gasLimit = estimate + 2_000n; + + // The subcall out of gas should be caught by the contract and then bubbled up consuming + // the available gas with an `invalid` opcode. + await expect(this.forwarder.execute(request, { gasLimit })).to.be.revertedWithoutReason(); + + const { gasUsed } = await ethers.provider + .getBlock('latest') + .then(block => block.getTransaction(0)) + .then(tx => ethers.provider.getTransactionReceipt(tx.hash)); + + // We assert that indeed the gas was totally consumed. + expect(gasUsed).to.equal(gasLimit); + }); + }); + + describe('executeBatch', function () { + const requestsValue = requests => sum(...requests.map(request => request.value)); + const requestCount = 3; + const idx = 1; // index that will be tampered with + + beforeEach(async function () { + this.forgeRequests = override => + Promise.all(this.accounts.slice(0, requestCount).map(signer => this.forgeRequest(override, signer))); + this.requests = await this.forgeRequests({ value: 10n }); + this.value = requestsValue(this.requests); + }); + + describe('with valid requests', function () { + it('sanity', async function () { + for (const request of this.requests) { + expect(await this.forwarder.verify(request)).to.be.true; + } + }); + + it('emits events', async function () { + const receipt = this.forwarder.executeBatch(this.requests, this.another, { value: this.value }); + + for (const request of this.requests) { + await expect(receipt) + .to.emit(this.receiver, 'MockFunctionCalled') + .to.emit(this.forwarder, 'ExecutedForwardRequest') + .withArgs(request.from, request.nonce, true); + } + }); + + it('increase nonces', async function () { + await this.forwarder.executeBatch(this.requests, this.another, { value: this.value }); + + for (const request of this.requests) { + expect(await this.forwarder.nonces(request.from)).to.equal(request.nonce + 1n); + } + }); + }); + + describe('with tampered requests', function () { + it('reverts with mismatched value', async function () { + // tamper value of one of the request + resign + this.requests[idx] = await this.forgeRequest({ value: 100n }, this.accounts[1]); + + await expect(this.forwarder.executeBatch(this.requests, this.another, { value: this.value })) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderMismatchedValue') + .withArgs(requestsValue(this.requests), this.value); + }); + + describe('when the refund receiver is the zero address', function () { + beforeEach(function () { + this.refundReceiver = ethers.ZeroAddress; + }); + + for (const [key, value] of Object.entries(tamperedValues)) { + it(`reverts with at least one tampered request ${key}`, async function () { + this.requests[idx][key] = typeof value == 'function' ? value(this.requests[idx][key]) : value; + + const promise = this.forwarder.executeBatch(this.requests, this.refundReceiver, { value: this.value }); + if (key != 'to') { + await expect(promise) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderInvalidSigner') + .withArgs( + ethers.verifyTypedData(this.domain, this.types, this.requests[idx], this.requests[idx].signature), + this.requests[idx].from, + ); + } else { + await expect(promise) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771UntrustfulTarget') + .withArgs(this.requests[idx].to, this.forwarder); + } + }); + } + + it('reverts with at least one valid signature for non-current nonce', async function () { + // Execute first a request + await this.forwarder.execute(this.requests[idx], { value: this.requests[idx].value }); + + // And then fail due to an already used nonce + await expect(this.forwarder.executeBatch(this.requests, this.refundReceiver, { value: this.value })) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderInvalidSigner') + .withArgs( + ethers.verifyTypedData( + this.domain, + this.types, + { ...this.requests[idx], nonce: this.requests[idx].nonce + 1n }, + this.requests[idx].signature, + ), + this.requests[idx].from, + ); + }); + + it('reverts with at least one valid signature for expired deadline', async function () { + this.requests[idx] = await this.forgeRequest( + { ...this.requests[idx], deadline: (await time.clock.timestamp()) - 1n }, + this.accounts[1], + ); + + await expect(this.forwarder.executeBatch(this.requests, this.refundReceiver, { value: this.amount })) + .to.be.revertedWithCustomError(this.forwarder, 'ERC2771ForwarderExpiredRequest') + .withArgs(this.requests[idx].deadline); + }); + }); + + describe('when the refund receiver is a known address', function () { + beforeEach(async function () { + this.initialRefundReceiverBalance = await ethers.provider.getBalance(this.refundReceiver); + this.initialTamperedRequestNonce = await this.forwarder.nonces(this.requests[idx].from); + }); + + for (const [key, value] of Object.entries(tamperedValues)) { + it(`ignores a request with tampered ${key} and refunds its value`, async function () { + this.requests[idx][key] = typeof value == 'function' ? value(this.requests[idx][key]) : value; + + const events = await this.forwarder + .executeBatch(this.requests, this.refundReceiver, { value: requestsValue(this.requests) }) + .then(tx => tx.wait()) + .then(receipt => + receipt.logs.filter( + log => log?.fragment?.type == 'event' && log?.fragment?.name == 'ExecutedForwardRequest', + ), + ); + + expect(events).to.have.lengthOf(this.requests.length - 1); + }); + } + + it('ignores a request with a valid signature for non-current nonce', async function () { + // Execute first a request + await this.forwarder.execute(this.requests[idx], { value: this.requests[idx].value }); + this.initialTamperedRequestNonce++; // Should be already incremented by the individual `execute` + + // And then ignore the same request in a batch due to an already used nonce + const events = await this.forwarder + .executeBatch(this.requests, this.refundReceiver, { value: this.value }) + .then(tx => tx.wait()) + .then(receipt => + receipt.logs.filter( + log => log?.fragment?.type == 'event' && log?.fragment?.name == 'ExecutedForwardRequest', + ), + ); + + expect(events).to.have.lengthOf(this.requests.length - 1); + }); + + it('ignores a request with a valid signature for expired deadline', async function () { + this.requests[idx] = await this.forgeRequest( + { ...this.requests[idx], deadline: (await time.clock.timestamp()) - 1n }, + this.accounts[1], + ); + + const events = await this.forwarder + .executeBatch(this.requests, this.refundReceiver, { value: this.value }) + .then(tx => tx.wait()) + .then(receipt => + receipt.logs.filter( + log => log?.fragment?.type == 'event' && log?.fragment?.name == 'ExecutedForwardRequest', + ), + ); + + expect(events).to.have.lengthOf(this.requests.length - 1); + }); + + afterEach(async function () { + // The invalid request value was refunded + expect(await ethers.provider.getBalance(this.refundReceiver)).to.equal( + this.initialRefundReceiverBalance + this.requests[idx].value, + ); + + // The invalid request from's nonce was not incremented + expect(await this.forwarder.nonces(this.requests[idx].from)).to.equal(this.initialTamperedRequestNonce); + }); + }); + + it('bubbles out of gas', async function () { + this.requests[idx] = await this.forgeRequest({ + data: this.receiver.interface.encodeFunctionData('mockFunctionOutOfGas'), + gas: 1_000_000n, + }); + + const gasLimit = 300_000n; + await expect( + this.forwarder.executeBatch(this.requests, ethers.ZeroAddress, { + gasLimit, + value: requestsValue(this.requests), + }), + ).to.be.revertedWithoutReason(); + + const { gasUsed } = await ethers.provider + .getBlock('latest') + .then(block => block.getTransaction(0)) + .then(tx => ethers.provider.getTransactionReceipt(tx.hash)); + + expect(gasUsed).to.equal(gasLimit); + }); + + it('bubbles out of gas forced by the relayer', async function () { + // Similarly to the single execute, a malicious relayer could grief requests. + + // We estimate until the selected request as if they were executed normally + const estimate = await Promise.all(this.requests.slice(0, idx + 1).map(this.estimateRequest)).then(gas => + sum(...gas), + ); + + // We add a Buffer to account for all the gas that's used before the selected call. + // Note is slightly bigger because the selected request is not the index 0 and it affects + // the buffer needed. + const gasLimit = estimate + 10_000n; + + // The subcall out of gas should be caught by the contract and then bubbled up consuming + // the available gas with an `invalid` opcode. + await expect( + this.forwarder.executeBatch(this.requests, ethers.ZeroAddress, { + gasLimit, + value: requestsValue(this.requests), + }), + ).to.be.revertedWithoutReason(); + + const { gasUsed } = await ethers.provider + .getBlock('latest') + .then(block => block.getTransaction(0)) + .then(tx => ethers.provider.getTransactionReceipt(tx.hash)); + + // We assert that indeed the gas was totally consumed. + expect(gasUsed).to.equal(gasLimit); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/Clones.behaviour.js b/dependencies/@openzeppelin/test/proxy/Clones.behaviour.js new file mode 100644 index 00000000..dcc62066 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/Clones.behaviour.js @@ -0,0 +1,160 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +module.exports = function shouldBehaveLikeClone() { + const assertProxyInitialization = function ({ value, balance }) { + it('initializes the proxy', async function () { + const dummy = await ethers.getContractAt('DummyImplementation', this.proxy); + expect(await dummy.value()).to.equal(value); + }); + + it('has expected balance', async function () { + expect(await ethers.provider.getBalance(this.proxy)).to.equal(balance); + }); + }; + + describe('construct with value', function () { + const value = 10n; + + it('factory has enough balance', async function () { + await this.deployer.sendTransaction({ to: this.factory, value }); + + const instance = await this.createClone({ deployValue: value }); + await expect(instance.deploymentTransaction()).to.changeEtherBalances([this.factory, instance], [-value, value]); + + expect(await ethers.provider.getBalance(instance)).to.equal(value); + }); + + it('factory does not have enough balance', async function () { + await expect(this.createClone({ deployValue: value })) + .to.be.revertedWithCustomError(this.factory, 'InsufficientBalance') + .withArgs(0n, value); + }); + }); + + describe('initialization without parameters', function () { + describe('non payable', function () { + const expectedInitializedValue = 10n; + + beforeEach(async function () { + this.initializeData = await this.implementation.interface.encodeFunctionData('initializeNonPayable'); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 6n; + + it('reverts', async function () { + await expect(this.createClone({ initData: this.initializeData, initValue: value })).to.be.reverted; + }); + }); + }); + + describe('payable', function () { + const expectedInitializedValue = 100n; + + beforeEach(async function () { + this.initializeData = await this.implementation.interface.encodeFunctionData('initializePayable'); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 6n; + + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData, initValue: value }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: value, + }); + }); + }); + }); + + describe('initialization with parameters', function () { + describe('non payable', function () { + const expectedInitializedValue = 10n; + + beforeEach(async function () { + this.initializeData = await this.implementation.interface.encodeFunctionData('initializeNonPayableWithValue', [ + expectedInitializedValue, + ]); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 6n; + + it('reverts', async function () { + await expect(this.createClone({ initData: this.initializeData, initValue: value })).to.be.reverted; + }); + }); + }); + + describe('payable', function () { + const expectedInitializedValue = 42n; + + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('initializePayableWithValue', [ + expectedInitializedValue, + ]); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 6n; + + beforeEach('creating proxy', async function () { + this.proxy = await this.createClone({ initData: this.initializeData, initValue: value }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: value, + }); + }); + }); + }); +}; diff --git a/dependencies/@openzeppelin/test/proxy/Clones.t.sol b/dependencies/@openzeppelin/test/proxy/Clones.t.sol new file mode 100644 index 00000000..e589ba90 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/Clones.t.sol @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol"; + +contract ClonesTest is Test { + function getNumber() external pure returns (uint256) { + return 42; + } + + function testSymbolicPredictDeterministicAddressSpillage(address implementation, bytes32 salt) public { + address predicted = Clones.predictDeterministicAddress(implementation, salt); + bytes32 spillage; + assembly ("memory-safe") { + spillage := and(predicted, 0xffffffffffffffffffffffff0000000000000000000000000000000000000000) + } + assertEq(spillage, bytes32(0)); + } + + function testSymbolicPredictDeterministicAddressWithImmutableArgsSpillage( + address implementation, + bytes32 salt, + bytes memory args + ) public { + vm.assume(args.length < 0xbfd3); + + address predicted = Clones.predictDeterministicAddressWithImmutableArgs(implementation, args, salt); + bytes32 spillage; + /// @solidity memory-safe-assembly + assembly { + spillage := and(predicted, 0xffffffffffffffffffffffff0000000000000000000000000000000000000000) + } + assertEq(spillage, bytes32(0)); + } + + function testCloneDirty() external { + address cloneClean = Clones.clone(address(this)); + address cloneDirty = Clones.clone(_dirty(address(this))); + + // both clones have the same code + assertEq(cloneClean.code, cloneDirty.code); + + // both clones behave as expected + assertEq(ClonesTest(cloneClean).getNumber(), this.getNumber()); + assertEq(ClonesTest(cloneDirty).getNumber(), this.getNumber()); + } + + function testCloneDeterministicDirty(bytes32 salt) external { + address cloneClean = Clones.cloneDeterministic(address(this), salt); + address cloneDirty = Clones.cloneDeterministic(_dirty(address(this)), ~salt); + + // both clones have the same code + assertEq(cloneClean.code, cloneDirty.code); + + // both clones behave as expected + assertEq(ClonesTest(cloneClean).getNumber(), this.getNumber()); + assertEq(ClonesTest(cloneDirty).getNumber(), this.getNumber()); + } + + function testPredictDeterministicAddressDirty(bytes32 salt) external { + address predictClean = Clones.predictDeterministicAddress(address(this), salt); + address predictDirty = Clones.predictDeterministicAddress(_dirty(address(this)), salt); + + //prediction should be similar + assertEq(predictClean, predictDirty); + } + + function testFetchCloneArgs(bytes memory args, bytes32 salt) external { + vm.assume(args.length < 0xbfd3); + + address instance1 = Clones.cloneWithImmutableArgs(address(this), args); + address instance2 = Clones.cloneDeterministicWithImmutableArgs(address(this), args, salt); + + // both clones have the same code + assertEq(instance1.code, instance2.code); + + // both clones behave as expected and args can be fetched + assertEq(ClonesTest(instance1).getNumber(), this.getNumber()); + assertEq(ClonesTest(instance2).getNumber(), this.getNumber()); + assertEq(Clones.fetchCloneArgs(instance1), args); + assertEq(Clones.fetchCloneArgs(instance2), args); + } + + function _dirty(address input) private pure returns (address output) { + assembly ("memory-safe") { + output := or(input, shl(160, not(0))) + } + } +} diff --git a/dependencies/@openzeppelin/test/proxy/Clones.test.js b/dependencies/@openzeppelin/test/proxy/Clones.test.js new file mode 100644 index 00000000..0706c6f8 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/Clones.test.js @@ -0,0 +1,175 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { generators } = require('../helpers/random'); + +const shouldBehaveLikeClone = require('./Clones.behaviour'); + +const cloneInitCode = (instance, args = undefined) => + args + ? ethers.concat([ + '0x61', + ethers.toBeHex(0x2d + ethers.getBytes(args).length, 2), + '0x3d81600a3d39f3363d3d373d3d3d363d73', + instance.target ?? instance.address ?? instance, + '0x5af43d82803e903d91602b57fd5bf3', + args, + ]) + : ethers.concat([ + '0x3d602d80600a3d3981f3363d3d373d3d3d363d73', + instance.target ?? instance.address ?? instance, + '0x5af43d82803e903d91602b57fd5bf3', + ]); + +async function fixture() { + const [deployer] = await ethers.getSigners(); + + const factory = await ethers.deployContract('$Clones'); + const implementation = await ethers.deployContract('DummyImplementation'); + + const newClone = + args => + async (opts = {}) => { + const clone = await (args + ? factory.$cloneWithImmutableArgs.staticCall(implementation, args) + : factory.$clone.staticCall(implementation) + ).then(address => implementation.attach(address)); + const tx = await (args + ? opts.deployValue + ? factory.$cloneWithImmutableArgs(implementation, args, ethers.Typed.uint256(opts.deployValue)) + : factory.$cloneWithImmutableArgs(implementation, args) + : opts.deployValue + ? factory.$clone(implementation, ethers.Typed.uint256(opts.deployValue)) + : factory.$clone(implementation)); + if (opts.initData || opts.initValue) { + await deployer.sendTransaction({ to: clone, value: opts.initValue ?? 0n, data: opts.initData ?? '0x' }); + } + return Object.assign(clone, { deploymentTransaction: () => tx }); + }; + + const newCloneDeterministic = + args => + async (opts = {}) => { + const salt = opts.salt ?? ethers.randomBytes(32); + const clone = await (args + ? factory.$cloneDeterministicWithImmutableArgs.staticCall(implementation, args, salt) + : factory.$cloneDeterministic.staticCall(implementation, salt) + ).then(address => implementation.attach(address)); + const tx = await (args + ? opts.deployValue + ? factory.$cloneDeterministicWithImmutableArgs( + implementation, + args, + salt, + ethers.Typed.uint256(opts.deployValue), + ) + : factory.$cloneDeterministicWithImmutableArgs(implementation, args, salt) + : opts.deployValue + ? factory.$cloneDeterministic(implementation, salt, ethers.Typed.uint256(opts.deployValue)) + : factory.$cloneDeterministic(implementation, salt)); + if (opts.initData || opts.initValue) { + await deployer.sendTransaction({ to: clone, value: opts.initValue ?? 0n, data: opts.initData ?? '0x' }); + } + return Object.assign(clone, { deploymentTransaction: () => tx }); + }; + + return { deployer, factory, implementation, newClone, newCloneDeterministic }; +} + +describe('Clones', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const args of [undefined, '0x', '0x11223344']) { + describe(args ? `with immutable args: ${args}` : 'without immutable args', function () { + describe('clone', function () { + beforeEach(async function () { + this.createClone = this.newClone(args); + }); + + shouldBehaveLikeClone(); + + it('get immutable arguments', async function () { + const instance = await this.createClone(); + expect(await this.factory.$fetchCloneArgs(instance)).to.equal(args ?? '0x'); + }); + }); + + describe('cloneDeterministic', function () { + beforeEach(async function () { + this.createClone = this.newCloneDeterministic(args); + }); + + shouldBehaveLikeClone(); + + it('get immutable arguments', async function () { + const instance = await this.createClone(); + expect(await this.factory.$fetchCloneArgs(instance)).to.equal(args ?? '0x'); + }); + + it('revert if address already used', async function () { + const salt = ethers.randomBytes(32); + + const deployClone = () => + args + ? this.factory.$cloneDeterministicWithImmutableArgs(this.implementation, args, salt) + : this.factory.$cloneDeterministic(this.implementation, salt); + + // deploy once + await expect(deployClone()).to.not.be.reverted; + + // deploy twice + await expect(deployClone()).to.be.revertedWithCustomError(this.factory, 'FailedDeployment'); + }); + + it('address prediction', async function () { + const salt = ethers.randomBytes(32); + + const expected = ethers.getCreate2Address( + this.factory.target, + salt, + ethers.keccak256(cloneInitCode(this.implementation, args)), + ); + + if (args) { + const predicted = await this.factory.$predictDeterministicAddressWithImmutableArgs( + this.implementation, + args, + salt, + ); + expect(predicted).to.equal(expected); + + await expect(this.factory.$cloneDeterministicWithImmutableArgs(this.implementation, args, salt)) + .to.emit(this.factory, 'return$cloneDeterministicWithImmutableArgs_address_bytes_bytes32') + .withArgs(predicted); + } else { + const predicted = await this.factory.$predictDeterministicAddress(this.implementation, salt); + expect(predicted).to.equal(expected); + + await expect(this.factory.$cloneDeterministic(this.implementation, salt)) + .to.emit(this.factory, 'return$cloneDeterministic_address_bytes32') + .withArgs(predicted); + } + }); + }); + }); + } + + it('EIP-170 limit on immutable args', async function () { + // EIP-170 limits the contract code size to 0x6000 + // This limits the length of immutable args to 0x5fd3 + const args = generators.hexBytes(0x5fd4); + const salt = ethers.randomBytes(32); + + await expect( + this.factory.$predictDeterministicAddressWithImmutableArgs(this.implementation, args, salt), + ).to.be.revertedWithCustomError(this.factory, 'CloneArgumentsTooLong'); + + await expect(this.factory.$cloneWithImmutableArgs(this.implementation, args)).to.be.revertedWithCustomError( + this.factory, + 'CloneArgumentsTooLong', + ); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Proxy.test.js b/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Proxy.test.js new file mode 100644 index 00000000..b2228004 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Proxy.test.js @@ -0,0 +1,23 @@ +const { ethers } = require('hardhat'); + +const shouldBehaveLikeProxy = require('../Proxy.behaviour'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const fixture = async () => { + const [nonContractAddress] = await ethers.getSigners(); + + const implementation = await ethers.deployContract('DummyImplementation'); + + const createProxy = (implementation, initData, opts) => + ethers.deployContract('ERC1967Proxy', [implementation, initData], opts); + + return { nonContractAddress, implementation, createProxy }; +}; + +describe('ERC1967Proxy', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeProxy(); +}); diff --git a/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Utils.test.js b/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Utils.test.js new file mode 100644 index 00000000..08903249 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/ERC1967/ERC1967Utils.test.js @@ -0,0 +1,162 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getAddressInSlot, setSlot, ImplementationSlot, AdminSlot, BeaconSlot } = require('../../helpers/storage'); + +async function fixture() { + const [, admin, anotherAccount] = await ethers.getSigners(); + + const utils = await ethers.deployContract('$ERC1967Utils'); + const v1 = await ethers.deployContract('DummyImplementation'); + const v2 = await ethers.deployContract('CallReceiverMock'); + + return { admin, anotherAccount, utils, v1, v2 }; +} + +describe('ERC1967Utils', function () { + beforeEach('setup', async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('IMPLEMENTATION_SLOT', function () { + beforeEach('set v1 implementation', async function () { + await setSlot(this.utils, ImplementationSlot, this.v1); + }); + + describe('getImplementation', function () { + it('returns current implementation and matches implementation slot value', async function () { + expect(await this.utils.$getImplementation()).to.equal(this.v1); + expect(await getAddressInSlot(this.utils, ImplementationSlot)).to.equal(this.v1); + }); + }); + + describe('upgradeToAndCall', function () { + it('sets implementation in storage and emits event', async function () { + const newImplementation = this.v2; + const tx = await this.utils.$upgradeToAndCall(newImplementation, '0x'); + + expect(await getAddressInSlot(this.utils, ImplementationSlot)).to.equal(newImplementation); + await expect(tx).to.emit(this.utils, 'Upgraded').withArgs(newImplementation); + }); + + it('reverts when implementation does not contain code', async function () { + await expect(this.utils.$upgradeToAndCall(this.anotherAccount, '0x')) + .to.be.revertedWithCustomError(this.utils, 'ERC1967InvalidImplementation') + .withArgs(this.anotherAccount); + }); + + describe('when data is empty', function () { + it('reverts when value is sent', async function () { + await expect(this.utils.$upgradeToAndCall(this.v2, '0x', { value: 1 })).to.be.revertedWithCustomError( + this.utils, + 'ERC1967NonPayable', + ); + }); + }); + + describe('when data is not empty', function () { + it('delegates a call to the new implementation', async function () { + const initializeData = this.v2.interface.encodeFunctionData('mockFunction'); + const tx = await this.utils.$upgradeToAndCall(this.v2, initializeData); + await expect(tx).to.emit(await ethers.getContractAt('CallReceiverMock', this.utils), 'MockFunctionCalled'); + }); + }); + }); + }); + + describe('ADMIN_SLOT', function () { + beforeEach('set admin', async function () { + await setSlot(this.utils, AdminSlot, this.admin); + }); + + describe('getAdmin', function () { + it('returns current admin and matches admin slot value', async function () { + expect(await this.utils.$getAdmin()).to.equal(this.admin); + expect(await getAddressInSlot(this.utils, AdminSlot)).to.equal(this.admin); + }); + }); + + describe('changeAdmin', function () { + it('sets admin in storage and emits event', async function () { + const newAdmin = this.anotherAccount; + const tx = await this.utils.$changeAdmin(newAdmin); + + expect(await getAddressInSlot(this.utils, AdminSlot)).to.equal(newAdmin); + await expect(tx).to.emit(this.utils, 'AdminChanged').withArgs(this.admin, newAdmin); + }); + + it('reverts when setting the address zero as admin', async function () { + await expect(this.utils.$changeAdmin(ethers.ZeroAddress)) + .to.be.revertedWithCustomError(this.utils, 'ERC1967InvalidAdmin') + .withArgs(ethers.ZeroAddress); + }); + }); + }); + + describe('BEACON_SLOT', function () { + beforeEach('set beacon', async function () { + this.beacon = await ethers.deployContract('UpgradeableBeaconMock', [this.v1]); + await setSlot(this.utils, BeaconSlot, this.beacon); + }); + + describe('getBeacon', function () { + it('returns current beacon and matches beacon slot value', async function () { + expect(await this.utils.$getBeacon()).to.equal(this.beacon); + expect(await getAddressInSlot(this.utils, BeaconSlot)).to.equal(this.beacon); + }); + }); + + describe('upgradeBeaconToAndCall', function () { + it('sets beacon in storage and emits event', async function () { + const newBeacon = await ethers.deployContract('UpgradeableBeaconMock', [this.v2]); + const tx = await this.utils.$upgradeBeaconToAndCall(newBeacon, '0x'); + + expect(await getAddressInSlot(this.utils, BeaconSlot)).to.equal(newBeacon); + await expect(tx).to.emit(this.utils, 'BeaconUpgraded').withArgs(newBeacon); + }); + + it('reverts when beacon does not contain code', async function () { + await expect(this.utils.$upgradeBeaconToAndCall(this.anotherAccount, '0x')) + .to.be.revertedWithCustomError(this.utils, 'ERC1967InvalidBeacon') + .withArgs(this.anotherAccount); + }); + + it("reverts when beacon's implementation does not contain code", async function () { + const newBeacon = await ethers.deployContract('UpgradeableBeaconMock', [this.anotherAccount]); + + await expect(this.utils.$upgradeBeaconToAndCall(newBeacon, '0x')) + .to.be.revertedWithCustomError(this.utils, 'ERC1967InvalidImplementation') + .withArgs(this.anotherAccount); + }); + + describe('when data is empty', function () { + it('reverts when value is sent', async function () { + const newBeacon = await ethers.deployContract('UpgradeableBeaconMock', [this.v2]); + await expect(this.utils.$upgradeBeaconToAndCall(newBeacon, '0x', { value: 1 })).to.be.revertedWithCustomError( + this.utils, + 'ERC1967NonPayable', + ); + }); + }); + + describe('when data is not empty', function () { + it('delegates a call to the new implementation', async function () { + const initializeData = this.v2.interface.encodeFunctionData('mockFunction'); + const newBeacon = await ethers.deployContract('UpgradeableBeaconMock', [this.v2]); + const tx = await this.utils.$upgradeBeaconToAndCall(newBeacon, initializeData); + await expect(tx).to.emit(await ethers.getContractAt('CallReceiverMock', this.utils), 'MockFunctionCalled'); + }); + }); + + describe('reentrant beacon implementation() call', function () { + it('sees the new beacon implementation', async function () { + const newBeacon = await ethers.deployContract('UpgradeableBeaconReentrantMock'); + await expect(this.utils.$upgradeBeaconToAndCall(newBeacon, '0x')) + .to.be.revertedWithCustomError(newBeacon, 'BeaconProxyBeaconSlotAddress') + .withArgs(newBeacon); + }); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/Proxy.behaviour.js b/dependencies/@openzeppelin/test/proxy/Proxy.behaviour.js new file mode 100644 index 00000000..f459c092 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/Proxy.behaviour.js @@ -0,0 +1,185 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const { getAddressInSlot, ImplementationSlot } = require('../helpers/storage'); + +module.exports = function shouldBehaveLikeProxy() { + it('cannot be initialized with a non-contract address', async function () { + const initializeData = '0x'; + const contractFactory = await ethers.getContractFactory('ERC1967Proxy'); + await expect(this.createProxy(this.nonContractAddress, initializeData)) + .to.be.revertedWithCustomError(contractFactory, 'ERC1967InvalidImplementation') + .withArgs(this.nonContractAddress); + }); + + const assertProxyInitialization = function ({ value, balance }) { + it('sets the implementation address', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.implementation); + }); + + it('initializes the proxy', async function () { + const dummy = this.implementation.attach(this.proxy); + expect(await dummy.value()).to.equal(value); + }); + + it('has expected balance', async function () { + expect(await ethers.provider.getBalance(this.proxy)).to.equal(balance); + }); + }; + + describe('without initialization', function () { + const initializeData = '0x'; + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, initializeData); + }); + + assertProxyInitialization({ value: 0n, balance: 0n }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 5n; + + it('reverts', async function () { + await expect(this.createProxy(this.implementation, initializeData, { value })).to.be.reverted; + }); + }); + }); + + describe('initialization without parameters', function () { + describe('non payable', function () { + const expectedInitializedValue = 10n; + + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('initializeNonPayable'); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0n, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 5n; + + it('reverts', async function () { + await expect(this.createProxy(this.implementation, this.initializeData, { value })).to.be.reverted; + }); + }); + }); + + describe('payable', function () { + const expectedInitializedValue = 100n; + + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('initializePayable'); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0n, + }); + }); + + describe('when sending some balance', function () { + const value = 10e5; + + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData, { value }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: value, + }); + }); + }); + }); + + describe('initialization with parameters', function () { + describe('non payable', function () { + const expectedInitializedValue = 10n; + + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('initializeNonPayableWithValue', [ + expectedInitializedValue, + ]); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0, + }); + }); + + describe('when sending some balance', function () { + const value = 10e5; + + it('reverts', async function () { + await expect(this.createProxy(this.implementation, this.initializeData, { value })).to.be.reverted; + }); + }); + }); + + describe('payable', function () { + const expectedInitializedValue = 42n; + + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('initializePayableWithValue', [ + expectedInitializedValue, + ]); + }); + + describe('when not sending balance', function () { + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: 0n, + }); + }); + + describe('when sending some balance', function () { + const value = 10n ** 5n; + + beforeEach('creating proxy', async function () { + this.proxy = await this.createProxy(this.implementation, this.initializeData, { value }); + }); + + assertProxyInitialization({ + value: expectedInitializedValue, + balance: value, + }); + }); + }); + + describe('reverting initialization', function () { + beforeEach(function () { + this.initializeData = this.implementation.interface.encodeFunctionData('reverts'); + }); + + it('reverts', async function () { + await expect(this.createProxy(this.implementation, this.initializeData)).to.be.reverted; + }); + }); + }); +}; diff --git a/dependencies/@openzeppelin/test/proxy/beacon/BeaconProxy.test.js b/dependencies/@openzeppelin/test/proxy/beacon/BeaconProxy.test.js new file mode 100644 index 00000000..0a087844 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/beacon/BeaconProxy.test.js @@ -0,0 +1,141 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getAddressInSlot, BeaconSlot } = require('../../helpers/storage'); + +async function fixture() { + const [admin, other] = await ethers.getSigners(); + + const v1 = await ethers.deployContract('DummyImplementation'); + const v2 = await ethers.deployContract('DummyImplementationV2'); + const factory = await ethers.getContractFactory('BeaconProxy'); + const beacon = await ethers.deployContract('UpgradeableBeacon', [v1, admin]); + + const newBeaconProxy = (beacon, data, opts = {}) => factory.deploy(beacon, data, opts); + + return { admin, other, factory, beacon, v1, v2, newBeaconProxy }; +} + +describe('BeaconProxy', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('bad beacon is not accepted', function () { + it('non-contract beacon', async function () { + const notBeacon = this.other; + + await expect(this.newBeaconProxy(notBeacon, '0x')) + .to.be.revertedWithCustomError(this.factory, 'ERC1967InvalidBeacon') + .withArgs(notBeacon); + }); + + it('non-compliant beacon', async function () { + const badBeacon = await ethers.deployContract('BadBeaconNoImpl'); + + // BadBeaconNoImpl does not provide `implementation()` has no fallback. + // This causes ERC1967Utils._setBeacon to revert. + await expect(this.newBeaconProxy(badBeacon, '0x')).to.be.revertedWithoutReason(); + }); + + it('non-contract implementation', async function () { + const badBeacon = await ethers.deployContract('BadBeaconNotContract'); + + await expect(this.newBeaconProxy(badBeacon, '0x')) + .to.be.revertedWithCustomError(this.factory, 'ERC1967InvalidImplementation') + .withArgs(await badBeacon.implementation()); + }); + }); + + describe('initialization', function () { + async function assertInitialized({ value, balance }) { + const beaconAddress = await getAddressInSlot(this.proxy, BeaconSlot); + expect(beaconAddress).to.equal(this.beacon); + + const dummy = this.v1.attach(this.proxy); + expect(await dummy.value()).to.equal(value); + + expect(await ethers.provider.getBalance(this.proxy)).to.equal(balance); + } + + it('no initialization', async function () { + this.proxy = await this.newBeaconProxy(this.beacon, '0x'); + await assertInitialized.bind(this)({ value: 0n, balance: 0n }); + }); + + it('non-payable initialization', async function () { + const value = 55n; + const data = this.v1.interface.encodeFunctionData('initializeNonPayableWithValue', [value]); + + this.proxy = await this.newBeaconProxy(this.beacon, data); + await assertInitialized.bind(this)({ value, balance: 0n }); + }); + + it('payable initialization', async function () { + const value = 55n; + const data = this.v1.interface.encodeFunctionData('initializePayableWithValue', [value]); + const balance = 100n; + + this.proxy = await this.newBeaconProxy(this.beacon, data, { value: balance }); + await assertInitialized.bind(this)({ value, balance }); + }); + + it('reverting initialization due to value', async function () { + await expect(this.newBeaconProxy(this.beacon, '0x', { value: 1n })).to.be.revertedWithCustomError( + this.factory, + 'ERC1967NonPayable', + ); + }); + + it('reverting initialization function', async function () { + const data = this.v1.interface.encodeFunctionData('reverts'); + await expect(this.newBeaconProxy(this.beacon, data)).to.be.revertedWith('DummyImplementation reverted'); + }); + }); + + describe('upgrade', function () { + it('upgrade a proxy by upgrading its beacon', async function () { + const value = 10n; + const data = this.v1.interface.encodeFunctionData('initializeNonPayableWithValue', [value]); + const proxy = await this.newBeaconProxy(this.beacon, data).then(instance => this.v1.attach(instance)); + + // test initial values + expect(await proxy.value()).to.equal(value); + + // test initial version + expect(await proxy.version()).to.equal('V1'); + + // upgrade beacon + await this.beacon.connect(this.admin).upgradeTo(this.v2); + + // test upgraded version + expect(await proxy.version()).to.equal('V2'); + }); + + it('upgrade 2 proxies by upgrading shared beacon', async function () { + const value1 = 10n; + const data1 = this.v1.interface.encodeFunctionData('initializeNonPayableWithValue', [value1]); + const proxy1 = await this.newBeaconProxy(this.beacon, data1).then(instance => this.v1.attach(instance)); + + const value2 = 42n; + const data2 = this.v1.interface.encodeFunctionData('initializeNonPayableWithValue', [value2]); + const proxy2 = await this.newBeaconProxy(this.beacon, data2).then(instance => this.v1.attach(instance)); + + // test initial values + expect(await proxy1.value()).to.equal(value1); + expect(await proxy2.value()).to.equal(value2); + + // test initial version + expect(await proxy1.version()).to.equal('V1'); + expect(await proxy2.version()).to.equal('V1'); + + // upgrade beacon + await this.beacon.connect(this.admin).upgradeTo(this.v2); + + // test upgraded version + expect(await proxy1.version()).to.equal('V2'); + expect(await proxy2.version()).to.equal('V2'); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/beacon/UpgradeableBeacon.test.js b/dependencies/@openzeppelin/test/proxy/beacon/UpgradeableBeacon.test.js new file mode 100644 index 00000000..2da7d0a2 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/beacon/UpgradeableBeacon.test.js @@ -0,0 +1,55 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [admin, other] = await ethers.getSigners(); + + const v1 = await ethers.deployContract('Implementation1'); + const v2 = await ethers.deployContract('Implementation2'); + const beacon = await ethers.deployContract('UpgradeableBeacon', [v1, admin]); + + return { admin, other, beacon, v1, v2 }; +} + +describe('UpgradeableBeacon', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('cannot be created with non-contract implementation', async function () { + await expect(ethers.deployContract('UpgradeableBeacon', [this.other, this.admin])) + .to.be.revertedWithCustomError(this.beacon, 'BeaconInvalidImplementation') + .withArgs(this.other); + }); + + describe('once deployed', function () { + it('emits Upgraded event to the first implementation', async function () { + await expect(this.beacon.deploymentTransaction()).to.emit(this.beacon, 'Upgraded').withArgs(this.v1); + }); + + it('returns implementation', async function () { + expect(await this.beacon.implementation()).to.equal(this.v1); + }); + + it('can be upgraded by the admin', async function () { + await expect(this.beacon.connect(this.admin).upgradeTo(this.v2)) + .to.emit(this.beacon, 'Upgraded') + .withArgs(this.v2); + + expect(await this.beacon.implementation()).to.equal(this.v2); + }); + + it('cannot be upgraded to a non-contract', async function () { + await expect(this.beacon.connect(this.admin).upgradeTo(this.other)) + .to.be.revertedWithCustomError(this.beacon, 'BeaconInvalidImplementation') + .withArgs(this.other); + }); + + it('cannot be upgraded by other account', async function () { + await expect(this.beacon.connect(this.other).upgradeTo(this.v2)) + .to.be.revertedWithCustomError(this.beacon, 'OwnableUnauthorizedAccount') + .withArgs(this.other); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/transparent/ProxyAdmin.test.js b/dependencies/@openzeppelin/test/proxy/transparent/ProxyAdmin.test.js new file mode 100644 index 00000000..df430d46 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/transparent/ProxyAdmin.test.js @@ -0,0 +1,82 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getAddressInSlot, ImplementationSlot } = require('../../helpers/storage'); + +async function fixture() { + const [admin, other] = await ethers.getSigners(); + + const v1 = await ethers.deployContract('DummyImplementation'); + const v2 = await ethers.deployContract('DummyImplementationV2'); + + const proxy = await ethers + .deployContract('TransparentUpgradeableProxy', [v1, admin, '0x']) + .then(instance => ethers.getContractAt('ITransparentUpgradeableProxy', instance)); + + const proxyAdmin = await ethers.getContractAt( + 'ProxyAdmin', + ethers.getCreateAddress({ from: proxy.target, nonce: 1n }), + ); + + return { admin, other, v1, v2, proxy, proxyAdmin }; +} + +describe('ProxyAdmin', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('has an owner', async function () { + expect(await this.proxyAdmin.owner()).to.equal(this.admin); + }); + + it('has an interface version', async function () { + expect(await this.proxyAdmin.UPGRADE_INTERFACE_VERSION()).to.equal('5.0.0'); + }); + + describe('without data', function () { + describe('with unauthorized account', function () { + it('fails to upgrade', async function () { + await expect(this.proxyAdmin.connect(this.other).upgradeAndCall(this.proxy, this.v2, '0x')) + .to.be.revertedWithCustomError(this.proxyAdmin, 'OwnableUnauthorizedAccount') + .withArgs(this.other); + }); + }); + + describe('with authorized account', function () { + it('upgrades implementation', async function () { + await this.proxyAdmin.connect(this.admin).upgradeAndCall(this.proxy, this.v2, '0x'); + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.v2); + }); + }); + }); + + describe('with data', function () { + describe('with unauthorized account', function () { + it('fails to upgrade', async function () { + const data = this.v1.interface.encodeFunctionData('initializeNonPayableWithValue', [1337n]); + await expect(this.proxyAdmin.connect(this.other).upgradeAndCall(this.proxy, this.v2, data)) + .to.be.revertedWithCustomError(this.proxyAdmin, 'OwnableUnauthorizedAccount') + .withArgs(this.other); + }); + }); + + describe('with authorized account', function () { + describe('with invalid callData', function () { + it('fails to upgrade', async function () { + const data = '0x12345678'; + await expect(this.proxyAdmin.connect(this.admin).upgradeAndCall(this.proxy, this.v2, data)).to.be.reverted; + }); + }); + + describe('with valid callData', function () { + it('upgrades implementation', async function () { + const data = this.v2.interface.encodeFunctionData('initializeNonPayableWithValue', [1337n]); + await this.proxyAdmin.connect(this.admin).upgradeAndCall(this.proxy, this.v2, data); + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.v2); + }); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.behaviour.js b/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.behaviour.js new file mode 100644 index 00000000..d90bd56e --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.behaviour.js @@ -0,0 +1,357 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const { impersonate } = require('../../helpers/account'); +const { getAddressInSlot, ImplementationSlot, AdminSlot } = require('../../helpers/storage'); + +// createProxy, initialOwner, accounts +module.exports = function shouldBehaveLikeTransparentUpgradeableProxy() { + before(async function () { + const implementationV0 = await ethers.deployContract('DummyImplementation'); + const implementationV1 = await ethers.deployContract('DummyImplementation'); + + const createProxyWithImpersonatedProxyAdmin = async (logic, initData, opts = undefined) => { + const [proxy, tx] = await this.createProxy(logic, initData, opts).then(instance => + Promise.all([ethers.getContractAt('ITransparentUpgradeableProxy', instance), instance.deploymentTransaction()]), + ); + + const proxyAdmin = await ethers.getContractAt( + 'ProxyAdmin', + ethers.getCreateAddress({ from: proxy.target, nonce: 1n }), + ); + const proxyAdminAsSigner = await proxyAdmin.getAddress().then(impersonate); + + return { + instance: logic.attach(proxy.target), // attaching proxy directly works well for everything except for event resolution + proxy, + proxyAdmin, + proxyAdminAsSigner, + tx, + }; + }; + + Object.assign(this, { + implementationV0, + implementationV1, + createProxyWithImpersonatedProxyAdmin, + }); + }); + + beforeEach(async function () { + Object.assign(this, await this.createProxyWithImpersonatedProxyAdmin(this.implementationV0, '0x')); + }); + + describe('implementation', function () { + it('returns the current implementation address', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.implementationV0); + }); + + it('delegates to the implementation', async function () { + expect(await this.instance.get()).to.be.true; + }); + }); + + describe('proxy admin', function () { + it('emits AdminChanged event during construction', async function () { + await expect(this.tx).to.emit(this.proxy, 'AdminChanged').withArgs(ethers.ZeroAddress, this.proxyAdmin); + }); + + it('sets the proxy admin in storage with the correct initial owner', async function () { + expect(await getAddressInSlot(this.proxy, AdminSlot)).to.equal(this.proxyAdmin); + + expect(await this.proxyAdmin.owner()).to.equal(this.owner); + }); + + it('can overwrite the admin by the implementation', async function () { + await this.instance.unsafeOverrideAdmin(this.other); + + const ERC1967AdminSlotValue = await getAddressInSlot(this.proxy, AdminSlot); + expect(ERC1967AdminSlotValue).to.equal(this.other); + expect(ERC1967AdminSlotValue).to.not.equal(this.proxyAdmin); + + // Still allows previous admin to execute admin operations + await expect(this.proxy.connect(this.proxyAdminAsSigner).upgradeToAndCall(this.implementationV1, '0x')) + .to.emit(this.proxy, 'Upgraded') + .withArgs(this.implementationV1); + }); + }); + + describe('upgradeToAndCall', function () { + describe('without migrations', function () { + beforeEach(async function () { + this.behavior = await ethers.deployContract('InitializableMock'); + }); + + describe('when the call does not fail', function () { + beforeEach(function () { + this.initializeData = this.behavior.interface.encodeFunctionData('initializeWithX', [42n]); + }); + + describe('when the sender is the admin', function () { + const value = 10n ** 5n; + + beforeEach(async function () { + this.tx = await this.proxy + .connect(this.proxyAdminAsSigner) + .upgradeToAndCall(this.behavior, this.initializeData, { + value, + }); + }); + + it('upgrades to the requested implementation', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.behavior); + }); + + it('emits an event', async function () { + await expect(this.tx).to.emit(this.proxy, 'Upgraded').withArgs(this.behavior); + }); + + it('calls the initializer function', async function () { + expect(await this.behavior.attach(this.proxy).x()).to.equal(42n); + }); + + it('sends given value to the proxy', async function () { + expect(await ethers.provider.getBalance(this.proxy)).to.equal(value); + }); + + it('uses the storage of the proxy', async function () { + // storage layout should look as follows: + // - 0: Initializable storage ++ initializerRan ++ onlyInitializingRan + // - 1: x + expect(await ethers.provider.getStorage(this.proxy, 1n)).to.equal(42n); + }); + }); + + describe('when the sender is not the admin', function () { + it('reverts', async function () { + await expect(this.proxy.connect(this.other).upgradeToAndCall(this.behavior, this.initializeData)).to.be + .reverted; + }); + }); + }); + + describe('when the call does fail', function () { + beforeEach(function () { + this.initializeData = this.behavior.interface.encodeFunctionData('fail'); + }); + + it('reverts', async function () { + await expect(this.proxy.connect(this.proxyAdminAsSigner).upgradeToAndCall(this.behavior, this.initializeData)) + .to.be.reverted; + }); + }); + }); + + describe('with migrations', function () { + describe('when the sender is the admin', function () { + const value = 10n ** 5n; + + describe('when upgrading to V1', function () { + beforeEach(async function () { + this.behaviorV1 = await ethers.deployContract('MigratableMockV1'); + const v1MigrationData = this.behaviorV1.interface.encodeFunctionData('initialize', [42n]); + + this.balancePreviousV1 = await ethers.provider.getBalance(this.proxy); + this.tx = await this.proxy + .connect(this.proxyAdminAsSigner) + .upgradeToAndCall(this.behaviorV1, v1MigrationData, { + value, + }); + }); + + it('upgrades to the requested version and emits an event', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.behaviorV1); + + await expect(this.tx).to.emit(this.proxy, 'Upgraded').withArgs(this.behaviorV1); + }); + + it("calls the 'initialize' function and sends given value to the proxy", async function () { + expect(await this.behaviorV1.attach(this.proxy).x()).to.equal(42n); + expect(await ethers.provider.getBalance(this.proxy)).to.equal(this.balancePreviousV1 + value); + }); + + describe('when upgrading to V2', function () { + beforeEach(async function () { + this.behaviorV2 = await ethers.deployContract('MigratableMockV2'); + const v2MigrationData = this.behaviorV2.interface.encodeFunctionData('migrate', [10n, 42n]); + + this.balancePreviousV2 = await ethers.provider.getBalance(this.proxy); + this.tx = await this.proxy + .connect(this.proxyAdminAsSigner) + .upgradeToAndCall(this.behaviorV2, v2MigrationData, { + value, + }); + }); + + it('upgrades to the requested version and emits an event', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.behaviorV2); + + await expect(this.tx).to.emit(this.proxy, 'Upgraded').withArgs(this.behaviorV2); + }); + + it("calls the 'migrate' function and sends given value to the proxy", async function () { + expect(await this.behaviorV2.attach(this.proxy).x()).to.equal(10n); + expect(await this.behaviorV2.attach(this.proxy).y()).to.equal(42n); + expect(await ethers.provider.getBalance(this.proxy)).to.equal(this.balancePreviousV2 + value); + }); + + describe('when upgrading to V3', function () { + beforeEach(async function () { + this.behaviorV3 = await ethers.deployContract('MigratableMockV3'); + const v3MigrationData = this.behaviorV3.interface.encodeFunctionData('migrate()'); + + this.balancePreviousV3 = await ethers.provider.getBalance(this.proxy); + this.tx = await this.proxy + .connect(this.proxyAdminAsSigner) + .upgradeToAndCall(this.behaviorV3, v3MigrationData, { + value, + }); + }); + + it('upgrades to the requested version and emits an event', async function () { + expect(await getAddressInSlot(this.proxy, ImplementationSlot)).to.equal(this.behaviorV3); + + await expect(this.tx).to.emit(this.proxy, 'Upgraded').withArgs(this.behaviorV3); + }); + + it("calls the 'migrate' function and sends given value to the proxy", async function () { + expect(await this.behaviorV3.attach(this.proxy).x()).to.equal(42n); + expect(await this.behaviorV3.attach(this.proxy).y()).to.equal(10n); + expect(await ethers.provider.getBalance(this.proxy)).to.equal(this.balancePreviousV3 + value); + }); + }); + }); + }); + }); + + describe('when the sender is not the admin', function () { + it('reverts', async function () { + const behaviorV1 = await ethers.deployContract('MigratableMockV1'); + const v1MigrationData = behaviorV1.interface.encodeFunctionData('initialize', [42n]); + await expect(this.proxy.connect(this.other).upgradeToAndCall(behaviorV1, v1MigrationData)).to.be.reverted; + }); + }); + }); + }); + + describe('transparent proxy', function () { + beforeEach('creating proxy', async function () { + this.clashingImplV0 = await ethers.deployContract('ClashingImplementation'); + this.clashingImplV1 = await ethers.deployContract('ClashingImplementation'); + + Object.assign(this, await this.createProxyWithImpersonatedProxyAdmin(this.clashingImplV0, '0x')); + }); + + it('proxy admin cannot call delegated functions', async function () { + const interface = await ethers.getContractFactory('TransparentUpgradeableProxy'); + + await expect(this.instance.connect(this.proxyAdminAsSigner).delegatedFunction()).to.be.revertedWithCustomError( + interface, + 'ProxyDeniedAdminAccess', + ); + }); + + describe('when function names clash', function () { + it('executes the proxy function if the sender is the admin', async function () { + await expect(this.proxy.connect(this.proxyAdminAsSigner).upgradeToAndCall(this.clashingImplV1, '0x')) + .to.emit(this.proxy, 'Upgraded') + .withArgs(this.clashingImplV1); + }); + + it('delegates the call to implementation when sender is not the admin', async function () { + await expect(this.proxy.connect(this.other).upgradeToAndCall(this.clashingImplV1, '0x')) + .to.emit(this.instance, 'ClashingImplementationCall') + .to.not.emit(this.proxy, 'Upgraded'); + }); + }); + }); + + describe('regression', function () { + const initializeData = '0x'; + + it('should add new function', async function () { + const impl1 = await ethers.deployContract('Implementation1'); + const impl2 = await ethers.deployContract('Implementation2'); + const { instance, proxy, proxyAdminAsSigner } = await this.createProxyWithImpersonatedProxyAdmin( + impl1, + initializeData, + ); + + await instance.setValue(42n); + + // `getValue` is not available in impl1 + await expect(impl2.attach(instance).getValue()).to.be.reverted; + + // do upgrade + await proxy.connect(proxyAdminAsSigner).upgradeToAndCall(impl2, '0x'); + + // `getValue` is available in impl2 + expect(await impl2.attach(instance).getValue()).to.equal(42n); + }); + + it('should remove function', async function () { + const impl1 = await ethers.deployContract('Implementation1'); + const impl2 = await ethers.deployContract('Implementation2'); + const { instance, proxy, proxyAdminAsSigner } = await this.createProxyWithImpersonatedProxyAdmin( + impl2, + initializeData, + ); + + await instance.setValue(42n); + + // `getValue` is available in impl2 + expect(await impl2.attach(instance).getValue()).to.equal(42n); + + // do downgrade + await proxy.connect(proxyAdminAsSigner).upgradeToAndCall(impl1, '0x'); + + // `getValue` is not available in impl1 + await expect(impl2.attach(instance).getValue()).to.be.reverted; + }); + + it('should change function signature', async function () { + const impl1 = await ethers.deployContract('Implementation1'); + const impl3 = await ethers.deployContract('Implementation3'); + const { instance, proxy, proxyAdminAsSigner } = await this.createProxyWithImpersonatedProxyAdmin( + impl1, + initializeData, + ); + + await instance.setValue(42n); + + await proxy.connect(proxyAdminAsSigner).upgradeToAndCall(impl3, '0x'); + + expect(await impl3.attach(instance).getValue(8n)).to.equal(50n); + }); + + it('should add fallback function', async function () { + const impl1 = await ethers.deployContract('Implementation1'); + const impl4 = await ethers.deployContract('Implementation4'); + const { instance, proxy, proxyAdminAsSigner } = await this.createProxyWithImpersonatedProxyAdmin( + impl1, + initializeData, + ); + + await proxy.connect(proxyAdminAsSigner).upgradeToAndCall(impl4, '0x'); + + await this.other.sendTransaction({ to: proxy }); + + expect(await impl4.attach(instance).getValue()).to.equal(1n); + }); + + it('should remove fallback function', async function () { + const impl2 = await ethers.deployContract('Implementation2'); + const impl4 = await ethers.deployContract('Implementation4'); + const { instance, proxy, proxyAdminAsSigner } = await this.createProxyWithImpersonatedProxyAdmin( + impl4, + initializeData, + ); + + await proxy.connect(proxyAdminAsSigner).upgradeToAndCall(impl2, '0x'); + + await expect(this.other.sendTransaction({ to: proxy })).to.be.reverted; + + expect(await impl2.attach(instance).getValue()).to.equal(0n); + }); + }); +}; diff --git a/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.test.js b/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.test.js new file mode 100644 index 00000000..61e18014 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/transparent/TransparentUpgradeableProxy.test.js @@ -0,0 +1,28 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const shouldBehaveLikeProxy = require('../Proxy.behaviour'); +const shouldBehaveLikeTransparentUpgradeableProxy = require('./TransparentUpgradeableProxy.behaviour'); + +async function fixture() { + const [owner, other, ...accounts] = await ethers.getSigners(); + + const implementation = await ethers.deployContract('DummyImplementation'); + + const createProxy = function (logic, initData, opts = undefined) { + return ethers.deployContract('TransparentUpgradeableProxy', [logic, owner, initData], opts); + }; + + return { nonContractAddress: owner, owner, other, accounts, implementation, createProxy }; +} + +describe('TransparentUpgradeableProxy', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeProxy(); + + // createProxy, owner, otherAccounts + shouldBehaveLikeTransparentUpgradeableProxy(); +}); diff --git a/dependencies/@openzeppelin/test/proxy/utils/Initializable.test.js b/dependencies/@openzeppelin/test/proxy/utils/Initializable.test.js new file mode 100644 index 00000000..6bf213f0 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/utils/Initializable.test.js @@ -0,0 +1,216 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { MAX_UINT64 } = require('../../helpers/constants'); + +describe('Initializable', function () { + describe('basic testing without inheritance', function () { + beforeEach('deploying', async function () { + this.mock = await ethers.deployContract('InitializableMock'); + }); + + describe('before initialize', function () { + it('initializer has not run', async function () { + expect(await this.mock.initializerRan()).to.be.false; + }); + + it('_initializing returns false before initialization', async function () { + expect(await this.mock.isInitializing()).to.be.false; + }); + }); + + describe('after initialize', function () { + beforeEach('initializing', async function () { + await this.mock.initialize(); + }); + + it('initializer has run', async function () { + expect(await this.mock.initializerRan()).to.be.true; + }); + + it('_initializing returns false after initialization', async function () { + expect(await this.mock.isInitializing()).to.be.false; + }); + + it('initializer does not run again', async function () { + await expect(this.mock.initialize()).to.be.revertedWithCustomError(this.mock, 'InvalidInitialization'); + }); + }); + + describe('nested under an initializer', function () { + it('initializer modifier reverts', async function () { + await expect(this.mock.initializerNested()).to.be.revertedWithCustomError(this.mock, 'InvalidInitialization'); + }); + + it('onlyInitializing modifier succeeds', async function () { + await this.mock.onlyInitializingNested(); + expect(await this.mock.onlyInitializingRan()).to.be.true; + }); + }); + + it('cannot call onlyInitializable function outside the scope of an initializable function', async function () { + await expect(this.mock.initializeOnlyInitializing()).to.be.revertedWithCustomError(this.mock, 'NotInitializing'); + }); + }); + + it('nested initializer can run during construction', async function () { + const mock = await ethers.deployContract('ConstructorInitializableMock'); + expect(await mock.initializerRan()).to.be.true; + expect(await mock.onlyInitializingRan()).to.be.true; + }); + + it('multiple constructor levels can be initializers', async function () { + const mock = await ethers.deployContract('ChildConstructorInitializableMock'); + expect(await mock.initializerRan()).to.be.true; + expect(await mock.childInitializerRan()).to.be.true; + expect(await mock.onlyInitializingRan()).to.be.true; + }); + + describe('reinitialization', function () { + beforeEach('deploying', async function () { + this.mock = await ethers.deployContract('ReinitializerMock'); + }); + + it('can reinitialize', async function () { + expect(await this.mock.counter()).to.equal(0n); + await this.mock.initialize(); + expect(await this.mock.counter()).to.equal(1n); + await this.mock.reinitialize(2); + expect(await this.mock.counter()).to.equal(2n); + await this.mock.reinitialize(3); + expect(await this.mock.counter()).to.equal(3n); + }); + + it('can jump multiple steps', async function () { + expect(await this.mock.counter()).to.equal(0n); + await this.mock.initialize(); + expect(await this.mock.counter()).to.equal(1n); + await this.mock.reinitialize(128); + expect(await this.mock.counter()).to.equal(2n); + }); + + it('cannot nest reinitializers', async function () { + expect(await this.mock.counter()).to.equal(0n); + await expect(this.mock.nestedReinitialize(2, 2)).to.be.revertedWithCustomError( + this.mock, + 'InvalidInitialization', + ); + await expect(this.mock.nestedReinitialize(2, 3)).to.be.revertedWithCustomError( + this.mock, + 'InvalidInitialization', + ); + await expect(this.mock.nestedReinitialize(3, 2)).to.be.revertedWithCustomError( + this.mock, + 'InvalidInitialization', + ); + }); + + it('can chain reinitializers', async function () { + expect(await this.mock.counter()).to.equal(0n); + await this.mock.chainReinitialize(2, 3); + expect(await this.mock.counter()).to.equal(2n); + }); + + it('_getInitializedVersion returns right version', async function () { + await this.mock.initialize(); + expect(await this.mock.getInitializedVersion()).to.equal(1n); + await this.mock.reinitialize(12); + expect(await this.mock.getInitializedVersion()).to.equal(12n); + }); + + describe('contract locking', function () { + it('prevents initialization', async function () { + await this.mock.disableInitializers(); + await expect(this.mock.initialize()).to.be.revertedWithCustomError(this.mock, 'InvalidInitialization'); + }); + + it('prevents re-initialization', async function () { + await this.mock.disableInitializers(); + await expect(this.mock.reinitialize(255n)).to.be.revertedWithCustomError(this.mock, 'InvalidInitialization'); + }); + + it('can lock contract after initialization', async function () { + await this.mock.initialize(); + await this.mock.disableInitializers(); + await expect(this.mock.reinitialize(255n)).to.be.revertedWithCustomError(this.mock, 'InvalidInitialization'); + }); + }); + }); + + describe('events', function () { + it('constructor initialization emits event', async function () { + const mock = await ethers.deployContract('ConstructorInitializableMock'); + await expect(mock.deploymentTransaction()).to.emit(mock, 'Initialized').withArgs(1n); + }); + + it('initialization emits event', async function () { + const mock = await ethers.deployContract('ReinitializerMock'); + await expect(mock.initialize()).to.emit(mock, 'Initialized').withArgs(1n); + }); + + it('reinitialization emits event', async function () { + const mock = await ethers.deployContract('ReinitializerMock'); + await expect(mock.reinitialize(128)).to.emit(mock, 'Initialized').withArgs(128n); + }); + + it('chained reinitialization emits multiple events', async function () { + const mock = await ethers.deployContract('ReinitializerMock'); + + await expect(mock.chainReinitialize(2, 3)) + .to.emit(mock, 'Initialized') + .withArgs(2n) + .to.emit(mock, 'Initialized') + .withArgs(3n); + }); + }); + + describe('complex testing with inheritance', function () { + const mother = 12n; + const gramps = '56'; + const father = 34n; + const child = 78n; + + beforeEach('deploying', async function () { + this.mock = await ethers.deployContract('SampleChild'); + await this.mock.initialize(mother, gramps, father, child); + }); + + it('initializes human', async function () { + expect(await this.mock.isHuman()).to.be.true; + }); + + it('initializes mother', async function () { + expect(await this.mock.mother()).to.equal(mother); + }); + + it('initializes gramps', async function () { + expect(await this.mock.gramps()).to.equal(gramps); + }); + + it('initializes father', async function () { + expect(await this.mock.father()).to.equal(father); + }); + + it('initializes child', async function () { + expect(await this.mock.child()).to.equal(child); + }); + }); + + describe('disabling initialization', function () { + it('old and new patterns in bad sequence', async function () { + const DisableBad1 = await ethers.getContractFactory('DisableBad1'); + await expect(DisableBad1.deploy()).to.be.revertedWithCustomError(DisableBad1, 'InvalidInitialization'); + + const DisableBad2 = await ethers.getContractFactory('DisableBad2'); + await expect(DisableBad2.deploy()).to.be.revertedWithCustomError(DisableBad2, 'InvalidInitialization'); + }); + + it('old and new patterns in good sequence', async function () { + const ok = await ethers.deployContract('DisableOk'); + await expect(ok.deploymentTransaction()) + .to.emit(ok, 'Initialized') + .withArgs(1n) + .to.emit(ok, 'Initialized') + .withArgs(MAX_UINT64); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/proxy/utils/UUPSUpgradeable.test.js b/dependencies/@openzeppelin/test/proxy/utils/UUPSUpgradeable.test.js new file mode 100644 index 00000000..17f86576 --- /dev/null +++ b/dependencies/@openzeppelin/test/proxy/utils/UUPSUpgradeable.test.js @@ -0,0 +1,120 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getAddressInSlot, ImplementationSlot } = require('../../helpers/storage'); + +async function fixture() { + const implInitial = await ethers.deployContract('UUPSUpgradeableMock'); + const implUpgradeOk = await ethers.deployContract('UUPSUpgradeableMock'); + const implUpgradeUnsafe = await ethers.deployContract('UUPSUpgradeableUnsafeMock'); + const implUpgradeNonUUPS = await ethers.deployContract('NonUpgradeableMock'); + const implUnsupportedUUID = await ethers.deployContract('UUPSUnsupportedProxiableUUID'); + // Used for testing non ERC1967 compliant proxies (clones are proxies that don't use the ERC1967 implementation slot) + const cloneFactory = await ethers.deployContract('$Clones'); + + const instance = await ethers + .deployContract('ERC1967Proxy', [implInitial, '0x']) + .then(proxy => implInitial.attach(proxy.target)); + + return { + implInitial, + implUpgradeOk, + implUpgradeUnsafe, + implUpgradeNonUUPS, + implUnsupportedUUID, + cloneFactory, + instance, + }; +} + +describe('UUPSUpgradeable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('has an interface version', async function () { + expect(await this.instance.UPGRADE_INTERFACE_VERSION()).to.equal('5.0.0'); + }); + + it('upgrade to upgradeable implementation', async function () { + await expect(this.instance.upgradeToAndCall(this.implUpgradeOk, '0x')) + .to.emit(this.instance, 'Upgraded') + .withArgs(this.implUpgradeOk); + + expect(await getAddressInSlot(this.instance, ImplementationSlot)).to.equal(this.implUpgradeOk); + }); + + it('upgrade to upgradeable implementation with call', async function () { + expect(await this.instance.current()).to.equal(0n); + + await expect( + this.instance.upgradeToAndCall(this.implUpgradeOk, this.implUpgradeOk.interface.encodeFunctionData('increment')), + ) + .to.emit(this.instance, 'Upgraded') + .withArgs(this.implUpgradeOk); + + expect(await getAddressInSlot(this.instance, ImplementationSlot)).to.equal(this.implUpgradeOk); + + expect(await this.instance.current()).to.equal(1n); + }); + + it('calling upgradeTo on the implementation reverts', async function () { + await expect(this.implInitial.upgradeToAndCall(this.implUpgradeOk, '0x')).to.be.revertedWithCustomError( + this.implInitial, + 'UUPSUnauthorizedCallContext', + ); + }); + + it('calling upgradeToAndCall on the implementation reverts', async function () { + await expect( + this.implInitial.upgradeToAndCall( + this.implUpgradeOk, + this.implUpgradeOk.interface.encodeFunctionData('increment'), + ), + ).to.be.revertedWithCustomError(this.implUpgradeOk, 'UUPSUnauthorizedCallContext'); + }); + + it('calling upgradeToAndCall from a contract that is not an ERC1967 proxy (with the right implementation) reverts', async function () { + const instance = await this.cloneFactory.$clone + .staticCall(this.implUpgradeOk) + .then(address => this.implInitial.attach(address)); + await this.cloneFactory.$clone(this.implUpgradeOk); + + await expect(instance.upgradeToAndCall(this.implUpgradeUnsafe, '0x')).to.be.revertedWithCustomError( + instance, + 'UUPSUnauthorizedCallContext', + ); + }); + + it('rejects upgrading to an unsupported UUID', async function () { + await expect(this.instance.upgradeToAndCall(this.implUnsupportedUUID, '0x')) + .to.be.revertedWithCustomError(this.instance, 'UUPSUnsupportedProxiableUUID') + .withArgs(ethers.id('invalid UUID')); + }); + + it('upgrade to and unsafe upgradeable implementation', async function () { + await expect(this.instance.upgradeToAndCall(this.implUpgradeUnsafe, '0x')) + .to.emit(this.instance, 'Upgraded') + .withArgs(this.implUpgradeUnsafe); + + expect(await getAddressInSlot(this.instance, ImplementationSlot)).to.equal(this.implUpgradeUnsafe); + }); + + // delegate to a non existing upgradeTo function causes a low level revert + it('reject upgrade to non uups implementation', async function () { + await expect(this.instance.upgradeToAndCall(this.implUpgradeNonUUPS, '0x')) + .to.be.revertedWithCustomError(this.instance, 'ERC1967InvalidImplementation') + .withArgs(this.implUpgradeNonUUPS); + }); + + it('reject proxy address as implementation', async function () { + const otherInstance = await ethers + .deployContract('ERC1967Proxy', [this.implInitial, '0x']) + .then(proxy => this.implInitial.attach(proxy.target)); + + await expect(this.instance.upgradeToAndCall(otherInstance, '0x')) + .to.be.revertedWithCustomError(this.instance, 'ERC1967InvalidImplementation') + .withArgs(otherInstance); + }); +}); diff --git a/dependencies/@openzeppelin/test/sanity.test.js b/dependencies/@openzeppelin/test/sanity.test.js new file mode 100644 index 00000000..ea0175c4 --- /dev/null +++ b/dependencies/@openzeppelin/test/sanity.test.js @@ -0,0 +1,27 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture, mine } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + return {}; +} + +describe('Environment sanity', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('snapshot', function () { + let blockNumberBefore; + + it('cache and mine', async function () { + blockNumberBefore = await ethers.provider.getBlockNumber(); + await mine(); + expect(await ethers.provider.getBlockNumber()).to.equal(blockNumberBefore + 1); + }); + + it('check snapshot', async function () { + expect(await ethers.provider.getBlockNumber()).to.equal(blockNumberBefore); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.behavior.js b/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.behavior.js new file mode 100644 index 00000000..d19b7325 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.behavior.js @@ -0,0 +1,763 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); + +const { RevertType } = require('../../helpers/enums'); +const { shouldSupportInterfaces } = require('../../utils/introspection/SupportsInterface.behavior'); + +function shouldBehaveLikeERC1155() { + const firstTokenId = 1n; + const secondTokenId = 2n; + const unknownTokenId = 3n; + + const firstTokenValue = 1000n; + const secondTokenValue = 2000n; + + const RECEIVER_SINGLE_MAGIC_VALUE = '0xf23a6e61'; + const RECEIVER_BATCH_MAGIC_VALUE = '0xbc197c81'; + + beforeEach(async function () { + [this.recipient, this.proxy, this.alice, this.bruce] = this.otherAccounts; + }); + + describe('like an ERC1155', function () { + describe('balanceOf', function () { + it('should return 0 when queried about the zero address', async function () { + expect(await this.token.balanceOf(ethers.ZeroAddress, firstTokenId)).to.equal(0n); + }); + + describe("when accounts don't own tokens", function () { + it('returns zero for given addresses', async function () { + expect(await this.token.balanceOf(this.alice, firstTokenId)).to.equal(0n); + expect(await this.token.balanceOf(this.bruce, secondTokenId)).to.equal(0n); + expect(await this.token.balanceOf(this.alice, unknownTokenId)).to.equal(0n); + }); + }); + + describe('when accounts own some tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.alice, firstTokenId, firstTokenValue, '0x'); + await this.token.$_mint(this.bruce, secondTokenId, secondTokenValue, '0x'); + }); + + it('returns the amount of tokens owned by the given addresses', async function () { + expect(await this.token.balanceOf(this.alice, firstTokenId)).to.equal(firstTokenValue); + expect(await this.token.balanceOf(this.bruce, secondTokenId)).to.equal(secondTokenValue); + expect(await this.token.balanceOf(this.alice, unknownTokenId)).to.equal(0n); + }); + }); + }); + + describe('balanceOfBatch', function () { + it("reverts when input arrays don't match up", async function () { + const accounts1 = [this.alice, this.bruce, this.alice, this.bruce]; + const ids1 = [firstTokenId, secondTokenId, unknownTokenId]; + + await expect(this.token.balanceOfBatch(accounts1, ids1)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(ids1.length, accounts1.length); + + const accounts2 = [this.alice, this.bruce]; + const ids2 = [firstTokenId, secondTokenId, unknownTokenId]; + await expect(this.token.balanceOfBatch(accounts2, ids2)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(ids2.length, accounts2.length); + }); + + it('should return 0 as the balance when one of the addresses is the zero address', async function () { + const result = await this.token.balanceOfBatch( + [this.alice, this.bruce, ethers.ZeroAddress], + [firstTokenId, secondTokenId, unknownTokenId], + ); + expect(result).to.deep.equal([0n, 0n, 0n]); + }); + + describe("when accounts don't own tokens", function () { + it('returns zeros for each account', async function () { + const result = await this.token.balanceOfBatch( + [this.alice, this.bruce, this.alice], + [firstTokenId, secondTokenId, unknownTokenId], + ); + expect(result).to.deep.equal([0n, 0n, 0n]); + }); + }); + + describe('when accounts own some tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.alice, firstTokenId, firstTokenValue, '0x'); + await this.token.$_mint(this.bruce, secondTokenId, secondTokenValue, '0x'); + }); + + it('returns amounts owned by each account in order passed', async function () { + const result = await this.token.balanceOfBatch( + [this.bruce, this.alice, this.alice], + [secondTokenId, firstTokenId, unknownTokenId], + ); + expect(result).to.deep.equal([secondTokenValue, firstTokenValue, 0n]); + }); + + it('returns multiple times the balance of the same address when asked', async function () { + const result = await this.token.balanceOfBatch( + [this.alice, this.bruce, this.alice], + [firstTokenId, secondTokenId, firstTokenId], + ); + expect(result).to.deep.equal([firstTokenValue, secondTokenValue, firstTokenValue]); + }); + }); + }); + + describe('setApprovalForAll', function () { + beforeEach(async function () { + this.tx = await this.token.connect(this.holder).setApprovalForAll(this.proxy, true); + }); + + it('sets approval status which can be queried via isApprovedForAll', async function () { + expect(await this.token.isApprovedForAll(this.holder, this.proxy)).to.be.true; + }); + + it('emits an ApprovalForAll log', async function () { + await expect(this.tx).to.emit(this.token, 'ApprovalForAll').withArgs(this.holder, this.proxy, true); + }); + + it('can unset approval for an operator', async function () { + await this.token.connect(this.holder).setApprovalForAll(this.proxy, false); + expect(await this.token.isApprovedForAll(this.holder, this.proxy)).to.be.false; + }); + + it('reverts if attempting to approve zero address as an operator', async function () { + await expect(this.token.connect(this.holder).setApprovalForAll(ethers.ZeroAddress, true)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidOperator') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('safeTransferFrom', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, firstTokenId, firstTokenValue, '0x'); + await this.token.$_mint(this.holder, secondTokenId, secondTokenValue, '0x'); + }); + + it('reverts when transferring more than balance', async function () { + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, this.recipient, firstTokenId, firstTokenValue + 1n, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InsufficientBalance') + .withArgs(this.holder, firstTokenValue, firstTokenValue + 1n, firstTokenId); + }); + + it('reverts when transferring to zero address', async function () { + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, ethers.ZeroAddress, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + function transferWasSuccessful() { + it('debits transferred balance from sender', async function () { + expect(await this.token.balanceOf(this.args.from, this.args.id)).to.equal(0n); + }); + + it('credits transferred balance to receiver', async function () { + expect(await this.token.balanceOf(this.args.to, this.args.id)).to.equal(this.args.value); + }); + + it('emits a TransferSingle log', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferSingle') + .withArgs(this.args.operator, this.args.from, this.args.to, this.args.id, this.args.value); + }); + } + + describe('when called by the holder', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.recipient, + id: firstTokenId, + value: firstTokenValue, + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeTransferFrom(this.args.from, this.args.to, this.args.id, this.args.value, this.args.data); + }); + + transferWasSuccessful(); + + it('preserves existing balances which are not transferred by holder', async function () { + expect(await this.token.balanceOf(this.holder, secondTokenId)).to.equal(secondTokenValue); + expect(await this.token.balanceOf(this.recipient, secondTokenId)).to.equal(0n); + }); + }); + + describe('when called by an operator on behalf of the holder', function () { + describe('when operator is not approved by holder', function () { + beforeEach(async function () { + await this.token.connect(this.holder).setApprovalForAll(this.proxy, false); + }); + + it('reverts', async function () { + await expect( + this.token + .connect(this.proxy) + .safeTransferFrom(this.holder, this.recipient, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155MissingApprovalForAll') + .withArgs(this.proxy, this.holder); + }); + }); + + describe('when operator is approved by holder', function () { + beforeEach(async function () { + await this.token.connect(this.holder).setApprovalForAll(this.proxy, true); + + this.args = { + operator: this.proxy, + from: this.holder, + to: this.recipient, + id: firstTokenId, + value: firstTokenValue, + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeTransferFrom(this.args.from, this.args.to, this.args.id, this.args.value, this.args.data); + }); + + transferWasSuccessful(); + + it("preserves operator's balances not involved in the transfer", async function () { + expect(await this.token.balanceOf(this.proxy, firstTokenId)).to.equal(0n); + expect(await this.token.balanceOf(this.proxy, secondTokenId)).to.equal(0n); + }); + }); + }); + + describe('when sending to a valid receiver', function () { + beforeEach(async function () { + this.receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.None, + ]); + }); + + describe('without data', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.receiver, + id: firstTokenId, + value: firstTokenValue, + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeTransferFrom(this.args.from, this.args.to, this.args.id, this.args.value, this.args.data); + }); + + transferWasSuccessful(); + + it('calls onERC1155Received', async function () { + await expect(this.tx) + .to.emit(this.receiver, 'Received') + .withArgs(this.args.operator, this.args.from, this.args.id, this.args.value, this.args.data, anyValue); + }); + }); + + describe('with data', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.receiver, + id: firstTokenId, + value: firstTokenValue, + data: '0xf00dd00d', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeTransferFrom(this.args.from, this.args.to, this.args.id, this.args.value, this.args.data); + }); + + transferWasSuccessful(); + + it('calls onERC1155Received', async function () { + await expect(this.tx) + .to.emit(this.receiver, 'Received') + .withArgs(this.args.operator, this.args.from, this.args.id, this.args.value, this.args.data, anyValue); + }); + }); + }); + + describe('to a receiver contract returning unexpected value', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + '0x00c0ffee', + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.None, + ]); + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, receiver, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(receiver); + }); + }); + + describe('to a receiver contract that reverts', function () { + describe('with a revert string', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithMessage, + ]); + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, receiver, firstTokenId, firstTokenValue, '0x'), + ).to.be.revertedWith('ERC1155ReceiverMock: reverting on receive'); + }); + }); + + describe('without a revert string', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithoutMessage, + ]); + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, receiver, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(receiver); + }); + }); + + describe('with a custom error', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithCustomError, + ]); + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, receiver, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(receiver, 'CustomError') + .withArgs(RECEIVER_SINGLE_MAGIC_VALUE); + }); + }); + + describe('with a panic', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.Panic, + ]); + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, receiver, firstTokenId, firstTokenValue, '0x'), + ).to.be.revertedWithPanic(); + }); + }); + }); + + describe('to a contract that does not implement the required function', function () { + it('reverts', async function () { + const invalidReceiver = this.token; + + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, invalidReceiver, firstTokenId, firstTokenValue, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(invalidReceiver); + }); + }); + }); + + describe('safeBatchTransferFrom', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, firstTokenId, firstTokenValue, '0x'); + await this.token.$_mint(this.holder, secondTokenId, secondTokenValue, '0x'); + }); + + it('reverts when transferring value more than any of balances', async function () { + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + this.recipient, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue + 1n], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InsufficientBalance') + .withArgs(this.holder, secondTokenValue, secondTokenValue + 1n, secondTokenId); + }); + + it("reverts when ids array length doesn't match values array length", async function () { + const ids1 = [firstTokenId]; + const tokenValues1 = [firstTokenValue, secondTokenValue]; + + await expect( + this.token.connect(this.holder).safeBatchTransferFrom(this.holder, this.recipient, ids1, tokenValues1, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(ids1.length, tokenValues1.length); + + const ids2 = [firstTokenId, secondTokenId]; + const tokenValues2 = [firstTokenValue]; + + await expect( + this.token.connect(this.holder).safeBatchTransferFrom(this.holder, this.recipient, ids2, tokenValues2, '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(ids2.length, tokenValues2.length); + }); + + it('reverts when transferring to zero address', async function () { + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + ethers.ZeroAddress, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + it('reverts when transferring from zero address', async function () { + await expect( + this.token.$_safeBatchTransferFrom(ethers.ZeroAddress, this.holder, [firstTokenId], [firstTokenValue], '0x'), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + + function batchTransferWasSuccessful() { + it('debits transferred balances from sender', async function () { + const newBalances = await this.token.balanceOfBatch( + this.args.ids.map(() => this.args.from), + this.args.ids, + ); + expect(newBalances).to.deep.equal(this.args.ids.map(() => 0n)); + }); + + it('credits transferred balances to receiver', async function () { + const newBalances = await this.token.balanceOfBatch( + this.args.ids.map(() => this.args.to), + this.args.ids, + ); + expect(newBalances).to.deep.equal(this.args.values); + }); + + it('emits a TransferBatch log', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferBatch') + .withArgs(this.args.operator, this.args.from, this.args.to, this.args.ids, this.args.values); + }); + } + + describe('when called by the holder', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.recipient, + ids: [firstTokenId, secondTokenId], + values: [firstTokenValue, secondTokenValue], + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeBatchTransferFrom(this.args.from, this.args.to, this.args.ids, this.args.values, this.args.data); + }); + + batchTransferWasSuccessful(); + }); + + describe('when called by an operator on behalf of the holder', function () { + describe('when operator is not approved by holder', function () { + beforeEach(async function () { + await this.token.connect(this.holder).setApprovalForAll(this.proxy, false); + }); + + it('reverts', async function () { + await expect( + this.token + .connect(this.proxy) + .safeBatchTransferFrom( + this.holder, + this.recipient, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155MissingApprovalForAll') + .withArgs(this.proxy, this.holder); + }); + }); + + describe('when operator is approved by holder', function () { + beforeEach(async function () { + await this.token.connect(this.holder).setApprovalForAll(this.proxy, true); + + this.args = { + operator: this.proxy, + from: this.holder, + to: this.recipient, + ids: [firstTokenId, secondTokenId], + values: [firstTokenValue, secondTokenValue], + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeBatchTransferFrom(this.args.from, this.args.to, this.args.ids, this.args.values, this.args.data); + }); + + batchTransferWasSuccessful(); + + it("preserves operator's balances not involved in the transfer", async function () { + expect(await this.token.balanceOf(this.proxy, firstTokenId)).to.equal(0n); + expect(await this.token.balanceOf(this.proxy, secondTokenId)).to.equal(0n); + }); + }); + }); + + describe('when sending to a valid receiver', function () { + beforeEach(async function () { + this.receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.None, + ]); + }); + + describe('without data', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.receiver, + ids: [firstTokenId, secondTokenId], + values: [firstTokenValue, secondTokenValue], + data: '0x', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeBatchTransferFrom(this.args.from, this.args.to, this.args.ids, this.args.values, this.args.data); + }); + + batchTransferWasSuccessful(); + + it('calls onERC1155BatchReceived', async function () { + await expect(this.tx) + .to.emit(this.receiver, 'BatchReceived') + .withArgs(this.holder, this.holder, this.args.ids, this.args.values, this.args.data, anyValue); + }); + }); + + describe('with data', function () { + beforeEach(async function () { + this.args = { + operator: this.holder, + from: this.holder, + to: this.receiver, + ids: [firstTokenId, secondTokenId], + values: [firstTokenValue, secondTokenValue], + data: '0xf00dd00d', + }; + this.tx = await this.token + .connect(this.args.operator) + .safeBatchTransferFrom(this.args.from, this.args.to, this.args.ids, this.args.values, this.args.data); + }); + + batchTransferWasSuccessful(); + + it('calls onERC1155Received', async function () { + await expect(this.tx) + .to.emit(this.receiver, 'BatchReceived') + .withArgs(this.holder, this.holder, this.args.ids, this.args.values, this.args.data, anyValue); + }); + }); + }); + + describe('to a receiver contract returning unexpected value', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_SINGLE_MAGIC_VALUE, + RevertType.None, + ]); + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + receiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(receiver); + }); + }); + + describe('to a receiver contract that reverts', function () { + describe('with a revert string', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithMessage, + ]); + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + receiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.be.revertedWith('ERC1155ReceiverMock: reverting on batch receive'); + }); + }); + + describe('without a revert string', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithoutMessage, + ]); + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + receiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(receiver); + }); + }); + + describe('with a custom error', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.RevertWithCustomError, + ]); + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + receiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(receiver, 'CustomError') + .withArgs(RECEIVER_SINGLE_MAGIC_VALUE); + }); + }); + + describe('with a panic', function () { + it('reverts', async function () { + const receiver = await ethers.deployContract('$ERC1155ReceiverMock', [ + RECEIVER_SINGLE_MAGIC_VALUE, + RECEIVER_BATCH_MAGIC_VALUE, + RevertType.Panic, + ]); + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + receiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.be.revertedWithPanic(); + }); + }); + }); + + describe('to a contract that does not implement the required function', function () { + it('reverts', async function () { + const invalidReceiver = this.token; + + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom( + this.holder, + invalidReceiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(invalidReceiver); + }); + }); + }); + + shouldSupportInterfaces(['ERC1155', 'ERC1155MetadataURI']); + }); +} + +module.exports = { + shouldBehaveLikeERC1155, +}; diff --git a/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.test.js b/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.test.js new file mode 100644 index 00000000..8b0a672b --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/ERC1155.test.js @@ -0,0 +1,213 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { zip } = require('../../helpers/iterate'); +const { shouldBehaveLikeERC1155 } = require('./ERC1155.behavior'); + +const initialURI = 'https://token-cdn-domain/{id}.json'; + +async function fixture() { + const [operator, holder, ...otherAccounts] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC1155', [initialURI]); + return { token, operator, holder, otherAccounts }; +} + +describe('ERC1155', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeERC1155(); + + describe('internal functions', function () { + const tokenId = 1990n; + const mintValue = 9001n; + const burnValue = 3000n; + + const tokenBatchIds = [2000n, 2010n, 2020n]; + const mintValues = [5000n, 10000n, 42195n]; + const burnValues = [5000n, 9001n, 195n]; + + const data = '0x12345678'; + + describe('_mint', function () { + it('reverts with a zero destination address', async function () { + await expect(this.token.$_mint(ethers.ZeroAddress, tokenId, mintValue, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + describe('with minted tokens', function () { + beforeEach(async function () { + this.tx = await this.token.connect(this.operator).$_mint(this.holder, tokenId, mintValue, data); + }); + + it('emits a TransferSingle event', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferSingle') + .withArgs(this.operator, ethers.ZeroAddress, this.holder, tokenId, mintValue); + }); + + it('credits the minted token value', async function () { + expect(await this.token.balanceOf(this.holder, tokenId)).to.equal(mintValue); + }); + }); + }); + + describe('_mintBatch', function () { + it('reverts with a zero destination address', async function () { + await expect(this.token.$_mintBatch(ethers.ZeroAddress, tokenBatchIds, mintValues, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + it('reverts if length of inputs do not match', async function () { + await expect(this.token.$_mintBatch(this.holder, tokenBatchIds, mintValues.slice(1), data)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(tokenBatchIds.length, mintValues.length - 1); + + await expect(this.token.$_mintBatch(this.holder, tokenBatchIds.slice(1), mintValues, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(tokenBatchIds.length - 1, mintValues.length); + }); + + describe('with minted batch of tokens', function () { + beforeEach(async function () { + this.tx = await this.token.connect(this.operator).$_mintBatch(this.holder, tokenBatchIds, mintValues, data); + }); + + it('emits a TransferBatch event', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferBatch') + .withArgs(this.operator, ethers.ZeroAddress, this.holder, tokenBatchIds, mintValues); + }); + + it('credits the minted batch of tokens', async function () { + const holderBatchBalances = await this.token.balanceOfBatch( + tokenBatchIds.map(() => this.holder), + tokenBatchIds, + ); + + expect(holderBatchBalances).to.deep.equal(mintValues); + }); + }); + }); + + describe('_burn', function () { + it("reverts when burning the zero account's tokens", async function () { + await expect(this.token.$_burn(ethers.ZeroAddress, tokenId, mintValue)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + + it('reverts when burning a non-existent token id', async function () { + await expect(this.token.$_burn(this.holder, tokenId, mintValue)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InsufficientBalance') + .withArgs(this.holder, 0, mintValue, tokenId); + }); + + it('reverts when burning more than available tokens', async function () { + await this.token.connect(this.operator).$_mint(this.holder, tokenId, mintValue, data); + + await expect(this.token.$_burn(this.holder, tokenId, mintValue + 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InsufficientBalance') + .withArgs(this.holder, mintValue, mintValue + 1n, tokenId); + }); + + describe('with minted-then-burnt tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, tokenId, mintValue, data); + this.tx = await this.token.connect(this.operator).$_burn(this.holder, tokenId, burnValue); + }); + + it('emits a TransferSingle event', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferSingle') + .withArgs(this.operator, this.holder, ethers.ZeroAddress, tokenId, burnValue); + }); + + it('accounts for both minting and burning', async function () { + expect(await this.token.balanceOf(this.holder, tokenId)).to.equal(mintValue - burnValue); + }); + }); + }); + + describe('_burnBatch', function () { + it("reverts when burning the zero account's tokens", async function () { + await expect(this.token.$_burnBatch(ethers.ZeroAddress, tokenBatchIds, burnValues)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + + it('reverts if length of inputs do not match', async function () { + await expect(this.token.$_burnBatch(this.holder, tokenBatchIds, burnValues.slice(1))) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(tokenBatchIds.length, burnValues.length - 1); + + await expect(this.token.$_burnBatch(this.holder, tokenBatchIds.slice(1), burnValues)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InvalidArrayLength') + .withArgs(tokenBatchIds.length - 1, burnValues.length); + }); + + it('reverts when burning a non-existent token id', async function () { + await expect(this.token.$_burnBatch(this.holder, tokenBatchIds, burnValues)) + .to.be.revertedWithCustomError(this.token, 'ERC1155InsufficientBalance') + .withArgs(this.holder, 0, burnValues[0], tokenBatchIds[0]); + }); + + describe('with minted-then-burnt tokens', function () { + beforeEach(async function () { + await this.token.$_mintBatch(this.holder, tokenBatchIds, mintValues, data); + this.tx = await this.token.connect(this.operator).$_burnBatch(this.holder, tokenBatchIds, burnValues); + }); + + it('emits a TransferBatch event', async function () { + await expect(this.tx) + .to.emit(this.token, 'TransferBatch') + .withArgs(this.operator, this.holder, ethers.ZeroAddress, tokenBatchIds, burnValues); + }); + + it('accounts for both minting and burning', async function () { + const holderBatchBalances = await this.token.balanceOfBatch( + tokenBatchIds.map(() => this.holder), + tokenBatchIds, + ); + + expect(holderBatchBalances).to.deep.equal( + zip(mintValues, burnValues).map(([mintValue, burnValue]) => mintValue - burnValue), + ); + }); + }); + }); + }); + + describe('ERC1155MetadataURI', function () { + const firstTokenID = 42n; + const secondTokenID = 1337n; + + it('emits no URI event in constructor', async function () { + await expect(this.token.deploymentTransaction()).to.not.emit(this.token, 'URI'); + }); + + it('sets the initial URI for all token types', async function () { + expect(await this.token.uri(firstTokenID)).to.equal(initialURI); + expect(await this.token.uri(secondTokenID)).to.equal(initialURI); + }); + + describe('_setURI', function () { + const newURI = 'https://token-cdn-domain/{locale}/{id}.json'; + + it('emits no URI event', async function () { + await expect(this.token.$_setURI(newURI)).to.not.emit(this.token, 'URI'); + }); + + it('sets the new URI for all token types', async function () { + await this.token.$_setURI(newURI); + + expect(await this.token.uri(firstTokenID)).to.equal(newURI); + expect(await this.token.uri(secondTokenID)).to.equal(newURI); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Burnable.test.js b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Burnable.test.js new file mode 100644 index 00000000..01e7ee2e --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Burnable.test.js @@ -0,0 +1,66 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const ids = [42n, 1137n]; +const values = [3000n, 9902n]; + +async function fixture() { + const [holder, operator, other] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC1155Burnable', ['https://token-cdn-domain/{id}.json']); + await token.$_mint(holder, ids[0], values[0], '0x'); + await token.$_mint(holder, ids[1], values[1], '0x'); + + return { token, holder, operator, other }; +} + +describe('ERC1155Burnable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('burn', function () { + it('holder can burn their tokens', async function () { + await this.token.connect(this.holder).burn(this.holder, ids[0], values[0] - 1n); + + expect(await this.token.balanceOf(this.holder, ids[0])).to.equal(1n); + }); + + it("approved operators can burn the holder's tokens", async function () { + await this.token.connect(this.holder).setApprovalForAll(this.operator, true); + await this.token.connect(this.operator).burn(this.holder, ids[0], values[0] - 1n); + + expect(await this.token.balanceOf(this.holder, ids[0])).to.equal(1n); + }); + + it("unapproved accounts cannot burn the holder's tokens", async function () { + await expect(this.token.connect(this.other).burn(this.holder, ids[0], values[0] - 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC1155MissingApprovalForAll') + .withArgs(this.other, this.holder); + }); + }); + + describe('burnBatch', function () { + it('holder can burn their tokens', async function () { + await this.token.connect(this.holder).burnBatch(this.holder, ids, [values[0] - 1n, values[1] - 2n]); + + expect(await this.token.balanceOf(this.holder, ids[0])).to.equal(1n); + expect(await this.token.balanceOf(this.holder, ids[1])).to.equal(2n); + }); + + it("approved operators can burn the holder's tokens", async function () { + await this.token.connect(this.holder).setApprovalForAll(this.operator, true); + await this.token.connect(this.operator).burnBatch(this.holder, ids, [values[0] - 1n, values[1] - 2n]); + + expect(await this.token.balanceOf(this.holder, ids[0])).to.equal(1n); + expect(await this.token.balanceOf(this.holder, ids[1])).to.equal(2n); + }); + + it("unapproved accounts cannot burn the holder's tokens", async function () { + await expect(this.token.connect(this.other).burnBatch(this.holder, ids, [values[0] - 1n, values[1] - 2n])) + .to.be.revertedWithCustomError(this.token, 'ERC1155MissingApprovalForAll') + .withArgs(this.other, this.holder); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Pausable.test.js b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Pausable.test.js new file mode 100644 index 00000000..81c4f69b --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Pausable.test.js @@ -0,0 +1,105 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [holder, operator, receiver, other] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC1155Pausable', ['https://token-cdn-domain/{id}.json']); + return { token, holder, operator, receiver, other }; +} + +describe('ERC1155Pausable', function () { + const firstTokenId = 37n; + const firstTokenValue = 42n; + const secondTokenId = 19842n; + const secondTokenValue = 23n; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('when token is paused', function () { + beforeEach(async function () { + await this.token.connect(this.holder).setApprovalForAll(this.operator, true); + await this.token.$_mint(this.holder, firstTokenId, firstTokenValue, '0x'); + await this.token.$_pause(); + }); + + it('reverts when trying to safeTransferFrom from holder', async function () { + await expect( + this.token + .connect(this.holder) + .safeTransferFrom(this.holder, this.receiver, firstTokenId, firstTokenValue, '0x'), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to safeTransferFrom from operator', async function () { + await expect( + this.token + .connect(this.operator) + .safeTransferFrom(this.holder, this.receiver, firstTokenId, firstTokenValue, '0x'), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to safeBatchTransferFrom from holder', async function () { + await expect( + this.token + .connect(this.holder) + .safeBatchTransferFrom(this.holder, this.receiver, [firstTokenId], [firstTokenValue], '0x'), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to safeBatchTransferFrom from operator', async function () { + await expect( + this.token + .connect(this.operator) + .safeBatchTransferFrom(this.holder, this.receiver, [firstTokenId], [firstTokenValue], '0x'), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to mint', async function () { + await expect(this.token.$_mint(this.holder, secondTokenId, secondTokenValue, '0x')).to.be.revertedWithCustomError( + this.token, + 'EnforcedPause', + ); + }); + + it('reverts when trying to mintBatch', async function () { + await expect( + this.token.$_mintBatch(this.holder, [secondTokenId], [secondTokenValue], '0x'), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to burn', async function () { + await expect(this.token.$_burn(this.holder, firstTokenId, firstTokenValue)).to.be.revertedWithCustomError( + this.token, + 'EnforcedPause', + ); + }); + + it('reverts when trying to burnBatch', async function () { + await expect( + this.token.$_burnBatch(this.holder, [firstTokenId], [firstTokenValue]), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + describe('setApprovalForAll', function () { + it('approves an operator', async function () { + await this.token.connect(this.holder).setApprovalForAll(this.other, true); + expect(await this.token.isApprovedForAll(this.holder, this.other)).to.be.true; + }); + }); + + describe('balanceOf', function () { + it('returns the token value owned by the given address', async function () { + expect(await this.token.balanceOf(this.holder, firstTokenId)).to.equal(firstTokenValue); + }); + }); + + describe('isApprovedForAll', function () { + it('returns the approval of the operator', async function () { + expect(await this.token.isApprovedForAll(this.holder, this.operator)).to.be.true; + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Supply.test.js b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Supply.test.js new file mode 100644 index 00000000..cca36a0d --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155Supply.test.js @@ -0,0 +1,119 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [holder] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC1155Supply', ['https://token-cdn-domain/{id}.json']); + return { token, holder }; +} + +describe('ERC1155Supply', function () { + const firstTokenId = 37n; + const firstTokenValue = 42n; + const secondTokenId = 19842n; + const secondTokenValue = 23n; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('before mint', function () { + it('exist', async function () { + expect(await this.token.exists(firstTokenId)).to.be.false; + }); + + it('totalSupply', async function () { + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(0n); + expect(await this.token.totalSupply()).to.equal(0n); + }); + }); + + describe('after mint', function () { + describe('single', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, firstTokenId, firstTokenValue, '0x'); + }); + + it('exist', async function () { + expect(await this.token.exists(firstTokenId)).to.be.true; + }); + + it('totalSupply', async function () { + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(firstTokenValue); + expect(await this.token.totalSupply()).to.equal(firstTokenValue); + }); + }); + + describe('batch', function () { + beforeEach(async function () { + await this.token.$_mintBatch( + this.holder, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ); + }); + + it('exist', async function () { + expect(await this.token.exists(firstTokenId)).to.be.true; + expect(await this.token.exists(secondTokenId)).to.be.true; + }); + + it('totalSupply', async function () { + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(firstTokenValue); + expect(await this.token.totalSupply(ethers.Typed.uint256(secondTokenId))).to.equal(secondTokenValue); + expect(await this.token.totalSupply()).to.equal(firstTokenValue + secondTokenValue); + }); + }); + }); + + describe('after burn', function () { + describe('single', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, firstTokenId, firstTokenValue, '0x'); + await this.token.$_burn(this.holder, firstTokenId, firstTokenValue); + }); + + it('exist', async function () { + expect(await this.token.exists(firstTokenId)).to.be.false; + }); + + it('totalSupply', async function () { + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(0n); + expect(await this.token.totalSupply()).to.equal(0n); + }); + }); + + describe('batch', function () { + beforeEach(async function () { + await this.token.$_mintBatch( + this.holder, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ); + await this.token.$_burnBatch(this.holder, [firstTokenId, secondTokenId], [firstTokenValue, secondTokenValue]); + }); + + it('exist', async function () { + expect(await this.token.exists(firstTokenId)).to.be.false; + expect(await this.token.exists(secondTokenId)).to.be.false; + }); + + it('totalSupply', async function () { + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(0n); + expect(await this.token.totalSupply(ethers.Typed.uint256(secondTokenId))).to.equal(0n); + expect(await this.token.totalSupply()).to.equal(0n); + }); + }); + }); + + describe('other', function () { + it('supply unaffected by no-op', async function () { + await this.token.$_update(ethers.ZeroAddress, ethers.ZeroAddress, [firstTokenId], [firstTokenValue]); + expect(await this.token.totalSupply(ethers.Typed.uint256(firstTokenId))).to.equal(0n); + expect(await this.token.totalSupply()).to.equal(0n); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155URIStorage.test.js b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155URIStorage.test.js new file mode 100644 index 00000000..a0d9b570 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/extensions/ERC1155URIStorage.test.js @@ -0,0 +1,70 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const erc1155Uri = 'https://token.com/nfts/'; +const baseUri = 'https://token.com/'; +const tokenId = 1n; +const value = 3000n; + +describe('ERC1155URIStorage', function () { + describe('with base uri set', function () { + async function fixture() { + const [holder] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC1155URIStorage', [erc1155Uri]); + await token.$_setBaseURI(baseUri); + await token.$_mint(holder, tokenId, value, '0x'); + + return { token, holder }; + } + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('can request the token uri, returning the erc1155 uri if no token uri was set', async function () { + expect(await this.token.uri(tokenId)).to.equal(erc1155Uri); + }); + + it('can request the token uri, returning the concatenated uri if a token uri was set', async function () { + const tokenUri = '1234/'; + const expectedUri = `${baseUri}${tokenUri}`; + + await expect(this.token.$_setURI(ethers.Typed.uint256(tokenId), tokenUri)) + .to.emit(this.token, 'URI') + .withArgs(expectedUri, tokenId); + + expect(await this.token.uri(tokenId)).to.equal(expectedUri); + }); + }); + + describe('with base uri set to the empty string', function () { + async function fixture() { + const [holder] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC1155URIStorage', ['']); + await token.$_mint(holder, tokenId, value, '0x'); + + return { token, holder }; + } + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('can request the token uri, returning an empty string if no token uri was set', async function () { + expect(await this.token.uri(tokenId)).to.equal(''); + }); + + it('can request the token uri, returning the token uri if a token uri was set', async function () { + const tokenUri = 'ipfs://1234/'; + + await expect(this.token.$_setURI(ethers.Typed.uint256(tokenId), tokenUri)) + .to.emit(this.token, 'URI') + .withArgs(tokenUri, tokenId); + + expect(await this.token.uri(tokenId)).to.equal(tokenUri); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Holder.test.js b/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Holder.test.js new file mode 100644 index 00000000..9bff487a --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Holder.test.js @@ -0,0 +1,56 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldSupportInterfaces } = require('../../../utils/introspection/SupportsInterface.behavior'); + +const ids = [1n, 2n, 3n]; +const values = [1000n, 2000n, 3000n]; +const data = '0x12345678'; + +async function fixture() { + const [owner] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC1155', ['https://token-cdn-domain/{id}.json']); + const mock = await ethers.deployContract('$ERC1155Holder'); + + await token.$_mintBatch(owner, ids, values, '0x'); + + return { owner, token, mock }; +} + +describe('ERC1155Holder', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldSupportInterfaces(['ERC1155Receiver']); + + it('receives ERC1155 tokens from a single ID', async function () { + await this.token.connect(this.owner).safeTransferFrom(this.owner, this.mock, ids[0], values[0], data); + + expect(await this.token.balanceOf(this.mock, ids[0])).to.equal(values[0]); + + for (let i = 1; i < ids.length; i++) { + expect(await this.token.balanceOf(this.mock, ids[i])).to.equal(0n); + } + }); + + it('receives ERC1155 tokens from a multiple IDs', async function () { + expect( + await this.token.balanceOfBatch( + ids.map(() => this.mock), + ids, + ), + ).to.deep.equal(ids.map(() => 0n)); + + await this.token.connect(this.owner).safeBatchTransferFrom(this.owner, this.mock, ids, values, data); + + expect( + await this.token.balanceOfBatch( + ids.map(() => this.mock), + ids, + ), + ).to.deep.equal(values); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Utils.test.js b/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Utils.test.js new file mode 100644 index 00000000..5687568d --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC1155/utils/ERC1155Utils.test.js @@ -0,0 +1,299 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { RevertType } = require('../../../helpers/enums'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const firstTokenId = 1n; +const secondTokenId = 2n; +const firstTokenValue = 1000n; +const secondTokenValue = 1000n; + +const RECEIVER_SINGLE_MAGIC_VALUE = '0xf23a6e61'; +const RECEIVER_BATCH_MAGIC_VALUE = '0xbc197c81'; + +const deployReceiver = ( + revertType, + returnValueSingle = RECEIVER_SINGLE_MAGIC_VALUE, + returnValueBatched = RECEIVER_BATCH_MAGIC_VALUE, +) => ethers.deployContract('$ERC1155ReceiverMock', [returnValueSingle, returnValueBatched, revertType]); + +const fixture = async () => { + const [eoa, operator, owner] = await ethers.getSigners(); + const utils = await ethers.deployContract('$ERC1155Utils'); + + const receivers = { + correct: await deployReceiver(RevertType.None), + invalid: await deployReceiver(RevertType.None, '0xdeadbeef', '0xdeadbeef'), + message: await deployReceiver(RevertType.RevertWithMessage), + empty: await deployReceiver(RevertType.RevertWithoutMessage), + customError: await deployReceiver(RevertType.RevertWithCustomError), + panic: await deployReceiver(RevertType.Panic), + nonReceiver: await ethers.deployContract('CallReceiverMock'), + eoa, + }; + + return { operator, owner, utils, receivers }; +}; + +describe('ERC1155Utils', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('onERC1155Received', function () { + it('succeeds when called by an EOA', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.eoa, + firstTokenId, + firstTokenValue, + '0x', + ), + ).to.not.be.reverted; + }); + + it('succeeds when data is passed', async function () { + const data = '0x12345678'; + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.correct, + firstTokenId, + firstTokenValue, + data, + ), + ).to.not.be.reverted; + }); + + it('succeeds when data is empty', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.correct, + firstTokenId, + firstTokenValue, + '0x', + ), + ).to.not.be.reverted; + }); + + it('reverts when receiver returns invalid value', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.invalid, + firstTokenId, + firstTokenValue, + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.invalid); + }); + + it('reverts when receiver reverts with message', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.message, + firstTokenId, + firstTokenValue, + '0x', + ), + ).to.be.revertedWith('ERC1155ReceiverMock: reverting on receive'); + }); + + it('reverts when receiver reverts without message', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.empty, + firstTokenId, + firstTokenValue, + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.empty); + }); + + it('reverts when receiver reverts with custom error', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.customError, + firstTokenId, + firstTokenValue, + '0x', + ), + ) + .to.be.revertedWithCustomError(this.receivers.customError, 'CustomError') + .withArgs(RECEIVER_SINGLE_MAGIC_VALUE); + }); + + it('reverts when receiver panics', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.panic, + firstTokenId, + firstTokenValue, + '0x', + ), + ).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + + it('reverts when receiver does not implement onERC1155Received', async function () { + await expect( + this.utils.$checkOnERC1155Received( + this.operator, + this.owner, + this.receivers.nonReceiver, + firstTokenId, + firstTokenValue, + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.nonReceiver); + }); + }); + + describe('onERC1155BatchReceived', function () { + it('succeeds when called by an EOA', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.eoa, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.not.be.reverted; + }); + + it('succeeds when data is passed', async function () { + const data = '0x12345678'; + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.correct, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + data, + ), + ).to.not.be.reverted; + }); + + it('succeeds when data is empty', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.correct, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.not.be.reverted; + }); + + it('reverts when receiver returns invalid value', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.invalid, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.invalid); + }); + + it('reverts when receiver reverts with message', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.message, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.be.revertedWith('ERC1155ReceiverMock: reverting on batch receive'); + }); + + it('reverts when receiver reverts without message', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.empty, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.empty); + }); + + it('reverts when receiver reverts with custom error', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.customError, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.receivers.customError, 'CustomError') + .withArgs(RECEIVER_SINGLE_MAGIC_VALUE); + }); + + it('reverts when receiver panics', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.panic, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + + it('reverts when receiver does not implement onERC1155BatchReceived', async function () { + await expect( + this.utils.$checkOnERC1155BatchReceived( + this.operator, + this.owner, + this.receivers.nonReceiver, + [firstTokenId, secondTokenId], + [firstTokenValue, secondTokenValue], + '0x', + ), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC1155InvalidReceiver') + .withArgs(this.receivers.nonReceiver); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/ERC20.behavior.js b/dependencies/@openzeppelin/test/token/ERC20/ERC20.behavior.js new file mode 100644 index 00000000..748df4b8 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/ERC20.behavior.js @@ -0,0 +1,269 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +function shouldBehaveLikeERC20(initialSupply, opts = {}) { + const { forcedApproval } = opts; + + beforeEach(async function () { + [this.holder, this.recipient, this.other] = this.accounts; + }); + + it('total supply: returns the total token value', async function () { + expect(await this.token.totalSupply()).to.equal(initialSupply); + }); + + describe('balanceOf', function () { + it('returns zero when the requested account has no tokens', async function () { + expect(await this.token.balanceOf(this.other)).to.equal(0n); + }); + + it('returns the total token value when the requested account has some tokens', async function () { + expect(await this.token.balanceOf(this.holder)).to.equal(initialSupply); + }); + }); + + describe('transfer', function () { + beforeEach(function () { + this.transfer = (from, to, value) => this.token.connect(from).transfer(to, value); + }); + + shouldBehaveLikeERC20Transfer(initialSupply); + }); + + describe('transfer from', function () { + describe('when the token owner is not the zero address', function () { + describe('when the recipient is not the zero address', function () { + describe('when the spender has enough allowance', function () { + beforeEach(async function () { + await this.token.connect(this.holder).approve(this.recipient, initialSupply); + }); + + describe('when the token owner has enough balance', function () { + const value = initialSupply; + + beforeEach(async function () { + this.tx = await this.token.connect(this.recipient).transferFrom(this.holder, this.other, value); + }); + + it('transfers the requested value', async function () { + await expect(this.tx).to.changeTokenBalances(this.token, [this.holder, this.other], [-value, value]); + }); + + it('decreases the spender allowance', async function () { + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(0n); + }); + + it('emits a transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.holder, this.other, value); + }); + + if (forcedApproval) { + it('emits an approval event', async function () { + await expect(this.tx) + .to.emit(this.token, 'Approval') + .withArgs( + this.holder.address, + this.recipient.address, + await this.token.allowance(this.holder, this.recipient), + ); + }); + } else { + it('does not emit an approval event', async function () { + await expect(this.tx).to.not.emit(this.token, 'Approval'); + }); + } + }); + + it('reverts when the token owner does not have enough balance', async function () { + const value = initialSupply; + await this.token.connect(this.holder).transfer(this.other, 1n); + await expect(this.token.connect(this.recipient).transferFrom(this.holder, this.other, value)) + .to.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.holder, value - 1n, value); + }); + }); + + describe('when the spender does not have enough allowance', function () { + const allowance = initialSupply - 1n; + + beforeEach(async function () { + await this.token.connect(this.holder).approve(this.recipient, allowance); + }); + + it('reverts when the token owner has enough balance', async function () { + const value = initialSupply; + await expect(this.token.connect(this.recipient).transferFrom(this.holder, this.other, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientAllowance') + .withArgs(this.recipient, allowance, value); + }); + + it('reverts when the token owner does not have enough balance', async function () { + const value = allowance; + await this.token.connect(this.holder).transfer(this.other, 2); + await expect(this.token.connect(this.recipient).transferFrom(this.holder, this.other, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.holder, value - 1n, value); + }); + }); + + describe('when the spender has unlimited allowance', function () { + beforeEach(async function () { + await this.token.connect(this.holder).approve(this.recipient, ethers.MaxUint256); + this.tx = await this.token.connect(this.recipient).transferFrom(this.holder, this.other, 1n); + }); + + it('does not decrease the spender allowance', async function () { + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(ethers.MaxUint256); + }); + + it('does not emit an approval event', async function () { + await expect(this.tx).to.not.emit(this.token, 'Approval'); + }); + }); + }); + + it('reverts when the recipient is the zero address', async function () { + const value = initialSupply; + await this.token.connect(this.holder).approve(this.recipient, value); + await expect(this.token.connect(this.recipient).transferFrom(this.holder, ethers.ZeroAddress, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + }); + + it('reverts when the token owner is the zero address', async function () { + // transferFrom does a spendAllowance before moving the assets + // - default behavior (ERC20) is to always update the approval using `_approve`. This will fail because the + // approver (owner) is address(0). This happens even if the amount transferred is zero, and the approval update + // is not actually necessary. + // - in ERC20TemporaryAllowance, transfer of 0 value will not update allowance (temporary or persistent) + // therefore the spendAllowance does not revert. However, the transfer of asset will revert because the sender + // is address(0) + const errorName = this.token.temporaryApprove ? 'ERC20InvalidSender' : 'ERC20InvalidApprover'; + + const value = 0n; + await expect(this.token.connect(this.recipient).transferFrom(ethers.ZeroAddress, this.recipient, value)) + .to.be.revertedWithCustomError(this.token, errorName) + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('approve', function () { + beforeEach(function () { + this.approve = (owner, spender, value) => this.token.connect(owner).approve(spender, value); + }); + + shouldBehaveLikeERC20Approve(initialSupply); + }); +} + +function shouldBehaveLikeERC20Transfer(balance) { + describe('when the recipient is not the zero address', function () { + it('reverts when the sender does not have enough balance', async function () { + const value = balance + 1n; + await expect(this.transfer(this.holder, this.recipient, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.holder, balance, value); + }); + + describe('when the sender transfers all balance', function () { + const value = balance; + + beforeEach(async function () { + this.tx = await this.transfer(this.holder, this.recipient, value); + }); + + it('transfers the requested value', async function () { + await expect(this.tx).to.changeTokenBalances(this.token, [this.holder, this.recipient], [-value, value]); + }); + + it('emits a transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.holder, this.recipient, value); + }); + }); + + describe('when the sender transfers zero tokens', function () { + const value = 0n; + + beforeEach(async function () { + this.tx = await this.transfer(this.holder, this.recipient, value); + }); + + it('transfers the requested value', async function () { + await expect(this.tx).to.changeTokenBalances(this.token, [this.holder, this.recipient], [0n, 0n]); + }); + + it('emits a transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.holder, this.recipient, value); + }); + }); + }); + + it('reverts when the recipient is the zero address', async function () { + await expect(this.transfer(this.holder, ethers.ZeroAddress, balance)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); +} + +function shouldBehaveLikeERC20Approve(supply) { + describe('when the spender is not the zero address', function () { + describe('when the sender has enough balance', function () { + const value = supply; + + it('emits an approval event', async function () { + await expect(this.approve(this.holder, this.recipient, value)) + .to.emit(this.token, 'Approval') + .withArgs(this.holder, this.recipient, value); + }); + + it('approves the requested value when there was no approved value before', async function () { + await this.approve(this.holder, this.recipient, value); + + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(value); + }); + + it('approves the requested value and replaces the previous one when the spender had an approved value', async function () { + await this.approve(this.holder, this.recipient, 1n); + await this.approve(this.holder, this.recipient, value); + + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(value); + }); + }); + + describe('when the sender does not have enough balance', function () { + const value = supply + 1n; + + it('emits an approval event', async function () { + await expect(this.approve(this.holder, this.recipient, value)) + .to.emit(this.token, 'Approval') + .withArgs(this.holder, this.recipient, value); + }); + + it('approves the requested value when there was no approved value before', async function () { + await this.approve(this.holder, this.recipient, value); + + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(value); + }); + + it('approves the requested value and replaces the previous one when the spender had an approved value', async function () { + await this.approve(this.holder, this.recipient, 1n); + await this.approve(this.holder, this.recipient, value); + + expect(await this.token.allowance(this.holder, this.recipient)).to.equal(value); + }); + }); + }); + + it('reverts when the spender is the zero address', async function () { + await expect(this.approve(this.holder, ethers.ZeroAddress, supply)) + .to.be.revertedWithCustomError(this.token, `ERC20InvalidSpender`) + .withArgs(ethers.ZeroAddress); + }); +} + +module.exports = { + shouldBehaveLikeERC20, + shouldBehaveLikeERC20Transfer, + shouldBehaveLikeERC20Approve, +}; diff --git a/dependencies/@openzeppelin/test/token/ERC20/ERC20.test.js b/dependencies/@openzeppelin/test/token/ERC20/ERC20.test.js new file mode 100644 index 00000000..2d9eefe1 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/ERC20.test.js @@ -0,0 +1,199 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { + shouldBehaveLikeERC20, + shouldBehaveLikeERC20Transfer, + shouldBehaveLikeERC20Approve, +} = require('./ERC20.behavior'); + +const TOKENS = [{ Token: '$ERC20' }, { Token: '$ERC20ApprovalMock', forcedApproval: true }]; + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialSupply = 100n; + +describe('ERC20', function () { + for (const { Token, forcedApproval } of TOKENS) { + describe(Token, function () { + const fixture = async () => { + // this.accounts is used by shouldBehaveLikeERC20 + const accounts = await ethers.getSigners(); + const [holder, recipient] = accounts; + + const token = await ethers.deployContract(Token, [name, symbol]); + await token.$_mint(holder, initialSupply); + + return { accounts, holder, recipient, token }; + }; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeERC20(initialSupply, { forcedApproval }); + + it('has a name', async function () { + expect(await this.token.name()).to.equal(name); + }); + + it('has a symbol', async function () { + expect(await this.token.symbol()).to.equal(symbol); + }); + + it('has 18 decimals', async function () { + expect(await this.token.decimals()).to.equal(18n); + }); + + describe('_mint', function () { + const value = 50n; + it('rejects a null account', async function () { + await expect(this.token.$_mint(ethers.ZeroAddress, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + it('rejects overflow', async function () { + await expect(this.token.$_mint(this.recipient, ethers.MaxUint256)).to.be.revertedWithPanic( + PANIC_CODES.ARITHMETIC_UNDER_OR_OVERFLOW, + ); + }); + + describe('for a non zero account', function () { + beforeEach('minting', async function () { + this.tx = await this.token.$_mint(this.recipient, value); + }); + + it('increments totalSupply', async function () { + await expect(await this.token.totalSupply()).to.equal(initialSupply + value); + }); + + it('increments recipient balance', async function () { + await expect(this.tx).to.changeTokenBalance(this.token, this.recipient, value); + }); + + it('emits Transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, this.recipient, value); + }); + }); + }); + + describe('_burn', function () { + it('rejects a null account', async function () { + await expect(this.token.$_burn(ethers.ZeroAddress, 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + + describe('for a non zero account', function () { + it('rejects burning more than balance', async function () { + await expect(this.token.$_burn(this.holder, initialSupply + 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.holder, initialSupply, initialSupply + 1n); + }); + + const describeBurn = function (description, value) { + describe(description, function () { + beforeEach('burning', async function () { + this.tx = await this.token.$_burn(this.holder, value); + }); + + it('decrements totalSupply', async function () { + expect(await this.token.totalSupply()).to.equal(initialSupply - value); + }); + + it('decrements holder balance', async function () { + await expect(this.tx).to.changeTokenBalance(this.token, this.holder, -value); + }); + + it('emits Transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.holder, ethers.ZeroAddress, value); + }); + }); + }; + + describeBurn('for entire balance', initialSupply); + describeBurn('for less value than balance', initialSupply - 1n); + }); + }); + + describe('_update', function () { + const value = 1n; + + beforeEach(async function () { + this.totalSupply = await this.token.totalSupply(); + }); + + it('from is the zero address', async function () { + const tx = await this.token.$_update(ethers.ZeroAddress, this.holder, value); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, this.holder, value); + + expect(await this.token.totalSupply()).to.equal(this.totalSupply + value); + await expect(tx).to.changeTokenBalance(this.token, this.holder, value); + }); + + it('to is the zero address', async function () { + const tx = await this.token.$_update(this.holder, ethers.ZeroAddress, value); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(this.holder, ethers.ZeroAddress, value); + + expect(await this.token.totalSupply()).to.equal(this.totalSupply - value); + await expect(tx).to.changeTokenBalance(this.token, this.holder, -value); + }); + + describe('from and to are the same address', function () { + it('zero address', async function () { + const tx = await this.token.$_update(ethers.ZeroAddress, ethers.ZeroAddress, value); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, ethers.ZeroAddress, value); + + expect(await this.token.totalSupply()).to.equal(this.totalSupply); + await expect(tx).to.changeTokenBalance(this.token, ethers.ZeroAddress, 0n); + }); + + describe('non zero address', function () { + it('reverts without balance', async function () { + await expect(this.token.$_update(this.recipient, this.recipient, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.recipient, 0n, value); + }); + + it('executes with balance', async function () { + const tx = await this.token.$_update(this.holder, this.holder, value); + await expect(tx).to.changeTokenBalance(this.token, this.holder, 0n); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(this.holder, this.holder, value); + }); + }); + }); + }); + + describe('_transfer', function () { + beforeEach(function () { + this.transfer = this.token.$_transfer; + }); + + shouldBehaveLikeERC20Transfer(initialSupply); + + it('reverts when the sender is the zero address', async function () { + await expect(this.token.$_transfer(ethers.ZeroAddress, this.recipient, initialSupply)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('_approve', function () { + beforeEach(function () { + this.approve = this.token.$_approve; + }); + + shouldBehaveLikeERC20Approve(initialSupply); + + it('reverts when the owner is the zero address', async function () { + await expect(this.token.$_approve(ethers.ZeroAddress, this.recipient, initialSupply)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidApprover') + .withArgs(ethers.ZeroAddress); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC1363.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC1363.test.js new file mode 100644 index 00000000..3d1f4e58 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC1363.test.js @@ -0,0 +1,370 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { + shouldBehaveLikeERC20, + shouldBehaveLikeERC20Transfer, + shouldBehaveLikeERC20Approve, +} = require('../ERC20.behavior.js'); +const { shouldSupportInterfaces } = require('../../../utils/introspection/SupportsInterface.behavior'); +const { RevertType } = require('../../../helpers/enums.js'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const value = 1000n; +const data = '0x123456'; + +async function fixture() { + // this.accounts is used by shouldBehaveLikeERC20 + const accounts = await ethers.getSigners(); + const [holder, other] = accounts; + + const receiver = await ethers.deployContract('ERC1363ReceiverMock'); + const spender = await ethers.deployContract('ERC1363SpenderMock'); + const token = await ethers.deployContract('$ERC1363', [name, symbol]); + + await token.$_mint(holder, value); + + return { + accounts, + holder, + other, + token, + receiver, + spender, + selectors: { + onTransferReceived: receiver.interface.getFunction('onTransferReceived(address,address,uint256,bytes)').selector, + onApprovalReceived: spender.interface.getFunction('onApprovalReceived(address,uint256,bytes)').selector, + }, + }; +} + +describe('ERC1363', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldSupportInterfaces(['ERC165', 'ERC1363']); + shouldBehaveLikeERC20(value); + + describe('transferAndCall', function () { + describe('as a transfer', function () { + beforeEach(async function () { + this.recipient = this.receiver; + this.transfer = (holder, ...rest) => + this.token.connect(holder).getFunction('transferAndCall(address,uint256)')(...rest); + }); + + shouldBehaveLikeERC20Transfer(value); + }); + + it('reverts transferring to an EOA', async function () { + await expect(this.token.connect(this.holder).getFunction('transferAndCall(address,uint256)')(this.other, value)) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.other.address); + }); + + it('succeeds without data', async function () { + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256)')(this.receiver, value), + ) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder.address, this.receiver.target, value) + .to.emit(this.receiver, 'Received') + .withArgs(this.holder.address, this.holder.address, value, '0x'); + }); + + it('succeeds with data', async function () { + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder.address, this.receiver.target, value) + .to.emit(this.receiver, 'Received') + .withArgs(this.holder.address, this.holder.address, value, data); + }); + + it('reverts with reverting hook (without reason)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.RevertWithoutMessage); + + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.receiver.target); + }); + + it('reverts with reverting hook (with reason)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.RevertWithMessage); + + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ).to.be.revertedWith('ERC1363ReceiverMock: reverting'); + }); + + it('reverts with reverting hook (with custom error)', async function () { + const reason = '0x12345678'; + await this.receiver.setUp(reason, RevertType.RevertWithCustomError); + + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.receiver, 'CustomError') + .withArgs(reason); + }); + + it('panics with reverting hook (with panic)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.Panic); + + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ).to.be.revertedWithPanic(); + }); + + it('reverts with bad return value', async function () { + await this.receiver.setUp('0x12345678', RevertType.None); + + await expect( + this.token.connect(this.holder).getFunction('transferAndCall(address,uint256,bytes)')( + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.receiver.target); + }); + }); + + describe('transferFromAndCall', function () { + beforeEach(async function () { + await this.token.connect(this.holder).approve(this.other, ethers.MaxUint256); + }); + + describe('as a transfer', function () { + beforeEach(async function () { + this.recipient = this.receiver; + this.transfer = this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256)'); + }); + + shouldBehaveLikeERC20Transfer(value); + }); + + it('reverts transferring to an EOA', async function () { + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256)')( + this.holder, + this.other, + value, + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.other.address); + }); + + it('succeeds without data', async function () { + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256)')( + this.holder, + this.receiver, + value, + ), + ) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder.address, this.receiver.target, value) + .to.emit(this.receiver, 'Received') + .withArgs(this.other.address, this.holder.address, value, '0x'); + }); + + it('succeeds with data', async function () { + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder.address, this.receiver.target, value) + .to.emit(this.receiver, 'Received') + .withArgs(this.other.address, this.holder.address, value, data); + }); + + it('reverts with reverting hook (without reason)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.RevertWithoutMessage); + + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.receiver.target); + }); + + it('reverts with reverting hook (with reason)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.RevertWithMessage); + + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ).to.be.revertedWith('ERC1363ReceiverMock: reverting'); + }); + + it('reverts with reverting hook (with custom error)', async function () { + const reason = '0x12345678'; + await this.receiver.setUp(reason, RevertType.RevertWithCustomError); + + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.receiver, 'CustomError') + .withArgs(reason); + }); + + it('panics with reverting hook (with panic)', async function () { + await this.receiver.setUp(this.selectors.onTransferReceived, RevertType.Panic); + + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ).to.be.revertedWithPanic(); + }); + + it('reverts with bad return value', async function () { + await this.receiver.setUp('0x12345678', RevertType.None); + + await expect( + this.token.connect(this.other).getFunction('transferFromAndCall(address,address,uint256,bytes)')( + this.holder, + this.receiver, + value, + data, + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.receiver.target); + }); + }); + + describe('approveAndCall', function () { + describe('as an approval', function () { + beforeEach(async function () { + this.recipient = this.spender; + this.approve = (holder, ...rest) => + this.token.connect(holder).getFunction('approveAndCall(address,uint256)')(...rest); + }); + + shouldBehaveLikeERC20Approve(value); + }); + + it('reverts approving an EOA', async function () { + await expect(this.token.connect(this.holder).getFunction('approveAndCall(address,uint256)')(this.other, value)) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidSpender') + .withArgs(this.other.address); + }); + + it('succeeds without data', async function () { + await expect(this.token.connect(this.holder).getFunction('approveAndCall(address,uint256)')(this.spender, value)) + .to.emit(this.token, 'Approval') + .withArgs(this.holder.address, this.spender.target, value) + .to.emit(this.spender, 'Approved') + .withArgs(this.holder.address, value, '0x'); + }); + + it('succeeds with data', async function () { + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ) + .to.emit(this.token, 'Approval') + .withArgs(this.holder.address, this.spender.target, value) + .to.emit(this.spender, 'Approved') + .withArgs(this.holder.address, value, data); + }); + + it('with reverting hook (without reason)', async function () { + await this.spender.setUp(this.selectors.onApprovalReceived, RevertType.RevertWithoutMessage); + + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidSpender') + .withArgs(this.spender.target); + }); + + it('reverts with reverting hook (with reason)', async function () { + await this.spender.setUp(this.selectors.onApprovalReceived, RevertType.RevertWithMessage); + + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ).to.be.revertedWith('ERC1363SpenderMock: reverting'); + }); + + it('reverts with reverting hook (with custom error)', async function () { + const reason = '0x12345678'; + await this.spender.setUp(reason, RevertType.RevertWithCustomError); + + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ) + .to.be.revertedWithCustomError(this.spender, 'CustomError') + .withArgs(reason); + }); + + it('panics with reverting hook (with panic)', async function () { + await this.spender.setUp(this.selectors.onApprovalReceived, RevertType.Panic); + + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ).to.be.revertedWithPanic(); + }); + + it('reverts with bad return value', async function () { + await this.spender.setUp('0x12345678', RevertType.None); + + await expect( + this.token.connect(this.holder).getFunction('approveAndCall(address,uint256,bytes)')(this.spender, value, data), + ) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidSpender') + .withArgs(this.spender.target); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Burnable.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Burnable.test.js new file mode 100644 index 00000000..dc40c791 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Burnable.test.js @@ -0,0 +1,105 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialBalance = 1000n; + +async function fixture() { + const [owner, burner] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC20Burnable', [name, symbol], owner); + await token.$_mint(owner, initialBalance); + + return { owner, burner, token, initialBalance }; +} + +describe('ERC20Burnable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('burn', function () { + it('reverts if not enough balance', async function () { + const value = this.initialBalance + 1n; + + await expect(this.token.connect(this.owner).burn(value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.owner, this.initialBalance, value); + }); + + describe('on success', function () { + for (const { title, value } of [ + { title: 'for a zero value', value: 0n }, + { title: 'for a non-zero value', value: 100n }, + ]) { + describe(title, function () { + beforeEach(async function () { + this.tx = await this.token.connect(this.owner).burn(value); + }); + + it('burns the requested value', async function () { + await expect(this.tx).to.changeTokenBalance(this.token, this.owner, -value); + }); + + it('emits a transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.owner, ethers.ZeroAddress, value); + }); + }); + } + }); + }); + + describe('burnFrom', function () { + describe('reverts', function () { + it('if not enough balance', async function () { + const value = this.initialBalance + 1n; + + await this.token.connect(this.owner).approve(this.burner, value); + + await expect(this.token.connect(this.burner).burnFrom(this.owner, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.owner, this.initialBalance, value); + }); + + it('if not enough allowance', async function () { + const allowance = 100n; + + await this.token.connect(this.owner).approve(this.burner, allowance); + + await expect(this.token.connect(this.burner).burnFrom(this.owner, allowance + 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientAllowance') + .withArgs(this.burner, allowance, allowance + 1n); + }); + }); + + describe('on success', function () { + for (const { title, value } of [ + { title: 'for a zero value', value: 0n }, + { title: 'for a non-zero value', value: 100n }, + ]) { + describe(title, function () { + const originalAllowance = value * 3n; + + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.burner, originalAllowance); + this.tx = await this.token.connect(this.burner).burnFrom(this.owner, value); + }); + + it('burns the requested value', async function () { + await expect(this.tx).to.changeTokenBalance(this.token, this.owner, -value); + }); + + it('decrements allowance', async function () { + expect(await this.token.allowance(this.owner, this.burner)).to.equal(originalAllowance - value); + }); + + it('emits a transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.owner, ethers.ZeroAddress, value); + }); + }); + } + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Capped.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Capped.test.js new file mode 100644 index 00000000..a32ec43a --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Capped.test.js @@ -0,0 +1,55 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const cap = 1000n; + +async function fixture() { + const [user] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC20Capped', [name, symbol, cap]); + + return { user, token, cap }; +} + +describe('ERC20Capped', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('requires a non-zero cap', async function () { + const ERC20Capped = await ethers.getContractFactory('$ERC20Capped'); + + await expect(ERC20Capped.deploy(name, symbol, 0)) + .to.be.revertedWithCustomError(ERC20Capped, 'ERC20InvalidCap') + .withArgs(0); + }); + + describe('capped token', function () { + it('starts with the correct cap', async function () { + expect(await this.token.cap()).to.equal(this.cap); + }); + + it('mints when value is less than cap', async function () { + const value = this.cap - 1n; + await this.token.$_mint(this.user, value); + expect(await this.token.totalSupply()).to.equal(value); + }); + + it('fails to mint if the value exceeds the cap', async function () { + await this.token.$_mint(this.user, this.cap - 1n); + await expect(this.token.$_mint(this.user, 2)) + .to.be.revertedWithCustomError(this.token, 'ERC20ExceededCap') + .withArgs(this.cap + 1n, this.cap); + }); + + it('fails to mint after cap is reached', async function () { + await this.token.$_mint(this.user, this.cap); + await expect(this.token.$_mint(this.user, 1)) + .to.be.revertedWithCustomError(this.token, 'ERC20ExceededCap') + .withArgs(this.cap + 1n, this.cap); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20FlashMint.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20FlashMint.test.js new file mode 100644 index 00000000..1c751f74 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20FlashMint.test.js @@ -0,0 +1,164 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialSupply = 100n; +const loanValue = 10_000_000_000_000n; + +async function fixture() { + const [holder, other] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC20FlashMintMock', [name, symbol]); + await token.$_mint(holder, initialSupply); + + return { holder, other, token }; +} + +describe('ERC20FlashMint', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('maxFlashLoan', function () { + it('token match', async function () { + expect(await this.token.maxFlashLoan(this.token)).to.equal(ethers.MaxUint256 - initialSupply); + }); + + it('token mismatch', async function () { + expect(await this.token.maxFlashLoan(ethers.ZeroAddress)).to.equal(0n); + }); + }); + + describe('flashFee', function () { + it('token match', async function () { + expect(await this.token.flashFee(this.token, loanValue)).to.equal(0n); + }); + + it('token mismatch', async function () { + await expect(this.token.flashFee(ethers.ZeroAddress, loanValue)) + .to.be.revertedWithCustomError(this.token, 'ERC3156UnsupportedToken') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('flashFeeReceiver', function () { + it('default receiver', async function () { + expect(await this.token.$_flashFeeReceiver()).to.equal(ethers.ZeroAddress); + }); + }); + + describe('flashLoan', function () { + it('success', async function () { + const receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [true, true]); + + const tx = await this.token.flashLoan(receiver, this.token, loanValue, '0x'); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, receiver, loanValue) + .to.emit(this.token, 'Transfer') + .withArgs(receiver, ethers.ZeroAddress, loanValue) + .to.emit(receiver, 'BalanceOf') + .withArgs(this.token, receiver, loanValue) + .to.emit(receiver, 'TotalSupply') + .withArgs(this.token, initialSupply + loanValue); + await expect(tx).to.changeTokenBalance(this.token, receiver, 0); + + expect(await this.token.totalSupply()).to.equal(initialSupply); + expect(await this.token.allowance(receiver, this.token)).to.equal(0n); + }); + + it('missing return value', async function () { + const receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [false, true]); + await expect(this.token.flashLoan(receiver, this.token, loanValue, '0x')) + .to.be.revertedWithCustomError(this.token, 'ERC3156InvalidReceiver') + .withArgs(receiver); + }); + + it('missing approval', async function () { + const receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [true, false]); + await expect(this.token.flashLoan(receiver, this.token, loanValue, '0x')) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientAllowance') + .withArgs(this.token, 0, loanValue); + }); + + it('unavailable funds', async function () { + const receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [true, true]); + const data = this.token.interface.encodeFunctionData('transfer', [this.other.address, 10]); + await expect(this.token.flashLoan(receiver, this.token, loanValue, data)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(receiver, loanValue - 10n, loanValue); + }); + + it('more than maxFlashLoan', async function () { + const receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [true, true]); + const data = this.token.interface.encodeFunctionData('transfer', [this.other.address, 10]); + await expect(this.token.flashLoan(receiver, this.token, ethers.MaxUint256, data)) + .to.be.revertedWithCustomError(this.token, 'ERC3156ExceededMaxLoan') + .withArgs(ethers.MaxUint256 - initialSupply); + }); + + describe('custom flash fee & custom fee receiver', function () { + const receiverInitialBalance = 200_000n; + const flashFee = 5_000n; + + beforeEach('init receiver balance & set flash fee', async function () { + this.receiver = await ethers.deployContract('ERC3156FlashBorrowerMock', [true, true]); + + const tx = await this.token.$_mint(this.receiver, receiverInitialBalance); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.receiver, receiverInitialBalance); + await expect(tx).to.changeTokenBalance(this.token, this.receiver, receiverInitialBalance); + + await this.token.setFlashFee(flashFee); + expect(await this.token.flashFee(this.token, loanValue)).to.equal(flashFee); + }); + + it('default flash fee receiver', async function () { + const tx = await this.token.flashLoan(this.receiver, this.token, loanValue, '0x'); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.receiver, loanValue) + .to.emit(this.token, 'Transfer') + .withArgs(this.receiver, ethers.ZeroAddress, loanValue + flashFee) + .to.emit(this.receiver, 'BalanceOf') + .withArgs(this.token, this.receiver, receiverInitialBalance + loanValue) + .to.emit(this.receiver, 'TotalSupply') + .withArgs(this.token, initialSupply + receiverInitialBalance + loanValue); + await expect(tx).to.changeTokenBalances(this.token, [this.receiver, ethers.ZeroAddress], [-flashFee, 0]); + + expect(await this.token.totalSupply()).to.equal(initialSupply + receiverInitialBalance - flashFee); + expect(await this.token.allowance(this.receiver, this.token)).to.equal(0n); + }); + + it('custom flash fee receiver', async function () { + const flashFeeReceiverAddress = this.other; + await this.token.setFlashFeeReceiver(flashFeeReceiverAddress); + expect(await this.token.$_flashFeeReceiver()).to.equal(flashFeeReceiverAddress); + + const tx = await this.token.flashLoan(this.receiver, this.token, loanValue, '0x'); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.receiver, loanValue) + .to.emit(this.token, 'Transfer') + .withArgs(this.receiver, ethers.ZeroAddress, loanValue) + .to.emit(this.token, 'Transfer') + .withArgs(this.receiver, flashFeeReceiverAddress, flashFee) + .to.emit(this.receiver, 'BalanceOf') + .withArgs(this.token, this.receiver, receiverInitialBalance + loanValue) + .to.emit(this.receiver, 'TotalSupply') + .withArgs(this.token, initialSupply + receiverInitialBalance + loanValue); + await expect(tx).to.changeTokenBalances( + this.token, + [this.receiver, flashFeeReceiverAddress], + [-flashFee, flashFee], + ); + + expect(await this.token.totalSupply()).to.equal(initialSupply + receiverInitialBalance); + expect(await this.token.allowance(this.receiver, flashFeeReceiverAddress)).to.equal(0n); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Pausable.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Pausable.test.js new file mode 100644 index 00000000..1f1157c1 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Pausable.test.js @@ -0,0 +1,129 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialSupply = 100n; + +async function fixture() { + const [holder, recipient, approved] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC20Pausable', [name, symbol]); + await token.$_mint(holder, initialSupply); + + return { holder, recipient, approved, token }; +} + +describe('ERC20Pausable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('pausable token', function () { + describe('transfer', function () { + it('allows to transfer when unpaused', async function () { + await expect(this.token.connect(this.holder).transfer(this.recipient, initialSupply)).to.changeTokenBalances( + this.token, + [this.holder, this.recipient], + [-initialSupply, initialSupply], + ); + }); + + it('allows to transfer when paused and then unpaused', async function () { + await this.token.$_pause(); + await this.token.$_unpause(); + + await expect(this.token.connect(this.holder).transfer(this.recipient, initialSupply)).to.changeTokenBalances( + this.token, + [this.holder, this.recipient], + [-initialSupply, initialSupply], + ); + }); + + it('reverts when trying to transfer when paused', async function () { + await this.token.$_pause(); + + await expect( + this.token.connect(this.holder).transfer(this.recipient, initialSupply), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + }); + + describe('transfer from', function () { + const allowance = 40n; + + beforeEach(async function () { + await this.token.connect(this.holder).approve(this.approved, allowance); + }); + + it('allows to transfer from when unpaused', async function () { + await expect( + this.token.connect(this.approved).transferFrom(this.holder, this.recipient, allowance), + ).to.changeTokenBalances(this.token, [this.holder, this.recipient], [-allowance, allowance]); + }); + + it('allows to transfer when paused and then unpaused', async function () { + await this.token.$_pause(); + await this.token.$_unpause(); + + await expect( + this.token.connect(this.approved).transferFrom(this.holder, this.recipient, allowance), + ).to.changeTokenBalances(this.token, [this.holder, this.recipient], [-allowance, allowance]); + }); + + it('reverts when trying to transfer from when paused', async function () { + await this.token.$_pause(); + + await expect( + this.token.connect(this.approved).transferFrom(this.holder, this.recipient, allowance), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + }); + + describe('mint', function () { + const value = 42n; + + it('allows to mint when unpaused', async function () { + await expect(this.token.$_mint(this.recipient, value)).to.changeTokenBalance(this.token, this.recipient, value); + }); + + it('allows to mint when paused and then unpaused', async function () { + await this.token.$_pause(); + await this.token.$_unpause(); + + await expect(this.token.$_mint(this.recipient, value)).to.changeTokenBalance(this.token, this.recipient, value); + }); + + it('reverts when trying to mint when paused', async function () { + await this.token.$_pause(); + + await expect(this.token.$_mint(this.recipient, value)).to.be.revertedWithCustomError( + this.token, + 'EnforcedPause', + ); + }); + }); + + describe('burn', function () { + const value = 42n; + + it('allows to burn when unpaused', async function () { + await expect(this.token.$_burn(this.holder, value)).to.changeTokenBalance(this.token, this.holder, -value); + }); + + it('allows to burn when paused and then unpaused', async function () { + await this.token.$_pause(); + await this.token.$_unpause(); + + await expect(this.token.$_burn(this.holder, value)).to.changeTokenBalance(this.token, this.holder, -value); + }); + + it('reverts when trying to burn when paused', async function () { + await this.token.$_pause(); + + await expect(this.token.$_burn(this.holder, value)).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Permit.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Permit.test.js new file mode 100644 index 00000000..c3c80d7b --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Permit.test.js @@ -0,0 +1,109 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getDomain, domainSeparator, Permit } = require('../../../helpers/eip712'); +const time = require('../../../helpers/time'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialSupply = 100n; + +async function fixture() { + const [holder, spender, owner, other] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC20Permit', [name, symbol, name]); + await token.$_mint(holder, initialSupply); + + return { + holder, + spender, + owner, + other, + token, + }; +} + +describe('ERC20Permit', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('initial nonce is 0', async function () { + expect(await this.token.nonces(this.holder)).to.equal(0n); + }); + + it('domain separator', async function () { + expect(await this.token.DOMAIN_SEPARATOR()).to.equal(await getDomain(this.token).then(domainSeparator)); + }); + + describe('permit', function () { + const value = 42n; + const nonce = 0n; + const maxDeadline = ethers.MaxUint256; + + beforeEach(function () { + this.buildData = (contract, deadline = maxDeadline) => + getDomain(contract).then(domain => ({ + domain, + types: { Permit }, + message: { + owner: this.owner.address, + spender: this.spender.address, + value, + nonce, + deadline, + }, + })); + }); + + it('accepts owner signature', async function () { + const { v, r, s } = await this.buildData(this.token) + .then(({ domain, types, message }) => this.owner.signTypedData(domain, types, message)) + .then(ethers.Signature.from); + + await this.token.permit(this.owner, this.spender, value, maxDeadline, v, r, s); + + expect(await this.token.nonces(this.owner)).to.equal(1n); + expect(await this.token.allowance(this.owner, this.spender)).to.equal(value); + }); + + it('rejects reused signature', async function () { + const { v, r, s, serialized } = await this.buildData(this.token) + .then(({ domain, types, message }) => this.owner.signTypedData(domain, types, message)) + .then(ethers.Signature.from); + + await this.token.permit(this.owner, this.spender, value, maxDeadline, v, r, s); + + const recovered = await this.buildData(this.token).then(({ domain, types, message }) => + ethers.verifyTypedData(domain, types, { ...message, nonce: nonce + 1n, deadline: maxDeadline }, serialized), + ); + + await expect(this.token.permit(this.owner, this.spender, value, maxDeadline, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'ERC2612InvalidSigner') + .withArgs(recovered, this.owner); + }); + + it('rejects other signature', async function () { + const { v, r, s } = await this.buildData(this.token) + .then(({ domain, types, message }) => this.other.signTypedData(domain, types, message)) + .then(ethers.Signature.from); + + await expect(this.token.permit(this.owner, this.spender, value, maxDeadline, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'ERC2612InvalidSigner') + .withArgs(this.other, this.owner); + }); + + it('rejects expired permit', async function () { + const deadline = (await time.clock.timestamp()) - time.duration.weeks(1); + + const { v, r, s } = await this.buildData(this.token, deadline) + .then(({ domain, types, message }) => this.owner.signTypedData(domain, types, message)) + .then(ethers.Signature.from); + + await expect(this.token.permit(this.owner, this.spender, value, deadline, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'ERC2612ExpiredSignature') + .withArgs(deadline); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Votes.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Votes.test.js new file mode 100644 index 00000000..3c595c91 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Votes.test.js @@ -0,0 +1,546 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture, mine } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getDomain, Delegation } = require('../../../helpers/eip712'); +const { batchInBlock } = require('../../../helpers/txpool'); +const time = require('../../../helpers/time'); + +const { shouldBehaveLikeVotes } = require('../../../governance/utils/Votes.behavior'); + +const TOKENS = [ + { Token: '$ERC20Votes', mode: 'blocknumber' }, + { Token: '$ERC20VotesTimestampMock', mode: 'timestamp' }, +]; + +const name = 'My Token'; +const symbol = 'MTKN'; +const version = '1'; +const supply = ethers.parseEther('10000000'); + +describe('ERC20Votes', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + // accounts is required by shouldBehaveLikeVotes + const accounts = await ethers.getSigners(); + const [holder, recipient, delegatee, other1, other2] = accounts; + + const token = await ethers.deployContract(Token, [name, symbol, name, version]); + const domain = await getDomain(token); + + return { accounts, holder, recipient, delegatee, other1, other2, token, domain }; + }; + + describe(`vote with ${mode}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + this.votes = this.token; + }); + + // includes ERC6372 behavior check + shouldBehaveLikeVotes([1, 17, 42], { mode, fungible: true }); + + it('initial nonce is 0', async function () { + expect(await this.token.nonces(this.holder)).to.equal(0n); + }); + + it('minting restriction', async function () { + const value = 2n ** 208n; + await expect(this.token.$_mint(this.holder, value)) + .to.be.revertedWithCustomError(this.token, 'ERC20ExceededSafeSupply') + .withArgs(value, value - 1n); + }); + + it('recent checkpoints', async function () { + await this.token.connect(this.holder).delegate(this.holder); + for (let i = 0; i < 6; i++) { + await this.token.$_mint(this.holder, 1n); + } + const timepoint = await time.clock[mode](); + expect(await this.token.numCheckpoints(this.holder)).to.equal(6n); + // recent + expect(await this.token.getPastVotes(this.holder, timepoint - 1n)).to.equal(5n); + // non-recent + expect(await this.token.getPastVotes(this.holder, timepoint - 6n)).to.equal(0n); + }); + + describe('set delegation', function () { + describe('call', function () { + it('delegation with balance', async function () { + await this.token.$_mint(this.holder, supply); + expect(await this.token.delegates(this.holder)).to.equal(ethers.ZeroAddress); + + const tx = await this.token.connect(this.holder).delegate(this.holder); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.token, 'DelegateChanged') + .withArgs(this.holder, ethers.ZeroAddress, this.holder) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, 0n, supply); + + expect(await this.token.delegates(this.holder)).to.equal(this.holder); + expect(await this.token.getVotes(this.holder)).to.equal(supply); + expect(await this.token.getPastVotes(this.holder, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.token.getPastVotes(this.holder, timepoint)).to.equal(supply); + }); + + it('delegation without balance', async function () { + expect(await this.token.delegates(this.holder)).to.equal(ethers.ZeroAddress); + + await expect(this.token.connect(this.holder).delegate(this.holder)) + .to.emit(this.token, 'DelegateChanged') + .withArgs(this.holder, ethers.ZeroAddress, this.holder) + .to.not.emit(this.token, 'DelegateVotesChanged'); + + expect(await this.token.delegates(this.holder)).to.equal(this.holder); + }); + }); + + describe('with signature', function () { + const nonce = 0n; + + beforeEach(async function () { + await this.token.$_mint(this.holder, supply); + }); + + it('accept signed delegation', async function () { + const { r, s, v } = await this.holder + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + expect(await this.token.delegates(this.holder)).to.equal(ethers.ZeroAddress); + + const tx = await this.token.delegateBySig(this.holder, nonce, ethers.MaxUint256, v, r, s); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.token, 'DelegateChanged') + .withArgs(this.holder, ethers.ZeroAddress, this.holder) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, 0n, supply); + + expect(await this.token.delegates(this.holder)).to.equal(this.holder); + + expect(await this.token.getVotes(this.holder)).to.equal(supply); + expect(await this.token.getPastVotes(this.holder, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.token.getPastVotes(this.holder, timepoint)).to.equal(supply); + }); + + it('rejects reused signature', async function () { + const { r, s, v } = await this.holder + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + await this.token.delegateBySig(this.holder, nonce, ethers.MaxUint256, v, r, s); + + await expect(this.token.delegateBySig(this.holder, nonce, ethers.MaxUint256, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'InvalidAccountNonce') + .withArgs(this.holder, nonce + 1n); + }); + + it('rejects bad delegatee', async function () { + const { r, s, v } = await this.holder + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + const tx = await this.token.delegateBySig(this.delegatee, nonce, ethers.MaxUint256, v, r, s); + + const { args } = await tx + .wait() + .then(receipt => receipt.logs.find(event => event.fragment.name == 'DelegateChanged')); + expect(args[0]).to.not.equal(this.holder); + expect(args[1]).to.equal(ethers.ZeroAddress); + expect(args[2]).to.equal(this.delegatee); + }); + + it('rejects bad nonce', async function () { + const { r, s, v, serialized } = await this.holder + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce, + expiry: ethers.MaxUint256, + }, + ) + .then(ethers.Signature.from); + + const recovered = ethers.verifyTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce: nonce + 1n, + expiry: ethers.MaxUint256, + }, + serialized, + ); + + await expect(this.token.delegateBySig(this.holder, nonce + 1n, ethers.MaxUint256, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'InvalidAccountNonce') + .withArgs(recovered, nonce); + }); + + it('rejects expired permit', async function () { + const expiry = (await time.clock.timestamp()) - time.duration.weeks(1); + + const { r, s, v } = await this.holder + .signTypedData( + this.domain, + { Delegation }, + { + delegatee: this.holder.address, + nonce, + expiry, + }, + ) + .then(ethers.Signature.from); + + await expect(this.token.delegateBySig(this.holder, nonce, expiry, v, r, s)) + .to.be.revertedWithCustomError(this.token, 'VotesExpiredSignature') + .withArgs(expiry); + }); + }); + }); + + describe('change delegation', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, supply); + await this.token.connect(this.holder).delegate(this.holder); + }); + + it('call', async function () { + expect(await this.token.delegates(this.holder)).to.equal(this.holder); + + const tx = await this.token.connect(this.holder).delegate(this.delegatee); + const timepoint = await time.clockFromReceipt[mode](tx); + + await expect(tx) + .to.emit(this.token, 'DelegateChanged') + .withArgs(this.holder, this.holder, this.delegatee) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, supply, 0n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.delegatee, 0n, supply); + + expect(await this.token.delegates(this.holder)).to.equal(this.delegatee); + + expect(await this.token.getVotes(this.holder)).to.equal(0n); + expect(await this.token.getVotes(this.delegatee)).to.equal(supply); + expect(await this.token.getPastVotes(this.holder, timepoint - 1n)).to.equal(supply); + expect(await this.token.getPastVotes(this.delegatee, timepoint - 1n)).to.equal(0n); + await mine(); + expect(await this.token.getPastVotes(this.holder, timepoint)).to.equal(0n); + expect(await this.token.getPastVotes(this.delegatee, timepoint)).to.equal(supply); + }); + }); + + describe('transfers', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, supply); + }); + + it('no delegation', async function () { + await expect(this.token.connect(this.holder).transfer(this.recipient, 1n)) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, 1n) + .to.not.emit(this.token, 'DelegateVotesChanged'); + + this.holderVotes = 0n; + this.recipientVotes = 0n; + }); + + it('sender delegation', async function () { + await this.token.connect(this.holder).delegate(this.holder); + + const tx = await this.token.connect(this.holder).transfer(this.recipient, 1n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, 1n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, supply, supply - 1n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = supply - 1n; + this.recipientVotes = 0n; + }); + + it('receiver delegation', async function () { + await this.token.connect(this.recipient).delegate(this.recipient); + + const tx = await this.token.connect(this.holder).transfer(this.recipient, 1n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, 1n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.recipient, 0n, 1n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = 0n; + this.recipientVotes = 1n; + }); + + it('full delegation', async function () { + await this.token.connect(this.holder).delegate(this.holder); + await this.token.connect(this.recipient).delegate(this.recipient); + + const tx = await this.token.connect(this.holder).transfer(this.recipient, 1n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, 1n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, supply, supply - 1n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.recipient, 0n, 1n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = supply - 1n; + this.recipientVotes = 1n; + }); + + afterEach(async function () { + expect(await this.token.getVotes(this.holder)).to.equal(this.holderVotes); + expect(await this.token.getVotes(this.recipient)).to.equal(this.recipientVotes); + + // need to advance 2 blocks to see the effect of a transfer on "getPastVotes" + const timepoint = await time.clock[mode](); + await mine(); + expect(await this.token.getPastVotes(this.holder, timepoint)).to.equal(this.holderVotes); + expect(await this.token.getPastVotes(this.recipient, timepoint)).to.equal(this.recipientVotes); + }); + }); + + // The following tests are a adaptation of https://github.com/compound-finance/compound-protocol/blob/master/tests/Governance/CompTest.js. + describe('Compound test suite', function () { + beforeEach(async function () { + await this.token.$_mint(this.holder, supply); + }); + + describe('balanceOf', function () { + it('grants to initial account', async function () { + expect(await this.token.balanceOf(this.holder)).to.equal(supply); + }); + }); + + describe('numCheckpoints', function () { + it('returns the number of checkpoints for a delegate', async function () { + await this.token.connect(this.holder).transfer(this.recipient, 100n); //give an account a few tokens for readability + expect(await this.token.numCheckpoints(this.other1)).to.equal(0n); + + const t1 = await this.token.connect(this.recipient).delegate(this.other1); + t1.timepoint = await time.clockFromReceipt[mode](t1); + expect(await this.token.numCheckpoints(this.other1)).to.equal(1n); + + const t2 = await this.token.connect(this.recipient).transfer(this.other2, 10); + t2.timepoint = await time.clockFromReceipt[mode](t2); + expect(await this.token.numCheckpoints(this.other1)).to.equal(2n); + + const t3 = await this.token.connect(this.recipient).transfer(this.other2, 10); + t3.timepoint = await time.clockFromReceipt[mode](t3); + expect(await this.token.numCheckpoints(this.other1)).to.equal(3n); + + const t4 = await this.token.connect(this.holder).transfer(this.recipient, 20); + t4.timepoint = await time.clockFromReceipt[mode](t4); + expect(await this.token.numCheckpoints(this.other1)).to.equal(4n); + + expect(await this.token.checkpoints(this.other1, 0n)).to.deep.equal([t1.timepoint, 100n]); + expect(await this.token.checkpoints(this.other1, 1n)).to.deep.equal([t2.timepoint, 90n]); + expect(await this.token.checkpoints(this.other1, 2n)).to.deep.equal([t3.timepoint, 80n]); + expect(await this.token.checkpoints(this.other1, 3n)).to.deep.equal([t4.timepoint, 100n]); + await mine(); + expect(await this.token.getPastVotes(this.other1, t1.timepoint)).to.equal(100n); + expect(await this.token.getPastVotes(this.other1, t2.timepoint)).to.equal(90n); + expect(await this.token.getPastVotes(this.other1, t3.timepoint)).to.equal(80n); + expect(await this.token.getPastVotes(this.other1, t4.timepoint)).to.equal(100n); + }); + + it('does not add more than one checkpoint in a block', async function () { + await this.token.connect(this.holder).transfer(this.recipient, 100n); + expect(await this.token.numCheckpoints(this.other1)).to.equal(0n); + + const [t1, t2, t3] = await batchInBlock([ + () => this.token.connect(this.recipient).delegate(this.other1, { gasLimit: 200000 }), + () => this.token.connect(this.recipient).transfer(this.other2, 10n, { gasLimit: 200000 }), + () => this.token.connect(this.recipient).transfer(this.other2, 10n, { gasLimit: 200000 }), + ]); + t1.timepoint = await time.clockFromReceipt[mode](t1); + t2.timepoint = await time.clockFromReceipt[mode](t2); + t3.timepoint = await time.clockFromReceipt[mode](t3); + + expect(await this.token.numCheckpoints(this.other1)).to.equal(1); + expect(await this.token.checkpoints(this.other1, 0n)).to.be.deep.equal([t1.timepoint, 80n]); + + const t4 = await this.token.connect(this.holder).transfer(this.recipient, 20n); + t4.timepoint = await time.clockFromReceipt[mode](t4); + + expect(await this.token.numCheckpoints(this.other1)).to.equal(2n); + expect(await this.token.checkpoints(this.other1, 1n)).to.be.deep.equal([t4.timepoint, 100n]); + }); + }); + + describe('getPastVotes', function () { + it('reverts if block number >= current block', async function () { + const clock = await this.token.clock(); + await expect(this.token.getPastVotes(this.other1, 50_000_000_000n)) + .to.be.revertedWithCustomError(this.token, 'ERC5805FutureLookup') + .withArgs(50_000_000_000n, clock); + }); + + it('returns 0 if there are no checkpoints', async function () { + expect(await this.token.getPastVotes(this.other1, 0n)).to.equal(0n); + }); + + it('returns the latest block if >= last checkpoint block', async function () { + const tx = await this.token.connect(this.holder).delegate(this.other1); + const timepoint = await time.clockFromReceipt[mode](tx); + await mine(2); + + expect(await this.token.getPastVotes(this.other1, timepoint)).to.equal(supply); + expect(await this.token.getPastVotes(this.other1, timepoint + 1n)).to.equal(supply); + }); + + it('returns zero if < first checkpoint block', async function () { + await mine(); + const tx = await this.token.connect(this.holder).delegate(this.other1); + const timepoint = await time.clockFromReceipt[mode](tx); + await mine(2); + + expect(await this.token.getPastVotes(this.other1, timepoint - 1n)).to.equal(0n); + expect(await this.token.getPastVotes(this.other1, timepoint + 1n)).to.equal(supply); + }); + + it('generally returns the voting balance at the appropriate checkpoint', async function () { + const t1 = await this.token.connect(this.holder).delegate(this.other1); + await mine(2); + const t2 = await this.token.connect(this.holder).transfer(this.other2, 10); + await mine(2); + const t3 = await this.token.connect(this.holder).transfer(this.other2, 10); + await mine(2); + const t4 = await this.token.connect(this.other2).transfer(this.holder, 20); + await mine(2); + + t1.timepoint = await time.clockFromReceipt[mode](t1); + t2.timepoint = await time.clockFromReceipt[mode](t2); + t3.timepoint = await time.clockFromReceipt[mode](t3); + t4.timepoint = await time.clockFromReceipt[mode](t4); + + expect(await this.token.getPastVotes(this.other1, t1.timepoint - 1n)).to.equal(0n); + expect(await this.token.getPastVotes(this.other1, t1.timepoint)).to.equal(supply); + expect(await this.token.getPastVotes(this.other1, t1.timepoint + 1n)).to.equal(supply); + expect(await this.token.getPastVotes(this.other1, t2.timepoint)).to.equal(supply - 10n); + expect(await this.token.getPastVotes(this.other1, t2.timepoint + 1n)).to.equal(supply - 10n); + expect(await this.token.getPastVotes(this.other1, t3.timepoint)).to.equal(supply - 20n); + expect(await this.token.getPastVotes(this.other1, t3.timepoint + 1n)).to.equal(supply - 20n); + expect(await this.token.getPastVotes(this.other1, t4.timepoint)).to.equal(supply); + expect(await this.token.getPastVotes(this.other1, t4.timepoint + 1n)).to.equal(supply); + }); + }); + }); + + describe('getPastTotalSupply', function () { + beforeEach(async function () { + await this.token.connect(this.holder).delegate(this.holder); + }); + + it('reverts if block number >= current block', async function () { + const clock = await this.token.clock(); + await expect(this.token.getPastTotalSupply(50_000_000_000n)) + .to.be.revertedWithCustomError(this.token, 'ERC5805FutureLookup') + .withArgs(50_000_000_000n, clock); + }); + + it('returns 0 if there are no checkpoints', async function () { + expect(await this.token.getPastTotalSupply(0n)).to.equal(0n); + }); + + it('returns the latest block if >= last checkpoint block', async function () { + const tx = await this.token.$_mint(this.holder, supply); + const timepoint = await time.clockFromReceipt[mode](tx); + await mine(2); + + expect(await this.token.getPastTotalSupply(timepoint)).to.equal(supply); + expect(await this.token.getPastTotalSupply(timepoint + 1n)).to.equal(supply); + }); + + it('returns zero if < first checkpoint block', async function () { + await mine(); + const tx = await this.token.$_mint(this.holder, supply); + const timepoint = await time.clockFromReceipt[mode](tx); + await mine(2); + + expect(await this.token.getPastTotalSupply(timepoint - 1n)).to.equal(0n); + expect(await this.token.getPastTotalSupply(timepoint + 1n)).to.equal(supply); + }); + + it('generally returns the voting balance at the appropriate checkpoint', async function () { + const t1 = await this.token.$_mint(this.holder, supply); + await mine(2); + const t2 = await this.token.$_burn(this.holder, 10n); + await mine(2); + const t3 = await this.token.$_burn(this.holder, 10n); + await mine(2); + const t4 = await this.token.$_mint(this.holder, 20n); + await mine(2); + + t1.timepoint = await time.clockFromReceipt[mode](t1); + t2.timepoint = await time.clockFromReceipt[mode](t2); + t3.timepoint = await time.clockFromReceipt[mode](t3); + t4.timepoint = await time.clockFromReceipt[mode](t4); + + expect(await this.token.getPastTotalSupply(t1.timepoint - 1n)).to.equal(0n); + expect(await this.token.getPastTotalSupply(t1.timepoint)).to.equal(supply); + expect(await this.token.getPastTotalSupply(t1.timepoint + 1n)).to.equal(supply); + expect(await this.token.getPastTotalSupply(t2.timepoint)).to.equal(supply - 10n); + expect(await this.token.getPastTotalSupply(t2.timepoint + 1n)).to.equal(supply - 10n); + expect(await this.token.getPastTotalSupply(t3.timepoint)).to.equal(supply - 20n); + expect(await this.token.getPastTotalSupply(t3.timepoint + 1n)).to.equal(supply - 20n); + expect(await this.token.getPastTotalSupply(t4.timepoint)).to.equal(supply); + expect(await this.token.getPastTotalSupply(t4.timepoint + 1n)).to.equal(supply); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Wrapper.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Wrapper.test.js new file mode 100644 index 00000000..9e72e1a9 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC20Wrapper.test.js @@ -0,0 +1,203 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldBehaveLikeERC20 } = require('../ERC20.behavior'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const decimals = 9n; +const initialSupply = 100n; + +async function fixture() { + // this.accounts is used by shouldBehaveLikeERC20 + const accounts = await ethers.getSigners(); + const [holder, recipient, other] = accounts; + + const underlying = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, decimals]); + await underlying.$_mint(holder, initialSupply); + + const token = await ethers.deployContract('$ERC20Wrapper', [`Wrapped ${name}`, `W${symbol}`, underlying]); + + return { accounts, holder, recipient, other, underlying, token }; +} + +describe('ERC20Wrapper', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + afterEach('Underlying balance', async function () { + expect(await this.underlying.balanceOf(this.token)).to.equal(await this.token.totalSupply()); + }); + + it('has a name', async function () { + expect(await this.token.name()).to.equal(`Wrapped ${name}`); + }); + + it('has a symbol', async function () { + expect(await this.token.symbol()).to.equal(`W${symbol}`); + }); + + it('has the same decimals as the underlying token', async function () { + expect(await this.token.decimals()).to.equal(decimals); + }); + + it('decimals default back to 18 if token has no metadata', async function () { + const noDecimals = await ethers.deployContract('CallReceiverMock'); + const token = await ethers.deployContract('$ERC20Wrapper', [`Wrapped ${name}`, `W${symbol}`, noDecimals]); + expect(await token.decimals()).to.equal(18n); + }); + + it('has underlying', async function () { + expect(await this.token.underlying()).to.equal(this.underlying); + }); + + describe('deposit', function () { + it('executes with approval', async function () { + await this.underlying.connect(this.holder).approve(this.token, initialSupply); + + const tx = await this.token.connect(this.holder).depositFor(this.holder, initialSupply); + await expect(tx) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.holder, this.token, initialSupply) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.holder, initialSupply); + await expect(tx).to.changeTokenBalances( + this.underlying, + [this.holder, this.token], + [-initialSupply, initialSupply], + ); + await expect(tx).to.changeTokenBalance(this.token, this.holder, initialSupply); + }); + + it('reverts when missing approval', async function () { + await expect(this.token.connect(this.holder).depositFor(this.holder, initialSupply)) + .to.be.revertedWithCustomError(this.underlying, 'ERC20InsufficientAllowance') + .withArgs(this.token, 0, initialSupply); + }); + + it('reverts when inssuficient balance', async function () { + await this.underlying.connect(this.holder).approve(this.token, ethers.MaxUint256); + + await expect(this.token.connect(this.holder).depositFor(this.holder, ethers.MaxUint256)) + .to.be.revertedWithCustomError(this.underlying, 'ERC20InsufficientBalance') + .withArgs(this.holder, initialSupply, ethers.MaxUint256); + }); + + it('deposits to other account', async function () { + await this.underlying.connect(this.holder).approve(this.token, initialSupply); + + const tx = await this.token.connect(this.holder).depositFor(this.recipient, initialSupply); + await expect(tx) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.holder, this.token.target, initialSupply) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, initialSupply); + await expect(tx).to.changeTokenBalances( + this.underlying, + [this.holder, this.token], + [-initialSupply, initialSupply], + ); + await expect(tx).to.changeTokenBalances(this.token, [this.holder, this.recipient], [0, initialSupply]); + }); + + it('reverts minting to the wrapper contract', async function () { + await this.underlying.connect(this.holder).approve(this.token, ethers.MaxUint256); + + await expect(this.token.connect(this.holder).depositFor(this.token, ethers.MaxUint256)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidReceiver') + .withArgs(this.token); + }); + }); + + describe('withdraw', function () { + beforeEach(async function () { + await this.underlying.connect(this.holder).approve(this.token, initialSupply); + await this.token.connect(this.holder).depositFor(this.holder, initialSupply); + }); + + it('reverts when inssuficient balance', async function () { + await expect(this.token.connect(this.holder).withdrawTo(this.holder, ethers.MaxInt256)) + .to.be.revertedWithCustomError(this.token, 'ERC20InsufficientBalance') + .withArgs(this.holder, initialSupply, ethers.MaxInt256); + }); + + it('executes when operation is valid', async function () { + const value = 42n; + + const tx = await this.token.connect(this.holder).withdrawTo(this.holder, value); + await expect(tx) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token.target, this.holder, value) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, value); + await expect(tx).to.changeTokenBalances(this.underlying, [this.token, this.holder], [-value, value]); + await expect(tx).to.changeTokenBalance(this.token, this.holder, -value); + }); + + it('entire balance', async function () { + const tx = await this.token.connect(this.holder).withdrawTo(this.holder, initialSupply); + await expect(tx) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token.target, this.holder, initialSupply) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, initialSupply); + await expect(tx).to.changeTokenBalances( + this.underlying, + [this.token, this.holder], + [-initialSupply, initialSupply], + ); + await expect(tx).to.changeTokenBalance(this.token, this.holder, -initialSupply); + }); + + it('to other account', async function () { + const tx = await this.token.connect(this.holder).withdrawTo(this.recipient, initialSupply); + await expect(tx) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.recipient, initialSupply) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, initialSupply); + await expect(tx).to.changeTokenBalances( + this.underlying, + [this.token, this.holder, this.recipient], + [-initialSupply, 0, initialSupply], + ); + await expect(tx).to.changeTokenBalance(this.token, this.holder, -initialSupply); + }); + + it('reverts withdrawing to the wrapper contract', async function () { + await expect(this.token.connect(this.holder).withdrawTo(this.token, initialSupply)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidReceiver') + .withArgs(this.token); + }); + }); + + describe('recover', function () { + it('nothing to recover', async function () { + await this.underlying.connect(this.holder).approve(this.token, initialSupply); + await this.token.connect(this.holder).depositFor(this.holder, initialSupply); + + const tx = await this.token.$_recover(this.recipient); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, this.recipient, 0n); + await expect(tx).to.changeTokenBalance(this.token, this.recipient, 0); + }); + + it('something to recover', async function () { + await this.underlying.connect(this.holder).transfer(this.token, initialSupply); + + const tx = await this.token.$_recover(this.recipient); + await expect(tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, this.recipient, initialSupply); + await expect(tx).to.changeTokenBalance(this.token, this.recipient, initialSupply); + }); + }); + + describe('erc20 behaviour', function () { + beforeEach(async function () { + await this.underlying.connect(this.holder).approve(this.token, initialSupply); + await this.token.connect(this.holder).depositFor(this.holder, initialSupply); + }); + + shouldBehaveLikeERC20(initialSupply); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.t.sol b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.t.sol new file mode 100644 index 00000000..72b0daca --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.t.sol @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +import {ERC4626Test} from "erc4626-tests/ERC4626.test.sol"; + +import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol"; +import {ERC4626} from "@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol"; + +import {ERC20Mock} from "@openzeppelin/contracts/mocks/token/ERC20Mock.sol"; +import {ERC4626Mock} from "@openzeppelin/contracts/mocks/token/ERC4626Mock.sol"; +import {ERC4626OffsetMock} from "@openzeppelin/contracts/mocks/token/ERC4626OffsetMock.sol"; + +contract ERC4626VaultOffsetMock is ERC4626OffsetMock { + constructor( + ERC20 underlying_, + uint8 offset_ + ) ERC20("My Token Vault", "MTKNV") ERC4626(underlying_) ERC4626OffsetMock(offset_) {} +} + +contract ERC4626StdTest is ERC4626Test { + ERC20 private _underlying = new ERC20Mock(); + + function setUp() public override { + _underlying_ = address(_underlying); + _vault_ = address(new ERC4626Mock(_underlying_)); + _delta_ = 0; + _vaultMayBeEmpty = true; + _unlimitedAmount = true; + } + + /** + * @dev Check the case where calculated `decimals` value overflows the `uint8` type. + */ + function testFuzzDecimalsOverflow(uint8 offset) public { + /// @dev Remember that the `_underlying` exhibits a `decimals` value of 18. + offset = uint8(bound(uint256(offset), 238, uint256(type(uint8).max))); + ERC4626VaultOffsetMock erc4626VaultOffsetMock = new ERC4626VaultOffsetMock(_underlying, offset); + vm.expectRevert(); + erc4626VaultOffsetMock.decimals(); + } +} diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.test.js new file mode 100644 index 00000000..71c7cbaa --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/ERC4626.test.js @@ -0,0 +1,888 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { Enum } = require('../../../helpers/enums'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const decimals = 18n; + +async function fixture() { + const [holder, recipient, spender, other, ...accounts] = await ethers.getSigners(); + return { holder, recipient, spender, other, accounts }; +} + +describe('ERC4626', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('inherit decimals if from asset', async function () { + for (const decimals of [0n, 9n, 12n, 18n, 36n]) { + const token = await ethers.deployContract('$ERC20DecimalsMock', ['', '', decimals]); + const vault = await ethers.deployContract('$ERC4626', ['', '', token]); + expect(await vault.decimals()).to.equal(decimals); + } + }); + + it('asset has not yet been created', async function () { + const vault = await ethers.deployContract('$ERC4626', ['', '', this.other.address]); + expect(await vault.decimals()).to.equal(decimals); + }); + + it('underlying excess decimals', async function () { + const token = await ethers.deployContract('$ERC20ExcessDecimalsMock'); + const vault = await ethers.deployContract('$ERC4626', ['', '', token]); + expect(await vault.decimals()).to.equal(decimals); + }); + + it('decimals overflow', async function () { + for (const offset of [243n, 250n, 255n]) { + const token = await ethers.deployContract('$ERC20DecimalsMock', ['', '', decimals]); + const vault = await ethers.deployContract('$ERC4626OffsetMock', ['', '', token, offset]); + await expect(vault.decimals()).to.be.revertedWithPanic(PANIC_CODES.ARITHMETIC_UNDER_OR_OVERFLOW); + } + }); + + describe('reentrancy', function () { + const reenterType = Enum('No', 'Before', 'After'); + + const value = 1_000_000_000_000_000_000n; + const reenterValue = 1_000_000_000n; + + beforeEach(async function () { + // Use offset 1 so the rate is not 1:1 and we can't possibly confuse assets and shares + const token = await ethers.deployContract('$ERC20Reentrant'); + const vault = await ethers.deployContract('$ERC4626OffsetMock', ['', '', token, 1n]); + // Funds and approval for tests + await token.$_mint(this.holder, value); + await token.$_mint(this.other, value); + await token.$_approve(this.holder, vault, ethers.MaxUint256); + await token.$_approve(this.other, vault, ethers.MaxUint256); + await token.$_approve(token, vault, ethers.MaxUint256); + + Object.assign(this, { token, vault }); + }); + + // During a `_deposit`, the vault does `transferFrom(depositor, vault, assets)` -> `_mint(receiver, shares)` + // such that a reentrancy BEFORE the transfer guarantees the price is kept the same. + // If the order of transfer -> mint is changed to mint -> transfer, the reentrancy could be triggered on an + // intermediate state in which the ratio of assets/shares has been decreased (more shares than assets). + it('correct share price is observed during reentrancy before deposit', async function () { + // mint token for deposit + await this.token.$_mint(this.token, reenterValue); + + // Schedules a reentrancy from the token contract + await this.token.scheduleReenter( + reenterType.Before, + this.vault, + this.vault.interface.encodeFunctionData('deposit', [reenterValue, this.holder.address]), + ); + + // Initial share price + const sharesForDeposit = await this.vault.previewDeposit(value); + const sharesForReenter = await this.vault.previewDeposit(reenterValue); + + await expect(this.vault.connect(this.holder).deposit(value, this.holder)) + // Deposit normally, reentering before the internal `_update` + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.holder, value, sharesForDeposit) + // Reentrant deposit event β†’ uses the same price + .to.emit(this.vault, 'Deposit') + .withArgs(this.token, this.holder, reenterValue, sharesForReenter); + + // Assert prices is kept + expect(await this.vault.previewDeposit(value)).to.equal(sharesForDeposit); + }); + + // During a `_withdraw`, the vault does `_burn(owner, shares)` -> `transfer(receiver, assets)` + // such that a reentrancy AFTER the transfer guarantees the price is kept the same. + // If the order of burn -> transfer is changed to transfer -> burn, the reentrancy could be triggered on an + // intermediate state in which the ratio of shares/assets has been decreased (more assets than shares). + it('correct share price is observed during reentrancy after withdraw', async function () { + // Deposit into the vault: holder gets `value` share, token.address gets `reenterValue` shares + await this.vault.connect(this.holder).deposit(value, this.holder); + await this.vault.connect(this.other).deposit(reenterValue, this.token); + + // Schedules a reentrancy from the token contract + await this.token.scheduleReenter( + reenterType.After, + this.vault, + this.vault.interface.encodeFunctionData('withdraw', [reenterValue, this.holder.address, this.token.target]), + ); + + // Initial share price + const sharesForWithdraw = await this.vault.previewWithdraw(value); + const sharesForReenter = await this.vault.previewWithdraw(reenterValue); + + // Do withdraw normally, triggering the _afterTokenTransfer hook + await expect(this.vault.connect(this.holder).withdraw(value, this.holder, this.holder)) + // Main withdraw event + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.holder, this.holder, value, sharesForWithdraw) + // Reentrant withdraw event β†’ uses the same price + .to.emit(this.vault, 'Withdraw') + .withArgs(this.token, this.holder, this.token, reenterValue, sharesForReenter); + + // Assert price is kept + expect(await this.vault.previewWithdraw(value)).to.equal(sharesForWithdraw); + }); + + // Donate newly minted tokens to the vault during the reentracy causes the share price to increase. + // Still, the deposit that trigger the reentracy is not affected and get the previewed price. + // Further deposits will get a different price (getting fewer shares for the same value of assets) + it('share price change during reentracy does not affect deposit', async function () { + // Schedules a reentrancy from the token contract that mess up the share price + await this.token.scheduleReenter( + reenterType.Before, + this.token, + this.token.interface.encodeFunctionData('$_mint', [this.vault.target, reenterValue]), + ); + + // Price before + const sharesBefore = await this.vault.previewDeposit(value); + + // Deposit, reentering before the internal `_update` + await expect(this.vault.connect(this.holder).deposit(value, this.holder)) + // Price is as previewed + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.holder, value, sharesBefore); + + // Price was modified during reentrancy + expect(await this.vault.previewDeposit(value)).to.lt(sharesBefore); + }); + + // Burn some tokens from the vault during the reentracy causes the share price to drop. + // Still, the withdraw that trigger the reentracy is not affected and get the previewed price. + // Further withdraw will get a different price (needing more shares for the same value of assets) + it('share price change during reentracy does not affect withdraw', async function () { + await this.vault.connect(this.holder).deposit(value, this.holder); + await this.vault.connect(this.other).deposit(value, this.other); + + // Schedules a reentrancy from the token contract that mess up the share price + await this.token.scheduleReenter( + reenterType.After, + this.token, + this.token.interface.encodeFunctionData('$_burn', [this.vault.target, reenterValue]), + ); + + // Price before + const sharesBefore = await this.vault.previewWithdraw(value); + + // Withdraw, triggering the _afterTokenTransfer hook + await expect(this.vault.connect(this.holder).withdraw(value, this.holder, this.holder)) + // Price is as previewed + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.holder, this.holder, value, sharesBefore); + + // Price was modified during reentrancy + expect(await this.vault.previewWithdraw(value)).to.gt(sharesBefore); + }); + }); + + describe('limits', function () { + beforeEach(async function () { + const token = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, decimals]); + const vault = await ethers.deployContract('$ERC4626LimitsMock', ['', '', token]); + + Object.assign(this, { token, vault }); + }); + + it('reverts on deposit() above max deposit', async function () { + const maxDeposit = await this.vault.maxDeposit(this.holder); + await expect(this.vault.connect(this.holder).deposit(maxDeposit + 1n, this.recipient)) + .to.be.revertedWithCustomError(this.vault, 'ERC4626ExceededMaxDeposit') + .withArgs(this.recipient, maxDeposit + 1n, maxDeposit); + }); + + it('reverts on mint() above max mint', async function () { + const maxMint = await this.vault.maxMint(this.holder); + + await expect(this.vault.connect(this.holder).mint(maxMint + 1n, this.recipient)) + .to.be.revertedWithCustomError(this.vault, 'ERC4626ExceededMaxMint') + .withArgs(this.recipient, maxMint + 1n, maxMint); + }); + + it('reverts on withdraw() above max withdraw', async function () { + const maxWithdraw = await this.vault.maxWithdraw(this.holder); + + await expect(this.vault.connect(this.holder).withdraw(maxWithdraw + 1n, this.recipient, this.holder)) + .to.be.revertedWithCustomError(this.vault, 'ERC4626ExceededMaxWithdraw') + .withArgs(this.holder, maxWithdraw + 1n, maxWithdraw); + }); + + it('reverts on redeem() above max redeem', async function () { + const maxRedeem = await this.vault.maxRedeem(this.holder); + + await expect(this.vault.connect(this.holder).redeem(maxRedeem + 1n, this.recipient, this.holder)) + .to.be.revertedWithCustomError(this.vault, 'ERC4626ExceededMaxRedeem') + .withArgs(this.holder, maxRedeem + 1n, maxRedeem); + }); + }); + + for (const offset of [0n, 6n, 18n]) { + const parseToken = token => token * 10n ** decimals; + const parseShare = share => share * 10n ** (decimals + offset); + + const virtualAssets = 1n; + const virtualShares = 10n ** offset; + + describe(`offset: ${offset}`, function () { + beforeEach(async function () { + const token = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, decimals]); + const vault = await ethers.deployContract('$ERC4626OffsetMock', [name + ' Vault', symbol + 'V', token, offset]); + + await token.$_mint(this.holder, ethers.MaxUint256 / 2n); // 50% of maximum + await token.$_approve(this.holder, vault, ethers.MaxUint256); + await vault.$_approve(this.holder, this.spender, ethers.MaxUint256); + + Object.assign(this, { token, vault }); + }); + + it('metadata', async function () { + expect(await this.vault.name()).to.equal(name + ' Vault'); + expect(await this.vault.symbol()).to.equal(symbol + 'V'); + expect(await this.vault.decimals()).to.equal(decimals + offset); + expect(await this.vault.asset()).to.equal(this.token); + }); + + describe('empty vault: no assets & no shares', function () { + it('status', async function () { + expect(await this.vault.totalAssets()).to.equal(0n); + }); + + it('deposit', async function () { + expect(await this.vault.maxDeposit(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewDeposit(parseToken(1n))).to.equal(parseShare(1n)); + + const tx = this.vault.connect(this.holder).deposit(parseToken(1n), this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-parseToken(1n), parseToken(1n)], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, parseShare(1n)); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, parseToken(1n)) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, parseShare(1n)) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, parseToken(1n), parseShare(1n)); + }); + + it('mint', async function () { + expect(await this.vault.maxMint(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewMint(parseShare(1n))).to.equal(parseToken(1n)); + + const tx = this.vault.connect(this.holder).mint(parseShare(1n), this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-parseToken(1n), parseToken(1n)], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, parseShare(1n)); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, parseToken(1n)) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, parseShare(1n)) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, parseToken(1n), parseShare(1n)); + }); + + it('withdraw', async function () { + expect(await this.vault.maxWithdraw(this.holder)).to.equal(0n); + expect(await this.vault.previewWithdraw(0n)).to.equal(0n); + + const tx = this.vault.connect(this.holder).withdraw(0n, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances(this.token, [this.vault, this.recipient], [0n, 0n]); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, 0n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, 0n) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, 0n) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, 0n, 0n); + }); + + it('redeem', async function () { + expect(await this.vault.maxRedeem(this.holder)).to.equal(0n); + expect(await this.vault.previewRedeem(0n)).to.equal(0n); + + const tx = this.vault.connect(this.holder).redeem(0n, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances(this.token, [this.vault, this.recipient], [0n, 0n]); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, 0n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, 0n) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, 0n) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, 0n, 0n); + }); + }); + + describe('inflation attack: offset price by direct deposit of assets', function () { + beforeEach(async function () { + // Donate 1 token to the vault to offset the price + await this.token.$_mint(this.vault, parseToken(1n)); + }); + + it('status', async function () { + expect(await this.vault.totalSupply()).to.equal(0n); + expect(await this.vault.totalAssets()).to.equal(parseToken(1n)); + }); + + /** + * | offset | deposited assets | redeemable assets | + * |--------|----------------------|----------------------| + * | 0 | 1.000000000000000000 | 0. | + * | 6 | 1.000000000000000000 | 0.999999000000000000 | + * | 18 | 1.000000000000000000 | 0.999999999999999999 | + * + * Attack is possible, but made difficult by the offset. For the attack to be successful + * the attacker needs to frontrun a deposit 10**offset times bigger than what the victim + * was trying to deposit + */ + it('deposit', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const depositAssets = parseToken(1n); + const expectedShares = (depositAssets * effectiveShares) / effectiveAssets; + + expect(await this.vault.maxDeposit(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewDeposit(depositAssets)).to.equal(expectedShares); + + const tx = this.vault.connect(this.holder).deposit(depositAssets, this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-depositAssets, depositAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, expectedShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, depositAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, expectedShares) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, depositAssets, expectedShares); + }); + + /** + * | offset | deposited assets | redeemable assets | + * |--------|----------------------|----------------------| + * | 0 | 1000000000000000001. | 1000000000000000001. | + * | 6 | 1000000000000000001. | 1000000000000000001. | + * | 18 | 1000000000000000001. | 1000000000000000001. | + * + * Using mint protects against inflation attack, but makes minting shares very expensive. + * The ER20 allowance for the underlying asset is needed to protect the user from (too) + * large deposits. + */ + it('mint', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const mintShares = parseShare(1n); + const expectedAssets = (mintShares * effectiveAssets) / effectiveShares; + + expect(await this.vault.maxMint(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewMint(mintShares)).to.equal(expectedAssets); + + const tx = this.vault.connect(this.holder).mint(mintShares, this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-expectedAssets, expectedAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, mintShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, expectedAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, mintShares) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, expectedAssets, mintShares); + }); + + it('withdraw', async function () { + expect(await this.vault.maxWithdraw(this.holder)).to.equal(0n); + expect(await this.vault.previewWithdraw(0n)).to.equal(0n); + + const tx = this.vault.connect(this.holder).withdraw(0n, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances(this.token, [this.vault, this.recipient], [0n, 0n]); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, 0n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, 0n) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, 0n) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, 0n, 0n); + }); + + it('redeem', async function () { + expect(await this.vault.maxRedeem(this.holder)).to.equal(0n); + expect(await this.vault.previewRedeem(0n)).to.equal(0n); + + const tx = this.vault.connect(this.holder).redeem(0n, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances(this.token, [this.vault, this.recipient], [0n, 0n]); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, 0n); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, 0n) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, 0n) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, 0n, 0n); + }); + }); + + describe('full vault: assets & shares', function () { + beforeEach(async function () { + // Add 1 token of underlying asset and 100 shares to the vault + await this.token.$_mint(this.vault, parseToken(1n)); + await this.vault.$_mint(this.holder, parseShare(100n)); + }); + + it('status', async function () { + expect(await this.vault.totalSupply()).to.equal(parseShare(100n)); + expect(await this.vault.totalAssets()).to.equal(parseToken(1n)); + }); + + /** + * | offset | deposited assets | redeemable assets | + * |--------|--------------------- |----------------------| + * | 0 | 1.000000000000000000 | 0.999999999999999999 | + * | 6 | 1.000000000000000000 | 0.999999999999999999 | + * | 18 | 1.000000000000000000 | 0.999999999999999999 | + * + * Virtual shares & assets captures part of the value + */ + it('deposit', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const depositAssets = parseToken(1n); + const expectedShares = (depositAssets * effectiveShares) / effectiveAssets; + + expect(await this.vault.maxDeposit(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewDeposit(depositAssets)).to.equal(expectedShares); + + const tx = this.vault.connect(this.holder).deposit(depositAssets, this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-depositAssets, depositAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, expectedShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, depositAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, expectedShares) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, depositAssets, expectedShares); + }); + + /** + * | offset | deposited assets | redeemable assets | + * |--------|--------------------- |----------------------| + * | 0 | 0.010000000000000001 | 0.010000000000000000 | + * | 6 | 0.010000000000000001 | 0.010000000000000000 | + * | 18 | 0.010000000000000001 | 0.010000000000000000 | + * + * Virtual shares & assets captures part of the value + */ + it('mint', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const mintShares = parseShare(1n); + const expectedAssets = (mintShares * effectiveAssets) / effectiveShares + 1n; // add for the rounding + + expect(await this.vault.maxMint(this.holder)).to.equal(ethers.MaxUint256); + expect(await this.vault.previewMint(mintShares)).to.equal(expectedAssets); + + const tx = this.vault.connect(this.holder).mint(mintShares, this.recipient); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault], + [-expectedAssets, expectedAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.recipient, mintShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, expectedAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, mintShares) + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, expectedAssets, mintShares); + }); + + it('withdraw', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const withdrawAssets = parseToken(1n); + const expectedShares = (withdrawAssets * effectiveShares) / effectiveAssets + 1n; // add for the rounding + + expect(await this.vault.maxWithdraw(this.holder)).to.equal(withdrawAssets); + expect(await this.vault.previewWithdraw(withdrawAssets)).to.equal(expectedShares); + + const tx = this.vault.connect(this.holder).withdraw(withdrawAssets, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.vault, this.recipient], + [-withdrawAssets, withdrawAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, -expectedShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, withdrawAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, expectedShares) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, withdrawAssets, expectedShares); + }); + + it('withdraw with approval', async function () { + const assets = await this.vault.previewWithdraw(parseToken(1n)); + + await expect(this.vault.connect(this.other).withdraw(parseToken(1n), this.recipient, this.holder)) + .to.be.revertedWithCustomError(this.vault, 'ERC20InsufficientAllowance') + .withArgs(this.other, 0n, assets); + + await expect(this.vault.connect(this.spender).withdraw(parseToken(1n), this.recipient, this.holder)).to.not.be + .reverted; + }); + + it('redeem', async function () { + const effectiveAssets = (await this.vault.totalAssets()) + virtualAssets; + const effectiveShares = (await this.vault.totalSupply()) + virtualShares; + + const redeemShares = parseShare(100n); + const expectedAssets = (redeemShares * effectiveAssets) / effectiveShares; + + expect(await this.vault.maxRedeem(this.holder)).to.equal(redeemShares); + expect(await this.vault.previewRedeem(redeemShares)).to.equal(expectedAssets); + + const tx = this.vault.connect(this.holder).redeem(redeemShares, this.recipient, this.holder); + + await expect(tx).to.changeTokenBalances( + this.token, + [this.vault, this.recipient], + [-expectedAssets, expectedAssets], + ); + await expect(tx).to.changeTokenBalance(this.vault, this.holder, -redeemShares); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, expectedAssets) + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, redeemShares) + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, expectedAssets, redeemShares); + }); + + it('redeem with approval', async function () { + await expect(this.vault.connect(this.other).redeem(parseShare(100n), this.recipient, this.holder)) + .to.be.revertedWithCustomError(this.vault, 'ERC20InsufficientAllowance') + .withArgs(this.other, 0n, parseShare(100n)); + + await expect(this.vault.connect(this.spender).redeem(parseShare(100n), this.recipient, this.holder)).to.not.be + .reverted; + }); + }); + }); + } + + describe('ERC4626Fees', function () { + const feeBasisPoints = 500n; // 5% + const valueWithoutFees = 10_000n; + const fees = (valueWithoutFees * feeBasisPoints) / 10_000n; + const valueWithFees = valueWithoutFees + fees; + + describe('input fees', function () { + beforeEach(async function () { + const token = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, 18n]); + const vault = await ethers.deployContract('$ERC4626FeesMock', [ + '', + '', + token, + feeBasisPoints, + this.other, + 0n, + ethers.ZeroAddress, + ]); + + await token.$_mint(this.holder, ethers.MaxUint256 / 2n); + await token.$_approve(this.holder, vault, ethers.MaxUint256 / 2n); + + Object.assign(this, { token, vault }); + }); + + it('deposit', async function () { + expect(await this.vault.previewDeposit(valueWithFees)).to.equal(valueWithoutFees); + this.tx = this.vault.connect(this.holder).deposit(valueWithFees, this.recipient); + }); + + it('mint', async function () { + expect(await this.vault.previewMint(valueWithoutFees)).to.equal(valueWithFees); + this.tx = this.vault.connect(this.holder).mint(valueWithoutFees, this.recipient); + }); + + afterEach(async function () { + await expect(this.tx).to.changeTokenBalances( + this.token, + [this.holder, this.vault, this.other], + [-valueWithFees, valueWithoutFees, fees], + ); + await expect(this.tx).to.changeTokenBalance(this.vault, this.recipient, valueWithoutFees); + await expect(this.tx) + // get total + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.vault, valueWithFees) + // redirect fees + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.other, fees) + // mint shares + .to.emit(this.vault, 'Transfer') + .withArgs(ethers.ZeroAddress, this.recipient, valueWithoutFees) + // deposit event + .to.emit(this.vault, 'Deposit') + .withArgs(this.holder, this.recipient, valueWithFees, valueWithoutFees); + }); + }); + + describe('output fees', function () { + beforeEach(async function () { + const token = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, 18n]); + const vault = await ethers.deployContract('$ERC4626FeesMock', [ + '', + '', + token, + 0n, + ethers.ZeroAddress, + feeBasisPoints, + this.other, + ]); + + await token.$_mint(vault, ethers.MaxUint256 / 2n); + await vault.$_mint(this.holder, ethers.MaxUint256 / 2n); + + Object.assign(this, { token, vault }); + }); + + it('redeem', async function () { + expect(await this.vault.previewRedeem(valueWithFees)).to.equal(valueWithoutFees); + this.tx = this.vault.connect(this.holder).redeem(valueWithFees, this.recipient, this.holder); + }); + + it('withdraw', async function () { + expect(await this.vault.previewWithdraw(valueWithoutFees)).to.equal(valueWithFees); + this.tx = this.vault.connect(this.holder).withdraw(valueWithoutFees, this.recipient, this.holder); + }); + + afterEach(async function () { + await expect(this.tx).to.changeTokenBalances( + this.token, + [this.vault, this.recipient, this.other], + [-valueWithFees, valueWithoutFees, fees], + ); + await expect(this.tx).to.changeTokenBalance(this.vault, this.holder, -valueWithFees); + await expect(this.tx) + // withdraw principal + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.recipient, valueWithoutFees) + // redirect fees + .to.emit(this.token, 'Transfer') + .withArgs(this.vault, this.other, fees) + // mint shares + .to.emit(this.vault, 'Transfer') + .withArgs(this.holder, ethers.ZeroAddress, valueWithFees) + // withdraw event + .to.emit(this.vault, 'Withdraw') + .withArgs(this.holder, this.recipient, this.holder, valueWithoutFees, valueWithFees); + }); + }); + }); + + /// Scenario inspired by solmate ERC4626 tests: + /// https://github.com/transmissions11/solmate/blob/main/src/test/ERC4626.t.sol + it('multiple mint, deposit, redeem & withdrawal', async function () { + // test designed with both asset using similar decimals + const [alice, bruce] = this.accounts; + const token = await ethers.deployContract('$ERC20DecimalsMock', [name, symbol, 18n]); + const vault = await ethers.deployContract('$ERC4626', ['', '', token]); + + await token.$_mint(alice, 4000n); + await token.$_mint(bruce, 7001n); + await token.connect(alice).approve(vault, 4000n); + await token.connect(bruce).approve(vault, 7001n); + + // 1. Alice mints 2000 shares (costs 2000 tokens) + await expect(vault.connect(alice).mint(2000n, alice)) + .to.emit(token, 'Transfer') + .withArgs(alice, vault, 2000n) + .to.emit(vault, 'Transfer') + .withArgs(ethers.ZeroAddress, alice, 2000n); + + expect(await vault.previewDeposit(2000n)).to.equal(2000n); + expect(await vault.balanceOf(alice)).to.equal(2000n); + expect(await vault.balanceOf(bruce)).to.equal(0n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(2000n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(0n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(2000n); + expect(await vault.totalSupply()).to.equal(2000n); + expect(await vault.totalAssets()).to.equal(2000n); + + // 2. Bruce deposits 4000 tokens (mints 4000 shares) + await expect(vault.connect(bruce).mint(4000n, bruce)) + .to.emit(token, 'Transfer') + .withArgs(bruce, vault, 4000n) + .to.emit(vault, 'Transfer') + .withArgs(ethers.ZeroAddress, bruce, 4000n); + + expect(await vault.previewDeposit(4000n)).to.equal(4000n); + expect(await vault.balanceOf(alice)).to.equal(2000n); + expect(await vault.balanceOf(bruce)).to.equal(4000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(2000n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(4000n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(6000n); + expect(await vault.totalSupply()).to.equal(6000n); + expect(await vault.totalAssets()).to.equal(6000n); + + // 3. Vault mutates by +3000 tokens (simulated yield returned from strategy) + await token.$_mint(vault, 3000n); + + expect(await vault.balanceOf(alice)).to.equal(2000n); + expect(await vault.balanceOf(bruce)).to.equal(4000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(2999n); // used to be 3000, but virtual assets/shares captures part of the yield + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(5999n); // used to be 6000, but virtual assets/shares captures part of the yield + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(6000n); + expect(await vault.totalSupply()).to.equal(6000n); + expect(await vault.totalAssets()).to.equal(9000n); + + // 4. Alice deposits 2000 tokens (mints 1333 shares) + await expect(vault.connect(alice).deposit(2000n, alice)) + .to.emit(token, 'Transfer') + .withArgs(alice, vault, 2000n) + .to.emit(vault, 'Transfer') + .withArgs(ethers.ZeroAddress, alice, 1333n); + + expect(await vault.balanceOf(alice)).to.equal(3333n); + expect(await vault.balanceOf(bruce)).to.equal(4000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(4999n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(6000n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(7333n); + expect(await vault.totalSupply()).to.equal(7333n); + expect(await vault.totalAssets()).to.equal(11000n); + + // 5. Bruce mints 2000 shares (costs 3001 assets) + // NOTE: Bruce's assets spent got rounded towards infinity + // NOTE: Alices's vault assets got rounded towards infinity + await expect(vault.connect(bruce).mint(2000n, bruce)) + .to.emit(token, 'Transfer') + .withArgs(bruce, vault, 3000n) + .to.emit(vault, 'Transfer') + .withArgs(ethers.ZeroAddress, bruce, 2000n); + + expect(await vault.balanceOf(alice)).to.equal(3333n); + expect(await vault.balanceOf(bruce)).to.equal(6000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(4999n); // used to be 5000 + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(9000n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(9333n); + expect(await vault.totalSupply()).to.equal(9333n); + expect(await vault.totalAssets()).to.equal(14000n); // used to be 14001 + + // 6. Vault mutates by +3000 tokens + // NOTE: Vault holds 17001 tokens, but sum of assetsOf() is 17000. + await token.$_mint(vault, 3000n); + + expect(await vault.balanceOf(alice)).to.equal(3333n); + expect(await vault.balanceOf(bruce)).to.equal(6000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(6070n); // used to be 6071 + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(10928n); // used to be 10929 + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(9333n); + expect(await vault.totalSupply()).to.equal(9333n); + expect(await vault.totalAssets()).to.equal(17000n); // used to be 17001 + + // 7. Alice redeem 1333 shares (2428 assets) + await expect(vault.connect(alice).redeem(1333n, alice, alice)) + .to.emit(vault, 'Transfer') + .withArgs(alice, ethers.ZeroAddress, 1333n) + .to.emit(token, 'Transfer') + .withArgs(vault, alice, 2427n); // used to be 2428 + + expect(await vault.balanceOf(alice)).to.equal(2000n); + expect(await vault.balanceOf(bruce)).to.equal(6000n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(3643n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(10929n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(8000n); + expect(await vault.totalSupply()).to.equal(8000n); + expect(await vault.totalAssets()).to.equal(14573n); + + // 8. Bruce withdraws 2929 assets (1608 shares) + await expect(vault.connect(bruce).withdraw(2929n, bruce, bruce)) + .to.emit(vault, 'Transfer') + .withArgs(bruce, ethers.ZeroAddress, 1608n) + .to.emit(token, 'Transfer') + .withArgs(vault, bruce, 2929n); + + expect(await vault.balanceOf(alice)).to.equal(2000n); + expect(await vault.balanceOf(bruce)).to.equal(4392n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(3643n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(8000n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(6392n); + expect(await vault.totalSupply()).to.equal(6392n); + expect(await vault.totalAssets()).to.equal(11644n); + + // 9. Alice withdraws 3643 assets (2000 shares) + // NOTE: Bruce's assets have been rounded back towards infinity + await expect(vault.connect(alice).withdraw(3643n, alice, alice)) + .to.emit(vault, 'Transfer') + .withArgs(alice, ethers.ZeroAddress, 2000n) + .to.emit(token, 'Transfer') + .withArgs(vault, alice, 3643n); + + expect(await vault.balanceOf(alice)).to.equal(0n); + expect(await vault.balanceOf(bruce)).to.equal(4392n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(0n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(8000n); // used to be 8001 + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(4392n); + expect(await vault.totalSupply()).to.equal(4392n); + expect(await vault.totalAssets()).to.equal(8001n); + + // 10. Bruce redeem 4392 shares (8001 tokens) + await expect(vault.connect(bruce).redeem(4392n, bruce, bruce)) + .to.emit(vault, 'Transfer') + .withArgs(bruce, ethers.ZeroAddress, 4392n) + .to.emit(token, 'Transfer') + .withArgs(vault, bruce, 8000n); // used to be 8001 + + expect(await vault.balanceOf(alice)).to.equal(0n); + expect(await vault.balanceOf(bruce)).to.equal(0n); + expect(await vault.convertToAssets(await vault.balanceOf(alice))).to.equal(0n); + expect(await vault.convertToAssets(await vault.balanceOf(bruce))).to.equal(0n); + expect(await vault.convertToShares(await token.balanceOf(vault))).to.equal(0n); + expect(await vault.totalSupply()).to.equal(0n); + expect(await vault.totalAssets()).to.equal(1n); // used to be 0 + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/extensions/draft-ERC20TemporaryApproval.test.js b/dependencies/@openzeppelin/test/token/ERC20/extensions/draft-ERC20TemporaryApproval.test.js new file mode 100644 index 00000000..a1f6362a --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/extensions/draft-ERC20TemporaryApproval.test.js @@ -0,0 +1,142 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { max, min } = require('../../../helpers/math.js'); + +const { shouldBehaveLikeERC20 } = require('../ERC20.behavior.js'); + +const name = 'My Token'; +const symbol = 'MTKN'; +const initialSupply = 100n; + +async function fixture() { + // this.accounts is used by shouldBehaveLikeERC20 + const accounts = await ethers.getSigners(); + const [holder, recipient, other] = accounts; + + const token = await ethers.deployContract('$ERC20TemporaryApproval', [name, symbol]); + await token.$_mint(holder, initialSupply); + + const spender = await ethers.deployContract('$Address'); + const batch = await ethers.deployContract('BatchCaller'); + const getter = await ethers.deployContract('ERC20GetterHelper'); + + return { accounts, holder, recipient, other, token, spender, batch, getter }; +} + +describe('ERC20TemporaryApproval', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeERC20(initialSupply); + + describe('setting and spending temporary allowance', function () { + beforeEach(async function () { + await this.token.connect(this.holder).transfer(this.batch, initialSupply); + }); + + for (let { + description, + persistentAllowance, + temporaryAllowance, + amount, + temporaryExpected, + persistentExpected, + } of [ + { description: 'can set temporary allowance', temporaryAllowance: 42n }, + { + description: 'can set temporary allowance on top of persistent allowance', + temporaryAllowance: 42n, + persistentAllowance: 17n, + }, + { description: 'support allowance overflow', temporaryAllowance: ethers.MaxUint256, persistentAllowance: 17n }, + { description: 'consuming temporary allowance alone', temporaryAllowance: 42n, amount: 2n }, + { + description: 'fallback to persistent allowance if temporary allowance is not sufficient', + temporaryAllowance: 42n, + persistentAllowance: 17n, + amount: 50n, + }, + { + description: 'do not reduce infinite temporary allowance #1', + temporaryAllowance: ethers.MaxUint256, + amount: 50n, + temporaryExpected: ethers.MaxUint256, + }, + { + description: 'do not reduce infinite temporary allowance #2', + temporaryAllowance: 17n, + persistentAllowance: ethers.MaxUint256, + amount: 50n, + temporaryExpected: ethers.MaxUint256, + persistentExpected: ethers.MaxUint256, + }, + ]) { + persistentAllowance ??= 0n; + temporaryAllowance ??= 0n; + amount ??= 0n; + temporaryExpected ??= min(persistentAllowance + temporaryAllowance - amount, ethers.MaxUint256); + persistentExpected ??= persistentAllowance - max(amount - temporaryAllowance, 0n); + + it(description, async function () { + await expect( + this.batch.execute( + [ + persistentAllowance && { + target: this.token, + value: 0n, + data: this.token.interface.encodeFunctionData('approve', [this.spender.target, persistentAllowance]), + }, + temporaryAllowance && { + target: this.token, + value: 0n, + data: this.token.interface.encodeFunctionData('temporaryApprove', [ + this.spender.target, + temporaryAllowance, + ]), + }, + amount && { + target: this.spender, + value: 0n, + data: this.spender.interface.encodeFunctionData('$functionCall', [ + this.token.target, + this.token.interface.encodeFunctionData('transferFrom', [ + this.batch.target, + this.recipient.address, + amount, + ]), + ]), + }, + { + target: this.getter, + value: 0n, + data: this.getter.interface.encodeFunctionData('allowance', [ + this.token.target, + this.batch.target, + this.spender.target, + ]), + }, + ].filter(Boolean), + ), + ) + .to.emit(this.getter, 'ERC20Allowance') + .withArgs(this.token, this.batch, this.spender, temporaryExpected); + + expect(await this.token.allowance(this.batch, this.spender)).to.equal(persistentExpected); + }); + } + + it('reverts when the recipient is the zero address', async function () { + await expect(this.token.connect(this.holder).temporaryApprove(ethers.ZeroAddress, 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidSpender') + .withArgs(ethers.ZeroAddress); + }); + + it('reverts when the token owner is the zero address', async function () { + await expect(this.token.$_temporaryApprove(ethers.ZeroAddress, this.recipient, 1n)) + .to.be.revertedWithCustomError(this.token, 'ERC20InvalidApprover') + .withArgs(ethers.ZeroAddress); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC20/utils/SafeERC20.test.js b/dependencies/@openzeppelin/test/token/ERC20/utils/SafeERC20.test.js new file mode 100644 index 00000000..16b72bd6 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC20/utils/SafeERC20.test.js @@ -0,0 +1,427 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'ERC20Mock'; +const symbol = 'ERC20Mock'; +const value = 100n; +const data = '0x12345678'; + +async function fixture() { + const [hasNoCode, owner, receiver, spender, other] = await ethers.getSigners(); + + const mock = await ethers.deployContract('$SafeERC20'); + const erc20ReturnFalseMock = await ethers.deployContract('$ERC20ReturnFalseMock', [name, symbol]); + const erc20ReturnTrueMock = await ethers.deployContract('$ERC20', [name, symbol]); // default implementation returns true + const erc20NoReturnMock = await ethers.deployContract('$ERC20NoReturnMock', [name, symbol]); + const erc20ForceApproveMock = await ethers.deployContract('$ERC20ForceApproveMock', [name, symbol]); + const erc1363Mock = await ethers.deployContract('$ERC1363', [name, symbol]); + const erc1363ReturnFalseOnErc20Mock = await ethers.deployContract('$ERC1363ReturnFalseOnERC20Mock', [name, symbol]); + const erc1363ReturnFalseMock = await ethers.deployContract('$ERC1363ReturnFalseMock', [name, symbol]); + const erc1363NoReturnMock = await ethers.deployContract('$ERC1363NoReturnMock', [name, symbol]); + const erc1363ForceApproveMock = await ethers.deployContract('$ERC1363ForceApproveMock', [name, symbol]); + const erc1363Receiver = await ethers.deployContract('$ERC1363ReceiverMock'); + const erc1363Spender = await ethers.deployContract('$ERC1363SpenderMock'); + + return { + hasNoCode, + owner, + receiver, + spender, + other, + mock, + erc20ReturnFalseMock, + erc20ReturnTrueMock, + erc20NoReturnMock, + erc20ForceApproveMock, + erc1363Mock, + erc1363ReturnFalseOnErc20Mock, + erc1363ReturnFalseMock, + erc1363NoReturnMock, + erc1363ForceApproveMock, + erc1363Receiver, + erc1363Spender, + }; +} + +describe('SafeERC20', function () { + before(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('with address that has no contract code', function () { + beforeEach(async function () { + this.token = this.hasNoCode; + }); + + it('reverts on transfer', async function () { + await expect(this.mock.$safeTransfer(this.token, this.receiver, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on transferFrom', async function () { + await expect(this.mock.$safeTransferFrom(this.token, this.mock, this.receiver, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on increaseAllowance', async function () { + // Call to 'token.allowance' does not return any data, resulting in a decoding error (revert without reason) + await expect(this.mock.$safeIncreaseAllowance(this.token, this.spender, 0n)).to.be.revertedWithoutReason(); + }); + + it('reverts on decreaseAllowance', async function () { + // Call to 'token.allowance' does not return any data, resulting in a decoding error (revert without reason) + await expect(this.mock.$safeDecreaseAllowance(this.token, this.spender, 0n)).to.be.revertedWithoutReason(); + }); + + it('reverts on forceApprove', async function () { + await expect(this.mock.$forceApprove(this.token, this.spender, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + }); + + describe('with token that returns false on all calls', function () { + beforeEach(async function () { + this.token = this.erc20ReturnFalseMock; + }); + + it('reverts on transfer', async function () { + await expect(this.mock.$safeTransfer(this.token, this.receiver, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on transferFrom', async function () { + await expect(this.mock.$safeTransferFrom(this.token, this.mock, this.receiver, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on increaseAllowance', async function () { + await expect(this.mock.$safeIncreaseAllowance(this.token, this.spender, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on decreaseAllowance', async function () { + await expect(this.mock.$safeDecreaseAllowance(this.token, this.spender, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on forceApprove', async function () { + await expect(this.mock.$forceApprove(this.token, this.spender, 0n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + }); + + describe('with token that returns true on all calls', function () { + beforeEach(async function () { + this.token = this.erc20ReturnTrueMock; + }); + + shouldOnlyRevertOnErrors(); + }); + + describe('with token that returns no boolean values', function () { + beforeEach(async function () { + this.token = this.erc20NoReturnMock; + }); + + shouldOnlyRevertOnErrors(); + }); + + describe('with usdt approval behaviour', function () { + beforeEach(async function () { + this.token = this.erc20ForceApproveMock; + }); + + describe('with initial approval', function () { + beforeEach(async function () { + await this.token.$_approve(this.mock, this.spender, 100n); + }); + + it('safeIncreaseAllowance works', async function () { + await this.mock.$safeIncreaseAllowance(this.token, this.spender, 10n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(110n); + }); + + it('safeDecreaseAllowance works', async function () { + await this.mock.$safeDecreaseAllowance(this.token, this.spender, 10n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(90n); + }); + + it('forceApprove works', async function () { + await this.mock.$forceApprove(this.token, this.spender, 200n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(200n); + }); + }); + }); + + describe('with standard ERC1363', function () { + beforeEach(async function () { + this.token = this.erc1363Mock; + }); + + shouldOnlyRevertOnErrors(); + + describe('transferAndCall', function () { + it('cannot transferAndCall to an EOA directly', async function () { + await this.token.$_mint(this.owner, 100n); + + await expect(this.token.connect(this.owner).transferAndCall(this.receiver, value, ethers.Typed.bytes(data))) + .to.be.revertedWithCustomError(this.token, 'ERC1363InvalidReceiver') + .withArgs(this.receiver); + }); + + it('can transferAndCall to an EOA using helper', async function () { + await this.token.$_mint(this.mock, value); + + await expect(this.mock.$transferAndCallRelaxed(this.token, this.receiver, value, data)) + .to.emit(this.token, 'Transfer') + .withArgs(this.mock, this.receiver, value); + }); + + it('can transferAndCall to an ERC1363Receiver using helper', async function () { + await this.token.$_mint(this.mock, value); + + await expect(this.mock.$transferAndCallRelaxed(this.token, this.erc1363Receiver, value, data)) + .to.emit(this.token, 'Transfer') + .withArgs(this.mock, this.erc1363Receiver, value) + .to.emit(this.erc1363Receiver, 'Received') + .withArgs(this.mock, this.mock, value, data); + }); + }); + + describe('transferFromAndCall', function () { + it('can transferFromAndCall to an EOA using helper', async function () { + await this.token.$_mint(this.owner, value); + await this.token.$_approve(this.owner, this.mock, ethers.MaxUint256); + + await expect(this.mock.$transferFromAndCallRelaxed(this.token, this.owner, this.receiver, value, data)) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, this.receiver, value); + }); + + it('can transferFromAndCall to an ERC1363Receiver using helper', async function () { + await this.token.$_mint(this.owner, value); + await this.token.$_approve(this.owner, this.mock, ethers.MaxUint256); + + await expect(this.mock.$transferFromAndCallRelaxed(this.token, this.owner, this.erc1363Receiver, value, data)) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, this.erc1363Receiver, value) + .to.emit(this.erc1363Receiver, 'Received') + .withArgs(this.mock, this.owner, value, data); + }); + }); + + describe('approveAndCall', function () { + it('can approveAndCall to an EOA using helper', async function () { + await expect(this.mock.$approveAndCallRelaxed(this.token, this.receiver, value, data)) + .to.emit(this.token, 'Approval') + .withArgs(this.mock, this.receiver, value); + }); + + it('can approveAndCall to an ERC1363Spender using helper', async function () { + await expect(this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, value, data)) + .to.emit(this.token, 'Approval') + .withArgs(this.mock, this.erc1363Spender, value) + .to.emit(this.erc1363Spender, 'Approved') + .withArgs(this.mock, value, data); + }); + }); + }); + + describe('with ERC1363 that returns false on all ERC20 calls', function () { + beforeEach(async function () { + this.token = this.erc1363ReturnFalseOnErc20Mock; + }); + + it('reverts on transferAndCallRelaxed', async function () { + await expect(this.mock.$transferAndCallRelaxed(this.token, this.erc1363Receiver, 0n, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1363TransferFailed') + .withArgs(this.erc1363Receiver, 0n); + }); + + it('reverts on transferFromAndCallRelaxed', async function () { + await expect(this.mock.$transferFromAndCallRelaxed(this.token, this.mock, this.erc1363Receiver, 0n, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1363TransferFromFailed') + .withArgs(this.mock, this.erc1363Receiver, 0n); + }); + + it('reverts on approveAndCallRelaxed', async function () { + await expect(this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, 0n, data)) + .to.be.revertedWithCustomError(this.token, 'ERC1363ApproveFailed') + .withArgs(this.erc1363Spender, 0n); + }); + }); + + describe('with ERC1363 that returns false on all ERC1363 calls', function () { + beforeEach(async function () { + this.token = this.erc1363ReturnFalseMock; + }); + + it('reverts on transferAndCallRelaxed', async function () { + await expect(this.mock.$transferAndCallRelaxed(this.token, this.erc1363Receiver, 0n, data)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on transferFromAndCallRelaxed', async function () { + await expect(this.mock.$transferFromAndCallRelaxed(this.token, this.mock, this.erc1363Receiver, 0n, data)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + + it('reverts on approveAndCallRelaxed', async function () { + await expect(this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, 0n, data)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedOperation') + .withArgs(this.token); + }); + }); + + describe('with ERC1363 that returns no boolean values', function () { + beforeEach(async function () { + this.token = this.erc1363NoReturnMock; + }); + + it('reverts on transferAndCallRelaxed', async function () { + await expect( + this.mock.$transferAndCallRelaxed(this.token, this.erc1363Receiver, 0n, data), + ).to.be.revertedWithoutReason(); + }); + + it('reverts on transferFromAndCallRelaxed', async function () { + await expect( + this.mock.$transferFromAndCallRelaxed(this.token, this.mock, this.erc1363Receiver, 0n, data), + ).to.be.revertedWithoutReason(); + }); + + it('reverts on approveAndCallRelaxed', async function () { + await expect( + this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, 0n, data), + ).to.be.revertedWithoutReason(); + }); + }); + + describe('with ERC1363 with usdt approval behaviour', function () { + beforeEach(async function () { + this.token = this.erc1363ForceApproveMock; + }); + + describe('without initial approval', function () { + it('approveAndCallRelaxed works when recipient is an EOA', async function () { + await this.mock.$approveAndCallRelaxed(this.token, this.spender, 10n, data); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(10n); + }); + + it('approveAndCallRelaxed works when recipient is a contract', async function () { + await this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, 10n, data); + expect(await this.token.allowance(this.mock, this.erc1363Spender)).to.equal(10n); + }); + }); + + describe('with initial approval', function () { + it('approveAndCallRelaxed works when recipient is an EOA', async function () { + await this.token.$_approve(this.mock, this.spender, 100n); + + await this.mock.$approveAndCallRelaxed(this.token, this.spender, 10n, data); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(10n); + }); + + it('approveAndCallRelaxed reverts when recipient is a contract', async function () { + await this.token.$_approve(this.mock, this.erc1363Spender, 100n); + await expect(this.mock.$approveAndCallRelaxed(this.token, this.erc1363Spender, 10n, data)).to.be.revertedWith( + 'USDT approval failure', + ); + }); + }); + }); +}); + +function shouldOnlyRevertOnErrors() { + describe('transfers', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, 100n); + await this.token.$_mint(this.mock, 100n); + await this.token.$_approve(this.owner, this.mock, ethers.MaxUint256); + }); + + it("doesn't revert on transfer", async function () { + await expect(this.mock.$safeTransfer(this.token, this.receiver, 10n)) + .to.emit(this.token, 'Transfer') + .withArgs(this.mock, this.receiver, 10n); + }); + + it("doesn't revert on transferFrom", async function () { + await expect(this.mock.$safeTransferFrom(this.token, this.owner, this.receiver, 10n)) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, this.receiver, 10n); + }); + }); + + describe('approvals', function () { + describe('with zero allowance', function () { + beforeEach(async function () { + await this.token.$_approve(this.mock, this.spender, 0n); + }); + + it("doesn't revert when force approving a non-zero allowance", async function () { + await this.mock.$forceApprove(this.token, this.spender, 100n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(100n); + }); + + it("doesn't revert when force approving a zero allowance", async function () { + await this.mock.$forceApprove(this.token, this.spender, 0n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(0n); + }); + + it("doesn't revert when increasing the allowance", async function () { + await this.mock.$safeIncreaseAllowance(this.token, this.spender, 10n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(10n); + }); + + it('reverts when decreasing the allowance', async function () { + await expect(this.mock.$safeDecreaseAllowance(this.token, this.spender, 10n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedDecreaseAllowance') + .withArgs(this.spender, 0n, 10n); + }); + }); + + describe('with non-zero allowance', function () { + beforeEach(async function () { + await this.token.$_approve(this.mock, this.spender, 100n); + }); + + it("doesn't revert when force approving a non-zero allowance", async function () { + await this.mock.$forceApprove(this.token, this.spender, 20n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(20n); + }); + + it("doesn't revert when force approving a zero allowance", async function () { + await this.mock.$forceApprove(this.token, this.spender, 0n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(0n); + }); + + it("doesn't revert when increasing the allowance", async function () { + await this.mock.$safeIncreaseAllowance(this.token, this.spender, 10n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(110n); + }); + + it("doesn't revert when decreasing the allowance to a positive value", async function () { + await this.mock.$safeDecreaseAllowance(this.token, this.spender, 50n); + expect(await this.token.allowance(this.mock, this.spender)).to.equal(50n); + }); + + it('reverts when decreasing the allowance to a negative value', async function () { + await expect(this.mock.$safeDecreaseAllowance(this.token, this.spender, 200n)) + .to.be.revertedWithCustomError(this.mock, 'SafeERC20FailedDecreaseAllowance') + .withArgs(this.spender, 100n, 200n); + }); + }); + }); +} diff --git a/dependencies/@openzeppelin/test/token/ERC721/ERC721.behavior.js b/dependencies/@openzeppelin/test/token/ERC721/ERC721.behavior.js new file mode 100644 index 00000000..b9dd80d6 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/ERC721.behavior.js @@ -0,0 +1,972 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); +const { anyValue } = require('@nomicfoundation/hardhat-chai-matchers/withArgs'); + +const { shouldSupportInterfaces } = require('../../utils/introspection/SupportsInterface.behavior'); +const { RevertType } = require('../../helpers/enums'); + +const firstTokenId = 5042n; +const secondTokenId = 79217n; +const nonExistentTokenId = 13n; +const fourthTokenId = 4n; +const baseURI = 'https://api.example.com/v1/'; + +const RECEIVER_MAGIC_VALUE = '0x150b7a02'; + +function shouldBehaveLikeERC721() { + beforeEach(async function () { + const [owner, newOwner, approved, operator, other] = this.accounts; + Object.assign(this, { owner, newOwner, approved, operator, other }); + }); + + shouldSupportInterfaces(['ERC721']); + + describe('with minted tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + await this.token.$_mint(this.owner, secondTokenId); + this.to = this.other; + }); + + describe('balanceOf', function () { + describe('when the given address owns some tokens', function () { + it('returns the amount of tokens owned by the given address', async function () { + expect(await this.token.balanceOf(this.owner)).to.equal(2n); + }); + }); + + describe('when the given address does not own any tokens', function () { + it('returns 0', async function () { + expect(await this.token.balanceOf(this.other)).to.equal(0n); + }); + }); + + describe('when querying the zero address', function () { + it('throws', async function () { + await expect(this.token.balanceOf(ethers.ZeroAddress)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidOwner') + .withArgs(ethers.ZeroAddress); + }); + }); + }); + + describe('ownerOf', function () { + describe('when the given token ID was tracked by this token', function () { + const tokenId = firstTokenId; + + it('returns the owner of the given token ID', async function () { + expect(await this.token.ownerOf(tokenId)).to.equal(this.owner); + }); + }); + + describe('when the given token ID was not tracked by this token', function () { + const tokenId = nonExistentTokenId; + + it('reverts', async function () { + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + }); + }); + }); + + describe('transfers', function () { + const tokenId = firstTokenId; + const data = '0x42'; + + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.approved, tokenId); + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + }); + + const transferWasSuccessful = () => { + it('transfers the ownership of the given token ID to the given address', async function () { + await this.tx(); + expect(await this.token.ownerOf(tokenId)).to.equal(this.to); + }); + + it('emits a Transfer event', async function () { + await expect(this.tx()).to.emit(this.token, 'Transfer').withArgs(this.owner, this.to, tokenId); + }); + + it('clears the approval for the token ID with no event', async function () { + await expect(this.tx()).to.not.emit(this.token, 'Approval'); + + expect(await this.token.getApproved(tokenId)).to.equal(ethers.ZeroAddress); + }); + + it('adjusts owners balances', async function () { + const balanceBefore = await this.token.balanceOf(this.owner); + await this.tx(); + expect(await this.token.balanceOf(this.owner)).to.equal(balanceBefore - 1n); + }); + + it('adjusts owners tokens by index', async function () { + if (!this.token.tokenOfOwnerByIndex) return; + + await this.tx(); + expect(await this.token.tokenOfOwnerByIndex(this.to, 0n)).to.equal(tokenId); + expect(await this.token.tokenOfOwnerByIndex(this.owner, 0n)).to.not.equal(tokenId); + }); + }; + + const shouldTransferTokensByUsers = function (fragment, opts = {}) { + describe('when called by the owner', function () { + beforeEach(async function () { + this.tx = () => + this.token.connect(this.owner)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? [])); + }); + transferWasSuccessful(); + }); + + describe('when called by the approved individual', function () { + beforeEach(async function () { + this.tx = () => + this.token.connect(this.approved)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? [])); + }); + transferWasSuccessful(); + }); + + describe('when called by the operator', function () { + beforeEach(async function () { + this.tx = () => + this.token.connect(this.operator)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? [])); + }); + transferWasSuccessful(); + }); + + describe('when called by the owner without an approved user', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(ethers.ZeroAddress, tokenId); + this.tx = () => + this.token.connect(this.operator)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? [])); + }); + transferWasSuccessful(); + }); + + describe('when sent to the owner', function () { + beforeEach(async function () { + this.tx = () => + this.token.connect(this.owner)[fragment](this.owner, this.owner, tokenId, ...(opts.extra ?? [])); + }); + + it('keeps ownership of the token', async function () { + await this.tx(); + expect(await this.token.ownerOf(tokenId)).to.equal(this.owner); + }); + + it('clears the approval for the token ID', async function () { + await this.tx(); + expect(await this.token.getApproved(tokenId)).to.equal(ethers.ZeroAddress); + }); + + it('emits only a transfer event', async function () { + await expect(this.tx()).to.emit(this.token, 'Transfer').withArgs(this.owner, this.owner, tokenId); + }); + + it('keeps the owner balance', async function () { + const balanceBefore = await this.token.balanceOf(this.owner); + await this.tx(); + expect(await this.token.balanceOf(this.owner)).to.equal(balanceBefore); + }); + + it('keeps same tokens by index', async function () { + if (!this.token.tokenOfOwnerByIndex) return; + + expect(await Promise.all([0n, 1n].map(i => this.token.tokenOfOwnerByIndex(this.owner, i)))).to.have.members( + [firstTokenId, secondTokenId], + ); + }); + }); + + describe('when the address of the previous owner is incorrect', function () { + it('reverts', async function () { + await expect( + this.token.connect(this.owner)[fragment](this.other, this.other, tokenId, ...(opts.extra ?? [])), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721IncorrectOwner') + .withArgs(this.other, tokenId, this.owner); + }); + }); + + describe('when the sender is not authorized for the token id', function () { + if (opts.unrestricted) { + it('does not revert', async function () { + await this.token.connect(this.other)[fragment](this.owner, this.other, tokenId, ...(opts.extra ?? [])); + }); + } else { + it('reverts', async function () { + await expect( + this.token.connect(this.other)[fragment](this.owner, this.other, tokenId, ...(opts.extra ?? [])), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721InsufficientApproval') + .withArgs(this.other, tokenId); + }); + } + }); + + describe('when the given token ID does not exist', function () { + it('reverts', async function () { + await expect( + this.token + .connect(this.owner) + [fragment](this.owner, this.other, nonExistentTokenId, ...(opts.extra ?? [])), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + }); + + describe('when the address to transfer the token to is the zero address', function () { + it('reverts', async function () { + await expect( + this.token.connect(this.owner)[fragment](this.owner, ethers.ZeroAddress, tokenId, ...(opts.extra ?? [])), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + }); + }; + + const shouldTransferSafely = function (fragment, data, opts = {}) { + // sanity + it('function exists', async function () { + expect(this.token.interface.hasFunction(fragment)).to.be.true; + }); + + describe('to a user account', function () { + shouldTransferTokensByUsers(fragment, opts); + }); + + describe('to a valid receiver contract', function () { + beforeEach(async function () { + this.to = await ethers.deployContract('ERC721ReceiverMock', [RECEIVER_MAGIC_VALUE, RevertType.None]); + }); + + shouldTransferTokensByUsers(fragment, opts); + + it('calls onERC721Received', async function () { + await expect(this.token.connect(this.owner)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? []))) + .to.emit(this.to, 'Received') + .withArgs(this.owner, this.owner, tokenId, data, anyValue); + }); + + it('calls onERC721Received from approved', async function () { + await expect( + this.token.connect(this.approved)[fragment](this.owner, this.to, tokenId, ...(opts.extra ?? [])), + ) + .to.emit(this.to, 'Received') + .withArgs(this.approved, this.owner, tokenId, data, anyValue); + }); + + describe('with an invalid token id', function () { + it('reverts', async function () { + await expect( + this.token + .connect(this.approved) + [fragment](this.owner, this.to, nonExistentTokenId, ...(opts.extra ?? [])), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + }); + }); + }; + + for (const { fnName, opts } of [ + { fnName: 'transferFrom', opts: {} }, + { fnName: '$_transfer', opts: { unrestricted: true } }, + ]) { + describe(`via ${fnName}`, function () { + shouldTransferTokensByUsers(fnName, opts); + }); + } + + for (const { fnName, opts } of [ + { fnName: 'safeTransferFrom', opts: {} }, + { fnName: '$_safeTransfer', opts: { unrestricted: true } }, + ]) { + describe(`via ${fnName}`, function () { + describe('with data', function () { + shouldTransferSafely(fnName, data, { ...opts, extra: [ethers.Typed.bytes(data)] }); + }); + + describe('without data', function () { + shouldTransferSafely(fnName, '0x', opts); + }); + + describe('to a receiver contract returning unexpected value', function () { + it('reverts', async function () { + const invalidReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + '0xdeadbeef', + RevertType.None, + ]); + + await expect(this.token.connect(this.owner)[fnName](this.owner, invalidReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(invalidReceiver); + }); + }); + + describe('to a receiver contract that reverts with message', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithMessage, + ]); + + await expect( + this.token.connect(this.owner)[fnName](this.owner, revertingReceiver, tokenId), + ).to.be.revertedWith('ERC721ReceiverMock: reverting'); + }); + }); + + describe('to a receiver contract that reverts without message', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithoutMessage, + ]); + + await expect(this.token.connect(this.owner)[fnName](this.owner, revertingReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(revertingReceiver); + }); + }); + + describe('to a receiver contract that reverts with custom error', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithCustomError, + ]); + + await expect(this.token.connect(this.owner)[fnName](this.owner, revertingReceiver, tokenId)) + .to.be.revertedWithCustomError(revertingReceiver, 'CustomError') + .withArgs(RECEIVER_MAGIC_VALUE); + }); + }); + + describe('to a receiver contract that panics', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.Panic, + ]); + + await expect( + this.token.connect(this.owner)[fnName](this.owner, revertingReceiver, tokenId), + ).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + }); + + describe('to a contract that does not implement the required function', function () { + it('reverts', async function () { + const nonReceiver = await ethers.deployContract('CallReceiverMock'); + + await expect(this.token.connect(this.owner)[fnName](this.owner, nonReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(nonReceiver); + }); + }); + }); + } + }); + + describe('safe mint', function () { + const tokenId = fourthTokenId; + const data = '0x42'; + + describe('via safeMint', function () { + // regular minting is tested in ERC721Mintable.test.js and others + it('calls onERC721Received β€” with data', async function () { + const receiver = await ethers.deployContract('ERC721ReceiverMock', [RECEIVER_MAGIC_VALUE, RevertType.None]); + + await expect(await this.token.$_safeMint(receiver, tokenId, ethers.Typed.bytes(data))) + .to.emit(receiver, 'Received') + .withArgs(anyValue, ethers.ZeroAddress, tokenId, data, anyValue); + }); + + it('calls onERC721Received β€” without data', async function () { + const receiver = await ethers.deployContract('ERC721ReceiverMock', [RECEIVER_MAGIC_VALUE, RevertType.None]); + + await expect(await this.token.$_safeMint(receiver, tokenId)) + .to.emit(receiver, 'Received') + .withArgs(anyValue, ethers.ZeroAddress, tokenId, '0x', anyValue); + }); + + describe('to a receiver contract returning unexpected value', function () { + it('reverts', async function () { + const invalidReceiver = await ethers.deployContract('ERC721ReceiverMock', ['0xdeadbeef', RevertType.None]); + + await expect(this.token.$_safeMint(invalidReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(invalidReceiver); + }); + }); + + describe('to a receiver contract that reverts with message', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithMessage, + ]); + + await expect(this.token.$_safeMint(revertingReceiver, tokenId)).to.be.revertedWith( + 'ERC721ReceiverMock: reverting', + ); + }); + }); + + describe('to a receiver contract that reverts without message', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithoutMessage, + ]); + + await expect(this.token.$_safeMint(revertingReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(revertingReceiver); + }); + }); + + describe('to a receiver contract that reverts with custom error', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.RevertWithCustomError, + ]); + + await expect(this.token.$_safeMint(revertingReceiver, tokenId)) + .to.be.revertedWithCustomError(revertingReceiver, 'CustomError') + .withArgs(RECEIVER_MAGIC_VALUE); + }); + }); + + describe('to a receiver contract that panics', function () { + it('reverts', async function () { + const revertingReceiver = await ethers.deployContract('ERC721ReceiverMock', [ + RECEIVER_MAGIC_VALUE, + RevertType.Panic, + ]); + + await expect(this.token.$_safeMint(revertingReceiver, tokenId)).to.be.revertedWithPanic( + PANIC_CODES.DIVISION_BY_ZERO, + ); + }); + }); + + describe('to a contract that does not implement the required function', function () { + it('reverts', async function () { + const nonReceiver = await ethers.deployContract('CallReceiverMock'); + + await expect(this.token.$_safeMint(nonReceiver, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(nonReceiver); + }); + }); + }); + }); + + describe('approve', function () { + const tokenId = firstTokenId; + + const itClearsApproval = function () { + it('clears approval for the token', async function () { + expect(await this.token.getApproved(tokenId)).to.equal(ethers.ZeroAddress); + }); + }; + + const itApproves = function () { + it('sets the approval for the target address', async function () { + expect(await this.token.getApproved(tokenId)).to.equal(this.approved ?? this.approved); + }); + }; + + const itEmitsApprovalEvent = function () { + it('emits an approval event', async function () { + await expect(this.tx) + .to.emit(this.token, 'Approval') + .withArgs(this.owner, this.approved ?? this.approved, tokenId); + }); + }; + + describe('when clearing approval', function () { + describe('when there was no prior approval', function () { + beforeEach(async function () { + this.approved = ethers.ZeroAddress; + this.tx = await this.token.connect(this.owner).approve(this.approved, tokenId); + }); + + itClearsApproval(); + itEmitsApprovalEvent(); + }); + + describe('when there was a prior approval', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.other, tokenId); + this.approved = ethers.ZeroAddress; + this.tx = await this.token.connect(this.owner).approve(this.approved, tokenId); + }); + + itClearsApproval(); + itEmitsApprovalEvent(); + }); + }); + + describe('when approving a non-zero address', function () { + describe('when there was no prior approval', function () { + beforeEach(async function () { + this.tx = await this.token.connect(this.owner).approve(this.approved, tokenId); + }); + + itApproves(); + itEmitsApprovalEvent(); + }); + + describe('when there was a prior approval to the same address', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.approved, tokenId); + this.tx = await this.token.connect(this.owner).approve(this.approved, tokenId); + }); + + itApproves(); + itEmitsApprovalEvent(); + }); + + describe('when there was a prior approval to a different address', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.other, tokenId); + this.tx = await this.token.connect(this.owner).approve(this.approved, tokenId); + }); + + itApproves(); + itEmitsApprovalEvent(); + }); + }); + + describe('when the sender does not own the given token ID', function () { + it('reverts', async function () { + await expect(this.token.connect(this.other).approve(this.approved, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidApprover') + .withArgs(this.other); + }); + }); + + describe('when the sender is approved for the given token ID', function () { + it('reverts', async function () { + await this.token.connect(this.owner).approve(this.approved, tokenId); + + await expect(this.token.connect(this.approved).approve(this.other, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidApprover') + .withArgs(this.approved); + }); + }); + + describe('when the sender is an operator', function () { + beforeEach(async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + + this.tx = await this.token.connect(this.operator).approve(this.approved, tokenId); + }); + + itApproves(); + itEmitsApprovalEvent(); + }); + + describe('when the given token ID does not exist', function () { + it('reverts', async function () { + await expect(this.token.connect(this.operator).approve(this.approved, nonExistentTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + }); + }); + + describe('setApprovalForAll', function () { + describe('when the operator willing to approve is not the owner', function () { + describe('when there is no operator approval set by the sender', function () { + it('approves the operator', async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + + expect(await this.token.isApprovedForAll(this.owner, this.operator)).to.be.true; + }); + + it('emits an approval event', async function () { + await expect(this.token.connect(this.owner).setApprovalForAll(this.operator, true)) + .to.emit(this.token, 'ApprovalForAll') + .withArgs(this.owner, this.operator, true); + }); + }); + + describe('when the operator was set as not approved', function () { + beforeEach(async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, false); + }); + + it('approves the operator', async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + + expect(await this.token.isApprovedForAll(this.owner, this.operator)).to.be.true; + }); + + it('emits an approval event', async function () { + await expect(this.token.connect(this.owner).setApprovalForAll(this.operator, true)) + .to.emit(this.token, 'ApprovalForAll') + .withArgs(this.owner, this.operator, true); + }); + + it('can unset the operator approval', async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, false); + + expect(await this.token.isApprovedForAll(this.owner, this.operator)).to.be.false; + }); + }); + + describe('when the operator was already approved', function () { + beforeEach(async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + }); + + it('keeps the approval to the given address', async function () { + await this.token.connect(this.owner).setApprovalForAll(this.operator, true); + + expect(await this.token.isApprovedForAll(this.owner, this.operator)).to.be.true; + }); + + it('emits an approval event', async function () { + await expect(this.token.connect(this.owner).setApprovalForAll(this.operator, true)) + .to.emit(this.token, 'ApprovalForAll') + .withArgs(this.owner, this.operator, true); + }); + }); + }); + + describe('when the operator is address zero', function () { + it('reverts', async function () { + await expect(this.token.connect(this.owner).setApprovalForAll(ethers.ZeroAddress, true)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidOperator') + .withArgs(ethers.ZeroAddress); + }); + }); + }); + + describe('getApproved', function () { + describe('when token is not minted', function () { + it('reverts', async function () { + await expect(this.token.getApproved(nonExistentTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + }); + + describe('when token has been minted ', function () { + it('should return the zero address', async function () { + expect(await this.token.getApproved(firstTokenId)).to.equal(ethers.ZeroAddress); + }); + + describe('when account has been approved', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.approved, firstTokenId); + }); + + it('returns approved account', async function () { + expect(await this.token.getApproved(firstTokenId)).to.equal(this.approved); + }); + }); + }); + }); + }); + + describe('_mint(address, uint256)', function () { + it('reverts with a null destination address', async function () { + await expect(this.token.$_mint(ethers.ZeroAddress, firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + describe('with minted token', function () { + beforeEach(async function () { + this.tx = await this.token.$_mint(this.owner, firstTokenId); + }); + + it('emits a Transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(ethers.ZeroAddress, this.owner, firstTokenId); + }); + + it('creates the token', async function () { + expect(await this.token.balanceOf(this.owner)).to.equal(1n); + expect(await this.token.ownerOf(firstTokenId)).to.equal(this.owner); + }); + + it('reverts when adding a token id that already exists', async function () { + await expect(this.token.$_mint(this.owner, firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + }); + }); + + describe('_burn', function () { + it('reverts when burning a non-existent token id', async function () { + await expect(this.token.$_burn(nonExistentTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + + describe('with minted tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + await this.token.$_mint(this.owner, secondTokenId); + }); + + describe('with burnt token', function () { + beforeEach(async function () { + this.tx = await this.token.$_burn(firstTokenId); + }); + + it('emits a Transfer event', async function () { + await expect(this.tx).to.emit(this.token, 'Transfer').withArgs(this.owner, ethers.ZeroAddress, firstTokenId); + }); + + it('deletes the token', async function () { + expect(await this.token.balanceOf(this.owner)).to.equal(1n); + await expect(this.token.ownerOf(firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(firstTokenId); + }); + + it('reverts when burning a token id that has been deleted', async function () { + await expect(this.token.$_burn(firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(firstTokenId); + }); + }); + }); + }); +} + +function shouldBehaveLikeERC721Enumerable() { + beforeEach(async function () { + const [owner, newOwner, approved, operator, other] = this.accounts; + Object.assign(this, { owner, newOwner, approved, operator, other }); + }); + + shouldSupportInterfaces(['ERC721Enumerable']); + + describe('with minted tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + await this.token.$_mint(this.owner, secondTokenId); + this.to = this.other; + }); + + describe('totalSupply', function () { + it('returns total token supply', async function () { + expect(await this.token.totalSupply()).to.equal(2n); + }); + }); + + describe('tokenOfOwnerByIndex', function () { + describe('when the given index is lower than the amount of tokens owned by the given address', function () { + it('returns the token ID placed at the given index', async function () { + expect(await this.token.tokenOfOwnerByIndex(this.owner, 0n)).to.equal(firstTokenId); + }); + }); + + describe('when the index is greater than or equal to the total tokens owned by the given address', function () { + it('reverts', async function () { + await expect(this.token.tokenOfOwnerByIndex(this.owner, 2n)) + .to.be.revertedWithCustomError(this.token, 'ERC721OutOfBoundsIndex') + .withArgs(this.owner, 2n); + }); + }); + + describe('when the given address does not own any token', function () { + it('reverts', async function () { + await expect(this.token.tokenOfOwnerByIndex(this.other, 0n)) + .to.be.revertedWithCustomError(this.token, 'ERC721OutOfBoundsIndex') + .withArgs(this.other, 0n); + }); + }); + + describe('after transferring all tokens to another user', function () { + beforeEach(async function () { + await this.token.connect(this.owner).transferFrom(this.owner, this.other, firstTokenId); + await this.token.connect(this.owner).transferFrom(this.owner, this.other, secondTokenId); + }); + + it('returns correct token IDs for target', async function () { + expect(await this.token.balanceOf(this.other)).to.equal(2n); + + expect(await Promise.all([0n, 1n].map(i => this.token.tokenOfOwnerByIndex(this.other, i)))).to.have.members([ + firstTokenId, + secondTokenId, + ]); + }); + + it('returns empty collection for original owner', async function () { + expect(await this.token.balanceOf(this.owner)).to.equal(0n); + await expect(this.token.tokenOfOwnerByIndex(this.owner, 0n)) + .to.be.revertedWithCustomError(this.token, 'ERC721OutOfBoundsIndex') + .withArgs(this.owner, 0n); + }); + }); + }); + + describe('tokenByIndex', function () { + it('returns all tokens', async function () { + expect(await Promise.all([0n, 1n].map(i => this.token.tokenByIndex(i)))).to.have.members([ + firstTokenId, + secondTokenId, + ]); + }); + + it('reverts if index is greater than supply', async function () { + await expect(this.token.tokenByIndex(2n)) + .to.be.revertedWithCustomError(this.token, 'ERC721OutOfBoundsIndex') + .withArgs(ethers.ZeroAddress, 2n); + }); + + for (const tokenId of [firstTokenId, secondTokenId]) { + it(`returns all tokens after burning token ${tokenId} and minting new tokens`, async function () { + const newTokenId = 300n; + const anotherNewTokenId = 400n; + + await this.token.$_burn(tokenId); + await this.token.$_mint(this.newOwner, newTokenId); + await this.token.$_mint(this.newOwner, anotherNewTokenId); + + expect(await this.token.totalSupply()).to.equal(3n); + + expect(await Promise.all([0n, 1n, 2n].map(i => this.token.tokenByIndex(i)))) + .to.have.members([firstTokenId, secondTokenId, newTokenId, anotherNewTokenId].filter(x => x !== tokenId)) + .to.not.include(tokenId); + }); + } + }); + }); + + describe('_mint(address, uint256)', function () { + it('reverts with a null destination address', async function () { + await expect(this.token.$_mint(ethers.ZeroAddress, firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + + describe('with minted token', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + }); + + it('adjusts owner tokens by index', async function () { + expect(await this.token.tokenOfOwnerByIndex(this.owner, 0n)).to.equal(firstTokenId); + }); + + it('adjusts all tokens list', async function () { + expect(await this.token.tokenByIndex(0n)).to.equal(firstTokenId); + }); + }); + }); + + describe('_burn', function () { + it('reverts when burning a non-existent token id', async function () { + await expect(this.token.$_burn(firstTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(firstTokenId); + }); + + describe('with minted tokens', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + await this.token.$_mint(this.owner, secondTokenId); + }); + + describe('with burnt token', function () { + beforeEach(async function () { + await this.token.$_burn(firstTokenId); + }); + + it('removes that token from the token list of the owner', async function () { + expect(await this.token.tokenOfOwnerByIndex(this.owner, 0n)).to.equal(secondTokenId); + }); + + it('adjusts all tokens list', async function () { + expect(await this.token.tokenByIndex(0n)).to.equal(secondTokenId); + }); + + it('burns all tokens', async function () { + await this.token.$_burn(secondTokenId); + expect(await this.token.totalSupply()).to.equal(0n); + + await expect(this.token.tokenByIndex(0n)) + .to.be.revertedWithCustomError(this.token, 'ERC721OutOfBoundsIndex') + .withArgs(ethers.ZeroAddress, 0n); + }); + }); + }); + }); +} + +function shouldBehaveLikeERC721Metadata(name, symbol) { + shouldSupportInterfaces(['ERC721Metadata']); + + describe('metadata', function () { + it('has a name', async function () { + expect(await this.token.name()).to.equal(name); + }); + + it('has a symbol', async function () { + expect(await this.token.symbol()).to.equal(symbol); + }); + + describe('token URI', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, firstTokenId); + }); + + it('return empty string by default', async function () { + expect(await this.token.tokenURI(firstTokenId)).to.equal(''); + }); + + it('reverts when queried for non existent token id', async function () { + await expect(this.token.tokenURI(nonExistentTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + + describe('base URI', function () { + beforeEach(function () { + if (!this.token.interface.hasFunction('setBaseURI')) { + this.skip(); + } + }); + + it('base URI can be set', async function () { + await this.token.setBaseURI(baseURI); + expect(await this.token.baseURI()).to.equal(baseURI); + }); + + it('base URI is added as a prefix to the token URI', async function () { + await this.token.setBaseURI(baseURI); + expect(await this.token.tokenURI(firstTokenId)).to.equal(baseURI + firstTokenId.toString()); + }); + + it('token URI can be changed by changing the base URI', async function () { + await this.token.setBaseURI(baseURI); + const newBaseURI = 'https://api.example.com/v2/'; + await this.token.setBaseURI(newBaseURI); + expect(await this.token.tokenURI(firstTokenId)).to.equal(newBaseURI + firstTokenId.toString()); + }); + }); + }); + }); +} + +module.exports = { + shouldBehaveLikeERC721, + shouldBehaveLikeERC721Enumerable, + shouldBehaveLikeERC721Metadata, +}; diff --git a/dependencies/@openzeppelin/test/token/ERC721/ERC721.test.js b/dependencies/@openzeppelin/test/token/ERC721/ERC721.test.js new file mode 100644 index 00000000..1454cb05 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/ERC721.test.js @@ -0,0 +1,23 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldBehaveLikeERC721, shouldBehaveLikeERC721Metadata } = require('./ERC721.behavior'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; + +async function fixture() { + return { + accounts: await ethers.getSigners(), + token: await ethers.deployContract('$ERC721', [name, symbol]), + }; +} + +describe('ERC721', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeERC721(); + shouldBehaveLikeERC721Metadata(name, symbol); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/ERC721Enumerable.test.js b/dependencies/@openzeppelin/test/token/ERC721/ERC721Enumerable.test.js new file mode 100644 index 00000000..a3bdea73 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/ERC721Enumerable.test.js @@ -0,0 +1,28 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { + shouldBehaveLikeERC721, + shouldBehaveLikeERC721Metadata, + shouldBehaveLikeERC721Enumerable, +} = require('./ERC721.behavior'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; + +async function fixture() { + return { + accounts: await ethers.getSigners(), + token: await ethers.deployContract('$ERC721Enumerable', [name, symbol]), + }; +} + +describe('ERC721', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeERC721(); + shouldBehaveLikeERC721Metadata(name, symbol); + shouldBehaveLikeERC721Enumerable(); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Burnable.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Burnable.test.js new file mode 100644 index 00000000..d6f0b80c --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Burnable.test.js @@ -0,0 +1,77 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; +const tokenId = 1n; +const otherTokenId = 2n; +const unknownTokenId = 3n; + +async function fixture() { + const [owner, approved, another] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC721Burnable', [name, symbol]); + return { owner, approved, another, token }; +} + +describe('ERC721Burnable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('like a burnable ERC721', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, tokenId); + await this.token.$_mint(this.owner, otherTokenId); + }); + + describe('burn', function () { + describe('when successful', function () { + it('emits a burn event, burns the given token ID and adjusts the balance of the owner', async function () { + const balanceBefore = await this.token.balanceOf(this.owner); + + await expect(this.token.connect(this.owner).burn(tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + expect(await this.token.balanceOf(this.owner)).to.equal(balanceBefore - 1n); + }); + }); + + describe('when there is a previous approval burned', function () { + beforeEach(async function () { + await this.token.connect(this.owner).approve(this.approved, tokenId); + await this.token.connect(this.owner).burn(tokenId); + }); + + describe('getApproved', function () { + it('reverts', async function () { + await expect(this.token.getApproved(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + }); + }); + }); + + describe('when there is no previous approval burned', function () { + it('reverts', async function () { + await expect(this.token.connect(this.another).burn(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InsufficientApproval') + .withArgs(this.another, tokenId); + }); + }); + + describe('when the given token ID was not tracked by this contract', function () { + it('reverts', async function () { + await expect(this.token.connect(this.owner).burn(unknownTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(unknownTokenId); + }); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.t.sol b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.t.sol new file mode 100644 index 00000000..eca15e71 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.t.sol @@ -0,0 +1,181 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +// solhint-disable func-name-mixedcase + +import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol"; +import {ERC721Consecutive} from "@openzeppelin/contracts/token/ERC721/extensions/ERC721Consecutive.sol"; +import {Test, StdUtils} from "forge-std/Test.sol"; + +function toSingleton(address account) pure returns (address[] memory) { + address[] memory accounts = new address[](1); + accounts[0] = account; + return accounts; +} + +contract ERC721ConsecutiveTarget is StdUtils, ERC721Consecutive { + uint96 private immutable _offset; + uint256 public totalMinted = 0; + + constructor(address[] memory receivers, uint256[] memory batches, uint256 startingId) ERC721("", "") { + _offset = uint96(startingId); + for (uint256 i = 0; i < batches.length; i++) { + address receiver = receivers[i % receivers.length]; + uint96 batchSize = uint96(bound(batches[i], 0, _maxBatchSize())); + _mintConsecutive(receiver, batchSize); + totalMinted += batchSize; + } + } + + function burn(uint256 tokenId) public { + _burn(tokenId); + } + + function _firstConsecutiveId() internal view virtual override returns (uint96) { + return _offset; + } +} + +contract ERC721ConsecutiveTest is Test { + function test_balance(address receiver, uint256[] calldata batches, uint96 startingId) public { + vm.assume(receiver != address(0)); + + uint256 startingTokenId = bound(startingId, 0, 5000); + + ERC721ConsecutiveTarget token = new ERC721ConsecutiveTarget(toSingleton(receiver), batches, startingTokenId); + + assertEq(token.balanceOf(receiver), token.totalMinted()); + } + + function test_ownership( + address receiver, + uint256[] calldata batches, + uint256[2] calldata unboundedTokenId, + uint96 startingId + ) public { + vm.assume(receiver != address(0)); + + uint256 startingTokenId = bound(startingId, 0, 5000); + + ERC721ConsecutiveTarget token = new ERC721ConsecutiveTarget(toSingleton(receiver), batches, startingTokenId); + + if (token.totalMinted() > 0) { + uint256 validTokenId = bound( + unboundedTokenId[0], + startingTokenId, + startingTokenId + token.totalMinted() - 1 + ); + assertEq(token.ownerOf(validTokenId), receiver); + } + + uint256 invalidTokenId = bound( + unboundedTokenId[1], + startingTokenId + token.totalMinted(), + startingTokenId + token.totalMinted() + 1 + ); + vm.expectRevert(); + token.ownerOf(invalidTokenId); + } + + function test_burn( + address receiver, + uint256[] calldata batches, + uint256 unboundedTokenId, + uint96 startingId + ) public { + vm.assume(receiver != address(0)); + + uint256 startingTokenId = bound(startingId, 0, 5000); + + ERC721ConsecutiveTarget token = new ERC721ConsecutiveTarget(toSingleton(receiver), batches, startingTokenId); + + // only test if we minted at least one token + uint256 supply = token.totalMinted(); + vm.assume(supply > 0); + + // burn a token in [0; supply[ + uint256 tokenId = bound(unboundedTokenId, startingTokenId, startingTokenId + supply - 1); + token.burn(tokenId); + + // balance should have decreased + assertEq(token.balanceOf(receiver), supply - 1); + + // token should be burnt + vm.expectRevert(); + token.ownerOf(tokenId); + } + + function test_transfer( + address[2] calldata accounts, + uint256[2] calldata unboundedBatches, + uint256[2] calldata unboundedTokenId, + uint96 startingId + ) public { + vm.assume(accounts[0] != address(0)); + vm.assume(accounts[1] != address(0)); + vm.assume(accounts[0] != accounts[1]); + + uint256 startingTokenId = bound(startingId, 1, 5000); + + address[] memory receivers = new address[](2); + receivers[0] = accounts[0]; + receivers[1] = accounts[1]; + + // We assume _maxBatchSize is 5000 (the default). This test will break otherwise. + uint256[] memory batches = new uint256[](2); + batches[0] = bound(unboundedBatches[0], startingTokenId, 5000); + batches[1] = bound(unboundedBatches[1], startingTokenId, 5000); + + ERC721ConsecutiveTarget token = new ERC721ConsecutiveTarget(receivers, batches, startingTokenId); + + uint256 tokenId0 = bound(unboundedTokenId[0], startingTokenId, batches[0]); + uint256 tokenId1 = bound(unboundedTokenId[1], startingTokenId, batches[1]) + batches[0]; + + assertEq(token.ownerOf(tokenId0), accounts[0]); + assertEq(token.ownerOf(tokenId1), accounts[1]); + assertEq(token.balanceOf(accounts[0]), batches[0]); + assertEq(token.balanceOf(accounts[1]), batches[1]); + + vm.prank(accounts[0]); + token.transferFrom(accounts[0], accounts[1], tokenId0); + + assertEq(token.ownerOf(tokenId0), accounts[1]); + assertEq(token.ownerOf(tokenId1), accounts[1]); + assertEq(token.balanceOf(accounts[0]), batches[0] - 1); + assertEq(token.balanceOf(accounts[1]), batches[1] + 1); + + vm.prank(accounts[1]); + token.transferFrom(accounts[1], accounts[0], tokenId1); + + assertEq(token.ownerOf(tokenId0), accounts[1]); + assertEq(token.ownerOf(tokenId1), accounts[0]); + assertEq(token.balanceOf(accounts[0]), batches[0]); + assertEq(token.balanceOf(accounts[1]), batches[1]); + } + + function test_start_consecutive_id( + address receiver, + uint256[2] calldata unboundedBatches, + uint256[2] calldata unboundedTokenId, + uint96 startingId + ) public { + vm.assume(receiver != address(0)); + + uint256 startingTokenId = bound(startingId, 1, 5000); + + // We assume _maxBatchSize is 5000 (the default). This test will break otherwise. + uint256[] memory batches = new uint256[](2); + batches[0] = bound(unboundedBatches[0], startingTokenId, 5000); + batches[1] = bound(unboundedBatches[1], startingTokenId, 5000); + + ERC721ConsecutiveTarget token = new ERC721ConsecutiveTarget(toSingleton(receiver), batches, startingTokenId); + + uint256 tokenId0 = bound(unboundedTokenId[0], startingTokenId, batches[0]); + uint256 tokenId1 = bound(unboundedTokenId[1], startingTokenId, batches[1]); + + assertEq(token.ownerOf(tokenId0), receiver); + assertEq(token.ownerOf(tokenId1), receiver); + assertEq(token.balanceOf(receiver), batches[0] + batches[1]); + } +} diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.test.js new file mode 100644 index 00000000..d2eda944 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Consecutive.test.js @@ -0,0 +1,236 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { sum } = require('../../../helpers/math'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; + +describe('ERC721Consecutive', function () { + for (const offset of [0n, 1n, 42n]) { + describe(`with offset ${offset}`, function () { + async function fixture() { + const accounts = await ethers.getSigners(); + const [alice, bruce, chris, receiver] = accounts; + + const batches = [ + { receiver: alice, amount: 0n }, + { receiver: alice, amount: 1n }, + { receiver: alice, amount: 2n }, + { receiver: bruce, amount: 5n }, + { receiver: chris, amount: 0n }, + { receiver: alice, amount: 7n }, + ]; + const delegates = [alice, chris]; + + const token = await ethers.deployContract('$ERC721ConsecutiveMock', [ + name, + symbol, + offset, + delegates, + batches.map(({ receiver }) => receiver), + batches.map(({ amount }) => amount), + ]); + + return { accounts, alice, bruce, chris, receiver, batches, delegates, token }; + } + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('minting during construction', function () { + it('events are emitted at construction', async function () { + let first = offset; + for (const batch of this.batches) { + if (batch.amount > 0) { + await expect(this.token.deploymentTransaction()) + .to.emit(this.token, 'ConsecutiveTransfer') + .withArgs( + first /* fromTokenId */, + first + batch.amount - 1n /* toTokenId */, + ethers.ZeroAddress /* fromAddress */, + batch.receiver /* toAddress */, + ); + } else { + // ".to.not.emit" only looks at event name, and doesn't check the parameters + } + first += batch.amount; + } + }); + + it('ownership is set', async function () { + const owners = [ + ...Array(Number(offset)).fill(ethers.ZeroAddress), + ...this.batches.flatMap(({ receiver, amount }) => Array(Number(amount)).fill(receiver.address)), + ]; + + for (const tokenId in owners) { + if (owners[tokenId] != ethers.ZeroAddress) { + expect(await this.token.ownerOf(tokenId)).to.equal(owners[tokenId]); + } + } + }); + + it('balance & voting power are set', async function () { + for (const account of this.accounts) { + const balance = + sum(...this.batches.filter(({ receiver }) => receiver === account).map(({ amount }) => amount)) ?? 0n; + + expect(await this.token.balanceOf(account)).to.equal(balance); + + // If not delegated at construction, check before + do delegation + if (!this.delegates.includes(account)) { + expect(await this.token.getVotes(account)).to.equal(0n); + + await this.token.connect(account).delegate(account); + } + + // At this point all accounts should have delegated + expect(await this.token.getVotes(account)).to.equal(balance); + } + }); + + it('reverts on consecutive minting to the zero address', async function () { + await expect( + ethers.deployContract('$ERC721ConsecutiveMock', [ + name, + symbol, + offset, + this.delegates, + [ethers.ZeroAddress], + [10], + ]), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidReceiver') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('minting after construction', function () { + it('consecutive minting is not possible after construction', async function () { + await expect(this.token.$_mintConsecutive(this.alice, 10)).to.be.revertedWithCustomError( + this.token, + 'ERC721ForbiddenBatchMint', + ); + }); + + it('simple minting is possible after construction', async function () { + const tokenId = sum(...this.batches.map(b => b.amount)) + offset; + + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + await expect(this.token.$_mint(this.alice, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.alice, tokenId); + }); + + it('cannot mint a token that has been batched minted', async function () { + const tokenId = sum(...this.batches.map(b => b.amount)) + offset - 1n; + + expect(await this.token.ownerOf(tokenId)).to.not.equal(ethers.ZeroAddress); + + await expect(this.token.$_mint(this.alice, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721InvalidSender') + .withArgs(ethers.ZeroAddress); + }); + }); + + describe('ERC721 behavior', function () { + const tokenId = offset + 1n; + + it('core takes over ownership on transfer', async function () { + await this.token.connect(this.alice).transferFrom(this.alice, this.receiver, tokenId); + + expect(await this.token.ownerOf(tokenId)).to.equal(this.receiver); + }); + + it('tokens can be burned and re-minted #1', async function () { + await expect(this.token.connect(this.alice).$_burn(tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(this.alice, ethers.ZeroAddress, tokenId); + + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + await expect(this.token.$_mint(this.bruce, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.bruce, tokenId); + + expect(await this.token.ownerOf(tokenId)).to.equal(this.bruce); + }); + + it('tokens can be burned and re-minted #2', async function () { + const tokenId = sum(...this.batches.map(({ amount }) => amount)) + offset; + + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + // mint + await expect(this.token.$_mint(this.alice, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.alice, tokenId); + + expect(await this.token.ownerOf(tokenId)).to.equal(this.alice); + + // burn + await expect(await this.token.$_burn(tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(this.alice, ethers.ZeroAddress, tokenId); + + await expect(this.token.ownerOf(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + // re-mint + await expect(this.token.$_mint(this.bruce, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.bruce, tokenId); + + expect(await this.token.ownerOf(tokenId)).to.equal(this.bruce); + }); + }); + }); + } + + describe('invalid use', function () { + const receiver = ethers.Wallet.createRandom(); + + it('cannot mint a batch larger than 5000', async function () { + const { interface } = await ethers.getContractFactory('$ERC721ConsecutiveMock'); + + await expect(ethers.deployContract('$ERC721ConsecutiveMock', [name, symbol, 0, [], [receiver], [5001n]])) + .to.be.revertedWithCustomError({ interface }, 'ERC721ExceededMaxBatchMint') + .withArgs(5001n, 5000n); + }); + + it('cannot use single minting during construction', async function () { + const { interface } = await ethers.getContractFactory('$ERC721ConsecutiveNoConstructorMintMock'); + + await expect( + ethers.deployContract('$ERC721ConsecutiveNoConstructorMintMock', [name, symbol]), + ).to.be.revertedWithCustomError({ interface }, 'ERC721ForbiddenMint'); + }); + + it('cannot use single minting during construction', async function () { + const { interface } = await ethers.getContractFactory('$ERC721ConsecutiveNoConstructorMintMock'); + + await expect( + ethers.deployContract('$ERC721ConsecutiveNoConstructorMintMock', [name, symbol]), + ).to.be.revertedWithCustomError({ interface }, 'ERC721ForbiddenMint'); + }); + + it('consecutive mint not compatible with enumerability', async function () { + const { interface } = await ethers.getContractFactory('$ERC721ConsecutiveEnumerableMock'); + + await expect( + ethers.deployContract('$ERC721ConsecutiveEnumerableMock', [name, symbol, [receiver], [100n]]), + ).to.be.revertedWithCustomError({ interface }, 'ERC721EnumerableForbiddenBatchMint'); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Pausable.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Pausable.test.js new file mode 100644 index 00000000..acf731a4 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Pausable.test.js @@ -0,0 +1,81 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; +const tokenId = 1n; +const otherTokenId = 2n; +const data = ethers.Typed.bytes('0x42'); + +async function fixture() { + const [owner, receiver, operator] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC721Pausable', [name, symbol]); + return { owner, receiver, operator, token }; +} + +describe('ERC721Pausable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('when token is paused', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, tokenId); + await this.token.$_pause(); + }); + + it('reverts when trying to transferFrom', async function () { + await expect( + this.token.connect(this.owner).transferFrom(this.owner, this.receiver, tokenId), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to safeTransferFrom', async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom(this.owner, this.receiver, tokenId), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to safeTransferFrom with data', async function () { + await expect( + this.token.connect(this.owner).safeTransferFrom(this.owner, this.receiver, tokenId, data), + ).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + it('reverts when trying to mint', async function () { + await expect(this.token.$_mint(this.receiver, otherTokenId)).to.be.revertedWithCustomError( + this.token, + 'EnforcedPause', + ); + }); + + it('reverts when trying to burn', async function () { + await expect(this.token.$_burn(tokenId)).to.be.revertedWithCustomError(this.token, 'EnforcedPause'); + }); + + describe('getApproved', function () { + it('returns approved address', async function () { + expect(await this.token.getApproved(tokenId)).to.equal(ethers.ZeroAddress); + }); + }); + + describe('balanceOf', function () { + it('returns the amount of tokens owned by the given address', async function () { + expect(await this.token.balanceOf(this.owner)).to.equal(1n); + }); + }); + + describe('ownerOf', function () { + it('returns the amount of tokens owned by the given address', async function () { + expect(await this.token.ownerOf(tokenId)).to.equal(this.owner); + }); + }); + + describe('isApprovedForAll', function () { + it('returns the approval of the operator', async function () { + expect(await this.token.isApprovedForAll(this.owner, this.operator)).to.be.false; + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Royalty.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Royalty.test.js new file mode 100644 index 00000000..e11954ae --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Royalty.test.js @@ -0,0 +1,57 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldBehaveLikeERC2981 } = require('../../common/ERC2981.behavior'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; + +const tokenId1 = 1n; +const tokenId2 = 2n; +const royalty = 200n; +const salePrice = 1000n; + +async function fixture() { + const [account1, account2, recipient] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC721Royalty', [name, symbol]); + await token.$_mint(account1, tokenId1); + await token.$_mint(account1, tokenId2); + + return { account1, account2, recipient, token }; +} + +describe('ERC721Royalty', function () { + beforeEach(async function () { + Object.assign( + this, + await loadFixture(fixture), + { tokenId1, tokenId2, royalty, salePrice }, // set for behavior tests + ); + }); + + describe('token specific functions', function () { + beforeEach(async function () { + await this.token.$_setTokenRoyalty(tokenId1, this.recipient, royalty); + }); + + it('royalty information are kept during burn and re-mint', async function () { + await this.token.$_burn(tokenId1); + + expect(await this.token.royaltyInfo(tokenId1, salePrice)).to.deep.equal([ + this.recipient.address, + (salePrice * royalty) / 10000n, + ]); + + await this.token.$_mint(this.account2, tokenId1); + + expect(await this.token.royaltyInfo(tokenId1, salePrice)).to.deep.equal([ + this.recipient.address, + (salePrice * royalty) / 10000n, + ]); + }); + }); + + shouldBehaveLikeERC2981(); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721URIStorage.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721URIStorage.test.js new file mode 100644 index 00000000..830c13a7 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721URIStorage.test.js @@ -0,0 +1,121 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldSupportInterfaces } = require('../../../utils/introspection/SupportsInterface.behavior'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; +const baseURI = 'https://api.example.com/v1/'; +const otherBaseURI = 'https://api.example.com/v2/'; +const sampleUri = 'mock://mytoken'; +const tokenId = 1n; +const nonExistentTokenId = 2n; + +async function fixture() { + const [owner] = await ethers.getSigners(); + const token = await ethers.deployContract('$ERC721URIStorageMock', [name, symbol]); + return { owner, token }; +} + +describe('ERC721URIStorage', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldSupportInterfaces(['0x49064906']); + + describe('token URI', function () { + beforeEach(async function () { + await this.token.$_mint(this.owner, tokenId); + }); + + it('it is empty by default', async function () { + expect(await this.token.tokenURI(tokenId)).to.equal(''); + }); + + it('reverts when queried for non existent token id', async function () { + await expect(this.token.tokenURI(nonExistentTokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(nonExistentTokenId); + }); + + it('can be set for a token id', async function () { + await this.token.$_setTokenURI(tokenId, sampleUri); + expect(await this.token.tokenURI(tokenId)).to.equal(sampleUri); + }); + + it('setting the uri emits an event', async function () { + await expect(this.token.$_setTokenURI(tokenId, sampleUri)) + .to.emit(this.token, 'MetadataUpdate') + .withArgs(tokenId); + }); + + it('setting the uri for non existent token id is allowed', async function () { + await expect(await this.token.$_setTokenURI(nonExistentTokenId, sampleUri)) + .to.emit(this.token, 'MetadataUpdate') + .withArgs(nonExistentTokenId); + + // value will be accessible after mint + await this.token.$_mint(this.owner, nonExistentTokenId); + expect(await this.token.tokenURI(nonExistentTokenId)).to.equal(sampleUri); + }); + + it('base URI can be set', async function () { + await this.token.setBaseURI(baseURI); + expect(await this.token.$_baseURI()).to.equal(baseURI); + }); + + it('base URI is added as a prefix to the token URI', async function () { + await this.token.setBaseURI(baseURI); + await this.token.$_setTokenURI(tokenId, sampleUri); + + expect(await this.token.tokenURI(tokenId)).to.equal(baseURI + sampleUri); + }); + + it('token URI can be changed by changing the base URI', async function () { + await this.token.setBaseURI(baseURI); + await this.token.$_setTokenURI(tokenId, sampleUri); + + await this.token.setBaseURI(otherBaseURI); + expect(await this.token.tokenURI(tokenId)).to.equal(otherBaseURI + sampleUri); + }); + + it('tokenId is appended to base URI for tokens with no URI', async function () { + await this.token.setBaseURI(baseURI); + + expect(await this.token.tokenURI(tokenId)).to.equal(baseURI + tokenId); + }); + + it('tokens without URI can be burnt ', async function () { + await this.token.$_burn(tokenId); + + await expect(this.token.tokenURI(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + }); + + it('tokens with URI can be burnt ', async function () { + await this.token.$_setTokenURI(tokenId, sampleUri); + + await this.token.$_burn(tokenId); + + await expect(this.token.tokenURI(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + }); + + it('tokens URI is kept if token is burnt and reminted ', async function () { + await this.token.$_setTokenURI(tokenId, sampleUri); + + await this.token.$_burn(tokenId); + + await expect(this.token.tokenURI(tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721NonexistentToken') + .withArgs(tokenId); + + await this.token.$_mint(this.owner, tokenId); + expect(await this.token.tokenURI(tokenId)).to.equal(sampleUri); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Votes.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Votes.test.js new file mode 100644 index 00000000..dcae1b8d --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Votes.test.js @@ -0,0 +1,194 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture, mine } = require('@nomicfoundation/hardhat-network-helpers'); + +const time = require('../../../helpers/time'); + +const { shouldBehaveLikeVotes } = require('../../../governance/utils/Votes.behavior'); + +const TOKENS = [ + { Token: '$ERC721Votes', mode: 'blocknumber' }, + // no timestamp mode for ERC721Votes yet +]; + +const name = 'My Vote'; +const symbol = 'MTKN'; +const version = '1'; +const tokens = [ethers.parseEther('10000000'), 10n, 20n, 30n]; + +describe('ERC721Votes', function () { + for (const { Token, mode } of TOKENS) { + const fixture = async () => { + // accounts is required by shouldBehaveLikeVotes + const accounts = await ethers.getSigners(); + const [holder, recipient, other1, other2] = accounts; + + const token = await ethers.deployContract(Token, [name, symbol, name, version]); + + return { accounts, holder, recipient, other1, other2, token }; + }; + + describe(`vote with ${mode}`, function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + this.votes = this.token; + }); + + // includes ERC6372 behavior check + shouldBehaveLikeVotes(tokens, { mode, fungible: false }); + + describe('balanceOf', function () { + beforeEach(async function () { + await this.votes.$_mint(this.holder, tokens[0]); + await this.votes.$_mint(this.holder, tokens[1]); + await this.votes.$_mint(this.holder, tokens[2]); + await this.votes.$_mint(this.holder, tokens[3]); + }); + + it('grants to initial account', async function () { + expect(await this.votes.balanceOf(this.holder)).to.equal(4n); + }); + }); + + describe('transfers', function () { + beforeEach(async function () { + await this.votes.$_mint(this.holder, tokens[0]); + }); + + it('no delegation', async function () { + await expect(this.votes.connect(this.holder).transferFrom(this.holder, this.recipient, tokens[0])) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, tokens[0]) + .to.not.emit(this.token, 'DelegateVotesChanged'); + + this.holderVotes = 0n; + this.recipientVotes = 0n; + }); + + it('sender delegation', async function () { + await this.votes.connect(this.holder).delegate(this.holder); + + const tx = await this.votes.connect(this.holder).transferFrom(this.holder, this.recipient, tokens[0]); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, tokens[0]) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, 1n, 0n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = 0n; + this.recipientVotes = 0n; + }); + + it('receiver delegation', async function () { + await this.votes.connect(this.recipient).delegate(this.recipient); + + const tx = await this.votes.connect(this.holder).transferFrom(this.holder, this.recipient, tokens[0]); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, tokens[0]) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.recipient, 0n, 1n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = 0n; + this.recipientVotes = 1n; + }); + + it('full delegation', async function () { + await this.votes.connect(this.holder).delegate(this.holder); + await this.votes.connect(this.recipient).delegate(this.recipient); + + const tx = await this.votes.connect(this.holder).transferFrom(this.holder, this.recipient, tokens[0]); + await expect(tx) + .to.emit(this.token, 'Transfer') + .withArgs(this.holder, this.recipient, tokens[0]) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.holder, 1n, 0n) + .to.emit(this.token, 'DelegateVotesChanged') + .withArgs(this.recipient, 0n, 1n); + + const { logs } = await tx.wait(); + const { index } = logs.find(event => event.fragment.name == 'DelegateVotesChanged'); + for (const event of logs.filter(event => event.fragment.name == 'Transfer')) { + expect(event.index).to.lt(index); + } + + this.holderVotes = 0; + this.recipientVotes = 1n; + }); + + it('returns the same total supply on transfers', async function () { + await this.votes.connect(this.holder).delegate(this.holder); + + const tx = await this.votes.connect(this.holder).transferFrom(this.holder, this.recipient, tokens[0]); + const timepoint = await time.clockFromReceipt[mode](tx); + + await mine(2); + + expect(await this.votes.getPastTotalSupply(timepoint - 1n)).to.equal(1n); + expect(await this.votes.getPastTotalSupply(timepoint + 1n)).to.equal(1n); + + this.holderVotes = 0n; + this.recipientVotes = 0n; + }); + + it('generally returns the voting balance at the appropriate checkpoint', async function () { + await this.votes.$_mint(this.holder, tokens[1]); + await this.votes.$_mint(this.holder, tokens[2]); + await this.votes.$_mint(this.holder, tokens[3]); + + const total = await this.votes.balanceOf(this.holder); + + const t1 = await this.votes.connect(this.holder).delegate(this.other1); + await mine(2); + const t2 = await this.votes.connect(this.holder).transferFrom(this.holder, this.other2, tokens[0]); + await mine(2); + const t3 = await this.votes.connect(this.holder).transferFrom(this.holder, this.other2, tokens[2]); + await mine(2); + const t4 = await this.votes.connect(this.other2).transferFrom(this.other2, this.holder, tokens[2]); + await mine(2); + + t1.timepoint = await time.clockFromReceipt[mode](t1); + t2.timepoint = await time.clockFromReceipt[mode](t2); + t3.timepoint = await time.clockFromReceipt[mode](t3); + t4.timepoint = await time.clockFromReceipt[mode](t4); + + expect(await this.votes.getPastVotes(this.other1, t1.timepoint - 1n)).to.equal(0n); + expect(await this.votes.getPastVotes(this.other1, t1.timepoint)).to.equal(total); + expect(await this.votes.getPastVotes(this.other1, t1.timepoint + 1n)).to.equal(total); + expect(await this.votes.getPastVotes(this.other1, t2.timepoint)).to.equal(3n); + expect(await this.votes.getPastVotes(this.other1, t2.timepoint + 1n)).to.equal(3n); + expect(await this.votes.getPastVotes(this.other1, t3.timepoint)).to.equal(2n); + expect(await this.votes.getPastVotes(this.other1, t3.timepoint + 1n)).to.equal(2n); + expect(await this.votes.getPastVotes(this.other1, t4.timepoint)).to.equal('3'); + expect(await this.votes.getPastVotes(this.other1, t4.timepoint + 1n)).to.equal(3n); + + this.holderVotes = 0n; + this.recipientVotes = 0n; + }); + + afterEach(async function () { + expect(await this.votes.getVotes(this.holder)).to.equal(this.holderVotes); + expect(await this.votes.getVotes(this.recipient)).to.equal(this.recipientVotes); + + // need to advance 2 blocks to see the effect of a transfer on "getPastVotes" + const timepoint = await time.clock[mode](); + await mine(); + expect(await this.votes.getPastVotes(this.holder, timepoint)).to.equal(this.holderVotes); + expect(await this.votes.getPastVotes(this.recipient, timepoint)).to.equal(this.recipientVotes); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Wrapper.test.js b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Wrapper.test.js new file mode 100644 index 00000000..eeead4c1 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/extensions/ERC721Wrapper.test.js @@ -0,0 +1,201 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldBehaveLikeERC721 } = require('../ERC721.behavior'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; +const tokenId = 1n; +const otherTokenId = 2n; + +async function fixture() { + const accounts = await ethers.getSigners(); + const [owner, approved, other] = accounts; + + const underlying = await ethers.deployContract('$ERC721', [name, symbol]); + await underlying.$_safeMint(owner, tokenId); + await underlying.$_safeMint(owner, otherTokenId); + const token = await ethers.deployContract('$ERC721Wrapper', [`Wrapped ${name}`, `W${symbol}`, underlying]); + + return { accounts, owner, approved, other, underlying, token }; +} + +describe('ERC721Wrapper', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('has a name', async function () { + expect(await this.token.name()).to.equal(`Wrapped ${name}`); + }); + + it('has a symbol', async function () { + expect(await this.token.symbol()).to.equal(`W${symbol}`); + }); + + it('has underlying', async function () { + expect(await this.token.underlying()).to.equal(this.underlying); + }); + + describe('depositFor', function () { + it('works with token approval', async function () { + await this.underlying.connect(this.owner).approve(this.token, tokenId); + + await expect(this.token.connect(this.owner).depositFor(this.owner, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.owner, this.token, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.owner, tokenId); + }); + + it('works with approval for all', async function () { + await this.underlying.connect(this.owner).setApprovalForAll(this.token, true); + + await expect(this.token.connect(this.owner).depositFor(this.owner, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.owner, this.token, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.owner, tokenId); + }); + + it('works sending to another account', async function () { + await this.underlying.connect(this.owner).approve(this.token, tokenId); + + await expect(this.token.connect(this.owner).depositFor(this.other, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.owner, this.token, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.other, tokenId); + }); + + it('works with multiple tokens', async function () { + await this.underlying.connect(this.owner).approve(this.token, tokenId); + await this.underlying.connect(this.owner).approve(this.token, otherTokenId); + + await expect(this.token.connect(this.owner).depositFor(this.owner, [tokenId, otherTokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.owner, this.token, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.owner, tokenId) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.owner, this.token, otherTokenId) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.owner, otherTokenId); + }); + + it('reverts with missing approval', async function () { + await expect(this.token.connect(this.owner).depositFor(this.owner, [tokenId])) + .to.be.revertedWithCustomError(this.token, 'ERC721InsufficientApproval') + .withArgs(this.token, tokenId); + }); + }); + + describe('withdrawTo', function () { + beforeEach(async function () { + await this.underlying.connect(this.owner).approve(this.token, tokenId); + await this.token.connect(this.owner).depositFor(this.owner, [tokenId]); + }); + + it('works for an owner', async function () { + await expect(this.token.connect(this.owner).withdrawTo(this.owner, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.owner, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + }); + + it('works for an approved', async function () { + await this.token.connect(this.owner).approve(this.approved, tokenId); + + await expect(this.token.connect(this.approved).withdrawTo(this.owner, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.owner, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + }); + + it('works for an approved for all', async function () { + await this.token.connect(this.owner).setApprovalForAll(this.approved, true); + + await expect(this.token.connect(this.approved).withdrawTo(this.owner, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.owner, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + }); + + it("doesn't work for a non-owner nor approved", async function () { + await expect(this.token.connect(this.other).withdrawTo(this.owner, [tokenId])) + .to.be.revertedWithCustomError(this.token, 'ERC721InsufficientApproval') + .withArgs(this.other, tokenId); + }); + + it('works with multiple tokens', async function () { + await this.underlying.connect(this.owner).approve(this.token, otherTokenId); + await this.token.connect(this.owner).depositFor(this.owner, [otherTokenId]); + + await expect(this.token.connect(this.owner).withdrawTo(this.owner, [tokenId, otherTokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.owner, tokenId) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.owner, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + }); + + it('works to another account', async function () { + await expect(this.token.connect(this.owner).withdrawTo(this.other, [tokenId])) + .to.emit(this.underlying, 'Transfer') + .withArgs(this.token, this.other, tokenId) + .to.emit(this.token, 'Transfer') + .withArgs(this.owner, ethers.ZeroAddress, tokenId); + }); + }); + + describe('onERC721Received', function () { + it('only allows calls from underlying', async function () { + await expect( + this.token.connect(this.other).onERC721Received( + this.owner, + this.token, + tokenId, + this.other.address, // Correct data + ), + ) + .to.be.revertedWithCustomError(this.token, 'ERC721UnsupportedToken') + .withArgs(this.other); + }); + + it('mints a token to from', async function () { + await expect(this.underlying.connect(this.owner).safeTransferFrom(this.owner, this.token, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.owner, tokenId); + }); + }); + + describe('_recover', function () { + it('works if there is something to recover', async function () { + // Should use `transferFrom` to avoid `onERC721Received` minting + await this.underlying.connect(this.owner).transferFrom(this.owner, this.token, tokenId); + + await expect(this.token.$_recover(this.other, tokenId)) + .to.emit(this.token, 'Transfer') + .withArgs(ethers.ZeroAddress, this.other, tokenId); + }); + + it('reverts if there is nothing to recover', async function () { + const holder = await this.underlying.ownerOf(tokenId); + + await expect(this.token.$_recover(holder, tokenId)) + .to.be.revertedWithCustomError(this.token, 'ERC721IncorrectOwner') + .withArgs(this.token, tokenId, holder); + }); + }); + + describe('ERC712 behavior', function () { + shouldBehaveLikeERC721(); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Holder.test.js b/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Holder.test.js new file mode 100644 index 00000000..31dd2fd2 --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Holder.test.js @@ -0,0 +1,20 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const name = 'Non Fungible Token'; +const symbol = 'NFT'; +const tokenId = 1n; + +describe('ERC721Holder', function () { + it('receives an ERC721 token', async function () { + const [owner] = await ethers.getSigners(); + + const token = await ethers.deployContract('$ERC721', [name, symbol]); + await token.$_mint(owner, tokenId); + + const receiver = await ethers.deployContract('$ERC721Holder'); + await token.connect(owner).safeTransferFrom(owner, receiver, tokenId); + + expect(await token.ownerOf(tokenId)).to.equal(receiver); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Utils.test.js b/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Utils.test.js new file mode 100644 index 00000000..2327d1ac --- /dev/null +++ b/dependencies/@openzeppelin/test/token/ERC721/utils/ERC721Utils.test.js @@ -0,0 +1,94 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { RevertType } = require('../../../helpers/enums'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const tokenId = 1n; + +const RECEIVER_MAGIC_VALUE = '0x150b7a02'; + +const deployReceiver = (revertType, returnValue = RECEIVER_MAGIC_VALUE) => + ethers.deployContract('$ERC721ReceiverMock', [returnValue, revertType]); + +const fixture = async () => { + const [eoa, operator, owner] = await ethers.getSigners(); + const utils = await ethers.deployContract('$ERC721Utils'); + + const receivers = { + correct: await deployReceiver(RevertType.None), + invalid: await deployReceiver(RevertType.None, '0xdeadbeef'), + message: await deployReceiver(RevertType.RevertWithMessage), + empty: await deployReceiver(RevertType.RevertWithoutMessage), + customError: await deployReceiver(RevertType.RevertWithCustomError), + panic: await deployReceiver(RevertType.Panic), + nonReceiver: await ethers.deployContract('CallReceiverMock'), + eoa, + }; + + return { operator, owner, utils, receivers }; +}; + +describe('ERC721Utils', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('onERC721Received', function () { + it('succeeds when called by an EOA', async function () { + await expect(this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.eoa, tokenId, '0x')).to + .not.be.reverted; + }); + + it('succeeds when data is passed', async function () { + const data = '0x12345678'; + await expect(this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.correct, tokenId, data)) + .to.not.be.reverted; + }); + + it('succeeds when data is empty', async function () { + await expect(this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.correct, tokenId, '0x')) + .to.not.be.reverted; + }); + + it('reverts when receiver returns invalid value', async function () { + await expect(this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.invalid, tokenId, '0x')) + .to.be.revertedWithCustomError(this.utils, 'ERC721InvalidReceiver') + .withArgs(this.receivers.invalid); + }); + + it('reverts when receiver reverts with message', async function () { + await expect( + this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.message, tokenId, '0x'), + ).to.be.revertedWith('ERC721ReceiverMock: reverting'); + }); + + it('reverts when receiver reverts without message', async function () { + await expect(this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.empty, tokenId, '0x')) + .to.be.revertedWithCustomError(this.utils, 'ERC721InvalidReceiver') + .withArgs(this.receivers.empty); + }); + + it('reverts when receiver reverts with custom error', async function () { + await expect( + this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.customError, tokenId, '0x'), + ) + .to.be.revertedWithCustomError(this.receivers.customError, 'CustomError') + .withArgs(RECEIVER_MAGIC_VALUE); + }); + + it('reverts when receiver panics', async function () { + await expect( + this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.panic, tokenId, '0x'), + ).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + + it('reverts when receiver does not implement onERC721Received', async function () { + await expect( + this.utils.$checkOnERC721Received(this.operator, this.owner, this.receivers.nonReceiver, tokenId, '0x'), + ) + .to.be.revertedWithCustomError(this.utils, 'ERC721InvalidReceiver') + .withArgs(this.receivers.nonReceiver); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/token/common/ERC2981.behavior.js b/dependencies/@openzeppelin/test/token/common/ERC2981.behavior.js new file mode 100644 index 00000000..ae6abcca --- /dev/null +++ b/dependencies/@openzeppelin/test/token/common/ERC2981.behavior.js @@ -0,0 +1,152 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const { shouldSupportInterfaces } = require('../../utils/introspection/SupportsInterface.behavior'); + +function shouldBehaveLikeERC2981() { + const royaltyFraction = 10n; + + shouldSupportInterfaces(['ERC2981']); + + describe('default royalty', function () { + beforeEach(async function () { + await this.token.$_setDefaultRoyalty(this.account1, royaltyFraction); + }); + + it('checks royalty is set', async function () { + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ + this.account1.address, + (this.salePrice * royaltyFraction) / 10_000n, + ]); + }); + + it('updates royalty amount', async function () { + const newFraction = 25n; + + await this.token.$_setDefaultRoyalty(this.account1, newFraction); + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ + this.account1.address, + (this.salePrice * newFraction) / 10_000n, + ]); + }); + + it('holds same royalty value for different tokens', async function () { + const newFraction = 20n; + + await this.token.$_setDefaultRoyalty(this.account1, newFraction); + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal( + await this.token.royaltyInfo(this.tokenId2, this.salePrice), + ); + }); + + it('Remove royalty information', async function () { + const newValue = 0n; + await this.token.$_deleteDefaultRoyalty(); + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ethers.ZeroAddress, newValue]); + + expect(await this.token.royaltyInfo(this.tokenId2, this.salePrice)).to.deep.equal([ethers.ZeroAddress, newValue]); + }); + + it('reverts if invalid parameters', async function () { + const royaltyDenominator = await this.token.$_feeDenominator(); + + await expect(this.token.$_setDefaultRoyalty(ethers.ZeroAddress, royaltyFraction)) + .to.be.revertedWithCustomError(this.token, 'ERC2981InvalidDefaultRoyaltyReceiver') + .withArgs(ethers.ZeroAddress); + + const anotherRoyaltyFraction = 11000n; + + await expect(this.token.$_setDefaultRoyalty(this.account1, anotherRoyaltyFraction)) + .to.be.revertedWithCustomError(this.token, 'ERC2981InvalidDefaultRoyalty') + .withArgs(anotherRoyaltyFraction, royaltyDenominator); + }); + }); + + describe('token based royalty', function () { + beforeEach(async function () { + await this.token.$_setTokenRoyalty(this.tokenId1, this.account1, royaltyFraction); + }); + + it('updates royalty amount', async function () { + const newFraction = 25n; + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ + this.account1.address, + (this.salePrice * royaltyFraction) / 10_000n, + ]); + + await this.token.$_setTokenRoyalty(this.tokenId1, this.account1, newFraction); + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ + this.account1.address, + (this.salePrice * newFraction) / 10_000n, + ]); + }); + + it('holds different values for different tokens', async function () { + const newFraction = 20n; + + await this.token.$_setTokenRoyalty(this.tokenId2, this.account1, newFraction); + + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.not.deep.equal( + await this.token.royaltyInfo(this.tokenId2, this.salePrice), + ); + }); + + it('reverts if invalid parameters', async function () { + const royaltyDenominator = await this.token.$_feeDenominator(); + + await expect(this.token.$_setTokenRoyalty(this.tokenId1, ethers.ZeroAddress, royaltyFraction)) + .to.be.revertedWithCustomError(this.token, 'ERC2981InvalidTokenRoyaltyReceiver') + .withArgs(this.tokenId1, ethers.ZeroAddress); + + const anotherRoyaltyFraction = 11000n; + + await expect(this.token.$_setTokenRoyalty(this.tokenId1, this.account1, anotherRoyaltyFraction)) + .to.be.revertedWithCustomError(this.token, 'ERC2981InvalidTokenRoyalty') + .withArgs(this.tokenId1, anotherRoyaltyFraction, royaltyDenominator); + }); + + it('can reset token after setting royalty', async function () { + const newFraction = 30n; + + await this.token.$_setTokenRoyalty(this.tokenId1, this.account2, newFraction); + + // Tokens must have own information + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.deep.equal([ + this.account2.address, + (this.salePrice * newFraction) / 10_000n, + ]); + + await this.token.$_setTokenRoyalty(this.tokenId2, this.account1, 0n); + + // Token must not share default information + expect(await this.token.royaltyInfo(this.tokenId2, this.salePrice)).to.deep.equal([this.account1.address, 0n]); + }); + + it('can hold default and token royalty information', async function () { + const newFraction = 30n; + + await this.token.$_setTokenRoyalty(this.tokenId2, this.account2, newFraction); + + // Tokens must not have same values + expect(await this.token.royaltyInfo(this.tokenId1, this.salePrice)).to.not.deep.equal([ + this.account2.address, + (this.salePrice * newFraction) / 10_000n, + ]); + + // Updated token must have new values + expect(await this.token.royaltyInfo(this.tokenId2, this.salePrice)).to.deep.equal([ + this.account2.address, + (this.salePrice * newFraction) / 10_000n, + ]); + }); + }); +} + +module.exports = { + shouldBehaveLikeERC2981, +}; diff --git a/dependencies/@openzeppelin/test/utils/Address.test.js b/dependencies/@openzeppelin/test/utils/Address.test.js new file mode 100644 index 00000000..21775397 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Address.test.js @@ -0,0 +1,280 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const coder = ethers.AbiCoder.defaultAbiCoder(); + +async function fixture() { + const [recipient, other] = await ethers.getSigners(); + + const mock = await ethers.deployContract('$Address'); + const target = await ethers.deployContract('CallReceiverMock'); + const targetEther = await ethers.deployContract('EtherReceiverMock'); + + return { recipient, other, mock, target, targetEther }; +} + +describe('Address', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('sendValue', function () { + describe('when sender contract has no funds', function () { + it('sends 0 wei', async function () { + await expect(this.mock.$sendValue(this.other, 0n)).to.changeEtherBalance(this.recipient, 0n); + }); + + it('reverts when sending non-zero amounts', async function () { + await expect(this.mock.$sendValue(this.other, 1n)) + .to.be.revertedWithCustomError(this.mock, 'InsufficientBalance') + .withArgs(0n, 1n); + }); + }); + + describe('when sender contract has funds', function () { + const funds = ethers.parseEther('1'); + + beforeEach(async function () { + await this.other.sendTransaction({ to: this.mock, value: funds }); + }); + + describe('with EOA recipient', function () { + it('sends 0 wei', async function () { + await expect(this.mock.$sendValue(this.recipient, 0n)).to.changeEtherBalance(this.recipient, 0n); + }); + + it('sends non-zero amounts', async function () { + await expect(this.mock.$sendValue(this.recipient, funds - 1n)).to.changeEtherBalance( + this.recipient, + funds - 1n, + ); + }); + + it('sends the whole balance', async function () { + await expect(this.mock.$sendValue(this.recipient, funds)).to.changeEtherBalance(this.recipient, funds); + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + }); + + it('reverts when sending more than the balance', async function () { + await expect(this.mock.$sendValue(this.recipient, funds + 1n)) + .to.be.revertedWithCustomError(this.mock, 'InsufficientBalance') + .withArgs(funds, funds + 1n); + }); + }); + + describe('with contract recipient', function () { + it('sends funds', async function () { + await this.targetEther.setAcceptEther(true); + await expect(this.mock.$sendValue(this.targetEther, funds)).to.changeEtherBalance(this.targetEther, funds); + }); + + it('reverts on recipient revert', async function () { + await this.targetEther.setAcceptEther(false); + await expect(this.mock.$sendValue(this.targetEther, funds)).to.be.revertedWithCustomError( + this.mock, + 'FailedCall', + ); + }); + }); + }); + }); + + describe('functionCall', function () { + describe('with valid contract receiver', function () { + it('calls the requested function', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionCall(this.target, call)) + .to.emit(this.target, 'MockFunctionCalled') + .to.emit(this.mock, 'return$functionCall') + .withArgs(coder.encode(['string'], ['0x1234'])); + }); + + it('calls the requested empty return function', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionEmptyReturn'); + + await expect(this.mock.$functionCall(this.target, call)).to.emit(this.target, 'MockFunctionCalled'); + }); + + it('reverts when the called function reverts with no reason', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionRevertsNoReason'); + + await expect(this.mock.$functionCall(this.target, call)).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + + it('reverts when the called function reverts, bubbling up the revert reason', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionRevertsReason'); + + await expect(this.mock.$functionCall(this.target, call)).to.be.revertedWith('CallReceiverMock: reverting'); + }); + + it('reverts when the called function runs out of gas', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionOutOfGas'); + + await expect(this.mock.$functionCall(this.target, call, { gasLimit: 120_000n })).to.be.revertedWithCustomError( + this.mock, + 'FailedCall', + ); + }); + + it('reverts when the called function throws', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionThrows'); + + await expect(this.mock.$functionCall(this.target, call)).to.be.revertedWithPanic(PANIC_CODES.ASSERTION_ERROR); + }); + + it('reverts when function does not exist', async function () { + const interface = new ethers.Interface(['function mockFunctionDoesNotExist()']); + const call = interface.encodeFunctionData('mockFunctionDoesNotExist'); + + await expect(this.mock.$functionCall(this.target, call)).to.be.revertedWithCustomError(this.mock, 'FailedCall'); + }); + }); + + describe('with non-contract receiver', function () { + it('reverts when address is not a contract', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionCall(this.recipient, call)) + .to.be.revertedWithCustomError(this.mock, 'AddressEmptyCode') + .withArgs(this.recipient); + }); + }); + }); + + describe('functionCallWithValue', function () { + describe('with zero value', function () { + it('calls the requested function', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionCallWithValue(this.target, call, 0n)) + .to.emit(this.target, 'MockFunctionCalled') + .to.emit(this.mock, 'return$functionCallWithValue') + .withArgs(coder.encode(['string'], ['0x1234'])); + }); + }); + + describe('with non-zero value', function () { + const value = ethers.parseEther('1.2'); + + it('reverts if insufficient sender balance', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionCallWithValue(this.target, call, value)) + .to.be.revertedWithCustomError(this.mock, 'InsufficientBalance') + .withArgs(0n, value); + }); + + it('calls the requested function with existing value', async function () { + await this.other.sendTransaction({ to: this.mock, value }); + + const call = this.target.interface.encodeFunctionData('mockFunction'); + const tx = await this.mock.$functionCallWithValue(this.target, call, value); + + await expect(tx).to.changeEtherBalance(this.target, value); + + await expect(tx) + .to.emit(this.target, 'MockFunctionCalled') + .to.emit(this.mock, 'return$functionCallWithValue') + .withArgs(coder.encode(['string'], ['0x1234'])); + }); + + it('calls the requested function with transaction funds', async function () { + expect(await ethers.provider.getBalance(this.mock)).to.equal(0n); + + const call = this.target.interface.encodeFunctionData('mockFunction'); + const tx = await this.mock.connect(this.other).$functionCallWithValue(this.target, call, value, { value }); + + await expect(tx).to.changeEtherBalance(this.target, value); + await expect(tx) + .to.emit(this.target, 'MockFunctionCalled') + .to.emit(this.mock, 'return$functionCallWithValue') + .withArgs(coder.encode(['string'], ['0x1234'])); + }); + + it('reverts when calling non-payable functions', async function () { + await this.other.sendTransaction({ to: this.mock, value }); + + const call = this.target.interface.encodeFunctionData('mockFunctionNonPayable'); + + await expect(this.mock.$functionCallWithValue(this.target, call, value)).to.be.revertedWithCustomError( + this.mock, + 'FailedCall', + ); + }); + }); + }); + + describe('functionStaticCall', function () { + it('calls the requested function', async function () { + const call = this.target.interface.encodeFunctionData('mockStaticFunction'); + + expect(await this.mock.$functionStaticCall(this.target, call)).to.equal(coder.encode(['string'], ['0x1234'])); + }); + + it('reverts on a non-static function', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionStaticCall(this.target, call)).to.be.revertedWithCustomError( + this.mock, + 'FailedCall', + ); + }); + + it('bubbles up revert reason', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionRevertsReason'); + + await expect(this.mock.$functionStaticCall(this.target, call)).to.be.revertedWith('CallReceiverMock: reverting'); + }); + + it('reverts when address is not a contract', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionStaticCall(this.recipient, call)) + .to.be.revertedWithCustomError(this.mock, 'AddressEmptyCode') + .withArgs(this.recipient); + }); + }); + + describe('functionDelegateCall', function () { + it('delegate calls the requested function', async function () { + const slot = ethers.hexlify(ethers.randomBytes(32)); + const value = ethers.hexlify(ethers.randomBytes(32)); + + const call = this.target.interface.encodeFunctionData('mockFunctionWritesStorage', [slot, value]); + + expect(await ethers.provider.getStorage(this.mock, slot)).to.equal(ethers.ZeroHash); + + await expect(await this.mock.$functionDelegateCall(this.target, call)) + .to.emit(this.mock, 'return$functionDelegateCall') + .withArgs(coder.encode(['string'], ['0x1234'])); + + expect(await ethers.provider.getStorage(this.mock, slot)).to.equal(value); + }); + + it('bubbles up revert reason', async function () { + const call = this.target.interface.encodeFunctionData('mockFunctionRevertsReason'); + + await expect(this.mock.$functionDelegateCall(this.target, call)).to.be.revertedWith( + 'CallReceiverMock: reverting', + ); + }); + + it('reverts when address is not a contract', async function () { + const call = this.target.interface.encodeFunctionData('mockFunction'); + + await expect(this.mock.$functionDelegateCall(this.recipient, call)) + .to.be.revertedWithCustomError(this.mock, 'AddressEmptyCode') + .withArgs(this.recipient); + }); + }); + + describe('verifyCallResult', function () { + it('returns returndata on success', async function () { + const returndata = '0x123abc'; + expect(await this.mock.$verifyCallResult(true, returndata)).to.equal(returndata); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Arrays.t.sol b/dependencies/@openzeppelin/test/utils/Arrays.t.sol new file mode 100644 index 00000000..09c7b66b --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Arrays.t.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SymTest} from "halmos-cheatcodes/SymTest.sol"; +import {Arrays} from "@openzeppelin/contracts/utils/Arrays.sol"; + +contract ArraysTest is Test, SymTest { + function testSort(uint256[] memory values) public { + Arrays.sort(values); + _assertSort(values); + } + + function symbolicSort() public { + uint256[] memory values = new uint256[](3); + for (uint256 i = 0; i < 3; i++) { + values[i] = svm.createUint256("arrayElement"); + } + Arrays.sort(values); + _assertSort(values); + } + + /// Asserts + + function _assertSort(uint256[] memory values) internal { + for (uint256 i = 1; i < values.length; ++i) { + assertLe(values[i - 1], values[i]); + } + } +} diff --git a/dependencies/@openzeppelin/test/utils/Arrays.test.js b/dependencies/@openzeppelin/test/utils/Arrays.test.js new file mode 100644 index 00000000..bcb38589 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Arrays.test.js @@ -0,0 +1,223 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { generators } = require('../helpers/random'); +const { capitalize } = require('../../scripts/helpers'); +const { TYPES } = require('../../scripts/generate/templates/Arrays.opts'); + +// See https://en.cppreference.com/w/cpp/algorithm/lower_bound +const lowerBound = (array, value) => { + const i = array.findIndex(element => value <= element); + return i == -1 ? array.length : i; +}; + +// See https://en.cppreference.com/w/cpp/algorithm/upper_bound +const upperBound = (array, value) => { + const i = array.findIndex(element => value < element); + return i == -1 ? array.length : i; +}; + +const bigintSign = x => (x > 0n ? 1 : x < 0n ? -1 : 0); +const comparator = (a, b) => bigintSign(ethers.toBigInt(a) - ethers.toBigInt(b)); +const hasDuplicates = array => array.some((v, i) => array.indexOf(v) != i); + +describe('Arrays', function () { + const fixture = async () => { + return { mock: await ethers.deployContract('$Arrays') }; + }; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('search', function () { + for (const [title, { array, tests }] of Object.entries({ + 'Even number of elements': { + array: [11n, 12n, 13n, 14n, 15n, 16n, 17n, 18n, 19n, 20n], + tests: { + 'basic case': 16n, + 'first element': 11n, + 'last element': 20n, + 'searched value is over the upper boundary': 32n, + 'searched value is under the lower boundary': 2n, + }, + }, + 'Odd number of elements': { + array: [11n, 12n, 13n, 14n, 15n, 16n, 17n, 18n, 19n, 20n, 21n], + tests: { + 'basic case': 16n, + 'first element': 11n, + 'last element': 21n, + 'searched value is over the upper boundary': 32n, + 'searched value is under the lower boundary': 2n, + }, + }, + 'Array with gap': { + array: [11n, 12n, 13n, 14n, 15n, 20n, 21n, 22n, 23n, 24n], + tests: { + 'search value in gap': 17n, + }, + }, + 'Array with duplicated elements': { + array: [0n, 10n, 10n, 10n, 10n, 10n, 10n, 10n, 20n], + tests: { + 'search value is duplicated': 10n, + }, + }, + 'Array with duplicated first element': { + array: [10n, 10n, 10n, 10n, 10n, 10n, 10n, 20n], + tests: { + 'search value is duplicated first element': 10n, + }, + }, + 'Array with duplicated last element': { + array: [0n, 10n, 10n, 10n, 10n, 10n, 10n, 10n], + tests: { + 'search value is duplicated last element': 10n, + }, + }, + 'Empty array': { + array: [], + tests: { + 'always returns 0 for empty array': 10n, + }, + }, + })) { + describe(title, function () { + const fixture = async () => { + return { instance: await ethers.deployContract('Uint256ArraysMock', [array]) }; + }; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const [name, input] of Object.entries(tests)) { + describe(name, function () { + it('[deprecated] findUpperBound', async function () { + // findUpperBound does not support duplicated + if (hasDuplicates(array)) { + expect(await this.instance.findUpperBound(input)).to.equal(upperBound(array, input) - 1); + } else { + expect(await this.instance.findUpperBound(input)).to.equal(lowerBound(array, input)); + } + }); + + it('lowerBound', async function () { + expect(await this.instance.lowerBound(input)).to.equal(lowerBound(array, input)); + expect(await this.instance.lowerBoundMemory(array, input)).to.equal(lowerBound(array, input)); + }); + + it('upperBound', async function () { + expect(await this.instance.upperBound(input)).to.equal(upperBound(array, input)); + expect(await this.instance.upperBoundMemory(array, input)).to.equal(upperBound(array, input)); + }); + }); + } + }); + } + }); + + for (const type of TYPES) { + const elements = Array.from({ length: 10 }, generators[type]); + + describe(type, function () { + const fixture = async () => { + return { instance: await ethers.deployContract(`${capitalize(type)}ArraysMock`, [elements]) }; + }; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('sort', function () { + for (const length of [0, 1, 2, 8, 32, 128]) { + describe(`${type}[] of length ${length}`, function () { + beforeEach(async function () { + this.array = Array.from({ length }, generators[type]); + }); + + afterEach(async function () { + const expected = Array.from(this.array).sort(comparator); + const reversed = Array.from(expected).reverse(); + expect(await this.instance.sort(this.array)).to.deep.equal(expected); + expect(await this.instance.sortReverse(this.array)).to.deep.equal(reversed); + }); + + it('sort array', async function () { + // nothing to do here, beforeEach and afterEach already take care of everything. + }); + + if (length > 1) { + it('sort array for identical elements', async function () { + // duplicate the first value to all elements + this.array.fill(this.array.at(0)); + }); + + it('sort already sorted array', async function () { + // pre-sort the elements + this.array.sort(comparator); + }); + + it('sort reversed array', async function () { + // pre-sort in reverse order + this.array.sort(comparator).reverse(); + }); + + it('sort almost sorted array', async function () { + // pre-sort + rotate (move the last element to the front) for an almost sorted effect + this.array.sort(comparator); + this.array.unshift(this.array.pop()); + }); + } + }); + } + }); + + describe('unsafeAccess', function () { + describe('storage', function () { + for (const i in elements) { + it(`unsafeAccess within bounds #${i}`, async function () { + expect(await this.instance.unsafeAccess(i)).to.equal(elements[i]); + }); + } + + it('unsafeAccess outside bounds', async function () { + await expect(this.instance.unsafeAccess(elements.length)).to.not.be.rejected; + }); + + it('unsafeSetLength changes the length or the array', async function () { + const newLength = generators.uint256(); + + expect(await this.instance.length()).to.equal(elements.length); + await expect(this.instance.unsafeSetLength(newLength)).to.not.be.rejected; + expect(await this.instance.length()).to.equal(newLength); + }); + }); + + describe('memory', function () { + const fragment = `$unsafeMemoryAccess(${type}[] arr, uint256 pos)`; + + for (const i in elements) { + it(`unsafeMemoryAccess within bounds #${i}`, async function () { + expect(await this.mock[fragment](elements, i)).to.equal(elements[i]); + }); + } + + it('unsafeMemoryAccess outside bounds', async function () { + await expect(this.mock[fragment](elements, elements.length)).to.not.be.rejected; + }); + + it('unsafeMemoryAccess loop around', async function () { + for (let i = 251n; i < 256n; ++i) { + expect(await this.mock[fragment](elements, 2n ** i - 1n)).to.equal(BigInt(elements.length)); + expect(await this.mock[fragment](elements, 2n ** i + 0n)).to.equal(elements[0]); + expect(await this.mock[fragment](elements, 2n ** i + 1n)).to.equal(elements[1]); + } + }); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/Base64.t.sol b/dependencies/@openzeppelin/test/utils/Base64.t.sol new file mode 100644 index 00000000..021ae03a --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Base64.t.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Base64} from "@openzeppelin/contracts/utils/Base64.sol"; + +contract Base64Test is Test { + function testEncode(bytes memory input) external { + assertEq(Base64.encode(input), vm.toBase64(input)); + } + + function testEncodeURL(bytes memory input) external { + assertEq(Base64.encodeURL(input), _removePadding(vm.toBase64URL(input))); + } + + function _removePadding(string memory inputStr) internal pure returns (string memory) { + bytes memory input = bytes(inputStr); + bytes memory output; + + for (uint256 i = 0; i < input.length; ++i) { + if (input[input.length - i - 1] != 0x3d) { + output = new bytes(input.length - i); + break; + } + } + + for (uint256 i = 0; i < output.length; ++i) { + output[i] = input[i]; + } + + return string(output); + } +} diff --git a/dependencies/@openzeppelin/test/utils/Base64.test.js b/dependencies/@openzeppelin/test/utils/Base64.test.js new file mode 100644 index 00000000..5c427466 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Base64.test.js @@ -0,0 +1,59 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +// Replace "+/" with "-_" in the char table, and remove the padding +// see https://datatracker.ietf.org/doc/html/rfc4648#section-5 +const base64toBase64Url = str => str.replaceAll('+', '-').replaceAll('/', '_').replaceAll('=', ''); + +async function fixture() { + const mock = await ethers.deployContract('$Base64'); + return { mock }; +} + +describe('Strings', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('base64', function () { + for (const { title, input, expected } of [ + { title: 'converts to base64 encoded string with double padding', input: 'test', expected: 'dGVzdA==' }, + { title: 'converts to base64 encoded string with single padding', input: 'test1', expected: 'dGVzdDE=' }, + { title: 'converts to base64 encoded string without padding', input: 'test12', expected: 'dGVzdDEy' }, + { title: 'converts to base64 encoded string (/ case)', input: 'oΓΉ', expected: 'b/k=' }, + { title: 'converts to base64 encoded string (+ case)', input: 'zs~1t8', expected: 'enN+MXQ4' }, + { title: 'empty bytes', input: '', expected: '' }, + ]) + it(title, async function () { + const buffer = Buffer.from(input, 'ascii'); + expect(await this.mock.$encode(buffer)).to.equal(ethers.encodeBase64(buffer)); + expect(await this.mock.$encode(buffer)).to.equal(expected); + }); + }); + + describe('base64url', function () { + for (const { title, input, expected } of [ + { title: 'converts to base64url encoded string with double padding', input: 'test', expected: 'dGVzdA' }, + { title: 'converts to base64url encoded string with single padding', input: 'test1', expected: 'dGVzdDE' }, + { title: 'converts to base64url encoded string without padding', input: 'test12', expected: 'dGVzdDEy' }, + { title: 'converts to base64url encoded string (_ case)', input: 'oΓΉ', expected: 'b_k' }, + { title: 'converts to base64url encoded string (- case)', input: 'zs~1t8', expected: 'enN-MXQ4' }, + { title: 'empty bytes', input: '', expected: '' }, + ]) + it(title, async function () { + const buffer = Buffer.from(input, 'ascii'); + expect(await this.mock.$encodeURL(buffer)).to.equal(base64toBase64Url(ethers.encodeBase64(buffer))); + expect(await this.mock.$encodeURL(buffer)).to.equal(expected); + }); + }); + + it('Encode reads beyond the input buffer into dirty memory', async function () { + const mock = await ethers.deployContract('Base64Dirty'); + const buffer32 = ethers.id('example'); + const buffer31 = buffer32.slice(0, -2); + + expect(await mock.encode(buffer31)).to.equal(ethers.encodeBase64(buffer31)); + expect(await mock.encode(buffer32)).to.equal(ethers.encodeBase64(buffer32)); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Context.behavior.js b/dependencies/@openzeppelin/test/utils/Context.behavior.js new file mode 100644 index 00000000..adb140fc --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Context.behavior.js @@ -0,0 +1,48 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + return { contextHelper: await ethers.deployContract('ContextMockCaller', []) }; +} +function shouldBehaveLikeRegularContext() { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('msgSender', function () { + it('returns the transaction sender when called from an EOA', async function () { + await expect(this.context.connect(this.sender).msgSender()).to.emit(this.context, 'Sender').withArgs(this.sender); + }); + + it('returns the transaction sender when called from another contract', async function () { + await expect(this.contextHelper.connect(this.sender).callSender(this.context)) + .to.emit(this.context, 'Sender') + .withArgs(this.contextHelper); + }); + }); + + describe('msgData', function () { + const args = [42n, 'OpenZeppelin']; + + it('returns the transaction data when called from an EOA', async function () { + const callData = this.context.interface.encodeFunctionData('msgData', args); + + await expect(this.context.msgData(...args)) + .to.emit(this.context, 'Data') + .withArgs(callData, ...args); + }); + + it('returns the transaction sender when from another contract', async function () { + const callData = this.context.interface.encodeFunctionData('msgData', args); + + await expect(this.contextHelper.callData(this.context, ...args)) + .to.emit(this.context, 'Data') + .withArgs(callData, ...args); + }); + }); +} + +module.exports = { + shouldBehaveLikeRegularContext, +}; diff --git a/dependencies/@openzeppelin/test/utils/Context.test.js b/dependencies/@openzeppelin/test/utils/Context.test.js new file mode 100644 index 00000000..b766729e --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Context.test.js @@ -0,0 +1,18 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldBehaveLikeRegularContext } = require('./Context.behavior'); + +async function fixture() { + const [sender] = await ethers.getSigners(); + const context = await ethers.deployContract('ContextMock', []); + return { sender, context }; +} + +describe('Context', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldBehaveLikeRegularContext(); +}); diff --git a/dependencies/@openzeppelin/test/utils/Create2.t.sol b/dependencies/@openzeppelin/test/utils/Create2.t.sol new file mode 100644 index 00000000..6cc037a3 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Create2.t.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Create2} from "@openzeppelin/contracts/utils/Create2.sol"; + +contract Create2Test is Test { + function testSymbolicComputeAddressSpillage(bytes32 salt, bytes32 bytecodeHash, address deployer) public { + address predicted = Create2.computeAddress(salt, bytecodeHash, deployer); + bytes32 spillage; + assembly ("memory-safe") { + spillage := and(predicted, 0xffffffffffffffffffffffff0000000000000000000000000000000000000000) + } + assertEq(spillage, bytes32(0)); + } +} diff --git a/dependencies/@openzeppelin/test/utils/Create2.test.js b/dependencies/@openzeppelin/test/utils/Create2.test.js new file mode 100644 index 00000000..152fdbdf --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Create2.test.js @@ -0,0 +1,190 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { RevertType } = require('../helpers/enums'); + +async function fixture() { + const [deployer, other] = await ethers.getSigners(); + + const factory = await ethers.deployContract('$Create2'); + + // Bytecode for deploying a contract that includes a constructor. + // We use a vesting wallet, with 3 constructor arguments. + const constructorByteCode = await ethers + .getContractFactory('VestingWallet') + .then(({ bytecode, interface }) => ethers.concat([bytecode, interface.encodeDeploy([other.address, 0n, 0n])])); + + // Bytecode for deploying a contract that has no constructor log. + // Here we use the Create2 helper factory. + const constructorLessBytecode = await ethers + .getContractFactory('$Create2') + .then(({ bytecode, interface }) => ethers.concat([bytecode, interface.encodeDeploy([])])); + + const mockFactory = await ethers.getContractFactory('ConstructorMock'); + + return { deployer, other, factory, constructorByteCode, constructorLessBytecode, mockFactory }; +} + +describe('Create2', function () { + const salt = 'salt message'; + const saltHex = ethers.id(salt); + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('computeAddress', function () { + it('computes the correct contract address', async function () { + const onChainComputed = await this.factory.$computeAddress(saltHex, ethers.keccak256(this.constructorByteCode)); + const offChainComputed = ethers.getCreate2Address( + this.factory.target, + saltHex, + ethers.keccak256(this.constructorByteCode), + ); + expect(onChainComputed).to.equal(offChainComputed); + }); + + it('computes the correct contract address with deployer', async function () { + const onChainComputed = await this.factory.$computeAddress( + saltHex, + ethers.keccak256(this.constructorByteCode), + ethers.Typed.address(this.deployer), + ); + const offChainComputed = ethers.getCreate2Address( + this.deployer.address, + saltHex, + ethers.keccak256(this.constructorByteCode), + ); + expect(onChainComputed).to.equal(offChainComputed); + }); + }); + + describe('deploy', function () { + it('deploys a contract without constructor', async function () { + const offChainComputed = ethers.getCreate2Address( + this.factory.target, + saltHex, + ethers.keccak256(this.constructorLessBytecode), + ); + + await expect(this.factory.$deploy(0n, saltHex, this.constructorLessBytecode)) + .to.emit(this.factory, 'return$deploy') + .withArgs(offChainComputed); + + expect(this.constructorLessBytecode).to.include((await ethers.provider.getCode(offChainComputed)).slice(2)); + }); + + it('deploys a contract with constructor arguments', async function () { + const offChainComputed = ethers.getCreate2Address( + this.factory.target, + saltHex, + ethers.keccak256(this.constructorByteCode), + ); + + await expect(this.factory.$deploy(0n, saltHex, this.constructorByteCode)) + .to.emit(this.factory, 'return$deploy') + .withArgs(offChainComputed); + + const instance = await ethers.getContractAt('VestingWallet', offChainComputed); + + expect(await instance.owner()).to.equal(this.other); + }); + + it('deploys a contract with funds deposited in the factory', async function () { + const value = 10n; + + await this.deployer.sendTransaction({ to: this.factory, value }); + + const offChainComputed = ethers.getCreate2Address( + this.factory.target, + saltHex, + ethers.keccak256(this.constructorByteCode), + ); + + expect(await ethers.provider.getBalance(this.factory)).to.equal(value); + expect(await ethers.provider.getBalance(offChainComputed)).to.equal(0n); + + await expect(this.factory.$deploy(value, saltHex, this.constructorByteCode)) + .to.emit(this.factory, 'return$deploy') + .withArgs(offChainComputed); + + expect(await ethers.provider.getBalance(this.factory)).to.equal(0n); + expect(await ethers.provider.getBalance(offChainComputed)).to.equal(value); + }); + + it('fails deploying a contract in an existent address', async function () { + await expect(this.factory.$deploy(0n, saltHex, this.constructorByteCode)).to.emit(this.factory, 'return$deploy'); + + await expect(this.factory.$deploy(0n, saltHex, this.constructorByteCode)).to.be.revertedWithCustomError( + this.factory, + 'FailedDeployment', + ); + }); + + it('fails deploying a contract if the bytecode length is zero', async function () { + await expect(this.factory.$deploy(0n, saltHex, '0x')).to.be.revertedWithCustomError( + this.factory, + 'Create2EmptyBytecode', + ); + }); + + it('fails deploying a contract if factory contract does not have sufficient balance', async function () { + await expect(this.factory.$deploy(1n, saltHex, this.constructorByteCode)) + .to.be.revertedWithCustomError(this.factory, 'InsufficientBalance') + .withArgs(0n, 1n); + }); + + describe('reverts error thrown during contract creation', function () { + it('bubbles up without message', async function () { + await expect( + this.factory.$deploy( + 0n, + saltHex, + ethers.concat([ + this.mockFactory.bytecode, + this.mockFactory.interface.encodeDeploy([RevertType.RevertWithoutMessage]), + ]), + ), + ).to.be.revertedWithCustomError(this.factory, 'FailedDeployment'); + }); + + it('bubbles up message', async function () { + await expect( + this.factory.$deploy( + 0n, + saltHex, + ethers.concat([ + this.mockFactory.bytecode, + this.mockFactory.interface.encodeDeploy([RevertType.RevertWithMessage]), + ]), + ), + ).to.be.revertedWith('ConstructorMock: reverting'); + }); + + it('bubbles up custom error', async function () { + await expect( + this.factory.$deploy( + 0n, + saltHex, + ethers.concat([ + this.mockFactory.bytecode, + this.mockFactory.interface.encodeDeploy([RevertType.RevertWithCustomError]), + ]), + ), + ).to.be.revertedWithCustomError({ interface: this.mockFactory.interface }, 'CustomError'); + }); + + it('bubbles up panic', async function () { + await expect( + this.factory.$deploy( + 0n, + saltHex, + ethers.concat([this.mockFactory.bytecode, this.mockFactory.interface.encodeDeploy([RevertType.Panic])]), + ), + ).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Multicall.test.js b/dependencies/@openzeppelin/test/utils/Multicall.test.js new file mode 100644 index 00000000..9c84e443 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Multicall.test.js @@ -0,0 +1,72 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [holder, alice, bruce] = await ethers.getSigners(); + + const amount = 12_000n; + const helper = await ethers.deployContract('MulticallHelper'); + const mock = await ethers.deployContract('$ERC20MulticallMock', ['name', 'symbol']); + await mock.$_mint(holder, amount); + + return { holder, alice, bruce, amount, mock, helper }; +} + +describe('Multicall', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('batches function calls', async function () { + expect(await this.mock.balanceOf(this.alice)).to.equal(0n); + expect(await this.mock.balanceOf(this.bruce)).to.equal(0n); + + await expect( + this.mock.multicall([ + this.mock.interface.encodeFunctionData('transfer', [this.alice.address, this.amount / 2n]), + this.mock.interface.encodeFunctionData('transfer', [this.bruce.address, this.amount / 3n]), + ]), + ) + .to.emit(this.mock, 'Transfer') + .withArgs(this.holder, this.alice, this.amount / 2n) + .to.emit(this.mock, 'Transfer') + .withArgs(this.holder, this.bruce, this.amount / 3n); + + expect(await this.mock.balanceOf(this.alice)).to.equal(this.amount / 2n); + expect(await this.mock.balanceOf(this.bruce)).to.equal(this.amount / 3n); + }); + + it('returns an array with the result of each call', async function () { + await this.mock.transfer(this.helper, this.amount); + expect(await this.mock.balanceOf(this.helper)).to.equal(this.amount); + + await this.helper.checkReturnValues(this.mock, [this.alice, this.bruce], [this.amount / 2n, this.amount / 3n]); + }); + + it('reverts previous calls', async function () { + expect(await this.mock.balanceOf(this.alice)).to.equal(0n); + + await expect( + this.mock.multicall([ + this.mock.interface.encodeFunctionData('transfer', [this.alice.address, this.amount]), + this.mock.interface.encodeFunctionData('transfer', [this.bruce.address, this.amount]), + ]), + ) + .to.be.revertedWithCustomError(this.mock, 'ERC20InsufficientBalance') + .withArgs(this.holder, 0, this.amount); + + expect(await this.mock.balanceOf(this.alice)).to.equal(0n); + }); + + it('bubbles up revert reasons', async function () { + await expect( + this.mock.multicall([ + this.mock.interface.encodeFunctionData('transfer', [this.alice.address, this.amount]), + this.mock.interface.encodeFunctionData('transfer', [this.bruce.address, this.amount]), + ]), + ) + .to.be.revertedWithCustomError(this.mock, 'ERC20InsufficientBalance') + .withArgs(this.holder, 0, this.amount); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Nonces.test.js b/dependencies/@openzeppelin/test/utils/Nonces.test.js new file mode 100644 index 00000000..2cb4798d --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Nonces.test.js @@ -0,0 +1,75 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [sender, other] = await ethers.getSigners(); + + const mock = await ethers.deployContract('$Nonces'); + + return { sender, other, mock }; +} + +describe('Nonces', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('gets a nonce', async function () { + expect(await this.mock.nonces(this.sender)).to.equal(0n); + }); + + describe('_useNonce', function () { + it('increments a nonce', async function () { + expect(await this.mock.nonces(this.sender)).to.equal(0n); + + await expect(await this.mock.$_useNonce(this.sender)) + .to.emit(this.mock, 'return$_useNonce') + .withArgs(0n); + + expect(await this.mock.nonces(this.sender)).to.equal(1n); + }); + + it("increments only sender's nonce", async function () { + expect(await this.mock.nonces(this.sender)).to.equal(0n); + expect(await this.mock.nonces(this.other)).to.equal(0n); + + await this.mock.$_useNonce(this.sender); + + expect(await this.mock.nonces(this.sender)).to.equal(1n); + expect(await this.mock.nonces(this.other)).to.equal(0n); + }); + }); + + describe('_useCheckedNonce', function () { + it('increments a nonce', async function () { + const currentNonce = await this.mock.nonces(this.sender); + + expect(currentNonce).to.equal(0n); + + await this.mock.$_useCheckedNonce(this.sender, currentNonce); + + expect(await this.mock.nonces(this.sender)).to.equal(1n); + }); + + it("increments only sender's nonce", async function () { + const currentNonce = await this.mock.nonces(this.sender); + + expect(currentNonce).to.equal(0n); + expect(await this.mock.nonces(this.other)).to.equal(0n); + + await this.mock.$_useCheckedNonce(this.sender, currentNonce); + + expect(await this.mock.nonces(this.sender)).to.equal(1n); + expect(await this.mock.nonces(this.other)).to.equal(0n); + }); + + it('reverts when nonce is not the expected', async function () { + const currentNonce = await this.mock.nonces(this.sender); + + await expect(this.mock.$_useCheckedNonce(this.sender, currentNonce + 1n)) + .to.be.revertedWithCustomError(this.mock, 'InvalidAccountNonce') + .withArgs(this.sender, currentNonce); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Packing.t.sol b/dependencies/@openzeppelin/test/utils/Packing.t.sol new file mode 100644 index 00000000..9531f1bf --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Packing.t.sol @@ -0,0 +1,681 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/Packing.t.js. + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Packing} from "@openzeppelin/contracts/utils/Packing.sol"; + +contract PackingTest is Test { + using Packing for *; + + function testPack(bytes1 left, bytes1 right) external { + assertEq(left, Packing.pack_1_1(left, right).extract_2_1(0)); + assertEq(right, Packing.pack_1_1(left, right).extract_2_1(1)); + } + + function testPack(bytes2 left, bytes2 right) external { + assertEq(left, Packing.pack_2_2(left, right).extract_4_2(0)); + assertEq(right, Packing.pack_2_2(left, right).extract_4_2(2)); + } + + function testPack(bytes2 left, bytes4 right) external { + assertEq(left, Packing.pack_2_4(left, right).extract_6_2(0)); + assertEq(right, Packing.pack_2_4(left, right).extract_6_4(2)); + } + + function testPack(bytes2 left, bytes6 right) external { + assertEq(left, Packing.pack_2_6(left, right).extract_8_2(0)); + assertEq(right, Packing.pack_2_6(left, right).extract_8_6(2)); + } + + function testPack(bytes4 left, bytes2 right) external { + assertEq(left, Packing.pack_4_2(left, right).extract_6_4(0)); + assertEq(right, Packing.pack_4_2(left, right).extract_6_2(4)); + } + + function testPack(bytes4 left, bytes4 right) external { + assertEq(left, Packing.pack_4_4(left, right).extract_8_4(0)); + assertEq(right, Packing.pack_4_4(left, right).extract_8_4(4)); + } + + function testPack(bytes4 left, bytes8 right) external { + assertEq(left, Packing.pack_4_8(left, right).extract_12_4(0)); + assertEq(right, Packing.pack_4_8(left, right).extract_12_8(4)); + } + + function testPack(bytes4 left, bytes12 right) external { + assertEq(left, Packing.pack_4_12(left, right).extract_16_4(0)); + assertEq(right, Packing.pack_4_12(left, right).extract_16_12(4)); + } + + function testPack(bytes4 left, bytes16 right) external { + assertEq(left, Packing.pack_4_16(left, right).extract_20_4(0)); + assertEq(right, Packing.pack_4_16(left, right).extract_20_16(4)); + } + + function testPack(bytes4 left, bytes20 right) external { + assertEq(left, Packing.pack_4_20(left, right).extract_24_4(0)); + assertEq(right, Packing.pack_4_20(left, right).extract_24_20(4)); + } + + function testPack(bytes4 left, bytes24 right) external { + assertEq(left, Packing.pack_4_24(left, right).extract_28_4(0)); + assertEq(right, Packing.pack_4_24(left, right).extract_28_24(4)); + } + + function testPack(bytes4 left, bytes28 right) external { + assertEq(left, Packing.pack_4_28(left, right).extract_32_4(0)); + assertEq(right, Packing.pack_4_28(left, right).extract_32_28(4)); + } + + function testPack(bytes6 left, bytes2 right) external { + assertEq(left, Packing.pack_6_2(left, right).extract_8_6(0)); + assertEq(right, Packing.pack_6_2(left, right).extract_8_2(6)); + } + + function testPack(bytes6 left, bytes6 right) external { + assertEq(left, Packing.pack_6_6(left, right).extract_12_6(0)); + assertEq(right, Packing.pack_6_6(left, right).extract_12_6(6)); + } + + function testPack(bytes8 left, bytes4 right) external { + assertEq(left, Packing.pack_8_4(left, right).extract_12_8(0)); + assertEq(right, Packing.pack_8_4(left, right).extract_12_4(8)); + } + + function testPack(bytes8 left, bytes8 right) external { + assertEq(left, Packing.pack_8_8(left, right).extract_16_8(0)); + assertEq(right, Packing.pack_8_8(left, right).extract_16_8(8)); + } + + function testPack(bytes8 left, bytes12 right) external { + assertEq(left, Packing.pack_8_12(left, right).extract_20_8(0)); + assertEq(right, Packing.pack_8_12(left, right).extract_20_12(8)); + } + + function testPack(bytes8 left, bytes16 right) external { + assertEq(left, Packing.pack_8_16(left, right).extract_24_8(0)); + assertEq(right, Packing.pack_8_16(left, right).extract_24_16(8)); + } + + function testPack(bytes8 left, bytes20 right) external { + assertEq(left, Packing.pack_8_20(left, right).extract_28_8(0)); + assertEq(right, Packing.pack_8_20(left, right).extract_28_20(8)); + } + + function testPack(bytes8 left, bytes24 right) external { + assertEq(left, Packing.pack_8_24(left, right).extract_32_8(0)); + assertEq(right, Packing.pack_8_24(left, right).extract_32_24(8)); + } + + function testPack(bytes12 left, bytes4 right) external { + assertEq(left, Packing.pack_12_4(left, right).extract_16_12(0)); + assertEq(right, Packing.pack_12_4(left, right).extract_16_4(12)); + } + + function testPack(bytes12 left, bytes8 right) external { + assertEq(left, Packing.pack_12_8(left, right).extract_20_12(0)); + assertEq(right, Packing.pack_12_8(left, right).extract_20_8(12)); + } + + function testPack(bytes12 left, bytes12 right) external { + assertEq(left, Packing.pack_12_12(left, right).extract_24_12(0)); + assertEq(right, Packing.pack_12_12(left, right).extract_24_12(12)); + } + + function testPack(bytes12 left, bytes16 right) external { + assertEq(left, Packing.pack_12_16(left, right).extract_28_12(0)); + assertEq(right, Packing.pack_12_16(left, right).extract_28_16(12)); + } + + function testPack(bytes12 left, bytes20 right) external { + assertEq(left, Packing.pack_12_20(left, right).extract_32_12(0)); + assertEq(right, Packing.pack_12_20(left, right).extract_32_20(12)); + } + + function testPack(bytes16 left, bytes4 right) external { + assertEq(left, Packing.pack_16_4(left, right).extract_20_16(0)); + assertEq(right, Packing.pack_16_4(left, right).extract_20_4(16)); + } + + function testPack(bytes16 left, bytes8 right) external { + assertEq(left, Packing.pack_16_8(left, right).extract_24_16(0)); + assertEq(right, Packing.pack_16_8(left, right).extract_24_8(16)); + } + + function testPack(bytes16 left, bytes12 right) external { + assertEq(left, Packing.pack_16_12(left, right).extract_28_16(0)); + assertEq(right, Packing.pack_16_12(left, right).extract_28_12(16)); + } + + function testPack(bytes16 left, bytes16 right) external { + assertEq(left, Packing.pack_16_16(left, right).extract_32_16(0)); + assertEq(right, Packing.pack_16_16(left, right).extract_32_16(16)); + } + + function testPack(bytes20 left, bytes4 right) external { + assertEq(left, Packing.pack_20_4(left, right).extract_24_20(0)); + assertEq(right, Packing.pack_20_4(left, right).extract_24_4(20)); + } + + function testPack(bytes20 left, bytes8 right) external { + assertEq(left, Packing.pack_20_8(left, right).extract_28_20(0)); + assertEq(right, Packing.pack_20_8(left, right).extract_28_8(20)); + } + + function testPack(bytes20 left, bytes12 right) external { + assertEq(left, Packing.pack_20_12(left, right).extract_32_20(0)); + assertEq(right, Packing.pack_20_12(left, right).extract_32_12(20)); + } + + function testPack(bytes24 left, bytes4 right) external { + assertEq(left, Packing.pack_24_4(left, right).extract_28_24(0)); + assertEq(right, Packing.pack_24_4(left, right).extract_28_4(24)); + } + + function testPack(bytes24 left, bytes8 right) external { + assertEq(left, Packing.pack_24_8(left, right).extract_32_24(0)); + assertEq(right, Packing.pack_24_8(left, right).extract_32_8(24)); + } + + function testPack(bytes28 left, bytes4 right) external { + assertEq(left, Packing.pack_28_4(left, right).extract_32_28(0)); + assertEq(right, Packing.pack_28_4(left, right).extract_32_4(28)); + } + + function testReplace(bytes2 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 1)); + + bytes1 oldValue = container.extract_2_1(offset); + + assertEq(newValue, container.replace_2_1(newValue, offset).extract_2_1(offset)); + assertEq(container, container.replace_2_1(newValue, offset).replace_2_1(oldValue, offset)); + } + + function testReplace(bytes4 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 3)); + + bytes1 oldValue = container.extract_4_1(offset); + + assertEq(newValue, container.replace_4_1(newValue, offset).extract_4_1(offset)); + assertEq(container, container.replace_4_1(newValue, offset).replace_4_1(oldValue, offset)); + } + + function testReplace(bytes4 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 2)); + + bytes2 oldValue = container.extract_4_2(offset); + + assertEq(newValue, container.replace_4_2(newValue, offset).extract_4_2(offset)); + assertEq(container, container.replace_4_2(newValue, offset).replace_4_2(oldValue, offset)); + } + + function testReplace(bytes6 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 5)); + + bytes1 oldValue = container.extract_6_1(offset); + + assertEq(newValue, container.replace_6_1(newValue, offset).extract_6_1(offset)); + assertEq(container, container.replace_6_1(newValue, offset).replace_6_1(oldValue, offset)); + } + + function testReplace(bytes6 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes2 oldValue = container.extract_6_2(offset); + + assertEq(newValue, container.replace_6_2(newValue, offset).extract_6_2(offset)); + assertEq(container, container.replace_6_2(newValue, offset).replace_6_2(oldValue, offset)); + } + + function testReplace(bytes6 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 2)); + + bytes4 oldValue = container.extract_6_4(offset); + + assertEq(newValue, container.replace_6_4(newValue, offset).extract_6_4(offset)); + assertEq(container, container.replace_6_4(newValue, offset).replace_6_4(oldValue, offset)); + } + + function testReplace(bytes8 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 7)); + + bytes1 oldValue = container.extract_8_1(offset); + + assertEq(newValue, container.replace_8_1(newValue, offset).extract_8_1(offset)); + assertEq(container, container.replace_8_1(newValue, offset).replace_8_1(oldValue, offset)); + } + + function testReplace(bytes8 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 6)); + + bytes2 oldValue = container.extract_8_2(offset); + + assertEq(newValue, container.replace_8_2(newValue, offset).extract_8_2(offset)); + assertEq(container, container.replace_8_2(newValue, offset).replace_8_2(oldValue, offset)); + } + + function testReplace(bytes8 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes4 oldValue = container.extract_8_4(offset); + + assertEq(newValue, container.replace_8_4(newValue, offset).extract_8_4(offset)); + assertEq(container, container.replace_8_4(newValue, offset).replace_8_4(oldValue, offset)); + } + + function testReplace(bytes8 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 2)); + + bytes6 oldValue = container.extract_8_6(offset); + + assertEq(newValue, container.replace_8_6(newValue, offset).extract_8_6(offset)); + assertEq(container, container.replace_8_6(newValue, offset).replace_8_6(oldValue, offset)); + } + + function testReplace(bytes12 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 11)); + + bytes1 oldValue = container.extract_12_1(offset); + + assertEq(newValue, container.replace_12_1(newValue, offset).extract_12_1(offset)); + assertEq(container, container.replace_12_1(newValue, offset).replace_12_1(oldValue, offset)); + } + + function testReplace(bytes12 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 10)); + + bytes2 oldValue = container.extract_12_2(offset); + + assertEq(newValue, container.replace_12_2(newValue, offset).extract_12_2(offset)); + assertEq(container, container.replace_12_2(newValue, offset).replace_12_2(oldValue, offset)); + } + + function testReplace(bytes12 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes4 oldValue = container.extract_12_4(offset); + + assertEq(newValue, container.replace_12_4(newValue, offset).extract_12_4(offset)); + assertEq(container, container.replace_12_4(newValue, offset).replace_12_4(oldValue, offset)); + } + + function testReplace(bytes12 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 6)); + + bytes6 oldValue = container.extract_12_6(offset); + + assertEq(newValue, container.replace_12_6(newValue, offset).extract_12_6(offset)); + assertEq(container, container.replace_12_6(newValue, offset).replace_12_6(oldValue, offset)); + } + + function testReplace(bytes12 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes8 oldValue = container.extract_12_8(offset); + + assertEq(newValue, container.replace_12_8(newValue, offset).extract_12_8(offset)); + assertEq(container, container.replace_12_8(newValue, offset).replace_12_8(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 15)); + + bytes1 oldValue = container.extract_16_1(offset); + + assertEq(newValue, container.replace_16_1(newValue, offset).extract_16_1(offset)); + assertEq(container, container.replace_16_1(newValue, offset).replace_16_1(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 14)); + + bytes2 oldValue = container.extract_16_2(offset); + + assertEq(newValue, container.replace_16_2(newValue, offset).extract_16_2(offset)); + assertEq(container, container.replace_16_2(newValue, offset).replace_16_2(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 12)); + + bytes4 oldValue = container.extract_16_4(offset); + + assertEq(newValue, container.replace_16_4(newValue, offset).extract_16_4(offset)); + assertEq(container, container.replace_16_4(newValue, offset).replace_16_4(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 10)); + + bytes6 oldValue = container.extract_16_6(offset); + + assertEq(newValue, container.replace_16_6(newValue, offset).extract_16_6(offset)); + assertEq(container, container.replace_16_6(newValue, offset).replace_16_6(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes8 oldValue = container.extract_16_8(offset); + + assertEq(newValue, container.replace_16_8(newValue, offset).extract_16_8(offset)); + assertEq(container, container.replace_16_8(newValue, offset).replace_16_8(oldValue, offset)); + } + + function testReplace(bytes16 container, bytes12 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes12 oldValue = container.extract_16_12(offset); + + assertEq(newValue, container.replace_16_12(newValue, offset).extract_16_12(offset)); + assertEq(container, container.replace_16_12(newValue, offset).replace_16_12(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 19)); + + bytes1 oldValue = container.extract_20_1(offset); + + assertEq(newValue, container.replace_20_1(newValue, offset).extract_20_1(offset)); + assertEq(container, container.replace_20_1(newValue, offset).replace_20_1(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 18)); + + bytes2 oldValue = container.extract_20_2(offset); + + assertEq(newValue, container.replace_20_2(newValue, offset).extract_20_2(offset)); + assertEq(container, container.replace_20_2(newValue, offset).replace_20_2(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 16)); + + bytes4 oldValue = container.extract_20_4(offset); + + assertEq(newValue, container.replace_20_4(newValue, offset).extract_20_4(offset)); + assertEq(container, container.replace_20_4(newValue, offset).replace_20_4(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 14)); + + bytes6 oldValue = container.extract_20_6(offset); + + assertEq(newValue, container.replace_20_6(newValue, offset).extract_20_6(offset)); + assertEq(container, container.replace_20_6(newValue, offset).replace_20_6(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 12)); + + bytes8 oldValue = container.extract_20_8(offset); + + assertEq(newValue, container.replace_20_8(newValue, offset).extract_20_8(offset)); + assertEq(container, container.replace_20_8(newValue, offset).replace_20_8(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes12 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes12 oldValue = container.extract_20_12(offset); + + assertEq(newValue, container.replace_20_12(newValue, offset).extract_20_12(offset)); + assertEq(container, container.replace_20_12(newValue, offset).replace_20_12(oldValue, offset)); + } + + function testReplace(bytes20 container, bytes16 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes16 oldValue = container.extract_20_16(offset); + + assertEq(newValue, container.replace_20_16(newValue, offset).extract_20_16(offset)); + assertEq(container, container.replace_20_16(newValue, offset).replace_20_16(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 23)); + + bytes1 oldValue = container.extract_24_1(offset); + + assertEq(newValue, container.replace_24_1(newValue, offset).extract_24_1(offset)); + assertEq(container, container.replace_24_1(newValue, offset).replace_24_1(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 22)); + + bytes2 oldValue = container.extract_24_2(offset); + + assertEq(newValue, container.replace_24_2(newValue, offset).extract_24_2(offset)); + assertEq(container, container.replace_24_2(newValue, offset).replace_24_2(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 20)); + + bytes4 oldValue = container.extract_24_4(offset); + + assertEq(newValue, container.replace_24_4(newValue, offset).extract_24_4(offset)); + assertEq(container, container.replace_24_4(newValue, offset).replace_24_4(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 18)); + + bytes6 oldValue = container.extract_24_6(offset); + + assertEq(newValue, container.replace_24_6(newValue, offset).extract_24_6(offset)); + assertEq(container, container.replace_24_6(newValue, offset).replace_24_6(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 16)); + + bytes8 oldValue = container.extract_24_8(offset); + + assertEq(newValue, container.replace_24_8(newValue, offset).extract_24_8(offset)); + assertEq(container, container.replace_24_8(newValue, offset).replace_24_8(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes12 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 12)); + + bytes12 oldValue = container.extract_24_12(offset); + + assertEq(newValue, container.replace_24_12(newValue, offset).extract_24_12(offset)); + assertEq(container, container.replace_24_12(newValue, offset).replace_24_12(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes16 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes16 oldValue = container.extract_24_16(offset); + + assertEq(newValue, container.replace_24_16(newValue, offset).extract_24_16(offset)); + assertEq(container, container.replace_24_16(newValue, offset).replace_24_16(oldValue, offset)); + } + + function testReplace(bytes24 container, bytes20 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes20 oldValue = container.extract_24_20(offset); + + assertEq(newValue, container.replace_24_20(newValue, offset).extract_24_20(offset)); + assertEq(container, container.replace_24_20(newValue, offset).replace_24_20(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 27)); + + bytes1 oldValue = container.extract_28_1(offset); + + assertEq(newValue, container.replace_28_1(newValue, offset).extract_28_1(offset)); + assertEq(container, container.replace_28_1(newValue, offset).replace_28_1(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 26)); + + bytes2 oldValue = container.extract_28_2(offset); + + assertEq(newValue, container.replace_28_2(newValue, offset).extract_28_2(offset)); + assertEq(container, container.replace_28_2(newValue, offset).replace_28_2(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 24)); + + bytes4 oldValue = container.extract_28_4(offset); + + assertEq(newValue, container.replace_28_4(newValue, offset).extract_28_4(offset)); + assertEq(container, container.replace_28_4(newValue, offset).replace_28_4(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 22)); + + bytes6 oldValue = container.extract_28_6(offset); + + assertEq(newValue, container.replace_28_6(newValue, offset).extract_28_6(offset)); + assertEq(container, container.replace_28_6(newValue, offset).replace_28_6(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 20)); + + bytes8 oldValue = container.extract_28_8(offset); + + assertEq(newValue, container.replace_28_8(newValue, offset).extract_28_8(offset)); + assertEq(container, container.replace_28_8(newValue, offset).replace_28_8(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes12 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 16)); + + bytes12 oldValue = container.extract_28_12(offset); + + assertEq(newValue, container.replace_28_12(newValue, offset).extract_28_12(offset)); + assertEq(container, container.replace_28_12(newValue, offset).replace_28_12(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes16 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 12)); + + bytes16 oldValue = container.extract_28_16(offset); + + assertEq(newValue, container.replace_28_16(newValue, offset).extract_28_16(offset)); + assertEq(container, container.replace_28_16(newValue, offset).replace_28_16(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes20 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes20 oldValue = container.extract_28_20(offset); + + assertEq(newValue, container.replace_28_20(newValue, offset).extract_28_20(offset)); + assertEq(container, container.replace_28_20(newValue, offset).replace_28_20(oldValue, offset)); + } + + function testReplace(bytes28 container, bytes24 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes24 oldValue = container.extract_28_24(offset); + + assertEq(newValue, container.replace_28_24(newValue, offset).extract_28_24(offset)); + assertEq(container, container.replace_28_24(newValue, offset).replace_28_24(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes1 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 31)); + + bytes1 oldValue = container.extract_32_1(offset); + + assertEq(newValue, container.replace_32_1(newValue, offset).extract_32_1(offset)); + assertEq(container, container.replace_32_1(newValue, offset).replace_32_1(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes2 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 30)); + + bytes2 oldValue = container.extract_32_2(offset); + + assertEq(newValue, container.replace_32_2(newValue, offset).extract_32_2(offset)); + assertEq(container, container.replace_32_2(newValue, offset).replace_32_2(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes4 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 28)); + + bytes4 oldValue = container.extract_32_4(offset); + + assertEq(newValue, container.replace_32_4(newValue, offset).extract_32_4(offset)); + assertEq(container, container.replace_32_4(newValue, offset).replace_32_4(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes6 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 26)); + + bytes6 oldValue = container.extract_32_6(offset); + + assertEq(newValue, container.replace_32_6(newValue, offset).extract_32_6(offset)); + assertEq(container, container.replace_32_6(newValue, offset).replace_32_6(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes8 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 24)); + + bytes8 oldValue = container.extract_32_8(offset); + + assertEq(newValue, container.replace_32_8(newValue, offset).extract_32_8(offset)); + assertEq(container, container.replace_32_8(newValue, offset).replace_32_8(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes12 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 20)); + + bytes12 oldValue = container.extract_32_12(offset); + + assertEq(newValue, container.replace_32_12(newValue, offset).extract_32_12(offset)); + assertEq(container, container.replace_32_12(newValue, offset).replace_32_12(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes16 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 16)); + + bytes16 oldValue = container.extract_32_16(offset); + + assertEq(newValue, container.replace_32_16(newValue, offset).extract_32_16(offset)); + assertEq(container, container.replace_32_16(newValue, offset).replace_32_16(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes20 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 12)); + + bytes20 oldValue = container.extract_32_20(offset); + + assertEq(newValue, container.replace_32_20(newValue, offset).extract_32_20(offset)); + assertEq(container, container.replace_32_20(newValue, offset).replace_32_20(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes24 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 8)); + + bytes24 oldValue = container.extract_32_24(offset); + + assertEq(newValue, container.replace_32_24(newValue, offset).extract_32_24(offset)); + assertEq(container, container.replace_32_24(newValue, offset).replace_32_24(oldValue, offset)); + } + + function testReplace(bytes32 container, bytes28 newValue, uint8 offset) external { + offset = uint8(bound(offset, 0, 4)); + + bytes28 oldValue = container.extract_32_28(offset); + + assertEq(newValue, container.replace_32_28(newValue, offset).extract_32_28(offset)); + assertEq(container, container.replace_32_28(newValue, offset).replace_32_28(oldValue, offset)); + } +} diff --git a/dependencies/@openzeppelin/test/utils/Packing.test.js b/dependencies/@openzeppelin/test/utils/Packing.test.js new file mode 100644 index 00000000..dd36f45d --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Packing.test.js @@ -0,0 +1,70 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { forceDeployCode } = require('../helpers/deploy'); +const { product } = require('../helpers/iterate'); +const { SIZES } = require('../../scripts/generate/templates/Packing.opts'); + +async function fixture() { + return { mock: await forceDeployCode('$Packing') }; +} + +describe('Packing', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('pack', function () { + for (const [size1, size2] of product(SIZES, SIZES).filter(([size1, size2]) => SIZES.includes(size1 + size2))) { + const value1 = ethers.hexlify(ethers.randomBytes(size1)); + const value2 = ethers.hexlify(ethers.randomBytes(size2)); + const packed = ethers.concat([value1, value2]); + + it(`pack bytes${size1} + bytes${size2} => bytes${size1 + size2}`, async function () { + expect(await this.mock[`$pack_${size1}_${size2}`](value1, value2)).to.equal(packed); + expect(await this.mock[`$extract_${size1 + size2}_${size1}`](packed, 0)).to.equal(value1); + expect(await this.mock[`$extract_${size1 + size2}_${size2}`](packed, size1)).to.equal(value2); + }); + } + }); + + describe('extract / replace', function () { + for (const [size1, size2] of product(SIZES, SIZES).filter(([size1, size2]) => size1 > size2)) { + const MAX_OFFSET = size1 - size2; + const offset = ethers.toNumber(ethers.randomBytes(1)) % (MAX_OFFSET + 1); + const outer = ethers.randomBytes(size1); + const value = ethers.randomBytes(size2); + + it(`extract bytes${size2} from bytes${size1}`, async function () { + expect(await this.mock[`$extract_${size1}_${size2}`](outer, offset)).to.equal( + ethers.hexlify(outer.slice(offset, offset + size2)), + ); + + await expect(this.mock[`$extract_${size1}_${size2}`](outer, MAX_OFFSET)).to.not.be.revertedWithCustomError( + this.mock, + 'OutOfRangeAccess', + ); + + await expect(this.mock[`$extract_${size1}_${size2}`](outer, MAX_OFFSET + 1)).to.be.revertedWithCustomError( + this.mock, + 'OutOfRangeAccess', + ); + }); + + it(`replace bytes${size2} from bytes${size1}`, async function () { + expect(await this.mock[`$replace_${size1}_${size2}`](outer, value, offset)).to.equal( + ethers.concat([outer.slice(0, offset), value, outer.slice(offset + size2)]), + ); + + await expect( + this.mock[`$replace_${size1}_${size2}`](outer, value, MAX_OFFSET), + ).to.not.be.revertedWithCustomError(this.mock, 'OutOfRangeAccess'); + + await expect( + this.mock[`$replace_${size1}_${size2}`](outer, value, MAX_OFFSET + 1), + ).to.be.revertedWithCustomError(this.mock, 'OutOfRangeAccess'); + }); + } + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/Panic.test.js b/dependencies/@openzeppelin/test/utils/Panic.test.js new file mode 100644 index 00000000..49673c75 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Panic.test.js @@ -0,0 +1,37 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +async function fixture() { + return { mock: await ethers.deployContract('$Panic') }; +} + +describe('Panic', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const [name, code] of Object.entries({ + GENERIC: 0x0, + ASSERT: PANIC_CODES.ASSERTION_ERROR, + UNDER_OVERFLOW: PANIC_CODES.ARITHMETIC_OVERFLOW, + DIVISION_BY_ZERO: PANIC_CODES.DIVISION_BY_ZERO, + ENUM_CONVERSION_ERROR: PANIC_CODES.ENUM_CONVERSION_OUT_OF_BOUNDS, + STORAGE_ENCODING_ERROR: PANIC_CODES.INCORRECTLY_ENCODED_STORAGE_BYTE_ARRAY, + EMPTY_ARRAY_POP: PANIC_CODES.POP_ON_EMPTY_ARRAY, + ARRAY_OUT_OF_BOUNDS: PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS, + RESOURCE_ERROR: PANIC_CODES.TOO_MUCH_MEMORY_ALLOCATED, + INVALID_INTERNAL_FUNCTION: PANIC_CODES.ZERO_INITIALIZED_VARIABLE, + })) { + describe(`${name} (${ethers.toBeHex(code)})`, function () { + it('exposes panic code as constant', async function () { + expect(await this.mock.getFunction(`$${name}`)()).to.equal(code); + }); + + it('reverts with panic when called', async function () { + await expect(this.mock.$panic(code)).to.be.revertedWithPanic(code); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/Pausable.test.js b/dependencies/@openzeppelin/test/utils/Pausable.test.js new file mode 100644 index 00000000..67d74a0d --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Pausable.test.js @@ -0,0 +1,90 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const [pauser] = await ethers.getSigners(); + + const mock = await ethers.deployContract('PausableMock'); + + return { pauser, mock }; +} + +describe('Pausable', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('when unpaused', function () { + beforeEach(async function () { + expect(await this.mock.paused()).to.be.false; + }); + + it('can perform normal process in non-pause', async function () { + expect(await this.mock.count()).to.equal(0n); + + await this.mock.normalProcess(); + expect(await this.mock.count()).to.equal(1n); + }); + + it('cannot take drastic measure in non-pause', async function () { + await expect(this.mock.drasticMeasure()).to.be.revertedWithCustomError(this.mock, 'ExpectedPause'); + + expect(await this.mock.drasticMeasureTaken()).to.be.false; + }); + + describe('when paused', function () { + beforeEach(async function () { + this.tx = await this.mock.pause(); + }); + + it('emits a Paused event', async function () { + await expect(this.tx).to.emit(this.mock, 'Paused').withArgs(this.pauser); + }); + + it('cannot perform normal process in pause', async function () { + await expect(this.mock.normalProcess()).to.be.revertedWithCustomError(this.mock, 'EnforcedPause'); + }); + + it('can take a drastic measure in a pause', async function () { + await this.mock.drasticMeasure(); + expect(await this.mock.drasticMeasureTaken()).to.be.true; + }); + + it('reverts when re-pausing', async function () { + await expect(this.mock.pause()).to.be.revertedWithCustomError(this.mock, 'EnforcedPause'); + }); + + describe('unpausing', function () { + it('is unpausable by the pauser', async function () { + await this.mock.unpause(); + expect(await this.mock.paused()).to.be.false; + }); + + describe('when unpaused', function () { + beforeEach(async function () { + this.tx = await this.mock.unpause(); + }); + + it('emits an Unpaused event', async function () { + await expect(this.tx).to.emit(this.mock, 'Unpaused').withArgs(this.pauser); + }); + + it('should resume allowing normal process', async function () { + expect(await this.mock.count()).to.equal(0n); + await this.mock.normalProcess(); + expect(await this.mock.count()).to.equal(1n); + }); + + it('should prevent drastic measure', async function () { + await expect(this.mock.drasticMeasure()).to.be.revertedWithCustomError(this.mock, 'ExpectedPause'); + }); + + it('reverts when re-unpausing', async function () { + await expect(this.mock.unpause()).to.be.revertedWithCustomError(this.mock, 'ExpectedPause'); + }); + }); + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/ReentrancyGuard.test.js b/dependencies/@openzeppelin/test/utils/ReentrancyGuard.test.js new file mode 100644 index 00000000..c4418563 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/ReentrancyGuard.test.js @@ -0,0 +1,50 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +for (const variant of ['', 'Transient']) { + describe(`Reentrancy${variant}Guard`, function () { + async function fixture() { + const name = `Reentrancy${variant}Mock`; + const mock = await ethers.deployContract(name); + return { name, mock }; + } + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('nonReentrant function can be called', async function () { + expect(await this.mock.counter()).to.equal(0n); + await this.mock.callback(); + expect(await this.mock.counter()).to.equal(1n); + }); + + it('does not allow remote callback', async function () { + const attacker = await ethers.deployContract('ReentrancyAttack'); + await expect(this.mock.countAndCall(attacker)).to.be.revertedWith('ReentrancyAttack: failed call'); + }); + + it('_reentrancyGuardEntered should be true when guarded', async function () { + await this.mock.guardedCheckEntered(); + }); + + it('_reentrancyGuardEntered should be false when unguarded', async function () { + await this.mock.unguardedCheckNotEntered(); + }); + + // The following are more side-effects than intended behavior: + // I put them here as documentation, and to monitor any changes + // in the side-effects. + it('does not allow local recursion', async function () { + await expect(this.mock.countLocalRecursive(10n)).to.be.revertedWithCustomError( + this.mock, + 'ReentrancyGuardReentrantCall', + ); + }); + + it('does not allow indirect local recursion', async function () { + await expect(this.mock.countThisRecursive(10n)).to.be.revertedWith(`${this.name}: failed call`); + }); + }); +} diff --git a/dependencies/@openzeppelin/test/utils/ShortStrings.t.sol b/dependencies/@openzeppelin/test/utils/ShortStrings.t.sol new file mode 100644 index 00000000..4aeafd72 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/ShortStrings.t.sol @@ -0,0 +1,109 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SymTest} from "halmos-cheatcodes/SymTest.sol"; + +import {ShortStrings, ShortString} from "@openzeppelin/contracts/utils/ShortStrings.sol"; + +contract ShortStringsTest is Test, SymTest { + string _fallback; + + function testRoundtripShort(string memory input) external { + vm.assume(_isShort(input)); + _assertRoundtripShort(input); + } + + function symbolicRoundtripShort() external { + string memory input = svm.createString(31, "RoundtripShortInput"); + _assertRoundtripShort(input); + } + + function testRoundtripWithFallback(string memory input, string memory fallbackInitial) external { + _assertRoundtripWithFallback(input, fallbackInitial); + } + + function symbolicRoundtripWithFallbackLong() external { + string memory input = svm.createString(256, "RoundtripWithFallbackInput"); + string memory fallbackInitial = svm.createString(256, "RoundtripWithFallbackFallbackInitial"); + _assertRoundtripWithFallback(input, fallbackInitial); + } + + function symbolicRoundtripWithFallbackShort() external { + string memory input = svm.createString(31, "RoundtripWithFallbackInput"); + string memory fallbackInitial = svm.createString(31, "RoundtripWithFallbackFallbackInitial"); + _assertRoundtripWithFallback(input, fallbackInitial); + } + + function testRevertLong(string memory input) external { + vm.assume(!_isShort(input)); + _assertRevertLong(input); + } + + function testLengthShort(string memory input) external { + vm.assume(_isShort(input)); + _assertLengthShort(input); + } + + function symbolicLengthShort() external { + string memory input = svm.createString(31, "LengthShortInput"); + _assertLengthShort(input); + } + + function testLengthWithFallback(string memory input, string memory fallbackInitial) external { + _fallback = fallbackInitial; + _assertLengthWithFallback(input); + } + + function symbolicLengthWithFallback() external { + uint256 length = 256; + string memory input = svm.createString(length, "LengthWithFallbackInput"); + string memory fallbackInitial = svm.createString(length, "LengthWithFallbackFallbackInitial"); + _fallback = fallbackInitial; + _assertLengthWithFallback(input); + } + + /// Assertions + + function _assertRoundtripShort(string memory input) internal { + ShortString short = ShortStrings.toShortString(input); + string memory output = ShortStrings.toString(short); + assertEq(input, output); + } + + function _assertRoundtripWithFallback(string memory input, string memory fallbackInitial) internal { + _fallback = fallbackInitial; // Make sure that the initial value has no effect + ShortString short = ShortStrings.toShortStringWithFallback(input, _fallback); + string memory output = ShortStrings.toStringWithFallback(short, _fallback); + assertEq(input, output); + } + + function _assertRevertLong(string memory input) internal { + vm.expectRevert(abi.encodeWithSelector(ShortStrings.StringTooLong.selector, input)); + this.toShortString(input); + } + + function _assertLengthShort(string memory input) internal { + ShortString short = ShortStrings.toShortString(input); + uint256 shortLength = ShortStrings.byteLength(short); + uint256 inputLength = bytes(input).length; + assertEq(inputLength, shortLength); + } + + function _assertLengthWithFallback(string memory input) internal { + uint256 inputLength = bytes(input).length; + ShortString short = ShortStrings.toShortStringWithFallback(input, _fallback); + uint256 shortLength = ShortStrings.byteLengthWithFallback(short, _fallback); + assertEq(inputLength, shortLength); + } + + /// Helpers + function toShortString(string memory input) external pure returns (ShortString) { + return ShortStrings.toShortString(input); + } + + function _isShort(string memory input) internal pure returns (bool) { + return bytes(input).length < 32; + } +} diff --git a/dependencies/@openzeppelin/test/utils/ShortStrings.test.js b/dependencies/@openzeppelin/test/utils/ShortStrings.test.js new file mode 100644 index 00000000..cb1a06aa --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/ShortStrings.test.js @@ -0,0 +1,64 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const FALLBACK_SENTINEL = ethers.zeroPadValue('0xFF', 32); + +const length = sstr => parseInt(sstr.slice(64), 16); +const decode = sstr => ethers.toUtf8String(sstr).slice(0, length(sstr)); +const encode = str => + str.length < 32 + ? ethers.concat([ + ethers.encodeBytes32String(str).slice(0, -2), + ethers.zeroPadValue(ethers.toBeArray(str.length), 1), + ]) + : FALLBACK_SENTINEL; + +async function fixture() { + const mock = await ethers.deployContract('$ShortStrings'); + return { mock }; +} + +describe('ShortStrings', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const str of [0, 1, 16, 31, 32, 64, 1024].map(length => 'a'.repeat(length))) { + describe(`with string length ${str.length}`, function () { + it('encode / decode', async function () { + if (str.length < 32) { + const encoded = await this.mock.$toShortString(str); + expect(encoded).to.equal(encode(str)); + expect(decode(encoded)).to.equal(str); + + expect(await this.mock.$byteLength(encoded)).to.equal(str.length); + expect(await this.mock.$toString(encoded)).to.equal(str); + } else { + await expect(this.mock.$toShortString(str)) + .to.be.revertedWithCustomError(this.mock, 'StringTooLong') + .withArgs(str); + } + }); + + it('set / get with fallback', async function () { + const short = await this.mock + .$toShortStringWithFallback(str, 0) + .then(tx => tx.wait()) + .then(receipt => receipt.logs.find(ev => ev.fragment.name == 'return$toShortStringWithFallback').args[0]); + + expect(short).to.equal(encode(str)); + + const promise = this.mock.$toString(short); + if (str.length < 32) { + expect(await promise).to.equal(str); + } else { + await expect(promise).to.be.revertedWithCustomError(this.mock, 'InvalidShortString'); + } + + expect(await this.mock.$byteLengthWithFallback(short, 0)).to.equal(str.length); + expect(await this.mock.$toStringWithFallback(short, 0)).to.equal(str); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/SlotDerivation.t.sol b/dependencies/@openzeppelin/test/utils/SlotDerivation.t.sol new file mode 100644 index 00000000..4021f0f8 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/SlotDerivation.t.sol @@ -0,0 +1,248 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/SlotDerivation.t.js. + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SymTest} from "halmos-cheatcodes/SymTest.sol"; +import {SlotDerivation} from "@openzeppelin/contracts/utils/SlotDerivation.sol"; + +contract SlotDerivationTest is Test, SymTest { + using SlotDerivation for bytes32; + + bytes[] private _array; + + function symbolicDeriveArray(uint256 length, uint256 offset) public { + vm.assume(length > 0); + vm.assume(offset < length); + _assertDeriveArray(length, offset); + } + + function testDeriveArray(uint256 length, uint256 offset) public { + length = bound(length, 1, type(uint256).max); + offset = bound(offset, 0, length - 1); + _assertDeriveArray(length, offset); + } + + function _assertDeriveArray(uint256 length, uint256 offset) public { + bytes32 baseSlot; + assembly { + baseSlot := _array.slot + sstore(baseSlot, length) // store length so solidity access does not revert + } + + bytes storage derived = _array[offset]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveArray().offset(offset), derivedSlot); + } + + mapping(address => bytes) private _addressMapping; + + function testSymbolicDeriveMappingAddress(address key) public { + bytes32 baseSlot; + assembly { + baseSlot := _addressMapping.slot + } + + bytes storage derived = _addressMapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(bool => bytes) private _boolMapping; + + function testSymbolicDeriveMappingBoolean(bool key) public { + bytes32 baseSlot; + assembly { + baseSlot := _boolMapping.slot + } + + bytes storage derived = _boolMapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(bytes32 => bytes) private _bytes32Mapping; + + function testSymbolicDeriveMappingBytes32(bytes32 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _bytes32Mapping.slot + } + + bytes storage derived = _bytes32Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(bytes4 => bytes) private _bytes4Mapping; + + function testSymbolicDeriveMappingBytes4(bytes4 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _bytes4Mapping.slot + } + + bytes storage derived = _bytes4Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(uint256 => bytes) private _uint256Mapping; + + function testSymbolicDeriveMappingUint256(uint256 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _uint256Mapping.slot + } + + bytes storage derived = _uint256Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(uint32 => bytes) private _uint32Mapping; + + function testSymbolicDeriveMappingUint32(uint32 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _uint32Mapping.slot + } + + bytes storage derived = _uint32Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(int256 => bytes) private _int256Mapping; + + function testSymbolicDeriveMappingInt256(int256 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _int256Mapping.slot + } + + bytes storage derived = _int256Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(int32 => bytes) private _int32Mapping; + + function testSymbolicDeriveMappingInt32(int32 key) public { + bytes32 baseSlot; + assembly { + baseSlot := _int32Mapping.slot + } + + bytes storage derived = _int32Mapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(string => bytes) private _stringMapping; + + function testDeriveMappingString(string memory key) public { + _assertDeriveMappingString(key); + } + + function symbolicDeriveMappingString() public { + _assertDeriveMappingString(svm.createString(256, "DeriveMappingStringInput")); + } + + function _assertDeriveMappingString(string memory key) internal { + bytes32 baseSlot; + assembly { + baseSlot := _stringMapping.slot + } + + bytes storage derived = _stringMapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + mapping(bytes => bytes) private _bytesMapping; + + function testDeriveMappingBytes(bytes memory key) public { + _assertDeriveMappingBytes(key); + } + + function symbolicDeriveMappingBytes() public { + _assertDeriveMappingBytes(svm.createBytes(256, "DeriveMappingBytesInput")); + } + + function _assertDeriveMappingBytes(bytes memory key) internal { + bytes32 baseSlot; + assembly { + baseSlot := _bytesMapping.slot + } + + bytes storage derived = _bytesMapping[key]; + bytes32 derivedSlot; + assembly { + derivedSlot := derived.slot + } + + assertEq(baseSlot.deriveMapping(key), derivedSlot); + } + + function testSymbolicDeriveMappingBooleanDirty(bytes32 dirtyKey) public { + bool key; + assembly { + key := dirtyKey + } + + // run the "normal" test using a potentially dirty value + testSymbolicDeriveMappingBoolean(key); + } + + function testSymbolicDeriveMappingAddressDirty(bytes32 dirtyKey) public { + address key; + assembly { + key := dirtyKey + } + + // run the "normal" test using a potentially dirty value + testSymbolicDeriveMappingAddress(key); + } +} diff --git a/dependencies/@openzeppelin/test/utils/SlotDerivation.test.js b/dependencies/@openzeppelin/test/utils/SlotDerivation.test.js new file mode 100644 index 00000000..22582b37 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/SlotDerivation.test.js @@ -0,0 +1,58 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { erc7201Slot } = require('../helpers/storage'); +const { generators } = require('../helpers/random'); + +async function fixture() { + const [account] = await ethers.getSigners(); + const mock = await ethers.deployContract('$SlotDerivation'); + return { mock, account }; +} + +describe('SlotDerivation', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('namespaces', function () { + const namespace = 'example.main'; + + it('erc-7201', async function () { + expect(await this.mock.$erc7201Slot(namespace)).to.equal(erc7201Slot(namespace)); + }); + }); + + describe('derivation', function () { + it('offset', async function () { + const base = generators.bytes32(); + const offset = generators.uint256(); + expect(await this.mock.$offset(base, offset)).to.equal((ethers.toBigInt(base) + offset) & ethers.MaxUint256); + }); + + it('array', async function () { + const base = generators.bytes32(); + expect(await this.mock.$deriveArray(base)).to.equal(ethers.keccak256(base)); + }); + + describe('mapping', function () { + for (const { type, key, isValueType } of [ + { type: 'bool', key: true, isValueType: true }, + { type: 'address', key: generators.address(), isValueType: true }, + { type: 'bytes32', key: generators.bytes32(), isValueType: true }, + { type: 'uint256', key: generators.uint256(), isValueType: true }, + { type: 'int256', key: generators.int256(), isValueType: true }, + { type: 'bytes', key: generators.hexBytes(128), isValueType: false }, + { type: 'string', key: 'lorem ipsum', isValueType: false }, + ]) { + it(type, async function () { + const base = generators.bytes32(); + const expected = isValueType + ? ethers.keccak256(ethers.AbiCoder.defaultAbiCoder().encode([type, 'bytes32'], [key, base])) + : ethers.solidityPackedKeccak256([type, 'bytes32'], [key, base]); + expect(await this.mock[`$deriveMapping(bytes32,${type})`](base, key)).to.equal(expected); + }); + } + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/StorageSlot.test.js b/dependencies/@openzeppelin/test/utils/StorageSlot.test.js new file mode 100644 index 00000000..35e83e29 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/StorageSlot.test.js @@ -0,0 +1,106 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { generators } = require('../helpers/random'); + +const slot = ethers.id('some.storage.slot'); +const otherSlot = ethers.id('some.other.storage.slot'); + +const TYPES = [ + { name: 'Boolean', type: 'bool', value: true, isValueType: true, zero: false }, + { name: 'Address', type: 'address', value: generators.address(), isValueType: true, zero: generators.address.zero }, + { name: 'Bytes32', type: 'bytes32', value: generators.bytes32(), isValueType: true, zero: generators.bytes32.zero }, + { name: 'Uint256', type: 'uint256', value: generators.uint256(), isValueType: true, zero: generators.uint256.zero }, + { name: 'Int256', type: 'int256', value: generators.int256(), isValueType: true, zero: generators.int256.zero }, + { name: 'Bytes', type: 'bytes', value: generators.hexBytes(128), isValueType: false, zero: generators.hexBytes.zero }, + { name: 'String', type: 'string', value: 'lorem ipsum', isValueType: false, zero: '' }, +]; + +async function fixture() { + return { mock: await ethers.deployContract('StorageSlotMock') }; +} + +describe('StorageSlot', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const { name, type, value, zero } of TYPES) { + describe(`${type} storage slot`, function () { + it('set', async function () { + await this.mock.getFunction(`set${name}Slot`)(slot, value); + }); + + describe('get', function () { + beforeEach(async function () { + await this.mock.getFunction(`set${name}Slot`)(slot, value); + }); + + it('from right slot', async function () { + expect(await this.mock.getFunction(`get${name}Slot`)(slot)).to.equal(value); + }); + + it('from other slot', async function () { + expect(await this.mock.getFunction(`get${name}Slot`)(otherSlot)).to.equal(zero); + }); + }); + }); + } + + for (const { name, type, value, zero } of TYPES.filter(type => !type.isValueType)) { + describe(`${type} storage pointer`, function () { + it('set', async function () { + await this.mock.getFunction(`set${name}Storage`)(slot, value); + }); + + describe('get', function () { + beforeEach(async function () { + await this.mock.getFunction(`set${name}Storage`)(slot, value); + }); + + it('from right slot', async function () { + expect(await this.mock.getFunction(`${type}Map`)(slot)).to.equal(value); + expect(await this.mock.getFunction(`get${name}Storage`)(slot)).to.equal(value); + }); + + it('from other slot', async function () { + expect(await this.mock.getFunction(`${type}Map`)(otherSlot)).to.equal(zero); + expect(await this.mock.getFunction(`get${name}Storage`)(otherSlot)).to.equal(zero); + }); + }); + }); + } + + for (const { name, type, value, zero } of TYPES.filter(type => type.isValueType)) { + describe(`${type} transient slot`, function () { + const load = `tload${name}(bytes32)`; + const store = `tstore(bytes32,${type})`; + const event = `${name}Value`; + + it('load', async function () { + await expect(this.mock[load](slot)).to.emit(this.mock, event).withArgs(slot, zero); + }); + + it('store and load (2 txs)', async function () { + await this.mock[store](slot, value); + await expect(this.mock[load](slot)).to.emit(this.mock, event).withArgs(slot, zero); + }); + + it('store and load (batched)', async function () { + await expect( + this.mock.multicall([ + this.mock.interface.encodeFunctionData(store, [slot, value]), + this.mock.interface.encodeFunctionData(load, [slot]), + this.mock.interface.encodeFunctionData(load, [otherSlot]), + ]), + ) + .to.emit(this.mock, event) + .withArgs(slot, value) + .to.emit(this.mock, event) + .withArgs(otherSlot, zero); + + await expect(this.mock[load](slot)).to.emit(this.mock, event).withArgs(slot, zero); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/Strings.test.js b/dependencies/@openzeppelin/test/utils/Strings.test.js new file mode 100644 index 00000000..6353fd88 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/Strings.test.js @@ -0,0 +1,180 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const mock = await ethers.deployContract('$Strings'); + return { mock }; +} + +describe('Strings', function () { + before(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('toString', function () { + const values = [ + 0n, + 7n, + 10n, + 99n, + 100n, + 101n, + 123n, + 4132n, + 12345n, + 1234567n, + 1234567890n, + 123456789012345n, + 12345678901234567890n, + 123456789012345678901234567890n, + 1234567890123456789012345678901234567890n, + 12345678901234567890123456789012345678901234567890n, + 123456789012345678901234567890123456789012345678901234567890n, + 1234567890123456789012345678901234567890123456789012345678901234567890n, + ]; + + describe('uint256', function () { + it('converts MAX_UINT256', async function () { + const value = ethers.MaxUint256; + expect(await this.mock.$toString(value)).to.equal(value.toString(10)); + }); + + for (const value of values) { + it(`converts ${value}`, async function () { + expect(await this.mock.$toString(value)).to.equal(value); + }); + } + }); + + describe('int256', function () { + it('converts MAX_INT256', async function () { + const value = ethers.MaxInt256; + expect(await this.mock.$toStringSigned(value)).to.equal(value.toString(10)); + }); + + it('converts MIN_INT256', async function () { + const value = ethers.MinInt256; + expect(await this.mock.$toStringSigned(value)).to.equal(value.toString(10)); + }); + + for (const value of values) { + it(`convert ${value}`, async function () { + expect(await this.mock.$toStringSigned(value)).to.equal(value); + }); + + it(`convert negative ${value}`, async function () { + const negated = -value; + expect(await this.mock.$toStringSigned(negated)).to.equal(negated.toString(10)); + }); + } + }); + }); + + describe('toHexString', function () { + it('converts 0', async function () { + expect(await this.mock.getFunction('$toHexString(uint256)')(0n)).to.equal('0x00'); + }); + + it('converts a positive number', async function () { + expect(await this.mock.getFunction('$toHexString(uint256)')(0x4132n)).to.equal('0x4132'); + }); + + it('converts MAX_UINT256', async function () { + expect(await this.mock.getFunction('$toHexString(uint256)')(ethers.MaxUint256)).to.equal( + `0x${ethers.MaxUint256.toString(16)}`, + ); + }); + }); + + describe('toHexString fixed', function () { + it('converts a positive number (long)', async function () { + expect(await this.mock.getFunction('$toHexString(uint256,uint256)')(0x4132n, 32n)).to.equal( + '0x0000000000000000000000000000000000000000000000000000000000004132', + ); + }); + + it('converts a positive number (short)', async function () { + const length = 1n; + await expect(this.mock.getFunction('$toHexString(uint256,uint256)')(0x4132n, length)) + .to.be.revertedWithCustomError(this.mock, `StringsInsufficientHexLength`) + .withArgs(0x4132, length); + }); + + it('converts MAX_UINT256', async function () { + expect(await this.mock.getFunction('$toHexString(uint256,uint256)')(ethers.MaxUint256, 32n)).to.equal( + `0x${ethers.MaxUint256.toString(16)}`, + ); + }); + }); + + describe('addresses', function () { + const addresses = [ + '0xa9036907dccae6a1e0033479b12e837e5cf5a02f', // Random address + '0x0000e0ca771e21bd00057f54a68c30d400000000', // Leading and trailing zeros + // EIP-55 reference + '0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed', + '0xfB6916095ca1df60bB79Ce92cE3Ea74c37c5d359', + '0xdbF03B407c01E7cD3CBea99509d93f8DDDC8C6FB', + '0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDb', + '0xfb6916095ca1df60bb79ce92ce3ea74c37c5d359', + '0x52908400098527886E0F7030069857D2E4169EE7', + '0x8617E340B3D01FA5F11F306F4090FD50E238070D', + '0xde709f2102306220921060314715629080e2fb77', + '0x27b1fdb04752bbc536007a920d24acb045561c26', + '0x5aaeb6053f3e94c9b9a09f33669435e7ef1beaed', + '0xfB6916095ca1df60bB79Ce92cE3Ea74c37c5d359', + '0xdbF03B407c01E7cD3CBea99509d93f8DDDC8C6FB', + '0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDb', + ]; + + describe('toHexString', function () { + for (const addr of addresses) { + it(`converts ${addr}`, async function () { + expect(await this.mock.getFunction('$toHexString(address)')(addr)).to.equal(addr.toLowerCase()); + }); + } + }); + + describe('toChecksumHexString', function () { + for (const addr of addresses) { + it(`converts ${addr}`, async function () { + expect(await this.mock.getFunction('$toChecksumHexString(address)')(addr)).to.equal( + ethers.getAddress(addr.toLowerCase()), + ); + }); + } + }); + }); + + describe('equal', function () { + it('compares two empty strings', async function () { + expect(await this.mock.$equal('', '')).to.be.true; + }); + + it('compares two equal strings', async function () { + expect(await this.mock.$equal('a', 'a')).to.be.true; + }); + + it('compares two different strings', async function () { + expect(await this.mock.$equal('a', 'b')).to.be.false; + }); + + it('compares two different strings of different lengths', async function () { + expect(await this.mock.$equal('a', 'aa')).to.be.false; + expect(await this.mock.$equal('aa', 'a')).to.be.false; + }); + + it('compares two different large strings', async function () { + const str1 = 'a'.repeat(201); + const str2 = 'a'.repeat(200) + 'b'; + expect(await this.mock.$equal(str1, str2)).to.be.false; + }); + + it('compares two equal large strings', async function () { + const str1 = 'a'.repeat(201); + const str2 = 'a'.repeat(201); + expect(await this.mock.$equal(str1, str2)).to.be.true; + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/ECDSA.test.js b/dependencies/@openzeppelin/test/utils/cryptography/ECDSA.test.js new file mode 100644 index 00000000..6b24bdbc --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/ECDSA.test.js @@ -0,0 +1,213 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const TEST_MESSAGE = ethers.id('OpenZeppelin'); +const WRONG_MESSAGE = ethers.id('Nope'); +const NON_HASH_MESSAGE = '0xabcd'; + +async function fixture() { + const [signer] = await ethers.getSigners(); + const mock = await ethers.deployContract('$ECDSA'); + return { signer, mock }; +} + +describe('ECDSA', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('recover with invalid signature', function () { + it('with short signature', async function () { + await expect(this.mock.$recover(TEST_MESSAGE, '0x1234')) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureLength') + .withArgs(2); + }); + + it('with long signature', async function () { + await expect( + // eslint-disable-next-line max-len + this.mock.$recover( + TEST_MESSAGE, + '0x01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789', + ), + ) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureLength') + .withArgs(85); + }); + }); + + describe('recover with valid signature', function () { + describe('using .sign', function () { + it('returns signer address with correct signature', async function () { + // Create the signature + const signature = await this.signer.signMessage(TEST_MESSAGE); + + // Recover the signer address from the generated message and signature. + expect(await this.mock.$recover(ethers.hashMessage(TEST_MESSAGE), signature)).to.equal(this.signer); + }); + + it('returns signer address with correct signature for arbitrary length message', async function () { + // Create the signature + const signature = await this.signer.signMessage(NON_HASH_MESSAGE); + + // Recover the signer address from the generated message and signature. + expect(await this.mock.$recover(ethers.hashMessage(NON_HASH_MESSAGE), signature)).to.equal(this.signer); + }); + + it('returns a different address', async function () { + const signature = await this.signer.signMessage(TEST_MESSAGE); + expect(await this.mock.$recover(WRONG_MESSAGE, signature)).to.not.be.equal(this.signer); + }); + + it('reverts with invalid signature', async function () { + // eslint-disable-next-line max-len + const signature = + '0x332ce75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e01c'; + await expect(this.mock.$recover(TEST_MESSAGE, signature)).to.be.revertedWithCustomError( + this.mock, + 'ECDSAInvalidSignature', + ); + }); + }); + + describe('with v=27 signature', function () { + const signer = '0x2cc1166f6212628A0deEf2B33BEFB2187D35b86c'; + // eslint-disable-next-line max-len + const signatureWithoutV = + '0x5d99b6f7f6d1f73d1a26497f2b1c89b24c0993913f86e9a2d02cd69887d9c94f3c880358579d811b21dd1b7fd9bb01c1d81d10e69f0384e675c32b39643be892'; + + it('works with correct v value', async function () { + const v = '0x1b'; // 27 = 1b. + const signature = ethers.concat([signatureWithoutV, v]); + expect(await this.mock.$recover(TEST_MESSAGE, signature)).to.equal(signer); + + const { r, s, yParityAndS: vs } = ethers.Signature.from(signature); + expect(await this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s)).to.equal( + signer, + ); + + expect(await this.mock.getFunction('$recover(bytes32,bytes32,bytes32)')(TEST_MESSAGE, r, vs)).to.equal(signer); + }); + + it('rejects incorrect v value', async function () { + const v = '0x1c'; // 28 = 1c. + const signature = ethers.concat([signatureWithoutV, v]); + expect(await this.mock.$recover(TEST_MESSAGE, signature)).to.not.equal(signer); + + const { r, s, yParityAndS: vs } = ethers.Signature.from(signature); + expect( + await this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s), + ).to.not.equal(signer); + + expect(await this.mock.getFunction('$recover(bytes32,bytes32,bytes32)')(TEST_MESSAGE, r, vs)).to.not.equal( + signer, + ); + }); + + it('reverts wrong v values', async function () { + for (const v of ['0x00', '0x01']) { + const signature = ethers.concat([signatureWithoutV, v]); + await expect(this.mock.$recover(TEST_MESSAGE, signature)).to.be.revertedWithCustomError( + this.mock, + 'ECDSAInvalidSignature', + ); + + const { r, s } = ethers.Signature.from(signature); + await expect( + this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s), + ).to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignature'); + } + }); + + it('rejects short EIP2098 format', async function () { + const v = '0x1b'; // 27 = 1b. + const signature = ethers.concat([signatureWithoutV, v]); + + const { compactSerialized } = ethers.Signature.from(signature); + await expect(this.mock.$recover(TEST_MESSAGE, compactSerialized)) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureLength') + .withArgs(64); + }); + }); + + describe('with v=28 signature', function () { + const signer = '0x1E318623aB09Fe6de3C9b8672098464Aeda9100E'; + // eslint-disable-next-line max-len + const signatureWithoutV = + '0x331fe75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e0'; + + it('works with correct v value', async function () { + const v = '0x1c'; // 28 = 1c. + const signature = ethers.concat([signatureWithoutV, v]); + expect(await this.mock.$recover(TEST_MESSAGE, signature)).to.equal(signer); + + const { r, s, yParityAndS: vs } = ethers.Signature.from(signature); + expect(await this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s)).to.equal( + signer, + ); + + expect(await this.mock.getFunction('$recover(bytes32,bytes32,bytes32)')(TEST_MESSAGE, r, vs)).to.equal(signer); + }); + + it('rejects incorrect v value', async function () { + const v = '0x1b'; // 27 = 1b. + const signature = ethers.concat([signatureWithoutV, v]); + expect(await this.mock.$recover(TEST_MESSAGE, signature)).to.not.equal(signer); + + const { r, s, yParityAndS: vs } = ethers.Signature.from(signature); + expect( + await this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s), + ).to.not.equal(signer); + + expect(await this.mock.getFunction('$recover(bytes32,bytes32,bytes32)')(TEST_MESSAGE, r, vs)).to.not.equal( + signer, + ); + }); + + it('reverts invalid v values', async function () { + for (const v of ['0x00', '0x01']) { + const signature = ethers.concat([signatureWithoutV, v]); + await expect(this.mock.$recover(TEST_MESSAGE, signature)).to.be.revertedWithCustomError( + this.mock, + 'ECDSAInvalidSignature', + ); + + const { r, s } = ethers.Signature.from(signature); + await expect( + this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s), + ).to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignature'); + } + }); + + it('rejects short EIP2098 format', async function () { + const v = '0x1b'; // 28 = 1b. + const signature = ethers.concat([signatureWithoutV, v]); + + const { compactSerialized } = ethers.Signature.from(signature); + await expect(this.mock.$recover(TEST_MESSAGE, compactSerialized)) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureLength') + .withArgs(64); + }); + }); + + it('reverts with high-s value signature', async function () { + const message = '0xb94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9'; + // eslint-disable-next-line max-len + const highSSignature = + '0xe742ff452d41413616a5bf43fe15dd88294e983d3d36206c2712f39083d638bde0a0fc89be718fbc1033e1d30d78be1c68081562ed2e97af876f286f3453231d1b'; + + const r = ethers.dataSlice(highSSignature, 0, 32); + const s = ethers.dataSlice(highSSignature, 32, 64); + const v = ethers.dataSlice(highSSignature, 64, 65); + + await expect(this.mock.$recover(message, highSSignature)) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureS') + .withArgs(s); + await expect(this.mock.getFunction('$recover(bytes32,uint8,bytes32,bytes32)')(TEST_MESSAGE, v, r, s)) + .to.be.revertedWithCustomError(this.mock, 'ECDSAInvalidSignatureS') + .withArgs(s); + expect(() => ethers.Signature.from(highSSignature)).to.throw('non-canonical s'); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/EIP712.test.js b/dependencies/@openzeppelin/test/utils/cryptography/EIP712.test.js new file mode 100644 index 00000000..2b6e7fa9 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/EIP712.test.js @@ -0,0 +1,105 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { getDomain, domainSeparator, hashTypedData } = require('../../helpers/eip712'); +const { formatType } = require('../../helpers/eip712-types'); + +const LENGTHS = { + short: ['A Name', '1'], + long: ['A'.repeat(40), 'B'.repeat(40)], +}; + +const fixture = async () => { + const [from, to] = await ethers.getSigners(); + + const lengths = {}; + for (const [shortOrLong, [name, version]] of Object.entries(LENGTHS)) { + lengths[shortOrLong] = { name, version }; + lengths[shortOrLong].eip712 = await ethers.deployContract('$EIP712Verifier', [name, version]); + lengths[shortOrLong].domain = { + name, + version, + chainId: await ethers.provider.getNetwork().then(({ chainId }) => chainId), + verifyingContract: lengths[shortOrLong].eip712.target, + }; + } + + return { from, to, lengths }; +}; + +describe('EIP712', function () { + for (const [shortOrLong, [name, version]] of Object.entries(LENGTHS)) { + describe(`with ${shortOrLong} name and version`, function () { + beforeEach('deploying', async function () { + Object.assign(this, await loadFixture(fixture)); + Object.assign(this, this.lengths[shortOrLong]); + }); + + describe('domain separator', function () { + it('is internally available', async function () { + const expected = await domainSeparator(this.domain); + + expect(await this.eip712.$_domainSeparatorV4()).to.equal(expected); + }); + + it("can be rebuilt using EIP-5267's eip712Domain", async function () { + const rebuildDomain = await getDomain(this.eip712); + expect(rebuildDomain).to.be.deep.equal(this.domain); + }); + + if (shortOrLong === 'short') { + // Long strings are in storage, and the proxy will not be properly initialized unless + // the upgradeable contract variant is used and the initializer is invoked. + + it('adjusts when behind proxy', async function () { + const factory = await ethers.deployContract('$Clones'); + + const clone = await factory + .$clone(this.eip712) + .then(tx => tx.wait()) + .then(receipt => receipt.logs.find(ev => ev.fragment.name == 'return$clone_address').args.instance) + .then(address => ethers.getContractAt('$EIP712Verifier', address)); + + const expectedDomain = { ...this.domain, verifyingContract: clone.target }; + expect(await getDomain(clone)).to.be.deep.equal(expectedDomain); + + const expectedSeparator = await domainSeparator(expectedDomain); + expect(await clone.$_domainSeparatorV4()).to.equal(expectedSeparator); + }); + } + }); + + it('hash digest', async function () { + const structhash = ethers.hexlify(ethers.randomBytes(32)); + expect(await this.eip712.$_hashTypedDataV4(structhash)).to.equal(hashTypedData(this.domain, structhash)); + }); + + it('digest', async function () { + const types = { + Mail: formatType({ + to: 'address', + contents: 'string', + }), + }; + + const message = { + to: this.to.address, + contents: 'very interesting', + }; + + const signature = await this.from.signTypedData(this.domain, types, message); + + await expect(this.eip712.verify(signature, this.from.address, message.to, message.contents)).to.not.be.reverted; + }); + + it('name', async function () { + expect(await this.eip712.$_EIP712Name()).to.equal(name); + }); + + it('version', async function () { + expect(await this.eip712.$_EIP712Version()).to.equal(version); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/MerkleProof.test.js b/dependencies/@openzeppelin/test/utils/cryptography/MerkleProof.test.js new file mode 100644 index 00000000..93ee964a --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/MerkleProof.test.js @@ -0,0 +1,213 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); +const { SimpleMerkleTree } = require('@openzeppelin/merkle-tree'); + +// generate bytes32 leaves from a string +const toLeaves = (str, separator = '') => str.split(separator).map(e => ethers.keccak256(ethers.toUtf8Bytes(e))); +// internal node hashes +const concatSorted = (...elements) => Buffer.concat(elements.map(ethers.getBytes).sort(Buffer.compare)); +const defaultHash = (a, b) => ethers.keccak256(concatSorted(a, b)); +const customHash = (a, b) => ethers.sha256(concatSorted(a, b)); + +describe('MerkleProof', function () { + for (const { title, contractName, nodeHash } of [ + { title: 'default hash', contractName: '$MerkleProof', nodeHash: defaultHash }, + { title: 'custom hash', contractName: '$MerkleProofCustomHashMock', nodeHash: customHash }, + ]) { + describe(title, function () { + // stateless: no need for a fixture, just use before + before(async function () { + this.mock = await ethers.deployContract(contractName); + this.makeTree = str => SimpleMerkleTree.of(toLeaves(str), { nodeHash }); + }); + + describe('verify', function () { + it('returns true for a valid Merkle proof', async function () { + const merkleTree = this.makeTree('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='); + + const root = merkleTree.root; + const hash = merkleTree.at(0); + const proof = merkleTree.getProof(0); + + expect(await this.mock.$processProof(proof, hash)).to.equal(root); + expect(await this.mock.$processProofCalldata(proof, hash)).to.equal(root); + expect(await this.mock.$verify(proof, root, hash)).to.be.true; + expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.true; + + // For demonstration, it is also possible to create valid proofs for certain 64-byte values *not* in elements: + const noSuchLeaf = nodeHash(hash, proof.at(0)); + + expect(await this.mock.$processProof(proof.slice(1), noSuchLeaf)).to.equal(root); + expect(await this.mock.$processProofCalldata(proof.slice(1), noSuchLeaf)).to.equal(root); + expect(await this.mock.$verify(proof.slice(1), root, noSuchLeaf)).to.be.true; + expect(await this.mock.$verifyCalldata(proof.slice(1), root, noSuchLeaf)).to.be.true; + }); + + it('returns false for an invalid Merkle proof', async function () { + const correctMerkleTree = this.makeTree('abc'); + const otherMerkleTree = this.makeTree('def'); + + const root = correctMerkleTree.root; + const hash = correctMerkleTree.at(0); + const proof = otherMerkleTree.getProof(0); + + expect(await this.mock.$processProof(proof, hash)).to.not.equal(root); + expect(await this.mock.$processProofCalldata(proof, hash)).to.not.equal(root); + expect(await this.mock.$verify(proof, root, hash)).to.be.false; + expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.false; + }); + + it('returns false for a Merkle proof of invalid length', async function () { + const merkleTree = this.makeTree('abc'); + + const root = merkleTree.root; + const hash = merkleTree.at(0); + const proof = merkleTree.getProof(0); + const badProof = proof.slice(0, -1); + + expect(await this.mock.$processProof(badProof, hash)).to.not.equal(root); + expect(await this.mock.$processProofCalldata(badProof, hash)).to.not.equal(root); + expect(await this.mock.$verify(badProof, root, hash)).to.be.false; + expect(await this.mock.$verifyCalldata(badProof, root, hash)).to.be.false; + }); + }); + + describe('multiProofVerify', function () { + it('returns true for a valid Merkle multi proof', async function () { + const merkleTree = this.makeTree('abcdef'); + + const root = merkleTree.root; + const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toLeaves('bdf')); + const hashes = leaves.map(e => merkleTree.leafHash(e)); + + expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.equal(root); + expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.equal(root); + expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true; + expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true; + }); + + it('returns false for an invalid Merkle multi proof', async function () { + const merkleTree = this.makeTree('abcdef'); + const otherMerkleTree = this.makeTree('ghi'); + + const root = merkleTree.root; + const { proof, proofFlags, leaves } = otherMerkleTree.getMultiProof(toLeaves('ghi')); + const hashes = leaves.map(e => merkleTree.leafHash(e)); + + expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.not.equal(root); + expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.not.equal(root); + expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.false; + expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.false; + }); + + it('revert with invalid multi proof #1', async function () { + const merkleTree = this.makeTree('abcd'); + + const root = merkleTree.root; + const hashA = merkleTree.at(0); + const hashB = merkleTree.at(1); + const hashCD = nodeHash(merkleTree.at(2), merkleTree.at(3)); + const hashE = ethers.randomBytes(32); // incorrect (not part of the tree) + const fill = ethers.randomBytes(32); + + await expect( + this.mock.$processMultiProof([hashB, fill, hashCD], [false, false, false], [hashA, hashE]), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$processMultiProofCalldata([hashB, fill, hashCD], [false, false, false], [hashA, hashE]), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + }); + + it('revert with invalid multi proof #2', async function () { + const merkleTree = this.makeTree('abcd'); + + const root = merkleTree.root; + const hashA = merkleTree.at(0); + const hashB = merkleTree.at(1); + const hashCD = nodeHash(merkleTree.at(2), merkleTree.at(3)); + const hashE = ethers.randomBytes(32); // incorrect (not part of the tree) + const fill = ethers.randomBytes(32); + + await expect( + this.mock.$processMultiProof([hashB, fill, hashCD], [false, false, false, false], [hashE, hashA]), + ).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + + await expect( + this.mock.$processMultiProofCalldata([hashB, fill, hashCD], [false, false, false, false], [hashE, hashA]), + ).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + + await expect( + this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false, false], root, [hashE, hashA]), + ).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + + await expect( + this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false, false], root, [ + hashE, + hashA, + ]), + ).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); + + it('limit case: works for tree containing a single leaf', async function () { + const merkleTree = this.makeTree('a'); + + const root = merkleTree.root; + const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toLeaves('a')); + const hashes = leaves.map(e => merkleTree.leafHash(e)); + + expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.equal(root); + expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.equal(root); + expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true; + expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true; + }); + + it('limit case: can prove empty leaves', async function () { + const merkleTree = this.makeTree('abcd'); + + const root = merkleTree.root; + expect(await this.mock.$processMultiProof([root], [], [])).to.equal(root); + expect(await this.mock.$processMultiProofCalldata([root], [], [])).to.equal(root); + expect(await this.mock.$multiProofVerify([root], [], root, [])).to.be.true; + expect(await this.mock.$multiProofVerifyCalldata([root], [], root, [])).to.be.true; + }); + + it('reverts processing manipulated proofs with a zero-value node at depth 1', async function () { + // Create a merkle tree that contains a zero leaf at depth 1 + const leave = ethers.id('real leaf'); + const root = nodeHash(leave, ethers.ZeroHash); + + // Now we can pass any **malicious** fake leaves as valid! + const maliciousLeaves = ['malicious', 'leaves'].map(ethers.id).map(ethers.toBeArray).sort(Buffer.compare); + const maliciousProof = [leave, leave]; + const maliciousProofFlags = [true, true, false]; + + await expect( + this.mock.$processMultiProof(maliciousProof, maliciousProofFlags, maliciousLeaves), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$processMultiProofCalldata(maliciousProof, maliciousProofFlags, maliciousLeaves), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$multiProofVerify(maliciousProof, maliciousProofFlags, root, maliciousLeaves), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + + await expect( + this.mock.$multiProofVerifyCalldata(maliciousProof, maliciousProofFlags, root, maliciousLeaves), + ).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof'); + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/MessageHashUtils.test.js b/dependencies/@openzeppelin/test/utils/cryptography/MessageHashUtils.test.js new file mode 100644 index 00000000..f20f5a3c --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/MessageHashUtils.test.js @@ -0,0 +1,68 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { domainSeparator, hashTypedData } = require('../../helpers/eip712'); + +async function fixture() { + const mock = await ethers.deployContract('$MessageHashUtils'); + return { mock }; +} + +describe('MessageHashUtils', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('toEthSignedMessageHash', function () { + it('prefixes bytes32 data correctly', async function () { + const message = ethers.randomBytes(32); + const expectedHash = ethers.hashMessage(message); + + expect(await this.mock.getFunction('$toEthSignedMessageHash(bytes32)')(message)).to.equal(expectedHash); + }); + + it('prefixes dynamic length data correctly', async function () { + const message = ethers.randomBytes(128); + const expectedHash = ethers.hashMessage(message); + + expect(await this.mock.getFunction('$toEthSignedMessageHash(bytes)')(message)).to.equal(expectedHash); + }); + + it('version match for bytes32', async function () { + const message = ethers.randomBytes(32); + const fixed = await this.mock.getFunction('$toEthSignedMessageHash(bytes32)')(message); + const dynamic = await this.mock.getFunction('$toEthSignedMessageHash(bytes)')(message); + + expect(fixed).to.equal(dynamic); + }); + }); + + describe('toDataWithIntendedValidatorHash', function () { + it('returns the digest correctly', async function () { + const verifier = ethers.Wallet.createRandom().address; + const message = ethers.randomBytes(128); + const expectedHash = ethers.solidityPackedKeccak256( + ['string', 'address', 'bytes'], + ['\x19\x00', verifier, message], + ); + + expect(await this.mock.$toDataWithIntendedValidatorHash(verifier, message)).to.equal(expectedHash); + }); + }); + + describe('toTypedDataHash', function () { + it('returns the digest correctly', async function () { + const domain = { + name: 'Test', + version: '1', + chainId: 1n, + verifyingContract: ethers.Wallet.createRandom().address, + }; + const structhash = ethers.randomBytes(32); + const expectedHash = hashTypedData(domain, structhash); + + expect(await this.mock.$toTypedDataHash(domainSeparator(domain), structhash)).to.equal(expectedHash); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/P256.t.sol b/dependencies/@openzeppelin/test/utils/cryptography/P256.t.sol new file mode 100644 index 00000000..0c9b2c78 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/P256.t.sol @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; + +import {P256} from "@openzeppelin/contracts/utils/cryptography/P256.sol"; +import {Math} from "@openzeppelin/contracts/utils/math/Math.sol"; + +contract P256Test is Test { + /// forge-config: default.fuzz.runs = 512 + function testVerify(bytes32 digest, uint256 seed) public { + uint256 privateKey = _asPrivateKey(seed); + + (uint256 x, uint256 y) = vm.publicKeyP256(privateKey); + (bytes32 r, bytes32 s) = vm.signP256(privateKey, digest); + s = _ensureLowerS(s); + assertTrue(P256.verify(digest, r, s, bytes32(x), bytes32(y))); + assertTrue(P256.verifySolidity(digest, r, s, bytes32(x), bytes32(y))); + } + + /// forge-config: default.fuzz.runs = 512 + function testRecover(bytes32 digest, uint256 seed) public { + uint256 privateKey = _asPrivateKey(seed); + + (uint256 x, uint256 y) = vm.publicKeyP256(privateKey); + (bytes32 r, bytes32 s) = vm.signP256(privateKey, digest); + s = _ensureLowerS(s); + (bytes32 qx0, bytes32 qy0) = P256.recovery(digest, 0, r, s); + (bytes32 qx1, bytes32 qy1) = P256.recovery(digest, 1, r, s); + assertTrue((qx0 == bytes32(x) && qy0 == bytes32(y)) || (qx1 == bytes32(x) && qy1 == bytes32(y))); + } + + function _asPrivateKey(uint256 seed) private pure returns (uint256) { + return bound(seed, 1, P256.N - 1); + } + + function _ensureLowerS(bytes32 s) private pure returns (bytes32) { + uint256 _s = uint256(s); + unchecked { + return _s > P256.N / 2 ? bytes32(P256.N - _s) : s; + } + } +} diff --git a/dependencies/@openzeppelin/test/utils/cryptography/P256.test.js b/dependencies/@openzeppelin/test/utils/cryptography/P256.test.js new file mode 100644 index 00000000..b9655cad --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/P256.test.js @@ -0,0 +1,156 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { secp256r1 } = require('@noble/curves/p256'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const N = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551n; + +// As in ECDSA, signatures are malleable and the tooling produce both high and low S values. +// We need to ensure that the s value is in the lower half of the order of the curve. +const ensureLowerOrderS = ({ s, recovery, ...rest }) => { + if (s > N / 2n) { + s = N - s; + recovery = 1 - recovery; + } + return { s, recovery, ...rest }; +}; + +const prepareSignature = ( + privateKey = secp256r1.utils.randomPrivateKey(), + messageHash = ethers.hexlify(ethers.randomBytes(0x20)), +) => { + const publicKey = [ + secp256r1.getPublicKey(privateKey, false).slice(0x01, 0x21), + secp256r1.getPublicKey(privateKey, false).slice(0x21, 0x41), + ].map(ethers.hexlify); + const { r, s, recovery } = ensureLowerOrderS(secp256r1.sign(messageHash.replace(/0x/, ''), privateKey)); + const signature = [r, s].map(v => ethers.toBeHex(v, 0x20)); + + return { privateKey, publicKey, signature, recovery, messageHash }; +}; + +describe('P256', function () { + async function fixture() { + return { mock: await ethers.deployContract('$P256') }; + } + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('with signature', function () { + beforeEach(async function () { + Object.assign(this, prepareSignature()); + }); + + it('verify valid signature', async function () { + expect(await this.mock.$verify(this.messageHash, ...this.signature, ...this.publicKey)).to.be.true; + expect(await this.mock.$verifySolidity(this.messageHash, ...this.signature, ...this.publicKey)).to.be.true; + await expect(this.mock.$verifyNative(this.messageHash, ...this.signature, ...this.publicKey)) + .to.be.revertedWithCustomError(this.mock, 'MissingPrecompile') + .withArgs('0x0000000000000000000000000000000000000100'); + }); + + it('recover public key', async function () { + expect(await this.mock.$recovery(this.messageHash, this.recovery, ...this.signature)).to.deep.equal( + this.publicKey, + ); + }); + + it('reject signature with flipped public key coordinates ([x,y] >> [y,x])', async function () { + // flip public key + this.publicKey.reverse(); + + expect(await this.mock.$verify(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + expect(await this.mock.$verifySolidity(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + expect(await this.mock.$verifyNative(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; // Flipped public key is not in the curve + }); + + it('reject signature with flipped signature values ([r,s] >> [s,r])', async function () { + // Preselected signature where `r < N/2` and `s < N/2` + this.signature = [ + '0x45350225bad31e89db662fcc4fb2f79f349adbb952b3f652eed1f2aa72fb0356', + '0x513eb68424c42630012309eee4a3b43e0bdc019d179ef0e0c461800845e237ee', + ]; + + // Corresponding hash and public key + this.messageHash = '0x2ad1f900fe63745deeaedfdf396cb6f0f991c4338a9edf114d52f7d1812040a0'; + this.publicKey = [ + '0x9e30de165e521257996425d9bf12a7d366925614bf204eabbb78172b48e52e59', + '0x94bf0fe72f99654d7beae4780a520848e306d46a1275b965c4f4c2b8e9a2c08d', + ]; + + // Make sure it works + expect(await this.mock.$verify(this.messageHash, ...this.signature, ...this.publicKey)).to.be.true; + + // Flip signature + this.signature.reverse(); + + expect(await this.mock.$verify(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + expect(await this.mock.$verifySolidity(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + await expect(this.mock.$verifyNative(this.messageHash, ...this.signature, ...this.publicKey)) + .to.be.revertedWithCustomError(this.mock, 'MissingPrecompile') + .withArgs('0x0000000000000000000000000000000000000100'); + expect(await this.mock.$recovery(this.messageHash, this.recovery, ...this.signature)).to.not.deep.equal( + this.publicKey, + ); + }); + + it('reject signature with invalid message hash', async function () { + // random message hash + this.messageHash = ethers.hexlify(ethers.randomBytes(32)); + + expect(await this.mock.$verify(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + expect(await this.mock.$verifySolidity(this.messageHash, ...this.signature, ...this.publicKey)).to.be.false; + await expect(this.mock.$verifyNative(this.messageHash, ...this.signature, ...this.publicKey)) + .to.be.revertedWithCustomError(this.mock, 'MissingPrecompile') + .withArgs('0x0000000000000000000000000000000000000100'); + expect(await this.mock.$recovery(this.messageHash, this.recovery, ...this.signature)).to.not.deep.equal( + this.publicKey, + ); + }); + + it('fail to recover signature with invalid recovery bit', async function () { + // flip recovery bit + this.recovery = 1 - this.recovery; + + expect(await this.mock.$recovery(this.messageHash, this.recovery, ...this.signature)).to.not.deep.equal( + this.publicKey, + ); + }); + }); + + // test cases for https://github.com/C2SP/wycheproof/blob/4672ff74d68766e7785c2cac4c597effccef2c5c/testvectors/ecdsa_secp256r1_sha256_p1363_test.json + describe('wycheproof tests', function () { + for (const { key, tests } of require('./ecdsa_secp256r1_sha256_p1363_test.json').testGroups) { + // parse public key + let [x, y] = [key.wx, key.wy].map(v => ethers.stripZerosLeft('0x' + v, 32)); + if (x.length > 66 || y.length > 66) continue; + x = ethers.zeroPadValue(x, 32); + y = ethers.zeroPadValue(y, 32); + + // run all tests for this key + for (const { tcId, comment, msg, sig, result } of tests) { + // only keep properly formatted signatures + if (sig.length != 128) continue; + + it(`${tcId}: ${comment}`, async function () { + // split signature, and reduce modulo N + let [r, s] = Array(2) + .fill() + .map((_, i) => ethers.toBigInt('0x' + sig.substring(64 * i, 64 * (i + 1)))); + // move s to lower part of the curve if needed + if (s <= N && s > N / 2n) s = N - s; + // prepare signature + r = ethers.toBeHex(r, 32); + s = ethers.toBeHex(s, 32); + // hash + const messageHash = ethers.sha256('0x' + msg); + + // check verify + expect(await this.mock.$verify(messageHash, r, s, x, y)).to.equal(result == 'valid'); + }); + } + } + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/RSA.helper.js b/dependencies/@openzeppelin/test/utils/cryptography/RSA.helper.js new file mode 100644 index 00000000..48c8ee43 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/RSA.helper.js @@ -0,0 +1,17 @@ +const path = require('path'); +const fs = require('fs'); + +module.exports = function* parse(file) { + const cache = {}; + const data = fs.readFileSync(path.resolve(__dirname, file), 'utf8'); + for (const line of data.split('\r\n')) { + const groups = line.match(/^(?\w+) = (?\w+)(?.*)$/)?.groups; + if (groups) { + const { key, value, extra } = groups; + cache[key] = value; + if (groups.key === 'Result') { + yield Object.assign({ extra: extra.trim() }, cache); + } + } + } +}; diff --git a/dependencies/@openzeppelin/test/utils/cryptography/RSA.test.js b/dependencies/@openzeppelin/test/utils/cryptography/RSA.test.js new file mode 100644 index 00000000..bdf33911 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/RSA.test.js @@ -0,0 +1,102 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { bytes, bytes32 } = ethers.Typed; + +const parse = require('./RSA.helper'); + +async function fixture() { + return { mock: await ethers.deployContract('$RSA') }; +} + +describe('RSA', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + // Load test cases from file SigVer15_186-3.rsp from: + // https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/dss/186-2rsatestvectors.zip + describe('SigVer15_186-3.rsp tests', function () { + for (const test of parse('SigVer15_186-3.rsp')) { + const { length } = Buffer.from(test.S, 'hex'); + + /// For now, RSA only supports digest that are 32bytes long. If we ever extend that, we can use these hashing functions for @noble: + // const { sha1 } = require('@noble/hashes/sha1'); + // const { sha224, sha256 } = require('@noble/hashes/sha256'); + // const { sha384, sha512 } = require('@noble/hashes/sha512'); + + if (test.SHAAlg === 'SHA256' && length >= 0x100) { + const result = test.Result === 'P'; + + it(`signature length ${length} ${test.extra} ${result ? 'works' : 'fails'}`, async function () { + const data = '0x' + test.Msg; + const sig = '0x' + test.S; + const exp = '0x' + test.e; + const mod = '0x' + test.n; + + expect(await this.mock.$pkcs1Sha256(bytes32(ethers.sha256(data)), sig, exp, mod)).to.equal(result); + expect(await this.mock.$pkcs1Sha256(bytes(data), sig, exp, mod)).to.equal(result); + }); + } + } + }); + + describe('others tests', function () { + // > openssl genrsa -out private.pem 2048 + // > openssl rsa -in private.pem -outform der -pubout -out public.pem + // > openssl asn1parse -in public.pem -inform DER -strparse 19 + // > echo -n 'hello world!' | openssl dgst -sha256 -sign private.pem | xxd -p | tr -d \\n + const openssl = { + descr: 'openssl', + data: ethers.toUtf8Bytes('hello world!'), + sig: '0x2ff4349940bf0db9bce422e316ac47e3d24b0a869acb05c9c46f74e17491177698b150f2a5996a6bf7d7c73e05af91ad78632115a7d95b823c462596486e56e8473b75a270ca4760cd83f244d5d3af81d2c7d188879abbc2992b22d51e22ffb725f0828c852ee44f81def383e0f92ebfa3c6d97ca5e52a4254f9a886680e3fb394c2a8a955849313dce2cb416f8a67974effd9a17d229146ce10a98684fb3d46a1e53ddaf831cdd2beed895532533c554ae087b2738a5c4cf0802e8062b2a599fd76d67b92eabffa8a92b24e08fbc866217502a4a3d9f6157e491bede3c1048fa8f2d804f66128e8a883018b0ec33a59e1086bf71ae5dc193d9815ca82892dbc', + exp: '0x010001', + mod: '0xDC1CE5F7B202464CD320B4F9E44FEE0A358BE7022AB155A5BDEE45B1AED3C5A19645D898E294CBA96EAD6929FD8FB4B23E9ADB4D3143A736232C32A8617A77B89F7D8399B9BE37F8349D111067F71D2F20237B9F1A7C1CF44819F9FA5AA030F563DCFB1CC59FFAA86BA2ABEE28D949FED0DF34071B7558950079E28CD9BBA4CAC2F0F86D7BBFB13363C792B5A70C9B279F0B43A264A7CB1A7C7C41FC6EC1D1C1125A6BECE3207AE582F74CE896B9AC18DB00C8985B70145217B831CC313FC06581E186BF70A2EEE2C3C065B5C91A89B2C099B4924CDBF5707D161BD83AC8D9FCA309AC75D63EACF21027C2C9C9F05994331CBDFDD24F9BC6C8B58D8F1824540B', + result: true, + }; + + // According to RFC4055, pg.5 and RFC8017, pg. 64, for SHA-1, and the SHA-2 family, + // the algorithm parameter has to be NULL and both explicit NULL parameter and implicit + // NULL parameter (ie, absent NULL parameter) are considered to be legal and equivalent. + const rfc4055 = { + descr: 'rfc8017 implicit null parameter', + data: ethers.toUtf8Bytes('hello world!'), + sig: '0xa0073057133ff3758e7e111b4d7441f1d8cbe4b2dd5ee4316a14264290dee5ed7f175716639bd9bb43a14e4f9fcb9e84dedd35e2205caac04828b2c053f68176d971ea88534dd2eeec903043c3469fc69c206b2a8694fd262488441ed8852280c3d4994e9d42bd1d575c7024095f1a20665925c2175e089c0d731471f6cc145404edf5559fd2276e45e448086f71c78d0cc6628fad394a34e51e8c10bc39bfe09ed2f5f742cc68bee899d0a41e4c75b7b80afd1c321d89ccd9fe8197c44624d91cc935dfa48de3c201099b5b417be748aef29248527e8bbb173cab76b48478d4177b338fe1f1244e64d7d23f07add560d5ad50b68d6649a49d7bc3db686daaa7', + exp: '0x03', + mod: '0xe932ac92252f585b3a80a4dd76a897c8b7652952fe788f6ec8dd640587a1ee5647670a8ad4c2be0f9fa6e49c605adf77b5174230af7bd50e5d6d6d6d28ccf0a886a514cc72e51d209cc772a52ef419f6a953f3135929588ebe9b351fca61ced78f346fe00dbb6306e5c2a4c6dfc3779af85ab417371cf34d8387b9b30ae46d7a5ff5a655b8d8455f1b94ae736989d60a6f2fd5cadbffbd504c5a756a2e6bb5cecc13bca7503f6df8b52ace5c410997e98809db4dc30d943de4e812a47553dce54844a78e36401d13f77dc650619fed88d8b3926e3d8e319c80c744779ac5d6abe252896950917476ece5e8fc27d5f053d6018d91b502c4787558a002b9283da7', + result: true, + }; + + const shortN = { + descr: 'returns false for a very short n', + data: ethers.toUtf8Bytes('hello world!'), + sig: '0x0102', + exp: '0x03', + mod: '0x0405', + result: false, + }; + + const differentLength = { + descr: 'returns false for a signature with different length to n', + data: ethers.toUtf8Bytes('hello world!'), + sig: '0x00112233', + exp: '0x03', + mod: '0xe932ac92252f585b3a80a4dd76a897c8b7652952fe788f6ec8dd640587a1ee5647670a8ad4c2be0f9fa6e49c605adf77b5174230af7bd50e5d6d6d6d28ccf0a886a514cc72e51d209cc772a52ef419f6a953f3135929588ebe9b351fca61ced78f346fe00dbb6306e5c2a4c6dfc3779af85ab417371cf34d8387b9b30ae46d7a5ff5a655b8d8455f1b94ae736989d60a6f2fd5cadbffbd504c5a756a2e6bb5cecc13bca7503f6df8b52ace5c410997e98809db4dc30d943de4e812a47553dce54844a78e36401d13f77dc650619fed88d8b3926e3d8e319c80c744779ac5d6abe252896950917476ece5e8fc27d5f053d6018d91b502c4787558a002b9283da7', + result: false, + }; + + // this is the openssl example where sig has been replaced by sig + mod + const sTooLarge = { + ...openssl, + descr: 'returns false if s >= n', + sig: ethers.toBeHex(ethers.toBigInt(openssl.sig) + ethers.toBigInt(openssl.mod)), + result: false, + }; + + for (const { descr, data, sig, exp, mod, result } of [openssl, rfc4055, shortN, differentLength, sTooLarge]) { + it(descr, async function () { + expect(await this.mock.$pkcs1Sha256(bytes(data), sig, exp, mod)).to.equal(result); + }); + } + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/SigVer15_186-3.rsp b/dependencies/@openzeppelin/test/utils/cryptography/SigVer15_186-3.rsp new file mode 100644 index 00000000..275be610 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/SigVer15_186-3.rsp @@ -0,0 +1,3850 @@ +# CAVS 11.0 +# "SigVer PKCS#1 Ver 1.5" information +# Mod sizes selected: 1024 1536 2048 3072 4096 +# SHA Algorithm selected:SHA1 SHA224 SHA256 SHA384 SHA512 +# Generated on Wed Mar 02 00:13:02 2011 + +[mod = 1024] + +n = a8d68acd413c5e195d5ef04e1b4faaf242365cb450196755e92e1215ba59802aafbadbf2564dd550956abb54f8b1c917844e5f36195d1088c600e07cada5c080ede679f50b3de32cf4026e514542495c54b1903768791aae9e36f082cd38e941ada89baecada61ab0dd37ad536bcb0a0946271594836e92ab5517301d45176b5 + +p = c107a2fe924b76e206cb9bc4af2ab7008547c00846bf6d0680b3eac3ebcbd0c7fd7a54c2b9899b08f80cde1d3691eaaa2816b1eb11822d6be7beaf4e30977c49 +q = dfea984ce4307eafc0d140c2bb82861e5dbac4f8567cbc981d70440dd639492079031486315e305eb83e591c4a2e96064966f7c894c3ca351925b5ce82d8ef0d + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = a3877b854832d6a6dec749a908e8bd3a73b24372e80321ed01c19ce066117d8efe78ef7168af8acd139e47dd262c0c92ed1701cf6c07e0c1140f82040167f55bb5180c18ad9e66a18dacf0742c1f05173129ed5ac523faeeb2119639cd30ae5a435884b55043d4fb7fa9af0dd92c365386044c2e8bcd196b3787bfede47fff37 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = a5aa479d792448cc3e2ddfbe444017eea54efca7101651f4616f0260c7a48a364fe459abf98352e86b0b3d1478208687dffde1380d4462fce68cd61895401c3791186f17f159b91c02b5c0a30e894e142657b7537e84d2574837256da6940aa14cded7fbcba24b9e12ed2bb7e3f6db69b5a02807b57c9aa10ad9c0e1bde9443a +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 9a2e5b3ce63cb8df79f3cb25cce6964527e38592c58ba8b7b9312da25c62940985e93e62689f34b60cd019d3d472c0b72fcf2666bfcf8c13407e2150a138caaabaa409e6fd1ea55faf9180f7b41ed53d47c4dcdc3c669928d8a1c161f91918593dc3be3892c8df763d1a5ee6bcd5801866683005d89a2fd6ed3bef581833d922 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = d73829497cddbe41b705faac50e7899fdb5a38bf3a459e536357029e64f8796ba47f4fe96ba5a8b9a4396746e2164f55a25368ddd0b9a5188c7ac3da2d1f742286c3bdee697f9d546a25efcfe53191d743fcc6b47833d993d08804daeca78fb9076c3c017f53e33a90305af06220974d46bf19ed3c9b84edbae98b45a8771258 +S = 175015bda50abe0fa7d39a8353885ca01be3a7e7fcc55045744111362ee1914473a48dc537d956294b9e20a1ef661d58537acdc8de908fa050630fcc272e6d001045e6fdeed2d10531c8603334c2e8db39e73e6d9665ee1343f9e4198302d2201b44e8e8d06b3ef49cee6197582163a8490089ca654c0012fce1ba6511089750 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a4397d9ab677aaa13a68a09de9ae0ed4045d479aa0ff3a7242dca477ab7884faf55cd06ddf19667f668b4589955bfd299dc7642c28a68bb2eba6f08c7ad9f5e96170913270c6463256a0537a72b32a04e5662416ecda74696d275a8bcfe999820ffc2ab210833201332f323828be7dac04c1f01f93a3dde1efe7483a51b1560d +S = 417aa0531b1da975066a1311a9bf2fa73f5daf90f0473a8937a27a9c6378c53012e0b4db3dcb5309b85a3e7f9db161848465f2e8102f75d171b4dc5371c3dca0bd70626dff5fad68549477fea84db9ac1b405440e178f5d9f74f3935e78a6aaf774b86d509fb25bd1a93aac9a2cdbce6a897842ea3ae07d3c8b4c43f97e0bf75 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414dd1e335f65b2f5e31562a2c74ea6eab09892febcefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = e4690fb08396a8bf07377778a447dbd14c771024bd2353cbbd8446eda42795971c9eda0f2575be655c68614a7cd2fd252569c664dc291410548ec3a5eb06da2078a66c59441cbc9356e5a452f4c0386d6662a663fd6b61f254997ee6d63b5e3080e98d37e873ea737f17083713f7d5ce98ca79ca27d18199470c3d596caf66ed +S = 56b25cc46a9ef9607f4f0f553265996e22a4552fc6cb2752d0595e887afad29f7f9a390c17dc427c7d9f83f19f6986c60ec6d8f8017c3419cc2a838fe2425c7c80ceebfa1a0a3de507b5601609fe54b871efde685d23e546d69fbd14a30ebc2e67ac99446ae4978f1b3c120103294318b253aa9fcee638907b84ac72b25e18fa +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004148031ffbcbd668626dcc49e40128d8abdab1e8172 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 30db68c610b9086e9c6273da708ff8a89d73dfba6e2564aec908292af3a52b84ddd28bbb7c4a39df02f6e992be0d9aa8edb320a6e5a0a001ad097e7b8d09a87f50d55e1d68f47d2215a892221e7e33ddfe181b58fb12c8703e60cf0248c62af8a99111befd96b45ed4cf441a0623b013b94d3dd0976f6b5db7ae595069f21ea5 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 8ed880d91764fdadb04470e04509c6b800fe2bdb1cdb17071f855b8e38b3075c3b8a6991a34ab869127f47a753d7610c79e86a7a288b653326e31d90f4d043f52b7656b6831f6806119df6309a7846b05cb2630c28f7464a7b96e4e8ce76e9cd45502bd5e928f268763fea50271d29b7527097c51ebc2b2a3a83cf22e6b7e3fa +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 4a1716c989580f11bad633a8566b0f44ea689d8bc27c489bbf1a01d76bfa08ce87cace576ade53a5399addee803666fa1d99fa3739c556ae513baa10415e3db820e45f7518e15c7b1875f18f3835792e7ffaed1e7cf9c592afd660d2dda77e00f8f6cf298978929ca017cfce2675afaceca959810a4a33666be9a9a1b2f6523e +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = d73829497cddbe41b705faac50e7899fdb5a38bf3a459e536357029e64f8796ba47f4fe96ba5a8b9a4396746e2164f55a25368ddd0b9a5188c7ac3da2d1f742286c3bdee697f9d546a25efcfe53191d743fcc6b47833d993d08804daeca78fb9076c3c017f53e33a90305af06220974d46bf19ed3c9b84edbae98b45a8771258 +S = 57677b089e205486df4f56755972e3af88cabbc23efe29439b8d1e60ac226e990da487857392856d12cdcea387a269d1bbbc128549a1135ab062201cab8ac08886a313af8554506d7a93855b843086a1bf3dfbcb004ccde779c084ffa1724b41d17e10c8dd67dc0df26200376550eda14455d9b0b31f1d8c5e8bb1d3d963d0d5 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a4397d9ab677aaa13a68a09de9ae0ed4045d479aa0ff3a7242dca477ab7884faf55cd06ddf19667f668b4589955bfd299dc7642c28a68bb2eba6f08c7ad9f5e96170913270c6463256a0537a72b32a04e5662416ecda74696d275a8bcfe999820ffc2ab210833201332f323828be7dac04c1f01f93a3dde1efe7483a51b1560d +S = 9b2222986b3f97dbdfd7aafd35fba51df5a7b76c88237e7454f2561b542289b424c76ba934e30b00e7726116ddadc359d6ad8b7ed7c16533c5661f2a61c45ec2e590e058663a740c0842e036d59f223d3c87a8127d40024ae205e46e3cd0fa323e01668da8bd723cc17e539a028a5ea69cb1fd9150db571a451ada2d81e05377 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c472fcfddd47f6ba3bb9eb166c248320d9b39fb4b2f70b65a85615244efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = e4690fb08396a8bf07377778a447dbd14c771024bd2353cbbd8446eda42795971c9eda0f2575be655c68614a7cd2fd252569c664dc291410548ec3a5eb06da2078a66c59441cbc9356e5a452f4c0386d6662a663fd6b61f254997ee6d63b5e3080e98d37e873ea737f17083713f7d5ce98ca79ca27d18199470c3d596caf66ed +S = 7016e23d4fc070a479f4a9c173de8f1dc3a54183ab44af9e3cfda7a229bed269712f5697fdd485f03ea21183f563ee0b5a91d3478c5cc94cf6fb56c0102a7098cbe06a8a5ae6a0eef7722ef9514c80e5944c8b1412b1411d56c7b674650eafca7433ac8b9266363a049f3be30885e30fee049e50ddd76816db309ed59f9b469b +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041ca73d80b7f5f188724498120a21df3683351f77de5eb916058f9769d8 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 10ecd0085694f8db6ea62dab2f239d8a93fcf449102f1368c67de329d79692b677500f55994c9722e2633063fc7d8c2c50ae8857d45c08bfaba9448dda0689c2a08605d47a7694beaacbdad1a954458a87fd78b6519393013b20996d636b755323b4b2b2b6d06a46c9221cd200462428ab5bef0f9743e144191f6928562627a7 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 488d328861653ab0a769a11a158ec7b479b62db5b253eda899beae580afb9a7c762030262b8a066f085185475e17870700504d3f78fcc4bcb95a3c1648796a323613a7b706cb64b048c68c06b396aac20b52f22f3fdce40992fb9a5ef68b5725134d83035a6f091d01aa5947175885822b2d4618c3f3fdbfd8819847fe40112b +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 7c547b350710337c783e7406935fb8ac7bcd1cdd4a7bcaeb63422067d1239f9f59fc29b51993a29d6ac8dcc7980871bbba1be8f0b6ce951a9e0cad64b37d7d0c3734e038efcd4e3499c8855f7c52ea3323ba4876ba9d78a98e7e5cf72b4b7444228dd0d81283e59055873450b8bc411d1cb970efda5cf5947a1d1f17e92a4639 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = d73829497cddbe41b705faac50e7899fdb5a38bf3a459e536357029e64f8796ba47f4fe96ba5a8b9a4396746e2164f55a25368ddd0b9a5188c7ac3da2d1f742286c3bdee697f9d546a25efcfe53191d743fcc6b47833d993d08804daeca78fb9076c3c017f53e33a90305af06220974d46bf19ed3c9b84edbae98b45a8771258 +S = 0b20e5093c2a926233108afbdd851b88eeb554f4beaa7b18e51519f7d0ec53b181a3b03e8484ba8de2aa7864a402e2208e84ec9914af9d776ed13c48bdeb6484254de169318a87c40f2265ff16714eae8aee2bc9c3cb4dee045e4f5d9d625210121bfcf2bed8d3ffa602ce27fff4e61cf9bb650e71a6921ae6ffa296cb11bdbb +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a4397d9ab677aaa13a68a09de9ae0ed4045d479aa0ff3a7242dca477ab7884faf55cd06ddf19667f668b4589955bfd299dc7642c28a68bb2eba6f08c7ad9f5e96170913270c6463256a0537a72b32a04e5662416ecda74696d275a8bcfe999820ffc2ab210833201332f323828be7dac04c1f01f93a3dde1efe7483a51b1560d +S = 9313380722659eeccf8be943fbf514e90fb19657dfb410a50bdfc0cfb058a58e56bbae71ea1a30ecee08ca5d31a2d0bcd3f5a967a3794259c03635ee24cf2a15303ddb5962ae9747d72e83f630580600ba64d24bc4014c5d44640b2369b45fb09c2ba20721e0ae27d1a32546afa1bd023aa61079cea65389f55c31cfedb460b3 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420fa98b3853b928263002bcb39b454ea21f3f62bcaf6bc2b616490b7a7160120d7efefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = e4690fb08396a8bf07377778a447dbd14c771024bd2353cbbd8446eda42795971c9eda0f2575be655c68614a7cd2fd252569c664dc291410548ec3a5eb06da2078a66c59441cbc9356e5a452f4c0386d6662a663fd6b61f254997ee6d63b5e3080e98d37e873ea737f17083713f7d5ce98ca79ca27d18199470c3d596caf66ed +S = 477a7d6ff281bee7d56ac9cdc7f041b7497483f07a3cea5667ff178233219f75da7b88d9fc854a22ef541af3a5be8fb30b4e50bcb6d130e11f6c18eadec5d10f9895d654c0947aad152ba395c1039d7a8ff41b829179984a513f1abeb5a748bf248af1ea0152093d9fafb5d18e4cf91bd3b57ddd18b6984d976e6bef58cb30ec +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d06096086480165030402010500042034c9d0b0b487446c903244e640affe835096c7ada2e4295090bd9386884df006 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 5ad712eea6e12cf093b8aaa41bd972bd92ea43442dfae0671b27b80d821fdf8a83b032b870e2aa618430ab207ccb1c86bc5e74ea44a0f1ba2cfa2fca003e8547eedc4fd748e7718a9dc39c032b9bb997b4c01f49e441ddcb134d9b2c28a3dcbf126de439f07cb58aece617573797d939957083e51fe5eec00deaae17c41f59ed +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 1f00ccb2e22d0355b20b79b3d3c2416c03d281673fa3314aeec0cb41373e9a8ad5441e93545b6ceb9d3b8d660709cc2b8cff61924768fcf5b0d0ac771a395c02797123f503866d2aee5bb03c651091388486f63793bd714485ead5e03b92c9d80668c2088866b14361d2eb5eb838f903994d84471d5a352366eff2c5cbdf1ab6 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 52edcc1c2bd6eecfda613f0ed8cc8ed5d0f0b881b5a05eca36d9fbb3d04a9f36f0fa916008d13ae8b17b8f6d97ac4450d892b2731f14a477032cd353b8c054d53a3b2932124fd8d1bac88b44e4fd6f37b8ec3575b290fad24a262011b45f7e9b96b09324901f1d153921e13f7246ffdce405018c20975dcd28a7fe55689bdd9f +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = d73829497cddbe41b705faac50e7899fdb5a38bf3a459e536357029e64f8796ba47f4fe96ba5a8b9a4396746e2164f55a25368ddd0b9a5188c7ac3da2d1f742286c3bdee697f9d546a25efcfe53191d743fcc6b47833d993d08804daeca78fb9076c3c017f53e33a90305af06220974d46bf19ed3c9b84edbae98b45a8771258 +S = 7e3ccb6ab03b419a3e54f81337a3c3f72e8c65bbd19ddd50246a36f51f58741ec245d2d0f07677a4f88aa3b1caeecdffe5fd6edcf8b8bcfb569637ad02eb154d17b87a8f00d0e618a7f4a70ce407f20359153e5f4a4d9744f3f3ff44120c08a460500f030fd3398e97fcaef9d0a7e2acef19a81f706805be5fc003d78e5b29c0 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a4397d9ab677aaa13a68a09de9ae0ed4045d479aa0ff3a7242dca477ab7884faf55cd06ddf19667f668b4589955bfd299dc7642c28a68bb2eba6f08c7ad9f5e96170913270c6463256a0537a72b32a04e5662416ecda74696d275a8bcfe999820ffc2ab210833201332f323828be7dac04c1f01f93a3dde1efe7483a51b1560d +S = 1077cf5852f21c7986f30bc2bb382138e93c0670315a83799047e122b7804cb8cdc892f23c8297b8315c16c351f0c6138cecb630a51b8a0980eeb59d575b3d86c52ae9270c6f444143d22ad6a1eea05a886281c9d7c93f0d3ab2528bb72e99b2afbf74f04038c3e17743e286a409304e4c19d441a68142b0d7b3c0a6da5532bd +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d0609608648016503040202050004301cdb4de69f4d84845bef51cd666020a895fbea98f2f61c9554ebdcffa525877093cbc9a4b1b8efeb77980d73ca54de17efef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = e4690fb08396a8bf07377778a447dbd14c771024bd2353cbbd8446eda42795971c9eda0f2575be655c68614a7cd2fd252569c664dc291410548ec3a5eb06da2078a66c59441cbc9356e5a452f4c0386d6662a663fd6b61f254997ee6d63b5e3080e98d37e873ea737f17083713f7d5ce98ca79ca27d18199470c3d596caf66ed +S = 63c488bdf2f7de4cd048c535b481a4cc2898e3810eda0038b2283bfe9b3f2beba2a74268639ecfc05170d1af534ced5d3b4941d1aad317875e05d6a19f734625721ed1f262faf995feb1acb44ba76beaec957aa8023429865717d0abfc553cb67474034344ceb8c5d4bddff7fa230ac620e5e665006dffb1c4cc7995c73841f9 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430cf563bb8f42149df04c9bf20652986e8888907d2ff11f086bb1b6152abd4e945ad82dda241cfbf511a88b36a5a450dcc +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 48db9934d51e8c2e234d70ff665bf2de4fef620e23f27550254a0b4b18338e299c024c4ffc5a502945e9f2e091a86ff6e7f44059f1ca58b4a18bc15931ae1176a9775247039e57d4e322f3d77fed6c6e9bec26b066fe565384c42d2ac79dd8312c8e09d3a2bf85fba0648a02f0e958d4711396e42362c5558eb7227b12aa94d7 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 125b4dddf5e18c8de2f7b72faa76f1d03dd88aac3c76ebc037b4b1aa1435eda6bef2c948e2ba51e763b8572f4ecef228ca38c10299add6f3f67c171a8fd56e33a1c287c49f844e4e98b20f0fe727b58515e5e7d3846c029afe08d25a9edf0dda6677b1cb2ca6be67763171f114932c43f53af126d0aab6dcb52d5b320b385c6d +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 70a4fc2afc2524ec159aaaac0cf5242e276057c3ebaee9c3c430aa862ac5758aa3a55f6f6ebbb25bc5229e51c976949314244efb35d89d4516845e41f9cb9c4db78d381eb35f257d3b9981eac9e27cd9d18a56a6dceceebb77523255684ad6ff58622889e08a616acafca687e2742074d0f7431ff5ca4324c4d25b44af9fd2aa +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = d73829497cddbe41b705faac50e7899fdb5a38bf3a459e536357029e64f8796ba47f4fe96ba5a8b9a4396746e2164f55a25368ddd0b9a5188c7ac3da2d1f742286c3bdee697f9d546a25efcfe53191d743fcc6b47833d993d08804daeca78fb9076c3c017f53e33a90305af06220974d46bf19ed3c9b84edbae98b45a8771258 +S = 8b57a6f91606ba4813b83536581eb15d72875dcbb0a514b4c03b6df8f202fa8556e4002122bedaf26eaa107ece4860752379ec8baa64f40098be92a4214b69e98b24ae1cc4d2f457cff4f405a82ef94c5f8dfaadd3078d7a9224887db86c3218bf53c9779ed09895b2cfb84f1fad2e5b1f8e4b209c5785b9ce332cd41356c171 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = a4397d9ab677aaa13a68a09de9ae0ed4045d479aa0ff3a7242dca477ab7884faf55cd06ddf19667f668b4589955bfd299dc7642c28a68bb2eba6f08c7ad9f5e96170913270c6463256a0537a72b32a04e5662416ecda74696d275a8bcfe999820ffc2ab210833201332f323828be7dac04c1f01f93a3dde1efe7483a51b1560d +S = 8e0fecaaf7911ccadb8ca5b6ae3bb89580cbda49d3181d5aab4f03431c62aedb4affc58b87c4b3c4ee09f7908f34f52e2901891382b57cd78d3a824fe446eef4ef46b2afb0d34e6cd9a263c21db8c9c2cdcd5e60eaac571d67410c7136180ddd6195ff2a0691746e457da69bd1667a56b1980a22d5f0b3595af0e8c3bf97c2d6 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d0609608648016503040203050004406bb51b0f43cc58788c9d60f71e06fc473949ae313b3354033526cdfac71690c584f916b1a8eeb47f17f339b6cccc3fb3a53786d418295c1e454db8cb17cb7de6efefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1c23c1cce034ba598f8fd2b7af37f1d30b090f7362aee68e5187adae49b9955c729f24a863b7a38d6e3c748e2972f6d940b7ba89043a2d6c2100256a1cf0f56a8cd35fc6ee205244876642f6f9c3820a3d9d2c8921df7d82aaadcaf2d7334d398931ddbba553190b3a416099f3aa07fd5b26214645a828419e122cfb857ad73b +Msg = e4690fb08396a8bf07377778a447dbd14c771024bd2353cbbd8446eda42795971c9eda0f2575be655c68614a7cd2fd252569c664dc291410548ec3a5eb06da2078a66c59441cbc9356e5a452f4c0386d6662a663fd6b61f254997ee6d63b5e3080e98d37e873ea737f17083713f7d5ce98ca79ca27d18199470c3d596caf66ed +S = 9572ebe453e2f17dd72921b38a27c28c68f4605aedf6b4a7d54079e3ceb2811ccaa6dbc0d71d47d93cd1f18cfb028744fe3d8971b0e9712f29ccab4152e2635dff3b9a1e9cb8f462b138b00c4c0a1163739286b50ac232da5075a9ba3c02a3f604d4629a7df516b39c8d01cb5019f9630436c70415c6b16d79bb29f3a46b72d6 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440605b7b97abce7dee5f9b9ebf2ebe35d7e474e62b3a6e86b108cbfe3c3a8300bd11deb0210048f502b7af1c9dcb1805f1d61e8df038359729a4bb33774b9d13aa +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +n = a8d68acd413c5e195d5ef04e1b4faaf242365cb450196755e92e1215ba59802aafbadbf2564dd550956abb54f8b1c917844e5f36195d1088c600e07cada5c080ede679f50b3de32cf4026e514542495c54b1903768791aae9e36f082cd38e941ada89baecada61ab0dd37ad536bcb0a0946271594836e92ab5517301d45176b5 + +p = c107a2fe924b76e206cb9bc4af2ab7008547c00846bf6d0680b3eac3ebcbd0c7fd7a54c2b9899b08f80cde1d3691eaaa2816b1eb11822d6be7beaf4e30977c49 + +q = dfea984ce4307eafc0d140c2bb82861e5dbac4f8567cbc981d70440dd639492079031486315e305eb83e591c4a2e96064966f7c894c3ca351925b5ce82d8ef0d + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 3c9db203bbb31c7a3498b3b35ec2ea818614f3a17cad8308f834c6945305e3b94f9886c00098640cb56cefbf06a9ebb7a8c28af610c49896dae53303fb716bc3d2ebf95205944f845658732e8a7ee032472942292f82ba24a66094c7c3b417f5e678a19c04e3b54ba5f0f03610c56d31b9726ee0e39cb1708d89fa61ba9a039b +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 6592c64db5ce133e1c7d499bf7ea4d0203897186b4319fc5e29522d97b9af212fd5a10a8c15246a46d0382cc61c9bfe2b211871d7dfa4eff9a6fa15426309844fa72b1de7aba231c66076185014b9f9e9fadbc2a739ee95c48da75fbfc7d05c22e7896db47407e8d78f0d28519c7fcb6c868b05016bcf73075477a92e97625bc +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 6c80cc0f17783b39712a994f16a461830c26ba3f3afd1a277cda564c8a8b41c4ab444bb6f79df1d109f781de3e6e81d2a0aa2b6ff566e065b3125a6bebd36039aaab46e38a3fb36f66e665372f0cbe15a696d00cd79922bce7e6771ac59fa0c4576f28eeffca9177bdfb0804d2f883b929f58d4ea948df8bb3c283fa337d5665 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 4ff6c9e7f9f03abd3e114a788fd51318feda52b6509c1b685483cb6574213f6a8ab4435cf5f34d2eeb076c0510d77b9a48889ae0ca44dfe8773b480169e8f423ce96938ef7221caeac02be42c38618bdf15eacecdf5d91da807d69f1a3229361c4a3a2c628060d05290b2776ce6d52499e647022b66e9b071a4f167c495683ec +S = 6466b9759635fbb2a3e8cb7d2a6192ea7da6033b76dd578b76ca468fcb9215f8138966f9aaa3e82246d15bb271a269eda087e63812406407ca12cb085ae82ceebcf28eb44f6608549fbf6383882c864688665a1b5a2d748496b36f8b935f676339fc61e9bc0c3a5a58141226f300cf29c4371047d530a4776809f572b88ecdfe +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 85624c37ee13b3d8cb80a5961a39c5953caf10f1b4e9c00a2c78701fb8ac821f5f08bebbd8f43bc091b283a4f693f25eef6b5f7baa42ff6f9c4c8529c21c8eea2d143d56bd2022cc2da461f34fb210959981e0b1e11a00cb65553e870e047076f66e123027ff30a3a63d87aab0fee7e243d8dbb9e0da8cc79079e36225cdee6c +S = 705a07d366f2326ced17374d5f599d483ccf184d5fbbc288face464b64c058e6583b8ba664f979f3a6c1b0755b1e2cfe8154c39176d432f59af5714bcf9b0af8da122af77f0393385613393d43db7902eb1b81fc9dc6604692e0f85d30ec59fdc521cd35e5aeef006a6b919bdf47bc9a468daf3e86b3e4956ff736bbc25c9ed1 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004143dee53379c3e2d8c26a41c9f63be60b1993097d7efefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 263da806fe0a7a242843f295893fd891cd13c0ecc1648c90fc79322bc594bf2531839cd58c7210f4fa0307525ea112c77b11ae6d5a49c90ceb8682d6ee9931551481a7a1623fb7d6d7e6f5c54ef2bdeaa6da779f1fe91a8e0749ef6c976198e5186150d2491a74b20514435821dae2e19499a2e9dae986ff9aeb00558694fcbc +S = 727d32d7faa37ab2dac96e9f822be4dfe60459ab7aa18a26cecf6c84bfa7fac7261c86f89ca84356ee20fa9e8a8a9a2b5f5e624cc4269aa8583fb148777091ecab8929e3f8a628c8f6e1b3a48ff1f60ce1b40f279439bf8eadc6c1b977b51e8ec3c65cb8db9fdb956b514d28381260b9f6b02b2d065ef57770952d968bed65b8 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414eaf16b6fc483cd5d255ffe76f761420c4df301e6 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 64c3e9ef2af3501ed929ec204d43848d42f3393e437b4267c70d87fc5296ebd752739088529c16e2f6f0aa87e1bc6843779dac3af54f90d3334d4b65b6b0adaf91b6fa8a75826a30f50177f887e705fb64a9258f131dc958bff8134bd68206b9d3a6fa70b2c7de5308269a6c33716916c37810aa69ce3e81db88674a07fe55e1 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 6c9e4455899b0ede371ddb6fe074217d330fe0e27537b0f06ea2e24c75ed6017594ead552296da15f11e6e6923639d95fb73e98d5160e80754ec12f4a06660c6e27eb4de4fbcfbeb37176ef5281a190249e34276a2d736e622c8151f3d5b838e450383edc986cee6b00a1d4cd5a7de8fc8629b6557a3becad84cff5c6c51f2a8 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 9edf5246ae1d8fe800bc2ed422e6441cedde94c85a870277972a4b4a5a74f4fd76be8057ac92e6c5c36a4242dabacb79fe31052ef83c38da68cd2095185ae6398a284fc5d3c934fface4325ec734a2265fd3cbd513b957bef47f04f4dd699c6903a42757cccc5fdfe5b264f18f5bb16b394c4f855404486c63cb5f2d51aafed5 +S = 9b689f488edb16d4aa3192af3760977401dd066d319d4c5dacff4dbe8aab9aa5790f39bc2378d0c8f52f286fc1cabb743bf6aabffacf5ffe4186054d0b121a2e6559806886759398e7d30781380aead8af992485e2bd582208dcf69ae8e7124b1571cdfb7db87cd565f293cb8d26a8d005508a3332d4ec27d44a1423402e6d8c +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 4ff6c9e7f9f03abd3e114a788fd51318feda52b6509c1b685483cb6574213f6a8ab4435cf5f34d2eeb076c0510d77b9a48889ae0ca44dfe8773b480169e8f423ce96938ef7221caeac02be42c38618bdf15eacecdf5d91da807d69f1a3229361c4a3a2c628060d05290b2776ce6d52499e647022b66e9b071a4f167c495683ec +S = 86ff99daaee2a3c866a71f7f6fb391b9b31a3cbcf525321087a6b253e42a7b5fa386ba3907751933cd153431507b78486d5d43dd35779962fbc9babc487afc696b0140ade1456fc5b23ce5c7c97019247e827cc7032c7e101b68eb4bfb003ba107f042b92ff697789fe43018d28794c7aa8a70a5386e891e3456a5e52990853b +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 85624c37ee13b3d8cb80a5961a39c5953caf10f1b4e9c00a2c78701fb8ac821f5f08bebbd8f43bc091b283a4f693f25eef6b5f7baa42ff6f9c4c8529c21c8eea2d143d56bd2022cc2da461f34fb210959981e0b1e11a00cb65553e870e047076f66e123027ff30a3a63d87aab0fee7e243d8dbb9e0da8cc79079e36225cdee6c +S = 1f4e56f13d4167951a716dc8340c006715a4b9340a1bbcfcbb7befd70e15723d81ee5152c42967ac479b3a4ceaf1527b9379daeb245c423a21bf35826dc0f6b90a4caa579d962023e12e2eda516484ddc9483b91c7853d03a1854536d1e6fdfb9217223d2d9132a56d411183fc30de2463c4d5bea4429e7599dc9c4dd2b96b89 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041cc53cbccde35eed66e504f5ae6ecf78ba8f83abd4b67822b40e121f99efefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 263da806fe0a7a242843f295893fd891cd13c0ecc1648c90fc79322bc594bf2531839cd58c7210f4fa0307525ea112c77b11ae6d5a49c90ceb8682d6ee9931551481a7a1623fb7d6d7e6f5c54ef2bdeaa6da779f1fe91a8e0749ef6c976198e5186150d2491a74b20514435821dae2e19499a2e9dae986ff9aeb00558694fcbc +S = 002e26f1d72dcaaf2935f4177601e7b55da3ba0769372a2326d4e621449deecf84c2b3b2998da662907d167a6e7dd0b63116acd7c98d3e086da986ce126568aa31ffa136efaab815ccb9e8059a1e2bf1393dfe8567b73c8191d5acb8560a69514495a33362e05b94c3e260e181603a5d5d9a589c21c5b18effbbf016cd493276 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041cd8eee327931d42ecd0654f1da8d551ebc5ca117b9a9bee9d28049ac5 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = ff23e00f819bae424e41d6b762ea6b88801e651c831c964af31de0c1d6dda4a7c8587d804ed12f526819da06650e7412fb627555979ed442f2663341e5fe57527e0ddaf453a124451674976a6a6e0a31f56a79f5b73dfac39af4f3ba4a5e8bb846cb5e333812756482d975ab1910162f96bfd7c58a02f113125189f5ac05291f +S = 8b5a3675f397841c53a9021dad71a1efab91451c71ad7060ce85d75b306d6403ba23d3370b0695be87485cf6680204c68424bc7e442ef90ac01c4df420ef574294823250a000d56a5d00947800dcb2f4947f5b4eb18fa1dbdc6ab16be4b7131102d4dff98ddeac38554473964d29cdc521ee690cde5a8cd16889aa090c32c53e +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = a6ce108ff3100b953781496c3d081fe32b8cedaf6d14aab2ef2dc37d8f8d2613d2f599efd55c51498749c0961681ae4ea7e28bf14a8f044c2d4dd4f9102ddd25f86c7795289708eb4df2d526f91b176952eb52fd0c9de2989432d6e08e13022b82f95089d20a5704f0452f26cd1f83bc956ee7da99876c1f8da3723af388bead +S = 750e59f29d2dfeedab2a3a09034904715957149126c63e6a2dc7a633a32c4c0561d54eeb1479cb65274bac37cac4751f4dffdfb7530171599b61d94862845f6cd12a5e0bd6adabc36f06d216a00b1942349710540555106aeb87f5cf3f78df918f36cf63291ef2a7064e31b84075d1c8b551225a25f59c721a3d77046078557f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 9be28a4763c6665880c1c2a8a74494622be46de3c20e5b118cf70fee51d33b6d0b473e84a4200382004526a33eea59e13b07070e580937207ec7b2cc5fb76856fe6210a771150fa0e5da9baee4a6209ed3d4e2b3bfd2e5f6591b0ace3e657ad07c1b47d8520d5159386767f11fdfaf41fa3348fb7dd32d3c25da5d1d78433985 +S = 0ac6e41252383ee5d07f4fb08a22204f56440a8f3c8568d6e6bae46cfc9d39b65b2eae827164d716e9e465301d08fca7356ef447e0699feabbfac16ed19dc9233b457fe64d6fab38aca4464e5cd3eae3f43bab17856cdcc942e2cc848b7bf390fc53b3ed2e6f63c5d961bc83475ac200708f6e1d5be30cbe24fe4d3dad754269 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = f56379c42e3ba856585ca28f7fb768f65d273a5fc546156142857b0afb7c72d2d97ecfceec71b4260bdc58c9bb42065f53af69805d9006233ec70a591aff463bf23d78200fb8cc14a4eba286afe8924120efad9e3d3f06f7452c725e53728b8f86c9fb245fbaf7086ab0092e215213830d1091212efc1ec59ddc3a83707d4ab8 +S = 5f49d8dc4519d9520d6542eca08cafb2d99cdb97c5a8685df2476b40505a2f9e8d63d76516b83481e2d961a7e8dc5f9f46887e394776711b0f85e4303065c06d362456bc219fc6eb343ede6733f779f75853533bc9ab876188da8ad98f9ea2f335d2ceec34ef9cb2782bb0f79cad309608ddc222e00ebcff9d14f6e6ed39638b +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 399b54f756514628f32ce8f1cf391d77047af55f3d43804923e5e09a188aa27f28604f2f3cfa3d7091f3ab5c69d40d650137a597c22d531dbbdeae074f6f534a2b297e087cd7d7125e6f8eac97f5a990859d9d3555301c5076b02f9c4d3f84d62b3d090c7cb1ba1841eab668c066990079f206c15d1383eb3ba58ae17bc2dc2c +S = a62e4b688bb3c4c2e11a3a0b1ef81ff4bbaa110c9b830d02bda2d364dadb2345a8c5dca58c611515f0c09732ee6a6642d5c5c339460a9d15022f48c36e9bc2fb8b2b0ff99005273287b8c3bed87993baf52f0e9d079281bc25a8694ed9692446127c26c34f21e610a84f3617247ecfb3b5337fe59d1239dfb7fdac8694dbef0b +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420be1f73a059cec568dcdfddf1daff4201e79273653f88ef8f16be7e9ee660335aefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = b8518b80a55b365eb1850e18f88da2941c99543c2f865df3d37d114d9fc764ffc5e2ae94f2d4ab6276bfc6bda5b6976a7dcfaa56897982880410dd5542af3ad34c469990cbec828327764842ef488f767c6b0c8cd1e08caec63438f2665517d195a4d4daf64bc2a70bd11d119eec93a060960245d162844c5f11a98cd26003e1 +S = 06317d3df0fa7ae350729ae2096b050dcec8909d36681ccca09a7a527b90767f8c2318c49e09483b48df77ddb632d6ca721155165389f7795d3ede70465678649399242aed6d984ca74fc6c2eb4dd4bb2cd7bf2125ec853f2bf757d665b29487bc5b63df0d0b03b18608d3d9a7576ea0954aef3d3303f7d8fd7e7f9725c114e2 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420a51c139e5ff91509eb0bd542bebfb9a4baa9399a5535d9168942298ce69c4f5b +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 678507d9ebb2c5254ff371d3e41b435deb1118bf0b0121c1bb8a46575df101d12d771471b956f8c229b8021a9f08faa61e0577c6a715108874bf655576954a85fb63817b58298fe3d3643a748dcc635210d2b202e3b2e663c4a212ecbc7fdf5e34e8d499a20034d98732c09be015ea728d1cc831c61965f3e32a8aae958d43d7 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 8d26faa1cc87606514e47b7ab3d82768868a61d237cf18e75f935e20fc5925e2c667b05cbd09da878fd623430f71ecd1f632fff4d1d049ae704004c89012008e8856f61a03001b423f4f06eadb4a72eb946a7a4dc4469e995609801498bb7471a533ee0f422adc5d41b744301efd836e5cfcc496cfc6ee646ae2218e924f76f9 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = be9b41883cfadec3960d866fe8514f9821c6c7e65af6e5c167343fb8ac227e2432760f08fbfd1c3c92e0bbcbe5266599577aa949122e215d9a81a69fa81dc0c035e46040d5ecd28d46c8ed6f490a8da3b00543c7b9d84a769aa8bdb35d2c088bee6f9df673d1e8ffdb4f8424ba05af0054f1fb27f7fa47528f31eebc74563ecb +S = 735c47985ee75db358eb0d05624be43778a37d40ad1df88cfc5b4669906e290704265fb3a133df781dfdfaa082d21d0c431b54c0c6c239fb0c0b47e675c0def6d94a726ff8267c449f1300b21a7c7f171c76e869851f9be39546e274f60924ddeedd4f69b70d97293a10ebbb3df8f9c1fec31f7d3562150a357150fbc8ae5237 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = f8a2f38109c9b6d868c5b3481cd3478c8e0845fc3e36479cb50f4158bb8d5c8ec99101cdc1ca33ddddd823ffe5b1fe75a6440a459f5df13bfdc95d2dcabac482616d86f52509359772cb3313d46083367792d9afdf27f313d9062c24b29c4f52a67ea9829b50620f10e50d0e50a77dd7eb3adac1665cf52c3210d9c5dbfba305 +S = 9ebce94bb79d82fcd236874df4c2c3d1b56481ba15fc17a345f6d45297b6adb9e07c1b582e22ce0b1830763758827a77ca675c708163cbe7a5db72d2a95939b3cef60c632a19849e6d95bf6a867604eea7f69b506bcee7d04678d4252c715edf0a928ef4c1181177bff20c3a95215782cd6b70564cf1ec2ea25e6318ef1f96b5 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430940085d291d91da907231dd6d6e10d71011dc3e0944671e632bb0d87c0b8fa1bc2f1019caa64a8f6844a8db073b0743b +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 7e3c652fb2786a379614fc8f9f01555cf029cf61cf0af6c455a4e2156996c48cef84be923cbbf883cd18f0b3392611af658688c5f79453c60d479a0a2e5943b581a8c1393cdd2c1c604b97fca41a9ed0aea43e70891fea58547ddaa83790a7709c72152b9b242f89b5759a72c6252347354b9a6b6ef4e302920d4af86c831745 +S = 995e2522f280d28f9719663178429d6ffb26cfcfbcc15812e83821db1a5e2a31a8160574e4fe4f1f09ce67690c67fe89c11015ffbf5dd5ec669561f0a2b13c416992de570a532b805b00b8003f6c70d56925ff2bb5555daf3edef1da6bcb1c94d29bbb243119da64ef352d36ddd6ac472a99a1a22da809aa235b51afc8379619 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430cfd23d0f765da0ba39f284a77f62552300460944a69e6fddf7aaa731f62c6d822f5eb581075a23fd540aa7a920f7c3bbefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 2bd0f6349c6f8198a10ce8e761feb6d4d72bc71addcefc628a773367be537758fbad737e77b52d1e6f80f1a1bd518af2ad17b9280d36df65838afdfd24a9dedb4169932184a3200f3c367526f64ea08d4de640b3038b3d365063b604796f3bc0a50d3d67edc1c233b2345dbf337d5e6d5ea04605e7547e9e980a48c2e82af5cd +S = 38103ad73f8bb3a9c3e01e95b8cc45e982a64f17a318026e185d523dec851ef9fbd1b9c2694a4688925580bb50709ea624417a685b39b36e988d9b7b41282cb969379c3e739c0a98151db9181dfa58c5e6ffbaaa6971dd5171d9ebcf18ce346364f7601856aa68584ee3303e8a69d0dad778e4a4ba3ed4f8a009d561652d134e +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 22754363656ce107c1beea8999cb4a95d267d6c6d3a06b42c939f51254f822cf49bd6d51e27af51afa0d260fb4bf6fcb8b4926270851d64f2fae6f4c6562c532e3fd72db5188c51eb57b01a871004b38d6a1bb4856fdd93573735a480b4c3e444262d198d54de6db409db7432dd45beabc34991cb6868e1e1dc62f8ef509f36e +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 92cd8a854b4b9842c12c7f9ec2dcfad57d1f403ce8276d355f436c1d9aaa720867dc5a96b91debceedf55eea2a33d99e586a0a59d68e9289ce6f001be3d9ae9887d9f169ecd77600ef60b97851bc8ad6c5566c830a25690a13a92bd082fdc0b356a6443fcae3d29c5e9818b06c69748149a3f34793a6c7b04da345caa01d6f20 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = be9b41883cfadec3960d866fe8514f9821c6c7e65af6e5c167343fb8ac227e2432760f08fbfd1c3c92e0bbcbe5266599577aa949122e215d9a81a69fa81dc0c035e46040d5ecd28d46c8ed6f490a8da3b00543c7b9d84a769aa8bdb35d2c088bee6f9df673d1e8ffdb4f8424ba05af0054f1fb27f7fa47528f31eebc74563ecb +S = 5d8ce84e9473178a2ab5373d3154e7d649b40a144040d4a612e9ae43666d681458b5d985f5bb1bd5709455f5421dcff12307e074714b6592f0095c0a67f66f950ac8e2cc7b8ffa5d8f89d407292ac659a4e479ee2cba19d6f31673edbecb3535b85b11edfcea4df17799418fdfda145711f5f9c0540f811ac92e05bea4460c87 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = f8a2f38109c9b6d868c5b3481cd3478c8e0845fc3e36479cb50f4158bb8d5c8ec99101cdc1ca33ddddd823ffe5b1fe75a6440a459f5df13bfdc95d2dcabac482616d86f52509359772cb3313d46083367792d9afdf27f313d9062c24b29c4f52a67ea9829b50620f10e50d0e50a77dd7eb3adac1665cf52c3210d9c5dbfba305 +S = 3c42cf56c04c1ddd18a5ec523df036428d09bb44a7b12be5bf6fdb3866a122a5cd0edb2cc81930c126a9244afcf6a27c8820369f474a06f8b7022ac8b95e35791a49d71a40ecd145e8d2e334b15f6ed698b7a646248ee73f567739469960c0da5112916a12f212d198a6f6c518b4745a578d265ab1c04438d7a38263a5a8c254 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440174762fdf1f011f716417beb00598a33aae32c141c664908178740f19833d9109154e89f80a1ff369930cb2dbeeba511433122236e0cf6df2d7b7202de550c6a +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 7e3c652fb2786a379614fc8f9f01555cf029cf61cf0af6c455a4e2156996c48cef84be923cbbf883cd18f0b3392611af658688c5f79453c60d479a0a2e5943b581a8c1393cdd2c1c604b97fca41a9ed0aea43e70891fea58547ddaa83790a7709c72152b9b242f89b5759a72c6252347354b9a6b6ef4e302920d4af86c831745 +S = a6825908039d9165b1f1d7e85de390819b3e13fb914521bde6370db313e0c37444bc1bca1d798a73e9602b3c61a67b6c3531c25a0528f4945ac7f27ed5848b782668cad8533000a42a0435de4436e4ee7fe0f9a347750543d921a313c6872cbcf5466ae41a69f32d03acff357cf3e4f1a3e7ed4575dc61bf4fb77a04b9d3cb32 +SaltVal = 00 +EM with hash moved = 0001ffffffffffff003051300d06096086480165030402030500044062eeafda47b660f230159a79e8b20ffc84752ef5ddc420ac6478511cc199f983ea3cb8cbeb9955c175ba5afce719ae601c6303a1f6cd5e0c241b5cfb8577deb6efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 252c4956ac328ba04789bfdc5e90819981a100f3b540069ba8719b8b3ba27980cc7c96710a75ec0da83c1ddf353b45845f3db7224cdecbe5653cebb01fb66305d42e617e8a51514c6d2fb6b3cbe3ad9478ab7acb575f854ec9c9576a70c63934921c39662b32b8c93fb660f64f50e5481892a8ef4b92a64774995f2a0fbd64b9 +Msg = 2bd0f6349c6f8198a10ce8e761feb6d4d72bc71addcefc628a773367be537758fbad737e77b52d1e6f80f1a1bd518af2ad17b9280d36df65838afdfd24a9dedb4169932184a3200f3c367526f64ea08d4de640b3038b3d365063b604796f3bc0a50d3d67edc1c233b2345dbf337d5e6d5ea04605e7547e9e980a48c2e82af5cd +S = a5c713d065e204f5a3d87e4752b235fa79a703931065aaf7ae4a29d641763d7ea4350d8d9a29b29b4fc770169ba7adf1cf7ba872769265cab2d41ee7e227e7682c749fbc5836debc02485eaca9637391c3793b3f05701f80a90cfcc04c091fa37628e4eebbefe5ceec0b4dee1b41241fb883252fe18ca65ab01e4a4e3f31ba36 +SaltVal = 00 +Result = P + +n = a8d68acd413c5e195d5ef04e1b4faaf242365cb450196755e92e1215ba59802aafbadbf2564dd550956abb54f8b1c917844e5f36195d1088c600e07cada5c080ede679f50b3de32cf4026e514542495c54b1903768791aae9e36f082cd38e941ada89baecada61ab0dd37ad536bcb0a0946271594836e92ab5517301d45176b5 + +p = c107a2fe924b76e206cb9bc4af2ab7008547c00846bf6d0680b3eac3ebcbd0c7fd7a54c2b9899b08f80cde1d3691eaaa2816b1eb11822d6be7beaf4e30977c49 + +q = dfea984ce4307eafc0d140c2bb82861e5dbac4f8567cbc981d70440dd639492079031486315e305eb83e591c4a2e96064966f7c894c3ca351925b5ce82d8ef0d + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 4bae63c2b4ed42b92d95293ba755c0f3dbae5a13369b298147e3d7d9cf8629b7df9df22f13370239ef86c91a6b15efc5611057b375e948d554a95a7119f5663b0ba6c373121f2d4f6f9a8703a78153be3472f296254db218a22925546340dd0495ec68f354ed17ed4f9d85d4b9eb1b9d1816cc1422c852410841f166e69cc212 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 8a8b25a74adf17dbc6ee3dba1982f94c17ecae57a75835cc4cd476a1afb23d01c964e8532a6d0afe71ebd8d26a2e5514906caae8b18ddd860ae16303723cbd0a155cca1a4a7be32c2396b1d09544057e7f7fdf6bf1bb2861ecc0f90223269add410dd66ea54a507a31b75528bb277ee9d3d3096d2e2f0f33b0509f27bd990b9c +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = eb2a75ef219b2bec0987c2623a76a8d3c292754519c47f8d541aa8cd9b6c7b3cdd3f7825c2e9ab33e2f684eb34cbe27ac98971b1ba34364e5f15687dc15c829e520a9649dc0ee48fb8aeab8340293ffa869b5c8e4720bae91a3ce140ed7b3f1db25478625653fd8bf378e03346dae7d9638fdfe5a7d032e6ef59bc1e070fdb40 +S = 0fd7069ca1e24f81f3c67b0bcba5fa72764655739d549a59288e6eaebf4d2f52c52eaa17e495ec2b2fcb52a4673aac2e48e2078688b8e5d8a91d7c8c4bae725070425a183e95b352999ab2b49adce63b6c9d48dc29e0649d91b73fb04c45786239b0022231e5e173e2f0d94fee7905706f39ec88fce30d107e4151d010be719b +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = f1cf2ba2463023a1d329957cf3fdc044ffecf8ce0a11f9b6ce8b7ba5e5db07d03d8d08c1c61b255a6d0ece174e661593253cc04e06a69cad4fdb1442da97014e77c1c484994c93104f5b10d876a820022e26fab68ae57e258c36c9ca501106ef87b38674278b14cc61578248d48b889800f2cf8ffd9748266ce6c2c4af0fbcbc +S = 2e305057388fc454647e2c20b71c3cc3383af683126b1b802b6e74096b46655df2715e18bbd1f9f7f4484dc63ea58bd7461c58d6e7ed63e885a2524b01eeea2b9d0cbe25e6f0f780fed9fc9610ea5b7de468b0cc409da4607a367b2815d346facdb6375a7723d013f2d8726e7b40a680b82c112324ab161aab860a943d4fc84d +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004141bd3d18838d09a61c2b0ba9865a146b958c0ec0b +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 8b61c39efa507e17cf4d575bd600286d56a40e84f35d6c06d3cc33b400e161220df1c86bfd0911226081008cbfd4fa0c3aafc4de70478d089ff02f8e0cecb2e6a68011abe64d4196f9de70a9217e8bad594c02df3891cfe71750b509761fc59f9c3627c77ec61759e28c2e1cc4a5e339f9a451ef12e23b8983154d8d0524a437 +S = 72c3377e5a389a176383ffb832de6eaf3b7ee9dfb38f504031af6f3d059cd9c1027e22233d1ed0908bc08ae5edb9aa491aa189610b353b31ec92eb8186c0d2bbe8fb1364c3df8393b5917f69243ccc7cf95edd413cc175793c964efc3eed10b6c2c4de4d7b75f419a68e6cf8eb1a09b0ff29c40b713ed63c4fcc08fb59ddfcf4 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004141c6c02fb4af79739cab2f59451c9ec6ff577051befefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = a6cc1c55dd9b8da73acc6716344503690a9db27bb439518719b41da28284c9894fdbce9de9cc032cf7af6df2d5c658e04121a61c58be6848c2f5ab07291394bdef46b09720b985cca5ff6d22bbb5a4b3a4639ff19ca49fe80f8787c30934ea92eed3694a6ba93c0dac840eacd05a0e6b9a2d430469311fee6a3158de0c2ff38f +S = 7fc3737dfc4bf283bb8f8aa2918af4fb7156703b4870f679bb76e079e561d0adb7a21bfae94e21b83edf20bd28d6c06505109bcdd000c7533a8ff9118be14cd8beeda9cdae6f0735d75fb80953bf28587fae51e024d5b415664b3ab9c26abbbb7f2461d9bf7f2520ba08a09421939fd661d5e3dd83f3e4c41f760291e1c081e8 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 7948b018e9d0772d84bdda094957387e91179fd7ed4483091f764a2077d37b87a54f4d10069584e50314e1d866c01f1c22de215c0cd1ffff3e23b321378c1b53d0d517aa29ac262ce86dee0ba752958fab5ab69a3a0fb6824ffa8554d4b212f532611b10a28faca706391ac2bbe04a9603e4f15021ddbb1d47505bee6ba83c28 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 2146e1bf9d75336d7bd76091527567c9326df14a810cf39d22eb91589584caaecd89ddc1b3ef0782e79e535b0bdce8eba2d7f40aa05720278e6c3ed8fe58974fc1ba6cde3fdb79284b64eeb5d08fb312eab503fbdcd85c240414b8a9fb726f38e2780d2506381d90eccbad3c075c7fee67e8a1da037f14fc4a6d8f06c301742b +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = eb2a75ef219b2bec0987c2623a76a8d3c292754519c47f8d541aa8cd9b6c7b3cdd3f7825c2e9ab33e2f684eb34cbe27ac98971b1ba34364e5f15687dc15c829e520a9649dc0ee48fb8aeab8340293ffa869b5c8e4720bae91a3ce140ed7b3f1db25478625653fd8bf378e03346dae7d9638fdfe5a7d032e6ef59bc1e070fdb40 +S = 885c184cf7e40453f8dcd49e1336c91adfc070ae886b23b561cf444092017a86594dbc09c484d6307201633b4476c480994c4bf0a38195d9e9065dee62f5510cb0d9b16a5a9e0ad86eee516a090809e599b4b7022333bdc1c2f9b0cd181a897108c8db6e2abec0c9c6acc426e55ceb9cb4dd565af9d0eadc24ad33bc6a0f2f9d +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = f1cf2ba2463023a1d329957cf3fdc044ffecf8ce0a11f9b6ce8b7ba5e5db07d03d8d08c1c61b255a6d0ece174e661593253cc04e06a69cad4fdb1442da97014e77c1c484994c93104f5b10d876a820022e26fab68ae57e258c36c9ca501106ef87b38674278b14cc61578248d48b889800f2cf8ffd9748266ce6c2c4af0fbcbc +S = 56c800772a63baea87e02adecbe6e7a1cbf352ec6c40d68d02035a8ef54e3c5d4e4c8d23a686d186ab783dc0115ff56138f05cd0a88a28df8304a7fe8c1f944acff2c51ba447d333e97a053aaf222bb6371c35d37a3c7345f7ba81ce99baaf2f165c3a5f0d9a1200da7017de8ab65c35cd7d082800fd13fb87c37ceff83e3dd0 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c084f86c411436b0111c733c5642186a98d5a8dd8cceb2746ccb8342c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 8b61c39efa507e17cf4d575bd600286d56a40e84f35d6c06d3cc33b400e161220df1c86bfd0911226081008cbfd4fa0c3aafc4de70478d089ff02f8e0cecb2e6a68011abe64d4196f9de70a9217e8bad594c02df3891cfe71750b509761fc59f9c3627c77ec61759e28c2e1cc4a5e339f9a451ef12e23b8983154d8d0524a437 +S = 1daeb428f8dcb93c16b0b96a23708a4a0b2e70ab7fcc2fb16075f901f94fc9bde149b26c83738e58dc598bf4e1c53b34adb69d93f30726a174ac87c1a1b67bf70fd83fb9b89f476fcb13cfed84c2f6d6a92294e0eae0bfdf91119cb692b096c9bc3d242a31f8a979f965fb983031b8f33f18b1713cab83c1391005a94b79ab31 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c6c72c171d3d71a0bc8488c39813a0b20e2e937a13d9484f6c5de23d1efefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = a6cc1c55dd9b8da73acc6716344503690a9db27bb439518719b41da28284c9894fdbce9de9cc032cf7af6df2d5c658e04121a61c58be6848c2f5ab07291394bdef46b09720b985cca5ff6d22bbb5a4b3a4639ff19ca49fe80f8787c30934ea92eed3694a6ba93c0dac840eacd05a0e6b9a2d430469311fee6a3158de0c2ff38f +S = 7d914ae58407a2b981e58ca575a81796a5d3d7073f6cc3b2641338fff4b963c35125e99360b8bebbd12add1919ae46f84c67b642b43d48360785d7d990bd6b23a24feb54925575a46c2e49d5ce16204ef0c921a25c31fe0b5ed623b2a35be5069b7a7fa57322a9fdcee5b391451d49e624fad211494ac3230efbad44cc5f739a +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 73b08114f6256d434c5cdc278a9ca697ea2447895884ce05170dd41d5073ae0b6e346ae64fe886287151e0c6aab0aca3638e5b82d63aaaafc50f8070b592cd052ce7bec9306ddc4760a6f6f2166e40800715103f938698a68a10c73ddf524c6c6e55f76f7a0ab7058cace263af7061fe70fd93ca62884d232195a91acc38af2e +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 6707ff06f4e6fe6cab612b8deb099ac9995511ff0f43fd42f9f1822105e6c78cf6e7bdb117f5a8d554000aeb22c69cd0beb7cf1eddaff92161117f08befcb01605e3300826c87f2fb10f6e34bde865db2c5b7124d3273a997b115f3d0022d0cded54daed0b4ddabfb9b39abec2f9b1e052a89c4d64f38a7649729ccb14f72650 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = eb2a75ef219b2bec0987c2623a76a8d3c292754519c47f8d541aa8cd9b6c7b3cdd3f7825c2e9ab33e2f684eb34cbe27ac98971b1ba34364e5f15687dc15c829e520a9649dc0ee48fb8aeab8340293ffa869b5c8e4720bae91a3ce140ed7b3f1db25478625653fd8bf378e03346dae7d9638fdfe5a7d032e6ef59bc1e070fdb40 +S = 43a9b4ac08716a3fa5e6ea8fc5957492d093b3a4293df69efae3501e938dc25f551bffc491abbc1059543280c8f48e5c97ae0fe602c911eb894804ee585f2d3b9de882856ba2bb4c86c6a14b8126cb02be2ec6303c228dfb892d3786ebd2a9eb3247581ff7f01a2d0f6d4c75a96dcb4e98fddd204eb8d191f0896506fb72d2ea +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = f1cf2ba2463023a1d329957cf3fdc044ffecf8ce0a11f9b6ce8b7ba5e5db07d03d8d08c1c61b255a6d0ece174e661593253cc04e06a69cad4fdb1442da97014e77c1c484994c93104f5b10d876a820022e26fab68ae57e258c36c9ca501106ef87b38674278b14cc61578248d48b889800f2cf8ffd9748266ce6c2c4af0fbcbc +S = 6db3e5bbdfe86efac37bc19abbd07d9209f67876d0ed8f8859b1826d98eb22fa093e161274e4a38675cb76224a70346730314f08475db6ce6fd77d840b9de3063c88e987fb244ac823e962b31ec648ca8942e378a2f7ccf7400b036aea7c5a11e694d85c3c929e43613178eaade378d3c2f6805a14d94029f4a5ce89a87651d7 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420659241b16b3fb30e5012378eac6d83b927e7fc9d0eb5a5ea9d1b75d48441a6a9 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 8b61c39efa507e17cf4d575bd600286d56a40e84f35d6c06d3cc33b400e161220df1c86bfd0911226081008cbfd4fa0c3aafc4de70478d089ff02f8e0cecb2e6a68011abe64d4196f9de70a9217e8bad594c02df3891cfe71750b509761fc59f9c3627c77ec61759e28c2e1cc4a5e339f9a451ef12e23b8983154d8d0524a437 +S = 87ee0da9c96d9a17f63d3e9e142181c0979c381ceb769a370545b535abc6eb8981d3fd4029f529909f620d2a00f209b6ad7c8f709fca13118e00a2f21086fb3a4eb4e416a0b2a121e4f7be5b172a8ed12185948cdb75575fe53d883a354f17baae73fe464d85ca0519b980a4b6f565bc0e76060f86b4cb3e90b6c4b9902f5bc0 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffff003031300d0609608648016503040201050004200d04ea209c27fd97098f416a6410afea38ead35d43b7a1f93d7ae04f7d62d502efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = a6cc1c55dd9b8da73acc6716344503690a9db27bb439518719b41da28284c9894fdbce9de9cc032cf7af6df2d5c658e04121a61c58be6848c2f5ab07291394bdef46b09720b985cca5ff6d22bbb5a4b3a4639ff19ca49fe80f8787c30934ea92eed3694a6ba93c0dac840eacd05a0e6b9a2d430469311fee6a3158de0c2ff38f +S = 8be4adcf1f21261f16ed5b4ce29284399e2a6b7f6339ebb94fcd8c412827911eb5e626d6c83315a59db85bea8010ccded74991f98488fc48989b1854619acccb63fff3d1e4e9a350440744e8bd16631f39ef2a1426b8ffc33418dc7a2a0bdd3330b0bbebba1f0b9fcad2347a875dd89feb43506c0d8e1476e36c9fc6a2798ec9 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 70fa48adbbe7f5cfcc61dd844ec0948d8c20ca5bca62cafb0d7014413350c5fbbbaeff1d445a7367420b1237dd316db6c8298d5ba13a3b26cbc48a84081bb12848cd8acbd198a7250d0411ed8d0e56d0163c39853b3893655037f6b4774be21d62c604522904202d6aa0f11aa1f7f56612e85139ac0d577593586d6229422289 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 1a7aa3bb07684cb72a23a570dd06eec11f1ac1e5cc02108b6bcd7145c413c743da8706a44db575b7053573e975ea2bc111821612f14aa001dea6551863e34af0e68d6f9281cccf590d1b2528085cb8e878a427d320c73806a3af8b498b7d3789b66dda4ba9d6c26d15500c71a6b663d9612076792513776921503435d6578b6b +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = eb2a75ef219b2bec0987c2623a76a8d3c292754519c47f8d541aa8cd9b6c7b3cdd3f7825c2e9ab33e2f684eb34cbe27ac98971b1ba34364e5f15687dc15c829e520a9649dc0ee48fb8aeab8340293ffa869b5c8e4720bae91a3ce140ed7b3f1db25478625653fd8bf378e03346dae7d9638fdfe5a7d032e6ef59bc1e070fdb40 +S = 706c8a70281ab07dca9ce73757279e70621358f1a5bad91bb8d0f34a4519c625ad000df75709b7fc805ee64e1a0e8b2f5c637a833b682c707eb21ad79f99d9f82aa91ca1f3ceb6da9c117c96391f547297cc8f507cc4363f9f2ff84fd9c8f430e84740f3d3d9f385e73d90c8769da2615e46552566f456f6a675d613b8a97678 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = f1cf2ba2463023a1d329957cf3fdc044ffecf8ce0a11f9b6ce8b7ba5e5db07d03d8d08c1c61b255a6d0ece174e661593253cc04e06a69cad4fdb1442da97014e77c1c484994c93104f5b10d876a820022e26fab68ae57e258c36c9ca501106ef87b38674278b14cc61578248d48b889800f2cf8ffd9748266ce6c2c4af0fbcbc +S = 5b3567d2742f596b42cd2e3951f75b8058a98d822961f5deed17ce86355fef06ce8f1b1e83da9f27ac4203d2b6a406ae2657993624344fc760a0ade6106028e2dd68646f1c6a735547aa7e4d4e6ae1d3f14610d5eebc88dfeeccf979d93f1721554c67bdbae99dcc2efcf3a98eeb6bf713dd3c5fbfa44e3b9467838744d226bd +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430582a092df1f38834b32c013209c529a91289d7e595d648c1a633680988e5c8f8153c37c9caf89c37578d4a5cccedf712 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 8b61c39efa507e17cf4d575bd600286d56a40e84f35d6c06d3cc33b400e161220df1c86bfd0911226081008cbfd4fa0c3aafc4de70478d089ff02f8e0cecb2e6a68011abe64d4196f9de70a9217e8bad594c02df3891cfe71750b509761fc59f9c3627c77ec61759e28c2e1cc4a5e339f9a451ef12e23b8983154d8d0524a437 +S = 0a23fdb9060b70ffeb690d0e4be5201499f3623663c4a3c5b8ccd937c20523fcdf526db4279d7d7f1067e241b0d7f00de2841934691747976f3c63e68048702b69db8981d8efba63f0fabab14abf2f517b0d5caab537f187af9f46414f070fa5c1fb9d2eb6858476a5af8bc82b7c38aed298f169f1b962aa452e5f6cfbfe766d +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffff003041300d06096086480165030402020500043061ec010a79fc79f61a9051dae86a56fd57b311f7d5043f4519aae525d02bbe46a433dcc6aad89016c6298dd09ea7ffecefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = a6cc1c55dd9b8da73acc6716344503690a9db27bb439518719b41da28284c9894fdbce9de9cc032cf7af6df2d5c658e04121a61c58be6848c2f5ab07291394bdef46b09720b985cca5ff6d22bbb5a4b3a4639ff19ca49fe80f8787c30934ea92eed3694a6ba93c0dac840eacd05a0e6b9a2d430469311fee6a3158de0c2ff38f +S = 9bda2d9a6a3570737eef2c75f5fd4891d9e8acc102654decc8321b2e114ae8c2f615a1173d855e5d4261a99dc7f825fccef11199e57ba30d98502c237761217261dc31cd14de68201278ccfb46459323d192fdce1577a1a9098e5c7117bc0e52ece3403e0b35fc64969342a72ad74e0330a10a50b67536b088372514a8436de3 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = d3787e2cd5eddc154a3b29c8a5161cb0ef6fa97d6b90c9d579677d46ba22108075fd9dc13958d290c40df3ae2400224a1cf8dd74c9adc8d48522ad9c0c34c1bbde732954e432bc6e55da0beddb849ec1f2c6815d91cc006a0dabaebd3af3ac87d38327cc1ca22317c54b776b12c7197c39829c1f0c17f700d7ad88938c86594d +S = 3892627dc93f65857a6e773202ee6d8bfed806ec2580f1f63fc7bb547d6ca2d2459efa5aa6cdc9513153ef2dc2f9acc0a3f878c4b3a149b674f246842610ec9d4f8d2038bf1126632b588b7c8376066d1b18d85e51ec221efcb5f58e6f3f4fab1fb6b232d443cb16484670b1adec3a450f9f926ceee02c6ffedebc4664a9c5bf +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 31f8dd3024b0487ae1e3a7af9032ef7c76d5420d617771814747c09b2a4ce9ba3ef8630b4e01e3fd5c6c24f588ebe44433682f5663e2df2b6978640bc2c3c1763c69d75b59efe68af8cf516a32cba1ef8380cdc72a3eb9d4d217fcdf7136e68b7173c2870e245808ff35b677587b3066af45a6c97d340563c84d107eff4d61df +S = 6015144a01c388c92bd4913907fe075a42afea023989156b840a493f074d55164405e50a4105d5ba9810a9c761f4626e6e05bf7ec4b47b07ad459ff404db6931f4a994a1911fc65448163d369eaa61674ce2112f79a7a9f541f26a111a605b9a3aeda1db6627c59bf723d34153769d18d9ca724570484583b37ffbb11bf7d4be +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = eb2a75ef219b2bec0987c2623a76a8d3c292754519c47f8d541aa8cd9b6c7b3cdd3f7825c2e9ab33e2f684eb34cbe27ac98971b1ba34364e5f15687dc15c829e520a9649dc0ee48fb8aeab8340293ffa869b5c8e4720bae91a3ce140ed7b3f1db25478625653fd8bf378e03346dae7d9638fdfe5a7d032e6ef59bc1e070fdb40 +S = 45d7f419feda3099092973f1d61994225fec873a0467b1348776a3a6578a10b24be941000311519cf426aa8bdf45a300d7eb31766e0516988cefb14f076c0502a9f7421ff4965875bae992930322d34555cd32ec47d8e6b1ddf95cf1eb193ef3accea5db5343a80d0d36d4325361c7180de57dcd80929bcb9fa166ecf930113c +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = f1cf2ba2463023a1d329957cf3fdc044ffecf8ce0a11f9b6ce8b7ba5e5db07d03d8d08c1c61b255a6d0ece174e661593253cc04e06a69cad4fdb1442da97014e77c1c484994c93104f5b10d876a820022e26fab68ae57e258c36c9ca501106ef87b38674278b14cc61578248d48b889800f2cf8ffd9748266ce6c2c4af0fbcbc +S = 22a5c4a08adf1a8d1dc26d0a3f02af5f12062b82e10743fbc2ae74b0bb533de279bb57bb6f0a44f9b79c2621c426e9e6b5f50a5a8a2df9d46ce9fdbdd0bf6e74cbe2e55682046145a7e40622bc81ec945e8b87a8a9b9ad711e7626109772b64be7a7ad7d5f3b3aad20c03eb164716b62e0851f1041930d4e5ef4b50bff82f425 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004406aa75a3539ad3822952b91897813389ae2946b072578bea95a64f583bb5eb9a27a8e44c2405a9681d9a290e2cd55fbd59c381039de0e21ff120d2a3ed8889277 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = 8b61c39efa507e17cf4d575bd600286d56a40e84f35d6c06d3cc33b400e161220df1c86bfd0911226081008cbfd4fa0c3aafc4de70478d089ff02f8e0cecb2e6a68011abe64d4196f9de70a9217e8bad594c02df3891cfe71750b509761fc59f9c3627c77ec61759e28c2e1cc4a5e339f9a451ef12e23b8983154d8d0524a437 +S = 088942923512cc272b5cd0b40d4aac42ea3165c74c90970ebdc46b5fa8c0b0e153f85c446b0a2d3886c7fd468a47efeba91550c7f01167ce009a4d6a3069bb280b6755eb9716c03f64cd2788555b9f8a0e85d74879dfa9c48ba3ff2002a8b0de02cc8479ca2a59966994d36c6622f4297e2a26cfaa824e447a6badb92331829c +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffff003051300d0609608648016503040203050004409bf5087cc76d346579861f84faef10011e190ef00bfd9b708719d5b672952c0a5f5a8fea8c12b2d738e0b420d785e6a02d7352b6a0e3d20ea2c2140094278b52efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04f7405154be02c482bf07115b27fd7f988920d8207937bec317f1791c11b0f2325851c35ce42bebc828c946438cc22656b702cce2a0dad6d8a5ac3fe6fd587c36f81ff5edc977edf9c6c085efd73510ddb2532742367f8f878814c1714549dcfa17dbd5d1e17ce3dd1a9893a3785bc34c5205df3978071aa36c9e86bd33cba1 +Msg = a6cc1c55dd9b8da73acc6716344503690a9db27bb439518719b41da28284c9894fdbce9de9cc032cf7af6df2d5c658e04121a61c58be6848c2f5ab07291394bdef46b09720b985cca5ff6d22bbb5a4b3a4639ff19ca49fe80f8787c30934ea92eed3694a6ba93c0dac840eacd05a0e6b9a2d430469311fee6a3158de0c2ff38f +S = 82f547779204eefa0d857ae077b2e02e61dc76ee75e709388ce33b3f227dc96c5a98148a816a4c954516a7e44b00b080cd8b05cfa4ae9ff82d64b811f62e6752904b88c2e4a9d54088a49d2d480c267b96974c46f75a4fd9cf09acca14290d6515defc75e0807334cba3f492d42a17dec01396e39d7d8335bb4d11a1c19db3d2 +SaltVal = 00 +Result = P + +[mod = 1536] + +n = d2b6c8fd44e7eb621fa6685fb62371872b5e8408af51bd1b44c6473823402418a26963b98e6fb191cf74175e64132ae6cd101133fc002a89c10bf7739eb930b9c067b52570842395657f927434aa3acbf3369dcdc3990f77cbf22939ddd5877f09c8aab818b80aa20544b6928fe62c78795a4160aecde6ab454db0dcdf1d6c13522526c5ccf82d429791059306f02cdc18c4e580ec6c2da19b3c6de63933ebeac79010c73df95748d987e96a0f8ad523b5014b33423f55922aec2ec23b9aa22f + +p = f260d143cff1e8e0931765da8cb335c0206bf7fd19aaf8ff41e762992f2bb0a660cd65f08a80fe502c9125166a6927aa1859a874159796fada835b48522f5795ed1f8d23f05016358ff908b0dd638bb7ed12c8b80b46aa858d52c77bb7fc0ed1 +q = de8e674fac0b7ea32d518a22030fd10d4298a77974db8febe195a4240dc5373e8161baf8ce47dc4fd076f64e307ea6262c35b9819bac4f142b613973eeb6a62a15a2ff09fba9ce4db7186969af925ee3acb7d3be7a1f9c85358216640fc1e0ff + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 95e319c0df793cf1c1b424a8949b9529d6c1a0cece5f6db573a538b68b529a9810830a84d7c8a3b9747d2882585845653c3e179ec35befcc5a7153e96370467f9448ca1999fba2f801f65c0857a18f138f356233a5ce4d8d80c1243c1c2f518ce8da60696d38c21731c6ca23db9ffc99974d8777bcdf1062ad3bb198fdb64226 +S = 1b5d13124f4a0ba3b4e8f102a7044d8a633ea025729f55ac75e4a8544612f229d4f43c45574983b51efc83ab611a60b009949dd032c97358bb7ae5d3b2ce417fe11a9f6435b84bf7113b23403b010fd749838823450ec954f6e3f54c13db12606ead2eadbf209d5d31efaaa0924f256d3f64692db8a2b7fd8197df13c33b160b2f8fef0d4f2ccdd1e1a5b269b25e4efb462c000573b8584d45c2cafd248348f19cf1f7422abaa402ba54274b7611c4c9db3a7dac61ce51c396cc3c59ecbe5594 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 7271bcb91b18288e874f4c04c10a21bd35150b1813ef61a7f4dc29e4c036231fcf040abb4ece169ae5afc5d696abdbb2e943a7d0464789a4a2ecb1285e1e29d16b1716c2b3313b41b4f8be676e842f1b8006c6418ea0ec2ee57afd5f62124d6b90d3693710ea9f693e55c01f113c24e04385efd3b2a3932e07ae96f295b996d6 +S = 6b9212d017ad9f4bb7ebfa3975b514bdd22240d753fef5631e1c216bc750336349255d53b857bc944d3eee3bc82805620d770e41dcba45869f47d36343ef067cae99a941ab94948bf0c02d2a3ee403c7eab0f9d6f9423c166e62c2dd61198046944b5082db4a17843229489c46baab712416e3d0a685d2353abe010c94ddf7b47f5edf1fdfc9a5e0de27d65ab5dfc9f2e660d20d169cde3e2642393edd79fe7316ec4ebe61fb88223f6711e138d09ec3d76781e73d93e7dba9830c53cdb5b0fb +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004147c3d3d4d94e5e297419551f26b517d0046a98d9c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 1484f58f6b8cff56ab4b81d17967dee7ef1eabeae57c11706fd2735ea6655145ac636df2ea1b2c409c6c3e31907e813d2ab123eaacd3089db4966bb00741c7c48ca5f8599c539d9c790cc27f1b79bc0f331c53036a872790e9cc4c851f343893be34dfec079c1c11481253e4a3bf55051048835ba50037f1165c5f0478a76b5a +S = 57b3646aae17304bcfab8b6477bbcf791ccfb4b20001b2c3cd4e6dafe129934f2c401b07eada6a4b2db9393ffed36a8ae8af85b1d433a398399fc0c2956959e99c12053ac3346710ea5d9119fa4757032fd1739b426e879214afe364a9d274d383e4d1fa64b0b07c6f6014dcbeed59ee0dbcbec90cb5f3133daeb829855d61b88777d806b5717227a8016a965f1bd2080b44ef80bdbd0bf0c494ea7baf09295aacf161c433320fa81cfca5ba44a71264a1d1db1d2f5baeb58eb9d623710ed1ba +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 957018ebbf4bc279aff3a28f87510c01666122399490a4c300680910ed6ece73e84b0e70fd2b53362a63ac6a1456ff26f999a142e65524d22aed70ef0ae115bbb6f3e09f7c88add73c507b311c29c6117c4111b92d7bc2c7dd1532ffd687054be9aeb700a4297863cc043a6c079308cad8a19926d0cb25ac032677c8ba28442d +S = 7d9edeb96e2eb21b32fc3707c42fc26cc2ddaf5283ed2853206e51594027fddbc82260dfb3e2da03dbec1069f0bdc63a7583f0ffc194ba158860fb0bd13dbe22ed34f7f77821b58ff1b6d9a6721f91914d3529d5e605b813f7de832afbc57d7ba570a4af8f9ad2b7ea8d2c1656c669e1df7d3c112bdbe212d37d61ff62d03d8b19426437a48977ea5aaf5eccdb7d90d1e8a1c652cb2333984cfac0c1432e42fb16168a3760328039d1a836a52baa9be92050e96dc86d37c8e0b0684d445be018 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = af0272c90402a9c27f9cf6c9de652cb7a3a402b4695a0c58777fea11958fc0c51f45e6b857a6e0afff42905628b7aadf457669ec83ca80af5d16544f6a5e688e7a0818aae2e48b80146be3f77344b69c650dc28aa957dc8debf22a87956c9212e9d472664dc3927ee59e5776671539382bef7657820a083b499dd57fbec12797 +S = 3cb0d524151a8e3210123ac13086c6299074f5b5a4276059cc2e741944eda31a80aada9427d0a7e49823632075093e4f779f9b84ec4f159227e650c267cf7126047f7d257dc6e41ec6113570bc231681667735d41085ea92a2b9197fac8e4ec9bfff1d2b16f65ceeed22741a872a05afd641b1444a928a948d15248b119f28b3d35e28a337096cb7bb97e7e3d73bf1cf8abdad9cbfb84481a3e124b8c345a2d1065b1713de71e0ef6b8beddb6d88e82379960bdc1cda7ebc4c4c4ea9bd1d81dd +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 3797ad7bd2b5c611a7b1a15b8337058a1e2c15cc42418d7b2fc949943fc8076cc64c6d9e3c004e489efe297711e5f2dfc92b15d029b5b9652ba541ff037419f1ff40af7db267bf005154d4695d990cef823e1b04c0599284c8df6233a9ba9b66ab1c7a007b12a3a0895cab19af7cd923130d2e504e56a241ce1fb11978c31632 +S = 0a34ff5dd8d7ef76bfd56bd4218ad50c22cee0af0532674427c7e13f8b99b86e7128316bf2084c6477180283a7b3f4f4aefe5e0dd4aa136a2920ea70eb23b0e8b8b2c2a2c530f4efa1b6bc59d2a83547cd5c4043ce497639f609f05f3d4d2099b07d9bdc0a15690b7bf2da73def963eeebe118e59ead6dd89f0fa271645fca4d9bf220080a850649f48709bcbcc1cea3fce9618bf167e2fdb13a1ed50eea093d1070c5bfb162b054317f2e41bb3099c39d8e2c7b0b771da05cb7b7bd1abfbfa8 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a0500041486d9512b229032778b2d54e07bd553ebe7f36713efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 95e319c0df793cf1c1b424a8949b9529d6c1a0cece5f6db573a538b68b529a9810830a84d7c8a3b9747d2882585845653c3e179ec35befcc5a7153e96370467f9448ca1999fba2f801f65c0857a18f138f356233a5ce4d8d80c1243c1c2f518ce8da60696d38c21731c6ca23db9ffc99974d8777bcdf1062ad3bb198fdb64226 +S = 19ca086cb98c4770fbd6b70206c3896f966c968c1e5600a2348f3457fa823f053b45b75f0da759994d5d047922efa5184fd0499f57be607a9ac63a1926f8317e6845934a37cd58c07831a970d9599dcc15fb50c629caff451c96e2e2d7f9e3842e8dcdb8011adc8f5cb1c01392218d62285442d9b651b2a0369af3f99343dc8e24fe4f93fdd490636e78ca1b7ae73af5ee2bc0ab6a0fb42ef612c3260f62a1577c3b41bcc25e8feaed1f53e0d85c8155c9c38cf72385ae28e96831f891e03ad3 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 7271bcb91b18288e874f4c04c10a21bd35150b1813ef61a7f4dc29e4c036231fcf040abb4ece169ae5afc5d696abdbb2e943a7d0464789a4a2ecb1285e1e29d16b1716c2b3313b41b4f8be676e842f1b8006c6418ea0ec2ee57afd5f62124d6b90d3693710ea9f693e55c01f113c24e04385efd3b2a3932e07ae96f295b996d6 +S = 843e9f1f0a472be4a3bdf456281eda82aaaa08a0fab173f2086bc03f8b88c0517f457bc276ad144c1b53084d736f2077b0c05f451ed6544a36bd26e902592b384c6d33587a79f2023226fc7c52b1384bc6dc83360769014fb5110245b2395baeec2b3087f6b6eb5de706d08fa7eb069c749a56b91d43d1ccc8f1631a597beaa6486a618b85a2982eb32fb5039584c65f7f07e7c31663a06f48941878f1ef4cbb657f18cc85db6e9d1c87ff81fa7b1e63c74abda333de6242a21a43789749bdbc +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041cd6266f6d4d47969031bf6bd3800efb1332f5c75ba7d91394de470bb6 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 1484f58f6b8cff56ab4b81d17967dee7ef1eabeae57c11706fd2735ea6655145ac636df2ea1b2c409c6c3e31907e813d2ab123eaacd3089db4966bb00741c7c48ca5f8599c539d9c790cc27f1b79bc0f331c53036a872790e9cc4c851f343893be34dfec079c1c11481253e4a3bf55051048835ba50037f1165c5f0478a76b5a +S = d140b01f9d0d67a4b869fa67c115919268657f97d846886f07174fe6a30be909a74f1dfc4590ea356e349bce40547539e76bc9011ea133356c6f01b7739126c8af29e307966bfe39999625ef989faf817d0ad6378fe5dfcd5974089349d977c7fec62289b760b4c7679d41e463be7e3f996cf1f66e48cc004f5823b1f7a94524abd06ff35fc4f51fe6bd16dc4b43eb360ca18b4c4e5a33440d748dc7fb1ec3a8344f4e175f52479f4d93275e03890664fb3a2941187bd023a3a277fa840986c3 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 957018ebbf4bc279aff3a28f87510c01666122399490a4c300680910ed6ece73e84b0e70fd2b53362a63ac6a1456ff26f999a142e65524d22aed70ef0ae115bbb6f3e09f7c88add73c507b311c29c6117c4111b92d7bc2c7dd1532ffd687054be9aeb700a4297863cc043a6c079308cad8a19926d0cb25ac032677c8ba28442d +S = 10699cef91c348ab96ec062c0a98bacec04aed2bc2a806d8553258ebdc999abd59651e8aa7236e50eaf0a183e278a956de7ad6c3eacf7e5a2dc1e46a5fc1ff58d09db56580d924de5c3ea9863c006cd9f1556555b024a670c316d2de697976a3ce5d3994a758220cc83cffce43f7ce42942c3caad5a477c494d9581185c4e5a69f056778c77784a7fcb246f3edb1cf93bd416057d0c2ebeb36647ba8796b50ea569930132d189cb43be8405ea210b8e2266807620487791839d0e6ee4dcf9d63 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = af0272c90402a9c27f9cf6c9de652cb7a3a402b4695a0c58777fea11958fc0c51f45e6b857a6e0afff42905628b7aadf457669ec83ca80af5d16544f6a5e688e7a0818aae2e48b80146be3f77344b69c650dc28aa957dc8debf22a87956c9212e9d472664dc3927ee59e5776671539382bef7657820a083b499dd57fbec12797 +S = 90277451b160d24cd2df6e5e84e2f90a8fb6208f3395a305e299d5005656a153d27801084f7cb76fd0e4b8d118f84214416bc65446cf41fdbb6532c07b718ed82e34a8b5b52575e39de48e65eddeced22e5556d89103960a228df0efb047ae0e1569e579b477b38198045bc3f4cfe021dc9bccc33f10d3ea30a01c7c567ab22bd2d0bbec9c57dc990bf0ef19fb5942f116ed33510ff76405ea1cd99c0b47ac687d8c66f9540685d831302c272de04b4459951ff480f99dccbe3b0c01f3330560 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 2da2547df2b14d5f28bd5cd71250f55cd840a11e7bd799470e30938124e4dcb985e7a72325aca57f5690d59a3c759e1781ad1b6f4b1bb6376b94f8a2d88b9f465beef1238b4b51e1fc371059b4f08557de41609ec3a63b2df5b172c1cdac359b1880db830ed6790d847bb41b6209d3a356c419b3cac251b2144faae8ed8fc541 +S = 8866a8d6767eb3a88cbbf6075ce1ff085e541e3dd305915cfa2ebc94ce8d6ae9b7a76d5770bd4e96b913fc41824b59f3066471b054f744efe0fda0f12fd1413b755f0c1d93fa3bfd00dbac16cd6c83a947d71645aa3828b7452aef6b68a92f83dbb48a041ccf1905e10665e186d5aa85e502b36dacfec5b1d17ce9500caef5e8eb8b51cff080368b75baaee54886e602e722d2b9d04dbf05026624ec6fa772830090c570c5b8ac7594abe3ab312d46fa3294dd96ed9c2642672154240e66b197 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c9d529ed5fc99f3b9f2d3c3abce14aa723e6ee9397db13c35a355fb87efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = df8494995c51a92e651ecc6229ec4c5ffc54b2975876ea582233a3a02f9cf73207a94fe9e92f814d0f0c3c6432a4a6cb51924304af9719121bd612437344a14e6b5aa89d8b0d9aec77ffdd1373f77220268fd7a99e2c2c61953396e8f37ae1e894fd695d4ad33a3426607618f3cbf78904b2362e301d6b6c1ab1f637b627fe28 +S = 8474bb2649667bea417d1a51fcf6cf891c29d838c7002d7189b945b53436cc0b67175e910e2cdbd3e1855326f7c0c823a8b76d06b2ae1e0bc6a835a524401b5a280d07f09acd94ee745e1a789919128c617a683d1b145b3adcc494aa701c2fc5895d14ba6a7798c3fa51a04497e78413200b284a4b50bd82f0b7a1a4b3b5b3cae15e345844b0b7f155e48bc52fddc2a83648b2714daeafbd0c8c36de1165cdaa75bc8442b681b9ecc1cae114e629b13956734aef0ad11c421ebcc27202df5899 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420351b72799b9cfe54802309d2be3fd5ffc3377302cb171d35af0d486d4e664516 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 73a012bce858e0ae42fa2893a0fb1439a73a9c101841b28ca8c8bdcb0c7b497853fefdef782dcda238a871bb218f1503ec8a52020c0d5d6887da7eab05c7c4f226c1f8321911cf966bde63251cf3e49ff8c38ba724aad027f876ddf10c2642a296f2eaccf38b4e5483a3e818bab0ebd574ed314989a27594a2a6c2e44b222b51 +S = bd0512605f506b906f012de9f50ca56881c61edc331d8b36996b4eefe75b4751b6ff980194b52e19b82dc85fb3428c86905aea1e59e9db90018ad5471e29ec170f18b9668725a562caf850ef41c7ab871448a6f428db6b2ddf85fddf029dfbbff5677bd92aceaa9372f9a579a2f7fbfa8872f8de3f7b15c5095598d39b3808f99cc672d89171302a7e7c3430a1ae675cf3d1b3341f432b4c57a372f9be3a06970f2c4ee3f557b98a8e767db450ff29a491163330bb3438432c5dad3dd8dffbd1 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = af51ab7e521b64502702bd561e40dbb41e2f80afa95bd562bcdc67b3f6e36f86fd9256311e11782f33de2918ca64f5d083d02cffba209fc2667ca4a141ca60c02a7d4559c7add9696e6db9aa4659dec2a96e20bacd1ff8b1a4a48ad20096e383fbb97fdf96190e67a05877f4da461ef158b263c62a806b973cfc222f7b6e8037 +S = 6ed6b46b522f09d6c1007dc32e593a2dec403c5f318e9ce0edbbb2ca6b9b05803ba43c1828ce2fc0e2fe8feb4f80db80e1673e111f204a6a009c115f0a797006bdfc5b5258404e259aa0f9d72957d01f92b756daa9981952dddb0bd1b1aff6caf46ccaaab62a15f52c79fd663ff64b94ab8428c04780efe11ce1a210acd89e63a26f4a48b9e4acf7c327521a9654ffcdfe03c6baec5cc8bc32731d6a9254302a69f56bf43ae8b82738e8073f073dfc8c386d9adb0f1acf16e59710e4e519cb42 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = ae4dbe3079ef09f963a3da04099f596a6eed3c979d798eff8f69af0d4eac9d5c5bd6712a4d2b2d0abcf9b4d85d2c1af26e1c1ea555a9f5e6848a4a439fe28219e1144406bcd939a1bf901069bdd5c6fc2c54248acbdf898888bfe9a9a048160a08b13eac0c22b528360df59e71c2e4ef6e3e552c4744d04e62b096279907e098 +S = c7ad03de788a43496f2ebed7df3179788360095e880785bc5f9135be256cbd7693ff1c47d7dc74e1e3f318a533ad50850336d64cecaf1b6b6a317332810d433362eff2b03b6730df4a04ac3c69e18e752577cf8ba9bb0981a2c6cfc2178fcaa3bee1957cf10a74e87541a3311e40206457a11efcf76893f59dc78cde650b0571072a9af5500dc76cfad2bce35057768b97046adb84a67efce9d9f569839e3f36541cf0b24862f8311796edb735476eed85d8290619b56237a89028c92b3eab48 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d0609608648016503040201050004208aeae1f557c4b574127603b7da392e75ad6df1b94d840cff18ca38033d5cd0f4efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 9245f9e8a7b4e2c8744d5bd42ebe68ca32426a5cf7c5ab78414938cc9888ef8af9dad868cb5ab9ec1444e4e6eda2543e3428f8ef805c4f545afa35a3aa96fdb76f83bf12b3f4f322bf613fc38b2c8e0678856230418b6b062fb358488d6eed7c5c0656ec48c9bbf2da6a1473eea43faa68204f27239928172a3e49c52b58e861 +S = c9e9152887b5111f721aced7cdb0e7368b0eecafaa1506ccdf35c378b633937d08544493a1e8aa84b5b7f892d89976f2ebfd55ae85189f61fb280ebfff5a01fc2c90fa4896ebdc3725ec472631e69d35fc9d5a03447941e7befe21a36ce5cad72088177d7e54cffb60dadfaf3800ca38e9751df2d4fab7738f31d82a944e0f3bf652197121c4e74ce5f170fed950f7a03906e75b7fe12469fa4d44fe8348d5459bc5f5f13aa694c12ac64912a20d694230ed95b75f3de4eb0c3c60169695e94c +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = bf15e4f37e28f61a35be4539f17d70c75d3591c19368b84c320a999cb1858114f3008faf1be1209ea1908b33a67e0ffd84670935aad46a58a7e36916844a756b579a6e0c15c11404a8d3c09f410a5287f00b6a2d726adb6a4a715c67131d81ba146aead115d0bb94710e4b466d2621acc8a91c729334f1ca433bdb5605058d48 +S = 897dd26e35a3833b069c14e173d8f90443d51f3c8867457980f0c20420568290a2e239642fd21e93778dfea2bdf3ccf72c3ee8f4334394238d52fe577d1d050dd69838626922ed9af276f888356349fd1ca8e9c17d615b9d3cdf86e86d01eebbe52dbd26c034e8a93fffe7cbca27edb1d03b13643ed4ad122400d4f980ff7b8a9864d39e9fbd5781ea4d21a06136b70a90fe2bea2ce142334403bb078095f1257df2162e9998a7268d1f05f4c483f726b9b0cfc132023c643b1b0b04b6d88745 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = df8494995c51a92e651ecc6229ec4c5ffc54b2975876ea582233a3a02f9cf73207a94fe9e92f814d0f0c3c6432a4a6cb51924304af9719121bd612437344a14e6b5aa89d8b0d9aec77ffdd1373f77220268fd7a99e2c2c61953396e8f37ae1e894fd695d4ad33a3426607618f3cbf78904b2362e301d6b6c1ab1f637b627fe28 +S = c7fab5c4083fd43b67dcc56c10b5f9a4793ae49411b828512e4930765f496e313995b506e6b2ed4ceb29eb2b9a649e18a1c9f22fa5c89f7349bd7d8e967c3169fdd120517834c0aa355b5bb85b13b0c1fbc2e915c9ac8d7801c37cfdcc45376d8915ab57a67cb39fbe3c976e49e3a47e2312dce0b27ebb2baab9214a7af25482ca1f7d9baaca22ab73deca082b271044048505257c968b131f5dea33c1d02bd4ced74b6c0cf71cba31d989c685e9291789d2a5e906c52268a270ec8206e3bddb +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430ee9e3e985b715474d343f9823ce7f3fd430e13cd9dc4d9117c1a7f1c87f40e16a1012f103c90db1b979cc17934b20756 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 73a012bce858e0ae42fa2893a0fb1439a73a9c101841b28ca8c8bdcb0c7b497853fefdef782dcda238a871bb218f1503ec8a52020c0d5d6887da7eab05c7c4f226c1f8321911cf966bde63251cf3e49ff8c38ba724aad027f876ddf10c2642a296f2eaccf38b4e5483a3e818bab0ebd574ed314989a27594a2a6c2e44b222b51 +S = 28e465b1d7e5e227ca3af797f7f4606a4d78fa8037190e52819b184bb42237b64854c317e08bf3e6ac2e544eb58e0e318682224623f8912682c9afe0e81e7d9f027105c0da1c2b5f27fb24089af422f559ba97839749bcf9e968dca0e58213a0ba53547934804a1e10db9da4464ce7800e5613c89586277beaf69edc62a3e8ca2a8935ac4d0b4d65e7ebff4358be37102a70f327245475bd6673c7d092505f321cb600f6df917c6873625e5d3539d95b94be06d39f90eccb424a9e5acb27f0d3 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = af51ab7e521b64502702bd561e40dbb41e2f80afa95bd562bcdc67b3f6e36f86fd9256311e11782f33de2918ca64f5d083d02cffba209fc2667ca4a141ca60c02a7d4559c7add9696e6db9aa4659dec2a96e20bacd1ff8b1a4a48ad20096e383fbb97fdf96190e67a05877f4da461ef158b263c62a806b973cfc222f7b6e8037 +S = 198f72795be3be9f70828fcfa6fd2eb286f4d996153953730f8195669840b685b1854ebd54f8d1ae8db487802f8c6978197822157eb45c8085ae91f11390e0d8910f2bb51d1efbd743e2e7d7e16c4757a67a666c1e6bbb90fae924550847b68e41bb9d8b58b376c70c075cbedb2875bd7789971d2281ac3a591c7361030dd46afa79ef20a32f68764d40f4f5d689f3686967e57f1b718522a61ebf35e194219f9b044aadccdf0fab455be9f86a651bd9eebab4e8c798c9156880b06f12ca6b7f +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = ae4dbe3079ef09f963a3da04099f596a6eed3c979d798eff8f69af0d4eac9d5c5bd6712a4d2b2d0abcf9b4d85d2c1af26e1c1ea555a9f5e6848a4a439fe28219e1144406bcd939a1bf901069bdd5c6fc2c54248acbdf898888bfe9a9a048160a08b13eac0c22b528360df59e71c2e4ef6e3e552c4744d04e62b096279907e098 +S = 14f03b08b6e55a8aac770701ae964a627e2c35a6e5b0a086cad74eb7cfd5f30c2b481b9a23a03e61f9a73ea131ee9e0d44ae896fd815595adc40a7f719e37d453c6c2ac99f5e76665894fbba102102e31a4fbcc172d523a0feddf5f0098949041cf5c6dd729882db4a3104062f37fd0b51f990d180fd58c2894d9c306e001878aceab5ff4376b98c65864e2216702b6afe97686498732b6259a85e60e56e184515d8326d7ea98508566fb6ff79e771a08904918f19562d28d6ae334b9f15104a +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430d641c0a68fa8724ce04f866e4c8d232b9643ff63669e3ba6b030d0ab734710b9d6ae8c7703bf964d4b827d2098fcb79cefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 9245f9e8a7b4e2c8744d5bd42ebe68ca32426a5cf7c5ab78414938cc9888ef8af9dad868cb5ab9ec1444e4e6eda2543e3428f8ef805c4f545afa35a3aa96fdb76f83bf12b3f4f322bf613fc38b2c8e0678856230418b6b062fb358488d6eed7c5c0656ec48c9bbf2da6a1473eea43faa68204f27239928172a3e49c52b58e861 +S = 7ea67611c9dec51c441cd3b5980e566f13e1191ab9acc5885d12e04c231b8ab7ab1bd388cdfbcbcd6a8c175d50296483edd4415ff4220b6af620e3ab5d2561c0db009e2ed7b094c8ead105d9067ce25c555cd306f52f183efe0bf3a618c5d52b9517ea948cc1a3dc43cbab21dfa74a44db4a34f8ef6aeb9e7fade424122a96f587a5ea94dc9b7399485d2bcf255826389209a89d5695891bae7bcfb22e430a3f5324fbfe79adc7f7fc5b143b86518022a96902fbba5a39275650d8028d3bf144 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = bf15e4f37e28f61a35be4539f17d70c75d3591c19368b84c320a999cb1858114f3008faf1be1209ea1908b33a67e0ffd84670935aad46a58a7e36916844a756b579a6e0c15c11404a8d3c09f410a5287f00b6a2d726adb6a4a715c67131d81ba146aead115d0bb94710e4b466d2621acc8a91c729334f1ca433bdb5605058d48 +S = a7395ce62131a5eac115ea950fe60953fc334cc244b13b159720a502b7194c9e65eb665e6475e1e19e462b735496d65fa8a5c16162d97b11656a85b43fdd4a819ae918d79e50e51ea1e9f5fa92f467410c61d50ce2e3b61f59be2c88cfadea890b71edb70fa87e38df81c38d315b33fe4ca4fdbd5779052c16eed21468a03b15fa7a235e8f6831ff55fe2eaf79eaf466a2280eccb8139dc16c8f296f0e79a1bc4784f37e6550264d7e26a8507b97b1e279f644a29c166be2c761e1ddd7cb6611 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = df8494995c51a92e651ecc6229ec4c5ffc54b2975876ea582233a3a02f9cf73207a94fe9e92f814d0f0c3c6432a4a6cb51924304af9719121bd612437344a14e6b5aa89d8b0d9aec77ffdd1373f77220268fd7a99e2c2c61953396e8f37ae1e894fd695d4ad33a3426607618f3cbf78904b2362e301d6b6c1ab1f637b627fe28 +S = d1d6a615340ccb1504625ab056d09a95f42836bbee98bbc1ebeeef5296adc55eb8159a5dccf5fbd9bab8854bdae4f9c73379881adfaeab1bed26a544f4b56067d1c29f473ad84486a4e48c51354e4b1a9c9ba1aa019d1c75c277a2dc5df6ec4e112312c93e5652dbe107270f02805250dc77e833637c65f2248e2834b7cb62135b43730a54e0782822fbceb33073912728dbe0da834342ff7d519404c1171b347b96a4df6bf794634247e4b15b93d7929a0e1852dd20b6c88b4f30e0a18be8da +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d06096086480165030402030500044027c454d298019b1b6718f4ebbb3e2d115f3ea8a214cc95367bbe80783dbc781438847c4b1508b6010de44f47ab6e213f32e7348b8e6d6b4f85fbfbd3b4c6e05f +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 73a012bce858e0ae42fa2893a0fb1439a73a9c101841b28ca8c8bdcb0c7b497853fefdef782dcda238a871bb218f1503ec8a52020c0d5d6887da7eab05c7c4f226c1f8321911cf966bde63251cf3e49ff8c38ba724aad027f876ddf10c2642a296f2eaccf38b4e5483a3e818bab0ebd574ed314989a27594a2a6c2e44b222b51 +S = 3a24d99406cb5a02ba7a403dc0b5b2bb87984a3feec115dfd4e5531993c391294aa226761a02affab891886acc356160bc9543f2b722412392dd5dfef65688d8084268278eb04482eee60f72a34b30376a8395f5f3fd27dd56e7a8431f2093a8ae93c02674409c492b52a1b0c53923672db546c85ce5e2e160c94e78a5d66dba5c398b97585a20f3b32ac35a4216e4b93fd85c3fc5693fff06eab4b9e0495c5ab0d93bbce6b3e16bcd9bb458b2d7b4e30f9f4a52f48311a26e3c0e9ae30e4872 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = af51ab7e521b64502702bd561e40dbb41e2f80afa95bd562bcdc67b3f6e36f86fd9256311e11782f33de2918ca64f5d083d02cffba209fc2667ca4a141ca60c02a7d4559c7add9696e6db9aa4659dec2a96e20bacd1ff8b1a4a48ad20096e383fbb97fdf96190e67a05877f4da461ef158b263c62a806b973cfc222f7b6e8037 +S = ac7598c1f1f9245d59b443cf44e1eaa00f9a213ba24fffe3b6051dd0d9f430669edeab9157371eeda529bace4e66f31f272b210b5b9308d0dda403385238d758de9d2099c516e39cba18a1552059d9eba6deca27db71e766ad67b9db321011b727619bb303df82bdbf029649300b03e0ebc3208b2ea8e290b670b2796b4ea12de9f07e6185fe508548d2516ee1f8997394079cabdb6bbda455983169fee7cca71eb4c5841c27c37762b985824134fea46bd2c95d7d82abb66894c6671ddc45d4 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = ab50f6312f99e068e4a76ed88efda9b0acf416b30500e798843673b1450be4ccf05f2f5746ba4ac7f9d5993ac15ca95aacf22085b676f42c9984dc79e63f0435554e05e859251442f88679b9da474474a0553b6877f916c1ec5aef830244f47181275f2e9263a8a289c2f89f0246e2c42f264ea27013b51e24bf9416c0a01a48 +S = 6c0b09fd6b371212279378f8e3d91a4861c63c7353e5480643774821ac72cb3519cfd77e46c6edcce92b796fdd5a511199e9b870087fd9d815e7d8c8deccfc7c229b93a038e202e60df022d0a966e6616c67a447cee59b0b3ca206e9e503e928dcb33160b9b21897e24d860c7327e83f15ca41449f7aea16a3e7d83faa458dd0f27117e68bc279367925a42ec8cef69cc1bae1df16408ca60b8f1b9fe9f837a1227153b59ab2b3707c1e5cffd79d7c11a31a81f41317f012b497e34d4b3bb962 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440c4765be0d27a4bdb86ec440bb5259aff46c9bd89a6870bf5b87c3755ce45d780c63282898f959c929d9f144143a038c36d4d0448ef8c4663cedf5cab3d59bf0aefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = d3d03ff14b9e72bef1c6e7d29a5bb8f0ce554cf3cc867a63cdd0f1468d94d738086db0be811f82d8c9ca36d5be64426b126585074ec4726216237155ae4782eebdca24c35114758624879ada1efa61651a692527edeaf30aa4e3eaba0e7be8b67b4e63a8c26594f28965db89c0065f066fc7f5fab2e143820179251cb5194fb9 +S = 81664625093bdfe332db62e3c1f5ba000062576d95f1a82dbc5043eaa267d7602c25cb45759ae8ceb360c017f9a0c4847763e25206699792af187294514bb214a453730350673bbf2feb73033a567d4d11a6a4a13d2d1d79850bd71e4ee9b8b404d2114f505ca695a760be6b1a784be63a208edeadbd1a22c86d8ba614210d9b01b89f70243749f5be9b43385ba94ba0797219323bb1817e5e3bfbae02e2e360383e333b27c32b6685e6b9545a3a6c7742a7e0612f20bfff18907c58f3fe671e +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 076fdcedd54168af223f18c42188c7c5860c5f03517b5b00f66159dad4115297752adf60e6e8d614347f9466b83ce96b88be4ee9bd999b19f1bb26d9ea7f01b84003a907584cf232730480a6bc9692a3cf5c47d40ff051dd133ec2353e0a8c4fb6b65b5ea82aba7686f2aca7edef2b7e824b4dff3a5cdf2aec1c726d8a3dce741605abe0a0b66047ff6e3e7a1be8338af56b4cecd1e650d4fc3c52f56f29e746c7b2ec95f9dbd6dfd1f822541fb6f331faefdc00a346e86b2dd6a88076894b91 +Msg = 4ff4d6aee37bbccf415b68228612f69eddea178398c0c13d7f0a258b6719e2e0079b780a0863ff115b6d1962cf1c252ce3c7b50bd87442e40be31f1082cfacbcc570cc8fef44998e040f563d8521a40742d7f9e070644f29fbd119d41e437bc8307dba87c1a5f20ee54b07fdd0a7ddf7a322cc4c86194ed5f7ddfb2061feb8cd +S = 303e5f73eb2125488fed92692fe597994b86e4189ef71152bbe277501866f64df9de78f3d11d74c6aa48a916ce2759012ea86a862966a3cb78d8ac12d0d99d059e8cd56e83c0f5198ef7248059510687e3943fd41defcd58ad501976ec17fd1c252c13a177cb99d2ed831279d6cba8ca63ad0929eef4fcc85c985bc449030a76aff7a2b389d23b89471e21907043eb6c973ed375d85871bcc9203d6c615fa78a066e7fc5ac9f8f7099ac22d5a8b26d0608df22ae0cdbabeb81bc6f750a61f5ee +SaltVal = 00 +Result = P + +n = d2b6c8fd44e7eb621fa6685fb62371872b5e8408af51bd1b44c6473823402418a26963b98e6fb191cf74175e64132ae6cd101133fc002a89c10bf7739eb930b9c067b52570842395657f927434aa3acbf3369dcdc3990f77cbf22939ddd5877f09c8aab818b80aa20544b6928fe62c78795a4160aecde6ab454db0dcdf1d6c13522526c5ccf82d429791059306f02cdc18c4e580ec6c2da19b3c6de63933ebeac79010c73df95748d987e96a0f8ad523b5014b33423f55922aec2ec23b9aa22f + +p = f260d143cff1e8e0931765da8cb335c0206bf7fd19aaf8ff41e762992f2bb0a660cd65f08a80fe502c9125166a6927aa1859a874159796fada835b48522f5795ed1f8d23f05016358ff908b0dd638bb7ed12c8b80b46aa858d52c77bb7fc0ed1 + +q = de8e674fac0b7ea32d518a22030fd10d4298a77974db8febe195a4240dc5373e8161baf8ce47dc4fd076f64e307ea6262c35b9819bac4f142b613973eeb6a62a15a2ff09fba9ce4db7186969af925ee3acb7d3be7a1f9c85358216640fc1e0ff + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 5d7f76ed239a1a5d00c3a4f4da964ae0bc409c43ce9b147b859aeea617e8396532cc2fe1ed50c20cffa2772a2eba778f0b3de4aadda26942db9315009e96692ed5ecafbe3bb98e8ec666dcea2144b3535d72c77ee400f6a0ae5421e9b7cd3b4eb0a79f8cf41fa76abfd77a3e9a7b25b21aa5eec8cafee41c66a7bb6a4ad7d74f +S = 810510f7e41b63d4d1db17ccd919547d021c0148047ae92fa3278a1fc7d2bcea796f6ad6b927df033302d5df46b3d33af70560c01bceb46502552a8b6b67e0c754ab1bf58f5ca9f96397aebd5d852c66865c399032bac358e7a990ed6dab9aec27e664a08c505fce3dca4bae2cefd8e1b35f6d4b4216cd6572f139e4b520188e8199c9e3809938ad642123c466e0d59b172217ad290dbf74e2ada78c0b7dfe639ee88caf44535a734794406fe909922442b1bcee8fa3a8e31bfd665dd219c46d +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414fe4eed9d60746feb5599bdcf486716a6a04a0e69 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 044138280eb07cf03ec9747c7e9b89e0a37850b2fc40ba6b2ae38b1132210d13d194057510f1e62c178b45cc46188d6082b8f499cd33ad2c1a825f755f92d760eb44fa89fab8fda287cbd81661def7eb81da33ed9b700209f3a6eaf7728f3c1cf959feaef58e2919349315a1f775314948e4f7f48d801fcb5e5413de94a0a40e +S = 6af0c3b45ee0b0f5182b692d5703921e779bcc5ec5e5f71fef5c480a491acd10e61166ac2b40e4246fcb28aeb5b8feb870be4a4efa13695ec211e5f603d86d33b228a41069003d18841f48aee2f4802f1dfe95caa9a3d89e5425ce06fa4d17ac2e5fe4af0e5a2f86e5ccfa21c5d1520290b2d4d4ca5096486b6012e302b2eb3cd9f906d36719f3a19e3c124969eaad2a43c2e30bea835dcad93ed550dc3137e59fd891694274cfd6a2522600c661dc496f4e4de5a58aa51afc15834de5c97e96 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 8f662067a26e81165e23ed70b145725faf2c591491ba4d9ffe8fbfbc8a7b88f07d39d0d5d55a2fb28e7f134f20cb62084a98601f0e69d257fd2064beb47248caa79720a71d461ed07ce069ddc7ecc39b65c36a62248c3ba37d6b1dc11af69d2295e9d685831a9496b1afb9bfad8edf4288153e85db0cd0ac08d7b46dc2f0d120 +S = af16b7a53f57ef673aeaf9a17727836d00e883352e7e2109911dd839ab23d46400f140af84d4cb4a5864165c682aa85eeaf4300e74b94b4f8fdbadbec540e07056b55fffc96a627939928ce5fb61e119c94f14719a93fd5f3a3dd4a8754a8bcaba64afd5e63bea1a793d420a2b6975603f2d4597b26799da0240fdb7d8b0e6e2896f63bbb46526a2f651ed17deda3ab3b43622e749bb608c6d30d41d7346f9338bbd768209e531a17e2a92b815efd222049451785565117f39812de4c6ecc65e +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = f93d6cdebcf190ea6ab2358636af5cfe4b3a9bdc1bce160bf350aa3cd3956b897e255158cd3e2e83481ce3b6f778d418764f992d48e4f7fb6d080e6b3799d3f35949c17241a0cc5ba84597166779e6a38ce45681ad944cce7c432baf9cd8caf2b33125f2c12052bbb0b3b76f2cb97be9b4813a9ff1e5fdcd478769d0ab5b36cf +S = 1e076b3feeb281e5ded58a886f653c59a31789050df263bf06401eabf4eb79b4b516350fa63b06c4ea8339190ee9ec30c3972f0009a892bc5938e17c0ad3502f5b6ebfc6e90281cdd94ee5758a2747e05d2523ba337301d392bfc6fe57890234bb1e485ecb0c2eff55c6861100b2911fe594e6db29ed773da026bea1875f334a2de2214e656f6bb25b6f84ef5cfd4158d27642f84579c1f5e185bfbe2948c2ef26e6610355e190b4c06143f487a68ff15da2f7acc9e28bbae89e9ef0c362d63a +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 6f856225ba8dd27718b7c684764f2a18c19df4dc4bb9accd71a12bec7b89a337c372dfd91afecc9e678339a9915edb699f8a94c91e71f4a7c30101885203338abea8c39a926526e68f01d49597ed4db6cad35e77ee71a09814a8431f78d0094caa4f95cfeb6ae639da5b1fb150a389e888a1da4f8364b887aabe7918b6992d67 +S = 2491418adaa343b655e7a3e762737b02ee904d6d79fb6ddb9cf2043b671de59e5165f2898bace269f0e65f3e754aee71a5fa596a5a89574afa49818c7a962c38e1577f2302b75ddf53fff93ef035be0dfe14a086a27ab5a2e64808c9abc9007cfc748fac383c9c89fad72d89044c49cca11cf761d7d8e506920aeba7e7e8f187aa287c6c8878a90fbded8489789e2742a8386d8cb21f9d0b51123a5f78de74656107e562ebf50ace92da2437ed325629e66e14b573668ed6462a8ea21e54a543 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414753938c49eb8f7bc120354dd8ff2177dbe9bb916efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 9fc80458af5f2489a910779f7b9d078b249a68a276219af01ac830d0d4d0b2ba089f415b7e7079eb624a9cbb8f2eec0d0d955829d71a5bade27322255ca5eddb3178b7f1d42919ac3c606c132d612eb9b886a6d705edcb9d506e63ca32d0687b223caf403bf1cc75403a30d0dd9d94362f569bd38704b2696ba13be8deb7ec40 +S = b23c38a05b861aabb41227c23af9d3b6e1767605cdcaf1627875a7ce09f99cc4b7397a4f010a3bb2d8a9c9765b9877f936369d761a13dc3c22c0db84a3364661b5c7fd39e6965e43a728069daf89612dd8dec3dc9142d6987b8345579d9be7891d315247955f70ba789d3650947de9e92948e049696a00d0e0f6d256cfa24128be180ead9af648436c1cd21d0b396d70c27c94ad8c8625b6b3dffbb3ff78c475732203c8d08a3f99e7dcc86f1c233131571210e8135a29565761dc94e77bf484 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 5d7f76ed239a1a5d00c3a4f4da964ae0bc409c43ce9b147b859aeea617e8396532cc2fe1ed50c20cffa2772a2eba778f0b3de4aadda26942db9315009e96692ed5ecafbe3bb98e8ec666dcea2144b3535d72c77ee400f6a0ae5421e9b7cd3b4eb0a79f8cf41fa76abfd77a3e9a7b25b21aa5eec8cafee41c66a7bb6a4ad7d74f +S = d1b5a7c9880f3b076d635ce4f881de6c715d0e2ac85fd08ad5d4ca93f2b04870f7264bad5c7dc9f38046b7ce0bbb4fb4e6279571533f61cde6d540c6e6bf69e4869ab76a563f30cc6718cdef849f76c75aea4c9a3068bc579b1104474d9a4849d9c3db49fee17afa5281fa7ffb848e9b33835e942e89c04e291d123f5d2bc5869f076b550dd8c04d2c2f29ad290ae294ab3d34ef54f5148b256f50c54f14dbe4f02e2aef97e39a90431b774142b3dbaae385615323badf58f309e70a1084ee59 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c7c8aa165fbd14e4361a3bdf3f9b6bbfcbc8e14153c901f8e2104975b +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 044138280eb07cf03ec9747c7e9b89e0a37850b2fc40ba6b2ae38b1132210d13d194057510f1e62c178b45cc46188d6082b8f499cd33ad2c1a825f755f92d760eb44fa89fab8fda287cbd81661def7eb81da33ed9b700209f3a6eaf7728f3c1cf959feaef58e2919349315a1f775314948e4f7f48d801fcb5e5413de94a0a40e +S = 6883e11e659c46bbbe5a9b3470adfcfeb546bf008d1f2f272e2b3b957ffb52f6d25e0a1aa4facdde72c103566cb6b898a9f059f17b895ccca14aff8a658591998e8f106dc8624a48158e932034f9f3fd4f2692e37ab8a31d02831641d0518d4557f2588f394eac4a54510b4d4397cca2f55e7b8e08f7fbcee8a9f1c60e4f6a8fbe30b3b29bd7492aea116701187d6bcc9c91979de68b52e7c6d57e4fb9d5fd6526497be575ee861bb83e05f5b51b9cd60276d93e6fe987f4240c610d94aedb49 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 8f662067a26e81165e23ed70b145725faf2c591491ba4d9ffe8fbfbc8a7b88f07d39d0d5d55a2fb28e7f134f20cb62084a98601f0e69d257fd2064beb47248caa79720a71d461ed07ce069ddc7ecc39b65c36a62248c3ba37d6b1dc11af69d2295e9d685831a9496b1afb9bfad8edf4288153e85db0cd0ac08d7b46dc2f0d120 +S = 0e53008d7626ce138c6aff6c40eb86dece247e192bd5013880e759f96142d22d18abb6f1701b88aa28d53b0c5c13b91a316e79373a37ecfcd61df7d3c34b59ea36eebe0c6864ef63514e504a8c796780be8c2586f1a2eca3a45d45b15c4c38f94420ef563efd9fe2d8c194d01c7c34cdbd7f89923bb39bec9e8ddbb1a282e1ee18bc9cc93ab42c2dbe58ff0927036d2a66e364d88354571b75fd11f131076d6fc9c75b810b522d2c18faa4a6332cf82122dfdd17f5efa030fbb50177f97c9bf9 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = f93d6cdebcf190ea6ab2358636af5cfe4b3a9bdc1bce160bf350aa3cd3956b897e255158cd3e2e83481ce3b6f778d418764f992d48e4f7fb6d080e6b3799d3f35949c17241a0cc5ba84597166779e6a38ce45681ad944cce7c432baf9cd8caf2b33125f2c12052bbb0b3b76f2cb97be9b4813a9ff1e5fdcd478769d0ab5b36cf +S = ca58ea0da7afc7dd4a1d32ff168a03b478f296dc0f6edb2a0e859d85476f1af70d21b42f0af6fed26cf82604f8a2c5d87b50e5a5babed6d585a6a84861ae56dd2654c4884af6672ef57c63d8b03e5d7cb8ea49e6e8b53051cc64b366dab0b93fe29dfbcd7b9a0b8885711bd103844532f08ddc2edea7076e36e7ee25eb592bda6a4f862af008344117f5c51073407a8d230f2ab5aad9c981ad10842706b502f4c984f2f969dfb5090678b602b4748004984fec3a39779c2f5ee1b02c6eb77dcc +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 6f856225ba8dd27718b7c684764f2a18c19df4dc4bb9accd71a12bec7b89a337c372dfd91afecc9e678339a9915edb699f8a94c91e71f4a7c30101885203338abea8c39a926526e68f01d49597ed4db6cad35e77ee71a09814a8431f78d0094caa4f95cfeb6ae639da5b1fb150a389e888a1da4f8364b887aabe7918b6992d67 +S = 1a524bd769380e63ba31ebc0adf908a5c2b657b03a534da42eae48f044ecd2bb643f2ab320b34df4ad0938e17044d9e8a40c0b50d696024e0f717f19102f82854c626642da58c430ac865d3a25299f5d8864b418a172b331734db2efec8e44d082556d7d37731e4d4a317a22a076caf9f9e9854c1eafbdd57fae1822ab268076126f55c3ca52873885f9be15c0308210465b78e34335d6fcc569c8e4ae0f65034c0d8ffc1f078983e15e4b2bd7f46a0bf41c8ad7fbae341037c2bc87c2248060 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c3634827aefd0d0bef3df495c39e6d596907496b91679e2bd96be6542efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 95d3ac5ad05aabd72a1c331b0bb6f75ddeaef4f4b0b6a6bdf92f7bbdb9ed8807c73a7ae0661dd0221adc48debabf9745c5175dc9f97f587f2262d8c831bd73308d26f996ae0eab8ee743a70383b8a7211489eb71083a74467d40735957c201b08fa010c4cdb5a2e23a5939d28f2a8eb7730d8536036f61dab2d134b753839a4e +S = 15893719e5cd0ceaac13914028cbc46bcfa00171d18041371ee945c546f10a0f212231090f4ab7f490ac852bec6ba820997d71467b797ff9a09af565794a85c15e3c10aac19b91f6a540afcfeca49f1660a788c2ae040a907146b4f6179d808f96da06f15daa18cb3be6b2ca0913fa91e966652a29360dc41e50c6c43ea5d633532d264b0ca09987ff3b0cd1542b4a6a48332d434ee3f02f9e0ee353d2acf260a3ac278de0ba65677b44911ec76071f74a5ebfeb33107a01fdfecbbc4645baf6 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 0b9c18c93a8b1b8fbbd036c2d5a6869c2c326e80e613df300d3ad74034fc28cb5e657b641bd0944ff4b4d8f209c10c86f92c5f120247ab9a6a54f8931d9b429b97ba7c67043dd4fda66e3923786e1a1711857180cab701a52398dbdd636127467f4221ba3dfa62ff99a6613e68d639b73be6adb2868c69b902ad8a044f756135 +S = 29dff9f009373438341a72589399904fab9b900a2bc65c371c989dd60e9c825dc222d982d773cea97be3a3c378956a91240b23eb59a4cd5b78d44fb948bc402db68a8efc3d9d7c48b55a826bab47ef4b605c0ff33a7019d8f1e71a17b43a6a72a57889157c15d10d65152a7581b8ccc0c09b1dd284d9da78786853bb8b88f4458bf178e05247713ed13a6bb7080827a1f4cc85de9a8b094f9c6edb71e8e3166d4907b786fc64d97359907661b6e63e6c1e415e9d31aff0e43a47e5830fcbd26e +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 5c27ae4e00a9253b8e43c744e235654a6ff72a1cd37acfe0aeb10fb5b5505b9602d4ce81aec363d9a235660aaa93286bcc9ff768d7b44de03e4f48cc27cf5a22c07942f9d2bf3bed98c273c5d115be5314c48c9c64951939048de3fd8cb661d83d20f2fb9226143d17f2d6be7e4490caf06ed100a1a499b3a772c8900c8ed781 +S = 36b438a2420cd0683b040001f926e499992d21be6d6315302123efc80d63d9182f014fc8e8cbbaa70c5875f2e7e7127e5925eb267948101ecca130bf0846f2c4aec394faedba13ec6cc19e476cb31c2cb025bb188127fe70d240fed47d674f2d5b2c3b4660b08242ebb5c005bd1e836c908121f0e73dd80a18668b79d05783c521d9913768296b057cdad7f408394d080e46b74e72c6d337b54c6ff976af2eacd7ce51f3d2432f3ccf7b55b074cc2817272816525b91264c96325f3145324cea +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420cb6adea7aa43ed6220f5f0c4dce57facddc4f77cd4e9072b0468da9bf104c1bbefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 8bbcc23dd3ea4ba9c1d1c8e052be5d49e1f358c657050a3b9e83d64a59d88761d273e6f733258d12facaf60da72bd798b723b200d601a7b1512e8ef9ca10420e2f2d3f53ed9470d76079421e8e1ffd2516fb54a063163b8625b3f8cf02327d7d8834f5d967009dffdd25d59c716177f7e4c2672e650b6bc204593d566906dfb4 +S = 3e116c20ca4dba97fd0804d5ac89cf75bf53a71c77af12c2301a1c093aa269a9074f467c57727a5c0b17f18968842f98bb11d8b4afa9a9ba193c0e8f2d2853a19293c310ad2a5e792ceafdf307959a50fc48aba8dd911b367614b26b1a19ef13e37a4e3eedd4229174d7e6184f6bdc4c5d24397545709170a72fe202bfac3695373da28abf90aa1dec9ce1ecf4afa22016c2b6b65e65a5ffe38925ebebe49e4def0133916b4c22d2225122e1d77703a716da7cacdb85d9863d53c039da1a1c44 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 676a410de221dc39a833bd94dffc5b06dc4ae2613b1ce1452ea9434115a4813a4fbf1611506e3280f4edb24513845083560a176549a81b04b1df668b1fcc3599c5ab65e6899b282a58a0fc3abdeede74b265ba5eb658278a1f9251bdb29b364f713716d5b43024fe7b5582bb03c36ca39763b495a9b46e9f21cbec1ef598ed27 +S = 34f5337351298d299f64828163e2c8edca0bbb1e80d8da4141c3aadd5827d815f32ec5ec6696679580f92d1e97ea7cb85485566f061a4eca830c22f01f9d952d33c2aea8cf7d1b49d426cfe029f2c52a2789e9031e015ad74c7105d43b9fa603869e850c6be898830ce1a921430cede5f1312de7bdd4edcde835f32102ec28628ca49b5009fdb5ac03c6ad077c77f66fae2779eace6908c4fb5051d82255e7e50920afd1692f1c08d61d233f47e8a7a1e342d39fbc8ac527d96a622a2812f177 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = ad82f5bc35d0995edf617b3b05f4ebabb0444cdb678980734541a1754f30f26804a615b735007e54167127a09603858fecd8bc0772b60f8ab7c39a15cf8c4348ee4ceec6366cf0dfcc46c66d312e08fbd0b3982dd3221f5c3b4cba803089f05395fde8b3e01ad8482966c168807f5a37845c491332d5992ffa66697d1830e1d2 +S = 8dfd4ce88f22ca5c7faee59e9c0c319ce22581108d1f333a4f53c239a840db6cbd9a18d1be3d211bb2a7dc69d1750aed173a50cce78d4b8ae804525f5e3dee05c98d9e1debef27ac43dbd8faf87607affdd97589995cf062c7f3b5c1ce7dad7c200c3124fdfce5f05e0044ea952e54ab642c47e0bff3f80cf96f0dcd08baabd11152b8741d8e700c27d805ee6edff11f95b441a24d65bccdc6949b91baebfaf249762f61593974813bec018929b51cdaa89df092b38422e2a82aa7cc8a22f971 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 75025b7ff7978e537b49fdbc59a54ce3e8313c96885ecce3e6b8a5e67b60b4df56bc19871c6d40a54d814ddcc8eabec7922f4b48d362111c2152f0b30101323fab596d0c0e1aaa0f1417c6c127a2192ef44556486fb3b28217fd499a7b09bdb6fd4120b3d68814ba5a7230147db4a63f97d923416437f73c4f227643f05f9e6c +S = 1f435cd0b2835f4a895c2a53c4a9cf8561197c90548881f3150b7f2247ce7c1f0fba20dc1b3a265566b2cacd6ac66f087ccbe11776168f382ca2cf79cf97420ea665c5cc547e250a3582febaebf9b4ec97a1cf7c8f1f75e75e67454bb2179d6fe1a66a1ca01091134871f8886eda7e72536eb05b3ab352f8e775f94a0c1c3060d3932200cc10aa07a282a2c540ead4be9c3b664da3adbc4a513e5363b41e8e867d2c348eaf50c37cab0a1ad9f7e32dc48f1ed90d2c4fd88c7588f3250e9b582a +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d0609608648016503040201050004201652a7df9a92d3bca639e5b379b1bad5728d06fe2ef755fa734a1f09be6e782c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 0b9c18c93a8b1b8fbbd036c2d5a6869c2c326e80e613df300d3ad74034fc28cb5e657b641bd0944ff4b4d8f209c10c86f92c5f120247ab9a6a54f8931d9b429b97ba7c67043dd4fda66e3923786e1a1711857180cab701a52398dbdd636127467f4221ba3dfa62ff99a6613e68d639b73be6adb2868c69b902ad8a044f756135 +S = 49eac9a68c0786ced77b437b01a3a562a5d6e6fbc9728dd513814cbe611f3d1d4aeb4540a61853595964d370406f3a18fc6973387c99821c8e966c47bb6e636543ba7940b1c0f23a8fcf46ee4e3173dd39980088b0fb2479ee4a08b41b2dff7b3ec1d2989bae39f7abd1bffc8d33155518ea6968b6b471c90e6773c76c6fe8cbb1fcc138dbd48e9eda1090ab245dc2b98fd7c553a7bf11321ef7c77fb14f36e5b7c969abd5e8c049d2ee4fc3f08caa6d996ee0580af6cbe27c2fb1e0bf3d79fd +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 5c27ae4e00a9253b8e43c744e235654a6ff72a1cd37acfe0aeb10fb5b5505b9602d4ce81aec363d9a235660aaa93286bcc9ff768d7b44de03e4f48cc27cf5a22c07942f9d2bf3bed98c273c5d115be5314c48c9c64951939048de3fd8cb661d83d20f2fb9226143d17f2d6be7e4490caf06ed100a1a499b3a772c8900c8ed781 +S = 2a7d47940bef4582f4edaaaab4b0181c76c091179465ec3c007edef88775986ac07f85b4fbbd68450ba9dc346f590cee4ec1e828978d82c5e0bbb87df6f8c548ebbe64fb4f101bb8cce618d88dfb96f3d8d5efb0d6f7dd67c8f75eb068005f47db66d87c33b833dabf7dbd02b3b327988164f436a0e313efa3cd124f87730b463962b21b5a4e3a9530db7ea0ad8d3ebaa23414aecd343ceb58e324a1deb1653e792ec5a9eae709d77b2e55b6e8b5f653a8044882d020f5fa8520afa588416d67 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430e1d3f55e005049c7d99593b81a02de751db47deb6bbd6cebef963164123fce991214c8be6828cd6caa14964f293e1245efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 8bbcc23dd3ea4ba9c1d1c8e052be5d49e1f358c657050a3b9e83d64a59d88761d273e6f733258d12facaf60da72bd798b723b200d601a7b1512e8ef9ca10420e2f2d3f53ed9470d76079421e8e1ffd2516fb54a063163b8625b3f8cf02327d7d8834f5d967009dffdd25d59c716177f7e4c2672e650b6bc204593d566906dfb4 +S = cc5bb97aff280fed4499d2fb96d5acdee24406fd1d80217a0b6a27f7324f4728db0a4a6f996addb55ee8fd2fff1aa109d7293f5a7954a08857e53941d1ba0a86e1c38ec61cf9d54c2ed40c281475fd68dfa1aaf0c246a05959465c89bef974df66fb1f3228e07fe03eb7b9546c6f09dabecc6f2b8f2f6be058186578d87a097aa6a0a15f98061d4d1a1ccb67a9a6ae6b35e264e591a8115b459dd392d3c1f6a6785ed3c97d319d19b562da148e7361ee261c2991ca09ea924d69d5dc59f7beae +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 676a410de221dc39a833bd94dffc5b06dc4ae2613b1ce1452ea9434115a4813a4fbf1611506e3280f4edb24513845083560a176549a81b04b1df668b1fcc3599c5ab65e6899b282a58a0fc3abdeede74b265ba5eb658278a1f9251bdb29b364f713716d5b43024fe7b5582bb03c36ca39763b495a9b46e9f21cbec1ef598ed27 +S = 4f43d98e1a988f7b64d37fb9db79b1759e1b971f90fccd542d636f04c4f8e35c3f07d941c906f8fb788cfdef25b4438a5c9322ca2230e62b17e618dcd7a4669a187506dbd2087cd25da81f351cb87430163208dd06bc3e5b7a36559969ebbde2200f8933c45cb327f5e56e1c36bd15d11ebc7bd0034cc2fec3a9382dacd61a715c1f2f5babbd549faf752d4515e4375df0aae487327b765b45e82a868dc7985e03bbf1e6c80d022562c7e4455db4463f42fca3f2bfbe9f6cabeb3bb61fe0c073 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = ad82f5bc35d0995edf617b3b05f4ebabb0444cdb678980734541a1754f30f26804a615b735007e54167127a09603858fecd8bc0772b60f8ab7c39a15cf8c4348ee4ceec6366cf0dfcc46c66d312e08fbd0b3982dd3221f5c3b4cba803089f05395fde8b3e01ad8482966c168807f5a37845c491332d5992ffa66697d1830e1d2 +S = 5028c5c1d6558214048ab00458a5b0308053d91b312c671a15a47ebc32dc85b9760202b7f1d81549fe4c76d48318655b376e7d2398be7693f530bc28611cd48a7825759641c24fef6af1376d0d7bbbf23b9753dccb810a95e4d988be0c3c694f445f47e46e2aed98223c0583fac02cd9330e5652a697b07338193efe9afe1a514786c31edea49654d90d87d7caf26978accd08aa2272e12dcb058296c032fae8c63c736bcf4837c1d0bd2deb0a9539eea5f376aa5d1593afd8a0bb48d44bd5a3 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 75025b7ff7978e537b49fdbc59a54ce3e8313c96885ecce3e6b8a5e67b60b4df56bc19871c6d40a54d814ddcc8eabec7922f4b48d362111c2152f0b30101323fab596d0c0e1aaa0f1417c6c127a2192ef44556486fb3b28217fd499a7b09bdb6fd4120b3d68814ba5a7230147db4a63f97d923416437f73c4f227643f05f9e6c +S = 068559fc0164a646aa07337ac8d98cba1da106d4fa951f408315284f4b2138037687b87c33b38d0e180ccd62bfe1baf2c42f72b9750d133502092c42a3faec6e42f3059ccb5cf1b3db1ec2c714e12aa0c5ab612a4d0c913ada82c98015ec761e7237087e2da676cc92e3340b2f31b13b157bb128b2a6afbd183dd67d5e1bf8bd041e580ac6a3fb8b4ab280d182ef906fb247c0d174076da4770eb10b13163c2e53f0a5b8a0b2352de761677a424fd5d71a4efb54b49ba6e2a96b9aa740453157 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430d7d7bfdf4dd5cfd15b04f924d4be54564e72e6a2ec5cd83b24866b42a01970acc7686ba35e3f9fc29f0fd53fc5254104 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 0b9c18c93a8b1b8fbbd036c2d5a6869c2c326e80e613df300d3ad74034fc28cb5e657b641bd0944ff4b4d8f209c10c86f92c5f120247ab9a6a54f8931d9b429b97ba7c67043dd4fda66e3923786e1a1711857180cab701a52398dbdd636127467f4221ba3dfa62ff99a6613e68d639b73be6adb2868c69b902ad8a044f756135 +S = 3583422f69bf11bb8c8c9e18c40cf2fe3d6930b174a4d8efcca214550b525f7d460077d280e714b8297378a9d228226c719f790961999f0532d7068ac8d51dacfae64819e8b7eaf618ddbc33557cd8f9a3a1e65efe8a4d02654bc725b1aa779ba54b1b9445488a084b9614d8e2c9a0d559a217c6427cb62a6cd8a255512bbdb006427db49b1a3698b643a21d65cfea8e624aefd38f0a3700687bd035028bc161f5eb005cb66aed2fe59110108140b15d6b97567b72b1c712d6fd030872d50ae4 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 5c27ae4e00a9253b8e43c744e235654a6ff72a1cd37acfe0aeb10fb5b5505b9602d4ce81aec363d9a235660aaa93286bcc9ff768d7b44de03e4f48cc27cf5a22c07942f9d2bf3bed98c273c5d115be5314c48c9c64951939048de3fd8cb661d83d20f2fb9226143d17f2d6be7e4490caf06ed100a1a499b3a772c8900c8ed781 +S = ac97f3f6ebcaeb77a23ca3b9226f7167c7315e5687391b700f21e45a00b23d7ad5834ef313eb3163b2390ccc63f9d76274120c1f0380747b33c1c77edb3e06923482e39b5c964f8499c20e28ed3fb064990190cffd033ce3ae384c275298367baafafc5e66bb0cdbad6e2cf9b16a393610f0088c129b75b88da6207bfb8570425e38b9f2a30d24f4753184e36ce0dde7e9026fcee5cb88f70c1bfd3b9a3f0a0c6bb80a04266c2edb3ca9c06a37cbbf77c1b50c01443c9282d023309a1668fccc +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d06096086480165030402030500044068ac2dc5d380018cb50e8316dea0bd72d31a9c354b9185b1d227c6540be123d48d79581880a02e2cbb7166289ab6798fd3215b272fd171bf16f74af65de4a360efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 8bbcc23dd3ea4ba9c1d1c8e052be5d49e1f358c657050a3b9e83d64a59d88761d273e6f733258d12facaf60da72bd798b723b200d601a7b1512e8ef9ca10420e2f2d3f53ed9470d76079421e8e1ffd2516fb54a063163b8625b3f8cf02327d7d8834f5d967009dffdd25d59c716177f7e4c2672e650b6bc204593d566906dfb4 +S = 5b591910bacd2f0bb6b2052f81445397d2056d114924a306a2b24c4fac2b7698d9ad725cec3010d57b11795f7654969a86f528709655d07a336a68fd4cbbe6ffc95fbf1a6e6c17c2d627c6011e4209f406ae7f2c670ecf4081053c2283845e2c855938da5530a146a1ce4bc203d0179a19398177534c7bb37cd9837911e8b1e7988b800e8046864fbf95e8c584a3c4209f3ea5fd535ba58859ff128fed9d0fc5be8e8c2890a71e38f3acf2a1fb537cdc87f53e3376276c8cd501d21069e453c6 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 676a410de221dc39a833bd94dffc5b06dc4ae2613b1ce1452ea9434115a4813a4fbf1611506e3280f4edb24513845083560a176549a81b04b1df668b1fcc3599c5ab65e6899b282a58a0fc3abdeede74b265ba5eb658278a1f9251bdb29b364f713716d5b43024fe7b5582bb03c36ca39763b495a9b46e9f21cbec1ef598ed27 +S = 5f6b11ef4b5b0a1bcd9cdb2086c60db19544dd33aac813ff6ec628d9de0ab882bab6496b79477cd445f71686f666b9e041e2ac40959ad94d3df00b1ef8c7ac3ab68b1d2e07294b3aa54bbcc1039b90dda11bce3aaf66646d19a7224028dbe7b48dbb67dece2812a5bf82e89db0908cb26043b78ca5ba455ab680d3d6aa4bd1682b39b5ff744a65dd5cfa909d1b71218a48d88e4e112a8b959b1886d956610d915ef41b30031eb3f2acf7d42387db245d84ada17b5995711ab2e12b8ffca81905 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = b17ebdbb8027c2ef5e5de76780979c65723d73c0ff0227d95074ded158d1abf96f1d578a3c716197d996433f32d3f727ae02ba2812e91044a2c808df892fc12b7a122de5981f153f934f5d1d14bc8a835cb2814e28089123d7b1b4a6ce8e12ec1c86c7325ad9e6cfd5b1be67f0fb5c62c374519c0807b55e38566b8ef197a722 +S = 1e80b47f34629c79b612fa8d25483056d1475f5f51c50ac60e8f5eade21469dce676d13b32140760d828dece21cd9aa2381b40f42e8e20a77392713f5372d1e87fc131eb7367b98d92a76e5276bfd073d6e44f8e9cf81e175d531e6ad50dbf84bcbb636b378c3342ddf6b2d85c3d27b2afe449c40f2915515c4c417a633b4de6c30e86f49f8f5dc44427642aa0c98e499e321aebda279a7321836a3cb24ee90c08c9e88f7745c19deb0e1de72b4da5734bb137414f1d4b1c78a9c2e58f148105 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0e0c2f8859ed53f57993a08eea025ce6e0c208cd61057301d1628d4802599c01a46d6d0c5ed43f09b87f34c206abf1cb1ebccdf2662224f81defbb29d761adea4006e9f16de6ad09f5b32be59d1c6a51dd03a41ec8c5eff6eb768b481fdb0908591f902492fb603537ca6292888ae060bd38e8a9355a175113522d7993584d142998ef52f6add24f1b5e76031844d322ec03914d8c7a26e7a38e63cf99164313eafca2709f1107a6c57f5d49913d20b3bd8c2dc850db453c3a23b00f18ca724b +Msg = 212bd005a8e8e13b0bf4620ce2d3d6bbf18b3d195b05e90412b78d2e92809720cfd3bf7e6b18e08c2d4f07f1aff7cabb562edca48719de931886776605d0a6ef6503573c9c41351cd165c0dea3e59f5c17fd3739d50a7c66953407ebd44f6ae4cb03c0c9a12b88f3e07cb35c2667fba71d407760ac9f6c846f07674465c58806 +S = 6db765c50f9ac9da75eafad6652ddb99e62234397fb2c96769af84da59cd408c12b7562104d9ce9e7455e06abd53af83da43406c64bf15d37ead519d6b3a12cd5e02803c92eeeff2312cc681d53b22caafe9ed5541db754772fcfff3ae53cf67d07b8eda85202a36db8cc01fad12dc3b455bbe123f9ed7c3873c0ebf25bcd55dac7002c7ad1d00eee91c58c357276cce875ba1719b2356ad821d278e9a62ae1a6e22b145ce2c072a1faaaaa8ad2ca4ca807eba3d420af2f3d915993d1327c940 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004404be226f7beb9c592f2429b00af0b7dd3de42b17313c58ab7ff24fb441e6e47280fa6f5ebf3bc14dc60f8754db42c984e4bc5077fa7b559d727938c3043453166 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +n = d2b6c8fd44e7eb621fa6685fb62371872b5e8408af51bd1b44c6473823402418a26963b98e6fb191cf74175e64132ae6cd101133fc002a89c10bf7739eb930b9c067b52570842395657f927434aa3acbf3369dcdc3990f77cbf22939ddd5877f09c8aab818b80aa20544b6928fe62c78795a4160aecde6ab454db0dcdf1d6c13522526c5ccf82d429791059306f02cdc18c4e580ec6c2da19b3c6de63933ebeac79010c73df95748d987e96a0f8ad523b5014b33423f55922aec2ec23b9aa22f + +p = f260d143cff1e8e0931765da8cb335c0206bf7fd19aaf8ff41e762992f2bb0a660cd65f08a80fe502c9125166a6927aa1859a874159796fada835b48522f5795ed1f8d23f05016358ff908b0dd638bb7ed12c8b80b46aa858d52c77bb7fc0ed1 + +q = de8e674fac0b7ea32d518a22030fd10d4298a77974db8febe195a4240dc5373e8161baf8ce47dc4fd076f64e307ea6262c35b9819bac4f142b613973eeb6a62a15a2ff09fba9ce4db7186969af925ee3acb7d3be7a1f9c85358216640fc1e0ff + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 34d9afccc659c8f438830b2fbe8b6600dfabc007cb22e826ee7dcbe2c515eb0cf1d90ca08a4d30edb5d3c6f6792a1f19ce3421eef7fc3f7212f7a965ee8abff01ccdcc8b498ff11ecb9a5f667937c99bc0f51a50f3a7639ae3ac1774b0737a62de3d5755ab25f1cfa05e3d4767bd4ecfdc7711f4662b3ae688237ed9b3d703aa +S = 38fae4b9233682065387c11829b0a9747217bd7d49acbb5957b8e7d231235f4f7ec316b5a3e5f4f8f45c8b9a161f9b8d3bed9aec0a7b0d4484474150c8bdf392172592c1d0b8ee2724d08aa73a32afad3dad1a0cac3a9f21811f53c69809239c26e36c7b6f4b3a90dceab045413dc3e89fa1927cc7a622e55044a3417b44ff93b2faa3c864c6fe519fa1a8189121a4881e178979096f17519203f0d2c9313a70b2a5b670b675319ad0971a0728f0db729fb5d50280a33fa201271715b256515f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 95e2657996a4fa69f824ca49ab5a7e6ebaf498a0dc9eaa7f4981c51fcc0935f619ec6bf862683b0025cc48724839bc1e67aa3c686d321ba66185cdca83ba9f41984fa61b826ef56b136e13f1239dadf6e03d877866ccb887908917ef0d33f117b614fd291e3e91736b15150e650db9bdcdb56317f0f5ebe97c938bd691fc9140 +S = 3ae81b95c93a702dada5637e1c4113e5c37a8a24021bb2371c788a90ce8fab1c063c7e17f7f570a25baa9adfc78035d8ecc87219df1bd30c6b8b593682f354db71902ce23faa18f4af6fb9cf925ef7916c168f7298d56c49b6c68da954b56e2164ca37bb7c06498d6ee96aa502011356fc48733b937f299616ecba6699fb8d3d64e332c0fe3f9c58c18f033f92f237940afe9101702af51d3cc220547028eeca8e2d4f46ccb400f0620339b4da7d415ea288bbd7552eef2e68e4ca7c4ea6d011 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 24b78a630dd8cde2fa183956b3edff7e0ea5bdcdc0f1f51172a3bf5218b7bafd7e9048422385fbba4b9c4a4d50958953392b18f98d96dae66a54e81fd12987284465586d9365cfe0f35ce6e250541367e46f77550973582e4b85d1efc235c8389fbb21ac0480319b19e176df5c2f850338fa43abda8f582f40bfe18a92e26573 +S = af9d6db0d610643147996ceb4e3cd539603b068b02eb31a70dd83d40d45f88ba25edda65873271099965fe67758104c2e40b93a8aa3eaf1277fe0d0db1c08de0b96b82c9b48f9a2cac852124de8ff81a7d9742365c8e7f68e94b5d3fbd3aca0e42528b0693f4c61aad95cd912a53545a785e08464b2f675a4b1a5a3c53a8acfebcb25875f7afd802f6f5d6342b1bef4c848504b40a475e56ce9b967175dd9288761599946838617dcc57ee43e1b99eb47be11773cd326029cebed368f821fd4d +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414a651b5b5a63ddcb4142c5f673fff0619b853c194 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 165c3a41385c453b38d0ce2eef3a1fd2863535b993080c84847b1d5641ea24890d9726a0ad44b37dcd0269d59f44b9e0c537ee5571566a95cb39332693adaf64070aac7307c1a37877353e09e5cc17e26b45c3d9d74c0f140a4b89799e844366cc5dd3a28cfa9e94fd1157b308fac23e4006be2d0d1282670a5c2735ab9567f7 +S = 56965ebb90a59710f86a5868573132bc39e3be28d7b5c1e588bc2c80799a0c89c17dff65d281b7aad6c0c4dedc4c134d022512b3821e057f51e27105858b2ae063f3cd0b4204b326ef8ba52310a3187a2effb3295a848de5d06d73504f71c6a91c2edfa5b6bffc5b140b031957b7bb26055f1cb2a79b89df8b1c31d9a54d96d546fa1f77e3678efcd9aa875627419d1dd38c1fe743785739c8bd0655b996f5bba23604983385ccb75640fb0c6b128c2e117e9a5fbb7b25ab1d9e7a2db644113b +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = e2c50870d442d577b5fcd43778e9ac0e13f62ae7d506325ffa38fc267d697da72dfb22eb03d4c4bab3a9d904817ce78056633f93138ce773257ed88c5aa16923f2010c39fa4f38b2d529a6b61c9ac058a8e55775ec7e94df885a31bb1c68e8285a602c2260bb18a54402a515f04c1fdd3003da5709e621ec4d546f7c6cc7e2ff +S = 11875488140cf57011ffff2c42926d00a8f2cae3367360ab338c96aebdcf9cd95c091840c416039f58c8a5fc0cee32432a673714f67baa42d4ba6150054dc88644d5c133903fcf02ed83e196078041bc96f2ce785e0759f0a7ca80f41c2c2a97196d0e4763330b74355d8de3a102538e1b4174de2ae8ac71ac14f8e0a9d9d9a71a34b953c0977758c43fe96a3cbd9ba00b52a72fe464b485d306979685db3bfcdfbec66425dbd20fd59e0985458dd4afbed8dc4a0756f38c54624d86ea71e9b1 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414cb9ea455374c24f698ff1b23b65a9a0e1980c32fefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 2a5853c37f9428e1879034feb2d07a5c454e9970f4c1ff43b21f5918c8614d4f24866c89f4da620d7478706b040e1d5f7ee028f7c610c0f8a31cf77fcda875e4477e69e3eed3c6fe53ccab1dc6402278b3c00eb632d45f56d988884fd42733f3384733199505ba7bcb92cc5d1eeff3708cf435f55d974325fd6bf3d10767f046 +S = 616e467f569c1af563d7775df9c11116856febba4a4b7f801945b702621bad8cd599fe43ba381e02a67714244c0961c9cc65b6f842c2391a439ffab1d262ab0896e200493526f9047e3bd77e1b88ec854f8075bb54d7ebaa1143b4adf05fcd1f7873e036f464e73b4761505f7e96d6e80553260a95449dabc1e45f6e5079ea6fbfb8281c693005d3214e175ed18a9f5e70d7a59e87381611aff9cc82964bc6e68735bc11277f5c2e00be2d089511b12a32bebcb96ed91f4e158989b3869eab4c +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 34d9afccc659c8f438830b2fbe8b6600dfabc007cb22e826ee7dcbe2c515eb0cf1d90ca08a4d30edb5d3c6f6792a1f19ce3421eef7fc3f7212f7a965ee8abff01ccdcc8b498ff11ecb9a5f667937c99bc0f51a50f3a7639ae3ac1774b0737a62de3d5755ab25f1cfa05e3d4767bd4ecfdc7711f4662b3ae688237ed9b3d703aa +S = 238a420dff7b0b18fcb6684933c38a9401fb2a6f8fdbb42b786cf5acb08948a46e42197fa690a613c8c0ba530d57d4f3fcdb410edaadcf995377a4512d09e5dea6de8e8f553d7694705929b012e7de002c95cd670f47890fb2077ee5a4c819ba2438d0757d8dfd1d0a83e4203672c269ac7a0c1e9769cb86eb3c9f5d7cd81058bcce66f1e3e7f47e1e15f000a02a7c98794f383c9b8650cf512b3040d1b6ccd638f5c8aa891228ea870177add8a9e754fe1a5c97f01f945dacf851eb6eaa0219 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 95e2657996a4fa69f824ca49ab5a7e6ebaf498a0dc9eaa7f4981c51fcc0935f619ec6bf862683b0025cc48724839bc1e67aa3c686d321ba66185cdca83ba9f41984fa61b826ef56b136e13f1239dadf6e03d877866ccb887908917ef0d33f117b614fd291e3e91736b15150e650db9bdcdb56317f0f5ebe97c938bd691fc9140 +S = 5ae8f7c7b9f7002e048f47d7471f83265860a70e7da64a9ec5053f07e9d92f2af5d738c79bbc9924eae62eb723edca05a965f48946573323132b482c04810d521277676145e505b515cb4fbf2f783e3f71124300bcc96963536ce8ca83086a004e4963b8fa52c4101073d252bbc242fd6e0648b61edb394d84b01f1d7bb28f24b65e89f5acc881b6d30612105f143c0bb871193f70d4217a1e283285518cba57ee85a3bc77fc9f481ddcbd5a78144685de81a6828b0a253f17929ce14c4cdf12 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 24b78a630dd8cde2fa183956b3edff7e0ea5bdcdc0f1f51172a3bf5218b7bafd7e9048422385fbba4b9c4a4d50958953392b18f98d96dae66a54e81fd12987284465586d9365cfe0f35ce6e250541367e46f77550973582e4b85d1efc235c8389fbb21ac0480319b19e176df5c2f850338fa43abda8f582f40bfe18a92e26573 +S = 6fafddafe9df19c45011ae4914adda6bbdbb20b43106d6d81faf1121c6300f9f9f2f87991b27a79d7ab8df8466539d4974d5cd379413ff1f2ab1f826ef5a6b128966fba4000593ce924132c26e3cc2734c38536178d34d90bb141576b80fe2ef1c4be81fde648d1aa3a4f537bcf815edab3cd3b44f7db09e7d5f73a17a9af84500c87d33b9d1ec7854852400c389473c8a13f70bc37bac6f75ce407996a3fdb9489fbcfb860a8b4c7280d3795841cc325fa0c9ce025ecb3f0c2d6c18a44c8ed8 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041cdc59d2d30fcd76a4ee2fee88ea165458725b7796e06af5a9bd13f257 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 165c3a41385c453b38d0ce2eef3a1fd2863535b993080c84847b1d5641ea24890d9726a0ad44b37dcd0269d59f44b9e0c537ee5571566a95cb39332693adaf64070aac7307c1a37877353e09e5cc17e26b45c3d9d74c0f140a4b89799e844366cc5dd3a28cfa9e94fd1157b308fac23e4006be2d0d1282670a5c2735ab9567f7 +S = 00f76baa258f67d94294939b305b41eba86c36b5ec68a155281a692b0be33d01d0b4c2aee3bb503a4f26ec4688b459bdd550dfdd029bae58f744c14b2768d184f6cdb9bf1e6da750cf10883f14d49ee5d836ba34b84eee98e7feafab7ed239b4154666eb0ebf0f3be6f44926656a0b9c5f649fbe5638d563fccdeaca8665a6a7868061a7a544b69b92abae588c8461e01e47f2d83f00978a99caaa2b4478a72c83806d24ba5e41447ed7fb6f22b1750223a9b18c8a2a08f00eb58ee20559dec8 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = e2c50870d442d577b5fcd43778e9ac0e13f62ae7d506325ffa38fc267d697da72dfb22eb03d4c4bab3a9d904817ce78056633f93138ce773257ed88c5aa16923f2010c39fa4f38b2d529a6b61c9ac058a8e55775ec7e94df885a31bb1c68e8285a602c2260bb18a54402a515f04c1fdd3003da5709e621ec4d546f7c6cc7e2ff +S = 6dfff6e5d6e75fa6b9f012a13c4e62a469d915c7382f20c8b961084ab41cfbc04dbb150d5f50c7c1cc75e6e891b0950a95df3171decab5cd48dd02a62b51f50358248b1c47f1cf7949d78bf236bcf1f6803e27e37725b60a37ede16f951587290f4eb5b4af07b7a6c06bd520adfd29e56ae61efc3ca7d436a8af7c2da47bf201ba602896bcebb44adcbb54083a26b91ef32657ee52b7c69a98f985dcb37328fd703c26303c4863ee3efda288bd9565258b93298dbce897003c760168cc17a734 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041caf4c1d01bf7efc97ce8b761e6fb40139563ffeb393b5ebec6f015885efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 2a5853c37f9428e1879034feb2d07a5c454e9970f4c1ff43b21f5918c8614d4f24866c89f4da620d7478706b040e1d5f7ee028f7c610c0f8a31cf77fcda875e4477e69e3eed3c6fe53ccab1dc6402278b3c00eb632d45f56d988884fd42733f3384733199505ba7bcb92cc5d1eeff3708cf435f55d974325fd6bf3d10767f046 +S = bd10583413878f8c71938b58927ef67e7e46a56f56756ccd099e3df80dc44126566525c666f009b0bcd35ab1ed54d55a34b5e7e0c1efc1b8a54199a5d4605fd464111a40ce3c93523f6ab771d8c8b03939daf3593a020284815357958c7b69e8500d360138ab64a94237faf280a33fb257f4191b5ef385a7b9ed40e6fe77b6e85e471c3c7fa922a2044600285e2c71f5b76edfb8ac76c5b9ee0fa1856c632c9c3531763cefd999fd2f497efc4520029c6c08a8b8b2ae0cee0bc81b222dcffff4 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = e1ba864ce9f41cf4ee2ddcbeb7a05afb1f48fb88610b5da39233f3fc6f1df00f593567b29e22b0eafa3d0d035e488de0ef5d318f52244e20274932b8d32d0ae183dc04246e40b0da5a94ac3f611a80c8f511c7b722e290ec139a03fed89c488a6698a4cbdfb7e56b141801994980fa5c384d042758aceaad5e0caef604d370b3 +S = 5596571f16dbd20f8c64ee7c1fe8750910bf640837c9de5c8cf02bf1b36a4ed8e41e95e10be3038334c7ed93b80ef660b1061d3595c647a603d203d2bd9a357236679944325572748f54fb84f382a7d369899a82fdc5da17cb5a24e2811ca881fc748a6ffc4a6610a6f3ca5db07241f7bdae1d6ecfd7eea37b276d8667a536cd45c8841c5197471ea8959c253eff1588cd99355beab1bfbbcdad5c19aa507be24e826479058197313a94902d36df02770cc67a1c3f7adc1d467640ade84237c0 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 3730776bea4bbd16ab03e8dfb6ec4b962cf4312ec6432cc1c466aad327adc9db20d16d00c8da8f201140d816fd516e3d0ed20e30fde95bd4af3b75996451cefc32403951b28944bff93ec88cc966be9a09a35432731241018d735560da8a54d951c404e60e1e85fb4843e1c783f4e4b806ad2ebd9086864f475771b2f11f0378 +S = a9a3fac88d8fa6478302de5589304fcd201792e51e7f5e2f10305311fe804dc70728623b20dcccbc996bbc7dfc2ef283521480910df1bbdf72a51151353a791319181e586868f37f17499dc31684ea8632595ecccb553f9bbd499ad291dbbac1813de8fa06a53021bb674b198c79f5c8f2f28c84c09863951501a52bc7d8076e02adb656cafb940587beb815397a9bedd3129c2beb5cef8e3771e985b4a81be0cf6d50b53af7723a0ac0973fc053004831cc3954b2356e4aaff9aafd13ead212 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = a9ba6a22549b61aca519cfec89c316889f0404eb354b5f8d7268c174d43aa6fbde87c4d20a2b9b4605754cc21bceae96f09b9ff8726598480b3785991b48d36ca5dacabe49621d4672e9bff8d0b2f9cd091dbac6abcb2e2f660391217855464a687d23f0f78a1034543fd0948fb91eb45052fc5ec9c648c7e9949014d2a7271c +S = c71119e288acfcaeca10f632f20ca3d9aab35d62f4d8ea66acb955d83c0bf0b9eeac6bb3f776efcb4bae51e47c3cd29ec5d9c8f25bb6f52956ba4ceca9e189a5dd24f1a5f314cc65c2d77b9c1450931765bca3ba701434cc9ce3c4dca806f1f1b7e11da83ce253a1c68bd306770f3d3e8be5ad242b480fab2ba73c20d3922ecfd5d3e4c66ab7a220ce1e175d19740caafc76005056a67326be67f413233810c8fabeefd00b3a3ec19178f48178c8df23a0d08e38179447e3c1f7ead1ac186298 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420669cf26386b9f299c4b53a9cc5bc93fde922383716b1bad573ef605208ad4741 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = c68bfecaa74019105206ace85d710f160907bdffbce96268b2b63680efac8a217810a053c2d0c0126b6888512802843effe1ffc8b6ff185e8bf518fa251c025fcbf26c9fd4bf8edf5e78995e43e34ab449fcbe58999888657348019e1f80dfaf27f809b6c353aa0195ff8419965c88005120a3b84ffada04d2759973c6204899 +S = b7873d5e394de2c8d17f988135da4563f12d449858e5b26e630596c325046e30f0a66ff38b97e8bd3c7b8cfeed4021ed08b025d7c8919c9c7eb29c980290faa100d4b56c1837bea27dfb862cfb216a0965a1c6a923a65e654569164ac93a3b39bc7f533a4b64e4e8a3b88d0fad6eda12e11b181c9abca3b776fc409a8f069ad40478c3f2f02b0634d5d095316813415ceaaf8ff069d85649b8f4b6ce82ba55a2a3b0e53274f10a8cc0c7863032a38ac5bbefdc735523a683bf92196be7120845 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 17c6696009d0ea40825e93872261234db051c06cb17230e339574b7802a4b0a2bb18b8a5a2caa8ff55b22b03e56cffc42d39ee346247008deb32eff072cadb4c3b173f82b49a24c74ed694498c0f52155952c8389fb5412415e0585659ccb0363ecbe63f67c9c45f15d1b8a13dd38409dea436bf91465b71626a70f2de339927 +S = 181e3c1d3f6f6ceb7465b6d232f0fbe3270bdd3e6fe05a8dbc3ca9611280b141c11b903c8c34e7a09b1124874d2ac93af9b3d8ff495d7eaf763edf281235066ac6c7c1dcc257049c732ab2288b918f1b7c43bc36f40f5fd070d362322109b51b85574b30987bbd2d460a53ddd694a972fea606ba2b3a4192dcb30490370454e147013d6c7ec15ddc72d81dd7d0601c49a00e61b57ce3cce8ce89b8048359a450a42ed1d7a424e725d75ed0ba5818b377ef809b3c32564562315f21c8d031ec0b +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d0609608648016503040201050004201b3650ae9361fac5158b27993f4f51b62133f7172673d0cdedc1820e3d127314efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 063c070dbba386b97c50ea8c475cb9817fb00be490184906d19a3535ae052aeb06cca546d21505b8080e8f00bf80b55993a698f14b3fcb9cb9e25acae2920bb75f92e3e1037aecbfbe8b36b0c1401c32e325c85444ecfa6e30be040f46cf1a37d935c8c696fac4356770e68498c4757339d6a4f5c3485ce2fed63cec21e5dfd4 +S = 97c48f987ae22938db183cd761956e3dde0cad8a865b70f2392b77f876c63520a12d3bd80850fa6cc20e9bf94d058f2d0a7ebc83186d0defb0ae256237a9fae92b2653284086d49b04ed9ffc3e10f6bb3f9de76396cb4fad3fcbda87bbb1df8c26e2d70f3d5dd0ae4c159ef3aca0fea506887666cd923435b0d40ae434a816b71d72b91a92b107721761adbc7b678d89ae5c8ecb0ab9078f8805dfa033e00a25b30c3c1c4ca8bb3bbdc36b7846267c2a8e5c6ccd97a454fe813c93f50eecabf8 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = e1ba864ce9f41cf4ee2ddcbeb7a05afb1f48fb88610b5da39233f3fc6f1df00f593567b29e22b0eafa3d0d035e488de0ef5d318f52244e20274932b8d32d0ae183dc04246e40b0da5a94ac3f611a80c8f511c7b722e290ec139a03fed89c488a6698a4cbdfb7e56b141801994980fa5c384d042758aceaad5e0caef604d370b3 +S = 1f01900a2786e048f388a061f173adf5247b68076effd95b5c174661b6fc3589981bbc03cbe75534af40ffe0e60c741745cd143f23c2d073e70856ea88442e56f6ebc26e8609b72a955f9377eae375913c032819afcf60cae66d893525ce0bb83e0184ff7dd85893443e10d7be59466c6b7276452501e105bd3e0a8f7553c58ed8700d8e43aad9efd827fafc1948288c12e380b82a9ba22340919a52a9453f2b14e6b7795215720cb6c2a89fa8bbeb46a416267f3126456cb6fdc9fad183059b +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 3730776bea4bbd16ab03e8dfb6ec4b962cf4312ec6432cc1c466aad327adc9db20d16d00c8da8f201140d816fd516e3d0ed20e30fde95bd4af3b75996451cefc32403951b28944bff93ec88cc966be9a09a35432731241018d735560da8a54d951c404e60e1e85fb4843e1c783f4e4b806ad2ebd9086864f475771b2f11f0378 +S = c5670f7a66b167b3369df23e847a68022be3f2acf2c54b1f9c8b4559466587e80f73b6b668921af9902b72a2cbcec0f92771cfdef7bcb12d3db6032b434b8aa2e2bb2a29f16756916887a79e78552254b702cf2a14c9b9c6c7dcb84745fe27c90f0eb7760aa4f98ed241bbe65a8597aa6d26fad59874b38fb48c2a69e4a77d7414b66552dc7a9b15646acbaac71aeb4c4fe69be40137e79a05ba512d40f86af2d7ad5a1893fb589ec9aa25854083f8535da0acccd0c497dd8ae3a16d3a8b3973 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = a9ba6a22549b61aca519cfec89c316889f0404eb354b5f8d7268c174d43aa6fbde87c4d20a2b9b4605754cc21bceae96f09b9ff8726598480b3785991b48d36ca5dacabe49621d4672e9bff8d0b2f9cd091dbac6abcb2e2f660391217855464a687d23f0f78a1034543fd0948fb91eb45052fc5ec9c648c7e9949014d2a7271c +S = 29bef7b04835e0020a2cba2b9f6db73583493c3702678cc624ee60dca13ef99f58bd2466b3cc3515e3ac52cc01e53aa0b1ca13871ae90317ed90d5dc810a49b0f569cdf78cd4ac2b554f272f3aa541875478901c26d82835bf482451812460da6392f801293ce370b1dc1ca420cde9af65f191dbbb57e0868971451be9030f414c24cada0d759767b93526e39cee99933f4eccee7eabf0353fef6061ee271558144cbc8c4aaf2d2b6e9bc9dcf2fe3f1902f1ef1cbd4617b04281ffae8925fa09 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430ec65d014978f49b770a449d588ef99f8c92263e18690c237b1c0edaa8da55716adc29d56621402e375c606e7399c9a83 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = c68bfecaa74019105206ace85d710f160907bdffbce96268b2b63680efac8a217810a053c2d0c0126b6888512802843effe1ffc8b6ff185e8bf518fa251c025fcbf26c9fd4bf8edf5e78995e43e34ab449fcbe58999888657348019e1f80dfaf27f809b6c353aa0195ff8419965c88005120a3b84ffada04d2759973c6204899 +S = 80fe5722ecf6c505989f017b63fa71b2723acd378ef8c4b4de5aa611d99196584eed2b46160f4739906533fe54034db7264a19366f7719ef576d3765907f49792fdccde4b94db4b42c95a9c54b2fa67f513039329f3b3fccba4d44f69ed2c9cf3b0469556ef88d90391af612a273ada316756c36d447b4c1b36edf516e8fd0569cdc4fe2254d3165a9250a9163c9b0c629bc64fc7cf9bf96c3b51d78e378678f2309658bbb363ff462f51d145b82fcef1a0282278453b48cd8715d32dd8a2214 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 17c6696009d0ea40825e93872261234db051c06cb17230e339574b7802a4b0a2bb18b8a5a2caa8ff55b22b03e56cffc42d39ee346247008deb32eff072cadb4c3b173f82b49a24c74ed694498c0f52155952c8389fb5412415e0585659ccb0363ecbe63f67c9c45f15d1b8a13dd38409dea436bf91465b71626a70f2de339927 +S = 82af137868d165dd09c47c95c960e636513305030879d7c4e1f0b58c65fcbc10842f7794e0b80b019b4b384b3473fb452b9e04380f84232e986dddb79957845c0f69f880a51a73cd4bdd041d98576be7220992982ffbe30fe53adfd524dc5da9d8d21a2140056faef2e059a1b282914db1b83494026696601026ac038bed35ac5bc7fa317cf2302f4f211dd8bfcfa3866d8fadb498709bba9aa823c617f8c339d17d0094f31b945c1c8138c944e6ac6a601a705e47b25e9e290faa0550549989 +SaltVal = 00 +EM with hash moved = 0001ff003041300d0609608648016503040202050004305b2dc15a4a45f199a414077ae9da96fc71a00f9ecdb0c40e214da9b370763b672571e471a8d0328d5ac83d2ea45ad2a7efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 063c070dbba386b97c50ea8c475cb9817fb00be490184906d19a3535ae052aeb06cca546d21505b8080e8f00bf80b55993a698f14b3fcb9cb9e25acae2920bb75f92e3e1037aecbfbe8b36b0c1401c32e325c85444ecfa6e30be040f46cf1a37d935c8c696fac4356770e68498c4757339d6a4f5c3485ce2fed63cec21e5dfd4 +S = d216d9776d8ce35cbfa62808888f67d9a154c87184be9000322148237b8bb64bb75aa5a1773ca9d5b375ae4f643846d07dbc3cfc8246d8ff2f774ff42b184df3495cbadb81a8fad00c00f61fb59602c087d570db0ee1312a2747be0fcd9d563aa1cf14522ace1e202c76ce7849b818b04e4bf489fd723c977f1a2594d65d8595917ad0b575cea228d95d6e3a9ba6f6ca604b8650d5d4e7c182a487a20af05c15139bd46b2f2e48e5db0f184bfad5119a9c256ab601820b7671b6cc48394de6f6 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = e1ba864ce9f41cf4ee2ddcbeb7a05afb1f48fb88610b5da39233f3fc6f1df00f593567b29e22b0eafa3d0d035e488de0ef5d318f52244e20274932b8d32d0ae183dc04246e40b0da5a94ac3f611a80c8f511c7b722e290ec139a03fed89c488a6698a4cbdfb7e56b141801994980fa5c384d042758aceaad5e0caef604d370b3 +S = b4be3c1b7b85f8eff79c890661621f6f3e997ec0b957d540e12b51461fd711b1f7ef026e7f4ecd1298b2f179fd90a55cdaa8c67eeb592dc077d8157b8a04611c904808a6e8a88e83d0965b6f8673253ffaedb437e01e771fa652cbccc976bac41d5be23c5a11bc4027f38d7442e999dc4ecd4af036c201332f7bb1177ca523becf8bc98575d2c4cc4f69bfd9383e540a8eb70dae384f3f07e190f72b856139d5232c3b9037b7e05dbe596af51751da4fa33a03c1d3e847e5339f2fdbf4601272 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 3730776bea4bbd16ab03e8dfb6ec4b962cf4312ec6432cc1c466aad327adc9db20d16d00c8da8f201140d816fd516e3d0ed20e30fde95bd4af3b75996451cefc32403951b28944bff93ec88cc966be9a09a35432731241018d735560da8a54d951c404e60e1e85fb4843e1c783f4e4b806ad2ebd9086864f475771b2f11f0378 +S = 204d6b33a90f2ce261f413b54563f97b04021d081789d8b20bae89ce2ea0de539a264a7aa47e4e4cfb9864fa271f097fe1ef632363e3ad3996e7d7d4412138419d5e17c245ded83329bf6805880397b5d9c724e4185b86fe55c88b4e8f01056747ce712b10eeed8081b928c805c4b89b6955219d9441289fd800588012b4a19a415f96096144d88c9a9de4ecaa817e36e6aa1123bcceeeaa6c779fb7fb67a61773fd1c8e9dda482be5882b4f81217bf9019753919c0c98f3d56bd60ab4e8ad9d +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = a9ba6a22549b61aca519cfec89c316889f0404eb354b5f8d7268c174d43aa6fbde87c4d20a2b9b4605754cc21bceae96f09b9ff8726598480b3785991b48d36ca5dacabe49621d4672e9bff8d0b2f9cd091dbac6abcb2e2f660391217855464a687d23f0f78a1034543fd0948fb91eb45052fc5ec9c648c7e9949014d2a7271c +S = 380e96b29f08c307d6894255bf104751d5c12892caec1f449311dea1eba85d63829c4f6f8e4c48bae11e6ce246635ffabe1f921de533867a738de08974c2685e7cb981c94ba95d50f2c663a90c281cf676655d542c5fb91818fa83b273cb7f55d88555068e9827de54abeeb597a7f66b20bcf542d9423826363716ad63fe29ef6a093f723d3a0f8926b678402fed69645b0fdebd943546fb0e0316e925eda23c755a321e23df6910e7b6c908b35dcd0b2e0e4c9dbaf51d050ad6d9d16f67891c +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d06096086480165030402030500044068a22ec35ac1e035665d558ea68f2d2867cae3935aede53c6940477d181f9630c3c8d24a06be07e006049c545aaa830a3ab849ff91d935df4edcf4e46868abc4 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = c68bfecaa74019105206ace85d710f160907bdffbce96268b2b63680efac8a217810a053c2d0c0126b6888512802843effe1ffc8b6ff185e8bf518fa251c025fcbf26c9fd4bf8edf5e78995e43e34ab449fcbe58999888657348019e1f80dfaf27f809b6c353aa0195ff8419965c88005120a3b84ffada04d2759973c6204899 +S = 7264f99a15645f551eb08662418097e48da66f7c3d5a953d7296330bfa24d02f87f554e19c20f98a848daa9de39a22b848f514826acfaebdd93db456394713547ca172439f18473f36243eb0ce85cb7357d04f011e34c139d72fc540afe0e7a5927c8466bf28a76e572c851493f23569ccb73132a650ba5af14ff2cdb20a3dca7fcc465e6ac6998fdb2df6f3d88044b4354cec5f7f6ce7f02d3dad61e764058f9a69a6c4e63d4e0ac89567fe23cd1eaa5726d567d7a647fc2ff4ab299a05a896 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 17c6696009d0ea40825e93872261234db051c06cb17230e339574b7802a4b0a2bb18b8a5a2caa8ff55b22b03e56cffc42d39ee346247008deb32eff072cadb4c3b173f82b49a24c74ed694498c0f52155952c8389fb5412415e0585659ccb0363ecbe63f67c9c45f15d1b8a13dd38409dea436bf91465b71626a70f2de339927 +S = 5d90ac2736979a5a789b927b6b142bf08cdf50a5018e9e75cb03363f255d4bf10e0873e39c7cfe7f0faaa2594b856ebaea0b3a83c6c1fbbd1201e533b2ce14e726ba43aff51445e976f9158d6b369fd121e17e34e529a9f7935f3583943fb82eb0e551e7a183254cd1d442ec87d3b853613ced92c28ad87c7884b8e57729fa36b25767be0b77108d2f1da7122c3c44f71ef1fae6399400190863764d2d28076953e579bd5380058cbc06671b76d6cc2bed1bfb1eb0a22e72308c5c294bc4d339 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffff003051300d0609608648016503040203050004409e1ae481b6e7360c34c33703717c48bf5c84b980c112931713bb8563dbbc3542dbc309570342b078e7955ded523fc9b8e992724b26452984214d8f3d04a7f0efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 0b86f0524108c0868477219f6462fffcec9e0c3f0bc83ef154f23be0c51ce72969d5e94fe758df4988bdc97b15a26ecd30b1d985794db76c6a9457cf23d021b84145eb1e94026027f6184a83268334b36c5b1a87b054cc6ea0152c81c8b2221d5994cee154433655352cbbea66651f6e0297fa432f66780fad7d1797d5d2f59cffed6125810a6db340502922acfd7d0c0103846e5041c43efc3551adfe7f08180611bcf21175160441b81bc2cc8d8e922f8e21db688e25a820453ca986bc4941 +Msg = 03403f0e704c5e28fc547e60cdba09c7bdb7e4fff89fa2a0c667f8d9a564715b9b556372caa4227545e9736122b044c1d17c9ad1ac0ccae2cedcec0029ef8dd3d3cca4c3a1c7c75ff7819f00deb29aa95726df32f00687a694590ae9a7caf79e53ace9471c3bb6aebb25e98529497349fabe9d6cec1741b2c0e53adc487e1984 +S = 5959dba95cc8fe826428883acbc57294a10e8e8ffda441b07f8fb2ad17f52589774c27c2f1cb54e96614bf7b7a89c4227168ccbea47a941540d2d71157844ae0210c6fb7abdb58db349ce1515b63303f85a6bdb38bd6ea0f9a340fe70d3aba17f4b5f2a36dcb37f354eb86533e4424c7ccd8377775a28f9beb6921c8b4d9e89811ff748bc1b026e9214c9c16227a36f803cabbd738025bd9f7cfa1c33ed4c00b5d8035389c8d6a02051576d33c8e83f2f72fdc1b35a0dde73fea1e2a93dae015 +SaltVal = 00 +Result = F (3 - Signature changed ) + +[mod = 2048] + +n = a911245a2cfb33d8ee375df9439f74e669c03a8d9acad25bd27acf3cd8bea7eb9dbe470155c7c72782c94861f7b573cd325639fb070e9ba6e621991aefa45106182e4d264be7068035595d7549052989b3e7fd04cabc94012c1278a0ef8672b1a51dd1a9e276816ba497dea24b4febe3dd8e977707bcd230ca6fb6f8a8bff9e6ba24fbadcd93f00126b19b396a38e6ef86d18fef945b9154c1963fb488c7025953511f86d05638bfe056493730bc6778446e59cd3c5c3acf07a0a3a64943793652f10e3292aa7a6d25a03181cc6f6ba0658d909e59ce2a02bacc9766fd8c4fbd4ed9c23a866844b8a794d49e505f9f944870a71aadbe5338039825c2dff81af3 + +p = bf96de108963b5113399b664765efe046e2dafdb70d6e5e29dc6ec89b789b059348d74d89129c7ade9ddb404c6dc3a3437c7fc9f23bc38dadc8ffd0ff757999f5c2d510b993056147ccdf421e03d0be2c74ec333a9677c430cc604f5550d0d86defdde71488e3db889c699a5cacb44dcdae2f3cca38695e783e6f6250827efb1 +q = e1e7e33618d1b64d6862c132e4b1cd5fabad20ce62bd97bce2a3f5ad2da67bb0a7f0b9e48335a33b7b95e77ec4c47e91416881f9f7c23f9bc1918cc644335c74260e90cd7b2e0fed802f19e78c5ed80a431b38630d82f982c74a0381b8ecf943c60810fae90574e216357b2535002316d9529cb56420f3cc82dea37cb624e1e3 + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 04d5d202ade6be1df96d263021141bd6e4e68a14c5b413df73b817df8979137377ee2df5c0e60d3f67a8ee6ea3d6f5e6da97c196cdf4437d1183d06cbe43740e6bc88a2759988919eed421ac651b870ec5ab0d190fc9f5d5bc64873e66f56147c6a90f1edec2dbb2773ae673ceaa78588b6b9527f2fbd1f15da265dbea558125 +S = 6b2703ff1a8d96808bf97eb6d297a8b8d11f479e22b8471e03d2713d124f7c8bf46225e8de2b9db432c39209c242420bc9a17196a38c1b2daa096a73e33912b353a6adf9d198d15eadb6f287c5d2379fe8c07d9e5735bc4c474c2ff9bc7ee6d3684335f7f825664d6272426b2fa20bae585f7bb306b352d916679c68c77ce0d2032cee4909fd02f4f4711ff4e771251c3a9e284f37fb1bd417d8842d030500d84bf7a774b5bbf089e2829c7e7dc27f4d88408e5b549522339e6eb98d51718a219c0fdc20e26bb32d85ef877a5fae812ece7bb04a1ac5a0dd71ae4e8d4c25aaccf8c1f5b9c0de7e0491cd754a675ab6eb8c630b8afc49e0597ea6cacc6c37fe9f +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004143d68a61abc2403258d48c94be567caa29e315c8befefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 3efa6c9938d6bc37f0373d0baba3697acc3bed498f9dfea7fa0af06e11c405a64aba834b4067094fabf822e390ad1bf3b58112ef580d50d120aad95c54d640a14bd9c0c824a8890db7095809caf84a338949f2a63090a9250b3e255ca00c4e682b9d4c9a4a5ee578fab20605c24c9f432edbb4f57fedb2a9a10dfff65d2fd403 +S = 343014b8db6ba664af3dc07530e444976bac0a7fd3505218500b0342c0c861d508f55383c18ee70cf47516acabd50dbc2ec18a8cc2054ab87496b9cf22e4f576d5f208d0cd3be114f65f69e0ae744e46edbe0a378942e24eb51fbe25a0caeb654b20ce9a8feda1bd02981a24ed35fd139d107611cbdecc7b1a960ec57a19eef79bac1ed277b746772b405c7c29cf8e32c1c7a49557928ec792944bbc87183fe828a3469214fd35c8ca16df57a985d610ef80db9728f3d31529a7c39da03d39a6735117dc99225921d26fcee7779d7ae191934452207bddaa60c0aadef72c1ea09d5a1d7cac615a8a5b08c5e429d801f868683a72263d80db270a413a8fd9c4d8 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 0017191f1c6b5bdf895837a17e05ca6119ea3606aedb978c5f423962ecac0811cc87471f7c2985331715cd79277a1e48bafd1a03b9b8023d7683e2208472090fcb9fbc8adb292c52817ca5ce98d307ae22fc7ace985b5e5d7e32813e392095ae25e7e128e3723685f01625687c186fd9796fbd30f2cc91359ed87d85b5bc9338 +S = 1d2db922b68b7e89cdef4a238e033500962d61cd39bcad53494663921ae6b0f7710728d9dfb8d52d7725d4f11ca058b1195b1c3c4614c32dce6a2b1b9ad1db261bfde9cc8258787fa7ac9884ffb5e69775ee76ae8af3a15254898e8497b77d7cdb161415a1615eec8ae7ba4ffb352ba459a1d84e43a04b616a13cac644b38c528047841e249ff2795ef2fd066615828545d04c82e92a027bc110c5de6a52355e02bd7888c97dfd48a925528e48890323c6a4f44e5d04ea05cf3009e838a6bf438fad103ea8ffe8d0f7d770c0034de693c7bbad16e8c6a923cc8976bda5bc08b15897075162068b39b362699149e0cd4eda9ff1bade4fb540dc27c17e4119708a +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 1577757d0f460af152dc68b6ab25deadfebba5f68351bb6e2e51ee766fc437f71c734aa3ac4b6b7da506839b5708732acb87a8b4f7eff09e33858cf5f14a866aa822459a11355e939696ad940823a51590ace407e8570a5dca42cccba96b44cea0cd8beca8cc8a3d0dd30d2a233c19753570807abe4fb2b4dbd2d68201ee1a2b +S = 5322e332949c0f15fe63f09927e2ef90a0f1eb2262fc8a7dc602facf8b5cf74dd0eaa2638a6d4393c0167be176e8e68d3b1a6dd4c7f043dc81e702b3b2620df5a4032e6319ff88e19c9cf57fc03f3ec5ca75db70b6b22a38f40a3dc214b477da2e1400eba49c35323c8d83e5159eb4ca6701b4fdb99f18505f266ccdcedbeae59b36fec2616b04da979376403a435d3aae0113d4605b9ffda0afe72923ed2644069a408c148b4e781387fe49f3103841eff840f0b39b298ab4893ba2c292af33b57f6f6f69cf5464be470f678ec07f0ae97c9ff292d896a7daec48cf9e48ecd006acbc2c8567368be62f2178d469ae958ac0b5bd66917944c4b53d1f42ea2f20 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = b72914feec0e16233c24031390fe31942537dfc03d58810915fb597b163147414f22e26b23f3c7ee3fed32ecd0dbcb36f2b3c2106b791d3499615119a93410740af4630021c3f87a3f01bdf0d0b5ae3cd52eeacc94ea0da48db6baa5b117770fcfe9be454f4650d022a9cda7f95382adb5ee827c1f71f861da43bba796a32319 +S = 2c2a5042129ef97c6235195df1da7b3d80e08176900daa562ea660258269e1a55c73bf226fb54d21f28b8cc02aab8f453405f2c0ee6682ec8ff2d1d8540aec1ed953f53847bc43f0c89608164532da10188400e9e7850114ece817aa854024e696fed5ff74a3747de548fe431d4a95c789bb377a8add64a8583dc7fb203fd66ec9e476232c25b9d454aa9ea7332672cde4ef7540b12ee28524b6c399be32805ac0f7f0db08eb07b93cd24a23baabccdbf5c8437fe2c3330586757a897242c8f2673ab8295ee88e5ec2222fd6519fc49cb1eea3d21d63f07d32bf0874dfdd5e74f511b2e06750ceafaef4238824f92c5da128042dbf64557cd6e4d7ee35d479b3 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 25d08c937abe386aa08b54cb9d7537829c478e53e67df73b0da9cbf76a153acbcaaa9e7c6510099e10172016b3562dd7fc126fef5561b5c7148e2ba6f2c07378bfd7f7ce54977e25c808fe6be71cb1bfdf936b793d1c2b6a18bdf0658c74cefd6b1f40912e99c086322695d42111edc4ad932bf885f782ab81fcc33a207b73e3 +S = 93a032b6e997c0f9ed6261cc4617d98afb80cbd6450a3d9ea2f63999dd68194c9451538975d7626d77a34734d99b5992f98ed18c7f9dc0026fe34cf6583a6a36eb6baadb8316e3aa48d9da4244544da430cb8a19953d84ad4575733d887ed3bbcb4f25389cd36b1c565bf661b1c918a14e5e00e0f0857900ed4c98beab9fe6d1f66a0df588b61afae9fa31e94464d85bc743193303259e9806231cf5cdd4d4c9da5691c08156aa72f4da7607d598d450a5c852a8b3f577194afece74e59fd4ba8c5bfa583c2fa9a6f6aca7c51f772d02fe8e0bcaf5e4c2c7cdd6a38f7264d717aa2b30daa6968a4e7e7e2dcc1de9e34604f0b80c8b793f882d35497d81ade352 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a0500041461ba8219a8f4252ba5e715540544ffde89da3072 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 04b9dc9e05391605d1101e84d4cbe1a08bc3e12a97e7e21e10bbe6cb1ba15c34bf5895b7f4c277ecfdea75d0f845bf23b438b50ec2dba209cffda7fc3168f5a4bf653f39e683704ef99599f8c9fa2d3276217080844b2dd33193a7ad062cd385adebc46d020567f26c1970446e7194977985f9c805c0eb44e087d026c5785e9f +S = 39b142d1b8340384b8eea14f948125101c3c54bb339fc06a5dfb652ff28df204b05561e7ff8e1e6630d7ee9dc7a6147f6f24ddd703bc753cd3226e35812a821e68b7a77cae8429202a74dd1361e8e568f99ee2799a92500a21c73f98024d091c5e29e9531bfde05a7959a3d8f390eb17a6292d11d361a0caa7a5cd2900df5fd2f09679c9a1e58e525721fd068061e5bf5c95d1f491da063532ef620d537a45dc74cbf249c97493bc8985cd0fafdba295fcb65b5ce134cb30d504c93a999909e0cee5aba1d6a6e1f3a3d25403d09bff303d6b89f6a81d8c570c735ffac0d0d415c7b6cb7a10f68d94cca2f1de7975a5073411529b48b2a148a9353c536369df48 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c330514ff465a496206061832aa09d4d549aec683133b10ea884bf3f9 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = ad12e61576bc1b15d5bff13ab66a496bb5f643dc8461bc858d7a15d3d938369d314fd3598305ee9087429e8fa1e70e600a61c8f82b7e34b2497f5bfc676ef15068b2936775e04da99ed45fe7c401414cb605e4919a803b718f27fa5d90149e709b60ada513f43f48649cbdaae55ee91902091e0f9a10d9aaa699795c1cd243e4 +S = 3009202b1060f77de9e25bc5bf80062a16fd8c8a7e27c4f8fa2d069c6b706bb981f0e2561d8dafd42c647c844ff30b0a226704bb85a3a58dbd5baaa8e19ebfb7635d4f502677b6575b31ca37ba4a51e747fd97ed2a1fc330f2ddfd10669aa9ea4f13c990b4cfa7e15e983459df317ff83506803db89d9f15f3b93ca0acb22d800d9a2c36770718b62a78998fd13471107afb36b700aedde93fb9019ae9aaa9ae4f33d7a18cbbd8474ffcd38a6b4dd95de015786e50811bf3de5dc7de6c3eeb721e8197a8cc537e1d076a887634cb7af055305218680b605055d7e999b90a348745d277bc36dfb38c431c9edb329d3c5c750afcca77ccf159276ff70b6e8f949a +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 3ede763590291420c8da355f5e5930447317445e61d0cee6970dbf59a4ec4e679123ea0c744373fd423aa945e51ce5308e2307684df4af5edf23b0ebc7fac138a07676dbb1936f42c2c9d0552ed7f0573abf560da512e123806d46cb4044c0a712de02e96ea171b9ef9090d76212bb811df5199792b2ccfd23f36a413852b17d +S = a3dfa3b5ce640d92f95260d559bb5c40710a2d3cb38b816fd3b790c78ede96bdc213e7e6e76f35d5e24cf1a6dc54d856be83e352f55b3caf98b6dffcc952023978a5a6900cc9b0201b99c90795c38ecf0a3dd5cfd9579378c57c0083b2584a3bf859c69a553ce7cf8c1ecb98376b4ce90e1a0271c4043654f175e90477440f7108b960d1e3e2d00743e0a2db96d179999709722b046070c4ecb6f3f3650365119004b016e62272fe9e7c06999c8b1f8e0ac56f46c668103cd23f1457f37e376b8aa5c4235db08ceb577945f3276b931f5933bda713f0c8643aac2b0ad92f7c8021da0072444ebffe55d0cf183f002ffe1e8c221508e7f65b73c05f9362214440 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c6622f8e46c8c838679d4e8af043ccdd2f9bf3a6820a5dc64a446fe67efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 250f95cfabab5de46ab2bda3cdeb3228cf7330aa1b5764ad75623c795634a9cad69424c9cf08ef3b40a29df9ef1cd4a053285289b0012efc844660a0220884369d22db87e7c8939b3a63482cb79cca5a4eb721a1dd23ce079c4f549ab8bff7193e5ec4f23b16d16c229ec6266d939cc087cba5d8eae6cd3884251f4d60808bdc +S = 580511902d07b267c4daa41b6660db0d20795afe0320a961a36b384fe3537f7a88e31e09c5e3f660d2ec4e176c2ebf7e45be1b579831c0c75509380684e5936b79097d6c3b7262583e4c2f81ba09e78e542e823e855ee97260e8fc9d53fac6d452d601d07526583d078e293c0f183d716a0f7b37de31b000ca7bb095303d4eca67393886e43ac271c119244d4c45d98212924402b37660c0f7dfcd34e4672011d1aa721337b1025bdfbce502f017a573a18850cbbe108bc9fa978078906a4c1d4023f8158cb5224b46f43f70c8029793981011d77c816749f6ca9a71c2749e0e151fc69c7f4b39fad8e96cf4dc6ae451bfb506d9faef8b377b7c5b47e19a3a59 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 8db3a4d5a7b2fa1c3cf85a9e07df0aa00eeacfe1defc527218c7c8c82c86d21065efa2c2266360797369cc02b25a24b2b35e48fdef961c450d9b2ef0ab2899bd5a132958ea82bf2ce95bf77866fc09a5fa2dedd70a52c3c246e671bf75248e1e75077fbe7d75dfdca6b72529aa2d801feb400694b7970e90ca8eda5c14e47adb +S = 9724b7c6909ae1499a06410557882d9fe49a804c68c172cd5945e40132d750d47a454f155c075c0e57003f20cef4a1edc84d427b6bd9f61617ab502ba6dc5c6b1d032a380898bacb80d5484d39783dbfac37c4f001fd8d4e1bb2310d459637be04cd5fb2cf6b32dbfd214b8f7cc0dada942cc41c9f476bf6ffa502bf7928dc8610ac0097dab03f79171046af23887c2d530463714bf7fe59933cad26266a117cd355d0402a4490472b0006f6e915c56e204eb480ab48fe9ef0dcde5660cb9ad235890713f77b5333c1314dcc741c2c8d0fed546d23696275a8d578a0d39d4f1dece330d73ff1c20c72ea82e4b714db309a0063edd35b22f12ea68f5c5723c8a2 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = d6fd570826eb30d7f3173089ffcdc2f791c60cb4bc5760e6e3e9d3557da92bc21681ff7a9646192bc6331ff5109673c487c957de276455b85db1de0eca603132447c7ea51d9e4be4a8611884fa153e81eeb81dd46c227643ea7f167d3202b56666d81db0425b8faba289625e44b4edd6ce7aa7be13f88d30923bc4cb3ff78006 +S = 4c142307690bf57792293509295ebe275716356260e0fee39e72b64fd6210f547bbc8eb84ee2fffe5bca0121735f934d1832079031d9813902269cb6a814a71a09012f08f6f8ae10907ca0755fae622328feedd8da1ca666d2b713ca0d5b6de85b9b1cbbd6874dd980f304a313ca07e6c70a44e9dda1bed3d9a2cce521473661f33b7fa96c496b8f7a9c77e9bd0ae0dd47bec92c2a4dc9f75af9280402a04014523957efa5f52985eff48e4f1bd54858a956743dd2badf858d00c83213908baf95c527afcf0e32f7c97d4dde5dbb936ffb09500a2bc0bf71839d55489a21d642ee455dfa8b525a4d4890b2283eb043b3bf77d2ed7e2885c32b004fbc89693380 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 8457c53956849cdb39bc8e7657d62a2cda9e13e1a5c3574142f1fd041c3add70efbab5207c7b78058196e9aae89b69bc3f330dc96804f44892d5d8da68f3e2cf87d3c3ec36f8006b51178d44877a9eabc6a2badaf2301110dd060fda74a9319136e91824ebc5dc179289a2cc9b3971025632419bac0f55a20dcacb8ca92372be +S = a2a2c0264dbb8b8810aae0b9ec7408553803dd02be6247358ce39f98f0c0f0339915347ff3c4dfee0e0a49b675ba69e376f3dbba56aae846cf7f986a0a5f37fc9971a58e3217cca26dffee8655f3025bd61776683feecdde546fa88fb881d619a8ec2daf092079a850340f6af41b2dd11d9935bb06c2253bdbd32a6fb8bd5317d3c9c3be5b683e7fd6366e1816895664d8ee312eca47ecf862be009d9df699a7d2f515c69e3093fd50a3babe9ebaeab6267086a3185a908ea29af8eecf81e2be7c9c2ae33cb2380c73af264d24961b5c7711b0289e1a095f2966656ead1fed95b6c33d7082c3868f1f7b706f9442ddb76e3582f73e4839a0a110dbb78e9cfcc5 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 6918d6328ca0a8b64bbe81d91cdea519911b59fc2dbd53af76006fec4b18a320787135ce883b2b2edb26041bf86aa52c230b9620335b6e7f9ec08c7ed6b70823d819e9ab019e9929249f966fdb2069311a0ddc680ac468f514d4ed873b04a6beb0985b91a0cfd8ed51b09f9e6d06da739eaa939d5a00275901c4f8cf25076339 +S = 794d0a45bc9fc6febb586e319dfa6924c888594802b9deb9668963fdb309bf02817960a7457106fc474f91601436e8954cbb6815350b2c51b53c968d2c48cc1799550d5d03b41f6e5a8c3c264d2e2fe0b5b8ff53fdcb9dd111c985cb488d7086e6548b4077ec00721c9cb500fe07a031c2030e8ad1dd0112c34ffd9091d77a187aac8661b298eee39eb615f9715c4c48a6762ede55a466ec7f3cdb6a937cfc80188a85d8f8d3a2a80b199ce5e6375af8f02f06d706a34d9cf38318903965db54aaa7d3fa7a7ee58034cd58c8435739c8906366e2ddba293f2fb2c15f07fa4951014471e7f677d3bdacffc4c68a906e08d68b39f9010746cbacd22980cee73e8d +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 4ce993829f7b8112277cedbf8b4ec59244cd7ef79a7bad09cfdbd1109a1a7348d7f472e57cd69853cf4070c2d66e5ce20f37e2eb623547e154265f167d92a3f03caf84eca981ffe3cb45728d0c10ae43e9b44d09eee346cbe297bee73fb021ece5df72a10ec4df4a85539926137ce23c3a0b685826cdd150e1f4978bc6bc16c4 +S = 29865f133c69122e1b309b299270b5d693db89c5192eca5c829c795db460cb1dad3d1f27d200790fab035c90c00b238384bb30ee30752425f2b7f424d71bea79993046100760f3fa3c6e019d025338c13940a97778ea67e6d6138d8e8ff601d2309f02762add479d85d25fa31bd1c89af97927dac2ddf818cfe2179548db4da69c163d8cbf5f9c98ea33957022a52d6f33b19bbd3d05f40f2dfd49d999184cf5f9bc69fc1b21359c3c85ddebb6936c4f49015026539e8c4aad2dd3a3b4ba309021fb317348d12b560ec608b74f812e3b74e4c8407765f30d6d03a5c20db821adc4c844018d57fb5364d0e7c3d55816782200ddf92b13dc2e0d4665b4cf3e1059 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = c801a9270165955fa4d85fd502c0e6be0c91e1c453ef734f331300034a6f3e8a2f958f9361558e1a7e25e7eab6c76d617e256674898029f2f4c9ec0dc14fd716869b5d886698cb4841f8212b28d222b91490a731d70838cd52e9dd46e959329b34dcba0ff77875705517b59f402c2d4d34994b0325d1c865b6397db7abd578a0 +S = 290d0d444ee458777b5fdc3207d37054407c0dfa6806296869d3ec402a18209a3d06eb63d995293697e8c0a0e72489bfc9132857d6c7a17f4852e4e573a48d2a2a127fdd270092f5029d976b060a570c90d685bd2325d80c9867a3b245455545bfae8cf87cff314f4d0a968229446dbf24adcd2a52ef9abd30b4746c2e04c0fdf52655427eb03bf63fdb208c6a776a3852052ac225eb33d7246f7ba624723f9c22abaf6d2f9219181ca62e44bb53a9ce8b45e7c6d742586a234e5de66df4ffbf7bc9e7f815a7d5aadb2f727f3151afa6ff48f6090d9fe08c8b0f1505598ca4a4ccbde6ab0f87b43059065097c737e53dc17f200c3a54b00d709a5b8bdce80f2e +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420af8893e585e7d2dbf3b8d3dec0802db4ee1ae86e8bbe369d8e1eb3aa634eb2cfefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 2466a246feda6fa5cee22c2f33ed9d643c1f6824d9f327719225bc7678cfe4c85cd210ed4077701b0b5650418177a74c71b8eda3306e2ef3474f5d326990eadea84a9686e822878c932997298e01f2b16c42e019e21bdfb67b3df5478df444366c97df1bdd23dc82ce23abee44d3a61e9484e88ed642634197b52dbece451b59 +S = 79c3b93019bdb8a6d6a79e813e4d96928f730afc010657b1eb870f2891219de5fbd464fce97b2bda12a9d84a3d5c120c660ed0f70457e223809b26a996afab7c23143b411a1aae566d7e9d19d278044567b5064bc918bb101cadc7a521c31c5e1962a7437d8f799ee6a76fc2f0a6733cfcb63246b1a864bb14ae70daf848824da565892d750af7c5da6e02e4889143a746e7e58b562d19cd3cf3d97795e50e1dcfa26d43f00357c92f01b327718d6cd292498dd29d0d830408b568b2c91541a76b21b5d4efea46bc128d9c4aea4e9f60a4a601c876736bf9312a00a2bd81b4ca5d8e37ab2c79dacbe7d8e6abcc4691db64649cdff212f467a9d805b2c38cd031 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = ecb6731a006eb273f6c5404a2e2d1faa5232f7afdff5b69be1dc7927fe88af17b5077b11e84b5baf98db08d3f1c99d3b86e4fa55dd2e6b542e91858368cd51d975b5adcebf9bee6ef309caac05b276f874a70b14cfce2e237891f003a8d3f3dcb328cff98d45b3d78db5507c72cef20aa4e4f094bcbc47304543824ec480dd48 +S = 8831265bcd54bf33d8c46cbd48052e9357c31afee92276b1b744e2521da9b83968e9ca90446064d8f174b248f64e792f91f4fae15252688e0f8ad38b28a532ddc7dc59e77d81b7a51dda2df2f2cbd5195c87b66db297b74296d4058fd00a060377dc1ec286c21e4f84c17ef315d443e89912e6b5d5f7d4ade31cc2b1aaaebcf09aaca20041b5f9b799b5b532391f85fd236ff3fa794baf4b25a2a188b0746728f1cfe0816b37d8dd648c53d76b81ee42ce27bf07baa27016b82c9ef3e1f5523ded7d35622d4986a6699b261f483e9b68b9c99e17e4aeb1c7baa84be1177264894ed5aab8592dfaaa652898b37aec28c19d154df27956f604bb6a30d0964d4e97 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420e45bf84dc5abc5c28a27625b0c96d7399fa1bba8fdaf1d5b5354970b2ff9dec3 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = daf4399ffab3de496e3ec347b4ee6f4ebdbd83cf434ea81e5d2dc6d351577771a9fdbb458985ed913fd2f5ea1cc5c0df8203eddb3ff9c94d191e7e05aa7887e16f6267aa1b8c9b393143cdded1f34a02d2eab60a125eff7f0ab28f6ca6f5c60853aca79559d1d1886b1bb1ea7c80f7fed5f94624658530fd587061d0ebd51a2d +S = 38aba878044ffa4572749376a12fa96b3b8cf778e68baa7ae05b4cf0457242f3a1eb8451678e79ad73741e169efbabdb0469a53dafb627ca3d14fbe392fe311e792b8f274e0d8439de0d9a82c14082abcc4253a5a7292f846ab816419b34c57587f2fda5c6be4f4a3c4130acef535dab4f0e05f5c8b18993f57b167298ba24b0d238964e0fa87114079fec872c673cb7d961ccf7ceff7fd5ada8a6f309de2d96a40224b12b921ad987b20e0ccafad43d0220e24b82aef90151befdbaaddfcb5b35e505912438668b4f61745734879c54c1105983c83a569560f35265be0d3ebcacedbce139c489f4be3c3befba6dbd6c5c92e0441a4a789ea383516be0f4540c +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 6cd8ccf65bb3833c81961801ec68a9735fefb8a5f7e3e63c0e47fd6b60f934216c87af801e444692aa9b8737bba4fe62cdf5b485d7bbf54a2e095684a66ff765facf06f16e6c84b2b2444cae0aa05196ace9274069bdc5579042895210ba7ca2dc58d8309452c70661386e4c21842a77c47219bdf512ddccfd9b9cbbe5024b41 +S = 12eede9247a5fd5579fd51f172ce798d20f8d932326f21ab0dc698711899c68357158ba1eebe07bfc1a78a08aad655da3a26556896267afdcd5e55d2ec91fdbf79960321ad13788e33eddd06b2f25347af73db9cdf628e8ac7a57b2a03555aacfd4af01afbd049dec0be8e279ad369a3c606fb1663e4b0f95be5416c5ecfeccf73c5d829ab5041e21ad0d1792b4536033f518b411c3c82ea162cef14dd704d23a278c0d71ddc9adc4014379c920e54ef8487ab3f5f6e991e50450c609fa769b60e057e6afb511df74ba7cc6458fe493a7a23e8267a742d20600f3c9261efd554b4c0b366ec0562c94c4180f34ba40780a24e8c36e110c40b6bb28b22394177a4 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 5fa43f0df5b0d9486b1e5f80a604230cb1159cddc9681462b47ca1aa547856c97bb7ba7c0183791014215a7fd00f71dd0f8996f28351162902b0a8a920b8a2c103cd6c89736435c63109e60f8aa7542e2b04bac9378b6642974eb2db924b361e9dee3c7c74d8743469dfea76fc5634c8ad8ef0aa0e9c6e751c5da989cfb87ca7 +S = 268bf5a0977722b24a174d83dc7dbec6ca1c392ad4a48d68af1b1ce30034e471dc8ccff5e5da865f677eb85c1e3022cadc89ec82624bc8ce5c632d1863a4946f364718f3566d38dda330ed68deb56130d10126fc9dc4f501f36e6e94507d5a556c8de76efd8149276eac52d16af495679cdd4361f66b7d963b9faa5ca0f8920227071c519f3f1ddcc7c03870a9639e78ce5f1e61b5291c190a4f9ef237116ebca742a513efe5fe39b1dd8914e71b60128b0e180685008ae206a64cc51c218f45db765c1af655457af34f94789ae5527dfa840a1cc9dbaef8003d81d3f59b7a3c440a9497da1be98182cbe368f0c984710f9ec986428f5c7a38313d43bcf680df +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 40bf49cb5825523aa5aea4c0e6b08b7f857f5e8a1ae01af731c14a364d272aa12d670b534d99f93eb04a9c78dd715cd628a4c8bc328c3933b397b23c77ec0b65a7a44f994a37623c0b34e7783d3660d11c13970056563efecaf0d25f8f2ac5e138dedb4556e7d55d3fd64d670ee6e199eb3393fd8d26707ffc3470459cc89e3e +S = 825731d01b0c197e2b27c4314b256ea5bc09ce9f012ca120695ba38c0ebdfa8c8802ca5137ef675f76a17038780f94f753b1234d0531be8fbe82e557d9357b18bea2a5c1cb83dd129e31e9c2aba44640145d2ed36470ee57a9486fe04ae13d1be2ea4047ef405a53a2d4f5bbcd21c9598de98046191bb605ce7004e3250b128a0d7d075ea7bab16a30f165fda23318547481b8b6c9bea0843876934bf7c89e013c9f19a8e661ec2e78013b89aa6beed57d88cb27ac34cc18f231c6e6dfcb8cc1580fd5ea8185b927147b564d31f724466d64692a17dda68e0b8fbc1a7cfec4bfa9c9f96f73bde2d0ab8948d09e1e739d5277a4d3d4e70236e9a3dec388986684 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430e57e40b2774ca1517efc987400aad5a59ffe873f0532d8a092db7b4f7be006eb591eba4082d41eda449a261187bf3804efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 752fbf49ae63c7853b3ef6f52ed324e53867925bd5d4c49dc42b93f3ba9d7eae579c4169593da98f10e1a61e1214a2aa2fb511a4a75849dc9be89445c29184f85ddc877c6d1cbb45230a047a98ac5bfcbe7b69a397c454cba44fd90fa13f9b546f39ba0a52c8a8ae5c0038932962f8e3cd00c1e00be28c70c8a787d9be6f69c9 +S = 80d7286710e5f165eeb63d2936e8e313ac5999bd297d35590c2b6ffaa4b7b7ed30003f0b83c1d1996c8593a37bc5d7b501a3d126ac6124779a23718497002d9dd2ce891b83d185e333af05460c6deb65a509640f775a0d3c70e55112c2e4af19f4ccec7af9ebb34226164f1b47d50b8ecc1dc3e0fc09aa15abfce5aa3998b5c2b1fde261c35eb43220f0d64529f723801d7faff841faba8709f6ea7751f30428dfc58045c84995107ee013ca4a84f65b99adde1abdefb5428f834ac8da04dafb9beaf1813f73a4bff2ec94120e3a702aed1184c387ebda2abf1959970724299b9a05f4ad313d91beb5344fe1fe13b3fc3386c279f031c77d74bdc9bc97e22455 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 18e158ea033c33dddfc57c8d6c8f132d9b129aa64416cd971bd3119ae1564fcad726028278288f6767c0d6a8a73906840a67b50dec8a302c20760fe62bf10dddb05d171a2c97a309e41e43c51b787a9687d1ceb906e61e5f8e2136f76205a1b08ccdbe3a875017cd3c28ed6d3013186cfb990e30fcf041374b1cae57ef5ab24b +S = 3491d346ada87f5585e13c5e3ed29c35f7f8536d16b99a57e3519c6c0fff826e6e314ffab85c3d5918473cf49dfb066cf107db8398840c53a1582a2bfc792c7cc1b72d3ea0a0ee0bd9c5aba576a9c1a41836caeb61da3b019fd553ec455b5b2c66da6682595e1d2731135ea8681e3d0b262316763f0840f030e6e26c67f11c1bf93dbe71b82d593bbe869ebf8bebf831e62ef31d2851469145a1f618734baf114716c0949a28a27a83521b5c68bc5b11081f6877562ed33ad603b436b7a9f98dc0f2968350810e24477d87df566a77f6197796a835b1945418667596171868a6b14d0617a2d76fb85130d8f5fc397326ea5f43587ce1812eb86e1aa584bb936b +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430cc8f60696cd0d4217858fd042c6caa3350dca7c9e36ad539e96052393204ff21a692e6349566d013a30f59c2d6bab449 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = daf4399ffab3de496e3ec347b4ee6f4ebdbd83cf434ea81e5d2dc6d351577771a9fdbb458985ed913fd2f5ea1cc5c0df8203eddb3ff9c94d191e7e05aa7887e16f6267aa1b8c9b393143cdded1f34a02d2eab60a125eff7f0ab28f6ca6f5c60853aca79559d1d1886b1bb1ea7c80f7fed5f94624658530fd587061d0ebd51a2d +S = 091d2c61d369410e236653b2b1b068cab3fa6632220f72737520838b7febc00bfbec8e993c3c969d7d4825ebf03a5ef7f087926ef7316f97e57e515f9aaa76b3a7bb10e64d983e6c443906882028dfb7e5fd4558a3f24b2c3b863174b011e8587995eb425d52e95bb27f98413cf2a1f5999990df7f5d3835aa19b93fae1b1734ddfd2be99b9a5a071d062b707543b47aa650faf640afa43a51c4013e27d278557d4429584bdebfe5fbef4c9bce178a496c0124aadc24d9ee8af3e0e83ea72ea93751eb687875902c7348a212819097860041a9773d810dae6d3c9eb6049ffe38e2a09d976cfcd3dededb7f374577458b25124669a85de7465b8ece756633c1ad +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 6cd8ccf65bb3833c81961801ec68a9735fefb8a5f7e3e63c0e47fd6b60f934216c87af801e444692aa9b8737bba4fe62cdf5b485d7bbf54a2e095684a66ff765facf06f16e6c84b2b2444cae0aa05196ace9274069bdc5579042895210ba7ca2dc58d8309452c70661386e4c21842a77c47219bdf512ddccfd9b9cbbe5024b41 +S = 0f8e07afaddf2b88cd2ccc2f720228e612ac00459aef46f9605cc609539097e60b10c6507ffd3fc27a15d348398c573bc8d385edb18fe0246af4c0ab32165f05a0b641d2e016f562397d3080d602d9c734b4d00b27f8a016f58aff098be7d09498b8e1775f0d7a3f69c383dc1abb2f177fa53ae8c5425a82a1a9ef0b428b70e48b7bd99df60ee016c4bd02f428a19225d3cba5e640d297cd28bf96a45cfa8e4e222e245b55a5528301d71e12b70246338ae0f4754b74a45fb670477aa1b1794ca1067aa1289819290ac7fa23bcea04442fd2c5ec835bb4a2d007fc2f9530995409f1e707220ed5b845feef66537889c85a89592d2df941cb61254b7d69ade808 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 5ba7760eab59b0b7eb22f2542c627352ef1c75f931f06dfca949644e4bd79d38104078a9f91296cd52fd3ee0343f00454d5f98d2e31e156f17ab3adf671624dd77072d6b11b011676a004f5fa719d2a69f05d1a7e3a4f47afce9b8b5f346148517655dfdfa1967adbd94ed778dda329e6e76e920376b5246de6da779f651b657 +S = 8385a5fe194a10ad210c8dc069899df18ba80008a47f0f8479aa690eae5588c04401b96afa0d8bd6512b98a46d137b32b48cde633f04604f8f08f63daf4f35b836374750d08cd20d4553752d3eb5d27da8b8d12e86cb81c592d39b66ac38c04f0d5140039f165ed670b3757282816f6b607e2708e66fc699dff5e81cf2861b64a98b572a5c417056fee1335e909f3f7b9d6930f399c29a92750b486263081e6ecc2a2da06dc1883f687a9fd480f4366c3099c7fe0d56c5c7a70b5a710ba021c075b9ad46e741189bbccc4f4ac936e71121a3c62c577f8157b1919df586569e6bb52158fd0f8d08ac1114981f904b5f8b267a12e1098b2f77918ee9189dbf29b6 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = e703433ae230a79291405dfaf58386e63fb5028088dbcda5c26e8f30efbb6e7c918a272461fe5d0d43bc31a77a4f126f18ccd6b9b9b10aac7113878e03f946425403760e1f4fcba2e99c185638b020b400f8aa365e6fd35088c0a8b105aff4c719b5578184ea98586c293c90976e58bbdd82a380dddbcf9af0bd1a235ba62013 +S = 25181c5f1450e2179d3b6ee166178c674fc572507cdbb0aafca5da9b54f10a3f223670db1122140887e68b9fe8365f316981b3d611157e2d579873a2292daab5e8ec6844ec58021cd814040cefda9f7cc3bed4eb0edd3098e3d9e5546060f19df911f1f89b92e82dd7aa118623e1c707ce43a2877ad085527ccfb5d5aa2775e089e606192f785f3edcc02c59e28dc9a9eae82647e1644aaacf05c91628b1f9cc55c683ca5e349946799f456bf8f2e943a0d93966521e2c35e294ca610dd93f4d871cc80b15bf4990a0999ab392659cd81af705ef0a3d84968f85393dd6a53579c3e463ff2c08b9f68efd4a0cce43c8118fcb61fa2fc47aa9ccb6ec0453b7ba51 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440df5bda9e56bdbe752f0af28644291a8d0fd9925f8794a485f27fdd5b3c603ebd68742e334ece1969a14dfd84e782e5ee8c8836b93aad629c63c826c84cba848defefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 5cb7a0a74095a6f284a13d4392aac30a73a9211df0520bf2f7e9831240579fca2f7d8d24fdc8d4161306dcf8b678b13be92804598f7c7308d10c0ab3bfb1092a3adee799113498b76a500c3f64e8f8a4fa16d8012bf3354e576823daed410ff54383b7edc5007a3d5228d200e3221fac6e1ca6fc0adfd92e53a6d96f10303994 +S = 25b408187418c512e7d36eac17edc64999e94011b4d5088ab926d29e433a69e24ebac43146a1371635fc78c3d215a66ea46d0a734b1607fdb9c3848a1404545ff60582abd579d978902ed399eb5dcdfacde0ca02145480246e1a22af5ddca7080aec216895d3528a8756e0c1a2059d392f87576fe896e411ddf02bd6be81ae2a654e0a15542a6b533b776703e2057b01ad02f5430d97c691f80219e46319de527541f0bfcf0b4e1b510059fa20779eb44b1ef293b7a8318447ed25793037ddfd1877cd98514c81575613f36d946670f632779eaf629a593fe99110e781cb38101a3cbd54d7871983dbf868a00cfcb17bd330309d43b8df8d4f05eb4c43649cdf +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 290d117f97d672f3647c2b24402832b153d22a25820567688645ed95ffa6e38d116347486ab4b485c27aef4962653bb60257ef82256785a1d3d52aa0e0b94c37279dee7bb308688aaee98108de6f1373ed2c12429c9b8770756c12c03908b346b129f963bfaa38a8937190cc656f057ef1a812dd0312f51285c4f46f9241f3028ea6a61db0e9255976469f5d5542ced55ee2d6f4afe766c0a70f49871d369dd8f3a82a7141639efd4a1f4a4009821c3c2b9f5c5f5eef99a5f00fbd8bc8191a3654e8f8d8ce12d90e5ff2a4c530b76306c8c56e0549a6f277ab2af3a60cccbf4bb4b2cb47f04f211f8b86aa653bf6913f3b5ed190c51b5958e40597a2dfd30061 +Msg = 1d9589c9227a3ebe444b5fdda538adf0ae8f8fd69b30b58e3a41fb91ef229065fca3576fff758d09bcdfadd41db2904f777fd9a90f0790d4ddf30ddb90c61875d20f4edacce3c7d5ed8af51be779cfdbfb802f96774579317df17e490529a0c6254036b391ab324d5eb501590b74b2bbc1fb5b45dad1b8cda1a2168258356f80 +S = 6eaf91209e0a5f7d985231c7226732f64e2592e6be2886081f830119018ee427b3293ca3ab4156a41684824f26227401f1b10f7d993b000f3bd5d82d831bcdf772137a2982af4f1fa2b57b49833b97f448aba20458f3bd8417872f7d6b6156300d87aa87f2aee301ff53b6c367dd6907b61b6336d1ac97c4aae90e7919d94b1cb0d919a33003f05f941339f5c7de72ca94d9b65d42176deb086ec259df9e29675c087ca0d42f51be4324f8e1bff094a517083e51794dbb68aa229f7c1560945142c4e66264cf8d8fbd43dad4de21b96522f4ad7d1d121fb320204b008ccef86a22427b59b8e58d7e44fad62921b44301249fe1139ff656fedd466ffd46c27703 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440b1601c43923bb80b35c45d083bd748d75a3fcaff22044525ab82d705d5465863cb373e069fa40c9b8e5aa4d5ff7ad45700c7a8da342bf0b16686db87fba0abaf +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +n = a911245a2cfb33d8ee375df9439f74e669c03a8d9acad25bd27acf3cd8bea7eb9dbe470155c7c72782c94861f7b573cd325639fb070e9ba6e621991aefa45106182e4d264be7068035595d7549052989b3e7fd04cabc94012c1278a0ef8672b1a51dd1a9e276816ba497dea24b4febe3dd8e977707bcd230ca6fb6f8a8bff9e6ba24fbadcd93f00126b19b396a38e6ef86d18fef945b9154c1963fb488c7025953511f86d05638bfe056493730bc6778446e59cd3c5c3acf07a0a3a64943793652f10e3292aa7a6d25a03181cc6f6ba0658d909e59ce2a02bacc9766fd8c4fbd4ed9c23a866844b8a794d49e505f9f944870a71aadbe5338039825c2dff81af3 + +p = bf96de108963b5113399b664765efe046e2dafdb70d6e5e29dc6ec89b789b059348d74d89129c7ade9ddb404c6dc3a3437c7fc9f23bc38dadc8ffd0ff757999f5c2d510b993056147ccdf421e03d0be2c74ec333a9677c430cc604f5550d0d86defdde71488e3db889c699a5cacb44dcdae2f3cca38695e783e6f6250827efb1 + +q = e1e7e33618d1b64d6862c132e4b1cd5fabad20ce62bd97bce2a3f5ad2da67bb0a7f0b9e48335a33b7b95e77ec4c47e91416881f9f7c23f9bc1918cc644335c74260e90cd7b2e0fed802f19e78c5ed80a431b38630d82f982c74a0381b8ecf943c60810fae90574e216357b2535002316d9529cb56420f3cc82dea37cb624e1e3 + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = b756bc9af8682c9473fe98082ecb72f33f6199099baece582cc6672924e3472790a90dc330af8cd6863c7c882d4e6e726ce106ff0b6d641865b1e300bfaf067cd8f8af38c1299266efb6eaa88fe66a30191f772528649449891c1eda921539b6b5c80ac255df278bd7f44b2efd9c4f766fa455459b9a4735bf8f807e441cc81b +S = 20aad3d29d4bdf75f18d3617771723419920e688928a0c742af8b11bd2e05767afa0256c868c3538111359b7bb91dbf1b8bfc383a1573cec0bf0c62837b13fb5df21e7e07bb5d758ba8d58171d22b46147d6f7bd3b8751e97ecf13a5bc8c9b5ef7f00702c3ca400b6adacc6de96779a48881fd7c3f544f95f99ac1037f6b9f49c308aed1f6634afcbd46dd6fcecc015fccc24716cc590687fb2492c96812c9ac037f743e3b47d60420ee271331031d290fa6179178444256acb5697fbcbfbbb4fd3c6227566de99b246a8914721d5dbe58c2411df01348b63bce4e3659ae7ad09579be43acadad01ba02eb4c118b23ef64b318c7424920c5da7176ab2cdadb84 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 196c5dfa45aa9b9d8c8f0459ae650aeb45f1b05e06a6ecda44194fbdb5b5e7ec79b0656c583d7b2c4c0488253fcf77a51586e4e8ed5d81e9a44cb9779bc0938bbb90d8d9b63278a58f2f2ad85cd453534b2a2983e32918368c2965ad529911f2e6f3006ce5ef5ab05df8329a8edc659dedc7c5576f72776803989a8560aa29c8 +S = 4bfeb7f6d376548f1ada66742eb2320689db85eaca0f75845aff7cbc91faeb1efe96ddaeabf8f9bf2b3031aff3711ebf9e4bbfd46861a8bb5107aea784a78205e067779e98be0a74458c0c850903f58dd3541636c2160a8854914798310324f852c3806f0a0e59ac6b5d3ccfd2580443d09752640e27f41b1e692b3ffec67c39868f4605230b341a2b56ac68bd2fa3450df2ebf4867ac0156be6513e03bab686f435c931532632adc177e95971bfad056424230943e5757d0c5384671592b7b0bd4a454d4d73bf312f4f46f2f310e897bb657be3165d040ff0d8bf72315ae313fda1052c37307a31c2f8d4edce4644b5bfeb5ac37fdf0e2a393692dfb72bb4ea +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a0500041476e8a26a34cb08f8f58253d073c53dd76a749c5fefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = c0b251836d180dbcb995b4ae6e18856be5e8bf067841b753394226efe507c7801312223eb1efa2b3b117eebe001676deb8e94cad96aa36abae6f013d5d6f18f680665514e33b164efde094cdda7b707858c38f7496ac28ebaa461b0d92e285556d78910eec45911503b84de0e48f9abf2d3e2f626090b59c95901d666baa3627 +S = 0cc0b5e4251083e72898e6d239dae55489a42675123fceb8abf34886846e5af39d109fb65d55fb019c43c3fe91b891262d8ec0aa721acd97848f455f049d6af58b5e579b92208fa48f7afcb403dd99870bb25a15b33a67b5a1ad10ccf3df04fbf5fc42a2a0dea7b6c689d18da14757b2b5ebeafc39f62b5fdbe58f44f03e148d4e5ae6ce1bdce9f316daf7722ba6622ea6eb964fc3d0d9ab54ac226a3371ef96300d9d737767cbd04963015781d14d9f0f640b1981219d391ae1d94eab184d68f1764e7dc2aa2890b08c16ac277aab85e2912975702ca0834ff7026be694f805fb2692a605635a020018342dd89b8a53f8b5fc7b5fa8b13fbd9f8b5deebbc199 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414f40c85085852eab21192fc3cd95f0ae92a42c3cd +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 9df2b3e0f8035d92193f0c980e8ce31aaf7218078171f907da982db246533dff2a8553ffa7d641cbc14fc4bbc1240ad8d7d07394046795b9372882a0b7524da3c03acad4719996f0e62a578ea175459c2ee5ea0c062125cbb59975f3385f7441a939a2c91ef464e8cefb4d7b75289b4efad905d84f47b4259a138f139222bbc1 +S = a82261947dd0f5b3f34197bb91401278dca36b759a7402ae65d8db6b6a12fb2bcf67e564d16030fd1b7e4e4df9bf0577c5dd5d6a5d8766009277003d0e7929675ccdfa04285e74ecfa1a937db117a130fe4662da0a869d7d34832165f86ad8c345cd6aa027036d818af45fcc8fb7bf55975c948af26ca363ff796c752afafc8e5afc5ce5208bacdaa98601046e69e648975a87ea34b011237bfe5f734d9470bfe71cd5053e2831d321fdb13e2a4221f992670782b7c584634761b7b96a28e33b69eba97ceb45aa1adffb29fd4705e4532e0fe1890d1575b5e43d4aa294c27936999b413a3086b000050330178b0f71248a0a92af444d8fcdaa0237b7952602a5 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 3f3544b53b09a91b7f1a27d5fed879788432e604a8b6d121fcf98ba886396b657441211c0b8d47c9e1af392c4cf127851a3c689d823811055bb5c7a28c4ad16ac43b71686ba07506d8c4098bc4cccfe3fe99329f61eff73c04d614a8b040c60297eddea1428c5b59cc233ef94eb09a189a11eb122c21a84d5d241cc1da6571b7 +S = 8caf5231442d5352259da89fbf54888cd32774b7851232b21defd3ae6d780a5387ec021f0260cd299ced9fd814208d1102620cee37b2d48b5c9ad90c061f0c2a527bbd1eabd7aa76a5f4e083483eff1a9b5d62dfe57c751d9bc49991485569142c65656a67213c37907db465dc7225c7fcdd7b9a37e3d6b887b07c3dd07dfcbdde86baccbdf6fd13676e062f9f875f912058536fbd31d4dafd9c051bb79236e6e0f90db221acfae0690b6fcba1cd7716145afabd39866e393dad2ae99b24f9d97682e6c1163f5f442c4e49c7422923625b63e82fb1a3186fcf0bb81ba38d6761156b1f723c0de7fdbb0c678effc49c128e655f36ea465d41e704ad1b449294ef +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 2726543e530ab04b06a11cbae1da53aa966dc51642d390fcfe95acbfb0ca65cb28db0f77688af52f423392d2295104594143bdbab8517c0b59ea7beb5e2fea1e86b69d77688702fb076b5543a6671722de83bc88edcfa4a651a84c539638c6af6c3c6606fc0abff77cd2cdd50124744d95b229498a58f0150e5986c0ffecdfc6 +S = 51d57b3e66fd6e271241215438be99969c40d0ea4a5b7c4918143f68f58e5cd9d52d90159e7bdc9b73ac3d3d908cdda5e402f0fd352931f9bca9dd886fed30c791efd2466dfc7c6483aa32c2865cef82a40dcf5c5bc3aad547b8e1dc9d973c8b90f529ef272a24645a6b76887925b6e19970d9f2d7d68a513f2e1638b184aa8cd20967618d06662bfe1450f03b72d19790fd1a591694043b310d982077285deafc28f95b3c6218edf59649b38e9170fb3f18483fb3788a14b161648beb4ce471c0ba4c041b87e6b38067fb934f50908b755bd126d2904b75ad7ce75a8a5d0c3540e1d9c7ad52242f2e5a5511d46ad8099f9386299f369e69e53107c6f51fb985 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = b756bc9af8682c9473fe98082ecb72f33f6199099baece582cc6672924e3472790a90dc330af8cd6863c7c882d4e6e726ce106ff0b6d641865b1e300bfaf067cd8f8af38c1299266efb6eaa88fe66a30191f772528649449891c1eda921539b6b5c80ac255df278bd7f44b2efd9c4f766fa455459b9a4735bf8f807e441cc81b +S = 3840e121a02c4d4dead5197cabbfffd00005c9474df11252853dde2cb83ef772e2a533d7e51cf524af80d1a541994018abe93fb5835989e870ec3400f171ac786678fadd6e478ddd2d6f95719c559d737dcf2e5fa0b875827ad8558c70f6b8ab725d7344ac5197270e494ceb03b89680b8bf99ee9260cf91f0611060d7ada8d2c7eb672a2957fe4eb1d3b027c4062f2d2d840304e4a7faa243b816b10bc893b2ad48e7ada998eabd1e9fca72c0820b9b4feedc3733d20087da09c26e352fd7a4962c707a7ba9e1f66b18ea89d96d0059ebd13d177bccbf2d80a502a7362e198d7bbe1199d5587c06e1192ff539ff5276ee5ee8ffe25df0a1998e5c8ab05d3097 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 196c5dfa45aa9b9d8c8f0459ae650aeb45f1b05e06a6ecda44194fbdb5b5e7ec79b0656c583d7b2c4c0488253fcf77a51586e4e8ed5d81e9a44cb9779bc0938bbb90d8d9b63278a58f2f2ad85cd453534b2a2983e32918368c2965ad529911f2e6f3006ce5ef5ab05df8329a8edc659dedc7c5576f72776803989a8560aa29c8 +S = 411e75af44716f884c084569a3500b74017141ec3f1c2768e0720d3df6cf221a155812756068bfdc74d998743647757d80e15752b0df1ed038ac316aa202a5eec1d0363e773a372d9f60c4d5c585f1111ed44b02c241280d2b6980b2cbb09128ce9b6ed38d50dd0ce10b73961b82996bc82a48f0d5a574910a691e55048136ce8f3668cec4cebe5c791d6b66b6c54617bc70d0d578080f22d9ed09030887bbeb5408155187a03657b55680c614e57c2e28e2c837eb7bdbec6985af6b596fcba378084d5f1a4fb80ec426966d9a9f914431811a06133c4e6df7a48577e16a8b6cc5af6873b70dbb5ef191ac9214866e73f0c99f33da2d21d313a6bb62cf03ea01 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041cc28faf02c47ebeac647f99f7cffeaad70df6513830d41a12b1d05b62efefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = d699ca7f777828b13679a9e2ca89568233b8cf479d90462186a5ce71236ed6760053f007e807d8880418b11746c59106090f408ef1133dc1199602c16de2893054d10fe7932718eb6e24b39c0f5aff302cbdee60e5f94961eb08f516e70374841a38ae86407ef2c2bbc538dbedf1a9e9e6e961263fea73e945222dd95b7a9e5a +S = 01818ab2f8883d5b580b7d7fdd6bd15cc59f59842dd14649b27aa0aac3666562e4ee8a716d8f9a6fe19bcb5f505956457fbf200b8f0121a070788a546b86f8149f0aa98f2c6439412ed4a00114259b348d1f9e583eaa54fbc384c52c518159e460582051afee2d4163350bdba58112bf0fd9ada18346891ac14888765a68d3475f8f8f92ac9e5f4b02480859f239405d8fd14a05ef95fe9b726affaef8c8d54e6cc3a01a1399b2c2b2eba18b7e3dd7ee337c0f108dd53c460112a58f7e6b09db540ebb72fe8e3d1afa5224705f0159aed4d94d4ec0711e58873682199c90e9aa0046f81c3faa3fb21a0a05991f0752ec7e1c04d9009fcdf69d68098f9eaaea6d +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041cd8a970b5e7e41f37017b8160a04e42a8bcf502522a1ffaa739d6cee0 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = b1d87e6e67cf95799888c51383d6e6cb4fd8eecb4d2959ac7e58ce8f5598ff69bdb8d19e5e55bdd21c4e75fbe178cbbb9d93cfee8b7d387fb5a6067fbac46578cfc8d3fe04108588c9de077eb009249374f205553bba9d0218b2449ed413a142eef0ceb7e068b744a420c3c377f1b7faddddd729e5484ee0ae64cf132aee7d70 +S = 3dfbf8cf23053223500b1cc0a4e43e7754f3490f33648064bb9a806d17b8412075997148a76a152e7becbcc26783fb0519df481711648b35ead7fccb9937baf37e4b86133c15ec2ba0311ed6cbfb742daccd68bbe8f1b49766366da644302a04ec1952db9fb8e50641e3b0cf9c04066f5d49cff593581beedda78e50615c5f42f31444462f59e1e3a8331c1494867361073e5ebb8d6ecbc5b356454a4d24d87ff4dae556442384aeb0cbfadb3437074a76969b8f213a4e8a0a0538114888c95436582ecdae288c4f142612e5ca9e273da165cade52674f7668dd170cde6d7f8e6c02cd1cb013c87ab4a5c71f9f04c20a0fee617968f4862a101726368a96f3ef +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 51a9457af4abc1b75f3bdd4a383b7ad79f1bdcea045b15953b4bc15ad216f44aa2fe716fa4e91d68061db3537e48b8f0dfc3b202ea1795f966c17ecf7332a3301b1a8add2ae67a523f8730a72476d2b45bf52978f9970abcb80215f347f4a365e484f98c2dabc2be3302bc0dd1cdb16c3c39a913dae25e245898f08ef763da31 +S = 9c7b10642d88022ee6cd2816c95178a5b163ab887a3b663c0236228b72a6a92eb18d3a0fae84526f1e17442a2dbb199402693f166d31d30105b7929046db4b1812cea8d7a1c5d5d53f785130cae9816b8254de0aaaeecac2992a1df4796dd423641d685e65478850a59436aff0f0ce36f1d3111719255dd376d8315905f4b3db7439ff2b0fda6226ba64df947dec832db48905a3f2d0d9a2b46f92d91794ab98734e0a7acfa0b60216f728a0a4f6c3e188978cf745e620cb3a0fa836c1a548e1b1bd2c03926473ef6b145d6fd99eb5d512632334a2588fd7b2640e0d893e6fff31350a467543ec4a18f51853bd4566674bbc2867a18de04953b1cca246a558d7 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = ad32c2e66fa67fa97cbbc8736e36a04dfa8aff5f734c75098fe711306e9181d6d87e7aeec7535b6e25dd0da5d6032dcff9f96de76bb737bc8daa944748a94d3c4e2a50dfa2b654195a9ac0cba4e0c962077ddbacebcc3bea5c3bea260b45ccc695a0096208b7b4d3a45aab8cdeb4be2eab7e1356fa73c8b98204db74bf4c479d +S = 1c0ee89d483230cfe29503591c7d002e1930128999e06dab41d60e55ed7fb191b068b2b7c606e0b684dfbcd7b43045f10cffd72e96fdb10af7062d1e3af334b2db7d79f3ca478ba4d21f4e2d9aad635c47c15d26eb86643ff15d5366074d009bb4e213902f8c4ed53f5f3c2e1ae0771f0441f68257aa9705a4044d6846103c75f83c96f3d23a450681394e0f6f816fdc5545d96321e90a4c0a90899eac77751933f502c4b6fe72177ac1e9d3f3a67b9db66b96b78361ea7c47317b742d6f6a941a55c496cf7fcdd73ffa79274898081490049612f580a8d1e7edc95c10902dfc0826be1066e489912bbdfa2c8d6142ce9e1d3dbd8c9a9b9400f39579589f003f +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 585e2aa15bbe0f218e5119f95a252b57ce65d9474d35c1c284de1ee79f2b9a88bd1364e8a19783c3aaee6a8f05e0cc022170b1d463bdcac61c2a01e3b8bd550638c5e59ce2c04aab367b2a14257b0a157e9c6411a9f8fa94970a6992f91401efb0bdd44485ff0de11b40840e21bf8f97cc321a8785aefa33dfc67e7acbf7474c +S = 2e02460ece0246277d4517b9c00d40ee669251ce1be2d8c13bcb67b7e90635d6a68f8cf7373bb5962ff1d182f3fe706ae3e216446527cafe5e763432141f92995002f6c6c208e85ca3203de5d6602db70c2302c804abcb7b3a22edbc120a3b59b1febfc485bd787ff0053cba05d27800ab41bb431d9b7d7ccf0f1a5f52eda8432fc70d1bbc5fc766b08280124df71d7432542d5caee7d88db6654510ee81c3cd23b1501679a2fc2b050acfaf9218d7c6d4b260f9e8b986e9dd9c158820379609f11626d6b35eda024aa545286e884b6e135ac3e18d52c9be687004f0a81fabcef972cd2e82d954a43ace6f1971d7311ba9f267b262303cb51121fde66e073e10 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d0609608648016503040201050004206510c46f56c48ac0b28992c5bd0fe4047d3baf1fc7e528f67b15f3b9188af1a1 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 790ba59678e1eca8ce7e7723488b181ff1fccb3e339df4df3eede794ae30add767c006f8c4a4aa5af263d4df961a01a1b6cdf5e3d6fb004761757f414b70a5cbf5d87c5a51e7261146f7693556946be27ed6b9fc5ded8e6799fe537b7f2e62b2e9fc0fa465d3e93693df3d0ecf21dc4a10be1e71109d27a9ae30692b90926af5 +S = 91a2efacfa4e8642b683ff7c17b08743f8bd03950a35ba44372ef1814fbdec087c033d6eceeee431efdc6a3fac97f85b8248a92b601dc4ea9e02a23fb921655f084a4035b42c0e491ddee05c4d3d4024b6446caf77e917d28453640c0af50d937b5d74b535acbb3ef9b2dc87bd3cfc80f24d2aa9b1feeae7b549c197cca6888fdb617c8a5a1c91a23c6299cdd1b7d292b0227634bdfd415cb6f12723fca2edcfd1176a485b2a2cea075765785077c84de1c50da27daf89407becac9fd9664f2547c5a9f66c9ae3c14ce318317c58d4c3d3b07f07d2f8a58fc10b854b583a628054cdcb9f7729e5707d151a4ba82b1d99f339d4f8a0674f260a8a6b8665169fa0 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 4cec86b6da42bda1aa66d9f6ee0ec6c30f4f575ca2bcdca198d2f67fb494aaba4372b5e9076f1fc2748313971f3eee2173af967da5840d74eb7246ffe9d8370a6c9f2f795b646a69ebd9e3b8116869c73d1af57e45b83b919f307f02d439aae8313a9d6ec068c51e772fef60aed45e3dd7581b69699f8d811dd249915d012bd9 +S = 89a014c41636b64663cf381dcc399355e2974e1db624e36d5fda7d3967417a3810910948813ea58caab8f7cf2dec7309d26d5cf7db0dd60a0ff42982b91f64f17cae9195f2955395e9ddc7335c441de9b65a0e252f98db17a805ffd0d0b9a68dd6be098107f1a6f7cd1292b2d6a9c23cd631c62709b72eecfb9fcaca2a3ff036984bafa785722c3fdc8398479ab77a3e1678c7af85f75f7a2f4f54a13ecddbbd4aeec7a96445c885d12aaf236a9c4058e3e669335f5fde34d6905bed45cd741d9a08f8501706d03c7f98b2c7214eecbf4759d661a32eb9c302a9c0057ab734b46dc3575ab42951298b59d3d8429339fb58bf035173a84dea90cc6354dbf68d31 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 13f936517eac73d6776695c1ff3051850e32fab734cc46c280e355dca079ef3949810e7edaf19c783c187d0e0c32d074fc3a72a276ffc405837aaf74ec5fe5659ff26961531c51b56fbecb6b28455e78ea7f7237faad131659d9f290eb69ac5bd8f54fe233561bf5daff85bf9d9182f9a2a9015e07fcb95fcaa72617e6c0ce81 +S = 2eed7fbbf583693f63e22bf78eb4d389064c21c37b66667c1b1994934bf9ace14c30279253e9195d176535e28aced6719292b064f2cf99124d55b347a14c960af52e912afb53356168d1f19727d19b65c5090c4db0e4fa9ea0ee3d3f28ce0a956f7011765bb5e58a14b8854e58e04723bc73de96278c78efbed70ebc8052d3359ba967dc91b1f982932baf770d2d2f252f37d274b9131e8c5d4607b67115bb18200a2ead70c6882ff721284d0d0876ee85e68dbefd4e3a9d5d898aa9ee6d2195c822fa02d74ec85d7a93d9688fdc5fc0c93d9c7df6c1519ce1384174e2aa5fcca3bf92e260274f2e0430ba4f008928d6ece05f0ac5a26683ce956fb7ed43f7b5 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = c81e98ab21239d9d887553bca6ecbc55a1e4593036f8e670080d44ba3793b79935075121d5bcaed3a5dce2c17ea9b0f35909fd08644283205602cafaffa2545a23ab18ae889a33f04ee0d9ce7f2d9109e7eea21b2615c81c03182ce6033c93783b13d698624392bd2a8a202bd0ffc860f29b31afa2f71c2bb85752c66ce8dbba +S = 36403d0116aa5bad635f855b1aba7ccbe7787bac4d2d0678fad33163c6a19e88fa53acd13646466ba5e11668752f52ffa3333c59d9e00bdb9cbbb9e549a47c700b1d8be5e1a778056bbb0f4d0a3266cf5b78b2c8a224f460a20b31963105236decdb49f4bd3adad75b6ef5331cf0d54c91fc0337a5ea3d1dc94e6182b11d7eb6690096242d84c174a0c01869c81b193156a730ed08acb516da3a2b1646da3fc8742191e3620d813fab2f4288768388b5c2892ebe6a42b7047401437b625b7d87368991020aa1f4831088343c51af5217334f852c49b474fdee6676cbf8d78018061bf3c398a75a73503e868468136afc187ec1deec0e2a852b454befc60d9873 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 796a46d728d7d9d6418710970f311d92f5362862f71df0d47b3fb63e51c35712f2cdb8b205f3668628f17e4dec9dcbb0211d2f1d555744d297a9423881da2473755106372685d2dd5ab51bb6efd9499f1cd8f7d5fafb990b43a262ba593665b98a5efa0d92766302613daf7b1fcddf866ed14833eff238a70792dc6ce3bd610b +S = 94c00c47cfb2eabed6ce3b04f88e797b1b2eaea162dac2e51fcfc8b9f9242c0f48f664f0b65ad4305867758811fd1cebc244f026684835b451e97e6806ad2427700f2d9c12f681b2d601fb6ead7953209a0c47db678ce0075f34705e4b1cc414f74574b4028bce76a69e160ae8180710b31d42950b66f70c6c28b15dbe38915e8c36d7df03ff5494a1265041a801c5916ff73e08bceb792c536608262d60ec34f4d3ffedd74127e9d5b237af1d300ec58bd4475f05c568978860804818fecea2781c96752821cf22164b1b917f3032c58cd47996e3ff5284004723d0c27a3d6439da0cfb725b991601a801c89a77f2ba174e3980d7d3f1b342c4b6cd16121656 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420e6689fb887124d3316d9609e412b959be86b7b02a1be76f300ebcfc82701a77cefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = ac481c957d422abb5ce8a73366bba51b4b718d83ed3c59d22a4f0464f59f3f78ace6664aa5eeb27c0b0cb0bae8eaf29e828a04d1eb88a174d4a027bea26f49e6c47e0443437cd4b29acb2738c93f12e8a5224307727b376fb38fad3141a95a7e9b17dec87d75f724b42ef4f3303f6dc15b3e326da99b818a70277c06fbd2d909 +S = 3da89b974fb03b26a5617a391b68413d62d03b7cf27daa0024e7b0085c1f542bd82adc66102c16c57c7765b1bee5ceae98ed54fd5fbddc1dc37a3a75f5695c49dc6f026213f79cbab37093a9549465370b7663f363a232c81ecb71074166bdaed7a558c5bdab0a20aa7f5c1eff0258eea42374ac3d4b386586fda7913305a602c33b6ef6dca0718fc330530e65f44d8824b4d1e137bcd3aaa9fbf0e4079cbb02a541971ce5a25d8aa91918576bdfb774ba70848db5b78331c71c26c0682b812d03197970e481689c39c56bf1bfb2d7f4c0d5c8bbbf5b3b6537f48572d5f79788362a0a7172f20308cbdc64f0dd9d0416bf09c608e915c070f4bb444e3b7ea492 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 8603abf63e1dc6a957770c225394c0223874b3ccf069c315ee26a2761519d9e3d5fb0c0197a57f945b25d9369f11284f831b26412ce6bbe36618c2318db11042ad9bb27ae881770018e5af72b66d31d8fb7ea3d7440cf528bbb12f4834fc6d70550b27c7fa5cb6d7d7e0143d6051e4a5e5c6b2f602857bca36187021d2a3f756 +S = 27d202a060e759b168e451c6bda8a290ce96aa70eaad61e65a37962a766b851ad506cd68755341f4ce2858c24c27953fc8f85788fe77f90d17e7427f6e487ee4e41bf64773c79fc1472e89ef66f6cd532a1f485adb2cc3952a15e5b93eac7cb2585f03206733a142b8ba9465653e02843eb5c70ce8d7b59fb3b8cc2ae8d0405a714fd55638aca05b0bb3b5dca25dc7230eecac2c8fac049a0891e1b986308814486dc9d076b780b30f1c2a9b8292d2e3c56ab2980c3b3cf87292a300924c30bf2633f272deb8ada1149d3e347f930cb5a4c7db035352915b031f524ff07889e1abd54ab5ce572c63d0ed3ecbb522e7a4d087763cbb712eb44ff81ced4a9ccc3e +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 44935b571d8e202a7c257defda42c57a4cf3deeefa104f7fd31e9b7c7f73ce8c959b55380ffb12a9fbb4b0b373ca3413ce86d5f518180ebac081f1f791b0bec1e3ebb42813712701305ed3e9f7ce7086024587103c4f831098630b68030d8f94974d212f113a87b985ea8e975096a15b4ffa99464efbd70bc38c90d6bdd2698d +S = 64cfae08fc369c5dac6c08609300ad79ecc260f52cd9ab810d536f776aeb9158e8745474c76ee9119ad1d3780f0175bb48e239998e0580272417f9129fc778f5679d277102551387e23ea1b0602b6617bd323deffb2c894e24d6ff5de645efc49e9165a8cb3752dc59f81e0e205eda79da7dd64baa300743919969a1a3313c2e5b211d9bb3627cf6cca4f406481b95bceca64c733ba51a04bba15c7977bfab4a776009b82d152279bca00699c91d9bff0e1f78e3a81e52e2367c982a421cdddd7dacf0b888c36d7b9ffb3254f8140fb6aca60138f196b1c65690b40476a371ac2f62899d253e730d60bf62559fd4aa3196098a0ad53c98eed2a0476a4b51f264 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430bbbab81643e08d7a9d84d488c6845a98389c05737c2c54103cbb497d3291a181a2ab6b4e5c376b90bae7af4405e178ddefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 69ec7262fa272d2512fe9281a0aeb2ceeb77a0692fad31618b0cff731a4cb43961f5859ee975fc952c6ffb0bb657fe19843ca07fb0e4614e501ea6e49b54011d4d60b3c84da06f588d4d61dc32086f32f6b6bf77ca8e79c1bf70ce1126793983f6d404c86fd30fd6fd3ecdde5feb8f7f088e0539c6d30124a1aa7fe206e2e3d2 +S = 3ea196268020d94c900f39ee2eca7e735e0cb478de58836b575628ef46c5e78898c2d76c7627fe36baf3eedf4d89c2572aa3afa8cb8c5ee3433e4c2ab7abe8369047d21cdcb00e1467ccd60cd2bbddbbccff5a7e0f1ed9d2d5fc4fb587d41ac538e66d9b559793e0fa8e44ea72e9c603d236f1c82c4ccf665a5337fb797b001ac0f4acfd90e54d147cb196f4169dfa0f72744bad275a748f4b402bb2cb2ca9adefb057a6400855483bb12c8e51909a7241f413ce7d84f42f8e4032acbb4a97848a0f2a3c473af3f6e218100b4d446616d55d55571c0fa9e178f502370008317456318115f8276aa1e569cf364efd5c7de9734eaa575802b0db421de6309c175f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = ab5e706303ef34f4f855722eb521454bd886ea281c677ff935b40b3cfcf7bfebcc2a7cf62ccc95f0ae34d5081724c43cbfa126c93b02c5e63a4870b1adad446a2b802adf932fa127f3a6be93a8d770e2c79a09b4bcb8fa423142de4b3228bb528e0684068041e2028e5333b6b263d4a5b8199bd2e7b0a874e34d5ef1d28fac0a +S = 94c98efaf358dc0ac76b26f7f52b6a9c35bd8b63f9517a5b679af3cf3c48fc4ec99e5c75e7b1ef27a4dcd5443f6f4286d798cd96f746c63c290e501938196421d691faf84a5009e410545c407d920b14174e66da700b457b8a8e2e59c094e33ab1f0b3a5a954cf814da7587c95681d990ef86c4f67ef97f2ebfefa600c190a49ac88cf1c6bcc8423781117fc1686da1ed0032baa42d00fa62c38f5d3d27c355eca2f4b79b57b54b7f97c43df57b546f2391f5328ad295a16b1fb6d5eab36dcded973a7f34a0c600bf8008b96b70a3e8ce0d706d16dc2c1f298978c95d4823e406f433a48c6c98e41341704abb7860120db033591eab0674e1b2f998e58926111 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d0609608648016503040202050004306234baf47b7e2a2b38f44db0a1103dcea4fe9e2f3c6b951228d1b7bad3672f8bf772a915bc9bfc52d1e5c51165c50adc +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = d2c5b7edd8611a62e537db9331f5023e16d6ec150cc6e706d7c7fcbfff930c7281831fd5c4aff86ece57ed0db882f59a5fe403105d0592ca38a081fed84922873f538ee774f13b8cc09bd0521db4374aec69f4bae6dcb66455822c0b84c91a3474ffac2ad06f0a4423cd2c6a49d4f0d6242d6a1890937b5d9835a5f0ea5b1d01 +S = a524f38bc8b2104d55275efdcd8f1bf9d529d9565a757df8b3f8bfa067d5278721006eba463365945b81ab4a504122021f8234051847938ab3eca24f95e4aded34f9e57a7b377aa16fd9379d0b703accee4aa78a015d0986e20c4fdc950a579494c56eaef8b812e2bb0182b74da9f1c0e1e3b56142481d18e64fa797293fdbf7d8d54c44524fe6b957a06ccd292edf0e0353b96e047813662a7326c42c8bcd1d231c6a486699b756fd1c301b1891da6d51a3e5722cfa46592798e91d8df31cd98a3dd0b725391a4f9c6fa1ba312471f8d1d85519f8df7ba66244c5dc679a1348d2d415b8aa22b02a9322fd2469f9da475a8d832862e6a0cf24eee957eafc488d +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 302093a4a99ea31b8a693aac1743663b725aea8e19c1e35fb01dabb001a1fe5f413c5bfa9410add4d4272b598e617d9e4eb1203d1d890b5f4793931a62a28cfe8be8b1eaf36946249baffba95bc014c2294dc7d8982ce5899f09bdfc9c583e71988d5b1ccd90b433656b7246854672cf8a96a70a9391b9063fe5f2fcb8a95be1 +S = 2efe346135008623c56353482a684924e55455e5e75746707de371b9b14ffbaaf5b5f2ed85bd7e28ce4e1700af5014bbd315c32b872d567ea214af56e8c3276cebdb0f597a6bf2b0758ae2e5d1e2e9334a53f838c668bc9a1503010bc5cb97f6215847802827ce9f88cee4233cc80a1afca84cfcf7368e4518e157f05447586cfdb3ad9b2d79bba5a6c4f7494375472fb9075d61ff42c7816e23550f1643b758fa26f4377dff2034f5e68c5889665341d482bd4175a286022f8346ca925e925f574cc961146c4e2c3e8ba12e083a0ad31394357d099c973a9ccdd4a7a6649085fc1d4a377911be767bc9f96df50f991a9a589c5d5d19c3b3e8fcf7127b7e32ad +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 634de10919c2ebf47f5520cccd2aa37f484201b015fdab5c4ddeaabd548f8e6e6625a7d172a478ae2cc6691c5ef8bca57ea6c2a586b84ff3005d6bc360074acb97b77fa5e57a6c75ef33fdcb119c96cbf588498b656b4dbc5d1bab8d65d83bcc1d8bcf4e1a4bae92f02544a1901d1738d570fd29591c8dff8da2d3e1090b48b9 +S = 8e11eaac64a60172d6bde00aff7d654c61661c4e3213bd64b6141294b3d2491bfba0040ba09eb060a14a9c754b1b3dc74dd5e6de8185eb1cb71eae7464b1511d0b302864b34c08b041528807301c01b33a4630c74b1e6fe829518962c380de8b9094f4f90178313a7d2229a0fec1a798056b871a25778813cd70b35e713cc83816549f11717e3dd4a1412251c1082df1c03c0def3ddfdf3d7cf1b7654e5af94866392ad32330f45b7e9491a4d1cc2ad64a3b7ebaac075cb26d5115bf9a846dbc29faa8302a5f6337fa2ba07f9987ce1bc729e67fe2e8172bd44cc79ea15ced0cb49039ebc4749713343f136b7c32f5760d403568a4a6bee7fd697b82d9d44983 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = e532de1004ff3af1c5cfd5459c14e3c07acef7fd9f0d731fb0b143b90975cbeb542c1dce5a4a70121aa5cee6187d0c18f8baff7e4b76ed94a9bb4266008e84b12b2c8945c793e8ad4244ad123448515df371e99c62e29da709d15c036b8cce0693ba8a3cf1e48a0a6434db91987c99d592791b1f895a6ba0f87cf956f1789034 +S = 522fbeb9dda25bc573f9112a9f91c17edc93e2768e3500b4e2a4686c9548624900f28c878fa71336798cbe95dad6c3905ac04e4709defb972c13b6a532b0f827b86a8c809699ebcce39f38d71612ecfbd030d320d709edf5a0b7ac3f3ea49ccf8429066a679d4a9f42cf2e21bfb2616918fd80fbb7507bd301a6c650efa802cd4b139f02f65408090dde62bd825e04afc720ff8850461d5f1444bc49ef8f6f4f06e7aae64bc0f9ef3beba8298603aad62547ab8e94374cc45f7165e08c612408fe29ec242b2db649475dc2b76debb660433a2d2af7c4f82fac4b858f0b715e1048933d54bf2830f6373e6aa1ec2f460889c33b3ff78a2344f33929dac1c728b0 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440ed1dda6011a1309b31409ff9a5f57605f8a6d33d91249b0c1e37bdeb6a580d334c89f5332a598379bb1f37127bc39366b275962c3bb9b888d6d576fe89f6ed37efefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = fcd993a231000dacf06ffd5d90ad238d5f67c86a9f61ea10ceb2995a2b31a1f7752b69c0f6571b48c00b05b537af40cfcf738f57173d899af7e5fb4635a5887b3ecb922524b15e8ae3ef721fe8cf42a0d4020c5f7d9101dd3516a597502b7822e023d67ac3f81c98e0850c42adf57327f57c082bd845980013ab60f681abbb14 +S = a05058b41fa7d48c6be9420c6372d559d466a85e174c272f7394cf3896e1b945ab8941462cde4042d1da2a8b4ef11b5de2c720595855190bd113d566d420b31d51cc87365a2b8d7be99e2ca792b94ecc5364cf63be7a16aaed3a723754d7491480829c0cc9fdc1791998f30ef80291aa756fcab57ff5f3e7fa2d6ab001c52e76efc8dc18f5d5fa2cc762ff863e9d6d1fd921376a8f20d4dfa61f0a4c389e42db2adb07d168d438d1ecaf8e4d62006a29d944b1b5e5172d99579bf03addced9aad16038997d2721f365629cc5b065f656bd306cd76a01cba35c806a476f47c7f9b50d211b90d882201bebac5204fcff51a28d7b95c12eafde637bc50a10a0312a +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 55268a860d34f9ac8071c4048c4d6b9e5475b9a89da448e178bc475122157b3828158444ce016206b21237a7adcc4ed7fa8b5d079a5f07d8f619a5d3c7a6465a339cf4de38133a534eb6e3e1481a03dd7c4e3cf723b33ab5030d80204bdb67bdbee463be1313897a9c844e1b27df929622e5dde10248e860e5c05fa0755be547 +S = 7150a5c72d046e51f58b5d2bc60886be8b5d95edd49ee011986915138b53dc6f1c20913513418fb9a5edfcf4a3a9e4c6302c5bff2227c81d447334c3faeafda5ab5ccf2f25da8217cb3acfc8778c22bcd1559180260a8d9a3df3b2e1c7f1696bde815b4ada1e44b50b500a0aa4b880ba68176aeefcf96db028383b124f5bc7b587c6c6a726e2af4cad35b85d25fc158fc44d34a5bba69fded3b37af8cab2c53233a6e363e153966e10d6c7606a23a51b9358bb964f49ea3f19af1c038c5a1dba87b68b5802fc75f8c68a5486479391e54e743ffb64c185286140db15fdaf51aa2c6173fcb3d60f736a460623dc351f035d546f75fa07aa496f65bd8e4a66913e +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 3babb27a2dfe4e88cc8c030cae74839c9dcb5ff5be29776bb3b2dfbb1f52596237ac9188002864684c470a7cee03ce84a85aab0d4dc8eba4513908dc549458d4f979c0e057063e879a5bc6a1dd8959f45d9d2c1fcf156169d351d038cd0246990d19954b04a24bcba380e52a38b2cbb9d5b9db1af3ac0df31a458bdf4a9e1bf6812b9c2469a8e384a96d1ba29bf009b8bd0bcb098f55523ff8e220ff2aadb50cfcc2eb927e9357b51c5001123a46016c47bb7a8ade6c62b5cae190a3c89b7993d130e279f0571643f039940c5e0e6c212f39bc20d014217ee8065090eb249237873bb3d05a2ce846d58134a4ef435eed617e4435e044471f86686db1572d6531 +Msg = 587e0c53dc96138e7a0d05f8bb10e6d7d8cac64a87e538e7154e06a2b53923f01866e12d3da2643b8b90576d1da9dda35d82cbb6d44d141640a385b1e781b2172c9030dc60a9043eda985c084a207db74a40fdda36b532bf3ec0ea4bb9295c2abc845f29ecb3dadf90ac7c93eb7dad5ac88dc48056247a29362d9e38d33b0b70 +S = 40f0315cfa6e8180e68c9f409917bf35f6feee875faaca6f63d41caf57ba81f1994e4781bea5476f58feae8681229546e0b0ad4f6965e08b8c4b5915a7ae72430c18e556c9ccabf9b2adc9f4a188bed3b70982ff3561290e90cee779fe0c0a98da503f700815b9720126b1c6764103df4e05aeb81adcd11792e38ff4f072b5f403e458459e2e40e453bafe96773c489a3b55ce8f3a2dac7b5fcfbcbae53d6b27fa9acce6c3d9da72c355e11e8f56290f75fb53bd41bd0fb822662d218c6e6b8148c5a058bc2a8855e00d7d432db7ec3207be1f106cd1497a55c46607989fc295426b2f06bd7bc4da7ed40604efff01f037450abc3a1e0a657793e782f8a2389d +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440f7868e28e7d36a3691e196c831ce747400ae162cc2850af22ee47105eda53fe7b8826b1599e66035a13e247406b04b27b4336859fa666279991b18ae997466c0 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +n = 93397894e668653afab24bf55c15071960a81157e680444891c42ac0cebf9ff99e3739e12d0223d62ea048e77ee284582a707050fd11258f27fb6a4e2b583ab37ed0799708e3379e41b191092b2f4631c974dfe81993c740f21bbd0d828ad398893aa33101f445e5ff02ca498b8a851100e8d50aa2fe4c88ee38be966222657f943f9bed73f018a4fd371d208c362cb2aa4d1cec9c68f8416ef00ded34f4a1ee4d59a8ff4c5b3deb33c504542dfbd772ac649c8313644a32205a602cb5581819e4f4a2b8150e63e20669690429a4b5cc77577295183ff6b760a1b5fb989f158107860751c7808c54c1c511d3057b5e9537e009576b723dc9073c0b03f28955e7 + +p = cd819c9501262da3cf149709f0f56e59c2783263e399819dff248ac9e674c5d1e281e2f6471aff294b6e1db918d1d52f20bd4777b1175440c9b40da42b1c6a0cb28e404ee6446d19cdf7559304a693400d94e826eb90772fec7835cec7009be5e6b09ee7052d0b8ed413eec628d4ba9ea2dba3e53fb6fb7491eb3ce3bb16e88d + +q = b765ec141594c3a8503df7bd3e31264a88bf76ada5d529ef0969724a991787e8630cf8ee8c223fb9894c98679235139a5424e778e72309f7ff60fd5766d3edf0aa21f82d13c1ccd9d75d7799917b7abaf05c1f2dac240dd0bf3c1af0d1f5600bf46e93da91bb36a7031436e305b427af5a090b484a2c0a397d89f92c5d9c9d43 + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 16ae604b3a4e9c7f1d616e2deab96b6207705b9a8f87468503cdd20a3c02cc8da43d046da68b5ed163d926a5a714a4df1b8ef007bca408f68b9e20de86d6398ad81df5e74d5aaac40874b5d6787211ff88e128cf1676e84ca7f51aee5951efee1915dcc11502a8df74fac4c8451dda49b631a8fb87470f0ebe9b67449bbd1640 +S = 3a0751f873595e6c75cfe668304ce23e37da8f2412bef538256db7333562cd7b7457506912e176b8af543d5e01eb9742c8a42d356453a9d2ea9b78d6774144e3237e8fb3c0822c16a5550cc8dfb52af497df73d30643b4a8abe07c8e04cb165909e030faffa2429089ab6ca3d88584a0669e4955334ad5c7d41bc5efcb901f7cafe0e31552da57833d595fcf955247545cd057781d58f27c9c1a835f19f40deed90628de42de3b3efa4ad1a7311e67ee3354f6234e7aace3d39751a84611ff53d3ba70a552a78c74094c84cd401eab240aa33bf9c1492d1e173750f7505966ce83fcaae886102cd139f827386ff3898e7a1fcdde095cd96165a11b47ad5a43ca +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004140010617ed97007b337d2736ef686b8bc4f438f2c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = b3d09ef22d893ef3cc09eaa9b2777e982a84341ceaa00d45956f73e484761ce6c61b31e165ccb0edeb7e0fb5255922ce27b13e4790399f8110730740276ba8032fa544919c5493d583cce5eb593a087bfe936c46f9ca85fe0646715bce93db6bf5581f2a5989ae5299ddb574d583f948b5110542adbd88657fcff95c01567cc7 +S = 859c4b66e9843f82baf341875b80215e16acedea013b10511a993b8407d72bd5dd00589d4016dde5b082f8cb0fee5f339d3e4167ba2399269e215afca6ec2c1ec3d572e214f9513086d281a4ccb5890d75bab00eb4bccc44074de6fef0e8c21237f7630557374da6779889016709aec7fe8c2999d14cfdd9a617bf858c941674737cf0723f146759e4aa691f4bad8af3296027f92fbb81476587f76759592cdc389a34d06d2bdab0bc87742e0013a11b571b58cc4990828d374268995b34d7eb8c09928efe0204cc349c83f575ff70ff3d4ffc9026561ce0601f17c8cdc945a59b44d8323a8c3dcded6158e880c7e1a214c2d3554e814a0b9c64f35724261452 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a0500041486b684bc197e2f935d2cbe5ddcc6f94830a4ce21efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = f41491a2448f0abab25b9f4958b6eb93343282e62dae1d2e5485f7c369057685a1230e2ba66c63d8e03fadeff33a612989f20ee551e784bf48b73c633791f4a47ced9ac80e7a6b26bc585cf4b588b95a4da10ccafec44094add106b52fdb78f00cdafc2183a06ccdce0f74fda7883b4d0aa645403d2d98d60e3d1d615ccc4a94 +S = 81007a0eaaab1b6205fb5579a55d50a7d7b4bb077eb0cdad18756b4bddc447cc6f1a427cfa32100cf5c0c00db6d28c371059e6341d947d843722ae8fcd0c81a4650fb96857ca5d09a270cbec62a2fcbf997b67fbae0763a5cc28f526c452b416f25fdca7bbaa82c966e7be2a5b0866da58b05e024439f15428b0815117efb9c08310e193e7e7a5f2371f7c2c2edd17616a7fb991c2e173b7fd80ae4537d38ed647c32dd16129e56600d32418575c608f360368b750faac157a3a43ff665a5ed5c545e07f413e9475e7d79d542356358f0c554cc206c3880406447308d1e0d1871d90a84ee4a43152488acbbeb7bf55fadaf3e8b32e01a363ca8e3935efda1e43 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 7cf8f94a517da2e5f856e8ddec29ab25a1a3b1faaf0eeb193326f92e7228ef8fc02d5a2aa1b67ebd2d88e245b9ba0fb8b30c94f6ce7a4dfd5f11e55d07029aed93f540bb209f8949839783f6e86562bab8dc8016c1aba24b912e7dcb228a79edbdf8b4e418614af2c22cd4d9c0542e9379bd7e42cfc8716a8f25c85e0be814f8 +S = 636d180a954780e947e916eabfcd4cfce80dc0cba1cae58342e142207fee42f3f6655ffb6c78f89fe1d2f31ed54e991d14b814583e8c84723263a22734acadfb5bf00dcd6df8bda4ebb3927a36b13bca2991094f1f92610dcaf953b33a4d1cf571085e297e3cca697e4aec953ab2134e23e62d176ade623e3e2efa562e7e0a87fb7ddc3a169325cd01fee10b2f6ed2012b9c9db99089521d2d15a15da86fcb165501eaf454bb36c8798e0476f59bf2a7d5eb395228744e266198032de0afe58cb10f81dadf57dfad47f764721e54f1248c00f98d7fd2fbbc5aa0998b8a480a73df7c2eff9940bbf644cc821ffa9bf570f2b24c43570b81c103cb4d0c39deb507 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 7ff7ba5d5e8aa7de3ffc560672a9c1b0f2eee1c39a8d7fb89553475617f81ec04a46b5b28c7d5e08d7f71f80800805c02528bb9be1545b90c1b184937c73ad115efdb92e8649cb51518b5be216118a52146eb25ca8d7428bc4cdc9fd9cfd5066a264ed57b5b695c1950132b59b8df56da708ee9059dfdab284ef3c1adf5dafc9 +S = 55fd6153dfbdd9850218c3b48a4f5e74e9aea999b7e0bf0514481f29b9491d62a4a4dbae2fbaea27cd4dea5ddfc17052d3598bc329eb3ec437d1001387510d7d0288cfe298cc5fd9f7b91c887d41d81d6685853285d67e874467c036d52be31ee49bfcaaee129a3cda168b59ffe523ef64f7e972cbda2afedf1a0fe7c6d457d79d9a73b7424fe6ec4290988dd81daa58e1fed69ddec52f8482a27da34b70114cd07f04591c5d2a38eefba0abd33d4c1f500a4073eafc5199548d7b96c772cac71cc02e18fa998f143132bcfa5e44f2dd62692c90e9a96b243ee20310fa9fff790b04a2d8811b46c5c97e66dbd5e36b03aa290cb9ae27ba94018e61430eac223f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 3b9ffc79b59b069fb97124a6c13d51ad413638c1e8e09dab2383f90be4db64aba111b80d9feaf446703fde0fbbaded1a3b8d65a20a26c44620225d17163f43f0304768069b4206bff3ea3ec8095f0062e21c2afc032af407eb938b06e21afce4f129548b320b05b24a5b8cf633bd512d3fcccff75953f4958ebfcbffcdd45830 +S = 7f2efdaf79621804a71b9fda74328b00a65d949b26f739e1b9755ac860c5ad7bf63453a572fc54d6ec790230ac91a150ec428c252f2f8e222625b3e3e65e5abe5155b55da30fc2a89e22101f15a841058ccadfcaddb5405738d86fbbc85d82062dc988a945fb2afb9a9c4d52494f0cfad39f120577931632c31a63f06a370d1150aa4a45441bb31ccab8f7f742f5419a14a302ee0c558de496c66002a02266154ddf2b5808e33b920493e5db1719c9e6f7f43a069455024364988ad622d8d61a5b798a5f9849cf29a0d59eff8459ca65dfd0ea1a9381e8f595ff72d59bd86eb04afe1c4b61c239a746eb102effa940c011321dec7675d99ec4d03261ac254602 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 16ae604b3a4e9c7f1d616e2deab96b6207705b9a8f87468503cdd20a3c02cc8da43d046da68b5ed163d926a5a714a4df1b8ef007bca408f68b9e20de86d6398ad81df5e74d5aaac40874b5d6787211ff88e128cf1676e84ca7f51aee5951efee1915dcc11502a8df74fac4c8451dda49b631a8fb87470f0ebe9b67449bbd1640 +S = 13c5d85a48e10871542ca7b6c7f7fcc0f86da6e9cca9fb9b8f36f30fdf2f320b61b73ca1ef0b9c07af8e675f32b7a648ca109885c006971e821f09a489d1f8b79dd2d03a20b5d9c02f0117bba86ce8b419c67b90093d89f2631dbd38387a847b9490ebbfd7b6818f70e09c3ac25223ce2199030df51bb5da8242d1dd2396c72062a60f481c73a830c109e74b9fad92d7a9a414643ccb2e392afd13a8deab2b4433b0ff5eb3c01892c71a00a3e2d1173506b6340f57ad27e54a4bc5e16d50de2ed519f300f2afff9bc2a39e42c70a0fb02123db01500bb79dceda3a33b915ba095fc1269542832386a19b3ef65f56d8bf64ee4c83d5411bd0b6f097a749556917 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c35674247cb0e952ef2d28bf3e3c63c34d0ea8b3f194941d3678440aa +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = a9db46f44d85c4414d15a62541906e6ae498c06e2336191174d6bdd16993f13485b56b674e780724a310bbd850e9cd06e03343e6b39e9c535062bde4fb832e588b538637763824b62eaf20dbb09181e35996b1e1fc172ea7331881e9f28574a062bc80adec4c85bf93fcbe768810f3c9f8c7f0a5292837d6c5fef22b76222bd5 +S = 0ac7106eefb290dc2681c447fae564aad0e73028927907b323a7e1c340efa53638349d3ff6f9bd393431f085c84bd5a447a82ac98cbe6100eca7becaefb20fcbdf3c13cf883538e39a7c47c92e0a0da716bf520835156c02ad30d357115e467f9fa1b869ed1e6e1736402c2df62276cc766a0916ccebd7854f0b6f14e88de01164491ca82ed831e6e2f45b636b4ac73a3a0e0522cb47ba1758dce66ffe9e6afcd09ee6820bea67ff7351a157aade87d7243e68d3a14824b07c0a831260fd4b21020ad943ab0aceabf2fd259a038d30f786ce3a60c6fa68a5d7b1901380b19912a7eb61da8a224b9f0d2109bd161de1d3892d1001cdda4fec492bfd1fb0050039 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c062e999e48e75ccabd60ec5e67bdede1b8beb5c89c5b8455d638b0f5efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 659bd5f2edf90ba229a140bceb69036750477ef4f4ba4a646565882ad8fd2d321b669d21cb197cdfc7c9c053e4460b6de3a1396aa09134538b1510c75c5b54fb03e195ffdeda4a432fd3db59cd96fbfc1a4f385234edd06e70cbc719049036d20354e6138f041dd64a07b8580d217a1ddd98a4341a96c6bcfacfd4a736637cbe +S = 8742d7f61cd01a1cda403f08a9f367dd2f62895531634920eba3de112e3e5dc30752533851ffdba2bb48905d3532e2a55572ddeeade4dea7f80664b243f951282ca678194d6b91a9fdbaee763b01823ca4037d77cb3aef976a90bcaf195431b3856c3b598bd2c0e9000970e49d0938b3492b6c710ee898fc719b40d0b5cd98a54de06cea29584361317f4d8adcb23b982479513289c4729ad5b39fedb2ba6a6cb83fff0c2dc35d8997b9bc0d8bbe45857ffe3da67655cffac7c89e33257bb08ce3d10610b53cde7d8b31d721ea34fde8f798cf91a866bc0a52a9aa03e24454e0ab27f7cc00219072b3cebd9883ed1fe5dd02d4b59536488931d5c6059794da49 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 25c6f8cff7a49f5c0b7c1f02e3d4b8935c26cd768f33e79dfa9bfdb6dbabf3a6dd766033f62794009095dabfe718faa2b29c021205f346a47670a6497fb10fc523bc4562d44edfe5956f93c15c4ab38bba3cf8aebd2b7f60161911d477f8a7b13fc02dc459c087f16131d2700911ec36bc2f36b0818298b721bec6c18c29c254 +S = 44e33dc3011088c96cf066e4a3b93487d86779cc770c43e7a7b5d6b722cd582ce8988a28605a4961645d9bfcf60b68a83d8a5f2a85dd07f358715fdcabcea43c2816ac12771e76e54c14fe3073e1eb43312cd0e2fa0c93f07b0c215220c59379121aba72fc7e13702d9152386f6554b12b0323cb42d09ac5ad5f065fe6b045e37812a55cc6132a6a9dce1a7928a974e3e35213719b3175f96ef87dfb1cb84a67bcdd5f5b15fe2508bb6815809404e0e6b1d88da4d7202feffbfbd76010279fcd4f6fc233b27a934601c4e3701fd00eab581fde1d2aee3e27ae9b7b627e208d013fd0590c3718731c19f105258acdfd10fc8c542982e6d86b7c275372b8112fc4 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = cdb5d9071fa3a040095d41253a6a8081200ed6f4aa095b455181eaf9593c7f255412e380e9a28cbcd345be172c40f72dec3e8a10adfd8a9ab147e9022524e1aea74e934807e5ef144a64d381f5d477fe883f080e4868939f41b925988c7d31b1ce4f318701d290f077a3c88b1b8cc89cfbfb981703b23ffb0bbfe5e115af35d5 +S = 1dd48357b45763f1bea1c5a7b0f346ca8aa1ab19b163e05c78128e5f9625a22a7b3b1d8c18763349089725fe41f7431bcd42b965ae6f7dd00ae046f7fd2161d344b471dee5ff1d9fd4d5c520a6facc3bfbd8650598b34ea6c94d684b0187a2437c529e4d6408852662fe70c807c1270427b02db59f04b8df01a087f3ea9e3c80894763de195fe7f92dea8c70a3bb85864e410a4e8313a836e47fcf5050090742fbb1eb64703d5d599fab43930bf4b8a916c134f4984993e2723c4a5814265c500da5caf709143899c5a5d8eb199479aa0cf68366b7e80ff21d1352bd2bac2bb2c63a8235a379b3fb3baaa416243eed20c2c861e4924b71de1a74bfc96a85ad74 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 14690026e93115e009238306861b8968408c9f320614b61afe54c1de47fe74eedc2f4c65bc00cf3e485815c5ec04874b0109e71ef23891b99e040037fe91930e080d91f9d3436c36fb6d42f2474aa9028971acd3c6e511a497e9def2cf161b345eaad8c97623722fec0d1375e01878f3a06df738ca42c044b1ac63f802b592ca +S = 0356405c184af63e2f550081e8dd7dc7138bdcbc44d22e6225bb4babec42983f0556989ebb8bd6df4fda3b1a3d4abf2659a584ec0790379c74c7bf156d14531939aaf920fb9959d5e7cd0d2fa4f86c8029e6271522faf29499d50bfdf1b20e68de2fe4a52a84db86a39491e0e599935c3b726f6b7b876e8bbc633d05ccbb3aecbb9d1e419bd2bde528f6a7ca6ab4c9f8638a67d9aeef1491af6c5fb1c29f76a68e981bccad09d3eccdbb2fe5d44a9bb23a10f9a0fd594173b126fcf145ac2a3420e78b6b195ca4630aa2a48fd62192f21c34e8885187489eef8c79a67aa079fd8d2811a5d41b73a1cf78133424943b3414dd183d8ad242158e3c3c956185a153 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 266a05f02ee6137da278d709b7504bf55978e432c215c5aa4cea34db831d4ac57f3eee07718504457b5be1ccc51c0279cd1cfed7fee8ba8785cedce5609f82e8b7b3334a702e16e9fe82616e7935152cf4e5e94b0b898325bbf9eef077b1499e77d1bc015469b133d2f44035fc22ead677db8bd610808a4c97745345f0db07ae +S = 598ea4dc537da91b6e9593fcb39d89f28fbda380f1b42858666b6569d40688929ced67f6df07eb58bd984fcf51a72b863649603b6e3be9f99cae28015959ba7d64fa4c0f188f849774760074d46131a5b78b712d50266feb110ab034b62bd67b38bff88eb5f04cc174c8c9e2d8f8daf6c33038a1a10088698fa09b6c397db2da169468fbe2eed851ae1265cfc05f19642d8d6ada114f4ff065e6b7b132d3cc498ed23ed4317a3d0f5c5462c9afd7dd196faede84f5f8e40b3bc8913797f1e23ebb3aebcfb23749207c95685ecf0e3f164291c1fc9087a49c88fca0b4736c7c86fe1a159b6b34dfd30cc626ef4c458f712f4a879a730e8fd6b2e075cd02b96011 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 58718b3ba6a4ddcaa7d3f7bd46cbca5591f95d87741fb852c74b004f8c0ae38a71d937909ddcddc9a8d3ec08eb490b61fb0e1f3b70e827a5eb8663ee57b5bc6f6ed760ac7f90ad9c6fc25044ffbcae8b4cae83499c60c8a15724db91540adac756524fb6d72713ea048a6c98088c797a8dc0d0d980f065ec150fae600c6f0438 +S = 29c5a0ab72d0219034ce32ed330a4b388573eb804713d98029fbc1da87a474eca1f1814dd61e26c7bed630f3a4f980734321d56fb3309c751953a4dd9110c293730829bfdc83cabf619b220818e30151c38e6bb9d304eb7204029f8af86209275b1b5fb84bdb12aeaf3013db78d6dc1bcbc23fbe3dd7eb3c3bec332c8453de3ddd2e39cadf7e062f00a682bf18ab68ed3c6bddaa9dada51c99117eceaf6f8179eb9a59e6143a56d5f26d4138a5c31e49104c5982cb1b202253a292786cdb94a2b383c9d96afaf83d52160eccbc42cf2568744999a662097b315ded7fb417a823e3e9b6c5f7a822bd58a4e5542fbdfba63f60266c0b86a363153ae0444e0ee1a5 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 35524c5781983f729374b6342099239157485a64b9cffd112b50386849c3afcdfe3eb5965174bfb5827d189756d5d64cafa60ce75f4a41283e0b21587b2e73752f314b8f38508172444e61852c71a4f284cfa00770c8bbddb8d425371f7fc7acf1b17609dc336df1006ffac6497777cdfd497c8c91525377c130accce0bc92bc +S = 77fa540194591f2d49a7740936cc5c909e73e970fc833bd8031dbcfcf78599095bc8d185cdf681c4855c4e4527a75c5552ab3611fa7788c424c3b051d1236fb1bc3e7b65421cbb1982ae623fbd65210035c78032476df3d64c8e8136c74c47b694a881479608568368fae8d7374d32173240e55e074e4a064f6309df823269f2a2477a5bd06c819b67d9c5f0a8720af431c3edcc85a1b2cac7d2288d90b446b62cb070d1cbb87234ec41c55b89318bd852aeb60779246ffd84532d08ea27e27347c7997e7007da4680f4b7872ab89499a1b0381c4837893fd0ca055bf1f0fc4b1682044190d40e7cd4b6c077faa077d27cf5a9966e95d6acd89f1dd1a61a8a4a +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420b7cc7185c6cff2f0237380831075de8079252edb588ab3a492e600abe24dbb7eefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 31dce7cc7c03a063b9879e0343e9b6461db1992333a941bfe34a8f86bc74327b8662cacc82dc4daaf3aeaa57dc5aad810c0a23ce58c83eb828f13b9b35e7410c90078d6de7dbccbe0490c8b696aa471334f6302e9fc0f0d247471c4e116e58c958b477d63266e449f4144048f8414ca59d5e0a6b90fa1fb64a337cc8da703d5a +S = 8be14c18fba2b95cd0d0fed4b171462b07db0b5e5edf5803b595182e97ac814eb929be28d18a8f45f837ce537475fab819244788681676ef73930ac28062082b6a593072b2218862a80439a1b9e2c637ef9806463c7c3120a01473ffd9df2152d871b83d782baf6512af6979ba3a9b8d68828716539c771161b81bdd056f7535e2cc654489c90ee5c1366609c775c760cac8d084ee6d618d25a70ef64fa631c0c4caea75296d97237da8c977e711374620f232e71163d2a2515d71e30985f84a3d4839f4367a2d273f0477bc677dc830302ac423364f4628d7cba5b92d5c9f37de4268f8d957905072f2cbb7249dad4f55909e41e4edce618535c7cf62001f52 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d0609608648016503040201050004207f3ac72d5591ed16096abd35813dc29dfaa0b834e2b57e45315b3731b4d7292f +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 2656ef08c07fc1ec469aa9c73b677af225a9f5f6f8d0e150d1d65e71e6677609bd44f5859de97ad6436ecf75d5ab76a41c9f84f6ed13b311e87ab2b3661cbff3ac7378ca65d5eed14f54fc4c34e3d7681cbae5c1c1fbd3274395e2a21d6881b358ab21ddfe8b4564d215d8553e56c4c68dc1c05f5ad1691a48ef9546f495e4d2 +S = 849d23a7f9dfd0956315dc9a60c04dac1d7db660c67d2ea57db40098a84d258b111457686821134dcde66990015e769311aa53e1920bacbf59d214beb3fb79cd6482601f5ac3848f90ebe864428d0854a245c1a51f40b10899cc08fc4dcaa6b322fbedaa7b56db804009a0829fea827065ff655c1f82497c5d59998c8a577bd5e170b4734b7a24f574db4ac56fd7cf96039c594e9a109c10185e69102e27105533d826d50b5c39bd964d88ccd2e0a467a668ce15a84014c958723ce6c09230bcfdded9839ef40bb5f80ec2073081e5e6565454270937b8cff537c0b065a923d173ad04a31592fe699e2424d8bf6bb0b947ff161a33b9b03fd69892a0d9a8c711 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 1c58bd7408d1d2ecbab294bd48408178d4a95be7ca3c89e963d8bb7c6ea5cd1c4f03ee4c48c00172f78e43e720b42e4fad039e26f30c339c3790f6a371383f464f86d63c7d0c58bd24dcdc94b13fd776d7aa3d92d7ede969ffae3fe07016109325cabd6d311da0764884a7eb814a42945a848052fd4875f8c21ade5bf4a708ad +S = 60dfbc77059709311bfa31a69dc9db4703d0fc44d715598afc39331e2620d73423f2cb8026c3dd9a133a7c0a62174448128934c776616f1f9bf12c3936f52340d4f034725a759cda95a743602805f0fd7bb03a8d6fba9947d1692f6e7615ae3b89f4251542f5c902f41661f443101da8a666654c86d3cd8aa93733d677d6c4e83b527def0db12bdad93feb76e9bf986a1624834de5febd2b0a970db189c878bd99d3ae86decfd0842735361bfb1fb0cf548a9bd43411b4be4b8db8db1a585555d9fc5066bbdc081ade816777cbd29723062ca7709429331bb52a2e5967948d1d6aafe979a9e12cbd20a30937bd6965d1a04e3060f72a46fd3af1127dac637a24 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 47611125ef346ddab85ba9493e92eb1566bad85e9d17f99664bb63900b4297dabcc0a74dbcf89ae2eecf12c899002cb36a10a876bd854ad418537f93f89744d3d187449e50a940c0e344b4d97b15b8b0914224ca6794f73c90e0fabdb2c6a0ff8b9e314032b0271c9fa3d9a56e3956b5e039948323acca75d34b1a35c0397307 +S = 2fa1aed1f8b9656c8216c2ea8ba98c67a6d52cc143816c7f83b5f72e572d6953c28249593bb01332ede6b991ada2ea1004e594966f1aeb2fff14db6ae311bdcf439c8c949de248d7870b0f9f3edfa11705de95b552d3a0bd86fb52476981df2cde1df65de3ad7b957fd82b7f98d8c6bbd4b7e2b65e143c627f5e4d2cb871326ced2f904947ec2250c5ff9d330a74a480afd38277909d4d040781947302ebfa6ecd229d93b5261eeb237dc99b9060749bfeb189f99e0164ce36cb0b64935e52870fdc8cef93a0e198465f48d7ffd87c9bd1b40a127f0fca14d559ceecade77d30486cab930ba50a3358269f641ca11ccb30d3fd21becdb50efb778eb10d424b76 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = af84a31d1c08faade967cbb5a016837fb2d1c0bc5eea5b75d4e2a6449b36f2c3307b5545f0adaac437c5d81bca89587572a8f106ea06c6f9fb5593a9e6e5341302bd678ca6ead2af4917489ae85e485aa95ec6a3bd8e2ec48ad0a7db0a4a95456e71615908667c566786a199c43d5b149d1ac8fb9f299cc0c97d6842cf0c1d42 +S = 014773de1e3486a2d54c7a0a0a1a70caf61ce94868902314462c2bfd9c640de7b499578230a41734a1822cd0fde610c487c1dad10e35d70136cb162d79c403c7408cba33b72fcafbee2dffad251ecb6bd4b082aa5350b194c587b8bb1ededc902df1e2e6eb03a5744c87ee49e087759237ea133c8484d62cf142344b56cf3c5e1f72998c531129f66e0458bfd4e8b1de1866e76e3912f680bbf8a96ee4f2971e6fcf029788e0dd586db744a7f9a0010a2a27d98b3b04884cf269f19f1937e8612cfc5b144b7aaf9b2fb0464a26f4013de9fd12851c3f8c9bf1fe6926fe512e0543114cbf9bd86336d7d2aa6c2a696a3fd071467784c2cd8f64e8bcb00fcbc792 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d0609608648016503040202050004300c4887ee786dff1356756432824889c71e522ca5d478d9cba311b11a51dae49696d1f1f454ce4017e74d9f45cb17b797 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 5c95cabba94825969c306fef29fdeb104955f9e7fdc63aa29000f57d1d41b9d85210448d732ea480a2ca9c785df4492d485405a22d1c8cb4413b5ef3a9d464b23ceed55a8b6d5b041e41724601dd114c80ea8d2b2e3dba732c075303a74c9c22a39745cbf7eb924799fcb9021c9f8c977780572d08130c06d9cd9d552193aa50 +S = 019962ad704a78fce2306273ff3a649fe973dcf2dcd6d0e692a592f357c9ac459a15b0bb0ff986f104f99301c87579a321b0d4ab9e947a9de47b56c0094e4ffa6a8949594348e342f8eda30e68f5005bbf72cef70c522a124eeab1d7441cd65dff7e1ad36bca0534c09c284e8e931766406b43b62db89472c2514c3d1a6911a92e19a0dc923919daeaeec53746f487e06afedfcb679b531ede784d9d6072dad50348e1d8f01094f29cf5cc96f6c1f40ab455be6c98788e9d7615ddb6a66b893913ad0cc63a72b9dd357ce086b2df7c8a106c0c363e3e2317e37815df69b22a9d52d6e5e47d8be17ba61b2b2019a0f85fae30e1d4f2622be50086848cb405d578 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 7f88a5d6178889bcf09ab7407a01bad132cfa7456ca0fc294f88ce56214a24c5c5cb9ea581c65aaa05c017a7a93f9b5ff737539969c53a72731ffbf7c4cc5af3ca10d00674ab75f73bc3244b631ed9177e945d1233c426ee3d0778e9b6a2d19f96408422779fa44c9b8923542f063ba0d1d00dda51078946b4268d537f365170 +S = 91584aee68fc0d4e7d24afcf4eade5fea0ffedc4d49d1d75e673029bb998ad170ee5d1d28a2779c846e617b8c9783119f4af4602461434a24c1351f737ae315868a78f615019234606a12e3fdc3cbb05d2f0cfc877b344fbecec5f71f0202b507df23e4a3917cdfbd1691fc69c509598e2bd7c71ac39a71a295ae0ed1531b97dbc6666ecdb830917f04cae848f8b18b8abf191091b07632e1632ff611432b7a50c0a7654d59506ac3b4c058eb16bb66174a39f933a4c389cc86c9c124a3246402928a3e3fcc8d35a817027c2c2448b792f2009548516642d75839b61c6e2d5b63c4ee4c0cd72e559be3cf0e466a4a566681b66b71089f67c1044157d78215e0f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 97e7bb62b6d35c8e423a4c98de8264c14eacb2b12f36cc76e54064cad6ef1d94d60f9db2e1fce4f610c2dc6ec68331e92a1962b6dbfd19afdf67b877dcb734ff8a14264f68531f83ae1a3c138345fb5871884d4c1656ed921c02efb66b259cb59c3f7dc0b1a1b63d048a960f7e906b1709419bfa480bf0258559340febfffebe +S = 6010444309201677f71890ce09e31f671208b2804c309a85a401b275eeb5d234ffe5fc6dad17fd9781cb00ccccd1d1260c2d7090652add1b635633170ef5e9eec6ab240c382a3850fe0947892870d0424bfbedd434db4084ba29cbe7c8a27b4aa858b648fb0c7096db4dfbaed09fbd7483a2e9d8c409f87c9a2a26984137000cbe451140da9bc56c4382a091bcb171c3da5f9833fd224a429353439469a39033f2e1ea20283c643eec651952ac9853ac15a8a8751ce72a443b41e17e41fb86e69ec0620660f65361035441700652619c9248b2ebe5cd83c00bd2b232c13b544b470334d7314704dde6c81150e54e9ce132a5aaa3ac03a931113160e93814e968 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d0609608648016503040202050004307c1b2374e40835303155d969bca1d02f901e2569823d83b1b8ef0221cf4af285fb3535d60dcafc85b0b856d7bb9229a5efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = f167b1c5e4e480c6d96035630415b83c9b2d137a2ecd6efa37523eaff2dbb9416e078dfae400d1e349b83c2a1f7295c790856a5fbd5c056954c29c8f605cc85766773802ad05a7b5dde10bd6cc5b10b994f0c47ce959942fa9c87738b56e69f600401ba5e5fbe982be650c2fb2d61158cef8899757cb03955fec377397168468 +S = 6e2cef82eca498f7f1bb521fca7f11b31f1e80f5d1face48609d78b2ba79b8e82c6800e92d419c4c48b7bdbc6c41cc2b9fcbd05627c1f4c567629929022baa4ea1b431f361b08afedec6eff545b682b8d9a6b18bf62f34a1596048f5455f51d5496c89eec6e7f8431ee271ae84658347df2d1a52a5acc37b0b5eb1438342da02f2dfe44e50877221a8623b1d1602339223748df48cea785f94c5ee719e95ebb2ab7d795dbf53d4055be0591e203c6ef69d6b08aff07be7e546f501e42c3192115b5f2c259c4ab2dc585cf37dd3ff54e89f0607c5e3a2f198e2875a7550bdffd0eaecb44adad438b3d0ea810668eabb123baa66843d1a136b0369332bf74d91ba +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = e946af251dd8b043a9c866cb4f5e4b65e5a983b4587203e4f16ef982d7b76891d67d13da5ef99d83cfa3eee3f3a5d995cc8ffbcb914ce6e5f3557f43a424a4571aec12fe918786104fb023352b7214fb50e072263f07684813219591090cb1e73ffa7439bc69b311b156cd69fead45c0f805b06d6a8ad232da3a04140d55d86a +S = 839d586ce12b7c22bc2e0d921d11756a9a65e8275f61307b1bf1d6e350ac126a50c52363f561e2d2f8edf3f92b9fd88af138178ee34fdc3f4d288bb142dae2e5378c50754da25eb541dd80e83f63a356c760e8efa03f07efc420109bae6c701fad5b8dc8fb266e2ce1cfa7b71f04f63c692e4b0aece6b970baa77914791e8a25e5100a2205811da238a451f5a100355b28abd39964d43dc0e2b51a8e2ddba0e94d02ef11a5cb2058acf3f98dfeb34cf939b5bb0525eebb17bb25e517fe3eb3e04e04afa892f318618cb66de38503bcf994c9d2ec20effa04d68a0df7c76dddf30e88e1fdf5afdcb2dca0e124946e7f39248633b03166027611deb276bcf2c0ed +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = c41b35fc1669b8663a14b3c37c87f27c2d1b7a539b3b1da341c74be93ab52b84fcfeeab942b854fa4a7fa168411a9196fc5cbb90e847211c4478093f8dbf08033a0d6078aa938cf95b2818b05cebb65d052a8f52e583d7c2fc49a43c2a2a0073e80e3c40364188ead4d5c1a4b5428a57b1509ea27a376520d104c5e9fa3e3a5b +S = 2ce448ee7ebf21be380247cc3f8472e440f3911128025fef0adaac37d4dc977bc5f81224dde9df193907c17fbd624ddb51c2b54c214af57520d3f69d12885e3b47cb2c005c18eac82b86d5d514cefc99794badd609cd5cb8775cf685ec1ddf6acc0272a4a58311c348381bc24c4b85626993a601ae292b13c3e8a9c0262fb8deac28320810e776c196454be73d5ad08f780ef45dfaf7704435f2b3141ef32c2d7ecb1f26398a0dd8c01c39367987f22600b07979627b391276d1c444ec87e430769fe22ec3e1d5cd4df358314282d10e2a4098b6658ffa44c4135142c2661f2a80d4d380b5ad3d2727d0ce12f1e6d67af797c3480100ea50a0fdb0bd1cb2a78e +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = c069fe30bbe18aed9d39d26f4ebcbd89a9f18f07982822e5795372bfc7176089f623af809ec15360dcaaebd8f61f8c3b3d35c0783871ce4cfe943cb6e4b893ac589c620c0d3d85d559a6a797db080628600d7699076aa968a4b4adf76374b63dae7d1ebc507daab3dad30f9445a0b5b8da21ba524f3c3aa23358ce6b8c7252a6 +S = 5e67fa94c7e19b66548220ef4e07769ff75d4e76917004492334f0fa15ffb8b14271301c170e3d325811bdfc1dc53f1b4369a2c0a99d261d9de59a73efd4ecedade05da9faccaf35d462057bb8bbbe29e3f5d4c383908c0b25006f779399064889441a84e0ce569eb474ddfb83cda6be253743693bbd551f6ac0b8cfad225d5635972d4e508ae5f7846ee3adb61958ef53146af42d0c6ce32559f661a3c3a14068b8b488f85d7e5641e250bfd9975653ad86f93ba5e5f57f5799ec135d9af7c529e6447ac43b114475060150e98ce86df3f69cabfd5a59158f0f8c4043935e0fee317901baf27aab76a2cc1561d969bb3d69de65885bfec00a522c5010fd2ae1 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = d99885b2fd968ed1385f0245a8ec086dbf33cd903c4a1c205ad0303b4789c677d74876df7a1242396c80708b2b6595dd2eb1f33fd495040e9be8577492ca9b2e1187fa92a7bea8d054c2bb78f8403d3c0c227ff890b4b1ef4405b0571b911f19ed1cb9d26ce1e51d59ec8b14f8c52714c14e1cc158ee4a4abfefe2efcb2579c0 +S = 0efe5b7647f3b6bdc7e9d161afe8591fd21c818276311c4a04a3922e7da47c9ca87bdb8d2d8b8eb267a335ada64db1f19cc35c6b9bdb06589233a834f106db34b75284f943e7426edf57b63d3c23032fcef1cc871530ed003b3a62d994caf8c4c10a90528af67824f5e5267b2eb284c4310706aefe248d3a2d98e922c859be49b71c0278f537fea1586ad9658da5c59ba11b6abaf2433500be32c862796de6aa58fe7955fa51845fb4e304adec80941f70e27ec24f1c6bafe0f2746fa102040f2483ba7e3043469c6138adaf8fe50b4274d9548b30ad0bb048af103454afad3e536c2d95ae24fb2feb08ac0f469551edcb3fa36ca078a469c001d5637cbb1bd4 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d06096086480165030402030500044065183a0ec842001ad183a8b55e9118f29757c477ffd30f57dce02a218238e0a400d6a509c69a74dd64b400c809026e9e3ad8930f550b594be664491b5732f3afefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = ae898f661a8614a533fbbae90eb5e9810ca4a205b9327845f4d3dc7f51de9ed5bb9bb1fd5e9d2f3bc4529c8c3dd86f248512ce1ba1fc9a640a3babfe0df95d6e72ef4b6c5cc35add7095fa0139d5a8eecb57b73da7a95103dfa4b9037b41d2211aaee51adda19f7380ed59afca539dc5289ae5d195e1a50abc358cf4615f07d7 +S = 0ffd86aabb2861142ad2833b1b74cbffd660755d58081f816f28639bd6cd70b6d312d6722f14e4d608b154891eee96ffab837e472286c528086fb323ade633cf1b778427b504701bca01c1a8cb18547cdc3af6afd180a65042c072c741525346be008dd2dddb53d63dc7b33458bc59fd50b35bdc291a2760ac545c4fd21a37b710050fcff970271ab9ef51fc5953fad7bbd28e9d4f84d27c36711afb3ef2e21d55a3f5cb028667c10b23a334ed7e7275b6830588f4938f2c3b9ff795029c5c9eb3965bcd784ed3bb5a119d165db4ed808d388423059ffb091fcdbb1e6e5c65291b1e5fea5bd17e2c5f16be05c3d13bc8249b7f98720b300479b0a25d680cf3f0 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004406c4c610edabaa9eebb437d9c62286c4f159bb471247b77f443153bea722f2a86de52a83f4c9561ae581f8b3568bf9977ad8696ca8f310ccecd598238b3edf845 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 18899418d11166347f1db7538f58d6843ac6ad8ea66ab60c184b5c7577ca9aa99a5e89a587805b4e5d1ab6d13fd06b640712bd62d4d830ed315491b7b1e409c89522beee817b33efb59d982c31dd365da1937aa6aeedf68ad3049f82406c78996c3470882afe0ba6552b21b6ec97162d8026ce2c707fb76c27b41fc3bb05bb95028eade0ba33868ecfa617b98f829957ba83934f2dd4621e111058241e3c0e08abf7222f142faa81652c625deb28d2718940679869dc51fee3e0e38830914aaf6c0b670a04815c5265836f4e9895c6a2e99111e0156c92f3c8d23b89fff18442876678c2b2c40c5a7c6f7cb1a3d314b689d48f06faed34047ea1237df9a3a2af +Msg = 0c84d0c19e69926823ae89727d7dc8f27e2dd6a8fe0c60dd2b5c2a8f219b4bcebb089a66a86264bec1f3600099cde47a56545845c0fcec24985486ae2b44feb027928ecdacab8467a6a13ac35b7048674085f8c71181fb21203a5aa6ee02afdaf82d943dd3cd5c2b7bc00101e9ed5e81e3ca9e781822f59d6c158ebd9160c415 +S = 5af917efcb50475ef7d9b555885d07cb1f38149cd8f0102760298131cb6737f5d085f2762682f98c5e5e9918d9ab5ee4eb6e94989bff59af8ea042d0225d71690bbb770ffebc0610afccadb9726c9fba0ad7c716a0712fc4ac4e14ae7c21adca56d7349e68440b3244ac4afae225e7d70b68b4bc80fa9ca6a0b5665ffd831acd05403d8050c35d95caee2d6ad1eb53523a531e87efcae11cd225a102578f8ba6fb4b907f22b9515eba4449e145b9301619d5445723537c16b8543f524f37301989026d0b4829dbc5386fff11b74e54be9f8203f2a2cb16a2181f1a8767f1f161f650f7559da91578b999a34a2eab985aa96231b7200ccc6f38c2a621ab6b190d +SaltVal = 00 +Result = F (3 - Signature changed ) + +[mod = 3072] + +n = f33d3234f13272c3b2b6821ce4805663ff2e8b0d2a47de363d97fc9cc879cc6b40f9e53aea695dc538a0d2b558498829aac327eacbcd889e172b34f90745c5d528b7e82605f1a58fd228ec7fd4b6f476f393864f48dc47097c8a780a2ecc02f748138dbd7df99c52d822a2e5154c6047fb0eeb4f49da38edcae3c32d3fde435f291f96cad1e09e1030ad7efb4944b69e074d0d7964becb3cb86238d8d293bef3030d141d14868bc21fa133e9de1115f749991cf86ef506e663ac162b2c8567ff131a6b467a6f564d6c588860becbd88970354198ecdd4f1f4baee8f8bdaf7255835385f5673625f113550b123628a0be3994d91c3a19a82e5d73448dabf684ee6794fba7a2b1afbee0287e5a11180c29ce0896795d52ac7f408fe28e8e9116fe0b61a1083f95c5227d62d5537b5040b79e21b3a8e83c225bf3efebb2f808541e97d28a2468359fc60f588e74faad611262064628a25d8d61f9d03d8b21cca515595aaf2343a759b74a6a8afeffca139a389aa281995cd18e16a9cf7b7ff0dddb + +p = f3fcc6aae575312778d9e896acfd7c1aa4c5524f20453e8bab255363164afa7124b2425587a077fa0bfaf61b12ef3f0540dc4c9e777122a60610a53d1d75b0a5859c654a8ddfc2ff4860758bf5a6f264bf8bc2baa7551eb7be23bc06978be992fc81d890e07a3abf95d20eee3f6bbbc089985cac96395b473b2741c66bd2ccbef228432f66b906c15b19694dd786c29f06cbc17b2e6400dde4e3db85819382b3d05a4c3009f092d40d05ed5b2e0428a214e15a7aca09b47120b9ea6cb4084fcd +q = ff36fcdc519fe10c69aa0dde2cf3bc72cf2ce9a54ac063d809b523f4e5d7ddaa5413d500dc21f409ce661bf33018b748fba3966d874bf96f4313eafea9decfba71d540ae0508161a3658c4762d94ebb3a4e228c45661315db30c20fbd9e20e24c044e4f0b49e6ec80949b16e0ab07f3d32b248b39f48332cc3686df05d29c170a7276acdd129259aaf018ae3afb49b6e0ddb9e404a492863daee7be71dfb11279047794e45f399a9665796d32d5e65956a13a6fbe992b36bf4c842f5f519ac47 + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 9d1f17aab0ce96c4d83405d1e3baba1dffa86ecccee7f1c1b80b1bbf859106ce2b647ae1e4a6a9b584ae1dfc0a4deebb755638f1d95dcc79b1be263177e2a05c72bde545d09ba726f41d9547117e876af81bfc672e33c71442eb05675d9552df1b313d1f9934f9ddd08955fa21d6edf23000a277f6f149591299a0a96032861e +S = cbb358cb77cb2f130b7ad636fe7ab00d1964ebd5da22bef0139a6265a15c6638b17ef3d84a588710adc06d0242085f155bf5349064dac7481ed79d62b3ed60121f010729b61bee45554bfd5d494afc55405fcc1ab8eedc9c6251d2d0512ccf2e4f370dfc523215a09553ed2b7a46e8bb0e63d1ef0b09664b42c35e303e2fc3e2142e53a0a11569f8dcd56d47542618e3f3aae3790e1f531240b52b0a89f2a24f018116e513e876c8079f3ea61210da71e481ab89934385319de3275c0d9fc9ab33ed8bed5f704ad40ceb364f21855a5f5cb1e1d2b580ee4724fdf61f308d7136160127247d4db3486170cd2183047f15c8cb54368085f595f6bcff02675d6945a1d9741768820bed442fb03d5087e793b62d3d0d37567020475268c8786a5e5385970728cebd6c027aac15240ace0f0beb6c29f656f6b3f3d458d20005e41aef294de9823722893021d9cb621b29c2730cda7b6703e3a66edac57019b8404eaf8483edf91478f294f88907e277bcff47fdce9ab7f772ec256122530ed8bc3b48 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = b33acd11fefde3f71597af02e49e821354a0bed0080b31a44a4aa1064531a8ff749bc3e65a51a56f742ed1e46c8167b18fb33e26812a34792f6cc20a0688d4eb63b2d7a04a2d13235a6e3b2c007e42aeeca071a5c134b70f11db403888dc483b67c632c63457d41db09d16620a5bbb1352ae7ed430f0616fd6dd421933f4aff7 +S = b1f3ee7bf9b57da11da3a557d311e0d00e474578d3d798ade0626105191f6db1d8d66da0a35259e40ff746d9c512478d8972cde6bf271f679ba2f8e49444002ba7f94b65ba9250bb5710587c9ea0ebf31802abb7508a785405f8ba7e0753ae1b95675d4a89227a93a96f3f273fdc3aa7fe48b94e48dec9ab2fefbbbec394a84305b0237232394c21cf31ae14e5b938e825be9ef35605d0200b9c085cab040833623e72fac9f59a2297e17cca08d3a0e11cecb5b35b3b86238a48be38c6c03f7e45d7c5495d55aab57bdf8edd871aa9caef624466b09721ac7d27a74f5ccb3645bf0690d0396fb56e424b716df6bd9e10becf9b7b10210266d0ebac4cded6510b02528ba2d3b5318b7e8f43462dda97b523b6f7355896cfd8989f8d9dac98e1f98f125d60a5d382513426565f3b1d1f305c59b2b7f659c41fb796aa6936e4e845c4ebfb14bb62b2883edb1580e68d52d62e0143410f5a5d2e8f7a2d82107b2ffcaa64dbdd32bff2d3228ae115cd86a27a3292ff43d165b174e7d77f6dd73402c6 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 7020d49c0b19cb515b193fdd410abfa3638fb66e2cf29208145e2608214e4debad45d1666bc08bfba568cbcbc78dfaab21d07d79e91fddb17fe7253bf5848c87cffd54dc07eef2ed55c56faead310e6508d82f04674973b6153121b82dd1c96a5daf27a6e98c4950f397f42ef9e045fa9f0f94b6af569d405ea4e226d11c4bbb +S = e4ce05162810343296c8c774a21000f647973dd43615237b9f753c522d32aa6ce6742fa8c9b702b0a074ef8adbd17008226e7718c4c94255b01d7870cd5cfa3aadcb309612a7b0661ce1af202f7df92885a0f70886b8edec606b1923534c75f3cda19b156a2c90f6c412d33e2e0045b6a78aaa2fa991bf61417ce8f2c74a50aff9cdbcbeabab3e404799a8091e5ae1637933272b082d8abe7305173b0ebb619e4dc1dfc77015861c073e24de4dfc28e0fd95edf45cf540d7ecca1bd30cef47fb5e398c16e7f7e41ab35c932235464a91b3eafaecb1de97708a35c39730e58a39a2af7ac71959ece442e00d42e7c1f2885c49e5b799bec3d9735e1cdc85a4c3ea58b50524a51552f230525c834c705c1f1252f85433e42043d10bd5ceb42f8213d8e9db29924cdcd127f97778e75c1626b9fb68d6f0baac56d4cc30d0c03d80ac2f92b8ce2e15a7500b0710ffadc94c54a67a9b27c5531880a60491bfec5c78a7febed2c9b3e5c45474e156ad09e966e18f9f74ad2d60710c63e6ef36ffd478b8 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414a695cf2db3cc4089154364865e1f75073a39e420 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 856d1fe7642047ed19e96d364e5a2efa2c85a1041fb33b09dd59f038a4479b12c223a07c5b16d01367c58dbffa832e8bc8c4a5b4e8d55effd8cb6b50c2badf79fd277750d7bf80049249f4b1acd9e7316446213679df0d95355ad2e5aa0dbf493c61ec8a5f831e69a25cec33edc4209506f260b25a370e73fbed6c1ee5aa042b +S = 24b57099a2e8840bdcdb4461260aecd17534f76d074c765b9944bcddf9b31572c1494b586d0da7f93e7d25fcae44804562dd13ad676b61e70d19fec98cf6dd2eb917faff448e29b951a77b1017a8650d0061bd77742e04a44c79bec6ce141bd264824b6e553a3f761bf583e231f2152cac58f71dc7198e675e364103012aae9b45a3d1a7d61cc25cadcf7d061bf36a10599a812ec279a996a486d46984ff3c10bdd6a465b93eb1796639e499d865f38b4de2b14301d01a359f36017ace359ad1e3c8c223ed74b00c6a113288e64a9c610f5f06d537edb11f520bb4eeefd055cb3560fd8b4d56311c5546b07ba1f3fd0d3e105f3da24f3bae8ed44fbeb6512fb66cf155e3e61475436b95f196f452e612aa9890cdb48938b29b624094e36f651bd305700b39176273b54ec9abb996e644be39496d8b88aa26dc5d4bafc343b9850c0201e44fac6c1ac69c4e408ad5769bf58fae1b8a88c160c0d193a2c807375a4550c4cf56c947a9afd9498fc220a469affedecda22bf44a8f6f9bafcd913948 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 590c04975accb7dda8c07afb60a7dec74d2ab36751b787c1068c6933a412f384266d871ba851d86f1417acbffd10e103cb19ae22196f2c655bc5152cc494cbe067b39c289c274460a53cb34791d511f76100001b6acd215cfa61d91c3e4655676305cb26fcf70396a45817f9e49d778c57072fb80b796d8c2b873d6bdbcf9802 +S = 8913d37eb20039be9bf34df63a3824f13f20324a3c2c2e7adc705f418c77d9be7f127e406d765501663b551e4482a177f58273483b51b3bb4614054ccca4a157eb6f4224b6c0b6e4e2b92d11b87fffb26237544c959125d2047165fc8dcc2d5766b6dd7d79abc37b79ea7bef2169e80e74237f5574494eff54b15f4ec7a5eed2e982a3b8d76b64801a37d888b079ac680b0833b51c2bb8a168c63cfb0a96a8817d8512fa4812eb457c1ed8ce0d563ea021a34e644e70689595a078ef469dea58a334207c6930a5ccd82307311ec25cc56807f2a9160b5d738acb42925acfbd4206bd92a24946e2a3fd8e04a1226e472be33eaaa5eed4c13eabca68ecef4d9c005b2f132eb827872235217622284833e339303162d866133a007e27e88af86b23c451a846eb393e05af713a59a929edd2943e6cff60aa906459c667595154747156c52c39bd369751a7a7f926bfb7e42bda447faa314a7593dfa4a06bc334ad9e52339917fc65598f06ff61ee6d7854325d40284e12505af8c57b857887f15d29 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = bbadf4bac5fa0abe2abf1e9993d33b798c5f7476dae4d6bb0e809be75a6da0b3a4ca1ad4d99e8423841adcfb9f1e0ee2a8ffb16cf888f15d513ecc0eb6e882127f4f4618ac433a137ade9a99340d37894c4b28f1aab0bc2f442bb356ef0cadd374c5e250e7f114d83495c23cfba69fb69ecc42cd98661f7810ceb686adde0a3d +S = 257d8b3a2fb7ca6d0a78adf2b6e11dc4865c63888422d0795773249865d18519033508be2811d797d564687827eed35cc4c24bddc548e7be68a14cea7e8e0a3a6ef801df2d41519dbc056fdf5cb23dc60a9b8e94581a8beda4f4e660f699ba5a649bd5724a1d48f88552c3129bd08e2ac8b0ef60ecb938d4039a2fdc648b6afadd04683b40f144e474b8a99b3a81fdc623391eaba2111dc5aa812e3fc6b9c8f8711e9986c0c2f012cc1a0120c79004eae424dc4c90f24c8f52d536dbb50a101ff04498887eab4d2bc76902c2587a3b32ef3a8a58c3cbd11a9dd14055da56e7ba011bae74875fa631a0dfa524fe396b6a5ba1b92730adf17b2e9bed78cde226ffbbbfe29d3add1c61262c0ac9624f1feec48aa73de41627514bebaf76997b0350ea4d590c6cb59252c9d693020e7887bebd7a25f1769433d39fcd3dd46625208be410d50ae16b4d8fa6554be3d94a848ffc3211a915453b45a3328b001a5b605d686129a4cf4862b5e3453ebc42c2a11fe180adf5c12d50d361128abb1555aba5 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004149a135a3d21fc0556fdd6fa7ab0a3b1e4ff330f9fefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = cb4029c463e243b9f901855447fa2af302441ee117a3622a359fb3ae8b356675d3cc97428f6b826b922831e7c3e458a91e357d2cfba45b5093198964c0935784041cf925cdfde7eef72e83ca9310fc3be75e73f1b5615d9bc16429fd8d68224267199694a50038eb30f9c3223fe8e05065a84a55ce4430b3c66adba07a1c9059 +S = 3f5e4b911aa319cfc15e4d6f7ee82b12a7bf827dfd244a5e57a52bfeb04bdb9e29a1cebdc4ebb2139906c42a5ea92a6737495d35d43ddeea1786420e57d994d880625f0c4f56594f80a732b549c65132355d56c8e7acc857344fc736a7b3168e8e892921c12c0cf8ae7a5d66a9d95d4180b1684ce3866024eeed217fe3d386380aab1530513aba18703fed501984820d8bb050229daf0467fdf13020094be24d8fa8cafb8a6774861b4a2a0e32373989fba555141d7113804b635c0ce480818ab755c87be02aecbd69754f68c3fea89dc854996a05fbd3d5f10cc7083f893297c63dc384a6376fcffc8cfb170ac7e0363489832e0c3e9b0400d928e05411408b7b12b653a1e4aaee79ee46fe892cc64fa21afa202c763b161b7d4f1c32e7bfc75442f1a3c31aede44374939b64c264f9b1833fe04172ccf818108f74634384bcf0208492fd81a77282a27987a9001754fc74690a021880b7f2324e65a084d88c3f4486fd974d50edf6c206ed616ed9376f1855a13b51c914c48b3bb0cce759de +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 58a1db581148b3b2a3f3c967d69d3feae7df5a327e122103dfb4276e640ca59b2b11cbc60c895888ce6e69589a958e51af92233658d6deb31b1aa4e53401a11d42f897e13f617634b5f22e182f57c150ee1f9c6aded527fdc96d9b30c9e3147b031ee7b2921a353fc246c0ae7f2bfe700d4f6cd8f959256a4f75b3550dfa253e +S = 3b93e9611a492f19acd725d92cddbe696e97f29c5612d7a1c57b7cfeb7c70bae57cb9c75b6c611bb1ba39e48dc99ba9ebc091d7ecb5124bee1596541ee337746c86c6280a2db0f434e13735148d39db23e594ceaacb36bc29fe005ba204bca2d90cdb083e9972b227aecc588f601427c8977ace25580481db532f580cfcd54f56169fc2f31cd00f22834cd4ee3c6d9c5f708a9d26e10e341771ce65ee4233184506a17f891cbb633fc4571d7dfcacb949523f692fd44f08cadfce02b6fc54bc156a684c9a706742d5b2d33f45b01001e777ff13f3b485c5da6778526e1f80bae0a812d80cb2bbe2fcab984754b3ae9532e24e9c930ecedf50cb554ad345655e25ad118f40e9c729efc53c67f8c9e533ed434d57c92ee71fa809aadc3c6c82aa4bfde5df4b1a32d43981b9019c04ab9b32129158d302f780c22cb47249a1f767861730c4702b8f599b594aafa691d423bab81e8de32ce7a6e988839a55a94c198c8b10e432ba10567e8a01d264a9f2964016ba1f070592abf8f1eaf25f5c06f39 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = ad65063815129120fbc5875461c916131cf2d47084800e5270475cbe620d7959fe345228c1995d9befbb2ccacd2042fe11f4257397f4b55c558abb289139c504513c32a1146a8937bf5d0fcadad398acfc549d4384168f0c8a1d6be016a68f768fc6cc2a764fbcfc54f355dcf0acbf25c65b6367b5af4569f848936e571c7eb8 +S = 2f264e0f5c24603eda9315230f23de193fe6ccece8de2d6b0ec8ead9803798b7c66b9ef0ba801b029c86bbb35a743031f5ceaf19881948cf8e2dfb52a4c7353de5844863a8a6ce407a0c88dde7f76f76b8a548930f902c974462299a9065a2a9c90b639bf017f77cb699b2c255bd18999757ab616b39cca6cdbdcf176a0057620c88bf0727133b3c5607ea13a454b45ed8d29178ea182f54329921677f7ad9b01ec3b0dac78dd82319f5b04d9e64da052fa5b193c32806a3dc6182d2bd2cfbd7741130b5d6d32ccebf48183d8b552186bbc8f6f6ddbcfeb3ac86579794bbdd51d9b231d4520b7aca40379570861f09338185e120850e989b9f708fecdae37c95507a46eef059bf7cec22a8728d03cdc7a758e85ed2c7d78b61caca723a4daa85bc6acb5e72c59fe1ab459e9d181aa2c3b0a8019f510156d76b0712678019980f2377d1ad7f126fb81762090a394a172513de39d388bc52903725f20d476724774ab0debb48e33fd03c7b48765cf91270245b42416b504c97c335400e36367c06 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c1600b15747d006f8765132be06c17817a701f2b805bf6476a1dd5582efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 0484eae59ee761e0cd361909a014b9bc1260356bdeb74440933a1503e9913d3f5630f5a0ddd882a02761f462d4b813de1324973f70cd9789ee7e447f56aad7c4ceadc840ad5541c58ea1d2f3a4c866594d7d76dce9727c5dec1bab9632b4dd459385cd8db86586992c7d1b82b64e9973e7f63a0befaedb02b598b01026b8370a +S = 74e96c2236f61bffc5830647a50f32a09b5170c586d38b83506c91f6337bed6aee942710a9288e17f8e9fa3e48ca99c23c8dec0f963f8a28c0a55db3d05fac86a67039a6c0be46d28207be9ec12e389bcea525386d4a0500d64a3d2b846cac4c5f9db7fe8a226e54e28e6524145680e8aec1b5d5f531e7cc5595e3f9973bf1b682574ba48bd42d55b240d2c9b6929b4a8fe8eb6493a2a7aea700c81dd8126c4f5cf2676adebfaf8641257d4281945ec771cdb4e45601ca20a19083e0844b8ecaba048ecfd2d76c24324f368f7c20563524271cbf5aa4239ac6259a3eef2c80e5f78ad3c7bddf786a090d7ac2f0b7e0fb5851c5017f9bb84001261038f79cad754d183662cef7676caa122fd0fb763944dd89de28f06fd40ad4721a02618b1a0e20056e265c8a2629fb57df29646df0ba56e94682bf3eba253a08fac1925d39561090d8f36c3b5068b26484e134cefaa7613898fb12c4a93122b7224771745ff115d4f70eef1e47c0a656ccec2d0afc46ed9d0fd5b29d151d23f59723d3818f1b +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 469ce940f2675abe473f931292c7fb141eb1d11ab62fcb1065aafdcb80b7fd9ae647451e871dd85c2386291154443845cfcbfe23e7b00b08535e6eda300bd59b4aeaf53e97a22cb90400655b74e83d60069264c397f345538978e909c2fa1899f7efc2472add9efc71151199fa9d518b4c6ecaa0cfdfc1188f6237003d6e10bb +S = bb0257ed939f61ba105b2381a70acae35915a625a5728e29287bf0b1928e7c8a82d6b7ca4c1d35c6dc22b2c44895202f147390da4a1d3e64f416c03ced1f2523d586cf3b36046fb221efe1375fcc2d2ec9f1c0ed979e901573b2184385098a0fe27d9263ed6054410a3230f02b6258af4f183e82a4fe13597b5c805ad22536552b222c065627d4bdb929718bbfbc21cbd8e7d688a350ca2d36ed325c737af93df4993a9cc3be1d718cb092f48efcfdf21eb419de0666e3bad14abb09ec86890dd925c54b228b8efd5f491a5d52bbf508f15bd83e912569aeebdf9b570485df348e2cbc42395674aa69f3aeaf0c9573a27098253fb36f913b332f90466b18e2e78d8c504cf0eb835b5373e2113969f935b710013ba340292be2be396256d6c6559621fe96c1fab4b92e0908f71396b8dd2096ff1f2edf1ac6a31cb3b405e0ffd7c41b8edd1de01910cce15461176e4d2706665fab3cc1c9fa4e810e15b59d64e9a46588e0629d8cb16d60bebefdcfe58cd87c37c0e8497004bc42e29f024db067 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 207fe949bf4eb76dec39e361e5153fc593b59d2d10607c306681e8bc9aa19bace993689d51eedafd53c11864f8810b281246c32cc43717f844438c0fe013797c3f3c68afeab8be870a979fb074f20c2fe2214e3b832d984fb788e87d13fc2e05ace2b0269294ad349a2540eb614f88038dac06045629465c46b9c2af3c46036e +S = 7fb366be277c3653fec8f65d741808e0e1676da31ea5388d2a87ff65d7e9dc032086be8b0f64642b937a8e0e563ab44b91e79003bd92713768b6caba087c973b351a340f3cafef865c6631da91e2eb55d9ebebd5d71c094ee8be88c43caa7c1f6a698070594d76d5b036ecdfbf0f7a9f680b56e6012230b1b91171d9fad3b8dc3c4ab88949acf036968169b9efd622cb52f485a2ed1bb6f65ed848761a67da1f67278a04891f663ce4bbab7f691b0ad1b8b4873e9bb4875d5627d581c262882f16d2c5f56e8614346934311408954b77f407272badffd3c2fadcb8a8a43441d612f6ba1d4ffbc00fdbf7fcc5ca0c9002c43f47f145ff0ffabb8c5760d4abdb6eaa01487555ff1ae4ffc632473a25831815f8e37b60cde1c85a537de9a75b5189fd5cdca65284165ee8d03082924feeea8cbeb72a1d5480fd2be13c4732f2f98ab7ffbb085c8f6c796993dc10b4c1187f32ecf2bb8bf592c3ae117be68a30e8c92d094e674a514fe9665643befd8e2c545a14e1b9f565eab37c3d913e18da9652 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c49c8f2542bf9c2bfd41d90d2ec3c717718ba9a1636f5ad048011cea9 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = dbbd09ff7b1c707c2bd52014adbb773ceb146aa72637c8724f5ac39fb5a5acc4e18bfe04be599e3ffe0f6186b870cfd2565527f5ae46a3d06f4bfcc7bf00317222e885959e03c6531da3d59e127b63f25ff9f94377d63b34bfeb6d893b4636df667da49a61427120503885450205bb05d0a9e879c70e1a0409df1dce709e4473 +S = 2e4d98c10e126e544d2b74bbcf0a4f03f081d4725a6661c0683d3612b01ddb2dd6f0391ef3679f39dc0785b37ac275f0d6841ed3a44ff7f6a407a085129a164faf63ff2aaed18ec6a5f7d27b48d017a50b24c8c4859ad2bb680ace5f3af57f2eac2d7337c0dd7403ffb2e8bac69dfdc98e62a07354b2fc93d03e499ee2d126647edaba094196b693e98cb98ad2817ba3f7f522c8f786b6ef82632ef5a00d5d4f42db6d26709909ca751aa8174037c924628852ce78e2829493d6c741d3558adcf713734697754e55e7b3bea0d8717da8aba2b2874527a0b3a8d2e1433344dd6bbaee1ebc7fa352539d94c6b45f915c6979b8e18be8934d28d770806c6ff893660dffd0e948a8cce11ac870507f88c1f86caa875ad721326dcb4f0d5ecc2d2538c4fabcc6c756ce4a59bcdafc44568787cf2bd9650486da8c85fd0b87794547e179e498cb6a5b26f71f9987d703f2d53418411c1f9a3a2e6705637b7bbda9660641c0eb037eb432b2d7515d1ffa99175cfdb8a2a4eed013b947faa4bf1c3cbd59 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 4255d5da3223d2f6e33c43abecea1ea7926f7052eb96a203438efb73bef867723f3f77d88928a8bfa4aae8ef83ff569ae3fb4a4a769d951741e40a1d42e33d2d57188ac35bfa593892d1a13947caab78b34b19a12184269050472fc11919730851891782f1c06dcb745a75718174a4a9ca06e5413474ded6385f744789c19169 +S = 6fb009ed4d66f18ae694d6e383196b02f4d82a1c7a755ec4989af1e2f7381355a5cb0bd7b51e48de878c74c9a2b359deecc55ffe4e67c8de5666f7a23144a7a67cdfb0a62d0135d4f58c07fe467f044c1ed33afee03eec57f8a0f83b451f145f1eb598d3997b67d98b5d05a6b28d74eca249af0129ee680b9055704d803f32ce93d77fdd0455f5002fab33b30bdc0c8bccfc6834c9a260168b366ffa6f0421324b673d7e697cb266a09e03afb0ac6fe89495852a6e90d6e132b54eb0b899bfd3d9b4b84bd4ef4b4566beaf2884acd26a27c0241f820d6612fc8fe9c5f4810c6a6a32c924a7b532b63bea39c535aea33d50eb388d5efb7bdaab3864830c225c642353228cdf3e0edafe39bb7d9d9bf8143285b18ad2c941ffaa67bf4d91f94ee1abdc9e5ec6f141ea0df5a27490c51d0b75e5ba470c9e02f071063f89f7bc221170f8b67203ee6997029d53848868b8ed144651071b14eb96da6e2cdb9b9f6183f548d500270a20bb1cb2e12c4a43c5bdb3fb97b36ec02617248242e5a59dd7e7 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 3a463bbff446f2b5057c50da18fcebff0f2c5be7e91e4144e91d88e2f486ea233cdab6ab1b10d15c4130fb85121d54564ab21f98e311c59b38381d6f6ad6ea56035ca67ad9567edc36fc9d8d3504ad206fbb9b5fd7549b3de3806d0ced3fdef0d8f59194f6c0ff1b2909bd5a4959fe44c66e58a58f8fcb14321cff224469cdd8 +S = 26502431034a0f2baeaf1cb7d8fa138b32d53f808d6183270dbcb24267c71564377a6d470ec42a02a7e88711c8c1e46a8b3868d15ac81146ad6c9ce9c40a1b09c8bada5020cc52d3ac2452a1b81c4ed0052a79c6e5cc275a032a816698e5f39004a340c13e52e9d672abaf2f5e230dd9f5a40eb250e8743a46414961d347a8828d5c1eb290fbad7eff81c7204bf377b9d9f4f8a2067cba6a6b7a088491cf42eaa8b201b5d8b37033d6db81454faea89417d52dc4b50ed920ad1e863f083e1f6dba595661adfea362d0e7c8b10a55fc58a1202fd222b4354c320dfa1e466e49625bc0c80dd620ba3cc2027ada7177ce44483f5dc8caadb3ff7d812524835f402e0d691e0be9bbac2bdd0dc6881e85b0ef46962b8441c89f7eb2a2d14bde8d2ff933dcc0db390f225f2322544bb95b34c2c2e59e6823f56c048508be7a3011a3130983185b47305477b19f3c701ff3009342c19dc22bea62b4bd2ed221ae9c2213b3026a576f8e25d72f9c72468e61b6cfd9530ccc1c183e101df9aa3228e8ce3a +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420d65f865a519cd429cc9d221cdce15d51363697e694b2cd6c09987f0310b5e8d8efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 631b9db77357d87e004b61ebda972db826db2b9f03c913136d7f5e2f601395ec406fcf96785f768162e849f867dca77667ab0a195a7cd253387c44e31776d20393a59ce373c638578a70aeccdaa8c78100b188f4cc21f99a2f3a2bd25a76781c24640d86acb3a668408c99517e261641b994ad199fe1104f185e1be6713b119e +S = b3fc32b58ff28bdb60d7080dbd90e369d5b6ac8567f9953a3155e42ad86f671134b77d5f00cf1b686708da2dbcafd637b0e1c9dca59ee74b1bbdc339aac119661a2a1f3f837271a67c5788bf309f77752c4d62ddddbec71bf7b066acfd08b96d840cf4aec4c52eff42bb85038d78d668466458dc7d69621206ee831726f28e49a8a389789d39733abd67fa334c4ea1a39081bd1c086dea0a091e8eecb06d413799f88711084310c30cc824fc8f48d0a3ebdf481123a30a5535ef0c8649ff42746441bcdf3a7ffc23cc13c5aa75b2fd8a413b0cfe1388cf724cc105c182615902f91caacdc7617e349a553738d5a329445c710787cb08b87332a91ef8fa1ecc4f86a7c56d6ddbeb3397d2f92d2f325d29fefce33954a6620e3bee73411f11a152418c5cb6f37e0305530bf510589f2918204584a9126a3372fd7f915070bdba48e54c596d8693a9d18f848bd5a53982e8c8c33fcb3959ccf4a56d3b942917673aaa9246a5baff5f5aeca056287cebd950968308d535b1a62a5aed92d95d9d6c2c +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 50af2bdc908dfa76ea44c19958ba61f2deaf29e663434a30bfb98acc157a3c14635d6f2a57256695654c482f16ff193ea369e9e1c2344baec04d0999d0e81617a3c5c48438b137c2f64f1a24f818908aa8a16ecd8f1ca75d6b22082882b025be376f93b3db385745c5d79f3fa50fb01e15df207171044586e9bfed42d4d84f51 +S = 6b3f7aa014e45d369cf4cbfa86fd284af19ceaa355a00f55bf242f02094135e899529b0c64538ec409b60b6c9666f8dcc61fd6060c990954f8200cf6a477e8a114633fd8c9a62c0e8d1d171ccb5e09d360d42d868edc0bc0750338da5ab69f53ebd8f9ee99c55d9e1cf6bc9e9a8d10db7cc267adf5e525af09568c7d6ce2f59ce8c5be5562f2ba88d561f1d46dc3aa765b3a3a2f5f156177d5de5e959f2beaeacc2b265fe5f7f3638db14a97d673489faf35be8579071a09e46f48967d46e251a7bbf460fde2528e36709b5b4e13a51ee53423bd4059f38a1e3dd2720dd9c037fb6ee048ecded10e5d7c199fc3b2ea4404110e5a283b4feab8048487984c6972ced45ea31b1d262f0b071ddc146f4db71cf43b56ff887679ce39e9a6a3e449b04f3d6bab80ac393abb472dbab9ad52eea3b936ff414b9eda99d710e7c836c86a60755b65cbc0135b71f87fa96897c708cdb69d6c6d6d4ca5fa850fb6ad9b2c0eb5483b3641f211b2bee68ef6e1b32188099e7752d6776168adf7f0667f7b2017 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420e4a129a7ddccb2047e91b87062a92c5672bd3bf6238b5d2ba1175f37f458790d +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 5c78db3e64375eb7325e70272bd431c10a71e34acb58f215c987313123ac67e1633a0a4c62bd4a76666b526f8efbcacb70baa05100db08f8b40ec10fe5559abb791336a6bf660cf69ab7b17ce2905a2e07ad9dd8f755770e42eb93657cc0c9e3e42be6b342dcab1d166d18b6ee3aead418736245796f4841bd43309cb194fc40 +S = d3bf9e41c55375a032394a403ebe35dc800541f87ef67f9de42b9a386b7ed0f78403eadca167e2f49c5332cef85c2bd821511c721ff4b3bc3fcece51bb10921838384da4af0c40c1031617067656cba8eb2d2b7f1744ecdfab6874038163a97cd08439aad0b8f959364a0cb0154a9606289909a1a6a486030abd1dcbbfc113ac34bace0b84f1b7f9cccba5dbecdd1932f7993966f5ced9187692d03b8dfd99f87c2903d72bd7c0acbb942c6f1f321d43a357a21f6fb6b78f91b92346ec2e577cb8aaf9e7affd12ee3d27ec9dafe50b5cc874c374d2e2c1bdcb22f1b6105035c393e4f8f23660e2d54795757a0d1729ac12e053aeb239b7368eb991278f3a0c2f72c551cb90b96cd86905389582641d6c029c6622b2f7db133191966901d83dabdc5e634f6c8ae59aa54e6c0c2db7a1f573b825102777fc8961be82a624e5ce01244ae8279794fa5ab2fd62590ad8a00c5d0b0ad11a0154d9bbc2cf129514bf193c715e49cc75bcf8343ea017906dcab061658083ae11fe7247ec95ba18cca761 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 275a91aa97dae189c61fd1b7854d49899d9406d958a8401143718a853103f90683d088b3a71cbb13dfb2836144d662270a7acf0f05b5dcf56c701640de63ad73a240d5ff332d6b5cfc78dc57608643aefd0dd1da3283722cded7ad1b6b5eccdd0c103e3442f4398ba5d9a441e1473345ffb5d4e3e6fc4add210c17bee2dea06b +S = 270c4cf3272ae89db2b9b2be30ef1167d1b8b67307e40f97c81c3c9ced0924ac971d669e6c0b35ece58b5d4d4fcb4fda5776f81e99db9f8ea4ec5d65ec960f2feb0a4166019e5bf856246952a9a68567703e505dcee51df9827c51dfe6b13eb6038eba7cc3f3443f0ef6f28ed06fcf272255ccfb31f3a956a36744b878af8eee1eaf0e3ff1277ae602f6b3c1940697d41a5acfbe1bed9abdf73f7882c36647f2f8566d3d5eb24ff8758ca4ee72405c4f9645a2b176ee0dceeed37e8decfe2a3894d6d2118cdb7295593837e2ef96335066dc899a44dccc93ae1aa1a6d2548d074be21170e3cd6c73555bfc3a95897ac9a4766573008ea7559a08c3ad3c21bcdc32e4dbc7c5982f279b036bf790ad0beb6b129d22d834bbd74a204d5d60bf39a3fb4ae819b772dba0ada94a45a5fd7ecc79cafa31dba6762b5b51ee95c0651b63309004923b77c010d4b6b3df457aa0b0e5507c3d804fae26b0c384c1a34d1bdc998005226e81f2b9fae100776f5e3e410f53da6898e20cebdbcdbde9efa1acbb +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d0609608648016503040202050004307f87c39e3367aae5759a4d5de9ef2ce5f95692c59fe337dc4087aa11be86c01655406490b00224111fab085cb688bac2efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 88af470625e6b5be3358cf6a8698a5655ef321838f044746df83bc55b05e8529df0b120aeb1c7b3a5a1409705879f887a22a7b78a2f30186db5fb7b888cd4e8c80c6feea5d8ecb57ddf9076b8980188594947bbd0533091a19b87906e2f727fe3589138ec3652d7d86b0d0455fd78cc5fdda283a00ebe76c5e370b25060498e7 +S = 879c4df9b66227ce30e6403b620a488c72329b400ec67667a600bcfe3d0ea893f3051c8076eee81e0fece30c4153552ae2b2c774888657adb5300bedaf4940d6d6ce9310a476093b3590fca889e8ead464809be4da3370c21784e4740453df999bb9f7c290ea16e4b0e4ca666ddf23c757474fa9b0dbef769b1876e1eb553ee3a1c14c201c101164d5d1e5f628a7ebaf65c0f0f27f239ff67a4fe659d347cf50921b5859d79d86f8bfd2a25eabfcf76eb606b4151516c482c74ca3e54ede03e99086e61c0708e8ad9c94c1fe3640bf811f4e2c0e62d17d593f2e86adfd0798f04616adf9367b0f77f40de77135301debb490bfc76ba710878ddf91651a5fa025c348b6066a49853d6ece7bc79cdcd8ae709a77b96701c1ba9c4a91663e3790bad5c5c48017fcfd005a1b03d47d07dd3c511aefeb4c766dd19e377d2d82329a222b18ee0899e166cfb37c0b1b3226123f80a33c096fa4ba784719c4d9e52e60ccddb6da8575e705a36dbee7d97093f830283c71abbbb85c06daa913f96dede4ce +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 78c938a5628ba2973c2b793348ae3857f599e83bb26c930c026cfcd7d3a58da90c3091f565b2a3357b2566d424db774cffbfa08c50df4f9c0b2746832f6f936955b9c3f989b353095884677d2ac4be68d3cce6756431ac86478bd79a8b7b16f47cec367a7798985bfccee3f40573f6f5964821bf966a9411dd1f17e48ecffc93 +S = 4009022b370d46f9b15af306f177d7aacf5949bb58b68c05680eed83ef5b35b29c53f781ec1910006c4a7756d1c0e67ae52e7599f691352ad5c052dd6fa7f33121841869f1df1884489b18f4fcaf4b790f6818549b26f2c764acdea5113427c0aa6f0d0c3c688f10e572adb610240ca1397a96964861a562625f1a55c2d369017585136aa6f473c368d64f8ee85eb21aea3de696e3a258890c458b1434936f48c5725b6c81de0d2f9019a4ab27724526f64f6ed1e1dc09f1d828c1d6a1cb4c593d4e554e714bf55ef5fa2915eed46497215957abfe3c92fc06dfd73add5c2046a97b50c4d2366a4ff6c03ec4ea2e916f58240744456cf57df158a7a4c3c0bfa9cee2fe72ebc2d792a99aedfcb7070841a691abaed83bd55df0408a8555e8c58c0023d2000dd7589f9e3b5e5fc9f6448f47e870ca13755408fae7eaa16e2dfd4d41b4de4099b5e224222a520b87784b2679dcd66cfa94077b9c5756190bd25d13fb40015f1bdbb73526ab6467d0eb1aaa458f38adfd539a109eed0fc253af8e8c +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = b82dc25af8993613cd5f5e6e851dad20d155f1d2831f3278971addde70a82283655b9aab7caa2db075e933990b78d9ed763ac6ca3448ff3109e708a445b84df3452fc0533c46c2b0347347444fd7356953b80eab6531cf22152818ff9b818c6460917b79c1d6bfbc0fe5e398daa38b3a6fb80fa09f416af2c2c55316fc6ba97f +S = 03ebbcc4ce14c87345290d77a652ddb0a27143e11278b4083cc33a70e4395dab1dcc8468f483e6b8fc461e31e1d5331fda53e5ea595950888d05203b06316f7e5bbec3a2a3ba3d8917e56a657d04c0a8a8aa123119facdd323114f9a1ae78ff5d9295b4bb244443a4e3ada7c00985e74de8b295dc898ecd6c891331cd458a040edf8e8d2d9aafbfbad55f111265723bf9b04636f211d853be40c9119850c2905bf665cae93968363e82794faabcb02a2f1ea1414ff05c63c3f32832e7d786809603b41776554c973560e69c3d37eb295be53c5b9a9769dad97f4a99d15e11c5268e10387b1ba13b198165f78423b61e2c203de534f9e331c004bdf85d1413896d4deb83a8bcf8a09c26f43725ae9a1f0f6ebbba092803e498a9fa5e3d15042964596817ba275fcfc89cace5b0b566afa19fc3897223b2eedb48d1d5259aa576f3248ef1647e6c3bcd5d3f88f5894be8006147a4595d416404f2de4724080bfbdc5dd58262ca15f1987b09a80a2a38c8594e1d2307fb99c1336f85e7c0cbc8ce0 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 18201d59ba48bd77abd33ec87a68c1bf5ab93b471aab100857b7e4e6f08fadcbba050da77529e0b5ffb211ffc8a0b124861f4a592aad70ae127f9a938021309a4b5ee57ed45f47653c179462d4ded03ed55b147852a8298a6ab1566ec2dd756133f14ce7bf311b0fcac872f886694594b03742ac7ae26224c813bf819e0ba5a8 +S = a07673ffcd2d28c4dc9ee2f91ab9b1f7f59aba09779102f5832409a3ce9d9193ebb54fc122018602ecf9d52a0e29c137e7a4430253faf49ce6a5f25b7eb7245e2dc01aa870f0061cd7857a6f58e765fccd06ca7f35cd796aa016bc0198583f86ab714a044e68c4827f5ecde03f9c9843f3fd5c8448bd039b5ac70a6bec0048155a11e55f60edd315a560c5410210be96baab0056f0ef9404333d068af9a814b5e8be1ebcbb1cc746080fa7b3a09e200426188b14488cfcb564a8327eea01c0c1a1681552fc23cf516f600e596ff6bf44489f07db4167c02028eb6295c769fcab30df726aec31af2cef6a26deb01a918e6dcbe6bc16fbd21092a28418598e958b99d7db0157674ac564e03ec10bd6a59d5a87435259b5d74ecafa3c0209a6c20edb7e874f6db5fb83019dfa7820584aebbf93740849b5e63985b707e891ffcebf0c45f827933808d2a7374cee25694ce9a714f433017540c996c0b169a284a5b1b2d31c954ababb6f75d7dd060408e74bb09cb9be1288a9b52127fabdc2de942f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 6c49d5bc93d861ac46788e3c93d6e815966b90248f46ec89370c9db0553db1bd8cb81a2e77825fbbf8c39281cc11826063f131a2ef9b89ddbcfe4a1abf0447367117d289dee475c6f85fe32232072db94a6b392d66ed719063c6b8846a4aa2a0c46de416ef870993f1546767ec3f52e6f3e08f0e1cc30b6ad66bcd357d962ac3 +S = c35cc19c52d8727b0e9945942208234a2c4ba3f4d4accaf9b54fe161b5b92537838d74a94c0aed70e58e99cdafbab8d6b968f57d3af6b7a49d8592a4b381635f7ceeb25c4efa0cf8d6cd6c2e8b751143f11ec50956db690802fa0ee40640badc70ded68345255b54a97dae73b340e10af6f546dfd395d3434b775c6dfe29058d6c3b9531e968091f8e80f9f4a82439890f7435622b3fda11eda964dbc5c94f2eb7b66ac1e17b6e4bbb5a77870e8f03af62920e64ec059e6fd037574f31636800f53e506570f5352c99f04985337819cf47e8cc54ac38667e3406597f66025d05e2269a77b347f02129b510f38f898a7a79a71dc6126d3db62dc3dfe5faf7e917cff2fd6aaccec49eaa0e8a35b4bee78ca043ab2f860155ac2ecf3cb7564d8fcfc913653f6392fc03a675884062217f23543d1030704a733d077969d9181ec555c0f3808ec7d6bb7873787c296782a8c3d374039ed636037e2aea56cd230baccb692fe46cb84efcebeec031801ec10ea4fece8940ca6e4228bf5aa40206efddb8 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d0609608648016503040202050004300ba6737418933139584032033536d357a432e5e4b816eea001f2b4d47dc04550e24f47ea3060631bca744f42b3cf9675 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 08845a6647884ae71378c1ea0ebb9cac11159eb121cc08089e0a6ad0be83b8fb3a57a052473a1bb9c8d243b5c260642b10a3556b58fa096c3dc86159d61c444d5f92f25c2f7495d2ea251abff8c03eb336fcecc6eb53c6dbfd630226659477ece0fbf78ae77ee0b9e239ee10992153cbebe70acac22068dd46a2f43e5131785f +S = 06771fb5a09539491074d33f227cda5a26e630075870b00e84c0fbf47c98e60a986d5441ec0ed557c7b02db2394951b61d3ac76a94fc87b21ae77c082bfc0271c321a77ea020900fbcb7ce8ed40016279b7462df2da6e32ce0975c3a5d05cb03dd0e97b533f3bbaa352d579a2bf2d47fb72568f2a0e06a514bd1b3475db260f0fd040626fd8681914a28d49e6566855f02ee2eaa5e1e3e277e00e677c60c87083fa88785d48f7970fbf5e835e0b2bdecc61df27ea9fc7cf3f510cb234d25405c4f9078139bc85b92bd0e8905be80380188d61d699a7c7db0e087932c2cadcc6991a34dc2a6f9c2e9b659dd1527c51d6c41fdf23b5a14f5d8f0c3ed2f28c08223ce4450ca5e896a2ffd0f490cf2495956eb0257246afeece291b8ba7c373caff9eb52ab90462069d20e3b09f1e874dadeb2cbb599d2be0eea434f70f2d26ada7812f58b7edf20ca299ec53762943c628ee31891c26f69eab3242cf0d90ef1607ed56c19ff5af4d4be35334cc013b47aa087935a855dc1ff62ac5be945978d8913 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d0609608648016503040203050004404cfedf114d5b9205c1c8fa9a8d73b55d82c17feaeadcf7da87eb11bc021a4b55a0c0e4e232dbafcccc1423db05e8a917b5d86dd9854d2f9081c5cf7744d882e2efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = b2f46df8613ade16f5efaf19cd04d7ab3a99c804e0cdf66160d493b1344a9d91dac61b7a34b3a4392f5b20a0a345d37c7ac197c715c1681eebea267573eb9709450eac967c0c05ca5e26b6fa3f714c15a2720bd6a2ea7a3d90f3223fde4c92bd3bf2a6b300f009b2cb77f99069314a5efad3ae9a4ff233a697170d793b159695 +S = a411a40f0b95e8a447e09914a31ab52842583a1a90479435bea0bd20104c6423ec3ca53a42e8803d172996237e35e59952d32ad3484fcec66fb8ace07034928ed162d287125963099eec4b1f59dc835a1ca02a658771a64e20a5d4e2c83770a11438b1956bca7c586595f8cdd28f90a033b22a27f10dfd6a3de68ae283b0af9b9fb3fae6963b9177ab6bd03b7ccef9e482c3c6cfb50434212c341afadcbb8c62ec4b63758c2ff5c4ea4e6625f8ebe1b51dadfc902c572d7786ff0acc39b82a3b3dd14ecaece9db85dde3d4f13cf7cfcfecbc5de471316585541a19270c3ac94aed43087b5c03e8da4f5ce3ab7cb10567d57fc2564e2df03143cad78a797bbdbe86e9d5d64f9cc9f9e46a288bafcca13edfabd4c1914884d6984447873d033a8164346b34405c8c0c84e1ee88d480d3bfda3aa075007d7647ee8581bfdf91912df7572bb8ebc9ae22f8dfb308e983788fdf835e415e883a401cf23a426da1b21de4d904b5d52bafa91b969f36811e829d8bafe39ed4d78e2f30c2e60038d96a95 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004409f24b226f1c31a5ced2822ae473ff80616c976eeaf6ca63f2ffdcf92238baaf570822977f1c37aa3b53a03a0ae95c82b8de631b9bbbd0a6bb6623d9b8ef18d0e +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 68f05fb0d353897bd65d75d3b54f34199bb8e5803b8f78c5b87fb71ac282866303b169a4b95b48baa4546f4a228fd9f899efaed9155b0a2a321100423d3cdfc596c8b31b58750f203c2a0a1dbb8d88f873d0bba7cccde9eadb566f3a87c606fceadc45fbfaca671568884f35c86ec981f30213d4a90f9c6e7bf70beae8498371 +S = e7c726b4bc65c98e0468e9e20bd38fde581f0975031c56bc8a1b149724bc313442436f6b0742aa96fef392f24f4c6e78c6afcb17a9a70a686c3091a0a746f6e427023877c5080ec23d50c2c8ed063b5d435ba3cadfb0786cc0fbec7d4b834e45ba3d4ba19101beb4cd0851cd66dac7dbe6028a5a27873b81580ef817c0cec52dcc99e5d0a48400109525813c9c087b403fff944c08febb645d36d0635c817d543d319cb0625fdc8e098cbd64b67c1981da87a4550d6bbc49d074fadff82f56332679baf1861b9f09ceeb8d18351dc7565af1e4729dbfb265056baf28ddd980dbdf512e9d86faa6acaeea1744f6437e30a9ea6faafffd6a813e255215bc1ef3e3a6d2879c763dacba1af4e657a7aa19e11143da902ee567fcf6ed9bad15f952e7087d1befe7bcef6a9f14fb7d7cbe9e06ff583ea888b27a0781c1e1c46dbabd14d5688f25cab383b05c79dd4f500bd2be7c647cab0b12c123a0257cda1f0dab31d42f70b53adc07765e583a146ecde0f37fde7c0f93e72cdc56e734577be3cd1a +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 98ccc6f8347973189f124ecceb360f429f1aa6f850ce712175c2b24a7688403d06db7d26b3e187f4bbadb302220837f7017126eb2162a2cbc8d54dfed3070048057cc0ef9f43ed1d317bbd86af16e94ac7dda61d72b4d7a5ca2081231b067f563cb6779d20270c5ba884559fbbe88e0599670ed76c4d797821aa3703750e252f +S = 039f309c9e084736e33c0be61eda376c5ab9759a0ef9e47f9fe17ae52cc6bf878cc2bc6bc3dbd9986f9f1b971a5eea3377a919922aeca340d63fc414376aea9670aba138a831f75b4bc63ff3b1964a6d732988e6d801f4bffde8b36fe629e57ff3f6d6ca425a8b7d23f6f66d647aad60e60819cf00afea8003bc56ae59de98a4f0e87ce92f4a12e3641a7b4c9dc53027659f0257c3ec7e013e8396b5a006ea8b1fea2eb25132618f75f5903640bcafba9f511338fc234e1f000cfccee896194d0182347e979afa5b03402690f959329ec567bad325172c913b4575c1c46722828a99e9a304f016eb615664a43ad1bdb26e99e429c2cda4926c9005af24de69861850b6a0908347b2e72474df05c775b7cfb2360df99dfafbed216844931117462497b51e40b6b634863eb5043f001b6d3b15e61f00de1d9f012fb774933f502089a213ad2eb89cd150b46895405f087c5c93d7a9fb55bce4a2d93505d81f2966ecc6e0386c1957451d014892087d978422c612d226c9dbdad48a3aafe50bec47 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 112b7aa9fec5c7ac703a49c298c4e29586083296f79b099e6ec422d586840ed486d36e06362d6554f14d4d01fc39a9d2167e5b7350bd18161f66185db0c4127a7b3a67951bcc9e6d5de010439746e4f43b773e65ab1ab4234fcd024be621fea819e6ce1c56aa5841db7cfa4f11f67b411c7a4233b0bbc60f267f4668cfa4baa6 +S = aa3ee99d39ad0332ca48deeb68b5966962018906f1e2e97d0d711df66e600fc875faf8da141212ea9bc49b2934f19bcb26f819b3633381b23f74f0c1d486c8fed6f6c17cacaac222e55c8c534ca2cb3921ca6f0cc19d045fa5456b4ffbc496d0d3079f19d93bba5600048b783a905abc3f30fe4b33b057a203b5f9d01254bdeb02896cc11b713fdca55e3ecc67e243fddf19130e2f3c79bd984558feef0fe877e071b0a13323e700de83244e2bcc09a602eaa06bb39d832d58e30450dcd96b30052778c07d4b209d5929bb6cc80800c95963a24bea449189301b50b5f26a899739dd0a4af6eba05e7e625c96cabda3beb2e4b0d11ccf72252b2d524d76a104a6dcef635517d78f248c78837422ac900557e1671958116500c673e2fc9a08e40d4eff8d44146f43fcc5f4086d276ba026e9953425a11b7be0036ddba0648f12424c3359cd8db8a0490b1bab3b35d3550840b4937ad1986aadedab74fcab27fec7561ae2bbcbb16d28d173efdf049fa8a1daae66db51f4c03fc91d1cda85d2cddc +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 078ad6bde08572c73c5e94bdf0f1efd12da3a8fe7c035027236acd3e4ea86edd1bddd92ca601d012b7aa4e4e543caccdb49f54e35ecac7ee8b03b522a1b09957fe3ebc4d42dd96dcd4f9f2e215dba47749c9ec7369ec21571b21af638ac6f05d45980c4af0c1e6db2f70dcd738a803cb9cee7dffc3e7a735ec6c2541b270cc6b0225ef71939220f9ef35cf5c5b0dc291e237bd456333d803d12883e0694b2e891a3248ca36b838a8de27e154624fea5149857214b15ac4b4d67e0ab944ff5000552c66f833239f3d4c27a76cb14dd181d3f52a12cb4f3f9518dcb68c9db923e677d6f733febc93152c311880205a5b73ef323c07b87cd55549156b0452656f0f11a2c430924f426a22117c04dea477588fe092bbad1a4bf2a0a7b6befcffa3f91f4d308ff24515dae15897e9ab00bf755f9a366057b66f095573a9f881bc48e3711de800b3c0155c976957c40eab8834c7b7911d426fd7484e895fc8d8bb5ef7b562da7a846fd6bd013cef55ff3b11de43fe6da0c90b59dba4bb060ce4caf3cd +Msg = 7f1b83830b4da729242205b0e519b5243d32442d45f5a933d1b57bc54616613cabcdc99b02a7ddbad8cdb2a41b46c33d2cbd9f283585dee7bdda5944796a9bf06514926b14ef8a23448e5de0b682e35f3d21b03d1486ff1874d9e9f066d1dbd3d77646b9ea2c98ad92ed6c2d5fd6fdd498e5e1368b01f40c213a9291b553092b +S = c8e55b1b1ace23e606465dc81f6a349ad61d2b8a1afed31215ee6a0c8214c5366a2ce18cb649c4bcccde5ef2bf4af51f093049d1ecfa5f5b639f7ec62d5a4cbc505d0f11bae2c16d8d6a61a4f1f9613be25d66fcba03a7c405204cc816414a296787e5a1462d12fab51a829bf13dec500da689520ddddc305152021337a86b676545f8202c5f936d9cadeda41a111b65d9174488419dd19da5d3960b6f59281bb2e90b4c12891a1d5800d0b0a932bbc95639b130dc7d03402322f7cc7e06020d5124023b049c61cc6e88b345d0a395c80f1f04b7760f0c526537f4d4c515696253361a0eb03c3c5bf567cee736f63572c85db1c7e5d016ff19c0e1d38caf0f7569dc00e3c4301be9baed19d45aaa90ab7204c2c70191926ebac319caa27f55e5e68b57ba4a70dc153d750e318099c85359f1ebe70686f4bbaf9b9f6de3459cd8c4a7bcf8e559eb7c68790a67b0951554d9fed9b5c396f44860ec61cf0446cfa8061b19c72a34b62be8f34736fbf14fe556ad57aea605c60adbdee4d3fafc5af8 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +n = f33d3234f13272c3b2b6821ce4805663ff2e8b0d2a47de363d97fc9cc879cc6b40f9e53aea695dc538a0d2b558498829aac327eacbcd889e172b34f90745c5d528b7e82605f1a58fd228ec7fd4b6f476f393864f48dc47097c8a780a2ecc02f748138dbd7df99c52d822a2e5154c6047fb0eeb4f49da38edcae3c32d3fde435f291f96cad1e09e1030ad7efb4944b69e074d0d7964becb3cb86238d8d293bef3030d141d14868bc21fa133e9de1115f749991cf86ef506e663ac162b2c8567ff131a6b467a6f564d6c588860becbd88970354198ecdd4f1f4baee8f8bdaf7255835385f5673625f113550b123628a0be3994d91c3a19a82e5d73448dabf684ee6794fba7a2b1afbee0287e5a11180c29ce0896795d52ac7f408fe28e8e9116fe0b61a1083f95c5227d62d5537b5040b79e21b3a8e83c225bf3efebb2f808541e97d28a2468359fc60f588e74faad611262064628a25d8d61f9d03d8b21cca515595aaf2343a759b74a6a8afeffca139a389aa281995cd18e16a9cf7b7ff0dddb + +p = f3fcc6aae575312778d9e896acfd7c1aa4c5524f20453e8bab255363164afa7124b2425587a077fa0bfaf61b12ef3f0540dc4c9e777122a60610a53d1d75b0a5859c654a8ddfc2ff4860758bf5a6f264bf8bc2baa7551eb7be23bc06978be992fc81d890e07a3abf95d20eee3f6bbbc089985cac96395b473b2741c66bd2ccbef228432f66b906c15b19694dd786c29f06cbc17b2e6400dde4e3db85819382b3d05a4c3009f092d40d05ed5b2e0428a214e15a7aca09b47120b9ea6cb4084fcd + +q = ff36fcdc519fe10c69aa0dde2cf3bc72cf2ce9a54ac063d809b523f4e5d7ddaa5413d500dc21f409ce661bf33018b748fba3966d874bf96f4313eafea9decfba71d540ae0508161a3658c4762d94ebb3a4e228c45661315db30c20fbd9e20e24c044e4f0b49e6ec80949b16e0ab07f3d32b248b39f48332cc3686df05d29c170a7276acdd129259aaf018ae3afb49b6e0ddb9e404a492863daee7be71dfb11279047794e45f399a9665796d32d5e65956a13a6fbe992b36bf4c842f5f519ac47 + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 3330bc3d3eda995522e8849c7e8bb5f3f6e895b3d7238156febdca74f62100f26079707698c6eb1d9530c971119a2e95ea7a8cc3c9e869f901f563eeba3d714b4ec06b18f3edcd749b00b88a188e39c0845ece31e07b265efb872920955238e2c5acb60c9877c7c2fb0057cfdb8f5fdc8a3c63e6650540efb41e24f3d188de1d +S = 5949a5007545d28832b13c6c0a453447eff95e2dcff9e403db83bba0379abed6d503394befaedefe578be085622fa73ab8f63af52eb91dded8a0456df41651cabccfd34250b813b57dcc4535edbe0901196724c0842b951ebf3ab469faaa51fb22e5574696dbb57614892d21a889224f6bb0da4b81b8fce60499b8802b36f1576780e298d87b71dd5496128b0c8fbd3f1994385c8029b720cde1317db984e02c0ee77cafca705d4be54fbca18c4f5ddf85eaeab784002c8d1fdf5e3794d94c5c6c781e9c05eee22e4c1556d9f8f6215b23d5c687ddb79af29a280a4cd6be95542709f423d918d9147c2c501d3f6121e942fbeedbe70dafaf76819842d651df018959e586e8ac4325a5e616c3e6474e1640d259c55474366761156aabd0d144a6437e7584bf33089ead0610f9ce10dbe39fa93ecc7665082d64aac474432689758cdb092757a53ee5b9b4eb3f6ec3589074248ee547c6fd203fe5bbf217974f1e2e398dd4d1909e85146d7e1dcf74ed9478ebd414268bef406228ef21c80ed1e4 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = cb67ebf8f8adde0c2b0640db1f4668ef866c27606577504abb7b777e63f3f8783b593c9286f437778ff235d990b6d767d17358f914fa150e31d04d79fe842557713fef44099dabcf69bbce2b479243278483b05f9c32fab441980bfb4354d3f2b3428c78484f43fd018c94370c81b516e7c3b6fbc5c9062533fb3a6bfb0c0a31 +S = 5e8e0eda2fd7477143e33826c1f37f1091e766874f8d9717ada2754610aee94c5bdbcf939e710a2d5bdce1329aaab8eee0a33ea8d93ac243e80a61f09fe31dad8eb291525dfda5110148a9041551c4673db5edb4d3e457e2ac8834bfe600ad9e210a9dbd238f8811552a5a6de7ac23e7ead2746cce7358e7b0fe27af32e204bf292e7be24536a1df8e10712bce78d0d94331de7095e9f56760d7e9e3534b0a8bb30357e2948e2e649c489e916abb399541067f778a21505e0ce4e43e3a64c30fcb8a22c575b2f63868b151e7c0865a52884008477d78aedec9b950bca5ffa93dee9c7b8234a054b61d2898a4fdafb1cd2008635ff56744d0419cee15477f544caf2b264dff93c2ef060fbc7e062ea29d80bec0e74287d9e2c0adba92b5592c4339776bef5cda132c83f296810833cc99119aaa31849ddcf62bf16c45f7654f04ac4eac75102e9c5b79738e7d405caa63dd917f3f199d132169192397198c67551ea78339ae376502e7e4ab23e5626c766fba9916ecd20d15fd63c75e4a927ec8 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = fc57235b4d597f5a5380a07aaf7ac6074b17d75ee4b504ffc6fcaae4d7cb7611d771cd6de6216bd047a04a5d6341c5121113fd9d14597c71e53a181ab4ba1acda9e9a0446f5a40c9f3d7ee9069532049912030f6386301fa01c4e573656abecaf9266489efee476ce08e56bac99a1fd553a7371057badcc2a101d999f4c1aa30 +S = 5b53b1a1fbbb8a28bc715cd607a699caa795fcff045e660e102b6c51e0daf25a9cc0d0639c1bbcbb9805904cf16ea3bc26c18f58a3702f39a3c1cbc5e6dac954d65d102e0c44345704844af1b8e3f15b7dad532192e35e27a335bb67dd3367c828b7eac524e1fa3a1db556c0c3180487ce197cef59ef05025d0e0c7dfb87fd9da457d15688434f5165f16205a8400849118de58b6380b807a6600c698b2553979c7e0b83ca200433c5b5a6155eb6b37ccd8d584f695a93e2b1a3f933e3a0997c18ec63c6e90c54f87bc48b8057be5eea9131d8acd848843fb3aea56882c414258478548a7806de7db039d97c5c440d8a99923cfd7c3718046fb16bfe53dfd157be94edc1ce944fd5770c38247d78927947c06d113759f4134c841323b3679b0e1b4537335d4a16aa2ddb01fb1735b8f8d0b0107ae714fbf727ac74572d355da37b997b9a424735f535232ddacd026814799d86b91b7701753fe1952651e991a1b8357f43ea06c043ca1cd57fdec28ddbe011554bc04dbbf3cecd03710d454bfd +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 6449afe8eb08b35e4411a1bdf1eab7d7cf0d5813f83b1063e714d376dde5852e84c1c054d2d3d18b31f20382dd76216e8d4a36b8554397f2cbb023106933cad532cf4c8b984143f79e94648c3af002dffdb3d35bf5c2f736d32236a349c28a4ab69bddf505fb138cd21e4b43cfff6212676db966a1613916468f9498463bcd75 +S = aa36dfbe785a437cd2c92b11941827bb4884157fdcae8331de98ab8d3294ce8425e719b3b0e54eb27d7a46e9729ce18044880a18261d28d6c10641818d7dd47c421d748c984597cfcfca821f8c3294da53d16c1af99135f750294709b92755a3f5051e033ce3f6df055a77c628ca952511a33b2a1e6ebdae047d9c7589c8689e9ab16747dd4788d023315e6c98f2f060f3bcb655d487afccef512d929da03e0e4d7ecc2b7715ca61cbad3f8fd8f4383391014f14fb414cf49347ac60c01b713b6dad9e09e60b927b261aa5877a1d5b0e76906d40bc77cfb41405b93a3c93fc2ac12aa08e44b577980e2ffdbce606aee14533c8161c85ce8e4493a8c1aa03f708c6a4f84d44f9d147082c1d6d0c8498e109d4e26406ddaeaafb9409cb2cf249a6308d3d8d7bedbb8133d542513d9c4424a3609e81066dece42a7a115279af0155e3596058a4e22f6876cd931f1e4e5ae5800ca96eca88a3c04b789ca1c843fa9730b4c050e269f9f101a48c5c1df7e5770f5a823e1e29dcb47367153a17bff1ec +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414c2f234adf6d0986f254e79e3e89264f7681cdb65efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 6d16916bed6c4e35c76fcf5ba043724e7404bb147d12534057ac512261c1b93b660242f37d3c5d8f2de5725dd5f56d314bf77915c45f0b3df41e23397674cf6e6d05f0c76c3040a8939c9424fb135f6f55947896cda31d6d35e437c95fe8dff0ca47224e81ef016a41bbbc18da4851efd7043ffd61878fba6127153be5c6f4a8 +S = b08db35d788332d2bdeb8e89c371858710b0664e464f9b726c92ffa837387e7ff14a885cc776b1ec4763da1c7120c5da133c3dc01de44c93fae6a9e13c3542f5ac6ea44f3ac9892a5b775a535b4723777a43240af123ef78bb1c1d6788098fd148a764290a559ff2637af485d280bed6e1b289e518aee6cbe842b3feedd158c409d13a5f117c8db853bab5b564e43a06a83f4d2748cd718bdb8fe41f5fcdf9f0104dd8125fddb401e8b5ddcad388007c3c86c0e4502c94e67b0d194002f5464d22ca2ec65af465abbd44bf90e3b578a9884b86728fe22705a9ab24549d4c168eb7b3f1c6f6b07a55c3a8347b392e0eb50ae985a7e3eef4cbfe060692b45c6671597c59947d056b9452b2030529705a6793547d75d67298182087193f608163f3599464ab3ffe82539e202679b84df75ad7effd5985b9e08a88d3977dc978b748a9bece9e08b42b88ec6a766989aa03c1ff73445706035cb50fbf01f89c9855784912dc7b911cadacb0fac987e7f5bab76d9658ff84755c70225a4e42bdc84feb +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 724265b54dd8716ecca57175e3182d40c4ef7a1f0d9e0fc240f095fc75f0fdc64b0a1687246e5f9392b51af10cc7a161e6fcfd9d8081b5e0bdfee4a5b6758eb1b06e34534c51a6ebfe1319a9c0147997084801daf7960835d37d1eceb7fd573589b5e7a22d49ef7ef806972568c95deb121cad5ddba3b1c96bb76a00df50005a +S = b2f503ef1d4b84ee0abdcf78640f1f82de00b2f5fefd803e1322a3e09e617750884b4d6d7e8aa741c93e9b36dae70647c3fae398161729f2f8962f9985157ff7fd7de42d8ae7579602fec0f91d0350a8bb38fb54234d806f3251eb6ee2a3806e3fa846a7add80f0d2dd2fe9977265f5ada5012f739bd3f06925d7b8ce869851bbd5897b819c71effe7a611b1105e68a3edc5b70cede299548e9116841ff1ee624ce0d8d477a18c723ac05c756084f4e7cbfe851db1e044ea175c8603f90a4ea87421e79565b8ad247c9885a41af0a2d1032f2807b731f574d54b6c82af900b0a1815b4e30513c7033e67a1c78329dff1a4542bf28aa5ea78de037bcbd7a9e0740693f71586d2dde6df39a979dc55335854d656a8a4f123b4414504b1a3f3f0f5e7d12ab700d24b9f34df58eccf2371d9e8429f5f206122b3663f99ba02929e8f46aaf061845f793ba8bc7e4de8621bf2d1df9a1ae2fc130a478437c10d2bbd51207dc07af35c88c5807c92b739d3b5a689250ecf86bf1bcc8e3b5238d2884073 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004143ea74de96d5511a9072c9cb0dab7868fc0c87e3d +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = a6185cf668fe6bcd1a872da768424d95f6d52792a0342c580617887948aa03aa0e862562cce09ea44400e5184cf51e61d18841ab1c6e798354c2caec44b2f7af5f78a3f2018cb60cf817029843ab27c81932b3fd2e258e9431ff960299f08623a1d51ccf91687baf40b4ce4ed7cd2e73d7bdc6af5ec13432a6b633e2cece77af +S = a31dc7740083a5c5b17c2b4549d4ff97405b2de7a5d878ba927fe7cba62de764685a23f65cdfbe9d0ae2060434443f8b18d8032e7d7b952428dab81cd158ea3946d17c28d1bb160e6e8da0be12489206cc1c57670da9277e53ffd10a3a4883796d9389e2a361e335efe34e91d6d12e78f606a7e79fa3afc7640396d72cf34cf39150e7784110ba4c703d34747ce050c0d679ef7b1e72cc9e049e4ec583b9aae258d08560e74ba41d4917d8f41c1d4a3b8f04bb76c99b36f738619e6c3b977f716f1229da7d54287c0209403ceb35e98e77cc37499b7c2127254ddec1826d8ed6fb83ffa13e4727ad2329d6c85df002025b0639399a050bc2ee13ef43d4b5cf25a36cc0c9fa27c2e2523093dc48a2b1f66aab351965866459f6c4bb59827cdef8058311a81713c011f8f77f819c906be90fc9e09b6c5cd8ded0da32a30e756ac1fc26282af539dba2398ab21a254067fa338479714fa3b37fd7d7e6032e6b9e5cd31f23972b1aedc53778ceb8a39d3b2b3337e694be843e35dcfc310b09f560f0 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = f5df0f6986dd3e9cf4c243af92a6a69fba85406eb7944318e2d47ac80ce7d24c1c231ac6f9e507a5ab277bd4bd550631e55dae41e706eb22b682f6c1dc46434d1d194ceb576b91abade9ddbae44ecada0d7c871065cbd99c79a1602e8e431c573fea303e681ae594432ff1cad139fa817c095642fa8c156f74584179e8856454 +S = aa1f614775143e046d4ab4d317f2a69a319e82f91dd4e9e3cde226c5ff87bca2093afefa76890fd8a2cefe38c96aa94dfe9efe7e3975425f77bc6b4b13f2c84e8ee80aa7ebd95683a95ae0255f0923faecce58b02c6dc9ac9336801fd0a768d6df0a0b705d8e1402fb8f769ed32f8cb890be42b86a1035d73f01ff6757bd02a7e99449a5849f0f2d0003ef53773a0b13cc07e53a81a7914892238ef798faad7660f9caea94abc282870714d1e9bf7d29840f0beea5cf4addb6bda8b441db30dd43e207249577db9af55c674cc58ba2cefaf1a4fb03ee766f45dc46aacd12c7cc5508371db63f2b971e6842819a33b3535a1592787bdb0544317f88cfd63e43dcc987472cfbafdaa5923b3737165f979ebfb647d86f6d2a8dd5137484225164b19f063fca9cc72f516b2402983f7e5a643f8cb299870166b04177daeb90ea978e957d5f7a918063253d7144f589019c7691c6198f830b86d9c8a97af6d530d0c1126b377d5f450ee9eebe33a9b135774624f575caa08871c549f2d074552ca2b6 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = e3fc380f53d94344f864766b7f1ca420e59f430ff31d120a080bff5a181c4753f56ddf2ccdff130df46b6d68e4d1d88d83120579a43f0eefcf5159cb451ac0923f7bee4d77d80c98e9c99ef6db12a7671bd6143d8807572bd321539f87187851478e2f1c574a780e5fe6d1bb6bc75bd635533802a75d37e59ce4b37ee7feb8b9 +S = 6556cf98dad966f1c91e0fc492d74f52a7896d1901409047bc630f4b4e97044cb9f142e6560467aab4d65a302d856f72c15332873e0a8b646b3c70bfa8d522c50906c240289741e5e9d11f77a640b7d96707c959d130355fb2a2fd65af4bef7f05ef9496f630f79139d90556a970e1110d12ef10a1b7e74e6dcf7a39ae299ef8649c06d745104ca65b82b52eaa0f00f936525065221a690a65afd7699d93c70405403cc13a72d944dcc0efcd431604aa638515033cfb499207de58a798a22c047d18dc825abead4848c7f521eb1ddb2a10af5fd7bbdf9eca83fea139f6a015b614d7126652a302786850f400c05c2945de31cdbf0ae83c3e39c80a1860d233f17e5925a211b1a35e1e7bd72cc1785f9674f858b43759542809a3d9e241d29a62519424c8215815e0e85bd1374ef99ec64f08b3e84e3a6c04918462098329c97d8522aae23e3d5511d6489a1155774916946e7e0e10979905c5cb603561fb6004dcfc30ad2b6817272be904e928c4951eded095e75a5f7726f255b01a85211bf4 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 167c1cf3b93548a9248cba2d5024da528f9a23bbcdb883a915ec051157f8adf268eaa3e54a4f95f6aea456b2b70dcb81014a0736e2e6b5e5efb1b6f4c2710c75fbd5f7b385aa5d0b1b516ffe0a718a8438e95ba26509473eb1010a335e999ea1d8235e86f2ae6b93737d4f38d1b8e0023c606726de88025e62c347f3b3d92a1b +S = 674ee4315853c10823b2d0da2e4b13b6125b9ab7ec5458fa09139ae74dd16b83f88a75bbff1b7d70a3d099d12c6a84661dc4097ddf5b569a5f3d1ff4de4b595dfc0a6726d1e6d1962af78a94ed73fd2104fcedafb61097f8753b5e8420e17e284179e7fbd16d3ca50ed0a66c5c2ea1e412f3f758ec18f6fc07e69164f71a8a1d779365a5042f5ab514005937da2b92b5120b62590134888134176f5cafbbb4a98f08c4e2d581e0ad9deb2caa666f36d4ee13e3be6a31861e4609479dcd4796b9064e7164aa7569230baba4fdcda388bff7d2c52645e9d4331c76cd2726eaa7039078fc0f74a47882bc0a47ffbb43e284d6dc4532e94f4bafa5e17d8dd2f108cb2f3b206e06eacd8a901a6e1f7c82ea45959c3de898560678aaa052ea9d9217e97b2a30de1cf6649fccac679f15317423078edf88af05080b679a581be29a76d8cc20ea7d33ec576ae8aef7d58c1b3126f6efa0941434b6dea5c0ffe8f404f1d37cacc3c5e853ad269a18bbc19720cd214eccc813d95ec62a0f083d2d0e66224e +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c20f660487ee230a6692b24f4eab6705e71f3b31197c1b445b5986def +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 2524a5d692240e9c82d0d620a0b7a08c3f71ee679bd78a676174268672363f57e469479b4ae6021036883189fce06e43b82a5777927fee2c404c404fcd024505990f0840a20e0791013add3db8291e92aab7837beb4047533a12d0f7cc21921f4cfd31ee1f02e5c7ecce23635cf97a201e00bb9c2f815c8358ae1ea5f8fcee4c +S = b7ef6a53edc10ca9d6a16678c2cc38ee3859dfec0ed0012c788c5981fe2a1d04103acb6179c176d9f9003eb86db354fd504107c7921608e131cb3d4642ea87c0be3e91e7e85943e7ba650db959eeee710b0cec5817990de252244e95aafae943b9828f11da0e490d11b5990ca2d3254095f3ffc0defc38e5d9d87e3088a84d002844b8fb7231cc7d69539bcefa4eb345168529a12cbf866a76bc1f46c112b25099f91290222b839ba7167e8bb99a001d139e18a231c6fd5c7ddde5a0799b2885f8d32b77b620fa555d43bcfa1cdb897e53d8786f7fa2a734cf881994fd8b71148a3b96791c18d28fb6e39e9acea7e61a03b3367a1eed28c15ffed710389c6b047ac5cecc30cf4a9b0ac2648204c72ba48a7957e7190e4d34bd8a55e3e488e61cc64f1130d81f5a182d480fe032aa7f7302ab386eac8666c2213b103872564c11ac0e63f1b9a2946f3e185a0815e4ee2aab57a592344afb8568d70979e62077d5256fed2aa02d800ebadd4d9b26d7ec7ef0b3edf89d2fadbeed40f35b54897f49 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 93af2807782787ccbdda1f2d60e56c455c5ef40f152fcfd7f62466ee59427ba2a75b6a6dc0dfae6d9df5a61434ca99219b29f9cf714de44c7af3f06c89b3289fa38f522161cd7470960296033270c8396691679009f49d173b48272648b75b4ccf7569892398e1bdf12a7561237c017505bec8b9a6cd0020824c92825df61b91 +S = c0aff8cf59e543109654e1bd05a2fac0a13782cf26cff6978a07e72b6aa64ab84dba40836ec1504a83a51374e32f09dee79845cda7aa9fb6c75a9bde61616addd9bef949f55d5a638615e3947c64fe8d8a85bb54ef6e71090b7c84812da8d4af8929c1964f27820435a587318c148f9221fdb4b63ce7f43c22a0e840bdfc56ec1205fbc5735158a1a6624869e4ca791d95b2fa01b1e1434709014549f4c0998a0574c6711d1a4295b653317db362f151b371a851535601de3d66d03c24fcce8116c1242e523a074754231f3c70e9e2985a5228021fd6389823a48b5aa2a70febcd61aec23fe98f6a9f305d588289c6e3f2522b6c28a94bdb27bc81b44a39a0b826572ea40a9772b9e3aff50106bd77b2a5ccaa1b901eee1d8ea6e037f7815110fefaf2cba69c55f7035d2771b095ce38d13553798c400e2f7d407fd0b3dcdb38d8592c4edfc5e5cece6aff1be8de3769a3269fc2a99d1ecc98c0ffae39313c1827b81d361074f9d1919829e23e20d0f2e361417b35da1eee8849899ed2f199fe +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041c9cf324cc0a040165d93508d7218c029560c75dc71785fa64343930ecefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 38f06d35930bdafb5aa674262c796b395036f3a54103e9e26a2ebabd2e1c81f42b836f00c0d97032cc0d0b01b9748aa3ba065cda50cab711138f82a7afdd718b2d2b7209745248e30f4275a430f45e31f5a0aaa1eb2feb4ed1f3802c9e96ba5ac5503df7b75da937a9af7ab698e02d0c8b6aa5a1191accc32ac27df5022fa28a +S = 0ea93bb8e9b4639bc999e044c328e9991b5986dec71937465695d5ede0a28d5f152cd19cee3794ce1391a2cef186a92a789e46f70d7ab5e38d0d02ada5a9bcb558ab77fc06ab08db51d159cd9648a49cdd7239748ca02eea81e3e08758cc4054e279e1a98d77a2cb9ff77649c84e843f02d61b98ab73788da32b8fbd9e7d0338089ff2697341e4fee7cc72b73093e098b361a76eb0d56072b9bd04aeb05eae4c918027dc6f3c12607c504031d54e456af36be5c711b544bcba137fe415e96c25d5931a4524bff801bcd5f771370d42157ab1304c201ab6654dfa4f5f933aef840b74feedf08a3c8d74ca4de6fe562950bb7e5c3d901a3eebe1bfb2c6b6ec24b44535bd0f89b6ba7ff65378a65781ccc5243a9578f74f90f894447c49d240d6e118e92ebfcd8079326174b55291ecf57bf39813df3651f690eb1c5d8056b8bd50cbac145e909138c37a6844a5b624da4be9d13a988a5c43e2b49d11f035a92a098a59071b26231b024c1f6fad1920c2059cb53838215c6be939b2db31ba595ad3 +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 49da6ae32f9149781533adb07e035a916ad270052b7ee57f74b931e1b30b4b9ea01ad51b162a935c23e022dc5b4be7bc71254520085513d7c6b94d3aaa230956a0a1ad4d530260f94395bed31734d01334813b198e70b70cbe06c3c1566098de71f65b3f8e2196989edbe95c5bc6fddedc71bab766d6ba678627fd3f5ccade7e +S = 1273aec2765d853e0dbc6819df05d3c008cf12a14078d0398ad1c833340e8aa656e463f170324879d99e14a10f67e29b5b09b9dbe71e93b298c61db9c47426064dc5a95d250cb06fdd9d3258a6112180a390df3a82aefabbe5c3083e0978725da87104c50d9e831d24ad9545f3c11eade633638589e04685f671e68a6ece18c856521d91d4d74fda95879ee39a45ac139416472c3a5ba6fa17d744745da2a7a5ca1b2d38e813d2058f7fa54a2787e464a9764b11f7421f6fcabbf982f4046b4d4ef7f0e86caf038265c0f1711b2ce4ddcc5a70b8f77337fa219c1068f15f8533d99e9773313159f04f746d629129f03e517280d3c41f304e531cb8ab3e6c5a097700e9f890026274cf9deb9e80836636b3dfb2133d24cbd7c5174e89ac5e28dc2523b13b4e1031913e172eca410c3ac3cac74734b45f8448a531aca430f0d00d3bfbaede84d9c4220ea88017edea356d19e30678ea5f82ea7537192f10489ff50e40eed9f4f78075a37613df24d5da59fd075f1a45cc9d7a61a2ef8274c0e7ff +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = a455b7d1b3b32ef7daa94505fe97b16726745409dfadbfc9df30f52ce7c3714fee9b6b217b2a58d05338b0815435f344a1ceee47ffbe3b4a7fe707525ea117a229520de7243fe8b3eda1cb2c5dfcff06afac3aaee4c022c8650c0ddceb7a0b4c9ca1268a7799e887f10d1e6fe091dc939936c1a7555c7c2ddac88f3157f75337 +S = b92a17bc07f74204ac547672fd12d01df6888ed332d1453aa423e504c11c4828e500edb7ccf8071f1f98c4b68a7fdbe665a3b82fec5acbde24a0be40bace89bcb59d4f9b83323e6f3cd0656cf9334974b02d437155d6d37a02de832a8356a88f83cce253b4bce850d9c5e00e89a6bfe1ef7215d64b68a259b8f25fab901f5e6f9f0a8b508c554f2b1162ba358fa5270c6ded1e36af3f47c3558523eb1c3c7d6373e4679324481300e8af1737ee62b840001659678987017d2212c4387dd16105dd81f77b40357f607a7d5bd6ce07f7ee5d7ac4cd6d0df5136751d438000b26e4d36585ccb743102fadb674251a870396a3c0c91f6df33af415c196f7de0746d2060b28b456bad9b0c81d22a58f2e9ce06371b5d40a8eb1d0fb98a1610fb734e9fdd48fc553b08dc13dab29328cc3ba552557e2bc4c245c247cc7549a03bd2b616c01e98b04ea835d0f02c6d13939f62264d28aeadce370df07e722057254aa312f0abcfd306431d880330fed7d76337f58eca8a24bf3860a8c758a6df39d95e9 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = d262295e4f40d1ddaecf5fcd56af7b80625a4cd83c64a3ad6d02766fb3ca910d54b98815b37af01c21e5ce60f5c750acdfe1bb7c7933a5621f7a64a801f7c637767203b7947feff8fd007491fbeb40c7d04dbbb0478f3c988ff87ca349744bb4e094818e19d53839eb2538a890a3b398dca733bbce02d0166587a6a7b4ca864c +S = b27d86aba157581c706913aefc77e7ac3c9d4946c646a6f7ff78d4c1c19d0488637c010dff274cedf37014fe1c89d29018daab58b5aada55fbc35cc973290d3f4a7e7c61f78fb3216793d087adbcda38d963fea102b4240a09cdd433086248173f201171ae10014b0c785b5c374c0fc2a38e021f98d78954aefe53244d01cff67b7991ba28dbb1127f21ebba54440d31f5ab3bfa6be1b7d6696445e47f071232be25b08da70ac8ec00603910f9706d6f3692de55d1e646cc7c34a4887cd692e69db28e00a5de8c8d2a618e351f7714c59ebc419231e36d6debba2d3a054ecfb9bf6268e6507aa96823acd635f6d31b6d716ae10425c9661a0a8b7b8797d2d90d27336faa572a13b33dffb81918b42c70c28f0ae88ffc923120cc50ee8f5d9025f71936b606bf44b8d1f26dce76b1b13f2b6c3c5903407e846fce2dc7e3d7fbfd00693e4c25dd96ede4e29473d8edb7532b729010df0aa73d81386c470af3326fb3bdbae500965c0bcc7697e92f8cffc14ea29e5021b56d4f78a668c72a57bf86 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = c9e861253ff04d978781a7a45099445db4fbacba1c821e905eb6d4bd299d87a5a3d436e350dd243836bb20c73fbc0885de9790ebf5b640eef7d5bc304acc4878efa98b606402934dc98a1aa443e1083b9eb1390e36f67f34179deb11635148ccf492e9034307a5be88151fa223b04b683b712d8da5e9e44a0736e8c63dd3908b +S = af1a58738c5900de8d3be297fcd89458a2c11b90532dbf31acb6a4bb1ef2141e866637bd59e7af286f396bffa1fb46e13c2ddf0591df51a8ec29691c03d734ba37727421806cca1650cf172cbca3c60876992af88037e6e43902eca5c2c91ba7cf8a408adcb5545bb4151f05a31db4bfb17978aaba5b5bc626c07880f52c47f2f53d60b5197f4374695ded18f18dea635940740a3c5aee8caa9f01ce9fb02ee9bb66743fab75e63e2233089302044085c5e0ddb723aa142e0ba9f30abeb47782655d980dd7869caf0ca65b25958395dbff5fbac082141bc6cec4f032c60e973e0a6b1421f5126b5ecaf92f4873077dcca2d90b492ecfecb1fd76512ad2726f9c036206bc34deab19dd39182b8616eda9f97745f2e09432ae55ddd6ec683bd366e45668dffad941e7458e01afda6e3a232fb715799975cd9d81130d73f834300f2657112d57d661ea7705e912854676e50c43ace1093ba5bf579627e97e2539d6b0fe53741541487f89c2fac52fc97dd4dfe0b58c9637cbbd84011a80adeb3789 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420bd0a68c45ca3504eff3fd99a411e4930d50450c1dfaf869af04bbec14d10a9c0 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = b44a3b7de7c8b57126fa95ae13853b28a221ce78d84d2330d242e06b0825e1a8d380dad82df33eb5b82760560304d90008242940f987a1363c888034b40f5c884209c3958b152329fc80e70a0c74e3d2c16cf2fd76ebdd41db6e7f1e3d9f27b508cb3edd8a962a74f9ee71f3b83d2245d6e371dad8e3a1f7b8dc27502d3c0cd8 +S = 7f0b8969669053c26cb0051e0c182fa688375ed6afdd39f7982d88bdf8d422e9c9ce4ab5d1f63a18db785031d17a3286d7cc1349d1ebfd764522cab0962fcb1e071394d00b4595231e8fb7db6d10e659ce8158ebe78e7ea60818d0276a2645cf2dea02d12e9447652259dd12a93936cf2cc0259d03fac70ccf47c99dd8e0b5cc9f90916a961e9b16f9e80b51dfdb38a6efefdb5e2dbd7359a292b89d8aed8868b7e9fc444a262a04a331894a57ef0eb2be8ecf79c6481fa8bee709bbfe6cdcebf04325e98ea156e82a4cb87afd1d69eca37f4dca02c319c3f83f65cb12aad441f8cb92e48ae789626b3662158148a61d8bad4b265df2fdb03730b947f5e542d9ef319e271fa27e598d39c9e6b645b610f96836ddc5523263a98f901f9b47e3046fe324702732a62206fcaf7373df7d987d236574b8b66bff55518ee403ed9e9763e366c26bf3ae47c8f1be461bcc6dedf549b3ea7d5649b5d7bbcbcbbbbeeda04218b861044f3115b684cd82a71be509345ffef5d5326071c4c63d119e86ff38 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420e3b41f283a3ef951ad52a3dd58c46db1518442328f512485699894018fa1ab54efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 0d0547eee5ac01f37f29f03aadcfa560adbd5b02b5182d23cf9787cde745dbfb228295b7724b508068bc4aee49d3159963779036a1b916035e59f566778c22d0a4fc2be808116ce6066f863c57c00d7c59b38176aa4480a0f63f39bc0dff24b4397cf1c9ce85beec02498c6cff1cf4d23778160af842d3c3404f3c17d227496f +S = 8b3380702deaf0e22ef08ca6c3c9e68616de1359a1cfd5f03968148a837f11f15474046c6434aa2a69005855ca945556c04ec3b57daccb2605683474eeae4fffeb19c221ee5c61b54b0914dc0ae7253d72e6d73b669f52651ff2d25e513e565d3648e6d5eeee63891ace75b924a2143dda487d8076174784165b105663719273ea6b42209ec456bf1f433b117e02e6a5bb35e285618cabebf49a8fbdf046b05bbd37020dece2afd1f6c9bd2fc804ba09bdb0d8aa7af0de45b7ff616d051106f6727415a460a62983817e373474666dcc8260a3ebfd59341f01990e6d8b7d15092c3d7dedc2d4190d75374d138bb414610834d48c9bc23c43d1ea96c7e9294a2d803c26a427e4a2b5f86f19bc7d10da9aaee219291c94d7a3052211f6c5b739168e544747b8090705a63671df1ba7a82d8cc5e76b5475acae66455fe377cf52156549d7431191573f60ffdd24d6640610f4515e3801a526d49fefc2d1b59456e3337485cab9955afada0ad5e33deba6944d98b24c24731acc54b78ea1cd2808fa +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 9802b7acc01de6de29215e2878ea1ddec20fefe95963e56ce5c203a7b60a391b586795ee68d4b692a7de84a24dab1e0ca03c1475c4efd7d9d5486d7233f069dc1dfe1b768276040b130f8cb29d3af8f2965f962af66a3a304886ee390028e6f90f50b20bb50cb792963de021119d91d8cd01ddd094dcf8ba6505efc2c4ba96ba +S = 99e39af2014f011fbb413ec25a428af8ee4bf6f2adb3fd20964d551ad8355c46cdfe35c955cff611d299f533852288ad20b901d80e048ca80eb3cacd83e638e15953413e3018076e91b1064b2c0d615c8bd6b9098f7e3b6da919470636135b926c97124e943e987355c6d71d683136c8fa9698f15c0ed3abf9ab7f03f5e565f1f1b1b056d7d1ecbbd1d7afc5a45bce19984c8ff9a92437d832f89f0cfc5700d18482c4d63376fdbb851ba2a1f272df06718faaba2e9e1c8ee1bd3a3aca58a02aad3437f89fbfbea5f12b8ebc336b8dc942058c80e099c60ed6ca6ce128faec8343aede16c44ea97e1ac1073e24f5499772b8abdad9c8c33922bcdac1068715c74f4822b4e9109a8020270997db56299052f14132a1d7b19820e380ea74a68236de72be5d33f4e89c5fed4ca643f6ed7a3f505aad27a22b6ff694597c883896fffba2ef4fe81cf44cfe342ed6fa127cf31c58a16a5a35919cf2cc3adb47c6c84f660bd9e2dcc4b8b29beaef329affd4b5cff2c59cebaf3648624485c4cf94e9ec +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430825058944465183ce7f88365fe96cbadd70cebade9f1469771f0a1bb5ef6e86c4e3e35d2a34393aad10183ead0436783efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = b438d4fd3a46058f4eecae06d9bf1d43c54eb5ebb504446bf350903aa902335e55f9a93277fba8668ce4af474003e241e0c115a20e8327a0b8d2919e4bba3eab236f9e4c4737f67b5383faefb55f9d9e1c0d28812eed89977aa1ee2cad6d935b08e4d8d211c197d58913b4869f9df663637c15107d0a14571f03d06d38e6da76 +S = efe705f492c2f05595143b7d2fede01de8d4ed8aa6730d5db7540d9353bdce15cad57eef7e66e98a0fc3d34e223be094c5f60dedb8c89f5c3e4f6b10f5d41415e098741bcd4324558655b215217582daebfd44d2154748a707d2219f68a1e9d97a75900329dfc0d7a28b1929775bd37fb66524945b6b86635dba4f2e7a95da17301a1522effe0728edf148e7007810ad509d8d541e6520b83247052e9e79a84746f11f469eb4db1446f5dce3519f09d8b4f154b0f3c403d23a37e89aa68683027b76fcbdf373496216aeda698b2fb8785e364bf2bd2449277c0d8420ceb2c157f8663a35c02f1c4a4aa86c7753ed755e60c022a4bb3106da295f3a2a72f2c861c619b8726f1749b9bae639589b72e9e34eb9176608f2a38daee1329de2f28291216b8c77a7409eb5c1d7e351e906f1f25a26c6df4abf3038658f7cdcfa3e1fd611efb4cc6c5167c4f76e2100d02612e12d2e696c80ce977e7a150e477ae0b67af577a62a6b57e6bfb9ce19f56979008076c73f018e5479de5c69bf1ebf5aca53 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = fc06f66ce9cb46deaf65f79666dcfa90b09d1e2fecd7e2caac268767696f6ac6760b91a233278433836a5ef780d923b26df854b4eb32c15a707b9fd7f634da34f04fad9682b36fc0f1e2b0d859d9846e9e381fbaa4a2a225c367350c756056c0521b70d13f38b08ce21314c259a4c5cb2ba3a6cb7eef2d348b30728c50bb8571 +S = 6106401f71a67b9b68fedb23595f45492fc7eec4557a00a5638aae54d3854dbd87d2f66eb94cea8c02f466a85983a37fd202ccad8892eee14e3301fc132c530b36b31383739ed7a51433e90cb7ccf1c17a0a512d249e70a3d51b7dda16680946872856e5901c726d3bf2af49fc264c3c6a373d9135e802a8ca37ba891c9e13c21dea83ddd6c55c25867872e18c0a726d5fe6dd3d6ddddfa0cff7246a63dd38cbd738945afbb3be72c55cc2ef38f56d596619970312d93a9322098601193d1dd537e1041b46e8ab5d67b40a069b4153d365742a32ff81defb4fd00782695b81b124959d33c29e88a1d911c4da17dc32d41c1b5f1836ae1654d56feb9a55a488a2a97a92ddfd9c754713309f661739cb2baef671bf41a3e74452690e0131bd3a3675316d296d696b0f07a50516897043a5b2f090bbb618d822245f5fa5aa7125551aa988ffb289e8804bd5149cc8ff372496a5071ae7f8583a8755effea0c6599116ae5b8a3f94ef2f4e6d440c9304d6a091ebf14fcd8700ad5367a21e6e8105ed +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = c2fd970b5b17cd1a58dc8423f1354f7feb5fc86a609c7b59c229ff8e1d6f66e99c7dd8014fb67a732bc7947a53ddf4c096148d743832649df595adae436a305ad820f2a96c1c124cc0aff12edf45954ba3df50c57cc39c346d714a3e57dadc697acd2f2c39b25d4c1d7ae1661dd6fcc71da75884b4b6ecc832a61f68e22730bd +S = 861383c21c18f931fc4fb352d846e725e39cc117c4324952344cd007b6a00ccf08fc79048545fab5c30fb356460d5af25a63f83871dea84d464ce4179cbe5e6fd09a384c45ad046101a9460238eb3f445e8911970cb9c43d096f70b78f3434cca05cbf8ee861f6bb6cee9e123a24cbf6ebc5021d3a9a55c7ff08c6bb274a7736f34fa7c04029c246f2c70751e51a4607484ec87e816a3a5c92c06a10f512709fc4365a7c80941109b1cba4dd7ee79d4c3f851a32763807425e5b7583d49e97f337f270e6387f99dd21d62c9db52406d3376a5e549782625813634a8fd237e7ac477355f4be7e05e2a9c3cde9ede554026ffe1ac3e8f545a4d49ad39c2aee4b52c45440983f25c276ed58ea5fac719c5332655113dd768d93311cb6dbff54357f40c23b4bb9c20c7bf0525150e71e17e486eaec90d2263c9758447bc02739a14cb7c3e60cf376b9326a861951d6d38ee291e59219757a9de264cfdbd4b4601b8413161b927daff25504e0361f6669af8cea75f35969c910c3c5e1890597931164 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = cf28960fc5ef7fd91e051ca12516ba961ce953d48492fb3598e97a6a1b3a3b4b533e656c564a47f184c7f9a355e240435584b31e6c851ce1631d21afa49b24714159676d38ef741bf6a7bc3319317e0b7a98ea206b7587f23d63d21606b22886a060e53bf544cefe7a8dac7bfa6b3a97950c410308ca02112fa3d4c7c8e90e33 +S = defe54ece1df4a9e2f9b2ec712b2047be979113674458c3e1409777a8c568bf43b4455fd4197ab42fc514e3595cec0d46f3302cf556889820e1c9cfd38c642ea09adefa815727b6c06b2a194e095f2696e35f3611c19129a86bf60b11799b6587bef89082a631cbea67fc4d77c7dc998afb8caae59e7a63a5792cbaddfad6e3bf8a0d0fee650b7a9cd502211dac3743642075a2a563ee20c05393992c776869a6eb4a206de21e72ec27be193537a32dfa65831bd13c66f6aeb2bcb6239ef31b2d7e8deb309be4f639c7ef9d3e6147e15a8a9dbace13315a3267bc4ad07ce02575a8b279b37646b871b33ddce57a8170c422474c2aa5bfd5323288753628562f0afc715576c027f7f125793dbbfce3fbaf79fc032bcd9214983fddf1d3a083819399c107e2913de535dfbfb267cd0e0602d6836a902c6589bd1f35dc07146c166d26592d8d52fca9a82340c0da7303602531f8144aa1f704e66380e07fe3c54e13b1361a427531a399616b4ce74ee9633347dd29112e180c5ed263c0153f3500a +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d0609608648016503040202050004307d7ca11cef0aa9200c55b78df8c91c41266ce955d1fb2622cd36ec797f3ddf70eff54c77a2904cfcb282cce545a31094 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 835eab9bf266d49ac4c672c5765511461a3261dd04ab8bddc75ec577609e253ab019b2db30b7c132e0c57f868052ca0a03d945a74121abfcec6263a4c5a955b70f7dfd9344c3bddc08df78c15b1c5c81124eff2e88b6aeb29125020faf64b3eb89d4b14b9852719f245d85ff6f7b70b430d8b8fa42313d049ef0c8418799e7de +S = 7f96dcefcdd212f01c585dc3bdb38f3168eed84c77eba3d9c5e052cf84fb059974ea282c5d5a4773e13f4d23206c3ef731dbada06ccb827a75c4002a267554f2d2290e2cc23791f8db52aaffc7e2af981f9ea55d8eeb9abcaf379cc47dfa54d28b59686e737e2e4c3a4c9039ddfe637dff0f1ae77ad9fbab078ab9a81259785880890fbb32c70301877b6f53591862f45463bc7c25da257b8fc798f7d3d115d6a7b2228543b81e768516d8f29f645165c1378623c3e32dc6ca08c452665038db2ef5ee432857e60eec20c6ba75981833cb78c8cbd18bc3243d4959ed8ea4e5cc3102e1180530fde85e837188e029717a6c9444265d5bf297b44bcce7367e3579f09928e97257f48f935a869b72c53be1d3eab08dd10cbff54bb099d2e9a2d3ea9acaadd2c2e7c0ab89f58d265941eae9b1bd31d544c4baa8132859869284154b7f9b99fc98cecf104473437cd6960a768f044a655034403896cafa00fd89b9968097d2cfc90215fb1b6e068c0cd6224aa5f73013e1cddedfa80d3dbdc0bde0b7 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d06096086480165030402030500044092c353394e0845afea273cc4747df99a1d7a0474ab8902f073a0c432a27adbc8398de33e7d5b73c3cb4df25e6067981f237b11f009d9c1e547af65322d32905d +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 62440e53c9081680b721630cf3071ed102fe0ccef99906c98f7ca93876654e62ec6e3cc28d8c1dac6b5caf33601fbc49a3024c289aa419f1efd24393e69545efee6e283a76e0f7a2012f72347d6806fdd0a1fd6fb582f307c604892dd9795d5c90cd39822c0b8aaaa22214d8f1eae534b262876bf13c7a533b9be1cef81b7cf0 +S = 646d7a66aea8b4a22f75881e6647ba0f207bd5cd15e019468138fd126e1c7f660a97aa55634646cd8e5e584b6bc29a4cd213cf222657ff6526b7e0ecfaf56c0a90ec4f17a297b0f8523bdf39cc612757867272409c65e8b2eb463cb134560d021f60a81ff4eb08aa97cbd6c07cc3b32422442724029be186995c2694ee4def6009a7a1a8b3c9eea48d634ab3b84c0c9566ede4eddcc5e59338ba5aa304502c637f9ecd0b707e841d0b7befddef4fe0875809fe386122882ab02e9d06af3b9953d8416cee296decddc3b2e36329434f567d57330c418624c5a70cf7611552fc2fb420af0ab0ea2c6ca4b19a0854e6db10662a7fdaea3c015e53524617cc29afb9cfa9065e1065d95d288f395402667caf80d7b4a3a91f5b681ff10518e5c01ddf0f20c359ebcce526091164d5718cb49b9a42bbb57361865384e8e2e162abd7629b1fd242892d5164c012dc07650c70cee79a2ccd13f424b574eb1f6cef662cde18302038bad6e100a4e7b949b9f1a87de5a2d6352ab830be1138d9b83c4f8992 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = 7c38bdb32ddcea204a99b5f953ff3d6e0adbefcdd40804f661884a0f8fd328798c6fdc023bc1085cda236dcee137f6292d7af8fe5d1cb80e7d0f2e02e25e085c54c0f2ae736d15095330ddb96abd002fac46bc3ff449608ca6ac0d40920bbe001c51861f9a851911fee78e23b53c636acf66c2f95f370257258771316a84514b +S = 0d07f7c0cbe4a84df3fc088750c9c503ecdba6c37a72ffb15a2da05b5c99740c894427cbcd6cb2c8ee70f35175e70f226c466761356e07009ca88752ae2cff5d7b2e7f2da77a36b68de59db7f5182abe88cb95b52d766d721b5fec504f6aa7b9ceaa9dca1241a5819d4d48ede38c045d625442b27b8384dab964616885cbfca944a747f024032da7b3a3fce0b02254e08c8b9e48646407e69aa317df5706888fc13f091602e1affc23f17cd50ef4275e321a102c2b066975ee8a0dd3111cb0e88037ba98ba477ec67737024ae92edcd7d944bfe2863336a59026052bbf2280d542db1cc70f06a9509805db6651f795b0b4d74f94fbb06d2d4149321f9334f5fdba395cd852e46ff2ffecd063a96ce5d2d5b15cc075c243b30be7a260fcd6891ee3063fe3898037c79309fa043fe210974a1ed96c14bd0f0db1055f710367e55d702ef3a9bdb9215368407312dd415f420bf0a90f67c53c9474219f36adee08220b0798d14c455e57ee8ee47f2b8c7eaf8d5f8474a9d2f51d49a785ed4626407c +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440a780cdcf06d5af7e658c9a0afab551db2fe1c5d86b54dfab86d5c10acffe37c4c8ef7b65dc13a26c2330ad19d34f1065d99ce4376e6b9886cf30792e9430de25efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = df8787cd9718e6bde708b9998cad4e91c7d58afc60b719efeb2ac80f4a152ea3732792ee74c809bbb44fdf397b753809b409f796f2e6dfa5b223f82de08935689c4a532a3def047296934d3e794f2da47af57f1ff501212753cc5604880369e3e058942afc771f09173ccc518f23738aa000ea4072f0279d568fa93d4c6b143d +S = 8407b86a4d3715092fcb38c7d55a528182cd6cd94186a86cc654bec9be3d472ba908d5288c1393619f1a4ea1322ae01d47f321a414d0cb1e00fa37c71364319b2e3f6935f00f0b5518806e8c21504b2784f14c739d186df08091139a911d7c8612b4ec15f17ea9f069898f4f820c9b8aeb5ea34aad293637c532c47b9a258d633614afb0cacc5ca475fd4d3e24fd25809df22f14c20289a7808806cacce46eba40d33f3392e72ce6316ce02866955ffe0558510b26c303c37c773f387d93739b77e053d896f078d0487cc4085712e2e5b42a6031e3d01808e94b8219304a6756233dbab0a2f133d088e67a2cd4392f4d688bf4f4ac4ee9a3a099f7389c5d8ac5f09f55cd831cee52306727581792455ff2fba50592a7b2b686fe4e7444866a2ff69cdd68895f84a1f9864b7f36c6ae89853adc517fe8b9a8fdfdc78ba03f91dc582dea4fd387858ff90dbcf9cf3878632b5b8448e19a797485ad4bb9d2c28b1e7ac717ffd4639617d4d4ebd44a556561fbef00e66b99c5ada41bfccab314aa06 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = a24b2fc765c9953c545043a7ee2edf6c1887925c6f5301d9dba67f3a67348071501451ea5bc407b76c6eb6eb5569e343ec033b0c607e8540cd58d5f30dd002edd2a55b99f121961e015609cb25a81db8268bffaac58e98384f99c02c7172ae2c4e86b39acfe729b83a91a61007f17513efa84600458c240789efa8af3b256c75 +S = 960d6a156414272675d2c09a340d9e053e96e8ba3737ebb8a11d4829ec9287e6997594549cfe6e7f60018074a90d1e89272672f4a464d969ddf7b634a34c36d15b16c542911ddc2805bde86b5716b8c8e9e2dd81133ae4d70469803dda409e8e8f6c0ae0785652528c02f49732c4d2dd6a33bdf93c17ce851e8d3d7ded4636d63f34f4fb2e43531bc61d2dce3f60cf2e521cd5cd7a5f19c35fb0bad328975676fd7958bdc7a957d0c1ea3a30f9141a39b67e101c9e9832cfa63b4b09568d5d13f50ad24af42d4fa9b6a0c3fd95be4a4d7efbe2a89fb7d675054fd5630c120e48af7b7caee23fe5ba2dfeeadb31aca63fcc729e4cb352315cd06f8e62e9b727b9a8b8ee179c69afd09b4d5cf5a8ddb281607374a526d462d40ed43e9197d871485fe84f8b07ae7ff7bb411d128b9a63cde123945201873f5f257ebee48b0bd68c3486352530819f0b01330217e4acf76e43f676e33bc803cd11cca82d7d0cc0e7c14b58c65300a877b443bef4e75d3ae079e13b4719d2993dcd3f90d234956b99 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 04c4f6f1fab0aceabd3acb55e65cde8e827e671e60339af201352d1c2c1677758dd2b42e54e8f7cca6c1e6038e47b7603086561db3aeb25d73e7bfc8a5ca27042df99119d7f5ade9b8d3a03ebde5783e915334d460cd1a7dad1bd0285b454150248ceeb366dcbcca68a14e7cf660dec0280f59f27ef0334ff4eb5e2e104fa6f7d3a13f312740a3ba0afe61dcc5338b1c3256d81b7a722c2453edd8f5314e30ebaab9fb5ff157f8b37e1c4245d72d82f0c53532c39dc891b4342682f1c9a8434b3cdc5da460b174c948fa20fa960e53735f4c9bb7ee77ae0db7a9d0082bf3b2b5d80ccff914256809abc88c697d3ce0346455be8cde06d5920f74fe841d94bed59dce7f2b96e5d708432a56ac6409563c93a3a8ffe3c1cf9daebb9bb77405b551b13a40b253a819a3aa0164cda1979bb859c2f63da926cbaf3701e30efbe721ffaaa3317e4233d51628427679cb0c46556ff2cd4d6f3fb1a647695edd7601378daf8b27b7f0b3836586b9fb1d30666c06f494d0f62ca96b7bf0f6bce76395a009 +Msg = d8b0d39a21a7b7d11541c35ba83329b6320896e86f165a13cab1c94adb9ee1a32eca2d8d463ce864e14966437e07b01a1d046f0046370bca4c3613dcd3aae03f900075f45062aa883ce68ae95b05f978584e9a5f865bef252105c280d7d4c46a86b9757648004365ad80f6f447154bf96c50dfae376c4f4dd0849edded04d74b +S = 2b5652f5be8741b03959eb713e46299a62ed69bc11c1e774c3683af9494e7bb8e51bc4e4d8de1e65fabcf1b4995ff065612fb5cd1812ac7a2c1a0aca8d76c66a3dbea40f426d55a6d60572ae28d3444f059ac714b79e9cb1b9bf443315b85e872a4e20fc69ea1b89c01398b1dd528de6410b48c141b1f7e70ac888393b81b20a8fd6add6ce8a423f4f8e57c6860cdac522349b9215e0c1b25c78a7d94852cdadd5e3f0a4baf2975b60a17cb0e3b9c79060b4ea0eaa153e1500cc05c283ac300e3da7b91aecbb10a50e86a1ed74120a0770d0608893fe6eadee193a20d920291c71df799e620aae96b263f4567962fcfaab4caaa4f06d9d0052a5e2ed8c2f62328a973e2f39568507f6445c7e883e81858df862804c419e3ee5c6bab1832521e841da32bac64a4d89400a2f7d447796f441d3784df53187305fab96ea4faef0cb1229cabdb8cf07c9177b8ebd977c4ed6f260a9b9e97d5d4918cb0370e71ca008db73913f2d519b99b376575a808761dd144d74fd8a7b68f38d5021f8b0533e41 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +n = cf92efc93d89c560e4cff3e81fb72672bf010ae82335c342ed80c0eace8fd0333470dfe2d327f9ebe0ede4f39b0260144d1ec783dffda1f883c0a41cd21e9244d1ab2e4869d765c7e1506e5c1be03db067be54e887daaa13e0d5122e872373891a0480c56d8ced157d316a8ec314bb9f15fa49c0ffc0d78f913ec2dcf354bcfdae2bc031febc69c4fe9c51c05dcec9c1d3004dc8a9c62234d91e4dbd5f9455d94814bd6feef8697efdd9c93af4a9b1ca2e9023109905242eb82977bb4866a81220f8232558af67296b34a19b818e5c07ba53b6e4b270ccf67cc7149c79bf875fff248f4f6f86fa4e9a10dfc162b4c4accbd5f76e4afc89c5339a35f960c7e5d156058bde8c9a49aceb5fea67a09325348a8d573e304e9d133f77913c785e5725d615432d6a258dd4038011a7e19369de19878e945e9d4191148550bdbe5bc22aab57703dc880c3bc08c2df1327ebbf5bb9c2e75082e998dc48685511958c4e7b895dd6be533ffe84d5aee6511480e6547b89144136b8aa41c6942c00f5ed42b7 + +p = ea7777733c9695e5bfc71a4de384aa8d9556b620f13d50a4b3523d95efab4c5c037fe788c98ae85b11b3ae884eed6f3b8f5bcf5ab1b7b20ad3f44f760b2287cc57937487d73c44f4395d48ef746548eeb9101a42a6d27299be78fcc6160da8c550fa46f9cd7252b91f0d110bbdb3ddaffbbcbc60395538565a266b0f78325a4fd5fe846615f5bab1ab0b306392a1d5853da8e03cd00aab4b9045c5d898594373cfe55654169f1c7eb22dc87c7497db4a729b27ab95cccbc4f44bb8a51c0bbba7 + +q = e2a332843df5531bcd8a06e30e3cd414e9a201b2e27b610f944f6d915a5396b5508eda547a3a9425426d988428f87f71b58f40dcb02b012095ad2ccd43c4c4aaf510fafa7388fbff8a190dbdb98fda002db90ba0f0c819045df960e5d7747654ba73baff92a630b08bd78c1629ca8cc839678b87081a54c3d27b34617d2a53bc87fd43ea3e5eda402fee3d18e06f3ed1c2e0e81861e95766de7aceca9fb003e945f8bd43de9f1edc154241f926e5c761109fa4e9cb359ac778f0c6f748fae271 + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = b04cbe36549d4a58dd6ecf23afa174b2c45b9f664d14b8939cea3178403bc3757272fa78b021f3b9a75165a75616de2171664fea032acb5758968c4b1ab63765ba4a607811d4513c48ef0743f5e27e2e86752f20e304d6734fd178aa8f9ea5a74f7cfb1fc1deeb4a87f1c0dfd330dc3fcd3345f035c7614e4944fe7de91b95a2 +S = a4d1579f4732ce97ffaf6852183ec36900945fd9283be8bc50a1dcf81e8c4f277d5aacec934a5fb6951f97efb5636986e06ba302e964d118cedb83fb6a308772dff6d77080ad390ea8e8f401f5e2ab4feffa25559e699e49ce08004b15c49a7915f28099aeebfcbb3d22426a51caa71097fc5fbccf0cef1610c17cfe76587cea2f6a04cb7893394a736fe2d9b4b72093c5109b086b6f2301b7dc7bbab0cde72828407175946cc275d17da0fc63da6159492d70a341613971926be6623b262df63f1b9c9e9917622f365ecae401123baf3e33c2dc04555804e2b6b3dc14ca263121a510ee44c9a4602c005956f1d41e0b6c68ad78200fef0ccaf8ed668239e196c55e11fa57ce96bf8457baa139db776a43b98951b500850170bb57ec17cf796bfa73799d48b24da7fc85f828a6c1287459735b34148ccf84de1379bd2c13b8cff140ce6f8140b8cb8326374def23122b1fe8f015d6b62be5d99a04e62c88e3f611414ccca66193fa31a51cbe9c88d85c9b3bf6802ae24f4f4263a7b92251a82c +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = feb972fee487cdd8d18f8a681042624f51dfa8639f96dcf693ee7e5cc76420a78e54bfb5e21d536d9e81a545ee4a610703336cd60b05776c6001d5a5ff7e89413dd3a4e5b577ce648567223dbac83f6508ce9b46bfdc1b07faede10e193266c372fcc89744dd6546ec0aa8585c0423eec878debba263ef51c9794b9efec8dcb6 +S = 879feb8b92579291f651e8b476d5414e46ebfba0c85b4907a7479d5327c6f582356ac2fd6dd59414b9df5a465a24cefdc39f19c6e814545745710c9098d15385c7823996cb6509c20e359dba1fa6bfd5e22b41aae1a8de26aff1c26427033f6b3d7f4f8c28a3e398c52c8e5221785f4926b9230eefa264b1684d598310a6e09919409e34a693f3c508aae0d861867fa680f0712a1b7019c850b00216ad194e80357a06a995c9da2bbd9f2189f939b228e5487ac83318def7dbe3752c656653517e475764b375f54a26f848e697aece0acba9cc3b722d37fbcfecb40b5a2b7adde54f02f9fa0cf3b2769ed2d4f81879822e01a289cb9b632e15a9ea45e09e962ee27964992f3a406ac9c72d3d0f97563e8296df97d7ca6383e6643d0b499896768846023f901ee0397b229ccdb706701ad048a7d7f17c52b46fd9288c4a6f5d47c0fd6fb55ff74299ef8b3e1b4c2d72af4c24876b6f68bf7ec74359ffff8461f9a9893c9157e0f022e0453dbb87515d71d64178044048c6e161e6730e23e79973 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414da0d47de632ee4adb50d8031bed0027c846d752b +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 08511714a11c3770946e03091a2826e5efaec9a10f9870c0bdab1e42ca07c07814a1c8184df4198dfef42390cb444ffcf8a89dde2cbd8bcc75e83a798d8ccc865c80109abdc061b48562cbc0c2cc706940252a2f520972b9ce81816c5a32b43ce6d435c27ae6d88f32a043c1872a52d4cf0bbaba07e4ec2dd15e3c44b9614244 +S = 136b4e04197fdc938eff67044168e7dc31ff57b7885d9b41df0d3efd5251a5f91e641b73cfc7732ed326519773c6cc77648f2db4ccd056d52f7314e3f3009eed7f2120155a3566a307cf268adb6c004d435957370dfe06570d626c75db422915e34aa53707ab99998c6d8c0978c0dff28585f628a5077873465b6372bc24a9374fc6edbfbb8cf8833e51cd0cd9df4d3edf0a59a531811599666a2617cea298476300de1fe3e12e45a861f28e66982ef0dd41674276779a92ff9307eeae1159e2526641cd18eab80b43a83deacb075e60864804d9da39eb1cedab591906d4b428af9ae9451c06e6a3b90fb3999808a93c883ac59f80b4d1e3a32a824d1affbfe6332c7527745bf8272ca22bdd508822a655e0e4346343233e1068bdbb866eb512bc47abdd8ac777a2b93e12809e8576b898f97a341621a1fed89db77449b590344e8147d0e81beaad44f74abfef11181c6ec161e96045ee3d0f7dc96c53c6baf7dbc385dbce0d6a054970987b392db1f237778dfb667ae9a4f7133c3d49e78e30 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 5f474c3407a08ec87ce50ba52183d2b605d61768ace41d03134c593aee79d401341bd19eddd8b003eb3e125ba7fd3ee32d53c3fb2ac75f7de51a204d7c7bc93170fa77e3643f8465227cac95dfa06e01c0ceb5fc9d0db8f204411ff8815a67a71ccb872b243dd4972b85227b52d42cb9c72e36948b1ef00a79a79e64847d760b +S = 65e8cec81b96a92cabcd2acf178afd01ea7ac429634804dab05faca839e1dead2387a4a4c702863bd0522c3a6847960f604bceaa5b56cc78f1ccc535e9c387c70f929bdfb564da2c4f8653b74065affa5c754ad6ffb1be0e02918b1e066f14e5abf499b75d176106ac67b6d2ea954eee902afc8816e5c9b143a6820c4ee4c8ab76fc20442bde40a0dcca8f64de6955df646e3790074ae0d11501242d6499022eb9597eb39ae68f52152f71e5b1500ccdf46dc8909dbae8ac5869d21ef30029b0bb3881df988161b7dd3f80d9f0a9631ec6e95a33e02f2e3e736c086ba17d7f803ce670ea9186be3da26e552d656aa915b5f0aa0fd80e32f318670ee05d0a52a8ddf56bdfdcf1f413b66f4d3173b8f6dfbf8e2434c467f6c340b93e597c1cb2f114e103d7c03973c6d10fb357b5ec91e47f03cb6a794f8b4c3eaa6b2be6ea9a3fd34417373aadddcd9dccdb95fc71a639ea99e0641d5aeb63d59477b8b8629a4012e35a3e167ef445b085403018f7a2c731b88dbb843c3cfca5c367d29dae8346 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004140221cce979dddc3f07b69ad9575641e343384e9defefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 23adfc8012add4adaac91852a169e42d92552d70b56ca413ed98dd6e0901b1074381e1a90d59fbb60e2282bd6706494f3a2f200f6d80b209ab83ae45aca3259bb79c34c8652fe2c2a71a4b490a47ffbf3a44a539c5f3e4d622838350f29eced085e43c07a099507a7e9abd1d1496cd249a7a0316462d00235b7ea3b7625b744f +S = c789f344e0f4e0c291bee6336b3d7d2314b0fa847970df318ea8ebba2de399914ccdd085ca5c48913ebe9851a29e40545db646d958b9370e0c59b249119b67efb26cd864e226b289c62edda506560ae976f764d575515483bd13093b28ee85d4ea62fde932d0a77dbd81c971e7f4386fb79c7f4fde362df166255e05bac5289d8f74562be2daf26513472f472b68828b402c4570a5cb8fb027518a29c3c78a35a9fae810aa6aa2bf0333850d6f71eef951c4c7f315f00be29682121e471cb8fd05b556e995d96e51d4d56f0369abacf234d19e43e737467c14e82e05732d521276b81d8a75eae5a096692ded6f5b56fdd22b719a3541ff98dca661778c25f6188c756543bca8b8ef5a29bd801826fa613b349cc24e69ff4017805e181fcfbd8e947a3d38400fea81a18cb8c151a304e6e39c0e86b57ee0d0b1acd7c052ed94818cad2a6e75de2bc7c46fa9ffd9d37b9ce05ca53cdce91ae58bddafd5fc626ae71073b1efa0015cc9df589ae73cda5563f60774fd559e565250af8b9f2834d2d2 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 94f581408cfaecd499c20c50ce61b30fb294b95bf1a84c79529788e7e97547e18e0a3b298ec13a08a0c1d8901a593b2564a12b3cad5e6961de27427fccc6635cb2e1ef63dedacfa6aaf34a23aeb6d54634942cb0eccca137e28eb42eac60e5e6e8c2c674e60d54b5a1a18790f43f287b0ab4e34117b89d024515087bf20c7487 +S = 2e43df8eca870c60a75965eccf79952b6251f216e8ab745226963ba9200b8ba9a99f9093a5b3df5f64e496b73b8ce077b76f4badae288c3e979796f88049ff2ff7cc0401b0f31c48487d01b4ce4854c4f5afb9cdf7b10ca196b665efefe4be742b2db236a379660170c3f684ab76b69de13a3053c403e8e14394379a0e1a6b6ea6ec501e95c17d6c7c728e08315777d29cbafa972d483d7e7ff5d9b97a8c7606300a03e57b92cf727cbcb6f14ae3c22ff2d417481ffc180a378e4fb1a72efeca8231b5fcba6b1561659d8ad96dde28a2f4360ddfce2c598428012abb2ea530b3dcfebab4e3b550cea5894deff740ace9ef4bfd42337cb2d186d2cd05a27e35d37e04093ffc0751f80ca4ac2c3b197c9cc60756029ee0febdbff2c9cd69cd0423a37fe4560a1f8805ce591455dbe56bef0cf8616901f682bfcc1b58049fc8e3ba40f28611822413b1a04d5ead7bf3cf0ecd94ef6bfd4716f1b1c4d82f70ba8e71de91f84b804512dc037bc17a3de87a74e8c37ee921e2c1a03e7cc9768e3059dc +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 2456ef08c07fc1ec469aa9c73b677af225a9f5f6f8d0e150d1d65e71e6677609bd44f5859de97ad6436ecf75d5ab76a41c9f84f6ed13b311e87ab2b3661cbff3ac7378ca65d5eed14f54fc4c34e3d7681cbae5c1c1fbd3274395e2a21d6881b358ab21ddfe8b4564d215d8553e56c4c68dc1c05f5ad1691a48ef9546f495e4d2 +S = 0631ccf756acdd39dcf45947556f56418b598b25512f9851ecc826e8e15ef8312b12896c5046736df8c36c1e80d43abf9dadfdecdaf48b6a79a09200008695e2c7469c837edce5bcc6c86506908be7942dc6e498f9806a921180cd0b997211afa495d1de016a1b98ba5aad0ef0b0b1f1ac7c8dd5feaa44ae69f8edd6fbe7a4b196ff96077090d2bcc05a675bccec3ab7d3b6b63adbd97626494e57d03ccec82a4ebeb2641b07228de82ce892e24df312f2df624235b00495b444232c205a5001c0db68c06ef7112c8427ae0d563b53b16f9fb1bef64e59cac4694884204f3cf3022ee2471c158e70ffd552ccd582f92eaacbcda5a43d4e4d4b2e72b2193e34b03b9ffbd47da3c0482593440910dfc334d74fc1d0dc11e74210fd31fcdccb7ca2d01931ea6c75faf1f7a32c8115b0661ee1e3457090b97cd35ae36d34b06da17c047e785a5da9d23c048dea4c766849792ae07ec95ffea56686fffd71fba54d44fe8e3d2dbe742a97acdbd7d54fe3a78d08bee547664a0f1dd1544b509b5d12fb +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 29fd9ed0a8ca9609d8e67edcffcbf733f15581633c2449b1a2414115cc04763e3c359fd58471f106b5cf3b3d1bc42e2d2744fc17ad2a264950da8ee53a25d4e3106ddf592409bafaedeaa2ddb57f5d8192d7cd0d9706c4dc4bc91a385a6dfd668bec89e4f25a98ee677fdc4637c62b35195619cd637ecc727d560c9996a39ace +S = 71265c24f74301a5c2cb797274c15af942ff4b98aad737596c4195fb698a69396cfb5e967359faa0f091931fd0ead53859ae16c1fb18b071b20dc0e8936b58a6dc8eadc773ab583525b1b9c01112c75acec69221d5a214eb2295a26ecd476ec37d8f2ff62f7dbb7452f306d3c4851b67a57fe3e6d7ff98489e47ec0768e3d701f13719f0d8f11281ca4fd6bc1dabed86c9d51fe187ba5a1d3187465e2181e4fc76cbc0ac42f287e9e4013dab1926e19d02bc5d7b84605111f5d2fd63229cc27d8a0e3378646d90a44726aa6f0a528e86a9b9ae709aec1a924400b67da5fc4d2cf307b810e66bca0120b659659882699994764d3eb992ea3521f40e8fde04af2f84e73e33ae5172f969b05e11f55872db50c1d0287bd331850025e3a62c25c26deec2605a4012c0c7ae8454e3c27ba299858930f3b384188c41b5302c83f9032e45bc9995f3ec5b3e5de246eb0bb791afa31523277c26a590fa67bbec78b7934d876f8a8ade9e12190411829625a845f0cfa48bfbcc0af544a8952d52eaedeafd +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 092a5bc0943f3cf6a6295b47ebfa4c872f57f1a10c8a4040c6d246cf73fd6ca45f39fa78ae28d91b43329d65e11fc37090e5360443be1853b77ec0e79e24ffd8fdafa842d3334ff6fb2b50705311140a1e2c8f6fa7aa0d5128ee2f5fe92b3071ac326d06498825f196bc7d4f89f7c7bca1d503c78173a6a3dfca9b1f9c3b88d7 +S = 31e1288d0923e5de3feb553eff8781fcc91fd118f13e2c931e2ec8d3a102344e9f2069bcd3e9b863911013ce2e6e58948123435fdbaefa122e8393cd84abc653559b2958d643ed93431639123aac801ec52578b8e8250d21d32a7edcba7d639f890c3675f664db36fa859ee340d9c90d560b6e1b07a82811a0ac875e0061ac86ac352d33c1760c3ecaa86977efa971f415e3c4d878e5c4d6cedf865b048d78359c1b063713bc20f89a77962998f253920855f80cdfa21f54cbdafac23e259f6de785f8b298aa9e0363a4f098ac1136b036f40c8ccb87de2751ebe4bd4791be851537352b5e813fd1f82d3042853c44fdf645d47dccf149288ebd41b4a583a8887fb01ed1dc7cea237a53649f62a94e3e1724cd409eda8194d39c047b58c43b3210050ebfa39551a4d1128ae519ba23b20456f0d5ed259342f71e1a40d3b84a27afa1d26a1e4d3e365975e9e92c52802dbde13a239748b1644b528cd824c503e6dd4cb1d146cbf1d5a96e20c388bac4bea7b484c337c7b733ab6715bd92dcbc12 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c87593553a6906097c51fe2ef6f4de291844e6c083f4abcf7f2d581fb +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 729c6a3b890e20387db4ebdeaef7e1036a7e59af6da5952ba72ba55a402a874cda4d9311163d17cb595c3e07d0b6364eb13591f6c414ec3e2395cf9b3ef7d54c21a20d34faa69fe9d563b309ab898ecd9b44fee077b0f97182938187784bca94cf059f4e3d3002ba7a321389475933a8af1468138d6303ea4e8c81c6f810b04d +S = 31a04b5bb1588d4410472beaf2d6ff86d514c30456ef16df2e0b92dd9f26b7782aa0d363d1e3035546d7c91c6cfd05a21190f597103f3900ca12b51922eabbba0f9df47010efcd5394263987c7b79bf8df94ae0318aba4a14caaf791f4a0807bead368a129e201d466e9e70868471e2cad83324e1f70650a2e1d11d9aa539c98e29f1991226357e3585eaac9c856027aa3ac418fa72f00ab71738dd6baa3e8e8af0f30fb58c02f50c50bbd64b6dc1d693fd5d548ce2e0e0dad0ac2936cd3bd1c16ea2ffcd1d2fdc683aa5a0461158aa5e621ceebe36a705d4a2813e5a1b8adeb44718d1af3124849bbb3859db3f8114374c6680cc80222b214ee737744eaf1b7bd400345782fb4df6fdd9e4116714028886e250847e7455ec466465bddd55bc4f67e5ca6048e95653592c9d0bd689dc1ec88aa642f253568d3cc00d3bd719b90e8227c3a1a924f58a8ba5fa68e0b932bf3be5441e601a8466111c8ea6eca21039d8605244aa07952e6918291a2a58ed90f111ea075954cedb1967d4d80bd208f +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 1399504353d5ebc7064355b017edfefe97729cdd100720cb16bce8fd200136ff9668e19c2bac4afd6df392159a500a3cb68ceb19da2648c6cf98402fdcdc78bbdb2fc92f921535cf419d20c678e6bcc72be2c6f5085a700008329e9145ef54e90b766fc531169484aac9678b57b7fde91ffc933742ab80c2ea1368ed0441b3d0 +S = 19e0165b14491e2f84f6eb55f7d0e3bfa5ce45d20067a7809def939408a90b0cb60b3733081960a0917981a89c8907ba50622411958982b37554b40235c28bd478a06d0cfc3aa628c6685fb739a4f72cbd3fa6b6fca3b2e927a7a79fe2d6513ad8e04317ded8873e446eacc8e600380d450cfaddf32523ed7bd339f3f61638bdbbf80ea2cbaffc51b2e14aef079a491eaf55c7da79189327070e0c66daa906646095b2c0062850d9269a456bb13e632e5954208fa9d9a576bf14c958741f7e30372709c20a209d0fdfb0e18608a65f049565b25a77afb4a3d79a49e9fced249f6045d95c83f0ea4b8595288eb022620a1a6e6768239fc95867c575338514bb8d16f4595b6463a0bc576f1edb72c2cc4344b1000f43447207f2ca9049c86c6ec92f1f74b6811b65534808ef659af5e3f283a39b9921ab906a51a9043bc34dd023c54f2a682f0867bf543ac02b55a13920f8c5295b0aae650af71083f7562c84bad2bb0685b0d6101978ab5d789b88c3785d82a01f154795084b6e363235b10fec +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = c783252ef5e96363cb48e544342f0b82a98334cfa425d5a158cfc8339f3fe6cd3498d746220529c77c9fa0d14f91cd82d579e214eb12c5a6c511633fe14c471039216bf9bd164e4f00bd46dd32db18284ec8c6f89419a8133a7dbe4c5fe545bc40e88850ae65f984c06a806dc55413fd7c3887838882a6711edc81620152085b +S = 516e3483482b42a740c475678c4954ddeddca4f5d3cbb9474aa7fe7ade371f4ec09d497ad8f4bcc33f60dfefdbe3bb66268f5bf25eff3a6f4d58b2295c82dd977933e237fbb140f9c095bb31b091e0d8ce862a588a827a3ed7a0a6b407c534c37fe6e89b047042de8119db826edb202cbbd6188820371d7aaea860f08e23cf927fafcea8f398c3e189cdacbe458f3804131b6cb8f32bdea4c8e88dbab79b5493928a794aa125a102c2af675e8a1654489651214793bd7b8e86bb237f5fd19ba5c902986687e18390604a5fbe531cef3d1cda48c7dfefe053bb3142ba153256b1aacabee463dc63e7d74179e83101aed8e9c140f51ea45c94c9114f22d9ba63aef338b87c975f3453fccb06ded002477a073f40a4e3a42df7bb588a5aa830fbefa8c7f2bf363bfe43e236d25f8c0d0adab69e3b3b1ccc756a5e8edf180cc5ef3d18eaea6ae4d09e407a1783ee6a4a5505a90df31d310dd150e6aedb20bb97b2551e6e96223aac0b3484a6179498d1b4c2412090ad5a4d3dbc0fec1d11d8d0a813 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041caca1cfaac92548bc1743c2fbf38354db0247dc19de0004601b8c68cbefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 5c0231e10a12e268e08dbd3b86845a1907e6bf853552e12e482a68afc7e9b378acb61c0cc3397d6e53adf3d50036e1a7f07538a52d5af6634a3aedfc4a22c603bd6a45bd2c8dcf8db73829affda082293c19b4ffb9e5c7a76349b6bcb3e676f7d647355a0eb7e0ae5655e730456a448834f9bafaa3985ae0d97f4c58cbdfcc3a +S = 1d7b0e1ea89523699cb8ca51a9086043c1d3c4e2d0d0dc5e1a6f3688d318f7db0d2a5272f71915ee2439db175714b2c38e8c0b27264c8ee01bd1b292b66197e023f6b49dea082b469cd30289aa5b2079e6342789b1cbace05ce265e5fb1716947989e5ccbdf4779a37bd4b748ffc91c2944259ae2de9582334b6df1c839160e4e704cc8a771d371507a68c61f3a06c46a41e3aef02162e9f20c85ef51b3f15562d2b9a512ef0e81ad60f9934be2a2cf7e5f54813244d360148334c40fc8a2e65335bacac5b9a607d70d4296f56803de8c0840653ae2837a7e826dd4569896555395bc0d4262d9fc025f400859421bfa8cd5841a3375e22efc9c1538e78795e28b6eea359da14ca3c44ee30d16e7359b7d83d47b6744099c345ec60bf2fde687d0f81db3718d3a79e4ae86a0c3bb47ef0618342f103d6e6f7ba89d4a4a520b1a61b2d8d3c5f178a46166631b58921b7e0aeed15c175e85f76575b746359ea831f87c261695896125032d7ad4ad26014abfd7742d5396dc1516f46dd273cee88bc +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 70125f4abfb1179f8c2b4f4cc30386a6fbce13786050b848f0e27adbeb16b0fb849e5b77dd6ab56c32110dc35572d1fb5a9bed2893ea533cbf71db867e9f4e78081dbdad1ff7182b42fcfce52467cb845cbf02665efbc7e7aaeac2e043d22e6e635830f56d9f676423b4c4ba192a9cc96901fb39a9cd3cd11a13d6f222f77964 +S = a06c4d12aba140f9db9ae4dad7a507c241cfc073fe16cccb8e99c0793a0a605097a0538bb4849089473050ae1873fd369c2295dc98b5561f975a66d32caa6ebbf887428b163a9a0515a0f614f636e8e8a87993c11fb334195de25c3cc9103a9e01f5bf2b6b6bba1786b0ef02e17c9256aa8fc714fe5bd7c905e240c2dd120662ff4ed31c229df92e0c819ca384735235e5f817c9a844b733c4c125498ad5493d1651ef8833886d98b409b41709fd0d0c20b0c91c666cdd4443dc0aec4e3d9a844d28b40b36be972a99ceebe68b955fa699229bb393bb65f32f139cbc42b20be0481aca045f965ed2caca3d4f7802bac775fd0032967570d826361620b32a2f230600aabddaf976b1998c9a5ec545fec80522f16876c4fc77e0867867bfab4b167fbee839b83b7f5d647a902e3118a167b0a7c7fbbc31f23c8b9606429c66c46a3cd7498e14a94fb315360a1668025ee35bb49fa614250fefd9236b8d3be9bdb271f865b460910149449e7d22df7dee27db29aa123bc31915cded3def0249d2a3 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 29d9cfca7319f6e6ae00ba6de43e9f20e140ec7b45f76095d7dc21491c31f5932989b43cb58afeba72f229529ed87d7fd435a49729a25cac74636fb0eda5e5ddfa047854455048051291d0ced04819e7edf82d7defe5cf9dc11c69544ab346154452015a4cf33e8e35e5972ba217da20d4937175c0492131650ef87c5ce48001 +S = ac2b892951ec306c6fc6c0550d633819a2d4f073001665cbaa7eceb96972e7b0358fd49f1fddfefbe16cfdb78fa15e4174b5d3e398268da9eb23e6b7cd8bcb679079106f583390462850e44b23aaf0a59dc9780d0f3b15bb93368da8fdefb979b2220241af3e60e5c1e2bcf23e2e8657438cabc2ba22e4081889d94f2abcafca0dee1e81ef1c29d3164d86fb50d28ebcf89e362f9eda07cd85206b9351c6092d37f0cbd1765aa81c4e0e18bb01d204a3073e1b60fe67c6233862f1739f223cf79160154c138f01d4428e76980e0dd9c21e1a701d05a6e67acf7f257275b383e506bcdcd54a80fafe266e87eb36b3c076589d1696916ccc88e4af50d8f3766e6dde0e530cf747d814a591e5da6bc977eb25b43df723e28e3ff226253d07043abf1b8f5a013b2651de9dfa34b7ffd94baf8fb1459b9fe305bd58064138a0ede6af36298f3444086f1a7d0c723ecfcd6404fd267bb20ad48f6655a9a0886868a83a214957b40af02064692661c1b191aa828339495b3de0c789856f80e5b2d569fd +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d06096086480165030402010500042038dfa46ebe6244537c96b22aaa7542f8cf5a10069d87d81b37f93a2ff7323cb2 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = adb245d4c5c72ee661b657c6efc444f8b1bce6b8c0e1bf905028472935a48d62a742219f42b6326350b5f4224b6544509e128fbeac22f026134b9805320373a8e938098a9f42a2dd8a16ad672abc628f1703a7b8fd7330cde583eb1db60c9b6afbfec23ce652c57b953f4b3d95b1e6dda5f7f54dbcbbc9ad4d38061cc9a74cce +S = 7f25b51b4d94f2220ff257205e640272376993e698cce9fc5a9b429ecf8a3d6d4150341df129b74030afd5d092858153cdd01a38a586c05871632525ad7b9d433dd9f8b1436d3d62efe46501665e075e918c39f775ad6e1e3e4883a529024193891d9463b0d1424a42890d5c05058d8925fb4c446510f12afd6457b50cb611eb0ca641b8f2f2c0afa4f03e98d154447497a4640405676e003f8a2cae21458d56c59785e34f54000b6105e85e25e4c380db43c71b990d3653ac344e2bc72bff987d6c5249205f2770998725e88125309a7c49dc28f9e6fc8a1340f9dab47fc6507d3d99fa876c330ee8183827db1cfa6c05179bd49d5e4bd6b467d559731417c9b19d0d265bd7cce858178e15cda9eda4b1ace1f6a492251c4e591945d2749d7ce65e8c03d57277e6bcb0f097c13504f006405e879616d95b5b75005118830beaab13538943044da67867877da87f29183fc05ca754df6c5bff810b6e5dc64b9e50ad29da9fc74a2fd20ccac5a300928ced1c3eb719e44e3b21071746fc559b1f +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = bbaa076712216e08ed954528d8309ee685afcd901d6865c4d48b63d5c0a8a870eb71ad80a7c2724e21deb7ed39fc6fd5910272cee49072109a4030a8992cef1d5db129544b7382b142a1fa7f747b66927411212a8f4dff1b6033822b9f6851bc3af1e5aba73e8677786776a630b56c645564436ec6a7f42e4fedc2277b63b494 +S = 477b191f2d027ad6621e38d56aad700749444fd895238f9dae3633176505d798d670ab5e85df8fc42906949ba36090a14577e9b179e6704be20f1d3ec2ff00b9f038a71956ee353f358f608d1728164fdd3b90213152049f2b3588237a8c1530f5333f0b89f07443fadaf09e80122ecf2af6c2dbadd5e189f35f9c2cd680118a2793190d0d63f83e13edbabfbd01031b6875d9c7fcd38bff3587021ef04f1ea0777ac67e76aa1b0773109b869075ae2c4c1f0121782ad767a7d0e78f3170c3e3243309ad36378a698f39fc6591463dbe9c84292bc4a44b4874320f9c5cc3cdca879f2a015362dcacc5c74cccc2bfe05f0773f3a836e1ec511c72d9fc7317deb4b2af5976bdfd1fabbe15b3f99b498647d92f818f658f8398c031cf2f364ffc106e75ece8f1cb87af2592fc4661f80c45e76fec99545c54dda470a019ba9a26068f05517defdba0d423029580ffce95b3ae1e5c8a882806f40ffc3b78640d6b311c2de8b0d51bf82a1ccf304975bc413d5f7e2222d91e5d650ba601594283aa49 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 7e5a48ece8abf0637665d2cc4df0476da66a82006aefc2100018cca662c1992577104c739db3675984683d2d43c3abaea52c032fc42749f8dad8a2e953c6096027df445d66bc16e41527b7a338da81d5308aec664724bc588a577965d75220e636cf18f36c5067cccea8267754be32abee8e25ed1b7085f9b79d3b6314ef467e +S = 8b08c4fadf5a33065be2fe7b2487190aaa863d150c819bedd2de321ec34b9f397e5ceba241c998d1138080867a2931660f6d720099698a473b10fab8c6c1ac99bba21ec964db0e9de0424d12565bf20978a6041b8c72019f910c286781c7979a98047abe06850d282644f6b7f375c6bd6af8509727b0d64d851902baade451f6af0c21967e4d545a535ada7f59f23d90992ab1268dab4797907527b9929cef18ea468e4803ddd69f44627577e9cec0ed8219a659db94d46f560cc1c32fc36537f9fbd568e26d22d070c82805cd17cdf80ef8ff1129f5254984ea7e13f3b1d40f7d9c304f49b504b634807f77dfe73cab854d3b98878dac4d33d13289d1fbe9e1b2f3c75f6ef5e4deb2bbd8e56ee6353f2a5d9c28d4640b01777b3bf743e4acd53e2e413dee01bba20d1811c62c3ffb27fa6a6a522dca12cba25c0b5c2f02d3f6b4593789741aa8d2e111b81e34fbed7ea544405dc0edf263283fd28249665001488c67f9ca067569f82c52587ec438b54516d1d84acff50719049e64edd562ad +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420c46cd19378dbc903c60d48ba8ef26b1ff32f64f6612a2fc01dd770c878eceb8befefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 2bc088c8b2a4af1e90a9023b3216fdbf89aab7710e8b0bd6037ff503fb5e3eaf9cc85c8ca41394d82a87612e27ce19a334a6ce0e95d972a7776f3fd47622563f6212a72c43ba100a9a23c947ea57ff697719bf5b4ed3160485d0771ec4ab5c460508304f97816ddc69e4022e859bf73adb6b53ff40623e16b60a638beee398eb +S = c42b0d458924349b4510e4805a6f199b29defe24c7220c54d1ddc44117bc05c5b25858939708333c8fcae96efc75e1df6c6b429b2f0e3f9ac21a59e15c1a976fa91294c11e255139725d5b9ceffce0bffc93166057d191be06435d68a64e0d790731f00fdd868dd2881546f467b52d3fd240cea6b6e3883db18facbb67ff858918de576f275d6a0fef13fa135665928a043390607b964a8d395117f886c661d9a9f8d3a2d863292bb2d82c987487180dc2fe859fc20fc5ba849399fbc2a5bbc414fb244003b1887d945580d2bae524d24de03fc14e5595e7471f14cb212cff64d561de03d5a85304a51883a10c259ab729e750f8a424f769eb8ce2f12c2ce2b3835b0ac9b219a22b5725149d65681c525eaa55ddea7f674ebc833f74464302597cf603d95fba141b8ddbaf3a540df6ef9bda7146f4d104a9287a4a55bcc5f7cb4dafde9c437d2172cebab2278ce97441cd1e091e3d18429fae503e1cc23319ca6abcdef6f8562a11fe7fa1b283f4c81a3025668bfe995dac330bd0a3ac869985 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d06096086480165030402020500043034a99a927444c010c6a1e59848fda5efa3d6f47f1dc62aa4a8c085308632d72f89e37e9f74f5947755a2dec1ddcdcdf2efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 52e616af9542cd632f93bc2f3d510bef3dd341572014ffdaa0b6eecbd447f6c302c4b142b45b1f990e759b075ef40d22f5b96278366a3977ec72df8ae1497e85acf59143cad19b8df08d193ea076b5a5fbf7bc2bd660d2360fe7e54d21ed5f7cf782a0fafe2aab097ee11f1e2a5e6a42f69539b8287f32e0b21de65bbfbb0170 +S = cb647fd846c24b61bf5bd7893de079147a8fb4d447bdf26aa871d7ef83de578a383d932b152bc28ba4baa5ccb15e499e338b2a5e3606533c62915a26ebd8351212c226265bf097af9e30f113566921dda511c72fe0fb114eba47bfcdd052032abed1f69e144ee7c347f62f730b96aa42b75e23773d2a65f0d5f63e01c395ffe6c9a87c2364c05983e4c676af4b57a2190a2bb7f5f1b96574663a13540f51da353be8876879a1ac90b10a5acd42a69b6ab45ca194fed641acdb89fcc2d93325028f01a3149795a2d95887e29e161902da1708410d37cab1987d4f3265b9ade7c1bff7b385ec9ea1221fe00a285a77b5ad37f1e8519326d7baab48fcd70aa52dc2e6f8e7270e2c9c99f21b30d217a62969bfb584ddcac60959f71d0ae16cce6a41126c9c597970a79da11e7302ec710df8890afd0b133306b8f8a2e1c67a6f0103cef6b13fe4c1b19415759291267b3fb0dfd552d83ac856f85859589c69d911c9e498160906833664437456739116626d03f6f2028d869218b418b6b9360d536e +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 11a710487cbb1b9392d6f6c305b105f68df8d5d6384e0cc10292a028a5604835b2db30b1e1aaf124a541c03e0462e575a6e370f02cb127a4c315c2bdf8365b3fcee020ed0d834b6ade7f549e959e645bcee20e40bb823adebc2f611a309b00d28c3c46c4aa4e10ab631718aa5f6e69ee2c7e17908ec82cb81667e508f6981f38 +S = 378ea4183be0744a9b81e57577e197b4b20f3e9cb7fc455def83eecac3f470e758557b741796439947eb6b97b46b3e67c12f30452c04ccc3801496db5e3df3b5f6442b7086eaaf36ee1a43746926e78cb43317259970b71dcc9127fb41668845f0bc7a938addcbefc7ff19025f4c35da5efdb74884a98872119983bd0c1db06489b7530caefcc81822e74fa635ed4aa441a48b8b7d6d64f1a489d50fea892b2296c6b1c24829e7f7a23c186dee29d88bed157386e4090caee36fe5984aa09cc222db2f5985dff56fa97da47202fe49efac993ecedba74132e144e3ca1a5702127dda6ad91e133aa6e53d3d5cb8c81b1397b8c8ea2b55714f6559f198d8ffa7aecbb12b2d4bd99eb697a3d26ca55694f2f1e99e543d6be90e4a21214ce3082d0848f3c141c98becd7f986d5684e67a8cc5b783d90aaa7e0e2f30616f59f38ee150ca41101c4f20ade865add34fed3727b745db406e91dbdeffc40875dfdf2ff0dc62a8d392b4272630d3b17ccdfe39313e7f8f265b2770942f500396d2e2d97f9 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430eb5d1d6ac4370fbf37da65a4a43e31015aaba587ed2b1720edc90282ab022f9581f3fd35e174a5be58edd5f9a9aaddf3 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 979982a68d0d60a1200990ebf8a49a7b7db3d1e83f9ad9d9946267bc830c48bbe025a5ebb99b85c7f1cf93de2beb22c8e9766e5ef526242b01f5251d8a768780026add2d2d8fb9ffccb86f8779221b01d206e586d96b83839b3e006910a4bca6438fb5d5b2900431f8ecab50a9f18d0e7e8abec7b212fdc9ab667f08dd3eef14 +S = ac48451dfee18a468ebfebb7300d03efd9231ee21d9a3e3bdb5db9f5ce8d3e1ccb9af7284d5a98a00c39cf62d9c4a46c0374808b0dc01bc57ac8a61682a7784279d090d5d57c5b4f36cb468fc9200e3c28818f5e8cb14bbec20dc460f2721cddb09233f64b0fcf7fa00c165395a681ebe52fc8673d7b18003c4387ca6c9487f02912cc15e525531e1d40aa79881e2c6b2038c5938476d4649f20957cb0405c6f1dfb14c1986235b7f8f18ebe3c47600ab80f841c100ebba3e042d865d0fb8de4708da33493fadc509683bfdd16c00c5cec1fdd7d3017f4a0718a615dc7122202a54ea7429966e6f818a4096db8f0ef3e530780f09eab5d96bff59869fb8c85ed059a3ad8dc3d5613f3300a8ed17754228ab4e38dc24dd8127ac8d4cb7a68af8aefc87e94344c46868c1562942e188c9618be86bfa09d12a16aa0b52a7ab493fec12eb8f4898bd000ace4c2520d6713772b524dfaa86655fc5dd140d1d7ed49db225c93845b41ecd10b8dfea26adf2761733cf0d330feb9cd024bc4b906fa14ff +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 7fa4945a374691fad437ab261e2c9068c7221fb14ea96f4a2483130d0e6d9cd5ca3d6033f52d7a632c77127e7222dff0d11be92d448794a0d558dae4031ed83766208c2c96acdda048abdbeeba78496752f359fc82d1b63eee36c789d185337b9c77a0abe16ac19870fc8fe0c0d9d6b390d1f486cd2edd0cb74463624049b58a +S = 9e8ed5b7a3863ca22b2c2fdcd28ad09e69346c8d14262c7800e85ddf71b845bf31d2101fcb91fbce1f227ee1c72210f29d995404ea2e4b31b41a71173884570c2fa0753facadaae01038e6b897940e386b601e972d84095cd7e51345348d45a653c1ce707210b017c1b32ff4904eadcd34097af48a430a0147499a9d9ee8a765258b94fa56b0185bb0789cd222941eeaa8356964d2b1b12c81c0ad0440725ee6360c9e2f2885047c5b6f2069590c0f85352f5936e183d78e5a152f6337e1643bb37de221291191fa4226973f9fde3c688fd214c49ba3ca6df5a09bbf4523ead8682835944b1f7175ae038f84955dab509e0d68b5d9da75eba60e11e4e9ebb4d0f2dee448694f952eb3ad39e740516f129d12874e29ceb895dc87dfbb2ce4f208d1e646c347f9682dce4b71ac53ebca2a499ce64112279ac439f5942c8d04f2bf5e699000efde4909e6b6b62cfb52ee384e31beb22b1799731c543c4a95303f8fd32a14d7c0fcc4b449c9782af392800d2f7bc37369293f49c1cb94b2921dd407 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 831c38ca5421eab1edb3600fce5acce059ff4c5b38b56d69fcdaee5c045fc6dea164672777084574277f92b42b654c8401517a5d8baeb30cb6c6df635a20422f610cb66a2c7c37b13215a5f8ea86c67cec198bf95387941d6511f53d76cc3b48093daaf93925c950579e2142d56741b0627d059657eb188552e2b853200cb911 +S = 5c95df8ef637f77033e66934588956aabf334f0f5ca5efa1bb0e5b1c58fd313cdacb4d9f3163305e048d2f33a9d101fd6c0670f96d67b466d11f03d3aba60bdc04869e3a17aae7c80080e146c114413bb6f6016653baf26d3516fc05fef13149dd552bf5149cddaa46b783e625d5a3a0b859563e9f467d9a2723e5efd041a92a9837d4b652219d4a9799b35cb3df6c80b8467338b0e7c325e0dc1ee22387af8877e66c6f6a9b0d12a83db08dd4a843dc0e7d0aef5f0ca9cff1db415f2dfdeeb3a0525b2cd32c07dbf39eb9a3a132b9f764b66ec0ac6cbe0e770e1afb063cd1cbcfd8e8b39e10c290ab4a8500b0729a1240c772ef5adb065965ba3a4536e2ee0058cb11ea58834a5ff267fb11e90160c7a433bc1af9a044e208265e4c62b5940fde0e168a8863bb398305acc367cdb1c3b70f39ef051ce9614a125c3241bdaf42d8416d4efbc003f698878829dc2cdb1dc1f7c0ffb1af30b8d807b459403336a2eae1a6a497e95a0667a2f547b5d40bd97f9d76259c3ce91f1209a00e8da48fec +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 939cc087cba5d8eae6cd3884251f4d60808bdc82f2e6f013183217befa20cd5929d339c80ae7171e71b2f60671c9a36273c6e53186496ab6f63d02d7205d0bc384f62cd71cee47c3ed05a8e8db5b8305c1339d13c1f6496dd97b9634b785c7f2cf8d037daac24e1f814fb8f30adcd49292576cef4cf47380e9723b9f68a1e92f +S = c80363c21f7f20d91361e148b0a76c33ab2109b8c8e34609f567b49ec9675f1c04452715371913685f9a2f88effc90f3ac16665a2dbc81ccbdb4cdf677b66752fe07577c9a2986e48bc03e12126bb5212d7e821adb66c4eb96c267eb898db16f0fdc52f8f98797281d8411aaa4949d41815133a79a7f6f8cb3893fa1e28a37ee6c550e17772d5be34cf4b2cb16f119fbf9d5f41c411e1d2561d33aecfd9fcc425e287a650b127d11ddb2fe49a82ad3e7cfa84a4da75615ae23d0cbc45d58b7cd4123105ce3444a52412bbf09c08036f10d03d79ee735741858017181262fb5e2f817e0c53d3def1fe84c53807933bfdbb2ac2eec4fd96d638255364033e38ae5f9cdab1241938c1f6dcb14067bd236cb69809d95349d9c1723b39b71192cfe0c8a204c142a2a72d67f124ad6b8804d3b5ea149c7a1e884025fe56bc7ebf925d34ca62c285d3b290eb38fb24e59ad7c47914b98d55cf8d1685f1d08d1e919f314994a348499a68d3c669872a113bc119fdede411f4318dfffc8082e442784b68b +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 118a21ca36aa54b42804f7fb07874ba74e14bf3906dfc4343a19dddcaaccf53ec306f670cf39971a6ae2763535696613ce480aa0ff70a3e735e826d834b892480a058039417dfb5c59f693d47651ad3d55a51ded849af779d312a17b060f2d93ccd1e6acf53e2981df87775f3109c72ccc7121a8ff2468f3fade785086987128 +S = 5d1fbfceec266986ee94603ef2f57ff87959bcb7f1677fc871f97b5e73bbafb6885957eb04616a3a9bd010fa46c8a5c40831944a7f506d165ef3cfa4d3a7bf0768360e8dc0444c2b7a2e05106cdbd6e3ab029c11ebd701fcee53bc46acd269582ecd7635178b850ebf2522d16bb4e6671ee7dd1d417cf0d23baa26237e03fc0650462c1d113dd450e4465ff18d3a9871fe5fbcaf554d14c0bad78752b4c048356ffed2f80ec319ba816c60d06e270c656c8687be145df46baafb686a9b74df7347c8712dfe671b33aad8b3b7eeaf6322a8e770891c8e03526e1c6ea4fb9dd03413d646b3ac78a3f6b28ff87612616dcf87efbe12ebcb6933bfeb714961e8e153f96ffdbf7777f6109be52a936a13986e4e8229535f51a679f7d7aad4acf1824bf0616517785b864f5f19d275406ec53089a04a4f1b820d167b5ad3ba36910a9730722dfc58fad54f1e0d7f761f5d4ed3bff3037f79361fcefe723647c65811f4ac66dd6dc4e3f5b4bb1cd0f3d2aaf000251b69b9464a35bb7f7540b1249dd39d +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d06096086480165030402030500044022b0603ccde4538899af30bbe52e2e4d6e62ca5f5e69a0e7cfe914a193af2e5788f6bf85199a7098078438b5d2a3b694b926526033922915953e113bc4b56d3eefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = 465c2bbd78a5f3bcb387d0db7910e9b2d0b827948d949a67d2cc19b2d64f29f8e4c52145a7c68b06a449cc1d085f0835a421405336e6bdaeeabab2c1200c1d9e70a7ee85ebe46bb5a41dd382706441a8e975d4dfb9ea0db015ae788687b48f08f1e9dba6cf675c72bceb2b3238895eb3a89e2c609e0752125b90b42a92af48de +S = 902cd4cb495e446e0b4d4cc1944fd9cddb126dcb60543dc32c4ed0eb4e72182b1a13459746e4ae37805e23808cec5974083911f1c3f155e09a3223b03aa145128c9a2ead1c7010dbf43231b6ba5fce2ca77734e543139118475f5f3eb9db6c0dd00b01b7a48a1b4c65cabf9260d22776bd4168a7f7b8b81099ffb60d6ee00356cc16cfee9026fd318ef4f0e71288daf10e06b6789fe0c590ccb7c448b7426dca0329453633d98fd3917562a2df5c2a1ffb07f82354b8e3b1a508908314245767542b856938e019ff4ee00c46ced5b8b836b57b9d0999742b2e23dcb15e66c49401495dfa7267360eb0493722abe6c89cb92d47aeac5218a4a949b4d7c4ea23c7448995294424995ef6b873959fa8f670e764a59cae39e998459f9eb03f3f640a6c4a6c39a9532c48db61b5d6031e7098bbd836f5ef887c20f00e6f8d3e82a7cf3f3fd027cc315b85e93205b78e29b9307d25f6c38498bbfeb08a0aca6975f241df0bb9e27e99dca0b555ed294a23071664a7fc9039838a892bd4cf9696763637 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = cc848fc93ced6a3252fe844053b56f8b8df90ac8ebdbb035c81baf3801eefc424efe25fad2b38698f0b1c08e61a2676e8335fb08f4661ad26001f38e9761fe26e37eebdb9827d89eec8bc6be09fe4ec461fa909c42646df5aa11f6e95c8923e1330bc9b3b7d1c60eee947e1875538c55ce51b1cbfc5d10644d559e9378edd43a +S = a2771501c8d96b8f29f456930f1551f648abc58e214854d44c1bc32de90c2a8d269ebb1c30456e710fe411483b4c931d40a7c300e731ab0897f976e5c5aced427bb462acb998ddc23031c84efe0d187930254e0e0e1f20c9155ba23f7d2a02f1b390db18c71d37f175d13f44e421279ed5d803ef7946ceb364dfb42114b2943b446ae2eab8932f19a87eb449adcae98223f333a47eb028dcdbb9a8fea2018b3e9bae3420d99d288daf1c13f9eb9932814d530d1f8cd0f496ab21aa984f5f2df5fc5f56a6e7431542864f2ee78108eb4ffdf98d50b8bbfff626da4f166881d8126442331ab8d4d30492473a6af9c1fbb08fbbfb6bdc828d2c2419a302800d21e91aaeb39a453858f6f2a3675afe000de678e5095b9b885d1b02c153dfc48b33470fe8521afa1d36a18e2ebb81d58e1cfed3c0125bc8c5635cb88ac78e03aa6d661dfac9bd2844aaf98b6ac7c753543865c70a34c9f49b33fa63bc7b4f0b4a38279fc413482f2757b287c31f83c786d5a55438c00d1f3bff8479ed3992cce425a0 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004403c1940aad46377052b5ca5f32e427fc60524134f6b125784071ecd029233a6b878b85b7f3c9a7ccd4838fb9352a468d02f64a6e19ffcf2e2158aef7f09033d5d +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = b493cdbc8bf23247fcb00bc4ad61ee808ccdcfaecde823ff2f04467382451a6e6655f20e555aaebce425270145accd9b11bb8ed144e6fa038ac2a585b955cdae9eca3d2bfc697199d2c7fb54dd3a26895e90d8931d01bd84ae61a101f39b1e54e25a78bc8809c5074efe51637cf24072fbb5759c5f1fb3a9254a028f38fe5588 +S = 301c7cfbd1d8fe0d725cc8854a9ba1c7b16a3e4c0e357373a57cf22386bc562615cea5e5359d90eac51e558a15580622585f4144905b4dcdecca2e42f68010aaf8be6a17cf2fd4a5ec77871c2229912dd6318f365214939e785d2e9d23c75eaf8cb3c9ec8a21d15cf7186aa3e92e1c1209f054c335fbd61ac9c48244ecb4d607e3bed905a930f9605855e9b220129ecff5239eab8260fe7cca7d07af495a134dcd63dbd71c72205d11613ba89925f7bbe36c2909e9dfd40596f2b6956e749c3710587d4f1c304acbadf83c29caacd3a1b3f0dd332560fb8802be3af45e6e09aaae57d8b8c75441f310ddd927a3279243817943719451b94cd6d3cd62c8e1c15070c2fda9baa2534018279d36ccc15fac086cae7d430c44276517d1e32082a6de8d0cd7d88900f9cf4a5e7012074834b9783734dd1524e191a63e0c6eeaa5632f6ff2c92f3d05589791d8e717f4833cb5640d2444074e881419cd521fb7f5f847fc1852c8e17ee7c7eb3d808c9870b1f81ea69a54b361b65c535e0dff70278c61 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 22987d4c34ec4b902622a8a6aff3dbbdca802c7c05de4b35d2402027226d4d5dde12cffb23315451fad250d344806558b7852140a554f05415f570af785a6db622f1dd0c11a3e64bfae2bd0f59fab4f2bbf50e26c14f1c58a578d85d1685e896d9ab6acb9242278394dd91c275d8c9efd8ff0c4ad54ace97ed8a75cf7de374d4f25ca008551f66f62a6f62f564f7cc4af8800cf6c6f65b08ceda624a3a98b8f98c0374e7fd2966ea7fa44c347e1c484c5d1805d81980db5d1eb193f48c111c02b8a4e987a505ea5bfa50956717f77a3b89e47fd8251eaf35b3863c3e32a01b6271d8f793074aea4d0ba7eec8d1cd23aa967c7bde7c2ef919a1a9744902fac439ac3ada0f604e2c1edbfc4349bdc50060f0a0b2e46ec8ad9385d63342c1cf5eaca1c68ade01acd711b96f3e165458d53ba6108bc784dcf36926a5f2e2217fd8afb78f46a7935cb27707a192ee7379c72b74342fd48d7e43b1a446a01264eb2bda68954b310faaf5dc57b524a4942b35f17eb7b69ca39e609e398e9cbb6d7bc61b +Msg = a97ba5b9773d187153d602d121ec843f36ccc618105046af44067093b78e6e11114441fa6f2011a759dac139f351c725772d3bf1e2c32d38ee3a3cf441ec64fde40f18ccf6959185a25065354e5a5b5715b47e9e782d70ee508601ab07d30037082452b6746540151783154a9ad1e9ddfaa9b8a73956b7da5331e741730beac9 +S = 2f2c9aea6942c5a24b4e5e04875eb5c6f44e83d89ccf1f13455890e2d61f2b7ab464355c5cd0e7e9aecf004a0b85d0cee852a9681f4792899731f984e2c06e47b8dfc4424e4cef5b9f15def45d528a3a275fb4fe7a194ee7b10a6f9694e8e1659d95a6f915fd79e3406e05136b244213ccf67c5e2055adbffa85896591d7abff96f6e68494dcfc48440bf66cae21d1752544933bd22154756ad15a3c664188cca88b5f23a6acdc151e62f7d0bfa9cd60429031736d7df76bf2c12f37c338a1174eb42cb740c5d38c1cf1b682aab8d49443016cbe397cc0c44374f29502d997bde22a45efd0e7c801ffdcf1b3e42e93b955ecc0eac9f5b71c349504e8b2973d894f0d33edfcd07f9fb6b3cbee593448bef9590391d13b661e2dd18f70b43b59f2e79d65905f9ffd8ce0117e06e610f34fcc8dfc72d6f0440e2e6f882747c5416bb8c3ef6ec702164b51309d3df33a3846237a2f0ea8dd39ffbe0a8d549cdddd063d7d5a65fa27acb62f46ea9f467dc0defd426cecda8afcccadd1fa3e483d5fd2 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +[mod = 4096] + +n = b10935650754c1a27e54f9ee525c77045d1a056baedc8c1ba05a3d66322c8e2e41689ca02b8e6ec55d3331cd714e161b35c774311540c6410cc3b130e65cec325377ccf18a5d77054afaa737e65b68662327627f5d1092df98c08b60a3ba67599b1406986f441528d2f1f5d6fe5ec6b8aa797dbdb3162876b08298237af81c7004863576af572ddd66c487cf32a82d0f9fe260f8f2681613208aec55723622f50d3cb3bd33b1226d5b5b9ea2c97a2c59054e31536849ec2f0f2597c077e621ddea0a22ddfb1df925c9f1941cd431afce0398d28e736cfeab3dd7f062a65a2a4c1ddca1f32afa03b4ddfd8b7ca40cc0ce2ed42229d753f03cc6d8bcdca76ab7c2703c5ddad08aa9bf9a27740a8b23168c6b55917bd3d5c1c057c34d1efb1411da51ab745519bd92b9432fea8fadcb9a70e5dc3adcd3081d3333507b7b998886e988296628dd7265e64eab557712556cc492377f15a078dcb620a6e7f051a1fb8754efdca3de253dd0aad4205b032659e4a4fb307f074fbde340702b5911acb34737d7834600cf2ac77f62f83ccc9ba78ff911021b9f8ad1bf421430ae0d64916944b504542c0f6263c48e5e233ef1869df1efc2ccf6f4a95e4db2de7b4cb1a992bef6573511bab4bf2cd58e72a0c235f56dfc182df4dfffb69433a5677415f35d84f5125f5200eb57868cce6b74c5833417990e318372c9239a36dca1a0b28809 + +p = bd4e8bb7fd7ef1e39d71de06b0001bdadcc81b0edf2226e0d056b7eea70b2249000279cc1c04b1ac2919014fc3fb8b62baca3e261601fb0a58a9f67f03cd60085b2d43906d36ad014f321012a9bde9617478a0c10201afd53f2207de3648afd1d737afadf7fd2c0b9824d4f66b2c7dfe93390888ac088c680c27b1b2486659ccfa8986c8c23f78f18b5815a410328e629e7440221bffd8ec4722bba3420da5234f898f8cd7e6d7dcb1349bc4a0b665b41d930e3957cfdc88797aee5b2b27dafb5ba0949e3dd892f490212dfd249f4b1d99fd3b72695ee0652997127f0b9b417fa8365ba9fd103b978309d9baa9d401902cc107cb8d2af7ce04660900e3707ab3 +q = ef67f69838735c055145d21fccb42298642177fe3fadc39070a95e4fc04ff058aeaf9070b4eb2de1cca72d8533bc55206d2ce9f2895b148da67c89e5b6496ba682f76bcaef69306a7fa4fbd41a838bdf0fab3e7b56c27a8c18dc4bf970364dff7427cdcc6f532b49712282370a718b7d5287bfc02c4abc35ccb2eab3777f5e0d8a27ff9ebe13e725aa0a0cd48aee1fa33ea6b4ea965ba42fcce7af3c528a6675cedf4969640f2ca73345dfd322620df9dcf16520195df8232061e2bc89c12de24838f255e7b1c17713ba435d5a351e263350198b3fb881b8ce0acb5aa58b7afaff184489d167c9af21e40e2ba9fa69b44a3854329385c97df0de24dc283a4053 + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 200ee1828829d9fd27576e253ea700245c38c5ae78fc76e33dbc4877a55d1e10c961fdeff8b1c0d306990d1ae614872a7b4a450fac578465b74e9879c77d29abc8f39b177a40ce74c47c083b4c8b2f0c449e3c4f87fdec17e405b84bb96c0807c4cda44037606ba70a0847d0959460945e3e90b4307818be6de99135a4b225ec +S = 33d2c45a355afbb8eb5f64fbdc4bd3719afbcba36d5d4bbc697887ecb7e7ecaf99bb31798977e3385544fd4c44efe1b05f2a34119bafcd6377c24f57c030498f6d96148677079ffa05a253e9499d6b13d3c02d5347dd3263045919f1a7169f4297cb4ead2340e6706269a8607b1575044e75adcb94cc7db8ed80a776ff1e56d1ac13ed7d82439750d51904337c63bea9a059a056f30bbb8c1c721a0d666cb843b1a8223b197a9f48e3941a9f6d8cf022dc4edca612d057b2548986698f2a53266f49e7995640eebe929fceda0d33eb24437113edaea93e8d7892ab14b25e851b88808b470a90bdcff021e798ffbed003b3b9c8d53e4a1cf77aa7b5016a2ca41d4da22ebe498c73bb3d0239cf41ef7f404fd609d390c8c1a0d2f0a6817cd3ef966196d64c89524032b6ddfdc6f9d6876d6b9e1c55010969238af5f2ab616bbc9234445d07f2462aa907b31a08677fcb9236206187e00888b53e925c334f4993d3f18ad6db81ced54b666fc6513da7a4e8a8f1c0eaeb6819cce7cbd27de9f9c9718d900297247e41a704b7613221fa114cf145a1cdabf4217eee25678a24420c4a75f8d444069c976ef95d61e5abed512c01cff4b864038ec8e4aa877ac501664d48be5aba39a35df9b3b1ef01a25ebede122b1797494442420e0f0d0d4b7c49d85f9ffdb102a7a1e0ce6e4a99d9690a80958ed548e5beadec583c192316fc7311 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = e0dd55521da6bd181813a02ed22eb20e2f5d9070573846be5d9814c91ff072ba6de1514b6d08a4373d1b1feedb343e8e426c8a0fd6ac18bd02c052ec20adf9e799456b294df822d035ed7e4e4652c46299f06647ca02852b9e47b4e2e856ffdcad322c54861e40cb46b245b5dd2f4b727c10ad7ffae195ee7754c2133f928981 +S = 2c89c5c5b481ae5b632c628ac42501f9df48347c2ffdc7d06526d2884bd5dfa01591a0a197bc87c0c3e2b9fbd6934a29fe5039fcf5b5fc89c1731fda7e274e706826740dc352d95c470ec799bf4123e7d673060de89d217acc23ae544ef70e4bcff3af691123216582b4fb6bc277a1c364acd0bc7a689de95e2a90d762ef4ce7284ae0a9d42f0ff37a2f6a40da956cb08ef0520df1e5c9462ebb5694d93ab5ea7ab7cb3f1812eb06ffda74f651d15439797ee0597fd00c5c08ff08ceff35a44875afd485126a9044c0635c4ec60992dbeb9cb9be19541b019a270c85e2c7a31a687f96f13b75a11e1cccc0257a7a9baf665553ffd34802aa23f0db466ec35d8d5a0d6a560c75b0ed1f434ce06e23ea582e53851c59824e476686d027810f7b46f31e88969b8274bb3116277ec1a3982f26d6918d4919b2fbbd161af81786842b57c9dd7f388323dc377aa64dac6782abbac9ab3558cfa8c989b8df8ac5be897c848cfe00407ffc9de8f3dc94a263182523c31efac84120c3262158d9190908479fcf24343192b86991a15a2fbea0ed8ba12d7644af798be3205538ce4e45a437e116a1faaf527614e57a4fe2299c383fa2383a57b7e950eee956dfaad4dec984a239fa4e09586113659126658581b62de9eedda4a921589b02d2f24c57f2827b4044b8709bd688a8a114fc9c875973ef145ca1211698bde58ad273c67b6a5c44 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 22b5d51cc4048a5a3188dff7caabe8c2f2d8b59fcd3032da477f4cbb596e555b88faaab5ae249300fcea6a3d4077000c64973cc3376d05c171686200f173e0ea486c356e7bd8225205d59ecb1c4f304b35779d9aca71c3285b4dc5a2b33968c36cf5bd6db58701f8532fc1cae69d41276e621f4b0da534b60f17bbc82729b58d +S = 297bb0df8a838904aab3f7a517cc87b6f5f4e53e314a2f6d0270fc34ec94da9341cf86aa8f7de3220485f0598a5907ac559e89bbbb1e6ce4fa2f1a17cb5c8696bbce34480ca4f7b2bfa2d446e028359fdeb265af0e3e1bf3232712cd06ae681d7c5e8107fd9b088931ec27893a0f2ec6b1b9a1e53e0da9a3e19a2bc840366acb9452099fe221f28a6a8913f2d866d3d0d4127ec3a96c71099e5ec63be473390c4aeb9cfec8a651e812807bf8b3dcf75fad8372382f86556924ab57dcfd59a02b9f3b2da272c1c738fa6f1fc3a78cdeaa91120cce66b9b3287037c1858645e418fa74a5ad75196e0d10d38052cd4ab8e5aba58805b4bd58daae20a801491d042180019cd41b70559fd9dbd1cb505c7f7feac497405697866753a8d3e2a92f854a988a50f3554ea0aab86e79d5516db5f729cfd4e2d1c7bc754d00d75de863dbc5c254748e805da04492ff230aaa89ecee80b5501128bc37646fee92c3714e26fda4a120f684dfc043bc26cba3347a3defceedf425e729ebc0f7199a348f29e500a0cf50bbc71375b0c7324f41db18f7e3091c9435f3238ca879e61684ec7c5e05ceb3835d4a3efa4d07ab918a4c0b10f01fc8207e15aeab15d21fdf032960fe5235447bd5c6eddda747e8d9e11c3d05612ca1491cc5d1314946e45e3aa1c6b1756dc906168684685133375a7d7cb69ab04eab56cbba728e70ae8d4deccf4139a7 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 709fa24119653806778374d1d9574c92fef4959886c61958a97ae96a2918f5d48572d98b70c2fa37818fd2372cd088e5f154c41bd361c1f60c9ca4d9ff280cb56e12ea88eded932497b91332ff0ac4766a6620553beed494ae401562c99d379990477c41792d2a561fcae0ca3a4b29cecff0524ea4b479baf730e70c6fbda007 +S = 0b7c22e20bb685bcd1d871bd2466cbf02994e50238895ac17cb51bc630b646f3ccf7d1c572478d762648e958e8fe1cc1d6a3b5eb6ce85bef9a01945cfe9755cf2d55875ed9cc0b1980e54d9d11a64a4855fccfaa3c3f4973bea94717b18bc4960734bce689a6581061a85e6a6e316540d209e6044c5bee56fbde7319716094ebf240133b1c2dab38565846f0603efc68ba43c36f439f49f8ad9110833156a72435948c3581c2d5bc1dd40441a5d63200252cc9e8af7bad81f5513313ac3c3665a03cf2d89c98b736d3ae566a175a979885d4d1bc87913eb1c755de17d2c80bf91baa108027af75e55ef8c5f13d26b4ff88ba3fc4b9aabfb36f90927678a2838e374eb764a3773d769ecfe9fbee806b30d3b1828fa1aa8a082563ce38279f26c09b898ee863e5eaa868d9a52a35612cbc5e87e5202d5f1fe6608e0d20ffa9641588a8e60cd0f06b8455f72378ec5e75015b4e3933c3a8d8c72e204db29e3327f8d3c30f8b9150760673b572c0a1af15b0344ffc3e5d405a208fb96b2f8f03c63806351ae34108dd8f9018a6220c67d962c76fb09579bea1c43121d467e05684f267d7633caa14cec7c81fce053aa121922c190f042bbcb08e37dffc6b7f7e022fe9c937882c27fd8b4e8002a53efd9e7c32cdbee30b373bd40d547c07696b3e854e4fa66b4fd7b9ef41b8f6ca5e6e7acea19e6e624d61e24494bd93ae7226d686 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 6b9b00a0420a1869f6fe4de18f707dfa850983b626efba9737dfbd56de7c71d8c0e6465d668fb9fbe54a1e4bbea59c6203797902bbbf971288a53f4c87e21e3678468d531f95169ae9953327d36658318812343cc965358f12ff4ae97ba7ec70dce25fea34c4352f4c0715de975aba505dfb3eca188899f71f1365958174e46e +S = 7b08a6191987f3def583b16c365017b9a9f4baa76826ef12593e448fd5d7cc49d441fe7ac0edee5dbd1685a7295a724bc0b1137e8860930f12bdda8527b60c3ab08546d887f77e74315d4a6be9d4531413914645d51c05008a7e145257af7e7a1e41d949f284be7a7f1ac71885275da46ad75b45d6f19785f0a7a4f18124eb8b2d3692ca9d7c3b2cd05fe1df60ebebeff90cdb7b18b20a704acf64407de123a553cbf21c2468a25595fe2e2f6c0516221efb0f5057d92d0e64e0d95c1e5500467fe7c1742561fd0ed03fdbe4795a9a7457c3eba1033e11af6ae64e59bb9c84412fe89551d52435bb0b717cfb8b029413ea796f6b69212649c97e5a7f2e2ac50eff7b1485a251154c6da8609765e3e3b5cc155f0316c0f8a3f6630177a881e3546ba1dfa404430a0910f71531b892c6964abe8cfddadf60a301427d9d43bd8bfffcc68ddbb1df8b718f07ef794d95f47650b0608c5e5beef2edd339021152c5cd33d6737ff3c5f5aff14ef447274a7cd727e4f9530e40470989e60e0849eb3eec1a124feac7b452dcb5ff002225bbacb420a60afeb10781e7784140aad0f76b01b00343835caff44983b0e681154478b951845cd26b852f279ea45f4f6887ba29976c48fc618a7eee9b7b110fc00f495f015264ac6e0e88ae0129748da755264ee4b1289882a1cbff971d6e87545cd670875c0ebf2464f1133ba5ef764d49cb98 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a0500041427b561ce228f7d5f0f8a9b1a35af930ab5a9cfa6efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = dbee53378324652b696ae9daee6d6ceb27bbd30533cb49efcc3e7cf51b64098ed102343d7352ddb5f54cb0408b249b61bc1485b8b85b3d27eb86b033d2ee60ad0e821191b7c6c52ef21ceb87c643d4fa2b1d661f64b514f38f800e367be3b411b9f651fcf68806df8863047746d0fefc9d5edf01e0e0b89be0b5fcc5bd4cef03 +S = 24d07b55df196ab4f27c5c1008b49b54d726af278fad7408c8006262756037498841b35db44ea4ef7514a1edb148da8ef08fef64ee14c3059e6983526acfa9e6e64af6e056e0e6a602c9656253829adf8bdd43950885e3a6a8f202d90a728e0377242fa09cd3de5108b8b06b44d968f10e3652cd8840daac895b08923b981ad4ae2bf4ecbd230afb18c1fbd645eb993b40ba4e0aecee894d76bb414e33c1ed752abc8c8d950b4a16868337b40dbcd9707b3c28b5d59dfbfbce57dbcb54238f86fc7ce2c6a5386388a73da4e65c5b2a48d620819760a6f64b34cea861fa0703bbcb80524c63ff64c673250e1cd922cc3fdce9849e9c57fdbf3312c2f5517abd501ee26bb06e7ee25e58b3051944e0e47e6074a9af1f6e6ab3879057eb82519521856dc94e70e4b8663d8e2af2064b75847cf02d814a77a64bd395cc1f3357ae466f4d9ffb5f0b808d770b854ea44295984a938337729d301f28bbc5e332e27dc023c96db9bef26664d4a3d10993fd6942372254ec5639ed69905eee6b6afb2bda04685d34e3d1e7e1b8fabf9fc1a0418623c014e27b9acf277097108cbccec1be5527e7baa2ab100d8ad16ad1046f84e728ad3daa98a681c7cbd520d1ef131dd5d588325b390ff12e7b565c04de481c03dbb16f24f96a9241437ad31aefeb336ff3a1669aecf15302b26528f90b0ccb1853881d89318edbf3929ec5bc45ad5cc8 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a050004149f14ee6f6cd3ed793d7fa5a7dceafe71ee86f6c6 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 1d9f5b7a9786d2d493b4277ed95816559e6521ea07fa308deb217baadbbda9595fbe39308397225b92f2b6ef22a2cc7c50d91ee24d9bf0651a72f3038f646804a22288d4e682240e522f89d9449fa677c546711b0f0a86fb4df611a7a132ef996b33100dc92f20135ad466e24839ec6f8515e03e542f3a780c159f3f1811853e +S = 287a3784de71ed88e4621273a477d5570a0db6dd00d528ae7378858a01e7412a6ed335f30e0b4672d61a6f248ddfcf40ac8d827f847355fb0751e4ba40ecfcb9373a0439200778ce27391480c21938515d174db382e27d57148fd235b7663b9d4bd4b1f8bf1134900bccc5a0dd53bbac5336363d8976e01804b9cd089700fbe7ac7bf61f511e8fc3d0cd28f6e6207ef9d5757b762ee96facb746d7c514526b5c6afc71879e359130bbbde3110b9fd1d35c2c4be5a0246a53b164b3c6b5ebc96f10657d2faa629bbff44cdab4fb9aef359251f3b7e33d96bc96caa65a4ce7ca31ce65be880560469712de61585c59c3513bbe87dca0076670b142fb8e6e65b18f21ed0d931a1712a4c6d62cdb6411626d70593e97716b22d10d3bfb6420f8471e6c75509f6495bc1505a8bf8172512cc20dc76875d3adec3a29dd7fe79e258344e8cd8094520d1e4e07e20092e5a4dfdecc30625e9547b23c6a27abc6dc058a2e51f769f6a232fbd09577da3a137401cd1c6e4c7ae959a52fdcf1f7aa4856db6e58fff070e20becbb735dcc3c7a2208ad7cef837891d20281e2045d47a37ab9e7eef5234de2d0e9e5c33b48bf8d9475f96fa368a87cd3bb82b0ef167f5533ed365e73b8e64657dc9c616794d4508042bf5b727d60cfdbc4999e8429d02ef91156cc74942fc08e85a9e08630887dfa4d820bc90c96eaea99af4b6c90beca889fe2 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = a96a3d33f00d283002fe250940244a11048a4bbd3c6d3d5858939ff767de9ab07c2088075731b4a9413f605d38660d374c80f60e493fde3196790b565dc293d3ec40d6115cbb4c3d70f48140bf385df21634a98a180bcf5a27a6e1b9884cdd40c172303946d4785455c48e9c1fc2c4aa284e6b18f0fa9939d3c329072ea1025d +S = 553b659961b3c76e6ae1f2cc56928e90488c5a6c8c8f6be7885824cd69730b356a57a42f7da21ee061bbdf8354a6ffb3b4c96948a7547c77e6786afd77bd6507aa159919d0eb56384610a18a971c396f994cb6f2b426fcb0b96a12836ae99f6f1e91de39a90c6df4e88af34dd59ece75f1d841466eb72634ae73fb66b952e4a7f071f09777033faf0bfae8fe80d7b45c3e46b063c06adaa71ea66e8bace380d35fc8dc3d61cc4687655b89f2a74a41f29f8ea4b77a806a0239bff08c596392e5a78472af3cbba23bcf8145ab3cabc66d04bab15a8330cbd6f626673fd16c8a30a6c4eb110690e2d5bcddb327619887a12475e0d598866123b2604e3d14750e5593276e3830f11cbaa30f7ee61479ee05788f1f7616053b98599bb5246261de3e90df969d0f84dc41066305ca493e5c814cd199590e6ee20317ad9acea9ec22b57185d334c17855485edcc3d2d7e939800c12d02b4bf818c72bc03d9d06c228aebbe9dc7d018349fc9ed8ad34249e05a99cecf3dfff0e2061af2e6357518758b1ce23db5bb2d69fe5fbe64b3e08b193c30c647233a60372e64cb550f90a923321cec4ec692b3d2caadab37b6fb3826d591449ae2ca3a6a754df669f3a5beda1b191a8a2107c649d69234d83ceab0a1c0f65bbb9d7f518a0106c655b86b3a280dfc8c75548612b01bad47e7b1c232a0af34e7de7291eb9e747292e78b61fa0c174 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = cb9fd0e59bc6d0c1b1ca328db6bd9205ca50ab8526e81dc000f46eb5af7d4edf10fe1fac2877b4310bbd591cfc1414ead5ff2b5aaa57e621a99b96df4487d65293e811c9f3ae45dcf443065b721bc584018d52798fe1a0f144aac92dad56512e1a03af254494092b330440325ffb2c3b169f29ca1dadd2979ac80c87311147da +S = 7a0a3a76ee0fd8be7ab380c909d18702fb0ee2730c61bdb7fe5623fe62137145bd555dd1945ace3c46888afa725359bfa21028dbcec113d14948a95a3ef8fde2a454d56627de249a7548306ca4c042037ec8ded524926237d69bd4099383e0fe68cbfa1d13542955aeca3fb27e1c21dbec1f6b763c0e5df2efb9e3b0a5a5ee439c91832361f27237f7570e0fbe93ccaba416a2495daa38a7adc15c5f39ceaeeb9240ef19e6e58a07567fa3d8fe5cc375ba28d15395a8afe98b71162609a06ae34035f6e92e7e58c6e814aa9714880fc8403bef091396ea465bdede70706e514431ece1a30b6b0e640456a3c353a790b5e9fcd1a75177aaa092af6cb07221df11b9dfd9f9e7be02b2433841cb7e3db33a5e4010b0c411e7c823af510c80c5930279b7f655c52d7abe24050561c5ea2f290a8e59d17ed8f7873446ac329095814b47d2710648090aa52b4e969298968e313f7f7e49599bb01fe361e1d16ff10d25eab366ea47aed18c98fb87c1ff915bf040db4a46458e12173823e541a47f7fa92377db3070cca6ffb9b78e36fb90fd662f47605b8872b8556c886b84a774dce72f92f8f673f55f8bf24153c9f18753ebae13d999ddb8caa25fc75ec58f29adff866dd5ea68aaee641d9e34c3783187c3383f57a88ef1b72e90ff9f512a6061ba922954f63cbc0726b2935adee477a14e6b38e7115be26b314e456c65d56b3a07 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 0bdae31979864502cc9e0cc38b9d97ccb0aa40a0076de142d72197e9c4eac5fbf4695c39718e5a37ceae91100ed6aa57c15e695170c133613baccdc3c154667d400dd893fd192b7be7bd5ad0779a5a4bda3b59ee52eb4482dac98b44091e28dc38edde8ee7ccbeb45df3f06c8f93b08e436997e175921c8efaa15ad463ef14fe +S = 34a41f46718ae045c386405e56268514a7baa1fe63c6a4e1c963b1a43010720caee088df14f3ae4681a5a63f89966ba2ec3243fdb80514a977004680770bc8e7069acc7aab3130532064a74f14e86356708f32829ca06e0749af4c6fd8210e2137bfacd11087630828afc4a15d01f8bc1c1a59eee3b6815e4168017dd572136af46860d0ec0d8b24d342d8502c09528fe02ca39c78daa7eb6c6ab0d9f063d92338f68aa7b165b05d044e7f9cb9ba1f059058c15b088a3087d6797658523b3f3950ff37c7fe135886b0b309b5e3d259993e1373e7c86626497c573264d928ec0c3d653cbee9403f12de12c7790c54e0bed9cbbe70aa78094972bd921cd0dfed81ea6e91df914e83e75dbc714eb89e7dcf3dd4d71450424898133a9bc67bd4e103422cbea4adac473efb16c6b10ebe089ee60034e0c599f66f836574f7207180cd6de83e3708128d867439a90748676fee209dec01acd90d5003fcf7dd1e919bbb3ace60cad0964081a8eaed261c5eddc7384297731cf9cf892730b938e8aeeedd60b06617fe7639c2f3493bf96cff12df30b19ae86c8edb0867f5476b6c381301ba9cd3ccd39b12ba11222068878550cda07e217185eea14f75bc44512490d1aefa18ed11729867e4e16eab49770747cdca5d4c39b451d50ac9432c42bf3122da7472fd58d95ce0937d33818449ece98b64ab39d1d0e0ed5e6ac11f5b119dec8f +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c0b8e0726c9d9bb66179c5fbffb9b336ce88a54e819789583af5fface +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 0f46bac55d9e2d3bcf07f70ffccc050fc35fd35232a87629a69de0533413607048d368b88cf193ed0c59e68e97ab574e68498bc506aee4646801bbae5de9eaa52ba48e8376530bab649850dfff635cb3db090042f897e71fe965d58f36ee2cf500deb48de36d9b5d21ecbb69fc9d1c2763c8ba32d10b884273f2b45c89c82d46 +S = 5ac96146da56064477b2994f953f31906fb9f546553551c4c76b4811074194dd0a4622e3a53e6c9d13404dae87e4f13b7142bea20336ee033295f2ed94405d7ec0351d880c78d753ca18dcb6b39735c588e656aceae827c273068097b39d1567f921a4f2305f7543fe2efeb0ec47a0dba7849ba4e919c388cf05de325c2399cf84f1a167a0895a783e167732020826d5735e8b0b7cba4ee338ff586cde712eaf638e7163ba45ef94818f73e7b7160243ac366dce1730b9ac0937532607f9d5f24f9fdb1e227150d0df91a8ebd951e7aacb371c0ed053c204b22735ed7688d587cba4a23f7857d05fdf97cce9f363389832c35ad291757c0ff8ff1e5a5075aa97856cff7838d3ecda3450a7c9d27f0617ec80c94a2e2a09028fca6e613f902399ef4f783e768f8f62e097a2dc52dbe096bab99cc4d01ca7020d72d0566cd6b8b0df6c1a1123247097b8ecd978925a540e05c2acd9d65d3e64a6b05702824380c1a24bd67d66f2b623f962e89087f08c5695b3f9655fdf24856a9f6561f4191ac338d67e90bc0c747ef7cd5a115d47aaa9d048ebc84c098383260fee49bdb446d1a153e51b0041a5e34bf71ef2d9b579067138a492e6ac8a693da58d5ff37743de28411d56090ee31f9e08cfb8566c7067635a30ed65cc24d40e1084d6c4164740d0770a88a287897b34fc4490a7f565827d8139577c0052f4760ef17c5f5978a3 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041ce07ae5bb44ac73b9490d62cb7f02d236e95b023c7aba070143c6243cefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = ec287cdb5ee54e8441dcc0662f98420233406c61c6bd9255fd1f9701003d069bbe9c5e71df93ae2afaac624f094c5d0a1a97482d478e2975e77a3711068eed5e13c85df5d918c7e7b1c46a47f50b9ae9b709136ab3da8d7083029033120c8a3d53721f6e33bdc042cced7f57db1b2129745d7520f4eae5ce387f4b710c0106c0 +S = 30a67f084b071c9e0d5c5f3f797cd89441932da1e5cf9b7788855d03f6f2a52d6519ae67ea7616d76f2a73016dec5663f6e337c9c26ab3a4e0bb6d3f8ea18d0ebb1693ca5419b9cd19fe747f486f8bdc40164da9d7024d7fc675b7f87b702615ba523b59a747550a26bdb8a80a57dd14698a17b6ed4c4f04fbcb3ad98a2190f02f508b681a517663a3c0a4516f92f87cd9077b674e716099e36dc50ad24f98bb74a6afd0f85318a67abdab02fa2853d206acf49f941706cdb0e632244f2be99ca1aa9cf36f2383c1092371031a99b7342714fffffbbac48ebe8fc7a1f31c40834090d7dd9d905047ec08aa0c73d1b2a3cdf6c10d3930db3f8675a97ec1cb175142725bdce1d73dc97f656ac1441c967475e46b7a94ed38d067def9a54bfaeca15a49780f5caf2e42ad3b5df0787c1c06844b28b68dfb0d675e235a4114920e327e870e2346572c3b04aa29ec476933470a0e56fdf3ec0f5e1baa35265637cad3b24de388eb4b68403b4b6652ac1c258cc56bc4cd9d3d804632da9eb23445154fbf26d2eefa30ec2916a54b052ce58baddf426680477aabbee34fc6d98e57af4342b2942c77dd8695103487203a77d4f8e4ee066bf003f45cdcabe7b57b46b34084bf22eb5c905ac76df823a0e9343fbe4a868a6e0adb58bb5725b8da3c03933d95b4012498557bb78d096b810be5f403b9063243bbec780de51ce927d7294ff4 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = c9228bd9823d98cc91944bd362aba13e16f6cfc78d9fea74c383e8be607ec7f28ae80cd8fe5f6f935fc7d5c8cd907e02ba378055f910744218426fdbf01334277a66a7c8e58185dbe51453204d77945be0343ffa64c570f7f99f5e00a96f8dd640a345f35e2c426fca82ad2409e94b1130f4f5fcf647485b0da09d75b3193bc5 +S = 7ddff91ff1168c9bf0843a1da3c141e1856e312c0d83c4052b9c134d3b0fa82a53e4e1923b051be39fb6245d6acda63026161feed4e2d56d83677ebb347b1849d479b3da628b02a3a411f86c443e7807f6b5239950bf2b060da1c6905dc75ec2e4236b8cdd77419361abd4720267ce447c104f437afab32af9e1b4c0104989ebefbaa7ec0c18a065a0c38a79ccd9e40eac3554d78f3dafdce7acf06e19e7e2792cd7c70bf1f0eb15e32c7d6c41331ad8c8a1bd70d4bf74e64548175d913999aa673c995bbe8ae3e68c362e3427c116290a9680d6d7b4be07de3cdeac0a0723699be8ad032f794610510ec4f61eaf355e56e15d053007b1d228a91b1f576597c1c78636c2202ff55c070eb3242b48eada77b90777001067fe61907ebccce40bb6b6361add71717c3a429267147b341bfa8bf0400512c538948a9171f2d0aa278aef5b950b5b7722b372ed5c2ba1e18562f0fd7b7da7566f61f5adf1f8ed1023605f360872cd963286bb5685cfda4968f412922df0b9b7cd0ffd8dbd16a2382b6893b4d075bd0965f4f7e4e2c09b0bd00217fa6bcf9e0ac71309e071c4ca0077bcca9c60ee5226ef058ff8b7a076d68cf161b13dc90d51f65babe1f4727396f070af6b3dce92586e0d31028e6adcfcbc32c71551c7d688cf9c32fbb26d03c5fabd455fc716d9a9cb82a740a6a46627d80c75035b0bf02dac08ed6f45539f035885 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 91e945fbaa97924f3e6d9ad222bb01e935b7b41df0c2207a3eeca2348eb93e9127269302bce70e9341f35f86fd42293bdfd5fe5415f88a16dbc40e1191e7110311a852fa3f2500b9e2df2d5db2798140b1bd2b1ebfe01d76690779330309468cf67768295adacf87c83bee9d69e96fc0537625c41603426491bdcae30ba847f4 +S = 34dd79f3254da1471173aff6aaf54ec5a8633b468af99d925ec258438f3bade74fd1f23c631f94e6db57b3fec9b05ffb18013cc090bcb1f871e011241b352549e9dc72349681c10bdeb1ef00f99d4a70c48488d812bb621d0e3b926876b91da56541176dcea55152d31915f9e633620886f6264c70c2875019afd51eea4ac8cafc17842e2e035233d4679cb22d329a671b061a2da194d00dfe6a3d6ea3c3b10369e0558b68456b241e7c368e2492bd0d5cbbdab42a8526acc04cf2ed43944708e99980b31bdac37e754850c0370da4ac8b71b5147ddc91dcb7509df44b3fad89c2cb4e147255b064ffa9ff758a55c045f27bdb4b12107e1820530431a28baa16da02925ffc8e84cbc7ecf70c2dab46e246ac51888a198d85dbbdf4be40e674e562533667240e043a6e8a7d1a026af2ecf6a1cd24934f6469e28b14bea0f46cd333b1043d837b5b21022c9f7dd7713f8576152431746b54c9cb9a7ed3bb5c7d027281cbdf9377187fd584b8761f5f6972ef357cf8c54c9009d9e650aeb4c9d718919706d48ac76c404875e95d60b5cfc06588e1bef0ae95c31d13a27edb86dfb643d9d2f08373d7af39783804123202f796b1a01da28932a103a817c368f9e8bc8764cb949e351e0cfeac9087eca02e097662020927940b84dce30f22eb053c02f6345f6de59c2428a0c462020650db4e93c515304bd6fdfbf882d29034fe218c +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d060960864801650304020105000420a20a34a9c3d9d0e915b9f010007a3c625bf71d96211c68cee82075ad2dfd21e7efefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = c63bd2db43b2e094aeeb020514d2439f6d8d04d0c40b403398e0140481507ed617a965880fd7d975a7329deb459ae2df5ac656de8dd95d4716369eb86796c2c6125878f1e718bdd65c825aa73368aed95613ad1c06d7299034ea51362f7777a580ed16fe129d13219784432126652ef6291c1272762e2b77bca43266211a24da +S = 18fe9f7495370f1b1a8318e33ef759e72fd463d358de45d4aa412b1c149607681d12d7da6b7640ff21b53745387e6a5c9effca633c0c6d1e7c150ac6b622981167fad90fdef6b0bc71bf87cf7aaff12afeb60c823d95b32e29f84fe500248207d792d27965f915cd9527a666985223b4b2e7d72b1819cea49c825c304eec56632188b0907b54e2fd9d805a53e58acd08b291532d9500c64ff406d54c0f43e16c5a6f40499d20383e6537bda582b5081d0db95bead3b436c7d12d5c9ac695d4b660c79feafaee8b79f4fd9147cb5a14f5c8700c868d24bf0bd086397deee79284b3a79e9b68560ed6e863da75da37d324edf13243556f66982745b2ae931e3f2348fd8c3f206b183cd8768183c92ce6a0daccaface91f3ad6dda20d5c604b5c474918fb124c494f76d68ca7192ef25bca03648eae43008f9c3482bdb7b086ea92d41ba3a243bba037f7f08dfc6912218dca0fb97a11acd0ec3432d1fa4fd73f4d810843606374c780b8fef34ec13fa6e26ca05124d8029cf7ee6f9cc90ddc1196e29c4a6ec9feaca4c2050053a212838ab901bb9df01e31b6519a9d4f019ae5bebe1bcafc92f79ec70bb1e1f1db62cd964b8a15171edc72081daf239b0f9306921444032295b4c7428873e142fd20ed2f2e598fa346f2a76579045c727de99294e2245db6d62061d1a2cae226f0aade7da4bc32fc6e750483cc20fb2f017178be +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = d34ec8c4045b0433954c81096a09dc82a0c6c799157bac1d2a949407c7ea480ba0f3b56db735951622014ce70f5d104d05424d166d084883501e029e62fe5fcd406087a8f6ae8d08c4b94f6022aa9d51013b9d7854276d8bcfde0ba4ee7e72dc3aff061cc8ad323002dc501da9d7c9b51b197d68d2c0655d2e3e76c27452c960 +S = 4082a6bb4453970119c7f4cd61253f441fba30c004ddda4ef25f6b9f30edfd3d2db0f207e8b7c34f2d9ee23d692c850a29e70906a98fabdfebb5fac91722dbab0f19ea0b3952041cc448fa9e3eb8b54965e068a2a0df68b44f2839b9d10ed07f9d92039772bf6fe6a6d4db2531a03d7eebc15a125b87ec9899cf7b14911dcc4f0880b2196e165c1e45edc0de4abf859f30d87e3bfc3cbd69ed066aeef26869ec70012f0c1d1e13ba1bed0a6260d0c412c8e4aa6fd0f8b716ce33fc5bbf3562e98c307b1b8e617b26aa3f55e3dc063f7ffe4d03844b0da97411f3996fd94416648724148bffc5900f1f9b908f2c6ff5ad20c90d3f5ebd76e3aadab7b9e9e55ef50ecf4d923249a83cc59167e65bf6593aeeccd750ef0c3f1029dae3fe1ee23678ea70406a4e4f9f1165a48c16659d367e2f1748e104ed1f898db701336c680400818cebb47529fcd1f9da787a025c316a2baf2c1d32eba2eab393830eee7a2465d0e43c19362e64266883be22d85a0efa83f3f837d206bfc96993d16199712f6947b39cf0875b3744d96705ea19c8a173aeba23c6a049aa668a66f2c6559cba601c4a8737fe512509e90eb5751abe5c45f22e9fe31dc936b7e80544daa4e26cb9d088a623ad6a7e70902196a0973b8bae0866513360a05265ba92e96fd8e7a09e35a239a0d2499713ca0e7b5dabb06d162fac90a75e9b6483b3513787b66b9f85 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d0609608648016503040201050004206befb2ccaf4b531cf9ffc53f938035025cfdb7eeae29da84ebec94e716c003f8 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 8f937d50d24a1a6ed858d2e3de56e5c23b917d5a936c87b84effc06d48041391caf42207ba6d23030ed7edca864752b99ba3b089b308c3d19668bdcc2578995d4ac9ac502b347de3a37cd685f22f1bddb3cddb0e0f2ca53a311b1d45f9464edbf55a42b48d69d0167d8fb69c89d6e8376b57277211a2d4fa0560075d2d37dc12 +S = 2df1e58e7491739bb027c6315a70eebbcf37b8e5958df07578a589a47cbaf1edb23ff2e676f2f273a1cc0babd22e0bff874529cfd6479ae5c7250f06579eb212dd3f4058c476abae8e94c89afe05746c3aea93155cf03195ce5f4eced399d2b61aab7f4060b69844cbff6303d264c4755be78af001d125af461fececad8f46a9c4b07420ca63c4212f80a751fcca6a4737684543fcf07b39089baa9995394766f69239479e7c9778c644e022dd4ec7e07a769aa75db2571e58a5e0ba1e4377e9677092bc9dee9d9dbb448441da8f4385b4d4f8ccff4b3dc3c3c3ac8ba11a6ce8caafa930108ba3603c5b0ef65a02a7afebebf605aa88511513a69b3086fdfc25c588c4d61a06219d0d5643410d3ae4d78b2f695efe4e0b82161c53bb9d4b8a83692bb16de8da18b4a6c2abbd0f6b0e24229077fd6c3bca918bc9d9f4518598238df0c925f8587fff0852c44e8107ccbc1ce6a9be3b0941c3b28bb03c87eeb959d719dba9a64a338c7b9931cdf6bb169686de1f8de0e1fa74d03419d164f2c8bd2030562705d1470415e48144181dfd31cdd4219b5d22f9a4c659923cf5c4edbde18e8277dae11264c11423c5481402e80af223f0c4faea0c2c7aefacbf513962c2f16af353ffae1414b408f726eeb946d7c4c8577e72d8f1d49ae2301cf70abee46d286a6fac1b888c334538abb3b830fae595bbb19ea9dce46a343da031117c +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = ef737d90f65532a2693ef41fe916a2b970c411409d3801c54caf50ff6a326eee086011bdad6e2aedf16c17b047ca1a931b1a0a601d174843dce7f52b969d62734e02c8c220953a30d2d0d7aaabad449788695abb2c881b5cd819eba41b3bfd47ece00b66f6d14ab233f39dd4bcc8080de03868197392625a68ce9a32a31525b1 +S = 6d2d3c16eed39f5b46ffc45a8476c0778bda78d2dfd246ebcfbc74f88c5ab742cab942de2da36e1ec2cf65a43b4ff04927021211b35d6b6b2136ef1d69671aa8b95f6b55be4751a54b8df1bd87518e4a736bff9ef849cf7bc212734b77a7fcfd3ba99327884685a146294ba0a45233b03e97a27af2f615952261cbfdb1b5bac0f5fadbb8decbc4b16ac96606242a9489f20fa74f726d3c45e0e0c515382288a8ac19ccd3eec7ac94d30019dcbfbf77f9dd592531eb1ef4eacf9c38ccc0414317a3d7eecbac02a130b8bfda18f4e0fa6a5bcab44d35e020afdfda351afa1f9feab93579861d2ac39e6c8499b8b5777a6be5ac77b3ecdb12fe8189b0bfc00a4a3e4e6041e2d52a5112e8af45e5d0a45f0b88ef66ca29076738ed07129be4493916bd885e128359e860ad8f0c0d8fb649710cc76a0d3ea701a2ba1d7e77ff9b037c51f93e9b9e162f71da900c07b42ce0f02fa633e8e987cd063b8659f25d190f3d35105f70edb65201dd67d9565cf4e718f4db2f57569c8c88f20ec11aae3ba3bc1bc78c29b2364acf2f964fd2165fe82d8721f1b16b668804468f0697643d1bd0efc5d45f8c27b7804b4931e210a1eb789c8422d7795a9b156fd9762a56fa27b7d5adb2357797ba50dea7ffd217025876ade111d504799ef8fec084e061ca0b884899701a9265969a9a027c5337cb0e1e86d3d5d1b8a0a80eda33c8936b436c83 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 5e59add32c339dd10f33de88b32b8cfc1dd8fe7684693e27633bbc0dcce7431bff7e2b943b13d1b8d47a44a286504171093b62a6e57392cd8882c4609648e5e880410e65580bfff0e422c99ff1efcaa9e901decaa89ad4e98c6d1ff9cba6ce1d0a2bbf0f2b210fc266b3d4469b0e0fede6b0dcac75e3ecc3968435a01409e801 +S = 5d7f2def0ab2f104974b66e6a7ed79a4cbe4d9c6ab4bed75f442703fdaecf0e76eef5fa5c13163b4fa661137c877e4416a3fbb4a15a2dd534267ab860ae73bb97abb5e48bd5ac60108baf4aa28eaa5b3aed8f84adf06063e575b39c932a565ac9689a6ea93359f5e5c384bd41af7627df06169ad4728e9b17f5cc7855b5e2a88d4417142bce9b45ffd82e785c6cc8774e3c78fa637ac69c90a2198909fb1b611ba28ec978b1813bfcedc2a4ab6f8a2f457a146be5a6ef6ef90a91caa3553f96a743ef0f3c2a057ffee3ea2b4a3a2c7e9b26ee2e531f8b17216080096527df06b83bc11ecb977053e5d81f6c3e30e0fc5d4353bcb7bd97906ae7eb4bb1670fe28a8bd674c836e395953d3c3e64503818e3c563284c7d21545e7038d3dffa0182b5e6a7ca50e07d7dbd3614c4b2006a4f1a14b77c3dabf98459cd33ec5b325118f9e65b851a155b3f73267950c92078c70fc5dff3e9f07a9c5ef42fc210b5d2b24a9dec7db05c12e492decaf4b448c9545ee492dc0c2a4a5bff2ed32a8a0ca0a41b7f7455e622763319054e1212c0297bb604452f82393a3a96f54b1a141da0edeef052d2f0382375e501d67b1a83d0b02bdd9c99fd68063b908da1738e88b2da99979abbf73e60a4a295d24fda59db64486bfd7eb5b8dab06dd22202d58422bd450f1f698d7ba51f71ef556c5bad3d1461481677e501dde5b613fb2ccf85fb40f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 655d108236ed81085d937f81dd9056d691a1dd531f2507f32a81b5dec9c4ce30388792fcce182b912fd785fbc3df60cd67e9a41e626ef4d29a0c851b082b313e69e0c79b3612a6e8d7db8abd1430a555ccc5f293e92bc643933ba8a3a4b862215c30586757231995bb6834cdb6cb4df528fb6fb89ca4a4ce7dd8c37e87b38a61 +S = 3363dc1b2f8be1f660baf2b61348786a7305f4bc3e7f030318a743893e41feb40636f768a286c0e82f0638eece2d7f53f8b5c8c5052e6a942e9a99fef85e8d5f2d83e6768515ca14c8e8dce14717af8fd5a2ef209c9b8bd314e5297eb48aabdb7875d1c33efbe9d18ef9021ec41cb54926bd3542243db8c576d8bcfc61b5dc6bc8f37b91e3d631bfed66d97e9a39aa815a8c138932d4b6087b5413c888e97caa07b54541f22cda57a9d06b92047276bd21bc5ed946650ce7f9b07cc2e150bf14233e8571a8f09259dc1620e6f55609b2f2a257dfe250649de5e7dc42fd7503809d0ca8344cc92571a91ca99abe1d22bb6f56e84ab0ccbbca0d8267fadf08017fe98ec57088234e81546386ea48725e0edffff0738ccc99aeff1f3977be58761373749175e7adb270ca322f15f866a668b3473f5587ca80fb61200acb3c09bbc087419a5d4a3408131571d06f09607f8d0b07a285b79d041842e5cbb682e11db41b0c36784c4c4895d007f076d3e3ed2a13d9f0601cd4e95ed492dd57505f76f119eb3fe56c899c20aa745335fa2df73552e95ae596b1ceb67e3a533b2df1ea1ed661fe5b46e1e31b753211eb44fe683e26fa1faee65adede0c86c788a067cd1c885ccbfc0066fa94070a310cdcd19003b6b7fc836c79f19e7e402a549850719c3cc3fb4cea67de4332680c3b891e0aa42693bf113fb7210e6b0d470d30335a69 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = ab8fbba0e6a56a02b0b42f139cd656416b9bb654da952b09bf1a46fd544542cdd33e3a7c43bb9a1591c7d491e2c354fa28aab5d1f39935ae8b8e66263b6f27f1ef4fd34c02eeb89d517ecb5694ad991beedf8127c2bb21ecc9ea0ef9611bc821284beddaca43ace317627d2a599c0fece4c3821eee05d70ca1b7a5406f510da5 +S = 87615e72a27b387de06e4e8bc3f2e70d24d061abb00a8a006456ff0b8bee03924307420517eccb0eee44c1f8a7458e13c0694c1bf7855d5ab1202807339bc82cb5cb3974b83d4000751fdced787295387acb814c2ffb4f636704de4595bf281d544f72d676bf59768389d92bbb08ad9662481129af3ea0ff2a0faadad65c93ab0029ee0ddff3ecd02e0bae13c4597de92cbddd6fcd9ba4d83688db7c278ca55e5c15b061993a1a53984efffc0ed72f55f79f3d11581ade9b651a6ddb5ad4863e3b9798d2bdd7c346174b114778f49ebde94c53c406ecc6812fec601995236ee09a8df5d0663ec4cb49fc47599b2b884cde458d6cba31abac1d3900fba8d9a053f02ceec3dc9f372b285634a3b21d4c7182c891523fc75bb8e49494d5f5eb4dd001c40fc549f9f586e60fd2f9b3b3dff4c8d33978193599de8471d2db11a4586f2be00c2f03d818ccee82f183f784c88a5d04e14ec99ef808e3e68333fefdaa414be5d7e817de3472ab212c40de7f172b3e62d203d7da871573f4f1fcd0f01f49258413e726cd91a79f465dc0ab69962436dcf52162c09fdbc151853327fe69a51ea91a339138742d555b40be06df4ddd594cc51baeac5738c96d0218363461bae49da0418fc3330adfd9ec008e89e2342a9084800893b2eb86e40e27da0500a171e234098079b91e08780d5d4e3308e5158bf7b4de557662311c533c9daf553a +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 450171e919ecc10bbf1d05f41eee02eab8eede088a31263433eb1652593d14b7494f7de1dd9fa465a39918283b6726d2010a9f80edaadcbab72afea43e007a782a44d633d006ad8f57e5f93219dd92254c61f187e2aa3a83ad4e7a7fc7142c9631070349bac9e371232a307880f94cc9e11b5b8532d94a78607e0f4bbe2232fb +S = 0471456bd38ff2a5adeb19b73c35de60f07d7907479f9e6d5735dca75ebd3ef499194917287ae0c3334a5b97f2be41598917a5d880b3d021c61a7acfe9083441661f56fb984ec6717986c558a10d108fac9e00bbd5adbd817a7684edd424e612c8a7f60ff1c8056067f0eee1c6ce3a4ceb6c27c735f0fdc93cfb521b529e1002659e6fe9cddcc79c218a84ee59b7355a43b47b5c4ece8535e0874cca866e3981dec3d1996d4dd05afab27bb5dae9d6ac9dc39e957329eb273254c4e7784a29db26696bd0ff872eede9fff869c35487643755d9cd5bae01c7858b123e4f9688b1d2607f349d52c828dd6d76ff41514565564d39038814841a0441c232411c8afcb15073739f5d5c537138b9bbda60bfd2cfea2847678ffbab73eb02fcaba9e4cabd7768bc0c3a6009dd78f02a8d791f5e1e30d7358b5a642cf0a1a838b954b76a15386109926595b2862de80ddfea98e6218efb925cf5d6434b93045cad5bfd1af36e63a98c14b8f5c6974f04e5e52243bf7cffdc8cb9c0a35fc3250943d07037b319cafef02a2fd21c39aaa3da9f171f1e9c9613ff97d3a6770e7639ecbfa7e47804d8833e8212064d091e02801869bcb2bbbfc2be5d21b2da790ddd7973b6f5b9d6c763cfa503c6243851461490dfab31cccc6621fd91fc1ae28b4b1d393cb1e41d397852acd98fa35b93b6b4dd92e2d5fac7665d8c0b3f7d03ad3048b6854b +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 105048a958c92670205618120e4f1f5f40af63b03d2dc8272ba8c13743c8696683e3d051a21d92f149d4af1e803b9651674483ae26c40b4226d2f689826f4c33b86db227a589f7c9b0dbeb784570705b8535d35e3b165c771268232e0684265c19b5993347557d7ebb32742a4337d4060248fac7656de14f5833f32fb94f1e6a +S = 82bd70e07ba8994dae47a4f8d639168e5e9aa2cf70cc3c011482d170efcaa8aae5d2c8e46d63a583c20d9b7ee21e39b86429aa4550c9f2df8a955a43e2ebd3ff99e1ff3625285de3d506a95e183c664374eaccf0ecfe6d1fdbdbd33f61696064815a21e43600fe7bd45830208970bd63eaff3d2d796740fe1917196bcdffa4107f6b143a7283dff052c1b732fbb545d2772fc725cb0f1f69689b57ea25a8e54c6d68bd10026b911134f034c9f9499f001c71e67a1668dcf11e3974c6ca2658a4dae79a103b1bc3e01195b8ca7da0a09923eabb8f7d035598383404fd7145946931cf2f577c3d2356aff6e2b37f4b084c00943de3c90b9f944f42af472a7eab05cb33d144ad0b36c2d3343f67af4c78bd1fa86b5dd66c9edbba788278dc063c2a6754c114ecbf5e12ce76ea97b9b83431f215f2670a5f23e27b1614330671d3f4b5701ac57bb8fc8a4eb33d2203d3a4faaa1513471d94446a6bf170a78389738567da8206f8e2a6d906a428253e7a2bd95b26ede968d6781b5247bdaa067988f671f9049da2fd3e81a9a0e419cf077d54d524fa561a395af3d443ef4e56f217fa5e981dd693999caa88da4a58bb7cf5bd0136ba939f507fca7ba93fb95c8e33837576230a28f2e66ae1c566f480b16f7f3c770128ffac3b2fa8dc33f1455f8178b1c4dde3d2df25c49d9d2458fcbc1c1c5c33dccda3987f50455f898609622063 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d0609608648016503040202050004303bcaa2105477a151f58e5854c43aea16ba8a3f7aec859c767b4c972f6516065230af636d2de691db4bf4eca0591d5df8 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = c74267ab7b27fc613890220c1b77f9205b8a8b4a7c8aa4f8c5f1e41bf5d7122b3216b36c42addb71fd6244de02ac9d72aacf24443a49774c5d6da726d14e8f1360de644112578d4ca1dab4042d561d7131ac3614b6117070c6b34ec9249fbb2c3ae2a1af53eeb7fa0a409b0602402025d869e94356a9376bea0bff8d5693407e +S = 5daace94b6042b542d3ad0dbfd6987222d598febc1e612c89c008c8ae828767cb3248235febf65a100367753aa8c75445b08aca203a83d471b090c4b40eccf1a375e15e6db3cb49eab5db7bd30dd0ad2750ec9eeb09f1ca646f2cd7941cc53c1a5bd982032dad6c022f4958785fa37caed46c67fdb8fd0b8571494a255a0d8e093b79811b013e8bdd0636345c59fb31d1daef1ff7c8d777721cca8b5997cea173c2044ca0b0c552136ef57d5dbdc9383f034daaa20a61d6db7ba504d0ca67d9d3cc8df5c52603a870010d7024d7fc67ff2b719551ce5b1dcb3228c7c17b0772e3160ff940789935c563b72ad97302fbd276a7d17c8d6ac70866d945be4a19b3ed1256339c005a03c1bb0be9549d25a94daa4459ae2f6d3b2b4ebfddc545f76c3fd761016d3a4a79301c6d94d4f84ee9da965f1c9ef2239c6a7cdd28f4badb57580177b395fee7c684b70c43d92b5f5718e3353dda2ca34e10f0a1595474b3f0cfd90ffcd10c3ce987ed72da95aff0d967b582f9c7ba4067b77f728986bfa3fec94cca5104d361c185caaaa1daf8ae9a54553190d54e16c86604172cd53ff7b37060152d1fbc61e54817580aaa6a99ac1e577161c718c6810a735abf2cad04c51c901b26540e0546fe218be87b12929f2aacd48d9768c51d690820876b1a73bf3d8c86fbf3d37a0f2f8aa9f39dc8b86e3990001cb3ce8fe75d41ad863fa54acfb +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d06096086480165030402020500043041bc09c6fe8e745e4fbb2fa6312743e27bb5e82870600e0f80b1147e6ea9f392710548d938b910d106960f7d1989f8d0efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = c0af5d4f3251d02d37abc8770b5884391a66e7a1700087bc714a0280ca8d910fa794df3a27561b440cd54be9b845e49f5571981c535b701817221a54f12984db4f76aa883158acc8dd4d23a1d422b5f4045ce7ff3fd73325ecad5bf2fd59fc5a211d66413aa1ab4111dcf6a748371ebe91f07b511ebdf96b59b36a61d4652112 +S = 326963d3bb01390b62b4dc1326248ba0c0bc44b240e7b01fd5b05bb138777b31cec22ac0b0d53279ddeb14d86ef2acec7b0c3ba1c8e587513279ecfd6b912717d316ec7bb6aecd56004f9a110e3dafaf3f3f9997549e8b65751d1c4574dcf16a0df08ab705289a9b53930f2bf90c0a6a8f461c69d659929cc2b8514f6c08e07c0c542ec8bb2ab42512f48d8c866f4db4a309af0114e6b9ba1c382f48580a9befad7dbc1d9611de97fede893243fadd94dd78e99f43199d76ea3707d6c8a2e1339b534238bf1bcdf5c2b7144b616872c7a08d4d6399228d508d01c81e7dc345527ef087ccd983f94fccc1f5f8db9a34eee662484881f38eca79426ad87f4ad7ec35dc46c835ae5b38b8bdad63515d710eea32b8024558dc1929e704225debd4e9a770706c78057678199e4d006d185556f27bdfcf5330bbe9cde8271316f460efa53840dfaa30cc1f230395c4f12d7e0a0ae57d71297dcce3834a27b4f29a2c8381eeec3ef4e71a2b54ff1ee09147385f5e41fedb3c3df398cb53e1d19c97fc0f5f85f2fdd0b42cf2065fb68b7a2850e065016e9c3b88e4a0d17370cc63f771de00536c57739625372ec08d8241672ce3aac63dc843d17a227a7f6c68b85eb39e4074bd7ed49682242b213ceedada0db1f2ad978620c43aa88325284588a5244f82083c4420572e30486bd40902b71319c9b246ae9bd7d994f9396ff2bbe844ef +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 42c5ea617a25f019329ee172e4932485518dabd01983249189597473b4a6616cc5ba8ee693e0ad1d76e0f0c85ac8c0fb11ecb24cee2cb7358f7593b9fa8b904aec0573eb6d99af92a899d9d0fabe5cb349256eec9797422dd60d7fd5fe73f2cf5ead7fb72fd85e3f6fd284d2edfc5e77a03ec5f73c4c2f420728220fe9e9efc3 +S = 6836dff1bea541916b9ccce2695e921ff27a737ac54f4a5c3b2facee80a8dd3bbfe86c93a1af8da5c6b3a92c445dfac7e215fa9f3d67c9589dba858a223f326afeb8f5d0f92f28ac4e3671c22b5b4e0b4266f776aca928bb0309929f2c452b62d462675cef09388e5720cf0cb99351d44059790720db82ce014d7e795826833284bd4205c64e1330e30e09ff6220f62c013c117ace4f4286cd46e52694c4925aba12a5278e47de910dcdd820396febe5179bbc6ccecdac1883bd408530bde92e93c49db2c6fbb42e9705f29703763b21a8172489d2831889bb060505040940e60f7c5cb9f58327c3d3f7cf7e18ad60e877edb65222a699d4acdcb358fbc87e1e461468cfdc82a8cd7fb1f82e05378737f4aa741a63ddf6039b23e1aa19d94e7087915899685add8a8da8f64a93707be0b6354c8e9a8aefc7484bb45cd0beca493a4a0aef0b6aaae801866b905683c582bf39f9cc0768d880c6e4b331da86506b298c180cf95fa45e532483c55544371468088b4e378f37976c397e09f89081f0f0b6f4ba3be6929957f55f14a88f6beb456b70e6fbc6227e98c1e8a4a6f734c9080c13ed58bcfb3456cbbc217653835000f54956d839d4073571d8a42fa2294df1a747e88af53a16df1834203009cccd6d61304739872ab92be79a4462125ebc8bba909ca2b4d91b9e520d6c681c2f92070f156e31a6875122993e1d94fc3568 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 3ad62d183432746cfbdac6d9c87148bf13df52e906f67c573156fc407f8d2f576983754e69164298b20172741e02dd27683c2c889bdaebc2caf5df5602b7995f7dc14b1a18cbdba5078a3607c8d7e771550de8c49eb3b752365bade94dc98c0ede585786299a661b643fb99cae388d26441c2da2f7ca0b8fde500f02480b2fea +S = 817ef0cbd8bbe2c93d49bbc09c5d5fdb0c36ad983f0e1f45b41026d3efabad67c69aeb07a0bcffd57c4c6ce95857ab1dd6e786f83d2bc7460366cf051019168bfc56edee99aca9b3862a77c8a9c22787b35004624a7baf963b6e1be2530b0ee43fe44bf21f52e23b2ea0dd7a9cbd77c960d9269bc9efe867f10bab0d27eee85fe95fa90ada2171e9c0acd17ccc6132983276d0c6f1260b8e20ab84ab4eaabb5db220ae7becb26f05e32df93d2a759a9d2d94fa6cfb2a54ef20ea8f486cf587eb2977fdf17e4b65bfd66497aab225254d53cba4b18c9b4c8e30e6f5010eae0d19d53b17c9ba8ba0afb5109dc45f7e39e604f57d1bdfe3a2354346f462036599815578c497a9829be3fd73b4d7fca27385cbe44faabefbc25fd599c3e817a606dc53544e6e10cf3182fdb806441d470f16168237685e2a384391c3b15663cfe9a00f938fb7f9362752e4377217c06c7419a2426bfbf76b503be486a2b90146e9c75718b208c8fc492f47d17e4e8f3ec9b1dd5a067cf1e4ced4617243217518653ee3f30ab3a2c3f95ad15e6939f88e169c643ed2056d594fba35c8e8fcda9f7a5fbf17ffc42ccefac0aeb95cada9b48fc4a9456626ec017b8dd995cab7720cdb7c093ffbd3b2c149cacd7a2328b6ec825376d19ff693a8c8beddb9cf2c67cc22bec90f1d4e0a310d7d7f81582b56fd2127fd7a9c1d3b8d1050ebbbf06be49da1f1 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d0609608648016503040203050004404f6c763ce96f5274b8ea00e1e795e0afcc8a1d1fec8879a033437d0c153b2ef5ed766002b39b50a10f9cc919f57cd0679b82940ad47bc8b5961061fe1575eaac +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 96c824575d1e537b1f8d27dda15040ab262f9416f0f61260032786362becbd41404fe9f8a9ad46b81f68fe16b3dd4b741396dbd209c078e744dfe8705bc012c90faf63bad1eb70938457dd7b83727d05e689ba04012c38a12edeb5aacd10342d88515a46dcbf1835d4c18ab318f81f872772fb54e12199b5488cb58b87c56996 +S = 336a1580b52f2b15e7fe7eefe6d4503fe0985bfcca17e5379d17d210be01e44394adce8d1c482db58ff71b6ba418b069fe15153ffac74b3f7190df14791f8532adf655721a5d113df77d164226b941cabc035853b795db3dbfe64a0a89fa8728071cec0bc1264cd9c7d43b429cbf868cd7e2ce9f5f71c6b1c9705ff2d99f99fffc6bd964e4aa85ae127e074a95e396551418acc46fd22d61711cc4dfd51428130b0036c54120723bccc8268d9f1739488e4874c7fd77a207a28b97f463fa0667adfddb34adeb6f11bbc1ea2e057120ccbae92c3504d14fa4d87768e435b1479237b61178e48232c6884c94f0f287cbd135ddb9629678d7097f8c966d1b74f288a8d307764cc34e3690be4e790c57627ff1e6ee2572afaef68dccaf441575dd5112341f91c0f20efc8a75047672c190403e8d5aeb1005e2040502d7cce97cc8977315aaef7fcc9c5b0029246839134dc72f72dc2e80e1d3d5e48881dd71f6b2accf21635252d82adedcf86f58dbfda3ea1c0624fcfbef191a89a43d5fbd62cf6142cb26c4cdf9cfc0d8c993b3e80d551ec56b29734ba77dcdb03cc20912ad85efc48d314c42b15120ecfcc03d85a43f2ae733fd2decde46e535aa84415bcc7de4203869ff945176b9e7047c5953bf241e3b537a93e62b412cd81591d658e7f55c4bce859bfc56683abea7e6e1f87f807ae05c52ab504f0341d301ad06429fd964 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = d44ccfb041a426cbcea27f0d5e2a77b21074beb5c175bfe5d39a833b2cbcd26b81519cb9d4df980e3bb72b4be4df8bdd56502492f9613baad984d132a730ca8d011e4e54f2b87060bdcf0d24d68cf74032a95354c0e0401238a4ba981310bdfcda1dad28a417f5e8db52ef413e1904052ce714a41fda1745776405157944f4df +S = 5272ca5de6f01c255f59460bf1789ad5fef5cd25345d701c045c3623933f6d44389c5cb6eb3746b0aa75ad49cd5900223ff998d5752ca0c164dffa90cd4a3857de3f4c66e9d3c19bdebc842babc4b0fa60bdf53b76efd35de73230e283a590f4f4a9b7658ab1e1e0e5631534710ae18c7b866e79be08cbf3c30bbe6c0daec86237c439a7f63e57640263a75ed980f5180dea5874e2af8348bb15b833055936abdd01f8e5d913499382496691b6c60b5b2aae76b8c51794dbf9d9e852e62c410e9981b5663c59a0e5ba5c1545643de0fc9397150518d7e6122334246e277570ae2bdc4e84e916096000a44ec2e68943589d62b24f45594f35a2b7197ec665d45c3d9d403e7510f536a0e214cc6e3391c0494c5d52508e777b851157ff091995f4e0d2131f9e40fa4e81091e46cc40c0459a4f2d5c198222f0c7b39a5e2fe86a6f964a966d1e66ea550627d4b21c90cf3beeb8c4901a2ca47ed8b3581f37852f582382922ddf0fe0e322ef9409ae860b251699220efbd41f09968d2787d4b7a79ec4828b9ba1702b5da7751546ef626f2c7507ca4201e1845f39af9d813a45eff6ec0c234ff31eb9c8c2f78a0d70952ddf010ed03279390e13d6ea464171831ef86855816f9eb25c44e94ea5a40a6f134a55197415c7b621c7ae5cb29ed27e9bab16c1b6e7747e1462e64b99f5b8d07aed6c92ebdda2802269cfa3827d3e65c8ee +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440b6f769c5eb51469bed21e0e25d8eb3b9f5909a58eaee7435ba9dfcc3bddd272f82d00c6c7992f5caacb7814315f1f58aece9fda52a15a6a80a179c02bc194614efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 25e0b881e32da938611b4156525ce24216c168837fa84479ecb72207e9984adb6eb7393bb3d607b1469d9b7c3f4fdbbefaa4b0218850919a7d66a954b315129c39eb99f7dc08df5c4c8c90968f3ce37b66ee184ef3d485f83d308521aa2649d28c319eafa2aec87031a1ff5d7e933ca56a2410593425fb865981b7976fca021b9d7c3198312fcfea5d0093a62b4a7c49a985c005c3a7ad816e270b25c507fc36be1c4cc0a07cb7c6fa130240062793b18047189aa5e79b16fe80a6955191f5910b701bc1aee6dcd5cefd57194bf54d8e208ae41202744190d5ec8bcc2f977f11461a5cb4306fc9b73afff2863a7b580d454bb1fb8dccb1cbef27945109a8f5a3d2b1a32566aa4e8c01a62a1d735117ff5a6a3cc7e70756e7df10e97ee75c5f8ef89fb0a97d7a35698069f59a9f365d4396ab9a764c2fbefb840faf5f57737801b73ac6f9f524167b4f3a567aff999a0db10d55d82155720a5ddc63c35b6a632a3da59c16bd0c143c437661dcd339652ae42f54f8b2d8e52672613772abfe8cf0d6ebbbccc764b51b3eda2ae28d4ba8747a430ccc32c73baea63d050b86210c485ac9554606070764cd06b423efdda4059fc45ffd7193f7123d14014d5bbe5b542476e7bfdc4905731a0d9987fe4a68cf6077c3df63778af08a1f4eb8f00a4a8e03aa8726f43fa829d87c2d0a32e16b47a3f0472a6368ec50a144234c802e6919 +Msg = 1fa4b8433fa5d5d2228abd92b49e6147f7ed6c79a557102517e406b26557d026cf06429a5be840ecc0f0c9b38399357860c3ba23ebbd35b377a3273237eafee8a33997d01d7a0048d532820cea0ddf65d2bed89efb05f2b8b2117a5f4509c71c64e6bfcbcd839d5029f7f1863022e7781486cdd41d58d09c90d7061fd6ddb228 +S = a65d94748b11294edf430b91e649a7fcbce5d47ab1084c0dac64033e582360f7cc18c1b7e71f8cfa3c0677505fba6769af39bbadeddf6b3ea1031b103f3fd72f3c4d56ff6a75fc2e16c4eeee8a1d4be05e001fe210d07c1df1e62d17b9d9def6d981df183c97b4bfba226cf88dab793eef75fc99b028100ed522e98de4dd5c26fd954a928619ad6024ae454f11f1b56c0c7f04442bbdf4ca282bc76f7f054d5195a5ca398d06e8f149b0044d310b74eac7a14c2dd9999ea248f9a332b62ef97867a4e4e312305860a8797c5f9bb66ca4fe13c054e55948b1e54dfbad12015854fd4ee347bb19bc2b59930056a712f090fccd9b31c96b3426ddbb16c4cfe130b0f8327fd61e1df46e093f6232cddc3f9b43d8b5a7b8edab6937d869353cc3fbf8d050879b8fd8793912f06a603a1936476247ea140212530397e3ca5a593899198e9d3ca1eff1ba302a0713183c7e2d60a5492fcd8b1df4e787dee2d305153ea690d81b194205a54425c1e1df4364a20082868f09b5d11b5e5ebb77e41b5eb91d4ac73a75d29f7bfba2e056dc8d19a483c4256f68a3f4e80e2f8a801cc1401286dbe15636c653a80dcbc73f249fcbaf4b446e21e9cabca231615d44578e2f8466f22e9b2b03d21e2f4e19623d15361336763a28dd989bd5a912fba53bc4d5ea1c790ba81f5fa21ac1a0fb43fe5a550108a27041c7e854e7aef824a29ce7ffeb62 +SaltVal = 00 +Result = F (3 - Signature changed ) + +n = b10935650754c1a27e54f9ee525c77045d1a056baedc8c1ba05a3d66322c8e2e41689ca02b8e6ec55d3331cd714e161b35c774311540c6410cc3b130e65cec325377ccf18a5d77054afaa737e65b68662327627f5d1092df98c08b60a3ba67599b1406986f441528d2f1f5d6fe5ec6b8aa797dbdb3162876b08298237af81c7004863576af572ddd66c487cf32a82d0f9fe260f8f2681613208aec55723622f50d3cb3bd33b1226d5b5b9ea2c97a2c59054e31536849ec2f0f2597c077e621ddea0a22ddfb1df925c9f1941cd431afce0398d28e736cfeab3dd7f062a65a2a4c1ddca1f32afa03b4ddfd8b7ca40cc0ce2ed42229d753f03cc6d8bcdca76ab7c2703c5ddad08aa9bf9a27740a8b23168c6b55917bd3d5c1c057c34d1efb1411da51ab745519bd92b9432fea8fadcb9a70e5dc3adcd3081d3333507b7b998886e988296628dd7265e64eab557712556cc492377f15a078dcb620a6e7f051a1fb8754efdca3de253dd0aad4205b032659e4a4fb307f074fbde340702b5911acb34737d7834600cf2ac77f62f83ccc9ba78ff911021b9f8ad1bf421430ae0d64916944b504542c0f6263c48e5e233ef1869df1efc2ccf6f4a95e4db2de7b4cb1a992bef6573511bab4bf2cd58e72a0c235f56dfc182df4dfffb69433a5677415f35d84f5125f5200eb57868cce6b74c5833417990e318372c9239a36dca1a0b28809 + +p = bd4e8bb7fd7ef1e39d71de06b0001bdadcc81b0edf2226e0d056b7eea70b2249000279cc1c04b1ac2919014fc3fb8b62baca3e261601fb0a58a9f67f03cd60085b2d43906d36ad014f321012a9bde9617478a0c10201afd53f2207de3648afd1d737afadf7fd2c0b9824d4f66b2c7dfe93390888ac088c680c27b1b2486659ccfa8986c8c23f78f18b5815a410328e629e7440221bffd8ec4722bba3420da5234f898f8cd7e6d7dcb1349bc4a0b665b41d930e3957cfdc88797aee5b2b27dafb5ba0949e3dd892f490212dfd249f4b1d99fd3b72695ee0652997127f0b9b417fa8365ba9fd103b978309d9baa9d401902cc107cb8d2af7ce04660900e3707ab3 + +q = ef67f69838735c055145d21fccb42298642177fe3fadc39070a95e4fc04ff058aeaf9070b4eb2de1cca72d8533bc55206d2ce9f2895b148da67c89e5b6496ba682f76bcaef69306a7fa4fbd41a838bdf0fab3e7b56c27a8c18dc4bf970364dff7427cdcc6f532b49712282370a718b7d5287bfc02c4abc35ccb2eab3777f5e0d8a27ff9ebe13e725aa0a0cd48aee1fa33ea6b4ea965ba42fcce7af3c528a6675cedf4969640f2ca73345dfd322620df9dcf16520195df8232061e2bc89c12de24838f255e7b1c17713ba435d5a351e263350198b3fb881b8ce0acb5aa58b7afaff184489d167c9af21e40e2ba9fa69b44a3854329385c97df0de24dc283a4053 + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = d65a050fc06c9f176a6be7a7bcb0a9f074112ea5c7fb03b04bc2fb25143477741d74e5e2ea06873a6c2676bf255ee6668d57ab42b3f0fd40278d781418b16673bad04183ea5e7490152c620056f4a989de33a8a199363f360f78d5a0882ba0d4731520da089ded812d26b351969b7bc1314b2caac1f851fcc82a1cb0abc9abfd +S = 77e7756da33c3918b94a1faae80f2081606e9646ccf2be6aa16f2b4fbfdb8ba57fdcf61e892cf9b77d60df62c07e56fa34177df466710c7f3b4c5084647bc9c9a52d66d080b3a1d6fac9d439cb6f207a72f70337ca9c357e16278f6f846f7028345dc0ea8139359ad62a103c43a922293afd300436d76daa5a92f940df6f21f1c442ee3d4aa8488defebf29127e11413cddf4471fc5324ac14ffc97403505867105ccaee26c742082472f6dee0d985f05777d6faacb166f34da96057be40530df9b1076b645272d154614fad693d4d5270670a20b71103c0e740114f3585c2ae02a4865e0277a76eb173bc2ad65db5e0a9aabc5d47f903643a1cff148703991ddc4e05ba766712a93d3243bcd714d067c8fb54eea3c3b5e69cef976c8794471b5afbcf7e327f14258410394d388ce095e5a623a406d33238d2c37a29eb1d099a2730185da1b2e295a55f74b555a6d6beec7fa7b9b76d916e9f487547d06356ed9e3ba818e31825e97b465174a7fb8404b7da84020f555247c2f03a407ce5afe07d3d9df9c94147697d0591ed2ff6776ee778cd74c07e071bd8b2260cab2e0eabb4c97af8d5ebdbac9323b0a73a9d93d27a635d8d5af1651de596afd4c9012f9f8840d05e80a2afe47399cefebb70450fc4b501fd69f67867123e95a6ba653f69cfe3cb5a38e3ffd92d2a37fda91c06e59eef42c836b50050f8b9fa808a4a114b +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 7228696b438ee71ee4be5fe548af7423508c3de7e370f6cd416ff61f94d5e140c9b21f4b9d968df7fb9972be859eb43e71d94cdf968ff7b6c61d2ea95f3c59d41d83402c322ec262991dc90ba7207dfde371b8fc1782ba96a7f91f4b22f90ef117a4b2572adeee2966534c13d5bb37294e5d6b878fd1a9348c0baf4d0695675f +S = 34d3fb114d6871eeb6a9cc9960d655df44d2a5c8f1d8bbf1b3b03896f5ba8178c2e92f8c420d537bf9f8e23866c11d0e02e67431a1506b35f97a85ef220635a28eaa76659fc8fe07d0d4f06fc43c2c4ff96f8e27965078c67abcab78faa4299d345ed81a442698ca99d1c0e4f0baed8095dce5d30add437c1f06f79c215cab5ff88eb280de1b75c3f19f8a9c8810143be9e127b04fc0316d65e7cb4af7786886663062d88ffcd0e64c5e359874db6bb63f91e92c14a4f3893d6beb209d4e009d646d14d01dd3a84f445ad2f54877e0b529356d561665e7be8332c33dbce60d0b2075cd88af0bdc6a0d8edc2efdfdacdc5bdb4bd3537f28ee523c1a355cbf94c04329fef5c75726c047caa8119ccc4e9d60f203b0fa48400e07e9270758b99b0fafa65c0cbaf40cd3408716e257c539cb6aee3e171830e70db3a5110ef5a2561f87bf9b56ca69a61f7abb1b0be64d2627d7d78055f4ecec34c9f9768cf2c21f5ce656d069799476ba6c2b223a17dfaa6e958b046658e545ec4a28e2b6565bc320296ea2a8360b6f980d8e81567a7c40a32c82e2576ebe9e2ca68c46239e2638737075c3a0c0dc68795331700cdf2ed1c81b44b69afbbc7776e08ba794be48f16dbbd8d21505d8749deaa470aca86c27314675553afe88a96b80a67e4257c95a57bb3e9262977588717b54814250cce8bcf8e260ec58c6866903bb3f635148bfa9 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414e3a0e0ee761eba5ffabbc08ba0f2fd689e143a3a +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 92e658a7f7bef5990043c260671864572e070d373345af8304f76923f4f4464e6fcd26ae8a0bfcbfdeb73a7997208a2ec8d8bfb502000bc824c572ab742b7e0eef0a3535de554856aaa28d43f1e7af48d9822557a57d6062860f4909b366ea75bba36b841a2741260b0da2079ef73c6e0a0e26654444171ad1ddd685d82df14b +S = 4496155562e965348a09e9a67ab0009c2b74275a209729eba350db82e066527d9294cea63a56ba53718250b86c64d29b327cae24be1d1b6e3eb996e539e213af4739a5fb52970e89d6ffb0e4f7074603ae6bc2afe88379fe8685fed5c2e30183199702b2028ce39192b35ce3a7111573b148ccc6b7bb15c6aacc4a72819b860f3704a0660241a5339ce3ac7eabb8eba25370d690a0c478b3be35f3613e6be74fd9904d32bc51762d9c921276159e4bb5930aee4ac654b51c5c77b84af7f71c4b88714b1c1bf23ba28d3ddf32906a1497bcd86fe2d8a6f369d145439119028c82d0cc2eab42a4775193d7c3db38c1b86c4a4c697d726e924120852dd747da3bbc77a906f367cc5f9303b6a4cd076bfd4237975ec9cef8ed1d637f25ac0ee20d1bfd918db031102913f8258de26d3319268d97983d29899b8a394db559a95f0fa46ec4fdd77ca0d901aebf952c321bf38c2e6e7943af071a7492b5220e4ee1a376c9c254cd958a743d47b458a93d993b3f011d81afcb5421ffd4305bf6385084ab3fd2159aaa76510a0bc20abf5bcb36beabf9e1dce3472961998e6aad1a68935283e62d49334fd1a3e56cac2681a9a172686022e1ccb5a215333da9dff877ee2b38484e4824f28eaab90d2f10973cb67f0b0ff7b32733464d1553f18306eda6cb50155a4047e0e39dff11524f97819f73bc3482df0e7d65bcbcbd4dd23f845dd0 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = d51a8b58c08bd2f5d5cdcb0dc596e5a2999e86d6ffa6fc09e5b9b64246b2b4d044fe3c3178a3cf3286815b58f4d8b27f3c0b3bc11fa4e7993d976748e3cb9d7824d650202b0923a7cfacc84c688a71c5e1b187260f739f0541b0aadc19586bae9a2b2fee81c3b89cd9d57ab1cab40abdb216d3cf771b0b951b8be5c4905f08ba +S = 068f422fa9bb79c8f18de3cc684be48ed59521ad0ea3a36326f0e4f96db1f2380b4e6a8d67f15a13b68ab0aee7a7b4d0166d94ccc1ac522de51052ee303c56ffad6d72912443ac8433c4e10229d9b9b605977bcf9ef69e33006c50e6077f6f0ac5d56cb9ef36c3de96653748a9d720841c9e4993fdde385ef8d5197b8da2c9c9b029e58d5d28c8a4d017556f31d45ec3dafd5f92a99c5342f31207b7ca9574ed043279f0cf6b5ecb4927425e149609009b5fd0295faa4a189d093f9635de49c8caf34200ccaace04c42c2f57136618932556a20ed057d60dfd87c8343d3a1a3b8d7b760453877ec67a535676c97ea65fc5623b9b7eeb5419840a27d872b199686381093aef3e968af7c4faee2e88fe7904212e6733c6571102cddb6d222e51aa19eaa59afb7799b0590fa6114c0d0ad5a4b09b104c3b0d1f31c8e90d8abf26516b72c7d0b1533bc66ce4d0e25d08454fa766522a4278080a42eb51d064101c1d845361d4ba69809d1340ab354f907986f759ca18d62861370fc4a5fe147aa6504387f1a5285629e3fc92b53abaf66d9bc135818748f59902752359f074f831a87fe7fee433a8b564e61b07500bc0610f8f17a172f92117edaa9b9e6f5858326590328cc9f12ef630f14b1459f3e6db8f665cc9be64285ad681f5728bf1b1507a72769f1db7ac1231d123b6cbe57f647adf4956b5237e7f754ff910278de89a7c +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = ce5ccd9b81d0103e99c4bdd8216b4cd75f4063174ea2eda94fc16cd31bbe9057fc0e08f83d20983bde3f6c6b8db9acdfd24150808a92368596557181d445e5a04e91112db2812b58035d72378d8bc00a1ef75ec373b81dc6f1f0a2ed96f302cf2eac8f42ca3df11e6ee678440a28b0dfab2a36eaf35bcbf3c759a71e47120f6c +S = adb58e2ca61b110bcc5697d845e3f035fa8ee93203f12475ae3a81ca0a9820d799724b3323aeee7d3d6e978f324c84738d6b56c37dbd15b71bdac3a4102576886978db6d78a0c0291886e3eea01f1e95565789d3998a2613557202cb598d560c1e158e3c30d89a4add63fbebd361a17f332c5c69857b648813cd90c2ba48b720601e9b0533c6baa740223dbd8682fe0ddce8a6d9bac06931ce4d0516ca1cfd9cb06cad6fdfc1faededca19480c247a39c5e4815e79dfcabe5f4fbb0ed9ba17b4f7e25f1c55ed71c31a5e559c60158bd66ba199bba3e091e20393377b3a4561b9f07aaed7c0dd77d41984cf47bf34359b3a513618c4595be045750d47788b22cdf102d7d10726605706b772d2e773215f52b9c073855018022848ad75d7483aea8a34af5a900025f71f0b46c587a550dcbfa011902bdc870d6cea895640e4c775c954e11a3423fc9e0d6ea4421408816ca066586a37210c7ac8aedf032413bdadb41c0e6ff5c57d4a77f71067274d43ad9960b895734aae6a1176ded2883303e24100398a4cca23dae13d018391a8756adaaba709354b799f22f27d4a5517967acbf694e066056c49da87df46829c1e4062c535c17b72989d7eb045903665576e6144478e8938b0b2fb4a916f9f2f65990b683c49adeb6e6d6ab7a7c29c530217626d1429025b7cf627f72c4c588ae86ac1a1aec4120bd4108943675e53bb837e +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffff003021300906052b0e03021a05000414970d2e4e51ca9f81fe2e46fe8ee73b728122b0eaefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = d8807c9c2e144010d462ddeb70445182165168be1a5f33c22346b6cd81e7e162c16dc2a77ed3f80c7aa76b2ced0d3af81c06f5122ef20d773b548861a7d6f96cae8db0f73f7d2ecd0e60dc05e5a3fc263ab2df8f07755816d61a72f01b165ed1c766af531a1bca9cb915973b000f7d5499dc8efd4eeffee71b21da4188aff6d9 +S = 9e7c462e899885020d173f427cd4e15994749339dce4f39a1916635010d984b6d627da831d4264ae8f929eb66b8b14938ae12ea74e4a51877facfd402d0b6945a299ac6b63ac800dee3c2d5e64c4feea4ded7b3523f4fbd950e8647c32fe9b2eab6c64d74fc90d8318d52e482e811f74c1990b80d07622a35d7ee430c5beca1997f942117e48146413a3d07cb42ab16657176edfea16f5ac4cef9870689ac51edda514099ed6665b289e0ad9071b35c9ebcf06b0517260e47a516ff852f278fdd7b3f54db18bc5491a44dc87dcdb92a3e9282f7de19db80424703af856a361a9c9f685c3b16efb5474cbe23c8f04e3d5c5fdd0ae9dc5d73f9f04e267bb4aff348c55e2139fe554dabdf99e90b0ad20a01c1e02af92fee0d8a22136f8953bf999500a6d1a5478c9c6ecfe123b068085928354efadd5a9e41e66a15d73dd5966eead4d39491ee2d74bb6ee5608089ece479e53d599f9c19392ca064761688317d0d178a627b7a9059093107f727f754fd538e223cc6f01ad991c4c35164394f4a60da9de6b1b2dcedd892eafe4e3b04b99ea2f6459a2dda8eb7ac7020bb12656207470362c0a10ea79cf3d5512353aa87cefadd601f25ae15068049d2dc158c04a3a8e00ee4b8af3a430890b572c414b28abf2aa14c5403a1fd918baacc4f6b4f80446dec87ef2c808697f0fdb8f142876d8b7d8d90536e3119bba38fb4e1672ec +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = aefe857b2bd74d6bbc3d1376cac4aa6df362be9d5d77c5f54a0c336bed58ed9b7d8901b187c1948a885e1c16bb7ecf0130c25a921e53d7d37a23f9f2c8768ae732a01857d710ebb8658d3ab7eac09ed6e7f3c65aa7186d64ce0d895e351ec598f5cc3233c2cc393f7b53d520fe91ff36417b69bd9fce6ef16f514976db5a86f8 +S = 30de099e81b7207862eaee842f7bbca8db96c4348cfc148da9ab9bd6479ca79f09d9cfbeab93c20f58351d18f7b88cba4c1ddafb46ae5331b75d216cbf6fac92cca17f2cf7142cd42007be50a24a1c53ddd69890673ebcf6d476854fd0a5f76e7c53b40890855ac801ff2088e0d427ad02d8e43d499a06670ab6e8b43f661c16295f7c6b04ac5494ccf27bc49b5c65233af02d6c15cbcccf40aca45929fc413c566bd07616748b9e5cc8562879c2782c1345973f7777f56ad0dc290458b6f3b5a88f160a8eaf8ad0fc394b283c1acdf9bcf2eccf88164f1b868d07a05b7239e4858c2f3d076a299a1ce032ee4967f7da07198d3ca26912e9ad2db79ea8f49f21544e82f6e231651805e934524899ef854255998c1cc59de1ae49e482ac801e3c678626b3b79bb6be296af03c863f89c73a87bed864636eed84c0a5ff05cdec57a3ec76071137fdb3cdde2c4f03c3bbcffeef28f298dd13fe669396e8fcc3a478f4f3793693e8183d96425ebb92f41ae373aeed30182f8a6bbe6b3440ab2a22ad0199bc59fd631e221223abd2358ee6b8e879b2aac64fb41257fc5983ac3e2de5386819042832a8bf53313c0d77767d53a148bddc46638acfd626b908b056c71292c0f9d1b1ced4f2d2ae70e70de9b3dfe6b150314225f21c03b8b53baac3432a72767c09f360393feb18854ea884e8326b94c225d871cbb003bb94d91a74b358 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 4793168aa3ac854a7e0bd652b8a57666d96ddc389aca257da748fc46a38ebd8e6c90da0fa1057d5b621c6f27576a38eaf42788a7fb9bd50642d346aab698d0bfa0a29fd22708b7e616fbdbc4e0b4ad92e2ab18a7e70aeb9ef161c6a9379b3a286a312c7b3c9d7a142312e2d05a6a1f872a6054e267ffae6c3d5a45ec2d7e44f3 +S = 9d2457bf29a45871f04f476eb7a43238d3ddfc7c61fc2ad160335cd1c42ae0da5eeb2ee10f2528ba1e645d27b306f9e833b86ab62b1c4785d9249be1ea9e83e80a5b3a774f2af61d6b536d7670833bca21406cf5dbdcbd2a9e17b2679dd33b026351943e841a7ba4fa3f18e2e278a9db180757021fad06befdbe75f6c77a36518a2c3b88b6329849fbb1007c7ddb7e278b64e319f93b4713717282e5845a168b7825b47f23223793a7a93adf68d5b83c6ed2b6cfd850a8c81589032047fdac6fe091e0369a07919329845612a797dc7f9adfab30255e672d8fa8639a597e556b215e83115fe2268f1c9870b1ba0caee15a26c45acac368baff4018eea4414eddd86678e30d2a46ed879ed6795641af64cdae0f94686c134e1f05dd4f59936e1450a26f2927de6c44247bdfceba2b14cbafcded775da0fb0b81baeeb35e52fbd44d7a4668fb4c832ac0a9c622dce6889a1df6d15ab6c956dc4249127eb7f1b45379e56ca7caaf89617491f5ff38daaa5f0d58bf8eb0138919e3e9bbfce08861b92df0124647bc175bb000d8d0661c71d27294dbdf1112d1461081a931c036d5b2e204e94bb3a31502d055cd74869fe7ef5ef78657a194b9b4900f8882c25668d5e1abf37b038a716a2735bbfbed06b2b55b514f24dbae2e570b9b6164707fd4307b7730a48d3395f372be552402c7c1afb94516294c7823e4e295cff2f2e866ed +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00302d300d06096086480165030402040500041cd79527d7b3e43885192c0577d81561869ffcca8d1a7ebf268ef448d2efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 8a64b6cc5b6a7947d76c4f7392be0e56cab7831b4a04710a8e42d7b828cd727b63d2832125acd2e21a6df3920ebac81c9bdd472b05157d2a6230d36ffe5c91b3fd3ba0c6423594809012eafbefc88dff52919fbe764177c20dd7e6231c52bffda2c696217aaec70b8284bb15fd8f66ea36fd143c673166bad85e973c4b550441 +S = 9d579f90d7339f303ac17951057363d529d1b448daa7d7025d93b111aeaa5a1087a7063515b01f30d245a6d27dc2074a51f33273405f6db2ffc466d96b822b1224f07aa8075b9abf044ad120eeb39b2e48d5f4c9f7aa1657ccc639873eae8b9218f3e800eb560d5a04e2797fb8ff3f7c320f7122eaf227febf6ae3a8e2042074b7d22222be95ede069af032315fc264ea1a85af5de920f1ee1ee3696850b581f2eb4c342d5df7aff1ad5b8164f9ec08f77e60c0afc256de6ef1a18e1e113a60e7b5ba8a0c665c0cbedb4a56a146a1662c8ec88d5796e9352c36f73a5f5845659a0711c818b0b4f7a20abc52a31474f8a51678aea7a13cd3d361ebdc758fbf90af9764bd757c7505b834105f0ba803f444f4e17310fbd76d4ae2205ab134a6134819ab329e1a58a7382624ddc2bb3f54ef41b6549cfd1158a3c363e4c0a5b3474dc75baeb43baf99df031210be3a9ec4c4e910768715b4763b4f3ccf60af91984e17495f4064cdeb4d7b280c8c5565a6c774960bf2c71a917b955f258eaca5b0bb9f48de529b258828c138d606b4531b7f621b9b9c1753db014e8202e94e8ad10c18925ae170ec08d0a38fd493f022a618bbadffabe015ee21414d893cdf20226330b94970d2d9ce45bf63a664febba1cbc3d6fc20ef8f2283265d1fad429bc4c0c010022113fc81bafe06afbd7b6af26f369fe526936d233f5616dc5ddc7eaa1 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 9186fc389b58e4aa051fc5a96912c940f4c0159780a5062300fcba1a1fd5d32a2467776a19a79b912c1a826655e780773930040e4fa2d661414b9c0995aca3b58c10dc204a1c254038a6cac1a7cb4cb1b63b617d75d83b1c4a800d8a9426cc788f28334278dc0921f16ca6a2a6e5b456318a33cb3b6ebfbce4421685656bd5d9 +S = 2e7a8b6a247395fc2c4aa4f0fbb4073fc25923bd456da34955a1fbdc66049fa20d093818d0f65611dee0ce14d15cabf313096d629866bc3b12ac8805b9c0487c92cd5500bb5f1258c8769bcb0bb0ac0024d611f317896c472cb9fbe100a40ee6910331e77120bdb6d31603774a49ec63fa0d5a66bcc1d21caacc647e4942efaf53f28bf4c8685b536615ce951ef1f9b790fb1e5e423aa581b54d3ea30b8cebd8bd939f17d0bcf551bf36d3d0080d808291cd60240aa8a6ce963c5688da23fbb992d45a4075feb1263310cea1148ff2ef382b2fc2f96eef811b338be205a0791adb7c07895dec70d75ea4f6a3d94b7a9b072be6b5d72f964e74decce749f3d7ec84e929a1db42e7451e50d50a79631a44ae1dc38eb4e541640b421ac93d33917680888288e063011d80fbce554bec874b0a4d4670210a9fb9f73858e1c0ac7c98d01b1065f2e8dfae52ece1a4d3fdd46d48b1dd0d77bff7fbdf899672c9306cffb4c070f83551002dc564307730448b34258e7ab7a0db18250950752636e34484b7e9063479b2266e639a4a6d3bcb3c9471f1e466c5339e10007751e7392b8591194ab85e00760debf22dcaf83774d1ebf59af46859c264bba1387b6cee391b131b9f633bded7f1dddf7a370742f40a3ed1ef7f5a312e5e26077109ea298c8932d4abd003bc407cab7612db67a94840a381ea7cd084e4d1825eca83ab84ea7043 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 9c8697689a09da7917bd79af7bc026c32837849ff5f03a1ede464513fa45928cad0fcc581e7e73c6eb0b2eb01cef62b8568803d251fdaa038c25e86840a5db799259fe8f0cf645a44eed6a5a0192813f0d7dd3500c30e9bcfefbe7ea3e1d1cbcb52cd6164db77b9aa829d5b613f0aee1b5df9d210cd11fd19b90e9a1dcf57dde +S = 5cccfe2cb4098226ce3988f1fdde318bd67a4488d48c8dd57b678d4808f0627010ccda741f0420ff14324c67489fe4b55356b5fa14219a6484331cb32df6c649e449d077d35276e2508dff31a421357befdcd05049fe9f3a19fc2b65f7b336e89e953414c708533bdd4c256f6541c87be7c32c2d6a34da805c63ba836dc3ae5ff01f4669185cdb2a57054f2d5645b4010075567374fa60d06dcee10595d35c961e350604d7423e5beb754ae5f34d3c144526ae2cb9583eca938da7c7b26765d5d2816a30bc390be5f1325f2eb9a934cbf9311911127b91aae4aa4c418192954bd89ebef8c54d575248e3827a38ef50486d0fc2ce1080c0d8d750c1bb3dacda49cbb95706fd4af5a915418131f429f50b55de551ec23516200bd5cfc31410d74e1ca7bbf79180f3de84ffa56de13e7f6651928065abd8d3bac5d18ae6e3e3801f102ebc7d08c20f9e9f591351e03c9ca3f6d12ef6bbe356916467154c30306e0519b853b4d073f10f0808a7e2dc22e55d4894c100ee5ca7209e4eeab9a346defe83d0ac34699c4776e1c63ad4807746cd1c05f4fd0f32c2183145eee8ad6df8c16aa00c33ccb871cbe373ff04bfb064bfdf30b8b096123e2e137952194765dbde4d12fb846e9baad76f1eb00ac0ec2c44945095eba3aa812a3d33b96d1a966829cf4ba7a98e8c794abeb2152237e8a261f014a19c2b110d1c6444f8fd8d69d733 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 4eab894093e01b38e38a8fc8b4d6ada3bc337ad1b30615035a9fdf24bc6cde30b46d6449afe8eb08b35e4411a1bdf1eab7d7cf0d5813f83b1063e714d376dde5852e84c1c054d2d3d18b31f20382dd76216e8d4a36b8554397f2cbb023106933cad532cf4c8b984143f79e94648c3af002dffdb3d35bf5c2f736d32236a349c2 +S = 96d24cb0170440b5a493d313a500c9d095952899b669494cc182f0616d0da2918f4644961a6480e127459f63551bfff6e72f3ba3cc5bd8f529c8bf9e2bb90c9c12e2e70448e4ee1923ae1e3561fb6b5bbefccdd9634903bea982d9be5521914e8d70a51606cfc1ab9806f68487998ddf94e00af91f64b7dc739a62d98dfca35ddf4ef4f2c318b3b5dbb58d0b892fe0932d48d4d8ce0f88eeffc9dc5b8f4ddd9f493a3b03c62679bf261ba8a3e9c98e478e9cc74296714a0e8d16f0246a1e77c48c6ecc43b4c0aaff9a04e6594ce508d4185ac5e189d2c0a124cde1d65e832981dc49a699f9c6f978f0949078be9fcc545d33568b632bee58999fe83a2670d24c03b8f306385674fe3120be26e12325abb051514c95a60b3369d04ad92b85423d7da9a06bfde71265fcf8c9fed0b320909a1f4c66f4b5b6259a4938983c8f547fdfb630a64779a5c835d82c5435f60ef8887ca47fca7767a27c267c9d1efc09018e86340f4ba3961ddcefdd2bab540fd9c038d16ec723b31da7b54f0138cb54aa979d726c96ed2de5b4cd238cbc54ea0440217c87667eeced158009580a66e7432062c5cc108648cd6e52e2aef481891cf7963efffd5f2c5d9d468ea32748b9295bd6d64ecd8744b4a5d44baa2346b2e23a88639b3e6de22d58b201b896bc58c916d748563d0f68d90819cd749f9218f715a012d0e7388dae82363815e389033e +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c25980db8b2660bb031224d824ac443d7f673a16ff6f4ca64774cd52c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = b49b676c4b56eeedca153f915c23079f3e9b87a7d02b4565ec1702e77681edf234e716a3e0ed25527c5d4cbbe66c7a60ac3fd22921ad5b4eb147f97671959c21faa3b74378bcf431fe7626c11def7eadb455033909ac3c1619cb2f852da890c0aed632953a4cc154f768b3eb28347c50fee7011fb0af5085cead8e5cd2413097 +S = 410a01190f07def9bbe6b2834634d4f84c4f626e9e286d504c9393dcc751b76327443ab10e9e9da673e668831c231050b8c37c6fd0a92b814924ee73f0b6a2838c7c6bb39f02918ce05a701f92e38680e8c43c75a57ec2fc818316e0e32b85a5126b2ffaf9340338121379a57ea00b1529ca11cd5b6f444654ebf079bc44e3bb487943580f768b2a2ef9a31b0cca4c0c811124e1492b32f4c2a393bd67335a310ec1cb4cf908613c552a9dc68a99f2e633475e5f24c9140a813ca1539f63c7e241b700f202edbeb1133a043d61e93baef9f3a4c0f8e6cd14f9c2a8aaede1486e0f8da8c19b5a2147357f6059da419078e631e48f6a9cf888d22aaaa22073a896bff816ac5dc940b2383397f76255ae9559ec0812444d47f5b3205595c9db1a74b7dd40c704fdfdbe786713a3b79dc52b0c882bbb8a62aa01d8569966ebc00ea4fe5df212ee4a875afc85f48464cacd874b7a63f705cba529b43a14c483032d616f7b965f9784ec1fda02b05a5d310b11b4df17ec35c828b129218d4158dcc58753f5e208ad8a97e32451da1fd591101ad2f93fcd1e6f5d6fb7b468da1937fab4ccc8e9f3e95a4160b2055e8634bbd0798bf0fdeb658a435a21028fa7cd4be555767573e09d5053941aa0814ab314c45bb94a36997e576a026d017ec7a519237d82297f15c1906fc5866c1a3f6096ddb33576fc68e39c6bcd8f087355a12fd94d +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffff003031300d0609608648016503040201050004203a75e4efbd95ceba73b7671c870d5cd4613bae5fdfabf22e8b5b18fab56f620fefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = b31156951f5d041c1a01991b23102d5bb4acad22c777804d994a6a9fae2ab15915777f0bed6788a928b3ece18f905fac06e1872412aba59598c978d6e8e15fdaf996bd82f6ffa1b5fa58a7b319f819a69f835a7b9c6185efa06f51edc3f43817e8d6d8a3430e996819599038c730a37106fbeecf6d82668438a4bc8b474b8539 +S = 9bd1789015404f8537c89ccb750e04b5fdf82b0daa5d56f40ae64459aa23931ee5d8812cfd01102e3749024a881d3e7a13269b8ce17cbe725cab71c53e218d4b97d4f1274247b112a4376fef4686ff0ddede255e8b085d763eedb7f17eddfded5bbfb0121a3f4b6d47f1bcef7aa871817fcffde3f7ebd75c00c5ab1f6d5b2a6f5a4ecf92a9aecf902711572123eac011bf9a406bf4da6ee6411fef5b82aea8038396052e3801381061e5ac04b8f1d0ddfb678f28920fb5ac471a7046383204d5add6bbe78b9a7c9ab1b3f9b4b5984bfc8a03794075cb101bba0aa2fc170cf6da9401850ddd86357b962582f9bf0e174ed42ce101692008e2ecb51fc1185be19017a43e6bb08e2df7082cc9221895f159eefefaff9d8f3290c9f76934d34882c97989d4afd6a42f3815f7d474a7d020c797c13a9b4786d68ca8a700fe3e0abd1df9563344f0a7bba30d043fc5fc1d3d585f54efaa45cddba963383a0a1f979d48e8ae4fd633ec6698ea4f1e14c6fa2a7f6024524e6db1b0b66160398919c4faccd105d82c54fc98335b531baa9a7c96582ae05be7d93b0fa3e92fcb7a2f30950e3f31fa21270882d7a0e75cafc87fbb387bff937d45be79e95d973684a9f2b486f6649436ceb8deda18aac63c0103c705361ac5b318647aa632d98edf09c3ebba86afcc00f3ebd27505b926a59f67dc8b436d75c5a449e13808aef13e805c35dc +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = bafd723d8ef5602cd03f8cc4f54c398a7a6ff4277a2cc9c77fb2b6bf98a66072ab2205750dfeb2f1504eb6495c2b56fdc1b7c2cf4c5b4824d953c8ac676d6845720d881d7d75f917ee4369711e3b22a3b147f58a23bc70c5a4df586026a853afb4c6e47d05e29c6751288f8263040644f02973a127d8aa74895f4d21fbe08878 +S = 4b5029ded3d15dcb29534fc7f46330bf5fb64ebbb4602874e26364aa52614fd05218973224b1936af01aae5990bccbd92c2a6d20d170acdf782020b2a4ee8ccf5fb9402838cf0017af1bb0e2b5cd69c08b2f4ef222f1340972d21e3218fdde4ba3af10c3baf88883698897c52c7b34d84659468400d4d403355d59f1e21812d8304510dd8bb2963c47d91099dc36d7f0e19f69cba4a83b40f49e332d543c7489c62fb3513dba94e9e98fbcdb2e8d71ff544b774b9303b5e8ab1102e4bb34cd6a4839fc007a5031d87b778e858f20127bb09ce92b96c149915a87a2829532c3608d77425ce38f2697df9fa992baa90900e85bf6eb7100ccb6667e093b376b45230c6ab901de3541fc5dafd0cfd9abaabf7d88908261d36f1146757189f51d167a7294abe9be9a16028718ca3dbbab7e5d43ecb428c2956cf1d44c3e8a875e0b9e3c978fb489988b72f04a9cbd06488162d27498b52298b7efa3aee0937cb0a03740d82d43e9b108b0fd5e80ea34336fc5f711c8d62f74011b893d41742449ba91fce88522cc76208bf901fbcaf84e9662ab9ef109b63d03a45b7e1d4075b2ba5323417f675f61c915dfaed6810f663bffcae467bc6bd7772103a0a1e445f2dab341025ba4c2bfc93ece19c64dde97ab7be7c00f9064bdf2a1fe7c4af045a2362d371dc30e26b8e25bfb258c4b479e5109baa194dfa4382669b0734f1b6ab63c7e +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 65d1c1c5f2aede8f6ef03b53d0ffac64ae6b9666b18a000e4763ec2997cae7e0bacddf3a284f35e270f3132b2d3c005135f2b10213c7221cb83ae6b96dbcbc690c1162be70faae0e2a11da7475f420186da586b07b31fc471490a43da3cd7190c367f359b2f6719a0211393692703441bd4ebd7ad111b316c32dcdc021462edd +S = 7dcd0def685ce0d0dc10cf783ff7e71f69c18d7edf9e32dd583d46201d961cdc1f8381b5dea980ef331ccf27b2db4f7bca619b29c92e04284b14c6c2ed9bb62c323ad22130641834a4fd703dfb714d8d17939b34b9bda15a018b24bb596de618208c65feb7c262b8dbd4f6b10fac674855b5bd1fc15fd1faee28e39bc495867df3847af4c2b8b40bf3e5694c84ec4fca9deec321ae730ef0b10329318e34331e21ae5bc21bffb025821881d54d9a3f7adbb96fab78f1aa6392fa4fd8db78bd3e2bfdef787054c9c85cc2e07fdff85c48341d587b7ff55f9c96e32ef06aef9df62d5f9ab837f3538d822f862120d2e4cf6abb43c620a7cf08a8a72d3d9dc0f7d02d4c6fe620d3d43891696d7ee9731fe448a12070f573043378f3a2acb470fa7eaf01873af3deaa0906f28fbba9fd4b5b05dd806711427a36fbf9d82f627f1620f9d48fc10c2d1f32c88826faa6f49ea6918daab391079c37a76ff76a6a8696567b319c3adbdd0ee5c2dff7ea8411c52f719ece66297797d3ccc99de851f14cd061dfee6288766149dbf4df8ef4554848f22e3d461f3b9eda7d7cfbd2e5b60b434d86507ad1e7718064b030d470307c22ff18439b2ed3e1f757eede270f4ef8b6e75ce824d0e65f02631ec87782e7b4b39bcbb152230c93087676707206fd4966a4d7953931ce284eb7ff9d5b9bb7a86ad7dd561d334b0052a6a23b25ae9a05dd +SaltVal = 00 +Result = P + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 01fdd22335a45577e5cc758f73df444818c364cb28096c6197678e88bd687746566277bdcda9e200ba02b625a95a7d9b1db875bed471efa94d9bf54b88c32fbe0de308d32f8e0cf2926e9421ebf0a662073e17420f6ef2af0af81e0aa36e3a7d2c67cc8fe4bd9bf575f859abc1098544de3c907f5f683f1ad66850eb97cf602c +S = 2369b3beff47a12b51b8ca1d8fca20136ba94bfc7c16ebe84d322bd65d569af515521c1ab131ea2afeb2620c823b1753a28d0207c7b9e97eacb303a62da587a7a0417b75b8979f492dd16d5f8cf9cf181777f25954b91acb34c7e688d60fc78054d496ad8d6082678aeb7ddd87b02c07c3fbc627ff44bd89d7a151a4ef01e0a9066e19a2fb6271f0a47d7409fc08ad9990e5fc9fb297ee72c50a39bb1302273cf7a042a85e44d48548d859790cd126fa64bb72cf40beda6b651c7e957b8cbeaa7248de8fed106ccc3106ecc1fd0f91584dac294e0747032c854e60dcfb6ff82b6f7df1ef478a69978a558df0b1021fab6d84cf9f76ce0b574768ce12f5d3d44cd54f21339f7189532f7e960f3544a53c70a7027b782089904ef763bfd8d538654076c822fc0df2b1f7cfe297c9f260371023011ef3bb191c0772cc0edf5aae1897e2314988b1a10ba503907fc1b49cd675d766c65a12bd60bb7da104d7fdf9f2987dfcefcd9a27caeb56d2a564b64d1e86d95fca84e6413d1fdf716595ce476fb8e3c3e71c3e574c5222e706177da384a3c21c4f1a418a799513ab32a0c315916ddec5fb80139a7fe05624538be2130cc26101604504714ea0258672049f0f432bda7c4fcde9337423203e1d6323c090e11668470bfd4a2f910ac5c2c15739f3433e6d38fa8685d4ecb2f837a9282ad8c110ee083daf05b0ed7ec04f4711cb1d +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = e880d3f9d8365b9f6e1bf535b95344a882d374417ec91227c73821268de36aae096d131fb3be7343b5a9251c9fcb5be15cb67543654fd3f43474e76afce28ee19756a09fc0f3c57b82e48ba0f042b68f1738d863316521591c81778f0a44c90c7983a101669df94ebd1550481580fdba9aa2c22a4ad4a45d65a8fa1d1ed0c539 +S = 486292eec1aff1481ee618d78c8f28d59aba6cccd74d1d0e82502d1b27df2871f55348713ac01f9ea9dd6dbb8150a3df926326dc136957f91dad72104f2327b19d3890155cd5f018464c7c2c4c3509b2f47426b119fb124046180b2ec409c4a59da8098baa59a97a100c7539785d893932b9efaf2fe5197220d1706b96ce89911883cf50d96e1f8290bd320f47ed916f9254b9cd4be55f85dccbcd0c5731b2432810182ddbd37ecbda7229e9e3bf46c7af5878c8ff4c96f55bc0c46b57a88f8d5e756a682bb279b1672d43edb783b8a4eb4c25b42702dae46db934af12b7fd3852a5a2dbd307e4730aa1c993f5054152547a8a76ec07d47e296fd55b6d405481b9283d4fa2d262a38772b10da63286f009208d6a98f4174c2ee64f790dbd47c2508224d0a96d3eace8938d719ea730f026b6e7deb0eddc967a68d78b34eb8fb3138bff69d484203c5b7c00bfa230a01957911f5589226228d16080003fc1f7b6d544e7b2a46f97b70d111ee1d846535a84dfd43c2b42a90bfe373d9319846bc069cfe2ce7a23f41e0934c97b3964c2b892dc2f66231f8b6185ef6570d4ca31841cf9b562daa5914d185aba76ba58d66592f3237954424b103dfa20268f049c9749330084d007f7c2cd5405b1b1da06a75662f4f7c280430dfcb9bc37bdba64200273d13c319ad247ad7e20ae26920767ba43b2b1a02ab22b188fa5a12108d170 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d0609608648016503040201050004205ea6db376f12859c355a917d06abfb3f5f97736f5bbb23f71ec1de277ba047f2 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 1179b364278cc399916b066e7ea2adda5701135fe737fd3cbfa320e3d966e3ad7bbd67cd5e8ec4831040969297d0b9f3572150cb36940c9bfdd9abb60105bef904e4b0b6569004f13f42decfa269c54bdaf9a72be8061d32d091f19840a2deb77397960755bb0a4ce81ae50ee694594aa8311f6746b4b96b0073fb6fdc65c951 +S = 96c8373de5bb82b7da57e144e219250dbba46fccb74e1c325e3bf19c16fd38e2a71e642fcbb6f0fc8ef77739ce1b8aff04a967573b1bc71c894dd5bb29f3de66736608f4f4383c0d5329a2a7fb127a243544acf40d245e2068bb21a8dce0b4d7e81e165086afa43929b44e45f3a5d77d57505a86651da1dd4fbe0fb6f83b37423e670e06c810db19cdfb2d1d36c441903affe00f12078b229cb368ee5e63c451ce391f1eb1161076fcfb9dc2f499de5a6b948dd2b3dad0e6cc1ded8b27129197fa0998d6fcd117c37cd4745d844d6443d0e32a7d6cb34510d1270f31b25f7f2b4f5deb8bb94b7638f058a59eedd80837beac603775c67edf03957a6ffcf7c18c8a376a02bbb9eacc175904c0b5c09d29ecceca5ddb3d8143a6afbd89a1a3b372e2c7eebff1223b1bb4f1a26c4fcb6605f1326c6e4a25c9ca7eea8441b0495f53b7c6015fda720e62e1023fb039f1e3cf1ae9490f46ff75e0b5bfcd354f91e0aca5a4ce22e64876002e304bb7eb1212171225de212e0ac5304907bc803b61066cf68083832033f4902cda8e6ef109c638346f0598fb27f38f2ef130c81f78d5721b89b949d364f0336e3b4b982b7213aa7afc9aa35f5fbad2286f4a4639cd981c7908012b4787ab506d3bb745c9a8232253d59c24bcd60f95ae74debd5967491ad8b5ae564a09a79de6438090bea658b232d0dd620e548e020e9971ed4bcae5aa +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 7a143960d5a8c615dd58a10ba92eb257888befe939812d105f7d36412f291b146c90cc8f9584e5a75d3ccb045b42f805038d9304d5e944dbd4a046a63a53becb6a294b38262cdeec02efccb918742148fe4e385df503885c63b4c10d8400189c5c25dee4f06858ecb5b8cbb2498ed6286117047d0395a29df503cefb75f7d18e +S = 5d5f734d2700f3dcdf27489b57adb3b488de71bad11e6146dada53b80e4b5bcba10695996a7b52f89aab2f3ff43c17355deea644c2ac94fd760dc45aacb4471137a93ae4d9c4fccef44742682f0f985f26da2bc70bbacb95550f99b9003851b7a998bb1535218f7e47d41c52b79736f3005ebe8f46c5d4fcda4c7ae36bf68ac8c527d8589bb841abcb6d0cf12a797622c4275548abfd2c46d35132e5cd631da7f16c05129fbd1647a470f73c7417ac85ff85e71c433c849f5123353e49ce5d6bfbada544e4aee9887262a8c51b5cf6ddcfa15aff2315ad910d74e92245945309f71815dfc23d4b830536f68ad444637a808077650590407e25923247aaf53df43fa90d465ee06d9a9a5a7ae86d8a2180d70430e4916e7005ffb4858712edab095f8a691e2260c3fd56a4311dc25b4ed8c4ea0e43e4bb44ca26ca8ef674019218af0559de44bc0cc5f9463575ec28f3fc9d7a4d0e9b00972044b01187ca06d0dc7f0c5ea336c0e2290e1367d12101f293dab4139124c217cde848e7e4a0f15b3d3805767f88aeec07bda40dd23826afcdca5caebdf54c32021113d711b6bf07300a2ec7dde75d550c93562a30e93810c9ab3ed830a719e02df7dbcd62c4316692b69ae722a01c462e5cbd31ebef67602fdcc9580e6e326d77a4f2a0ad079acf2c2592748f9dd7c7ca7560e4cb3e7b60e9906b8bf02fde02c9c5e0645caed699d1 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430fd72258dc3162b6f2eb1784384443649d457af90d1c6bd30c443b7e3ce562e7d7e660afd677d87d01695dba2597a886f +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 8b48c7483bab7109f4d05b8cee9338be36640bb068fbffeab94892013ba9f96c5d60c093b144b229f3b6f8bc46d7858ac0f9b197295323fc00f8f582bf0a136f612ae4a020342dd883293258986d1eb07e33a4d42735e7725ca89783026f5d219b8f7a9810e3abbfad114f896dbccbd778fb2e90ea0a11f4d640c22d8b41a127 +S = 5ec4ad5490edb3c268798a03c1fd36d43cd64e6665ede2dc2cd77d833f15edb7b836fb7c31a9a6135b4ea1c84f8ea7513883d8d38037d7f086d50d69fd730fe300b5c0090f4c7cba382fe27f7ecd56a0df98f6b9e656f11169c717fe8636fb2cc6ecbd4a44ea73f91b9189b640bcf51870ff97b23a4dcaac6e4852a8862c73f80f89e25daeeab317dcc570fd7503421989334ed729d453e2b372a58ef37fc773b25d6911aa52a11d516d1011b052c0f9f33306965525c4605884980a2ba24deece8271d65c1623cee181dba8f953a577d989e1d7f6d5393920cfdb9361ec22c10bc85926cd37f3289b1efa6ceeb78e7a1d1b54be2865aeeaa9dddd4aaa2c72353338c247411463af28004fe154b3e41fc88f137c6ab9c240e98f0441237111f9fea9709f41b45cb601d91ee24725a62e0f04a72aaada19b8a25da14b86fa2a5c7f4a359fde437d7a2b9b6553b6dda023e03d3996dffeb8511eb67959c2c647e28f8e9c0c17e412308105a10c0bc4d2820c7d6acd718c1ff38fd1e27db4dc07d2f12f45f2eb8f414861bbace017c6bc4ac46f815269f68212e1c0a3fca93622fda40102194efc58c816146048d49af8717faa6e58251db269f1fd075816da19ff5a5fb0a9ecebacb276b3bca5f6050b33cf50e065320fd703ec4779b3488f1cacdc6a8d469e9f0b5a97f7632efc417bc9efd2ea18d768b27b8863e753588dc3a5 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 9e1d1d96ec18b95c118a04d5d8dc554d705565e87ae1048961110af3ea62912e0cc2612d0150acad9d64fc60dfcf694bc6640f6c65b7bfa13a24f5c5bc130a1c337babf1cca58a7ded33530bc660e25a2989b3439bed9a9babb1b45b82279dfebc4fe32b769ebb94a8fff31eb618284241ce39b3430bfb415bbe2ffd6524b19e +S = 728ea547f16aac9bc1449a5614fc3612292831c3596d2897ee8426c04c353f4fc19590bfd790660833fce2152b026327eebe9c934aa8db566bf63938486bf8699bbb6f2cc7882ed6e9e9cb2d3b0647a5355616604576b12d26123bd60732b2e240e9015a7c4044a0ace6f18d522ba55bc9bed1cf88f94680150d05d6a8bc58e74862f7588993892859f88c92e6516f02d57fb4475a4c4872a211ee03d5152b2111ac0f46e9d826f1dfca27a1ded9888b8a573e6702f116475a93cb2d7e6301ac8742f3dc2c48403e4205082b7e4f8fb21b814c6f94634a50e83e4a3c0900906b162621360d506eea63954581771c72b2abf6bd5bf0505e3a8329ca8e1af6b497ddd7695237fe454b8a06498e4308c0b7f79102ef07977932a57927e2c4dbb3b1199ffeb33e244f536a19375fb5ee25279b425eda4693cef0a4904f8ace80e7a1916740563e4fcc18ec4356dfd8f351fb3969b704233e6c877ce339e7e38e98e0dcfebcb0668dab057171e643b6669dc187f9ea8dda2eaa295b8f88a8ba8f4cfb579d5d33681f0a306f2f20821b67613e18545059b2f6e8049770fe4b280ba849ba38dc6e70949cf6ca160910653a7e3a2c36af5fa1eac778216ee33a60e67dac7ceb7a35cf6bd926e1a16160e303e46afdfa28b018a872f205309035da90752c179f8d4de48f671c08a6a43f7bebd4c49391514783e6989897fabbfdcd87f196 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 45036afedca29e7386c707f029cd67ba4740e7eddd38146d8be5271ef46c895868f19695c1f5a26d8ae339c567e5ab43b0fcc8056050e9922ec53010f9ce10b869860f88d4fdca375ecf3a6e65fc37351cf33aac75f067fb4588cb8ba383e27790e95c3dde5f20ba4ab49255ecb8117ad14dc44ae6c09790175980f7b930077b +S = 634e95db19d75fdb681e468e2e9f991ea38bebcd5e44717148be6c79625136182c8c3b136f09529d3f95e42d4da796a4b9010fdf3d3a483e5c78ccea3ae200a382f1c690a01e2f450dc1128c014f533bae31237d48890a5bcfb3996aecf790d18e6601d9b12022d7f134b1243965727a8ebc1479dfab096298a116440818aaf961ed9aa730e3df72f7d115f57e1294ff53549161b66d6f15f3219323fb067bcc492e9320c7b706613cca0ef030aeae3fe14d04dbc2416ea6d0ef89ac48e0ba83c90e33df7dbe215da1c7c70bfba0cf1ba2ceef1900c76c9216d9c5db17c9d3e2401814609defd932c47b864a65e9c30f75e63f2609ec2416405ef072240092dd23f835fd415d190eefe2afb80f5c02ab433946062d3bcb5c18f009677e43f5e02fcd4a330eaebac40dc788e4fc6890c1c75e22cc2e801153018b316d0bdb0adaf9b2fd98e4ba7b3507ce1f1627c006a49ed81177cbbb5a37cb952ca93655ef2fc4dc34532f9f5ce35906682a295230a0824934dc9ade9ae445d4f5342395badae4371c23635bfc03effc650595381a352cbb8c9c8a353bf795799b3d41520a966f48b7fbb28389f6eeb02c62ae21f7776e8a65b7b0fe6b10f0a498ba9d2ab503cd7e8b79fed5c1a9239766f577266a868db7b74e274b82107cb2b6e8dd04149d556258bfb92b5fa0ae4f05f407191bc28774159066857383d64d5b567e44e706 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003041300d060960864801650304020205000430cb91c002dfd7118dbc156c9b6c6faaebf14d2d79a0d28a084b2fef838a9fbab5fd2e5f9d6ee8b032d4f6588e5219fb02efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 4d72aa3953630bbc1c51a7fb6c7e0375938e8afbeef430c1b0ab56b6e226ed11a989df2cc819aa9665f14e6410f86ac7010fa2e4a18f43df4df22a3956d0e25d4c0e0c757c520482b7b9c1ac55cdfdd67ab19676989f35a435952d71ef4aa679bd67fabc77f45fa99910c77c44e604ca85dc305ada0d4c37f2fa2703b57c818e +S = 13e21486fe238e70f645edfb21dc32ea0f415e5e260483799870d947151362a7249f700818014c1707016d71a83c389ee6f17354e20b55402f4c6036dff827d237fc7b24cfb2b5398fb34beb35d2d61b5c4d089ef832c219162484d453587869f1139d7fd3497ff4189517ecbb2d314c049d4e86dafc418c716c3e4c2803ea03c66b90b93c620aafac05e4252212200dd1448e34914da304148d1466e5e32edaf6743fa43c307f24ec1a0d46b4bb941945a2ed7c02da826476522cf7fe329268774052310d4b817a4058d9ae6084b4f1428ea1fa5a5dc0e666ff9466480b9f1d6142890010fc2ca3ee46db1ab084a524bea1c27b89adc87ceaea0a1d9e8d83358cfc20997b8c94204c80871c0e9da89b224ba42181743b285157d3eae18f19f8a38a102e53d2378aa241b5300a20592bc487651264dcf9084c3b1f0095e848f1af5a940a25ce3d0ae660ebe9ea09858bb366451fe8f4d1dfcf018938db14bc4efb1c4a2a7f5b08facbf81256ffc0453e4ba14744d1611e85cba35baa9302bbe959dfc2c0b96c932063fe40991c2ee47bc1ed97999f8e5f747f8138691db117784a5800ad4d210caebdbc3ba84e8fceee3bf59ff163c7ec9c0eaa468813a1fa8215464f390fc62d45993db71a7e56c4a022fd4ee377a725e87a2415877a6365b086c76bd2702abb265ec3b37b198eb84e9ce6e1037848c10bc132aa2f8e1af165 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 709abcd4c8297d89f8e4a5446dd32ee612838200c5a990950b091e21029661d997dbcb35f89924ac4db2dcbea345a038281b2bb49e425f5f0af794ffacca303434fc77fd332ca57fd0323a02bc4c963d6878c5d375209c1d6cfc052aaf359704afc66a356028298aea2e6817a22e387b3861f966318c705898e01aabf11fbfd3 +S = 95fbadad59d07287451d54b9645279f6fc62ea2c6dcdea2d49548a992844d46b559be0328662c2be146e3812aa9bfb073ef21f2c73dafdce8297d70a04ab3bae8e0237f6da726621da82066ec76afca2340e3ec256ab5f3e0bb53833c78770ba95e39a7f844e9e483a6cb7f98d496e4eea095f08d809b422dada7dc779303939e5dcc644bbd0b22a339bbee4a9203005aa34a276ca5c1135418c705b8d70284ef279f49421304b28d1ef8606ccb2c9591ef36b418ff3f52933ce1b059d9a3d04e483c2baafb719131f29f1fbfabb85c7bf0b979ae3377a35fb877eab9dcc630759d18b3974a999bfab9704953d661ca6449cacbace130869c2b0751d205c5c6ffbeaf3017e9bce964b2d4b6af2ee8bc9897b6df0d53b061e89918eabc9ed4f46da59748576e816c5bdd0c847a411948d43509e994ba816d6391b041f23c9d70d004e9d3c09fa717c4531af5b8dca8393d28dbfe3b07d6a88da2383181050bb033b8f21546432f62caf52cfb364e87ae5fea1c6e2948e39aeeaba89797163fb2b3bd35d8bb8832218a5d931d351e9cee457504ae70c09b51004c826c913cbf61f570504951e02b1e47e9ab3dc47b44559e77d79b734790a1faedef901d267129139c66c992f039ab42d15635ca1ced47ab12ba87e12fec8bb574c9dcd94e7c6ef54a75fd568755042e8d928f344c65497b3183eda9534db97a90b24927d77e2e3 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 2be1649aab8e12b337a5d974ebe354a0ce3e74f4fc76c45a05edf16090b889e844f60321e86000b6c822d0455bea3812243e72fdd61276b1bb9a781f565db22b488b63a47090187a56e92a2bca36887fc891b6759f1f167d52e467e73fdc8b9cfe478d0c8c44e267a9a1ef107ef2cc4f83e04846a0c42d269375c5a2915d9ca4 +S = 11a6268f9ab602dca7444e9e821e9e9dbf2ff6f875f255d8dc202f953d91d6bd13c74697c70412131091a062f7511b06264d083ed49b24ad429d35e9fb02326fbb2b206dada13f5aab60b5b3db5df6b83e80eb946e199206dc2fc7246ffc6f663217fb5ff2ca14eed28a58ba010b5ce47993b4b66ff00bcd20720a4a6df35a81aba6d277b2ac3fe65dd7089b6fb918831c54165aa833fd84fddc5350bedd1517bbb180dc63016a10668add62ce782292af053a1419970cce6c6740d9654b62d836b7446db56267e08aa204fbc3d3352c196c6b757cb08f137b0653bf362249dc7a7162eb3d82764b51b8f7676401e89c3437ea3fef7b727a096143033d2dff653107e6bf20f9586b2ab75a164d5ab84cd0bc6e04749ad4599c80e4edff189c472b02c91b31955284c42aa5390d83defd8c4c24f14e2aa9668fcfb0b683fd7702da5330e73cba32b77a1c197c4385b5ba5e0ce2e5a3732838fe136020b870c238ddf5900b662dbed59e9664754b63cc4b8fa3766797b2120924d712935f4a591e61d292782bd6029b3eb434e33c06dc53d1152471c000dd8e9eec094ba6b3dd5d5e71e23039480df29c2b00fffb5358bb5628adf89260445ce4ea3cc4a701af52d382ed2e9c1db9837c29e211332f9b6c176630f307c5b0d0e28a1a09fd285ce2c12d1f18269cb1a04e5c1c1740fbe8af04edd32abffd09ca5641806520eab220 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440a6e9bd72eb12cb01af08cd796b9a5d7f70e34e1c142af67f862971169f7110687017d74eac1c5d45f013743c20ae189d7c9c61802770a915b37a0ffba5ee490d +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = 1dce67cb88490ddb92b9528b478d3cd681c51ddeb0a76f3cd7b40394d7da5b6cf0eb543e854e07cb1ff5f2b3b58e53432bfed58e180b6ebfcc5888ad92975fb032faaab4baea7d8b7efc6e885e21f749471d1bd4fd3a4ce6173d8d874b99d4e2ebe3b254b08635c3b7b80e31c9acef90df0937d8e59cd158bf4959498a4881a9 +S = a73f90dd956d119b2364f15b1772eb3398cc0dfa717bef2d0180ffb42c5a6a9f6240e56297fffc3ec10b8527678e37c126a033cce08451a5052575ad1e471801df563e447e57626a09a5b218aa5d1b3ae3dafa8a43e0f5b187f9d11333cd07a52a9b0844bf61f37f9107fb9770ecc17f1858767475e9e63945bebf12c54a25f9759cfa4b11c605d41cc2b7aadb786a03fc41146ab249d984f6b78c89af37a6d788c67f0575faba520cda93288479f02c83e78122ae5b88ceb6ecdc429f5e8cffc9e1fc78d8c4e638c74fc905a2ecf6fb2e797a1d8b86d458d0d594836f66b801445e743d33a5f936138a1c18dcd08f6a826fdbe71bac84dea0884e5310316d9a28b50d5f40d441d5385db88f4934b4fb85538e9838ae64f9055da047f8d49d432feee879301bed3cb7c2774179fd4f76813284a492d1c89df758ad141eab289c504bddf9934753d94588c2c9fafd69b6b261ce320c103bbba0842e9e2e14fd88d17319f9a7596a55701c22226e255d06f5dbcd432a930758725ae73adce8be417d7a94a712d5c5b3809441557b348720a35da7de59923e59c92df63de405fd913fd7fbf3407c72455d3be934e3d7a878bdaf88498842fe533a03387ac4a6271f0c3621c33424f610eaaaf6878fc99660b2f8833935b6eba90636eeb9b9f52fc0f3244183e59caf31d890b22cca748c80abf9837808b4a1fbb9cd5c9a9b84a2dd +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = f0b048e510fd9d75f3d7bf3f460ece324aaa452f6e2c2d6a23179114ecaf3137b4017ae16523b684b6bd819d45c87c94e59645e33913a67b824a0c63b52b3ba3d18b41606f6ca8489a7ff031e2e73dfcac404cc0cce0ab25565c2a0db04e8d7aec5683ac555fdc894824f64246f2783446af430c501ba62f4756d15907a38d83 +S = 05eb7a32c9cefdabc9208a080b7542bdd0e1e2e4a8529c29a7529527207a0b5105464d0cc445e7e64fe2a9be5cfe6635d4fc1ae7bb7ee36b86fb2ac72ac7d53af6b1dc6df2c85d9aa3513ecbce8ecfb1926332f3119a4bfae1b01b2565376be9872cbc7bbfed88a4d2e67a78587ca53e09863bf21ac1350bb38e009c3c458d2df736b1212e7980d0a3735925cabf39ad4da1b98e9e7a6e4f73aa048d8d686297fc6885e5a939e3195908e17d32f7e78d22e9eaf3e9373ed923f0b2d6b45497351cdbc9fb8ba0aa912223121a24b2b44b291743bc3ece0d3911c4d54ce82f883493805273b0fbcc964ae9529b83e6f22d0aedc8b6f8b2a410abbce970cfa44e30c9b97ffb312d5a53d904d5e99a86745a70c6c9f8f3303c31b39dd587211cc49c973837d89117583ce5be56ce263976d9c19303b7d8971bd1bc0a7bfed7af8ac90329a628a85cee99a3c5e9bddaf857467a8fd3b015345e983946a1a22c4bd2c18e3af937555a08dcdaa055a8fed0e06ebf19f5890ed0dcae6e031e9150810d654925a9347add44fafab80d3bc8342e9f41e60ab742d17d368e02e82d56418c22ef10021431c00af4e21b7436aaca8b67dd7c5b1519ecf0c414491c1bd8a1ab3fcb1bee7d202673c0a080f56ae2966605132998c79ea59bc6aeab631bc0064187f11ef3273d5c6459ba6ebef569b99ac751ec0edc37492c7c563991a0dbeb2710 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = aaf54244327c90f0aec7add583fb42cfae696074fefd5c9a80d9dd1a3b3d33d31eaaeaf137479f6f268313dad0fc7e5858a026ea4b112fee1a4eb5e8ce911881f77397d0e55621d91b046753019436afd98e0455f44fc93126ae106e77df4d811b98716aa573bc367794d2c97d8b12da1b7b233f637ccf6b8c3f15359ff179db +S = 0524037b884cfc8ed0047ca0cce7f7cfda9893c065ea6a1ebf673398e23a56aa4b0a179f1b776a3bb716ea83f0f9f863661aaefe7f50da0d714d9cdea2408a09708d50aa4c6bc6ab31240341098a1d8951c82e4708a5cba44d0d0b98b09dc8f8781ea59d9d6dc168bf80d50e67fb53763aebc6dc12b19ee6ef47b838d58f1bee5f6f3a263a430b22f633195ed0d32a92c08b2a4e75807f1b56edac08a6a87720c611ed497dc184974ad7d3fc17dac4c409a44c3fd29a35259fac0ac2395f81be0fcfedacc8044397f4fbc858640af552b2cab5f85a042d41050470f7fa485ed38a0fee6f9e935611e33b50264ca04f8fc1c6e15d20d10b023ae7768b0b87f99fd298e7663fdaf5dda0f61c019ce0516daa8db07f46dede1ad63f8839e58e3c33e69df238c3481b7ebcbeaf448b986ccfb09b3cb62249ecea2315be42cc6876b7ad17a79a10d8bb4cb83b7e33fd28218b58690daf5de8da3824bae1bc9d84a8c9c09b5f4d67497d2d5b215bd530d41decf24d32d1c73beae4e6edd3d2859f11c7d8ae60673c94f1a233e285aa2bf8be8de7c5791bb6bc624ed74bc1de32796bf656c744dfa9ebc3958b71f2f26a9d28de16927aa2923e6b897c3c3c1f719b3239d1e59a136890b21efe97081cdcdc69a39668791fc4089fccb694a77a88101358ffb961792ca3c41b15bb81e1edd7fe403ebce86ff17c5534d441d946b7763806 +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 1d8188e62be3759b150e29a7b864be80ba2f00e747cf6caf45645f91085cc25d0ae6c4c55c97bd20e4dddda23d8d03af33a13e082e3576602ccb4832d10f7cb30de94cd2ec64e92b8c7f1bdea66491665b313b153a2d6dcfeecac1e5709f113999d8abc4128b58dc232853a3d50fcbc971beea4a4883b1691d6b195b3f295a12ab6bb393c7e3dcfa3bcb6bf7ddc6b22d4550657ed311590330172763930905d38234c89f889d85bce48f451b21945cb980e25d8de6b6fcb2828643f5695105a4fc5705cfa9da5430f6fd98af78b2f2a255eecdc268922a71dfa3fd65c6645c6204fa1afddc7f009e24ff973f70accacd07ce05b1a3e352b4cbceca24c691c94acb40f9ec6f1964a3c73d4b50ad1279598711ffbd1e2ba3e283cb33d0189ed5341b2991aeb6ccf331e23d49f473adf4524a50d876089c824488b1a9d9253d9f3471ab73cceacdc169bff8b6ed6258a940ad03454ee148c86376c6c35971db2a4901980fdc3e78d1149aeccc32424162bc1fdf115e5d2a138b914397d3384bd4921ddbaa251569f71d61aace4b5d947eec59fe57827cdd38c5dd01a0f7beccc0f80662073a52aee4faa558a5c1e9f98327fe91e29340f678c8734e5790994c1ac8d9da22b57cb2bab896d45a2eb0524cc8457275dd61f6c4eec4c2f697a07d33d07a46685c95ec2658259a7bc0dad3d9529ac5485de5cb014e9b7dc7cb6e2bf781 +Msg = aaf63b5ed0e0aeb7ef3da4f134dbc2e8942acc27029e7366e5556f51c9face8b54e98cf37c936326f824e445f464c7f809db80b26c39133766f5285c0433620e0febed963e48561bab4ea06984c094f103415810a0b9439485faf07c42a491ffc24586d07dc52fa1f002fee64ab7d0db69a27dc804e6ad832aaeee37eb130465 +S = 28cf265ebfccf2400d6129058b7168cdd9fd44f44a74630d8df79d306b41a82d9ff0e7e08ba01d31514ddc3ef87dff19321346aab5c67959c551695cfdf04bfbb0ab74affb9edc69b9aa6eebef1d4fb7b1ecf7fa30ad5834136de2510fa774a24799b6f5e6410f4f14354c010f7f9e4976d7772ccfdeab7eeff704e9531ec3db509c1f0913144a444dff8e36f9f50e6c2c7a693c5ed440d95b721664aff953a18f033df5ce2fbc2902d9fe4644f10d50f69abbc7d2f58a80e6b6b4c94d75fa53bdec788315e87c103e81dff4c5cf7c5f1fb14a3019cc89a871328969ba9d12fb14326458ef1df1dce42b02ad17db4bbc75161e66aecbdba7ebbf1709fb208642e3e1a3c12738440502cd235d6a43a08d24f6a397b0a5b86d0a8456e939d4422934917905b3772e2c5736ffc0b3cc8b8bbc1c9629ac37d54def02ec83a106a6537adcb6559ea3cb2024a1007384e604fc64ee9fde2aedd129348c7fc34b240dc841fc45b2fd2c9ec16264b067f139bba8f3c31bcb4291b71e590bc953fd63d1ee44a901d47fcba0d12150ebde6f50209646831e10cf3fa7e129e5504fbcdf4832f5589f191925dd85ea7d11031cfcefa5ed4f9bde552c4270930204d37c37faa8dedcbc2838a36fd425d2bbad87660fbf8df20610e666a9c382b81b27b0cb172a188c46bed70dfca37563129376b2d6e78d4be92b81978031a84eee45f9731a2a +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d0609608648016503040203050004400ab1a89aa9fb0c29b4163f44d7662e24023b152d820dc90168548295c7e1b5836d3de20a9fae39be49bcc40d0c54e271a4f6fbf4050c315553dcb6a3db8b5eabefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +n = a74f2eeb83f4f87768ad1068802b453e7b9808db9d1758ce52ccc70c3cbc4cef2afccf66b1116896fa27acc8cd779b4df59757e24bcc0e69f409b638cba8adbad885f95680dc4a7423d576c448cc38b00ec0292ea3323bd1eabe2bcb6d9e9c94665eda88dae5bcfdac2a3ca71b6d3bfd31cddda0f41f14dc5ddef946a9f779398b05e46678d2e490ac28c8807e9991bdc00ecc28d1b7cf63b6f3f47961080fc45e43729013366c654e1189888cfdb7458fbd56ba3b29756087ad1a0f86bc5e1637f7c6f881343033bec98c22e5c22d91ec2576c66214aa895d08c29707e0c181c666727767f5cb99835eb35a75d44033e5fbf947f7ca249861d5fa5b5d1cd4845d4d241048bfe2b06ffec934665ce371c826a2bb4c2de1dbd115a1e220465c6eb9d26297e2f9187726926e33f6ac7154ed73148aab86813b11b7fc043a969c8b9477aeb6305a73e10cd9db0cd5dd323a9c7ddc08accc214b4a555da9cde05f3a351948e56848d543ea504071f6251e035af576e04e55725516e215ce5b40c13f4029caeee38e4183c834127c857e1a0ce52e2db2faca43542eed0fc2331980be2e70ed938e007d1ef56f103f800dac041bae43d2117fc7030da4f4a87b1161c7cdd46de4098d10167e028fae2eea05da82c687ad82817efa65e973845b5a103424d17234fa78da06984549569443fb9c8755c4627a5b04992e15c0823b45a855 + +p = d86293ff70f21a0aaf50f3e91a38fbd29c3e84a034b5a9d5ead0dfdf0707cd9a85bc5e17c51f149c804f9feb00c2aec790e605b53108cf008e7636ff32e0329af9049e0bc48b91e2712deb4c0b1c2e943da090ea0dfe4e64c79f4242366eb8761a827e64d7fd3ae66b340093a21024418db44dc8305fcb097b942b2f7c790835d27e24a9653eb7af54aa06482f6438d4676965d602f3f1f8939e184f6ac9c9df083fb862d617af4516d824f419e11157b208009cec826538f80331286925a47da40e6317914dcab19706831ec84f58d158d945a354d3d2d1900ba044e25741168d334c5100ad408591212f26481759d46a735fa5f14b650bc5ee0e4f059538cf + +q = c5f08c5456b320360fa4338f92b57a8c6715fb6ddcb07c2d0ff93b6549e7df6e8d3dafc5710f02b42d82f62ff2d365fd7d9b1518eb512f55cf10f347829aa961ba9edb5c5e36c1d899b4fd462e9e89050bf7edcb20c0b54771bf22056a7f2091739878dfc53047ea7cc2af9ced1fccee39b2e9502307f44b1e8f3065aa9d2a45e1b5ee174d067a32fd3573f8d85c17fe3153736e9b2ed6a9fe068530eafdb0c42c7ca5cc9fbf44f84594b324965f537f1862f2ec303b42a838ae892dd1a59b577b7506c663638c837b67d6e6d03066b71967ce938b381f91f50fa526089fd146f62977cc41111597481d9c3af2c099279be8e6cc9fe7c64d394f9298b44a4d9b + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = e5f707f500cc4d0d36ebec7b49ded4c1c1d8fd4186f5a1a5aec2a97e9400652b2aa57ffd90243299e5eeb79d5d3900869300a9d1214b2c606fb05420c81af4e9b3c9d8a5809afcb52189fc903b74ccad7d22a9a431834f9010396db75b58566d276af935f9b7132a92c3a39d0c179f002644e502dd2674fc3c66dc8c7442f37f +S = 84108250f5183b7a1957f5ce9c10b762fa7cf3444f76485c0b5033e1f922d45ca86feb96407efcefabd35bafa24b1f3e5d86ffdced1c3757e23017bc2a816e940391eaec9c2b1e01c1f29119b4064c60a2f5ed91162b308e21f70374815e916f134f7e8907a8fc120dea9cc15c53741ae1d1146942a06d0e1d297ec0fcd1e7024bacf58b0b64ab63f95ee3e3f3893a6a892c8c949ce1ad5664196bc7370411d6c18ac7b3998e5d9d35e6c649f9205f0453ebdbc9eb6da6b4aa549b2af507deb7ac776a89b43b87e01be516e4ba36cecea8fa598321beeb7eff47e7561b52be6ca99fe8114b9be68b0f77c5d8769c35fa04d5c4894d331e7a1d65f25b44ca95e8074931bda83dbb36ee622582112fd918a732afe4040280395fa87dd566e69b3668b295a53aeb3ade6835b32dc8bde3e59f6b6ee36322b39d50c14cc98f7af082468be675b73548f5194dd4c907d99db54f785097cb9ed28c812bee694ec4ee85a8d41501d0a70d82cd8316c2b63d06e2e502be79b5a1f7c06735eb5b850cb0562a117972f171e04870caa751064db6fc4b2d64a2ddbdcf1d17f6952b630b86d6124bf6a7449cc57ed4cafa192756571fcaea3e0a52a92baf4d18f7b61ac404876b1f7e6a53498bb9eccbfe94992a1f326017cdf91039266d9a3deed3dcb124ae6aa96402f80372881a207dd833b4ae38d9d9f5ea2f30a4fa45e566e33e1e1388 +SaltVal = 00 +Result = P + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 5eaae0a318af7626f80e9c31a4e7bc127d24e823c80b1efc0c13cbe7baf78d95130a3d0f47ca2deedab7aecf4c66d602f9d180823ef1932add8f8825a35726a7482e90da96c5821ccd6ed867472f5010581590b578cb6b71a46b60510194630cc3bde1ee4dc9fe1699db21e1db6bb2a6619a22a4bec22c3827525b541dd9cd2c +S = 0d5434fa33a83f13477d6ebecc596e1847218ed9dc99e9d75a175a85d3bebf47ac7fa9b537d48f49cafc12ad3b239a7407f56a27b9dc4ce222ac838a6bdffe594fab2c6d0bc15365a3e90f6765e837ad864105decfa723101affc6c87dbfa0cc0234b9f1fe033d34bd9a5c4fca3a5e228b3ee3c75bbf000a6ab654c2448a43a6b4d2439ee84bd125fb44688a942e847dba0ccf781840a0341516080bf7dc1ed725b566c07e846840d02ab8fca219127ba0f7fec701c79a1a8c7e1a3db32985eac37a2d15b8e22ba159a78bfaab05f00934c95c1aa8d9b350af9ee17de47a69ec25a05572fa57ae33d9ef1d7f1f6d149870c96b2c3f266df32e1e9ff28c718bd03d1b1a7ae7b63fe22a82c2b7879c117c7d16a805efda0925c02aa5759653dc6cae6f1d5ab02d718c78403e40ca30a9f5473777927980d142845178535dcef705d3ffc0f650ce17e8e984da4bf98a78c0436dcb00f96c8aa5f893ce4c2f5088d87d6ce2c90b09a107e3431c0cf855f641d964866b56f409e9bc7bc6147ea3838c1d78c833c973f2f3040872cae6d226aa77e95ac907dd514bfc3534f76621c4b663a0886fcf34e5f741a2dcad200943da40b38da72d6d60eb3ea0489ba6ebc1d0a5b19c966cfa87d72ff8ced17ac770f4ac20c88ccb2e3feae775bcd9747a5c87ac38c7294c7a99c04e1a421b14fbea33dac05f7efa2c0fdf6988cd8f15ac6751 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = f11684d68056464935458c80bb76ecc5ffb35a4c35ef4cc51d7c1c32847fadf60da0512f3106ea46858250c53b0af368ec6ac27695364b51df03234ca3d688beaddd4555c05dd6acdbeccd1fbbe074dea107b4405599355a6b6ac7d1c56401ec593527ed344551a2bfebca3742e0b74ea6f4f9517fff54074a1bd066f2105fa9 +S = 61caa531f63359df1779d5765223207864a01b218fca9a8ca97c125987b1aeca6e0f667276421e708f4f6943df074c48b58384cec8e773e60b4d2c2ecd9db62afd9ddaaba4398d98618ee89c6ea170ff53ad6bc0c08fbb3ec07954fdcf980df778b36c823f42844be7793e78d70248139fd8f6b8cef38d2f5a93e8c5c0b5f5f879f3f929da5b7d9d9727c808ece9290570051238b75dc13decda4e619800acff51f99538f97db8dbeeadf8f54bcc58c06433a3e018dc9bf8ffa876534cd4d2f3b5e88021e8141f0356d01f5198704ac9ebf3d4433f92e12afd6dd6ce5a734800fc874a0f1a4281f7120380db8f27d2cc54fc51291d68c2b031a046426243d2e1c34cae5302685e1eea7aee04d01a1cd4326297fc605af8a6ca1943dc43d9cacf9e713b9cf427628b54ef0da3bb13eb64b9dfdb9e173176c693453ebbcfeeb9b637bc9bfa401fd63f1edcd6fdba3504f73c7f2305683c8a58ab77250813cfe94fda23da973d3db920e3134e94efa3ecb5f43211b3d12c2ac67d7d43fc7237cb629bc8b2bcfe8593945feb32d3a9d2828a2e16efa56111c3d1e6406e8a738313b615a9ee30edb4d03028b7ea0545efaaddcb2a941129530f67e1d9d870a529c6c649ba7db4bf2878e268f7794943a19a0b9d230250491a870cdcecf971bd7e66bbab6a6e9ffaf5f8b727f00532a609975c78820b48b0af715ecaf6867bebfbd708 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443021300906052b0e03021a05000414f3c22813bf0da5f5ce5244a03ccc74c41a51caea +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 6b7c63bb3b14afdc085c08805123108fef29976a4c856c74d34473d1a553f86d8e9f4340377a6dd19d4172f9c13b86eaa2c5ad6f68ac8676e2db67cb3236af26c7c558688c15cc225fdbfa57c5dba883dc080bdb91ed95d7124b0eee8704e6a0fd37cabaa2ad75d63874c921c4c91e61863cda362e0e419f4dde8fc10a8444e4 +S = 2980e019c0c7e460c720ca8e45e8742a14a5c712db17cf51e8a5fc7ccd6b2878c4c609b1ccc6258493a965a444bcddb6a21dc129119f4425d1a707555a6b50bdbbe0cdbdf0abcdfaf8cff67c2056e2e9df573f425dd0f56fb1ce3e8171e12ef6e9b0062d5b393fd61b723801a9f57bd8dcdf01d0965641607e3c952715a729e71622a3695e16e92b7f8028c3ac25edaf3ebc34bde80113fa8d4d4f7a56b6aa0100cfea550a220a22ed7b24d35f2e89ab0709ab7e3478fc1a61f94b6726d5c3120e2de4cd8ea7f5c5651f425d4435c1de0696babe95094397324711e4e7892e287fe8131f976f263c0ef209bd78a248b1c72813c963ebfd52162ea9a6065aa32b0a97bb33eb39e3bcca888e6f92afb8f3891317bba4fbaaa27f638bd7900801683ab6a4f66d0101246c1aede70ddd6367d255f21e86ee48734df39549501ecd4367f6b59e386a9a42874cf0db6af11c998d29a62392d1bcc40f2feaaff847aee8bce8a93af3f1c0280966f9836af3098c10260dc6db8372939d020e863919e228f0df85ac23f67a5cd84e7a564bfae74a307140e636f10681514383d0b270d03cdd969b5e2eb5fec36af874b1d7f387b7ba69daba036527474fcc803f823cb17734e8faa073cf470ce65e480bb137332422a55d3bbc72a148758ee0a222f8febe8f8d99c1051df894132dea5b0387b5753719253ff3dcf94b006f2c83e06b4fa3 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 3be0bbfc2f5d6da14c29e7dddaf4630f902fe246117bce54b661dd248e43384da392dde67f42419def7b3a0307921d2a66372372bcf012a089c61930273dfbed0a8a70be4701c8c353cdd1a00de3fb19ff39bae0e1322caa5f5dfc881d608675f72f3b2b8d82473cff85725df5d14405e39b6d378b2b649bc3904dd47893200e +S = 632af5e0d55d9eb7d4230c6818d1a178df225d91919423df4168a3e1fe2142f1f26f00c5666dfe6817b2a27f3c2fe6546ca747d74467f85ac0b73b8e34639e8448e0a560b1bc3ec827819db0df2d22874106205f93dd0d903926ec0478a5361e7a9878c6974a8c095d1b5779d783823d4355ebe24762045229ea839d05a177ffabd39738488ff449111238397da1266eb97ce6e3c63c7cb9ab2950140ac4a94dd148520dd67527c48d086e20bb6e18a26fba04a81008e35e0cf04388eb4ae9a1193d4806bd2b771117dd2ee2f349b01805dc056e5f0f3ca4df9c15562d6e1c9fb611059136fa581125c383f6cdf2ca7f7bdfa6cc8d7a2aeb1e2ef7799941f2c6c8a34021be8c771ce3e37aaf31157f91c37ea9ee02e6ecd3001ec30bcd6a45258ec7761d967798402ad5976f22542e5604d58627fafba14bc5bf3145861eed0165484286a2bfa0e17a37710b3a17bf9090f3493c81ccac46078084dd2eb43456cbeac804224083b5a9bbac414a57332086b8e8b0881707d41d4089066e36469b0085da76c6fc16d2486b3f7fe31964f928d3d902c3d5598df2f72d1a2d5436779985bc9e7264d07448f792a7f394aa36c9534be9ca7f431e90729481d0397ad8e4db9f4a429f238f7e1cea5c03795d82beea3ccdec38ee4b727272a9eb520e943ef2a1ffb10cb9e8147e1ea0b1d3208810b891b37f9ed8722a93328468b9fbcd +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414a42c6b6337793e971d69173bb994a17471dc3642efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA1 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 25627026d11f380f939eac2156adb1bdc2e9c087bb318c782b5ae52f0224dc887b6d2870a0a5c8f81082eaa800f50c15805c61b5fff976f312a3157f71bb6ae84262646c9be95e0f4289ffeab7555ec6746c6ae973738a30f143805e72de93b405a8edc2c9d4427cb01cb29083b5f1f72682a5ca1e880f5850a2ee750b75a015 +S = 3c76bc9dfff017dbc6ce8cddfb1066ab8e669761c9a3ba229229eda74f05d7790c0993883aab90d16c2fc358a7117f8118c9147c69810f2fe1d7cd4220c5df5bc67ce3d2abbff139083bb6d6c48f6122f71b30f20e37e39f760f9c3b317bb26d6a14fd864d97d13c9a1dd7480c03727a6b6fb2b1b74340678a68c0efbcd36a39d42bc8dff44eb78d1ab4131b80eb4cbcbb6687f0cda506320882dcd70c1839c653a026179a0615175660fe557f45867fe6d883cb808db01ab41efcc0cd2137355fd2ebed412516c8003213a523068e47ed03e58f529af079a5f86bada203793808d0454e8170c666b2638c248df1e6b9a0cad05a94f9710d7912d833e3a474a58b450e10a22188444b18dce363b1bb3cfba548206fe448e84a608694f060e71bc17e50c1c777b6fe8f0d2f480f154b90ac5c6ec274a62d23d72a263cf0fe797c5a1b226d612c2007b502b42c9cebe5fe27b5e2b731852ab7db8eaa8fdc005072c96ed55284cc59985aad5528100062ee96c482e9539cc0b5a5e30954ab4a386beef0dae13c681ad8729a4b3dad39739892f2789f18c5b517ec2ccdb2b9d539ee51546783e633efe4d22363858090a0f501ce4acb8231e2515bb06f02ff6b42ffc62b30056f71ef4ab1952b614c32711bf8211f99a97bd3d3c5780142f3730e7763a476584efe9d8bb8839d27c405f52306f3d4db3168a094316c699e9190479e +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = d40724deeeb76472778ad98431d2e2061239d0178df747d81349e77cda1e2c9fdd1393d924a1ff9245955a182bc17fee16f25868e32243748eeebbbbf54a34e9de7346483c250e94ae0fd20b4984e3c39773c840df999846a7f5a8ec787c66f2e10f8554beaa5b1fbbde87841381d62b9ea468ca0ac50ef56846f738eb1e8c63 +S = 258f159cb8bb860c3c3db9d6b59a44600190f0076d1f2ac163b52081e01fe2e7423861ed9bb5df8b40d4d1354dd74219c71247bbdec4be0e90910f827da0565b6d13c5f60db49e0932220c1861dfb3f0b13a5fa74477aa329ab24913ca918ba7cd4e72fa532e044910f6a72cb525853f926b752adc76d39bbb9a265206c9820c3e331670103fb82a9a0071dcc48ccc1a650ea1c95341a48476af0a9b0e4286d96f0a976d3884ba97e5aa78909748947996f233ba02d6586a375dbaa81f3f00f880352f7e1842dad59733a40bd0c9393276c47b8baa99e8404b1f539d09cd6958007b297ac8c82f66fe2768fcf572766522a104d2de11435a19d2d1ad77221ed22d045a227f437752f3029f6cc55a99511f1febecbd45d529e216803b335cc206810d19804874760f66872c8575022f7eabfe437924b931d18e8156f33e6eac5d5f1540476359c130781a436b17f3bc23eac0f9fdc06e9123109bfba7d9a7eccbafe6ffa87f6c872d952e7fb3f6f2f73455d0f4f7fc63a744e7713219425e746d7d2f9564c4cd1a6301cdd78b0945debc122d85adb52b3cce920b22e77f0c835a87da3a2c9ec3c0938551f76f229b7c734242c6b78eb7ede1424368834e94d9f7df0070dd4d5c7503b5b023508483c4977b0a69e4183e83b88fcd924df78387b916ba475d9cc922deabef2dd07a3920870ef1a8105d6a6aaafb3210a7b1848b81 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff44302d300d06096086480165030402040500041c560c52ba7c3dc1e996063b94d4238054241198d156f307d890406f06 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 662e6fd267dd8f2e5f0fe89034e4b0a6e8241a256dc8cd6bbbbd966421e459aad85d4ef0de0569a0013d1ac33aee37223dca37aa4ed4a0155622c2c736e1a6f65b9b420e93b5ee541f3c1cc909e14351b8411c14c16a1125009bf362e84ceb9b176eb3f62df40591df92546a47c5bb7c7e13332b6d9408e2e0b18efbdc2c10df +S = 76070d1cc628d84353c5535dfd3dc19573a91911217d3f9382de19b3d51f3f5607c7f88d82bdca4871b5361f39b8316b45a9bdb3775a69714bdaaded31dedd9716a8ae202c0237732b935c469ba22adb7dd67f67f5717787a6bc33e303af0f341cf202f8696c72f54772bd619c7929afb2785912701e91d96f9005942e6d11fbd757239a5cafbc93ca098c5632424f7b930e69457cc8810cc9ac3b5a1d1e17009ee45887a632cab31c9d9dab6e843481a09e5a7ca77be9d3d5b0d668689bdb82e4e2e43310fbddd5774d482b43cfc1499196ca521fc58bed44971eb15d216ee55b125ea8f65439425dfe1007d0be5418113484e1ee9b1fe3ab25625ac624eecbd03ff9e1b7dc66503afb625ff659917635098442af02696feb0b2d9559c19505cfde72470d34dd1719655874c8d4c23a94d5f91da9aedfc38e96e271ecbeaf924d7a9313cdcf6f485cfb1f3107c3ce8e0fa06a326ed75732738d52a094e9babf6e14f3f67ed48a09797020c9ad48a31aebcf4fe0e0b4d1c128a0f90f2bfdd520c566559747802367e95d45cc8202a479fead34c90c4663f313f3db337cc244a85eb595a904ac9c8c213fa6e762a251a4b84e733b7990aaa92a358ef369732f2224b5d37692f48f8cf6589034755347eff0c34725236d3d55ec27ae919e6d255025e4d2636b6c07807c66751942d9362143de6133a90f3d3503d9b50f91d549a7 +SaltVal = 00 +EM with hash moved = 0001ffffffffff00302d300d06096086480165030402040500041c58df3479e243f7dbe552ec444cc92a91f478808b02c5c6b5c28d44d0efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = c65baead3c9c432956e7da3ecd9f9b81b220c054b3f6f9b79a4e0f6116a9c810bed80c1d5324455345cd0c0179b6014e4a5efacdce1261515a61d70348d11db1f7d0356914edc4471848bb8b124736eea78ba5375723290902ff41ffaaa7a5fb7a2d72ba075f88acd742300320bc030ad19107b9d6911a86980f947dc4942893 +S = 6676debdc5c1d257b6bf532f1f61981e769e3bf0676b5050a8dbc65ed78ed3b88c687d0213ab1c0ad73b8606e2e2e9ffe7ee8f9b20a532a3fd59945b9f371d13807e36da1aed420d4390c26980cf70465e3dedc22368b09117e4606257677132a7c92e73c0633718290535915c512d629bd3db35306f264c5681e4b48e3f5e63f46289e41d74ab29a099c637132d2b8a04bf7649e4fbb0a6b3f37873d2c001d7833c9bb1f4de8043858223dd005ef43c6ea6e0806d2958ead96fa89af9119b2ac16b6302e9f23c5a2d79a2d6c4bf5b576ab07de117857ad4766606e52de3b1cfd368746425c74154cd814e63ee05d419c9f05038683970019b24961de26f0312203358cf5a69fc3a8c34376774d93a07e8ee8cb4e49d3c8061cd988ea9a96973b07dc8a8b96db165a0f287df5a538304a9b05e2ee294c155e17bef1df251297213904b56fbd3770d6587e0f610b291d0be288bd744315aebacdd71d00316f9d169d542108747a10aa65c36398eee21d7c580d088871e9c7be4b590f78b8f315f92e6970ba9fb9f929af324d02a281972cf2841155de6a76b54c1316c818f9c21c52eb8ad063b53aab1b22e72054ecfcd833efbd3d0da69c3730e81d48f54cd9c22da891fc589b3b61b5a226bf54d401e576f2ce86c9b651cba2d93d63e2e3181a97baa20a15f6e584dc30e1dfcf1a3d2b69803eb84d3ed4f1e153b76f14def51 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 953446b04306756e65d0cd8bdc3960a0713b59fdc73c90ea8d7b5b33f8aea6e371ea464f8bc28a5637b313e83bc0e6c5e059c087eb81aae3cf30cc2c21f686184ce2bdc786a2730103eb9bc0681c2bee821e726f388eac62be1ed4a40c38b9968fe554211eee59f72f410c1b4b9556a3bf5118bd95aabff0c20c19a4a1bc67e5 +S = 179296ecacedd93047d4442e8dd5a0de7e2799f45ceaf381cde74f3dfb96d5afaac92bae3df1a572c24757eb2cf91b970cd038278623d6cda864d2db12a763b94198dcb47e6041100ad6308403ad35859d19ff3608dd6dda433c4a30f53dae2d615e612cdb0c0fd4543243b02e873a3ad6a7315b0144a9c1ecd18c446781d7a8cfea621f646a219d6d108b5679520158c3d51287425cc920e65c94eeb01f9b92bb16d167e60906e30e9d2dc8a3fb8d509bfc406994e3d0a39e27d13b3ed5015c61c624e1f3425793c6b0a96a4982997715163ea2ffbcf38680edc6f03a9981d0283053bb3b84061e5c5ec886ff6cbed8041980a49af1ab383f349ea01be6bb0fac45be52a853770e9b0e8f1ddf69a18edbd858eed11c0c8739379de177074aab7c9e20d1783ee7dc46c186eb3966abd35ab08df3574db45b674858b3baddac03fa27d818eac14d3edf5f53852a6e42b052aca9b1ec392d70d53ed10af5b8b5e0df1a6318c558ca47740dee0e5293319a398f01e92743a425a8d4940b65bd16ad266c0db2eb5d53dc3532c98edbad8faf955d65811003a2d887374218bc4504b82b710dc828d838638ff3e8a25cc898c8d210626388132b9e023900d4867350c72ae8c3bd6f0c4d2732294403c1b6b2ef03670e44b2e33e05c5a00299e070a237186b85271a196908609a996cb386d20e285ed3446bd0f03a184aa47998625cc5 +SaltVal = 00 +Result = P + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 4a51133aae088367ed396b7e7c5115f017ee32fc10e9cbd2e8947af91c40d9ee41033b0e53b89ab54b46d1a8ef260bb0ee1f7c882c544ff95b81df44cb8229c0831582c490e085c79db650c6c416f0e7a4f4195bb4bc1a88d695116830e35b2c370f4f260c8a2ce50c0f4fa2a329aadb60f6713d4f2a16c78356782df26b587a +S = 0eb8a7a48915663d4feb5c00c37b1862c248e9305c2644f40b32654b1899e0469554dee6495c6142588d25c7b04d9e498422902307bb8a861ffe02bd3e15eb521241f69afc928325c85508e698dfb5f2ecbdb555829a6c0a1ed7f97a711ade294107101bcae30d469734e7344ab29b03d7bcfb364d219d3d984c1f5915bee9fb6e2255cdcb0e8500bf69d9c8751dacad6e966438eddbe6325141fbdddb4d9c45554e467df872a0dcf5fe9e12b7bf610117bd0662cf2d97c33988c2244283dbd3cf8657c69a94bc48ccb22fff87308eebf175874dca3d5baad98adcfcad551b8f397f76a96f02f398f7e1a5c5d49ad6490d2476b03eca81e806089b5f88c368cc63421f20f54e6b3eff6c020fb3f7a6df34c2592dfa3f45327541ebfdc7f6f37e6ae0609fdd6aae6add86b9a793023bcb0bdcdb051e17ff51ccfde476a87c04a5b2f5ce11e014360dd9547996dffa7c075f7eb4d2d779443ba313af95670a33ecf0db05c7fea3760e53d08707441d7ce6f068d45c746d047ce7fca96106b100d704363bcf82e0b384f789284b8e472581a52004a7632fb6c8d4bce4e325a321d0ed7873aa62b9098c73ba4cd185a5ad2e99850c57167dc75561d630fa9e9b2094c2f327f6f3d097121be3d1444d941002861feddc38ddde941a223d9f525bf5acfe4e5ca39bf39e5f37b5db29bae077d451198f1e0d99fc93185c2810f602cd1d +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA224 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = d9b8ac36d3fe6d7e9c008affd1752d4b928c1f1787dae8da249738972b0b85f67243f69ae60880afd0124fc2577867d6466b8bb410245d82121bc897177a9b8e21d17699670bea189aa1dc6b6c0d2a04538292c08adacf775ad004d2976f5e5c6dcaf5dc5deef4e38215faa1191cc0fc4037fbe4fee484e0841db6edb2d21789 +S = 14ba242af3387b7b0489a0012f787986254b084dfb24cd31d7aa143756886345462f6d98ee33e8477cf0606c60c99b585b52dd301975f7400e73d5cbdf7d91ddc5b7262b615d39f2d0ae48bd5695a61630b082ec78cde6d91dc4b3fd518c413bea61a966b1d5b316cd3878a91d80a64d52f5ef24da2378c43e528b4b912d823bce8987a9b908ac884fba7a03a2129996a60859761d8498e5b9e0c9afd9aaa901c8abfcd80a940ddd9731351deb918cc6177ce0c12cbb27695487e9de6fa23203dad7137e9eadc5259a3c850530c2283e1178c0b2395eedf183c3cf78ea4f3c20b3e80017f669ffc97649f439bd6476ab484b04e0de8e96b596b1994b6a99d732e54886daf9ec82d22e2bccab9ca64db92e1299302eeb031c667aebb0509f6a39e22f2bae56e7cbc06c9a1ab76c16ce0fe5ad92155b330f31830a1df7af51f1178e8aece7bf595152b2530199193eae8c4586af91eb1f713c45b08a87b75d825dee919881ccd9a6448dd2bd0767fadb16415c305825d7db8e01d89ca97821f0293acfb1e85b08d83349f37e99131d3766636d6c7f61afc77c059035cc090e95e987687f3d764264d2c82c1ae4c4766365977365f30b26ba23755dcb6b1545433284a4129dc39625156057f23c44103ba0f02706b16f630ccea0fe204d43d9ef162f0bf17fbf83a10816b66365cfd5b9c4aaa08ec8e1260540e9fdc19fcfd2dd91 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 9b1f5c7d045d72035019a18dac59247ac99cd251dfc74557f2623b6054043ce56b0c7e57b49205b3089e0e571e97ae1452feb784a45cdb9d04781487cdce43ab8f3d170d110030db96df844660a6029073d776669b9cad71b0ffd928195d36e88f18ee46238d3ba48346cb0279706817b48fd8a0cb7002f97f5f53ea419b60c3 +S = 3a9992cd8247ecf8ee650608b4520bbab5fa1774b8381c702930216b0dc6b9040b0dcae567c552ff5870a438d478c805edb56f396e9dfa422464b9559091aa231cc83ba676029936c204e58e473d93a8bb598135463614df6a54dc050f8db86bcfbc942979c3f011b8db0cea0b6bb0695ea1fb8c2f5872e4d89d9ae066b62b062156bba2ccf2be26ee1dce469219f387ec865f16d5b6babde6d0eca2efe1c9a51ec9f1f44a3cefe4eb054d33b80cf945c8bf530b9f8f924952d02fa75c410f3a57dbc2307f03a2cb9455f8a02e1b36b75f0f64087dcae1e639cd360da5d6a7394dcb7c1baeb4b323783cd3fbd207d8faaa5cc3b93867be4d47d934260129f0e51fd1dfb78b3c7c59f02b71be439722ed22654db5c1dc24b83785490ced8d0b97e11f85ee42f95582802446a38d812d59efbc6012a5dadf162aa0979a5de4fb7e4a19b4531c1b11231cb509f3dc05c74d90a1e2a8d9e6168da9fd226d5e53e0cd5ef93fc7ed638287207932f2b1451bab5c4bcabedf244585fa27e1a526cd9c7535768078c2b447cb30b6687d373295d6983ffa31083fd5230eb3574c4b65cb4bce0059d8e77e240d6be41f63fe98e94e76ea9969d8874f92c971a98d184ad6f78c33d5a1051a33b99c2d481ca3c06372f639d78e9601c20f93368ce8a1830d0c5b67aced9f2af6d3e8770321b209e271645e6909e251d31be1156d99f1204ab3 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 82f869cafa1e8bec3d9891bf59cf8f15a0581b41f223afe13ff64efb471a6a4ca45506dc0b1818d6cff83197a6625f05b08b5322b5a7bfe1af5b02388874077624d96ad7a2bedd55df1bcbc23c5d3b14a25bf600c38beccaa276d45b55691394096edfe2487aa41277e8a667a326e9ea7daf4e02a239fe44202f0b8c3661554d +S = 94d64e8a8f8ff9fb1fc76207b8be1a45f76f09bd0287baec04cc53e08639542dbaeeeaff537b0de30d63ffd961080d3b94708d60b364990c6db0c8ad673e6670f2c476ad7d7a957bf3c46e09fcca93812daf509ed7b88b182ce6f8315ec4787da0b4a0a09f6f48f2cd4a2cb3257abbb1b5c921a0db8c9de8bc64b98f4c347e27d5d063e232e4cfbaae6cb78effedf18ee5f7af1765cb95a3a8db21cf94166de19a0180f7c152f6b25ea2a68703d5d4443c27523baaa08cbedd2e489b0235f2203165f13169e7df9d930fbd7556fd594571a38f4eeb5b428694ac5b9858d233cc2bfe0d21e2fd6f599479024369b7f102b1624ba4160c48028017aae2fa815f7fa439b1545dec9b9e372f7cd8323c8bbf7e182b064deef2b65731d18d2241899f4f573fd9421a4b9a809e9876188db404cb262485761fd9bb315fd69db37601da5805e8e3fa7a64f654a11259c0764b28e53bffcf03d71683ece0fb9571aac451c085c1190353ed1c7a07bc03bd4abd0ce68c6a848a17720dcbb03231e1f505f1a6275d422dd89de55c0d70ada23f5240626c42e64bf33b668c69b6aad7b16534bb10d1aef16ee155df6b0ed2d3768e48171c62838a84c982713aaa5e982370fe10625687a5a960bfb205f85531dc093ba443abf4d22abf519b7db2afc36bae0c10283a551e5aa41c942c9a28fe199522da96b4bc2d640453c6bb495c258578fe +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443031300d060960864801650304020105000420b2b9f428aca658a676034a1382b07d422f560f637c9fd49e258e742e065a852c +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = ee7d5046460f07173172b1dfc3382667b6080522b99da7580a115183475caefa82187ccc938785efb2d6d19a45a31aeff6be80dd092c7e45ec721d5b10106750f84b1f2e902faf03bfd562413fe2d365ad50a6d7dc7175116f300d04a79bdbb7799ea132e4116d9a81f6cc9d5cfb3b110247ded7db727506bad58b45b305f079 +S = 0642e1315d86676ff3f00490d4a2b8285333c7f7a14a152543d85a9f15fb2d54d60519d1896697b1ca9469c382469725455a7124191bc438b3566ed434bf318097e396c049aba9fc85a293ed4187d16bffeef55229cb52b950b504621cf13d683ccd6a0fb53e00d358551a8989c7afc09e34ec90f8286e7413de3decad04496b5a749a081c0e82ff71f6838780808270d72265e9abcf87f0e1f4439f0f7b3ab95729d4041a502573f94aa8fb1989dde4c2287335818f0fd03a72b4e6811249f665b0d05acff32069d80f570782f568bc851c434d82cc94fa168b6f2619a57a97284789bc41d9bbb29749bbbc3470c774079af80eba8287a2d53f4e14df1e619cc8b5e7709d5c54cd4b0cdcc8693c3d04b460c382531e749638736226a9ac2605f82eca3e3df3dae4f2e7cc70e0d39fd2772f193a4df10a25b58bfbc5497a0ee98e8f60cccedb1152741e52e53bbf3ec1a23bfa44b73753c60d69c1615c58739f2f093fbfd6c9ab25799cdd9e8b65bcac94af0ebab3f66780c3fdb486cb20427db12a97fd0257f1b7c956733304c4d30e3faa78c27bba260d697be1ef36eaae6c87d49f36112d7964ed7683fa47597fe58b212f19f4cc1d88805cad324fdf4ee05687421e827266d452a851401cc02c4af7a61fb1bd40f772bc1cca4e5955710f2e9ea23bec04ed7e3054fe8f1170c70935ee22384a43e82e1e855be59d428f8f +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 27331a2203df81efd7f4d19278bcbd4050c32f8fb6df3a93786e5147b6dfb62ff774343c764511f0bd893fc27511d2c47d15b7833933a22f2db548fcca13cfc787b882fd3409cab98ba4592c09e5a942fcafa582dc69a637de46a0cdc7ca9e7dfe8a6b2de63392916acd8997da412a02f519625447882df2b5aac283560c0a99 +S = 4bd55acc43b26d2e69cdee990682e40580642fcaa9c0057c2f3c6e3cff14234f8e7304ef16cd79ef50c6e52ea8b02a46915ec21371556d217da4f3820eff0dfbc1a3dfe8bb43756e2e829d4bb240742e604e1d6b1e3dcaf69f346839e0351cad7b10c165f34603864c47e6a01420e677a421352f4a20a18814b1fc0db029825ba182732ae1480cb1e18fd1ecfc6d0fb6b6bb32944580aad72dc7e9f0f9dd41c114f8a5e77a1a07da0b51ea830a5877ba964460d45ac122829976d459dd7e49b74130c201d413ac78525f75463f69bd2c9da63c848be84a240368b7dc004e4c26273e5ee4a0bbe2903bb59cc2200fafd222fa59a5cbce12ce1a375ad512284043aa4d44abf3846d9d21b3a27c28b03d5cac655f91fd17a9d0a15f450db44a09aee6deb337ff3837bd85045c2f716ea147f098ec2560655492427291a1619404c77985c860643e85e01a767a8367ea387f930686becd9cf51e6da3a5183ac306d30b42d7b41646355f77192939af92a248d9243144d6ed0c440c60e656d535d5e656d8d22df272daeb01336ed4f57f5dee8f8514d7a100e996ce32d06c1bdcfa8d490a53d0f4329052491e5f3173f0430f07f18869f866f8403a389b2be6b68efb44dcad6537a2e305500acda845b5f50e91433ad84a094c12c0a38682bdc3a54fd3f6b322cc72fbd2ec805748f7e82ee3e5fc4603140e3b0813cf81e1861fb2e4 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = c8ef4787dbd28656118a8cf26f182c77f48ffab67b6b522be3239c306c02cf6f6432349d041a6d6695eab5a3d67369d3a23dc8c9ced3f7a2516247faa782bb607754c50673cd51bd7f5104211684c611ea5d7e63cb7c1cd5cabddd469e0dca26477c832bf1943a451ae902d5f7f24a1a1417a4eb3c0bccac985ce57b1a4905aa +S = 578c8c3166a0199da16eb3f93eebe5d2bfc3ee668432bcd26d8c87ab349137f5392f60b66578eaaf47c3fc7ed0101ee650b51fd522f8d06474345eaa73e253f8b1c133a9a874c6234381ba4b8dc0494d1ff5d65167b0c46adb12538cfbc75ce1042e4d69cfaa4ef5083c08f91f03b295e0433597e0aea94dc596fd015b4770db71592b9f41e3b587313148a4a2784f1bde2755034bd99b15ae982e0e4ad4c9dc8f8d8ab06d692251520c813b540f5b514f88827ab94b879cf61bfbadff5277239079b90d023826f2a8f330c37bb3279d0ebf0659196cedbd91a347e8e0235a009d7f39fdad4faaffca75f6343fea2ec8c588776b64ec1371c90046ba5b6bb148a75c7748e11649442a77ed80e76a23b1c761b9e3636e3147ac6fe408fede1f4c7c7b8ca651abbbbd20d131218e2e43bcd2252b1b180678d9196c6067a0473c8c73f0610973807746b44c2bde619a5e4f4cb3371e260c47eaf31e935c025b523c39b659098369fff0215e17edda2985247c90b3d84676110e1344d538aa34dced5f97c71921406adca7bc1ec54ca66c43b7321497a71310f70184aa3691451f5207f455ad947e33c9f22f7a96fdc970c325a286848413fb092271a295bc0de317c0b76a2617fb0fdf2c792bcce16b9c3f5c4f03dddd7ca4b1adaa6f4dee058b1b3a2326086e5140ad8618c0c7517b148f1054b897548f881961d54bcea391f7a8 +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d06096086480165030402010500042077cab6a7538318a9ab5fb2c9399130c8fdd3064629374b4a49b2b88bee0e6463efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA256 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 5d5e9a1c2ab1b7c859c7cdbb21caf3fe77ace0bfdfb05af6832df249828fef2c8a9e884ca903562e60070813fa9f59201ba63fbb9c6965389668dcb5bd5b0e42f074f3460ee4871e0aa07b0642652a3d0cf9d06492b5f627e14031203c9d0cf8b66843d0005c32df7f198c5ca124509e7230f9826a9cf60d893c5952a75cd396 +S = 5b460ece8562655899aa4ffa98650e7043766b0b2735662ceaf6958df776efbb60c92330790a57cc26093db03f6dd9a02f0046de5f71397d496ffe41d70f4a0b2e98c0c080dbb546726cc4808e70cdb31d84c23c021c45b617c7778d102bad94ba0f98980211eff7ccdd43ea61c17d08f9e319bf6b36b56ca3dcd8b12a240d81cee2b7a7eb234dc822f610e2bc712eb1d9562d826f8fa902107487949fba4538ddbf5d41d161c55fb3fedd6d2c6f90ec177d672e136f1352f4d07d5c21f0173928292e310fbf40ea6d9e974ee5db68501069310b6255e0a541bcb335934e15f6e504807884cd46c91efa9e224f8402fcaef986da5f159a35a40ea221afcb9e00aaf968cacb7d720c2aa1c5025cbd2ae9e3857e857e9bb82981e43f3f197c1286ca0819a7caff78e3621807f2682fa10a49e7091419d99ff0f42ccd22c5b455ca8214117aaad92e46cfd8598dbb533b38d8a4d5f8cafe6caab99468a7bf540f5a7f15414c76b5b404a6cb855af8ad7d62c60959e489a40ded9898a3ee04fdd3de2f8ef95a207b226daa9e4ddcc688e7636fbaeddafc0282f5924f7ffca4f9cdd8115bb17c36ac2b8804c3afaccc1ed4057b97b59d01705cbeea65cac20c6623cdd66cccede7f1db9d98d567e5c48116159b8113f8247a879e0990c2a3ac8c817bf6c98902f8b497621a53ddbccb07d01b7f8694a45ee68d2d04a33cb3535db2e6 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 0a5d9e0c5ffd0d0eab672509388aa606fb5063e26d23aef59ab011f274eb3f0e6e5349654677159922b90dbcdf521470a696be4cc079c082ab53a5bf6de0c353288b6e92efec6b7ad88fa79652f72921b9e2466f28cf14898fbe2118053764845f8d735c0164f7f9f4715d5e3981cf635dbd63134e2c92526d79ebc3e4f708e8 +S = 31af3922e01de9d2ad34e11b89c1ec21ad76c2913375137206c779459c2db5fa9f180c1a061393f1106c7bd7c0c19e316f37f47f462e1fd870d05332ebaa582579f15e48729e5f8380c947f563244d08aa2104570334c60fa0a01a9f0bf9aae07e2e7c3e5de6acc71f8b3aabb9fe6036674d8eefee4fe7c0e5d3d9323e3fa92931c1a19689e53f4fa53381c4b73f8d91577ca7ce8128b88e8340b63f2e89a4618138c68ee53fb05ca95c94ecfc2526eebc9a38930c12c6f4416db316c507dbee0fe64a3bc66041aaf95f67d9a0294d97b4a4579e0f946fbf7309f042307fd3611f5ff2aab4a738410b62327d2b57cbfd05c5af3e6d61c794732fdf160e61b8bc6a4d3511668d2340bf6d2d1d46bd960e9be045d83bb71a93f1d9f72c67d8e318dc9c78da55758b660e2b1feb7ced2e8ff0a4a29e5febcb40078c92b8019db63551ab866959732aeba71a94df7c35d753e5a831da820d45f09a530176ed964387dda6e7e047302428583c16ace2f4a90f86539c756c0b7baf80a1475851920107fb9f742db3086067fa0c8a6a326f14ba69f8dee961e5cd7407dd5e6d74e81730492d03f825cceb96f2261f2d6b3bb48df1ccc07b9830df23aa26aac452d99d61bab38735b9daae68caa8a36ac7b57e01d181e6ad3321851bf42cfe627c0e2526af37abe7a8f454d754adbd24fccae6778547651d281354e2b167a21cb2e58a86 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = c265cc1668d494b6dbbf477f187eed2a862a49392b00b180200a1de342fc7d612b5c505261e572eccc2e350c6e87b4344e2364cfb57decbd9df4370b67b8c702ccea4c6416ff75f2906606313b6a2b6ec2590b00b0e6a1cde1ccc71036b494598d59e8d5f1ea45cf0db0e177e7f0f9e2cb136753840477b9d3daf77819b78d6c +S = 7b6e5c6672b76a49b637135878e9738da6b1ad1710a1f8c557c5de7c3a5364d4927f3497d6b7daedb931a65e3433dbfde8791af39c97e90437155a3eb3fc96c37d2b0a51126faee5706b0b73c63413f9082d6f0a3d2ad7fcc69e935c016a4abbb2295135bcef8c078e11e262c0c1038f4311926823cb1b148dd8e63942a927e806a84260e51341ff99eb02fa053dc9258b4113da1d76d0734f81234a51a196139171a90c60c9a6f6baadd3e3b99769bd1890984b3e434f94e9f27c7086d86ee86d45ddbd7130bde845b6c47b6dca29edcd6f7898a42e499555700683732feb4c2e200c0fb1e11c0f314682ead943aca08e276eacc1d67e02018690d159a7d50561bec7087c5e21b32bcf2b27c0245f410df9c137696f014befa4a0c13fe7302b44393bfe6e3747cd88ec2dff0c639bbca4e7ecb77f7989a35c2acdb6a9dbb70092a9b7f4f4c8c8d9f7286d9666b24393c95e2cc256c03645944fc7b194a73be5a6acca491c0a98e551aadf5b002a1c42d57149f6788697eda81d1735a85442b6b313ba798c92ec0464a4f02ec3cd5059694428e0961c93e75155d1e5f965e5956a82d7f9ebc51fae9ed151710768ff1c172ae2b68c81da2190575a35cbb5f9eb52f56ba5f838d05d40c35b9fe901a75d5d96e09b85841d68d055bca786514fc6249b136a22870379dbd54576a91b646406ed12445521b67c694e94626ed15f09 +SaltVal = 00 +EM with hash moved = 0001ffffffffff003041300d060960864801650304020205000430c0d206b5a6126ec9a86519315cb38f2484d00f36f2065d3a0dfe6f34657ad926ff281b90d8187ae2c2eb45c68643c352efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = f1fb8e6cfdfc5dd3931e8fb5c92b974650224e935787f170acfe69b22418d09f3e6d30a303eb8e45306d2758978ff976c3c185aadb9bd46dc871b8d49a2654072845def5f74da4465e4d4d91e7b162d0f75c0d11b2f7206e1988583e7546e48df9ac21caa3cca8c063e68ac87f39da3c36196c2ea442dd5ae56cd35a7d1f8619 +S = 2c0ce9b108db78aebb905e421bd0a993b38d9e6b66bba9cf5a9ad72fea11f0ea2a8eec30e7947fbd552c63535f2097e4d6ccf07024e833967a119abb869327d880ca2c21c3f32dd559eb8fb6090107832aa884eea6c9284231a6869013cb0654b3cf17cc87b39a9b7612e2c91f77ccbc1736d1c7e5816694632fed14bb764c4c4f5f80193b6fb9247026a3e754805f00cb8a73b62f01b6ca9206890aa3008e63a2ca87a0eb54affe1e94f2a676060921620ef8bfc8563abfc9006b8ed0f7c71cb8a987daa6d96c0b819e4d1cf279417998e8d9f7f4334186923a10d3ea888e0b8d8699494c9e5a0468345f1a93a79b436b864a4f84c74f77d95ac7095156d96d4b83000177cc33c8ff9f555bf5afd2968708eee4b10a397ab76c3ff22766caf8d3836b5d5fa7a580bceb6245063bfa74fa9d79cf2c61b8ab92a92ffd93eabeae820ddd5f4c94301bd7210b18142126267a1b2ef3f8725110ad570a7d46ef5a18fd32b031ebf23d0c4f56e134f76b667217d486845f93e965bca006934ef68d5e11f8edb1adcffaaa51b5b0f42959473c53348709ffea3963436dd7794aadee13aa24e1872152b9bbd031e71700a8924556b703c7be70d33e523d9ddddacf0641756468872c7ad17b71208c78fa993561d54aa6255b6abc5d1b9ea7c58f28554a76acc9f662e186a1aff26e6f7ce8c9ac20fb64cadfec72a08ece04b51bda01a7 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 879645d6b8014a368de5b3f59c0f6d61d05150fd6978461c447db0af5d00055c92f1bcd0aa916d55959933a7f5b85403de432482da2926a5312575316737623d05545f899d5d1c11084eefe2f2b8792d9971879ad18936de4c815b9018b821386926f4aa994c9e926d6bb04f9af52405874140ed5582bef01dfa2975786b8a77 +S = 2287114cfb12bbdf370c453bb39e68bea8c24afa1db85239b54f7ced68798dce71ccc3a283859cb67717b7d0299f28238cf05c9016e867203afc345498a98cc933165d1d2103263f0556ad6b89a408227b3d68909f1c31460f818da5a389033004e5d89909661995a6c98fa3a59a56869cefe67d06a7e5580e288a1d69eeffb1aed49e77adfa674123690d42f83411d807ee7fd5a2b21c055ebf9d393733c1fe96d9a9678814fbed5cf5478a54edb8e432524d0c05022a5b477c4fe901ae8b4a8e8d00b1519075fe5e160eb5b1c090a7b1deb970c7f900dd47c47bebcb3fb5334be683dadaf023660d0d82ac0de747f0982cc31428ebcabb03ab4eb46750331fa88db48c15b40dd18a83dce93e7e769db6dd32cb99a78243233d509528b03825ddd5eaf2f29b68396e23293607e8bd5455c23843f63304d5d3865943434b61f471e2b3464f37fadd3d29dd104b36c9f6f859f4d84446364fb56af34e9eb15882519b072b890d682b254d6461f997e056b42452a2346ac6f0653845d456b20c3a273a7d421295ff91871fb525c7274471ecdfa93c9358067dd4911a3010b629d0c2b3a2db23af2a4510d6230522b170b61e804ebf561c7ecf45c5b741c37141ee407809901d557e2c8f88e7a719f2d3b5952928722e96311b9a1ba5106cd5ae9d8d101d583d321fd42c68cf4c28d944ab9433153831e3884556d485c927970f25 +SaltVal = 00 +Result = P + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 92b5088f66c761117eefe5d57d490b0a2d8f735adaed7065f910c46f0e81aa55cc311ac67d5548afa4736ef7e1bdcb6d169febffc8942a2cc83d74bc12b44eaef51e1a72747f9658edd3a749f85a55b5923316cc7b2c4ff1dcd9186b2de3405e56a390fa14ef54f39f3418318ac5b0c8ea737b2aba5ee89c7e0b38e627b6864f +S = 50758bef01ca5623082d4fb6888e9c27598bdefd63abd5168c8a122d4bc26e45d50736136f9f28848b082f18ae69cc2c3cba98f3458cbe71167a6629ea604a606b7a10fba68edd1576367ef0551b1c0dac9ab830ba41d7c9825ddab0a4cf01c62669d3c7f434e18c6bba0c6b931f6317f66f0aa6694441bbb9cfb74220920d9d861a857cd984c0e35666eded9d6d67fead62231f2cef40fe4252d02aaa3b12418d26cb646128fa69e13c57f90a85a7606859f84da62feace94bfb607cbb8fce4c23006b1a3f0aa6724072ade5c1cc2c664556edb9d40ff63d0de44b35a68e81aea98e98d52883c4fe41cca6f1f09398251f28d30165f34b74b008af8742b93c8fb7586cef90efa60e0542f3f5f85dbee12b3008c834a13c587dbda2e570dd12149390fb7e8788b46502046e0e158c3aede9c789895af2508663d7d1b9ede251321800db59575bd7971bb9a93a2c0ad2ec377f0268e7b6eb404c0cc02055d0e69726176f39b8826b1bcf8f4df7a7ede44a5ebe2d862825d6b1c11e9a30ab838789bee11344aa1d88e8495792c68344fa889ee8c2dfa418b5fcd18ba7cce65018fb6ea8d00dee814084eac349f5a233f34b2921cc0f09b5f6b6aa4cdaf90196f14ea66dcc9ab1ccc4acc1ca2d097bff923252db6d19db50e877f6848e3a14dc8d799fd8a8722aa6e98b5b4e53225af9d2c40811c6967e525db1993ed1539fcecde +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443041300d060960864801650304020205000430d6b9bb354aa8acf8326afd721b8bbb21603ef5d2f897c52cc0f27f9169f5bb894168a77ee4a65079fd68e9b38a7a4ea9 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA384 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 9a5592fd0be381aad74258865cab802a5f161df848a2e3a38e382af2706b45c0e6a31048d77bc99f8c672182659a9252ca27f25d6566495f8e99e04907cf9a40ea0987e9df9cb7e492d64c9665e4d32c62f3d5dc7396a86ed5688bfccaf2f3f68ecf1f688d0df280d3d7024bc451edbf0dc4ecfedafbaad94aed56931f9cf6e8 +S = 6b95909cfb0edba3177083097f74edac27b652bfd73575efac3db0971290bd7718b5a5491724c095a25c1a75b67a24a9e7caea4e2319637abe40efc0c5ce640a879978aac6ec898a4cce02b87cffb59f0c27c1c01759d7f698adf77003e033e70895e64a1f50f8cc471f61cb8e4c37a6a32e0875551b558314442fd7880c1fc74046b960f6fb4938ca6a7b1fc709cb046cb51c5fcf32c5d8e63324c88cd3ba6ff43406688771d1fd5ace55ccd8c90a96f403461f65c1cafd3068c4be660ccd740f34edcc1b4c57ee0e5ea5a3c2b9d76e583a9d1c70f480f508d589e72dfb0e5a6355bd70a2f90bddc1847d582d426f37b1060e475bfc62ca3133f4431407b948cbbf8ef4ec6488d773c5a840ffe2bf2cdd8a9aa753d0e66733daa5837f26eee99be7ac230fe0437898b6f9cf8e92419f0ee112d0475dfed75f8a8dfa4fe2f1e7d54da8fed8bd883f7326890f74a61beb22ad9822536bd3780f8a18573d16376f4f393e8e2305decfea889933b92d673569b4038d49547cde3c11e4f1331ded794c6fdb266c02048ce0be47b829e9be709ceaea89c3acfb12741332d147d8fe981b146955a29186f1b44f69ea276e78448d5752117eae565cfa54e6dda92387f330542dd30bb9426e1965a76a5a438f55ce22d252fd8e62df04c4e8c7a719385d4d56f37194f7e03368d17fe8165ed176d636b3b55fb99c483d707d160543561a +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = e0e52ff4aaaab424199c5cf2a172d1ebe64f7b6e2096fe19c400048161ec3c26c7f6a3a66fca0230173bb73cad8fb9796e1dd7074f1b40e79cb148b0df516983034b8840b99c7afa1b07c7a98f68ae1fef44693ee7a4b2679e2485359847286cdb0d692c50c8276b6d2b13a211a4b8c5afecb979afdc5a821182427a547480c9 +S = 8c61782fa17abd9424bd4df6333f775a1a36cb913fc3324d4a860c4619ab778ec699e88cbf7d55d8b9e7c9a4bf760ff1238c1b65f3d3afb50702c844706e855187ca2fbc92c18f5ac9558b8b719f7e985d791caf719721c66673026c393fd6fe4aaad8829188e5978ed401256ab8ece9d6713b55a0b8cce1c33b9dc333ed48d83bbbab4290471866d1d4d3e239daa5f315e18a19f78d7679ea1ba028032dfbca40ab0ac436f948a129c7d182911d0452548755a90dffa2294a4089c2a46352b1e76e06c203e230a0229989ddab4171deeef125af7ad0be3f28dd2d3cdaf25ef500d8d7134546bc79806ad7bc8dbdfd882f6924148b2480cffdd9d4ef0235385c76687fe669822ae14238736c4e8fa48d494ea578a6a940f07be7284274dbe9aabba9b6077d253eeaecd483f60763f8baee3d5e27a7c820c103160df87f875b10ffad7d810283fe118fd040b0e64b8b007aaa049a5ea739f85ad8245e0223f3bb3c66904bb89bb58eed61324ceb4b49b951de42d1ffff7ed9905050d05c73f34946562d5d39acf768f7be5292f20448bc5b61795fe077631587abc5465e67fff8118dbefda942bdbbe673eab46142f047d0359f112f64ba92eb54ee45b349bcb3befb89e31080d48303c90acafa4aa09466348b50f2923d29c1f9bf34dad7b3246653c7fd20f480b33ef3d9e116ddda73b7791f2fc5fc4c31bcac2bde5b79691f +SaltVal = 00 +Result = P + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 2fd1aa7be544c3206a9d43464b3fcd90f3f8cf48d08ec099b59ba6fe7d9bdcfaf244120aed1695d8be32d1b1cd6f143982ab945d635fb48a7c76831c0460851a3d62b7209c30cd9c2abdbe3d2a5282a9fcde1a6f418dd23c409bc351896b9b34d7d3a1a63bbaf3d677e612d4a80fa14829386a64b33fa217c9b26e8453e4a6b2 +S = 560a204f8a24adc61ac4d3c8de48304d9c59f6faf1bf1059bf1edb7e786ad81d95d6e17acfc30d84a151ff5496507da3094b7464839443d5530e22d6316076fadb5ffa013319230b14115e0905a997f4019dad2abde8d415a2b040bc6413c172a620a878d3695f70ffceb14fbeeb4538bf3c9b905e5907cba8ed8fc4a6ef9eeb863c99251abfaa9c483198618f2858a0c2d04a3f7e1e51128c9309303e01182cbfa20ea398c02354247fb30d32e977e6ea2dcc97be8921149257d13e31dde63b4992b167dd87f53116114a6344a3913ee313b4361d9258a2b10e9cefb19d0455466574bd58c0f284f99362737d0ad83d3ed0d587084f4e677a6748d68c1e3fee364600905873bb10de67b02e0aca45273ddb2f667aa22e885231b2bede0b541b79d2adf5e251be56e43b2577bba5244838471ed6899871016372771f88ebde49a776bb11697f15e50d490be4e52f95868f01bbd8ca549a60c50f1e99ddfe399f76fea48567e6abc0a845ddac6e963964624e38e1fb56565f99f3cdd7ddb7aebc3c53c7d82c6e3eeb058d128b4bacaca5f5fc8b037818d34c732fd15aeb70b0d688a233b5f91b65ff1f68cfa6f3a55b144840a9979996dfcfdf84cd9b02d385a842b27121cbe645155521e2c53ba3f1747af5609950b0cc808f33402dbb94fd1128fe9b309850b9ef11e82ec0498d595ff6436aab76a4df49047d76e5342c14b1 +SaltVal = 00 +Result = F (1 - Message changed) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 6ed981437f350723c4f1677f7bacdb78d12a22a19b3ed30646edf16d11d0bfdb79bad65af59b74fae4a41716c4ac4bd8a4d3c0ffdc659fe0fb011eab01fa53f0cffd4562dbf449da282b8c9f76b1ece4b6020c92c0e2a748488c24a00e0c6bb556eaf8e298082dcc78cdeda2f88366a3edfe2ee1b07f924515d82bd4a1d0b230 +S = 4684f8bc41880feaebaf54fc8cbb1d85c378db4bb916a7e162fa6683667b2f6df1e41e722f57e027486dd2c89ec035e2fe88ec082bbc105422b9116362bb00fac7f687297a858a08bea678d8489ce7cc27133c4f0acba0c7aee1daa55938ba2fc8957e6dca7493c0f054cc8a61d96b1d2689b1af69b491f58aeb6b3011827ad0d60bf1385402d4c7e7dac0f6f1259e7069a788816cce8db301639007ed1224bbdcbef9447df741cdb6a1f03796398372eb86ed8c995d281326a834688010becd7c737096de2573eb210035f14b937cf614cab6d1717711685e029b7b23d922bf2d6d63e354af5cf1b8609d021196e04a4e1baab203b1adce2b9c4bdf5a9a989157d2832867abc5173e5944ff070c9f7b06a14373fac3bfd76a73129e4cd0420c4696da9ef6f672f4cc9973434bcd2f0e351fe4509138d20a55bf73e42365da8d7ba3dd74b86055a785d346546de0f9837ecbcf52d6658e16e657b20428a8003a9b31d9f69e8206da1068fea98ea282a8731d96fe5e5be7d0b68c9eaf16090eea1f424e4cc5a509f8d6efb97f846d8ff1bd739288deeeecee6d0122eff6efbba9541ee1b2387f2092022df8584521d556bdc7ff9c8914d35a7b44075382fa3f03a3d4ec1ad11539cdf3b92eb37da08949c7ddbc2108e228c4548f41224b4da41098ae67a048be0fd22254a49186360bd0cea7877621130af6b8abfb490a108ab0 +SaltVal = 00 +Result = F (2 - Public Key e changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 3a33da20cfb3e3ac722e7df7865330b8f62a73d9119a1f21992e240f16197b0970775cb6bdd5b0a858f4c93e33ca51c86eca80ed2865924a95d1795c5009cfa0f3150ef8e68b03517456808324b6527846887291ccc880455b546c0ca2f2777beb955ab0efdcc4f0efdc0a8f001f1a10a7ecb28ea5c9cf5b143f67e6b3dd5ae2 +S = 2fd9e8beeb55cf3640f615951e25b1731e1c51b4a1a2f251ff2761c3de6393c00f1ee2876e103a38c3149eafb804efa687b953eaf86b270d6cef192869aacc206f2018067df43db0ad8de6687ecd0535ed299180521066553ae2e6ed21604193eac012986767e48aea294fa3769482bcd2c167723707284dbcc7849d8320220319f7087baae33e7d05cab1e1430d3b2ba0e9ec5c5620f097c13b5a5a7c286ec9061f1963d27aafd79e2a217da1cb99389a5335ceb7690db3ce5cac022a542c14be25cb3e090400653a46863f443bd40807c546916b8090098fc5416744aa8d167bbcd48d718f5fee47339ec5446bbcb53ff6270f761e57589c399b558a24da5a5b3121a4a296e1ee1e01395f20b967c6cfaf2dd92e6e9fbc7c866b910570808e8dc87b66a8d9518dd9829f71f6a5e7e544e86551d907fcf2da2f4707e19586c19598a063ec1bfb252d91449f22ca90f2f88bbc6266ede3c19912a2481f70795a0a6ab6c1644a9458f9dce7a6459587135f5e3f20944a00d0874ff3b748a12a81e54a33da1a65df5dd932dbd979c79116e7d1138d35abf18b2a82c364490975c118c194c102a7c0eae6c629ec8043f9c55b63e55eacb3b352250ef5fa489ace55ec6b0771711aefd26f35483dacabe89fd15e248f669b5b2c343ba9de80b523432b9a0e4b05486c0132c4e1608f49efd481aed7b6da2ddd78fd5bafefcef2f074 +SaltVal = 00 +EM with trailer wrong =0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff443051300d060960864801650304020305000440ece68078ae14353fad83f9da0bc52f954e4f83bdc06abda384df386e15c66759f7a78859e7627c41d5c146cb5f8a46a147f1bb3ce2fbccd6d7efaa3d098c0a64 +Result = F (5 - Format of the EM is incorrect - 00 on end of pad removed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 244581a2b06130d1af01b83ab281dc252d97481cd92819575660a0781501637975fb65e22c3ea83fe9ccefd13812c884a578ca2124371cc5b06a37923369eca4a652a84679e8f76635a1474760faef76a10e6fff2467f9e0401431be57fb32d7fe71d1385e082530daa84704f3e256e46880be1ea161ba924d8418664b623dfb +S = 45b532bc216a9e6c0b58ef1e500e0cfc11cb85614faa4301e5c373acbb46f1fa655975b8fe4d50098f5b1ffff7e45db3e339b27b2d6d3349fa952922b876dd333c862bacf6cf4d3b1b98fca4adc2a4674b0397326ebad63a553f97cbf763d5549e982b999eaa77dfa074311d236936056a2f097385136ea5d82f76190e4a896bd5c2ef3580eb98340b136dae2215c3ec324ad44fa1920213fc6985faa58fab2a5ab4f1c268dc1489c4f257e54c573247a6e32640780f7345dcd7c371de12696a2fff5d94ab9677914d3d21fd0b436405b8122f410a3374ed67c8b414120a1c50c18b6a8acaff5bb68b2ced8036d30045378402e4cd193cfab277e9808045b30c65f947f39c4b3b25af8130a46d03fef6ab01c8d3a5807ff6a96628523fcd8447f24d11cbad36b5553f5d4c8051739a700d6113d48e3c28bee871fc00c46b013e887ba957ab45911f056d4b98c00b4e6b5b02b1d674918b90b40ca688e096ad0705d6f72e4999b0cbe9ed94cb297df6872e02fbd3ed2a8be758d4e6af7fa416b14d6785852b2a06d001e1b10e9829e3c6ad27bb2f1ce05104115decac07ff9c4e3cbb0bc0d264e9f27e9dcb48a9d8ce44b5e6cb37defc81e282071eb0ea06285c5afed12fa5b509a54449dbcd19431ad4522348ab0aed336c351709d3aa717d1e453362bc65d041af2fa7c1328231420741b433373e78d98f23940d6e59c132e7 +SaltVal = 00 +Result = F (3 - Signature changed ) + +SHAAlg = SHA512 +e = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011 +d = 09d77b3b07c31dacabcdf1e8078a1321cb08f1765488e71b320c0bb56cfc04868a0edf060a6a6f90691164844852546dff634167aa1b0fe81d69fba8fcebcdfbee9e781425b29af7c5df6156d71b1264b592d53efa8a7bfd4a0b2fc0ac1863904241d09ea376ecffdcf36cfac560c74b210c1c1886d4a6dfc94959f5190e8ea9082d85e7e8fd58bd374db170f86362ed0b4c2a2084ce93ba924a95e905b52e1a9c2215cc3d5d8de7d76a718080c3a15e71ddf60af46bd9ba62557a00e9ced85ba8f0751dad3f4e212957265c67de3eea774d7f7514d40a0814880b724bc1ed43de7e7f34334ab19f9e50dd5fac9403c6d14b0ea9e1663e63510c96419c10c134de0eb4ecf88918f782e272ececca42a6c04898a0c738eceea3319e81c0e6fb4236fdaaa191b196a7e8fc39e35a88d844b2c2f0929f029e49b03f1b65804ced3594c1304fe2ae987ab4d24a7faed4da097d58c94125884d095b59d26f2fd207e4dca58c54c0a74115d2f635a97e86e484ea8fe5a25a0dfb787fcefbe53f4dcc299ed23802b79ae2cd433227128eed0bd640bb5f51c93707379fd715c7a39b69c559fb8ff6d43eadb2eae2034d93c0c7f39b5e50044aa201d4d0c3036e4004201d558c4b87e31bfbd10654032808d9133200f8ca8e8206ea26fe2a3ef27005d2b245bb91c528fbe9a45687e94aaae83cbe25b452b3c26bc17c3efda7818f24201d +Msg = 24c8f1e99508bd234cf1161e94b439ac41e6392994d4ff685e178fee68688e5e13b501353c7458b76237ab2a0b80434163d75cdb271b29eec11619bdb55359523b349a282d3f142824b9cbd6df7611cde4ef4c696995f9c37465f1e242bdeb2fe66e432a3212fa5cdaa0fd8cd73daa360a55903922eb76d0bf2d9fc3d74c4ddf +S = 3941bb2afeacc1962b51ffecb000ed9406ba6e0935006203eac5aab1e35b980e6b3bbacf6d79f249e2c0fcd4259298d659870fbfa7e5c78d0e72aec15768e9e9d7353369ef2c91240645dfe40d85f68026bc4aff204798ad20cdf05a66640f6885ab633597636cd5af965ef1d2bdcc5dd0922f23e150ba67cdf148421d6ed43349b2ab426af2c9609eda45b980c842c2817513f8d0ec7c1b404fe07a7269088e359948fa05a6d63d3002f88ccd3167dc30242a42a07b17940a4f5763013800fefced30d42daef920e15d167e6bef092d440be42624e6f855ab7842a8871140dc17458f479933e082f1794a4c56cb338d31ca4f5bc6983dc2ec124e6785b16a0530b4c7e33488da83a184aff5448277a61c32cf6a8a4995a939552e0cad8d37da113b7806510577af56f9abfc7a37c566405be6d0b3271d8dd9071a0e83c51467f2fd3d22c805bc9ea025d1b1033a99235acb145729df2b6dcd761196c74b02f8aec2b53d19c20be6b3f7e46c21690737c675d46d240d6774278c0dc7db0a817b570cd493530d2acc0685bb1d51a81992ba45a3acbb690467fcd2524deef1b2efd643cac753d86a760c9428427a7b5cfe2624efdcca0f4c2c02ae67c3e3df01c4a19c3172377b425834c1c376366eab600693f63ece2d6ff94412f768a9dba4d202d70a9324f76b2f58295015164213c71d3bae7b90edd800ada1d972353f320c +SaltVal = 00 +EM with hash moved = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003051300d060960864801650304020305000440f8b77aee7f4480f3de4575717e774c7735f9d46cfbc3706fcc2cbfed078b75fa59223ba0cda570d5bdf5ba1bd9d087f37e36b22b65552b85cfcc01a7b30c7f78efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef +Result = F (4 - Format of the EM is incorrect - hash moved to left ) diff --git a/dependencies/@openzeppelin/test/utils/cryptography/SignatureChecker.test.js b/dependencies/@openzeppelin/test/utils/cryptography/SignatureChecker.test.js new file mode 100644 index 00000000..e6a08491 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/SignatureChecker.test.js @@ -0,0 +1,61 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const TEST_MESSAGE = ethers.id('OpenZeppelin'); +const TEST_MESSAGE_HASH = ethers.hashMessage(TEST_MESSAGE); + +const WRONG_MESSAGE = ethers.id('Nope'); +const WRONG_MESSAGE_HASH = ethers.hashMessage(WRONG_MESSAGE); + +async function fixture() { + const [signer, other] = await ethers.getSigners(); + const mock = await ethers.deployContract('$SignatureChecker'); + const wallet = await ethers.deployContract('ERC1271WalletMock', [signer]); + const malicious = await ethers.deployContract('ERC1271MaliciousMock'); + const signature = await signer.signMessage(TEST_MESSAGE); + + return { signer, other, mock, wallet, malicious, signature }; +} + +describe('SignatureChecker (ERC1271)', function () { + before('deploying', async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('EOA account', function () { + it('with matching signer and signature', async function () { + expect(await this.mock.$isValidSignatureNow(this.signer, TEST_MESSAGE_HASH, this.signature)).to.be.true; + }); + + it('with invalid signer', async function () { + expect(await this.mock.$isValidSignatureNow(this.other, TEST_MESSAGE_HASH, this.signature)).to.be.false; + }); + + it('with invalid signature', async function () { + expect(await this.mock.$isValidSignatureNow(this.signer, WRONG_MESSAGE_HASH, this.signature)).to.be.false; + }); + }); + + describe('ERC1271 wallet', function () { + for (const fn of ['isValidERC1271SignatureNow', 'isValidSignatureNow']) { + describe(fn, function () { + it('with matching signer and signature', async function () { + expect(await this.mock.getFunction(`$${fn}`)(this.wallet, TEST_MESSAGE_HASH, this.signature)).to.be.true; + }); + + it('with invalid signer', async function () { + expect(await this.mock.getFunction(`$${fn}`)(this.mock, TEST_MESSAGE_HASH, this.signature)).to.be.false; + }); + + it('with invalid signature', async function () { + expect(await this.mock.getFunction(`$${fn}`)(this.wallet, WRONG_MESSAGE_HASH, this.signature)).to.be.false; + }); + + it('with malicious wallet', async function () { + expect(await this.mock.getFunction(`$${fn}`)(this.malicious, TEST_MESSAGE_HASH, this.signature)).to.be.false; + }); + }); + } + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/cryptography/ecdsa_secp256r1_sha256_p1363_test.json b/dependencies/@openzeppelin/test/utils/cryptography/ecdsa_secp256r1_sha256_p1363_test.json new file mode 100644 index 00000000..9cd94cf8 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/cryptography/ecdsa_secp256r1_sha256_p1363_test.json @@ -0,0 +1,3719 @@ +{ + "algorithm" : "ECDSA", + "generatorVersion" : "0.8r12", + "numberOfTests" : 219, + "header" : [ + "Test vectors of type EcdsaVerify are meant for the verification", + "of IEEE P1363 encoded ECDSA signatures." + ], + "notes" : { + "EdgeCase" : "Edge case values such as r=1 and s=0 can lead to forgeries if the ECDSA implementation does not check boundaries and computes s^(-1)==0.", + "PointDuplication" : "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission.", + "SigSize" : "The size of the signature should always be twice the number of bytes of the size of the order. But some libraries accept signatures with less bytes." + }, + "schema" : "ecdsa_p1363_verify_schema.json", + "testGroups" : [ + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "KSexBRK64-3c_kZ4KBKLrSkDJpkZ9whgacjE32xzKDg", + "y" : "x3h5ZOqsAOWSH7FJimD0YGdms9loUAFVjRqXTnNBUT4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e", + "wx" : "2927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838", + "wy" : "00c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKSexBRK64+3c/kZ4KBKLrSkDJpkZ\n9whgacjE32xzKDjHeHlk6qwA5ZIfsUmKYPRgZ2az2WhQAVWNGpdOc0FRPg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 1, + "comment" : "signature malleability", + "msg" : "313233343030", + "sig" : "2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e184cd60b855d442f5b3c7b11eb6c4e0ae7525fe710fab9aa7c77a67f79e6fadd76", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "012ba3a8bd6b94d5ed80a6d9d1190a436ebccc0833490686deac8635bcb9bf536900b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 3, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "d45c5740946b2a147f59262ee6f5bc90bd01ed280528b62b3aed5fc93f06f739b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "012ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1800b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 5, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "d45c5741946b2a137f59262ee6f5bc91001af27a5e1117a64733950642a3d1e8b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 6, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "002ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1801b329f478a2bbd0a6c384ee1493b1f518276e0e4a5375928d6fcd160c11cb6d2c", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "002ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e1801b329f479a2bbd0a5c384ee1493b1f5186a87139cac5df4087c134b49156847db", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "Modified r or s, e.g. by adding or subtracting the order of the group", + "msg" : "313233343030", + "sig" : "2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e184cd60b865d442f5a3c7b11eb6c4e0ae79578ec6353a20bf783ecb4b6ea97b825", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 10, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 11, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 12, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 13, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 14, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 15, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 16, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 17, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 18, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 19, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 20, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 21, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 22, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 23, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 24, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 25, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 26, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 27, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 28, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 29, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 30, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325500000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 31, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325500000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 32, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 33, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 34, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 35, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 36, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 37, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325520000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 38, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325520000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 39, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 40, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 41, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 42, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 43, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 44, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 45, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 46, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 47, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 48, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 49, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 50, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 51, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff000000010000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 52, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff000000010000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 53, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000001000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 54, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000001000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 55, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000001000000000000000000000000ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 56, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000001000000000000000000000000ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 57, + "comment" : "Signature with special case values for r and s", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000001000000000000000000000000ffffffff00000001000000000000000000000001000000000000000000000000", + "result" : "invalid", + "flags" : [ + "EdgeCase" + ] + }, + { + "tcId" : 58, + "comment" : "Edge case for Shamir multiplication", + "msg" : "3639383139", + "sig" : "64a1aab5000d0e804f3e2fc02bdee9be8ff312334e2ba16d11547c97711c898e6af015971cc30be6d1a206d4e013e0997772a2f91d73286ffd683b9bb2cf4f1b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "special case hash", + "msg" : "343236343739373234", + "sig" : "16aea964a2f6506d6f78c81c91fc7e8bded7d397738448de1e19a0ec580bf266252cd762130c6667cfe8b7bc47d27d78391e8e80c578d1cd38c3ff033be928e9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "special case hash", + "msg" : "37313338363834383931", + "sig" : "9cc98be2347d469bf476dfc26b9b733df2d26d6ef524af917c665baccb23c882093496459effe2d8d70727b82462f61d0ec1b7847929d10ea631dacb16b56c32", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "special case hash", + "msg" : "3130333539333331363638", + "sig" : "73b3c90ecd390028058164524dde892703dce3dea0d53fa8093999f07ab8aa432f67b0b8e20636695bb7d8bf0a651c802ed25a395387b5f4188c0c4075c88634", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "special case hash", + "msg" : "33393439343031323135", + "sig" : "bfab3098252847b328fadf2f89b95c851a7f0eb390763378f37e90119d5ba3ddbdd64e234e832b1067c2d058ccb44d978195ccebb65c2aaf1e2da9b8b4987e3b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "special case hash", + "msg" : "31333434323933303739", + "sig" : "204a9784074b246d8bf8bf04a4ceb1c1f1c9aaab168b1596d17093c5cd21d2cd51cce41670636783dc06a759c8847868a406c2506fe17975582fe648d1d88b52", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "special case hash", + "msg" : "33373036323131373132", + "sig" : "ed66dc34f551ac82f63d4aa4f81fe2cb0031a91d1314f835027bca0f1ceeaa0399ca123aa09b13cd194a422e18d5fda167623c3f6e5d4d6abb8953d67c0c48c7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "special case hash", + "msg" : "333433363838373132", + "sig" : "060b700bef665c68899d44f2356a578d126b062023ccc3c056bf0f60a237012b8d186c027832965f4fcc78a3366ca95dedbb410cbef3f26d6be5d581c11d3610", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "special case hash", + "msg" : "31333531353330333730", + "sig" : "9f6adfe8d5eb5b2c24d7aa7934b6cf29c93ea76cd313c9132bb0c8e38c96831db26a9c9e40e55ee0890c944cf271756c906a33e66b5bd15e051593883b5e9902", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "special case hash", + "msg" : "36353533323033313236", + "sig" : "a1af03ca91677b673ad2f33615e56174a1abf6da168cebfa8868f4ba273f16b720aa73ffe48afa6435cd258b173d0c2377d69022e7d098d75caf24c8c5e06b1c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "special case hash", + "msg" : "31353634333436363033", + "sig" : "fdc70602766f8eed11a6c99a71c973d5659355507b843da6e327a28c11893db93df5349688a085b137b1eacf456a9e9e0f6d15ec0078ca60a7f83f2b10d21350", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "special case hash", + "msg" : "34343239353339313137", + "sig" : "b516a314f2fce530d6537f6a6c49966c23456f63c643cf8e0dc738f7b876e675d39ffd033c92b6d717dd536fbc5efdf1967c4bd80954479ba66b0120cd16fff2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "special case hash", + "msg" : "3130393533323631333531", + "sig" : "3b2cbf046eac45842ecb7984d475831582717bebb6492fd0a485c101e29ff0a84c9b7b47a98b0f82de512bc9313aaf51701099cac5f76e68c8595fc1c1d99258", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 71, + "comment" : "special case hash", + "msg" : "35393837333530303431", + "sig" : "30c87d35e636f540841f14af54e2f9edd79d0312cfa1ab656c3fb15bfde48dcf47c15a5a82d24b75c85a692bd6ecafeb71409ede23efd08e0db9abf6340677ed", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "special case hash", + "msg" : "33343633303036383738", + "sig" : "38686ff0fda2cef6bc43b58cfe6647b9e2e8176d168dec3c68ff262113760f52067ec3b651f422669601662167fa8717e976e2db5e6a4cf7c2ddabb3fde9d67d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "special case hash", + "msg" : "39383137333230323837", + "sig" : "44a3e23bf314f2b344fc25c7f2de8b6af3e17d27f5ee844b225985ab6e2775cf2d48e223205e98041ddc87be532abed584f0411f5729500493c9cc3f4dd15e86", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "special case hash", + "msg" : "33323232303431303436", + "sig" : "2ded5b7ec8e90e7bf11f967a3d95110c41b99db3b5aa8d330eb9d638781688e97d5792c53628155e1bfc46fb1a67e3088de049c328ae1f44ec69238a009808f9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "special case hash", + "msg" : "36363636333037313034", + "sig" : "bdae7bcb580bf335efd3bc3d31870f923eaccafcd40ec2f605976f15137d8b8ff6dfa12f19e525270b0106eecfe257499f373a4fb318994f24838122ce7ec3c7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "special case hash", + "msg" : "31303335393531383938", + "sig" : "50f9c4f0cd6940e162720957ffff513799209b78596956d21ece251c2401f1c6d7033a0a787d338e889defaaabb106b95a4355e411a59c32aa5167dfab244726", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "special case hash", + "msg" : "31383436353937313935", + "sig" : "f612820687604fa01906066a378d67540982e29575d019aabe90924ead5c860d3f9367702dd7dd4f75ea98afd20e328a1a99f4857b316525328230ce294b0fef", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "special case hash", + "msg" : "33313336303436313839", + "sig" : "9505e407657d6e8bc93db5da7aa6f5081f61980c1949f56b0f2f507da5782a7ac60d31904e3669738ffbeccab6c3656c08e0ed5cb92b3cfa5e7f71784f9c5021", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "special case hash", + "msg" : "32363633373834323534", + "sig" : "bbd16fbbb656b6d0d83e6a7787cd691b08735aed371732723e1c68a40404517d9d8e35dba96028b7787d91315be675877d2d097be5e8ee34560e3e7fd25c0f00", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "special case hash", + "msg" : "31363532313030353234", + "sig" : "2ec9760122db98fd06ea76848d35a6da442d2ceef7559a30cf57c61e92df327e7ab271da90859479701fccf86e462ee3393fb6814c27b760c4963625c0a19878", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "special case hash", + "msg" : "35373438303831363936", + "sig" : "54e76b7683b6650baa6a7fc49b1c51eed9ba9dd463221f7a4f1005a89fe00c592ea076886c773eb937ec1cc8374b7915cfd11b1c1ae1166152f2f7806a31c8fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "special case hash", + "msg" : "36333433393133343638", + "sig" : "5291deaf24659ffbbce6e3c26f6021097a74abdbb69be4fb10419c0c496c946665d6fcf336d27cc7cdb982bb4e4ecef5827f84742f29f10abf83469270a03dc3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "special case hash", + "msg" : "31353431313033353938", + "sig" : "207a3241812d75d947419dc58efb05e8003b33fc17eb50f9d15166a88479f107cdee749f2e492b213ce80b32d0574f62f1c5d70793cf55e382d5caadf7592767", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "special case hash", + "msg" : "3130343738353830313238", + "sig" : "6554e49f82a855204328ac94913bf01bbe84437a355a0a37c0dee3cf81aa7728aea00de2507ddaf5c94e1e126980d3df16250a2eaebc8be486effe7f22b4f929", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "special case hash", + "msg" : "3130353336323835353638", + "sig" : "a54c5062648339d2bff06f71c88216c26c6e19b4d80a8c602990ac82707efdfce99bbe7fcfafae3e69fd016777517aa01056317f467ad09aff09be73c9731b0d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "special case hash", + "msg" : "393533393034313035", + "sig" : "975bd7157a8d363b309f1f444012b1a1d23096593133e71b4ca8b059cff37eaf7faa7a28b1c822baa241793f2abc930bd4c69840fe090f2aacc46786bf919622", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "special case hash", + "msg" : "393738383438303339", + "sig" : "5694a6f84b8f875c276afd2ebcfe4d61de9ec90305afb1357b95b3e0da43885e0dffad9ffd0b757d8051dec02ebdf70d8ee2dc5c7870c0823b6ccc7c679cbaa4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "special case hash", + "msg" : "33363130363732343432", + "sig" : "a0c30e8026fdb2b4b4968a27d16a6d08f7098f1a98d21620d7454ba9790f1ba65e470453a8a399f15baf463f9deceb53acc5ca64459149688bd2760c65424339", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "special case hash", + "msg" : "31303534323430373035", + "sig" : "614ea84acf736527dd73602cd4bb4eea1dfebebd5ad8aca52aa0228cf7b99a88737cc85f5f2d2f60d1b8183f3ed490e4de14368e96a9482c2a4dd193195c902f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "special case hash", + "msg" : "35313734343438313937", + "sig" : "bead6734ebe44b810d3fb2ea00b1732945377338febfd439a8d74dfbd0f942fa6bb18eae36616a7d3cad35919fd21a8af4bbe7a10f73b3e036a46b103ef56e2a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "special case hash", + "msg" : "31393637353631323531", + "sig" : "499625479e161dacd4db9d9ce64854c98d922cbf212703e9654fae182df9bad242c177cf37b8193a0131108d97819edd9439936028864ac195b64fca76d9d693", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "special case hash", + "msg" : "33343437323533333433", + "sig" : "08f16b8093a8fb4d66a2c8065b541b3d31e3bfe694f6b89c50fb1aaa6ff6c9b29d6455e2d5d1779748573b611cb95d4a21f967410399b39b535ba3e5af81ca2e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "special case hash", + "msg" : "333638323634333138", + "sig" : "be26231b6191658a19dd72ddb99ed8f8c579b6938d19bce8eed8dc2b338cb5f8e1d9a32ee56cffed37f0f22b2dcb57d5c943c14f79694a03b9c5e96952575c89", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "special case hash", + "msg" : "33323631313938363038", + "sig" : "15e76880898316b16204ac920a02d58045f36a229d4aa4f812638c455abe0443e74d357d3fcb5c8c5337bd6aba4178b455ca10e226e13f9638196506a1939123", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "special case hash", + "msg" : "39363738373831303934", + "sig" : "352ecb53f8df2c503a45f9846fc28d1d31e6307d3ddbffc1132315cc07f16dad1348dfa9c482c558e1d05c5242ca1c39436726ecd28258b1899792887dd0a3c6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 96, + "comment" : "special case hash", + "msg" : "34393538383233383233", + "sig" : "4a40801a7e606ba78a0da9882ab23c7677b8642349ed3d652c5bfa5f2a9558fb3a49b64848d682ef7f605f2832f7384bdc24ed2925825bf8ea77dc5981725782", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 97, + "comment" : "special case hash", + "msg" : "383234363337383337", + "sig" : "eacc5e1a8304a74d2be412b078924b3bb3511bac855c05c9e5e9e44df3d61e967451cd8e18d6ed1885dd827714847f96ec4bb0ed4c36ce9808db8f714204f6d1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "special case hash", + "msg" : "3131303230383333373736", + "sig" : "2f7a5e9e5771d424f30f67fdab61e8ce4f8cd1214882adb65f7de94c31577052ac4e69808345809b44acb0b2bd889175fb75dd050c5a449ab9528f8f78daa10c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "special case hash", + "msg" : "313333383731363438", + "sig" : "ffcda40f792ce4d93e7e0f0e95e1a2147dddd7f6487621c30a03d710b330021979938b55f8a17f7ed7ba9ade8f2065a1fa77618f0b67add8d58c422c2453a49a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "special case hash", + "msg" : "333232313434313632", + "sig" : "81f2359c4faba6b53d3e8c8c3fcc16a948350f7ab3a588b28c17603a431e39a8cd6f6a5cc3b55ead0ff695d06c6860b509e46d99fccefb9f7f9e101857f74300", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "special case hash", + "msg" : "3130363836363535353436", + "sig" : "dfc8bf520445cbb8ee1596fb073ea283ea130251a6fdffa5c3f5f2aaf75ca808048e33efce147c9dd92823640e338e68bfd7d0dc7a4905b3a7ac711e577e90e7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "special case hash", + "msg" : "3632313535323436", + "sig" : "ad019f74c6941d20efda70b46c53db166503a0e393e932f688227688ba6a576293320eb7ca0710255346bdbb3102cdcf7964ef2e0988e712bc05efe16c199345", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "special case hash", + "msg" : "37303330383138373734", + "sig" : "ac8096842e8add68c34e78ce11dd71e4b54316bd3ebf7fffdeb7bd5a3ebc1883f5ca2f4f23d674502d4caf85d187215d36e3ce9f0ce219709f21a3aac003b7a8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "special case hash", + "msg" : "35393234353233373434", + "sig" : "677b2d3a59b18a5ff939b70ea002250889ddcd7b7b9d776854b4943693fb92f76b4ba856ade7677bf30307b21f3ccda35d2f63aee81efd0bab6972cc0795db55", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "special case hash", + "msg" : "31343935353836363231", + "sig" : "479e1ded14bcaed0379ba8e1b73d3115d84d31d4b7c30e1f05e1fc0d5957cfb0918f79e35b3d89487cf634a4f05b2e0c30857ca879f97c771e877027355b2443", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "special case hash", + "msg" : "34303035333134343036", + "sig" : "43dfccd0edb9e280d9a58f01164d55c3d711e14b12ac5cf3b64840ead512a0a31dbe33fa8ba84533cd5c4934365b3442ca1174899b78ef9a3199f49584389772", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "special case hash", + "msg" : "33303936343537353132", + "sig" : "5b09ab637bd4caf0f4c7c7e4bca592fea20e9087c259d26a38bb4085f0bbff1145b7eb467b6748af618e9d80d6fdcd6aa24964e5a13f885bca8101de08eb0d75", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "special case hash", + "msg" : "32373834303235363230", + "sig" : "5e9b1c5a028070df5728c5c8af9b74e0667afa570a6cfa0114a5039ed15ee06fb1360907e2d9785ead362bb8d7bd661b6c29eeffd3c5037744edaeb9ad990c20", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "special case hash", + "msg" : "32363138373837343138", + "sig" : "0671a0a85c2b72d54a2fb0990e34538b4890050f5a5712f6d1a7a5fb8578f32edb1846bab6b7361479ab9c3285ca41291808f27fd5bd4fdac720e5854713694c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "special case hash", + "msg" : "31363432363235323632", + "sig" : "7673f8526748446477dbbb0590a45492c5d7d69859d301abbaedb35b2095103a3dc70ddf9c6b524d886bed9e6af02e0e4dec0d417a414fed3807ef4422913d7c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "special case hash", + "msg" : "36383234313839343336", + "sig" : "7f085441070ecd2bb21285089ebb1aa6450d1a06c36d3ff39dfd657a796d12b5249712012029870a2459d18d47da9aa492a5e6cb4b2d8dafa9e4c5c54a2b9a8b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "special case hash", + "msg" : "343834323435343235", + "sig" : "914c67fb61dd1e27c867398ea7322d5ab76df04bc5aa6683a8e0f30a5d287348fa07474031481dda4953e3ac1959ee8cea7e66ec412b38d6c96d28f6d37304ea", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "CtmVACiNRmlAAx1yqfVEWk1DeEZAhVvwpph00t5f4QM", + "y" : "xQEebvLELc1Q1dPSn5mubrosgMkkT0xUIvCXn_DDul4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e", + "wx" : "0ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103", + "wy" : "00c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040ad99500288d466940031d72a9f5445a4d43784640855bf0a69874d2de5fe103c5011e6ef2c42dcd50d5d3d29f99ae6eba2c80c9244f4c5422f0979ff0c3ba5e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECtmVACiNRmlAAx1yqfVEWk1DeEZA\nhVvwpph00t5f4QPFAR5u8sQtzVDV09Kfma5uuiyAySRPTFQi8Jef8MO6Xg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 113, + "comment" : "k*G has a large x-coordinate", + "msg" : "313233343030", + "sig" : "000000000000000000000000000000004319055358e8617b0c46353d039cdaabffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "r too large", + "msg" : "313233343030", + "sig" : "ffffffff00000001000000000000000000000000fffffffffffffffffffffffcffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "qwX9nQ3ia5zm9IGWUtn8aRk9CqOY8PuoAT4JxYIgRVQ", + "y" : "GSNScSKMeGdZCV0St1rwaS3UED8Z9qjDL0lDWh6bjUU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c58220455419235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45", + "wx" : "00ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c582204554", + "wy" : "19235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004ab05fd9d0de26b9ce6f4819652d9fc69193d0aa398f0fba8013e09c58220455419235271228c786759095d12b75af0692dd4103f19f6a8c32f49435a1e9b8d45", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqwX9nQ3ia5zm9IGWUtn8aRk9CqOY\n8PuoAT4JxYIgRVQZI1JxIox4Z1kJXRK3WvBpLdQQPxn2qMMvSUNaHpuNRQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 115, + "comment" : "r,s are large", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "gJhPOaH_OKhqaKpCAba-Xfv-z4diGXELB7rfb91MbFY", + "y" : "Ef65c5DZgm56Bt-0GHHJQNdEFe08rCCJ8URQGbtV7ZU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0480984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c5611feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95", + "wx" : "0080984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c56", + "wy" : "11feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000480984f39a1ff38a86a68aa4201b6be5dfbfecf876219710b07badf6fdd4c6c5611feb97390d9826e7a06dfb41871c940d74415ed3cac2089f1445019bb55ed95", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgJhPOaH/OKhqaKpCAba+Xfv+z4di\nGXELB7rfb91MbFYR/rlzkNmCbnoG37QYcclA10QV7TysIInxRFAZu1XtlQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 116, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd909135bdb6799286170f5ead2de4f6511453fe50914f3df2de54a36383df8dd4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "QgG0JylEIBwylPW6qaMjK23Wh0lfzBmnCpW8YCtPfAU", + "y" : "lcN-up7oFxwbtaxv6vdTvDb0Y-Ou8WYpVywMCo-wgA4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c0595c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e", + "wx" : "4201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c05", + "wy" : "0095c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044201b4272944201c3294f5baa9a3232b6dd687495fcc19a70a95bc602b4f7c0595c37eba9ee8171c1bb5ac6feaf753bc36f463e3aef16629572c0c0a8fb0800e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgG0JylEIBwylPW6qaMjK23Wh0lf\nzBmnCpW8YCtPfAWVw366nugXHBu1rG/q91O8NvRj467xZilXLAwKj7CADg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 117, + "comment" : "r and s^-1 have a large Hamming weight", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd27b4577ca009376f71303fd5dd227dcef5deb773ad5f5a84360644669ca249a5", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "pxr2TeUSakpOAreSLWbOlBXOiKTJ0lUU2RCCyHJayVc", + "y" : "XUdyPI--WAuzaf7JwmZdjjCkNbmTJkVILnyfEehyKWs" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac9575d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b", + "wx" : "00a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac957", + "wy" : "5d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a71af64de5126a4a4e02b7922d66ce9415ce88a4c9d25514d91082c8725ac9575d47723c8fbe580bb369fec9c2665d8e30a435b9932645482e7c9f11e872296b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpxr2TeUSakpOAreSLWbOlBXOiKTJ\n0lUU2RCCyHJayVddR3I8j75YC7Np/snCZl2OMKQ1uZMmRUgufJ8R6HIpaw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 118, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000001", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "incorrect size of signature", + "msg" : "313233343030", + "sig" : "0501", + "result" : "acceptable", + "flags" : [ + "SigSize" + ] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "ZifOxPBzHqI_wpMfkOvlt1cvWX0g3wj8KzHujvFrFXI", + "y" : "YXDtd9jQoU_FycPEyb5_DT7hj3CbsnXq8gc-JY_mlKU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b15726170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5", + "wx" : "6627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b1572", + "wy" : "6170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046627cec4f0731ea23fc2931f90ebe5b7572f597d20df08fc2b31ee8ef16b15726170ed77d8d0a14fc5c9c3c4c9be7f0d3ee18f709bb275eaf2073e258fe694a5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZifOxPBzHqI/wpMfkOvlt1cvWX0g\n3wj8KzHujvFrFXJhcO132NChT8XJw8TJvn8NPuGPcJuyderyBz4lj+aUpQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 120, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000003", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "incorrect size of signature", + "msg" : "313233343030", + "sig" : "0503", + "result" : "acceptable", + "flags" : [ + "SigSize" + ] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "WnyIJehWkczh9edUTFTnPxSvwBDLcxNDJiyn7Fp39b8", + "y" : "727fYqRJfBvXsUf7bD0irzw5v86V8w4ToW09eygS-BM" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bfef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813", + "wx" : "5a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bf", + "wy" : "00ef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045a7c8825e85691cce1f5e7544c54e73f14afc010cb731343262ca7ec5a77f5bfef6edf62a4497c1bd7b147fb6c3d22af3c39bfce95f30e13a16d3d7b2812f813", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWnyIJehWkczh9edUTFTnPxSvwBDL\ncxNDJiyn7Fp39b/vbt9ipEl8G9exR/tsPSKvPDm/zpXzDhOhbT17KBL4Ew==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 122, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000005", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "incorrect size of signature", + "msg" : "313233343030", + "sig" : "0505", + "result" : "acceptable", + "flags" : [ + "SigSize" + ] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "y-DCkTLNc4Nk_t1gMVKZDASOXi__mW2IP6bKynl4xzc", + "y" : "cK9qjORMtBIksmA2BvTATRiOgL_3zDGtUYnUqw1w6ME" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c73770af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1", + "wx" : "00cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c737", + "wy" : "70af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cbe0c29132cd738364fedd603152990c048e5e2fff996d883fa6caca7978c73770af6a8ce44cb41224b2603606f4c04d188e80bff7cc31ad5189d4ab0d70e8c1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy+DCkTLNc4Nk/t1gMVKZDASOXi//\nmW2IP6bKynl4xzdwr2qM5Ey0EiSyYDYG9MBNGI6Av/fMMa1RidSrDXDowQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 124, + "comment" : "small r and s", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000006", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "incorrect size of signature", + "msg" : "313233343030", + "sig" : "0506", + "result" : "acceptable", + "flags" : [ + "SigSize" + ] + }, + { + "tcId" : 126, + "comment" : "r is larger than n", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325560000000000000000000000000000000000000000000000000000000000000006", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "S-QXgJcALw3qto8NmhMODtM6Z5XQKiB5bbg0RLA34Tk", + "y" : "IPEwUeDuzc_OTazqD1DR8kfKpmnxk8G0B1tRriltLVY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e13920f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56", + "wx" : "4be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e139", + "wy" : "20f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044be4178097002f0deab68f0d9a130e0ed33a6795d02a20796db83444b037e13920f13051e0eecdcfce4dacea0f50d1f247caa669f193c1b4075b51ae296d2d56", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES+QXgJcALw3qto8NmhMODtM6Z5XQ\nKiB5bbg0RLA34Tkg8TBR4O7Nz85NrOoPUNHyR8qmafGTwbQHW1GuKW0tVg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 127, + "comment" : "s is larger than n", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000005ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc75fbd8", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "0Pc3kiA3Fq_UvkMp-qSNJp8VMT67ujedd4PJe_PokNk", + "y" : "lx9KMgZgW-wheCv14nXHFEF-j1ZlSea8aGkNI2PInME" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1", + "wx" : "00d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9", + "wy" : "00971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0f73792203716afd4be4329faa48d269f15313ebbba379d7783c97bf3e890d9971f4a3206605bec21782bf5e275c714417e8f566549e6bc68690d2363c89cc1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0Pc3kiA3Fq/UvkMp+qSNJp8VMT67\nujedd4PJe/PokNmXH0oyBmBb7CF4K/XidccUQX6PVmVJ5rxoaQ0jY8icwQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 128, + "comment" : "small r and s^-1", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000000000000000000000000001008f1e3c7862c58b16bb76eddbb76eddbb516af4f63f2d74d76e0d28c9bb75ea88", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "SDiyvjWmJ2qA754igUD52bls6Dt6JU9xzN67uAVM4F8", + "y" : "-py8EjyRmxngAjgZjQQGkEO9ZgqCiBQFH8uKrHOKbGs" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05ffa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b", + "wx" : "4838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05f", + "wy" : "00fa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044838b2be35a6276a80ef9e228140f9d9b96ce83b7a254f71ccdebbb8054ce05ffa9cbc123c919b19e00238198d04069043bd660a828814051fcb8aac738a6c6b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESDiyvjWmJ2qA754igUD52bls6Dt6\nJU9xzN67uAVM4F/6nLwSPJGbGeACOBmNBAaQQ71mCoKIFAUfy4qsc4psaw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 129, + "comment" : "smallish r and s^-1", + "msg" : "313233343030", + "sig" : "000000000000000000000000000000000000000000000000002d9b4d347952d6ef3043e7329581dbb3974497710ab11505ee1c87ff907beebadd195a0ffe6d7a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "c5OYPKMKUgu8R4PcmWB0aqtETvUgwKjncRGapOdLD2Q", + "y" : "6de-GrAaC_Ym5wmGPmpIbbrzJ5OvzPd04sbNJ7GFdSY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "047393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526", + "wx" : "7393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64", + "wy" : "00e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200047393983ca30a520bbc4783dc9960746aab444ef520c0a8e771119aa4e74b0f64e9d7be1ab01a0bf626e709863e6a486dbaf32793afccf774e2c6cd27b1857526", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEc5OYPKMKUgu8R4PcmWB0aqtETvUg\nwKjncRGapOdLD2Tp174asBoL9ibnCYY+akhtuvMnk6/M93Tixs0nsYV1Jg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 130, + "comment" : "100-bit r and small s^-1", + "msg" : "313233343030", + "sig" : "000000000000000000000000000000000000001033e67e37b32b445580bf4eff8b748b74000000008b748b748b748b7466e769ad4a16d3dcd87129b8e91d1b4d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "WsMxoRA_6WZpc3nzVqk381BYigVHfjCIUbilAtXfzcU", + "y" : "_pmT30tXk5srjaCVv215QmUgTP4DvplaAuZdQIyHHAs" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b", + "wx" : "5ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5", + "wy" : "00fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045ac331a1103fe966697379f356a937f350588a05477e308851b8a502d5dfcdc5fe9993df4b57939b2b8da095bf6d794265204cfe03be995a02e65d408c871c0b", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWsMxoRA/6WZpc3nzVqk381BYigVH\nfjCIUbilAtXfzcX+mZPfS1eTmyuNoJW/bXlCZSBM/gO+mVoC5l1AjIccCw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 131, + "comment" : "small r and 100 bit s^-1", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000100ef9f6ba4d97c09d03178fa20b4aaad83be3cf9cb824a879fec3270fc4b81ef5b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "HSCb6N4t6HcJWjmdOQTHTMRY2Sbie7jljl6uV2fEFQk", + "y" : "3VngTCFPexjc41H8KlSYk6aGDoAWPzjMYKTyydBA2Mk" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "041d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9", + "wx" : "1d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509", + "wy" : "00dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200041d209be8de2de877095a399d3904c74cc458d926e27bb8e58e5eae5767c41509dd59e04c214f7b18dce351fc2a549893a6860e80163f38cc60a4f2c9d040d8c9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHSCb6N4t6HcJWjmdOQTHTMRY2Sbi\ne7jljl6uV2fEFQndWeBMIU97GNzjUfwqVJiTpoYOgBY/OMxgpPLJ0EDYyQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 132, + "comment" : "100-bit r and s^-1", + "msg" : "313233343030", + "sig" : "00000000000000000000000000000000000000062522bbd3ecbe7c39e93e7c25ef9f6ba4d97c09d03178fa20b4aaad83be3cf9cb824a879fec3270fc4b81ef5b", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "CDU5--5EYl46yq-i_LQTSTks7wYzobj6vs7gwTOxDpk", + "y" : "kVwevnvwDfhTUZZ3ClgEeuKkAvJjJrt9QdTXYWM3kR4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e", + "wx" : "083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99", + "wy" : "00915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004083539fbee44625e3acaafa2fcb41349392cef0633a1b8fabecee0c133b10e99915c1ebe7bf00df8535196770a58047ae2a402f26326bb7d41d4d7616337911e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECDU5++5EYl46yq+i/LQTSTks7wYz\nobj6vs7gwTOxDpmRXB6+e/AN+FNRlncKWAR64qQC8mMmu31B1NdhYzeRHg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 133, + "comment" : "r and s^-1 are close to n", + "msg" : "313233343030", + "sig" : "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6324d5555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "ius2inAnpNZKveo3OQwMHWom85ni2XNN4es9Dhk3OHQ", + "y" : "Bb0Tg0cV4duum4dc8HvVXhtmkcf3U2rvOxm_ekrfV20" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e1937387405bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d", + "wx" : "008aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e19373874", + "wy" : "05bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048aeb368a7027a4d64abdea37390c0c1d6a26f399e2d9734de1eb3d0e1937387405bd13834715e1dbae9b875cf07bd55e1b6691c7f7536aef3b19bf7a4adf576d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEius2inAnpNZKveo3OQwMHWom85ni\n2XNN4es9Dhk3OHQFvRODRxXh266bh1zwe9VeG2aRx/dTau87Gb96St9XbQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 134, + "comment" : "s == 1", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c700000000000000000000000000000000000000000000000000000000000000001", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "s == 0", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c700000000000000000000000000000000000000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "tTPUaV3VuMXgd1flXm5Rb34siPoCOeI_YOjsB91w8oc", + "y" : "GxNO5YzFgyeEVoY_M8OoXYgffUo5hQFD4p1OrwCa_kc" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f2871b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47", + "wx" : "00b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f287", + "wy" : "1b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004b533d4695dd5b8c5e07757e55e6e516f7e2c88fa0239e23f60e8ec07dd70f2871b134ee58cc583278456863f33c3a85d881f7d4a39850143e29d4eaf009afe47", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtTPUaV3VuMXgd1flXm5Rb34siPoC\nOeI/YOjsB91w8ocbE07ljMWDJ4RWhj8zw6hdiB99SjmFAUPinU6vAJr+Rw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 136, + "comment" : "point at infinity during verify", + "msg" : "313233343030", + "sig" : "7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "9Q03G5G_sdfRThMjUjvDqoy_LFf54oTeYoyLRTZ4e4Y", + "y" : "-UrYh6yU1SckfNLn0MixKRxVPJcwQFOAsUy7IJ9fot0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd", + "wx" : "00f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86", + "wy" : "00f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f50d371b91bfb1d7d14e1323523bc3aa8cbf2c57f9e284de628c8b4536787b86f94ad887ac94d527247cd2e7d0c8b1291c553c9730405380b14cbb209f5fa2dd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9Q03G5G/sdfRThMjUjvDqoy/LFf5\n4oTeYoyLRTZ4e4b5StiHrJTVJyR80ufQyLEpHFU8lzBAU4CxTLsgn1+i3Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 137, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a97fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "aOxuKY6v4WU5FWzlehSwSnBHwiG6_DpYLq6w2FfE2UY", + "y" : "l77RrxeFARf9s5sjJPIgpWmO0WxCaiczW7OFrIym-zA" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0468ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d94697bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30", + "wx" : "68ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d946", + "wy" : "0097bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000468ec6e298eafe16539156ce57a14b04a7047c221bafc3a582eaeb0d857c4d94697bed1af17850117fdb39b2324f220a5698ed16c426a27335bb385ac8ca6fb30", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaOxuKY6v4WU5FWzlehSwSnBHwiG6\n/DpYLq6w2FfE2UaXvtGvF4UBF/2zmyMk8iClaY7RbEJqJzNbs4WsjKb7MA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 138, + "comment" : "edge case for signature malleability", + "msg" : "313233343030", + "sig" : "7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a97fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a9", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "adoDZHNNLlMP7OlAGSZf77eBoPGwj2yIl732VXknyLg", + "y" : "ZtLTx9zVGLI9cmlg8Gmtcakz2G74q7zOiyD3HiqEcAI" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0469da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b866d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002", + "wx" : "69da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b8", + "wy" : "66d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000469da0364734d2e530fece94019265fefb781a0f1b08f6c8897bdf6557927c8b866d2d3c7dcd518b23d726960f069ad71a933d86ef8abbcce8b20f71e2a847002", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEadoDZHNNLlMP7OlAGSZf77eBoPGw\nj2yIl732VXknyLhm0tPH3NUYsj1yaWDwaa1xqTPYbvirvM6LIPceKoRwAg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 139, + "comment" : "u1 == 1", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c70bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "2K3AACOo7cAlduK2Pj4wYhpHHisjIGIBh78GehrB_zI", + "y" : "M-K1DsCYB6zLNhMf_5XtEqCahrTqlpCqMoYVdrojYuE" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff3233e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1", + "wx" : "00d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff32", + "wy" : "33e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d8adc00023a8edc02576e2b63e3e30621a471e2b2320620187bf067a1ac1ff3233e2b50ec09807accb36131fff95ed12a09a86b4ea9690aa32861576ba2362e1", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2K3AACOo7cAlduK2Pj4wYhpHHisj\nIGIBh78GehrB/zIz4rUOwJgHrMs2Ex//le0SoJqGtOqWkKoyhhV2uiNi4Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 140, + "comment" : "u1 == n - 1", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c7044a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "NiOslzztClb6bYgvA6fVx-3KAs_HskAfqzaQ2-dat4U", + "y" : "jbBpCOZLKGE9pyV-c385eT2o5xO6BkO5LpuzJSvn-P4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab7858db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe", + "wx" : "3623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab785", + "wy" : "008db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043623ac973ced0a56fa6d882f03a7d5c7edca02cfc7b2401fab3690dbe75ab7858db06908e64b28613da7257e737f39793da8e713ba0643b92e9bb3252be7f8fe", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENiOslzztClb6bYgvA6fVx+3KAs/H\nskAfqzaQ2+dat4WNsGkI5ksoYT2nJX5zfzl5PajnE7oGQ7kum7MlK+f4/g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 141, + "comment" : "u2 == 1", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c70555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "zwTqd-liJSPYlLk_9S3DAnsxlZUDtvo4kOXgQmP5IvE", + "y" : "6FKPt8AGs5g8i4QA5XtO1xdAwvOXVDiCEZm-3q7Ksuk" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9", + "wx" : "00cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1", + "wy" : "00e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cf04ea77e9622523d894b93ff52dc3027b31959503b6fa3890e5e04263f922f1e8528fb7c006b3983c8b8400e57b4ed71740c2f3975438821199bedeaecab2e9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzwTqd+liJSPYlLk/9S3DAnsxlZUD\ntvo4kOXgQmP5IvHoUo+3wAazmDyLhADle07XF0DC85dUOIIRmb7ersqy6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 142, + "comment" : "u2 == n - 1", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c70aaaaaaaa00000000aaaaaaaaaaaaaaaa7def51c91a0fbf034d26872ca84218e1", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "23osihq1c-WSncJAd7UI1-aD1JInmWvaPp942-_3c1A", + "y" : "T0F_O8mogHXC4KrdWhMxFzDPfMdqgvEaNurwimyZogY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff773504f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206", + "wx" : "00db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff77350", + "wy" : "4f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004db7a2c8a1ab573e5929dc24077b508d7e683d49227996bda3e9f78dbeff773504f417f3bc9a88075c2e0aadd5a13311730cf7cc76a82f11a36eaf08a6c99a206", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE23osihq1c+WSncJAd7UI1+aD1JIn\nmWvaPp942+/3c1BPQX87yaiAdcLgqt1aEzEXMM98x2qC8Ro26vCKbJmiBg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 143, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffde91e1ba60fdedb76a46bcb51dc0b8b4b7e019f0a28721885fa5d3a8196623397", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "3q0Rx6WzloYvIZdNxHUvre_5lO_pu9BatBN2XqgLbh8", + "y" : "HePwZA6Kxu3Pic_1PEDiZbuUB4o0NzbfB6oDGPx_4f8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff", + "wx" : "00dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f", + "wy" : "1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dead11c7a5b396862f21974dc4752fadeff994efe9bbd05ab413765ea80b6e1f1de3f0640e8ac6edcf89cff53c40e265bb94078a343736df07aa0318fc7fe1ff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3q0Rx6WzloYvIZdNxHUvre/5lO/p\nu9BatBN2XqgLbh8d4/BkDorG7c+Jz/U8QOJlu5QHijQ3Nt8HqgMY/H/h/w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 144, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdfdea5843ffeb73af94313ba4831b53fe24f799e525b1e8e8c87b59b95b430ad9", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "0LxHLg18geuu06bvlsGGE7sf6m-ZQyb76A4A395nx-k", + "y" : "mGxyPqSEPUg4m5RvZK1WyDrXD_F7qFM1Zn0bufphnv0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd", + "wx" : "00d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9", + "wy" : "00986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0bc472e0d7c81ebaed3a6ef96c18613bb1fea6f994326fbe80e00dfde67c7e9986c723ea4843d48389b946f64ad56c83ad70ff17ba85335667d1bb9fa619efd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0LxHLg18geuu06bvlsGGE7sf6m+Z\nQyb76A4A395nx+mYbHI+pIQ9SDiblG9krVbIOtcP8XuoUzVmfRu5+mGe/Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 145, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd03ffcabf2f1b4d2a65190db1680d62bb994e41c5251cd73b3c3dfc5e5bafc035", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "oKRMqUfWairLc2AIucCNGrKtA3duAmQPeEldRY3VHDI", + "y" : "Yzf-XPjEYEsfHECdwthy1ClKR2JCDfQ6MKI5LkBCat0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c326337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add", + "wx" : "00a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c32", + "wy" : "6337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a0a44ca947d66a2acb736008b9c08d1ab2ad03776e02640f78495d458dd51c326337fe5cf8c4604b1f1c409dc2d872d4294a4762420df43a30a2392e40426add", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoKRMqUfWairLc2AIucCNGrKtA3du\nAmQPeEldRY3VHDJjN/5c+MRgSx8cQJ3C2HLUKUpHYkIN9DowojkuQEJq3Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 146, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd4dfbc401f971cd304b33dfdb17d0fed0fe4c1a88ae648e0d2847f74977534989", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "ycIRUpDQCLRftl-tD2AjiSmMJUILd1AZ1Ctiw86Klrc", + "y" : "OHfSWoCA3ALZh8pzDwQFwsnb76xG-eYBzD8G6XE5c_0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b73877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd", + "wx" : "00c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b7", + "wy" : "3877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c9c2115290d008b45fb65fad0f602389298c25420b775019d42b62c3ce8a96b73877d25a8080dc02d987ca730f0405c2c9dbefac46f9e601cc3f06e9713973fd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEycIRUpDQCLRftl+tD2AjiSmMJUIL\nd1AZ1Ctiw86Klrc4d9JagIDcAtmHynMPBAXCydvvrEb55gHMPwbpcTlz/Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 147, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdbc4024761cd2ffd43dfdb17d0fed112b988977055cd3a8e54971eba9cda5ca71", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "Xsoe9MKH3dxmuLzPG4jookwAGJYvPF5--oO8Gl_2Az4", + "y" : "XnnEyywkW4xFq9zoqOTadY2SpgfDLNQH7K7yLxyTSnE" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71", + "wx" : "5eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e", + "wy" : "5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045eca1ef4c287dddc66b8bccf1b88e8a24c0018962f3c5e7efa83bc1a5ff6033e5e79c4cb2c245b8c45abdce8a8e4da758d92a607c32cd407ecaef22f1c934a71", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXsoe9MKH3dxmuLzPG4jookwAGJYv\nPF5++oO8Gl/2Az5eecTLLCRbjEWr3Oio5Np1jZKmB8Ms1AfsrvIvHJNKcQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 148, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd788048ed39a5ffa77bfb62fa1fda2257742bf35d128fb3459f2a0c909ee86f91", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "XKqgMOf98OSTa8erWpY1PgoB5BMMP4vyLUc-MXAppHo", + "y" : "3ratxGL3BY8qINNx6XAiVOmyAWQgBbPO2pJrQrF4vvk" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47adeb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9", + "wx" : "5caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47a", + "wy" : "00deb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045caaa030e7fdf0e4936bc7ab5a96353e0a01e4130c3f8bf22d473e317029a47adeb6adc462f7058f2a20d371e9702254e9b201642005b3ceda926b42b178bef9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXKqgMOf98OSTa8erWpY1PgoB5BMM\nP4vyLUc+MXAppHretq3EYvcFjyog03HpcCJU6bIBZCAFs87akmtCsXi++Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 149, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd476d9131fd381bd917d0fed112bc9e0a5924b5ed5b11167edd8b23582b3cb15e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "wv0gusBuVVu4rAzmnrHqIPg6H8NQHIpmRpsaMfYZsJg", + "y" : "YjcFB3n1K2Fb17jXaiX8lcou0yUlx18n_8h6w5fmy68" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b0986237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf", + "wx" : "00c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b098", + "wy" : "6237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c2fd20bac06e555bb8ac0ce69eb1ea20f83a1fc3501c8a66469b1a31f619b0986237050779f52b615bd7b8d76a25fc95ca2ed32525c75f27ffc87ac397e6cbaf", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwv0gusBuVVu4rAzmnrHqIPg6H8NQ\nHIpmRpsaMfYZsJhiNwUHefUrYVvXuNdqJfyVyi7TJSXHXyf/yHrDl+bLrw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 150, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd8374253e3e21bd154448d0a8f640fe46fafa8b19ce78d538f6cc0a19662d3601", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "P9ahyn93-zsLvnJsNyAQBoQm4R6mrnjOF77a5LuobO0", + "y" : "A85VFkBr-M-quHRerBzWkBitb1C1Rhhy3fxW4Ns8j_Q" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4", + "wx" : "3fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced", + "wy" : "03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043fd6a1ca7f77fb3b0bbe726c372010068426e11ea6ae78ce17bedae4bba86ced03ce5516406bf8cfaab8745eac1cd69018ad6f50b5461872ddfc56e0db3c8ff4", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP9ahyn93+zsLvnJsNyAQBoQm4R6m\nrnjOF77a5LuobO0DzlUWQGv4z6q4dF6sHNaQGK1vULVGGHLd/Fbg2zyP9A==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 151, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd357cfd3be4d01d413c5b9ede36cba5452c11ee7fe14879e749ae6a2d897a52d6", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "nLjlHielrjtiSmDW3DJzTkmJ2yDpvKPt4e33sIaRERQ", + "y" : "tMEEqzxnfks21lVuitX1I0EKGfLid6qJX8VzIrRCdUQ" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "049cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544", + "wx" : "009cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114", + "wy" : "00b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200049cb8e51e27a5ae3b624a60d6dc32734e4989db20e9bca3ede1edf7b086911114b4c104ab3c677e4b36d6556e8ad5f523410a19f2e277aa895fc57322b4427544", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLjlHielrjtiSmDW3DJzTkmJ2yDp\nvKPt4e33sIaRERS0wQSrPGd+SzbWVW6K1fUjQQoZ8uJ3qolfxXMitEJ1RA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 152, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd29798c5c0ee287d4a5e8e6b799fd86b8df5225298e6ffc807cd2f2bc27a0a6d8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "o-UsFW3K8QUCYgt5VbwrQLx47z1WnhIjwmJRLY9JYCo", + "y" : "SiA58xwQlwJK08yG5XMh3gMjVUY0hhZM8ZKUSXffFH8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f", + "wx" : "00a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a", + "wy" : "4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a3e52c156dcaf10502620b7955bc2b40bc78ef3d569e1223c262512d8f49602a4a2039f31c1097024ad3cc86e57321de032355463486164cf192944977df147f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEo+UsFW3K8QUCYgt5VbwrQLx47z1W\nnhIjwmJRLY9JYCpKIDnzHBCXAkrTzIblcyHeAyNVRjSGFkzxkpRJd98Ufw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 153, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0b70f22c781092452dca1a5711fa3a5a1f72add1bf52c2ff7cae4820b30078dd", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "8Zt4kocg1b7o5nD7kAEPsVw3v5G1ilFXw_PAWbJlXog", + "y" : "z3AeyWL7ShHc8nP13DV-WEaFYMfP65QtB0q9QykmBQk" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509", + "wx" : "00f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88", + "wy" : "00cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f19b78928720d5bee8e670fb90010fb15c37bf91b58a5157c3f3c059b2655e88cf701ec962fb4a11dcf273f5dc357e58468560c7cfeb942d074abd4329260509", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8Zt4kocg1b7o5nD7kAEPsVw3v5G1\nilFXw/PAWbJlXojPcB7JYvtKEdzyc/XcNX5YRoVgx8/rlC0HSr1DKSYFCQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 154, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd16e1e458f021248a5b9434ae23f474b43ee55ba37ea585fef95c90416600f1ba", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "g6dERZ7N-wGlz1KyegW7czdILSQvI117TLiTRVRckKg", + "y" : "wF1JM3uWSYEyh96f_pA1X9kF3188MpRYKBIfN8xQ3m4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0483a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e", + "wx" : "0083a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8", + "wy" : "00c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000483a744459ecdfb01a5cf52b27a05bb7337482d242f235d7b4cb89345545c90a8c05d49337b9649813287de9ffe90355fd905df5f3c32945828121f37cc50de6e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg6dERZ7N+wGlz1KyegW7czdILSQv\nI117TLiTRVRckKjAXUkze5ZJgTKH3p/+kDVf2QXfXzwylFgoEh83zFDebg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 155, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd2252d6856831b6cf895e4f0535eeaf0e5e5809753df848fe760ad86219016a97", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "3RPGs0xWmC3a4STwOd_SP0sZu-iM7o5SiuUeXW86Idc", + "y" : "v61MLm8mP-XrWcqXTQOfwOTDNFaS-1Mgva5L07QqRf8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff", + "wx" : "00dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7", + "wy" : "00bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dd13c6b34c56982ddae124f039dfd23f4b19bbe88cee8e528ae51e5d6f3a21d7bfad4c2e6f263fe5eb59ca974d039fc0e4c3345692fb5320bdae4bd3b42a45ff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3RPGs0xWmC3a4STwOd/SP0sZu+iM\n7o5SiuUeXW86Ide/rUwubyY/5etZypdNA5/A5MM0VpL7UyC9rkvTtCpF/w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 156, + "comment" : "edge case for u1", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd81ffe55f178da695b28c86d8b406b15dab1a9e39661a3ae017fbe390ac0972c3", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "Z-b2Wc3ehpovZfCU6U5bTfrWNrv5UZL-7tAbDz3rdGA", + "y" : "o34KUfJYt661Hf5ZL1z9VoW75YcSyNkjPGKIZDfDi6A" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0467e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0", + "wx" : "67e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460", + "wy" : "00a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000467e6f659cdde869a2f65f094e94e5b4dfad636bbf95192feeed01b0f3deb7460a37e0a51f258b7aeb51dfe592f5cfd5685bbe58712c8d9233c62886437c38ba0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZ+b2Wc3ehpovZfCU6U5bTfrWNrv5\nUZL+7tAbDz3rdGCjfgpR8li3rrUd/lkvXP1WhbvlhxLI2SM8YohkN8OLoA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 157, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd7fffffffaaaaaaaaffffffffffffffffe9a2538f37b28a2c513dee40fecbb71a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "LrZBJQWuwFxlRfApkyCH5JDQVRHo7B9Zlhe7Nn-eyq8", + "y" : "gF9R78xIA0A_mxrgEkiQ8GpD_tzdsxgw9maa8pKJXLA" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0", + "wx" : "2eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf", + "wy" : "00805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042eb6412505aec05c6545f029932087e490d05511e8ec1f599617bb367f9ecaaf805f51efcc4803403f9b1ae0124890f06a43fedcddb31830f6669af292895cb0", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrZBJQWuwFxlRfApkyCH5JDQVRHo\n7B9Zlhe7Nn+eyq+AX1HvzEgDQD+bGuASSJDwakP+3N2zGDD2ZprykolcsA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 158, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdb62f26b5f2a2b26f6de86d42ad8a13da3ab3cccd0459b201de009e526adf21f2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "hNtkWGjqs146n9gOBW4uhVQ146a2jXWlCoVGJf4NfzU", + "y" : "bSWJrGVe3JoR7z4HXt3amr-S5yFxVw73v0Oi7jkzjP4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0484db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f356d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe", + "wx" : "0084db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f35", + "wy" : "6d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000484db645868eab35e3a9fd80e056e2e855435e3a6b68d75a50a854625fe0d7f356d2589ac655edc9a11ef3e075eddda9abf92e72171570ef7bf43a2ee39338cfe", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhNtkWGjqs146n9gOBW4uhVQ146a2\njXWlCoVGJf4NfzVtJYmsZV7cmhHvPgde3dqav5LnIXFXDve/Q6LuOTOM/g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 159, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdbb1d9ac949dd748cd02bbbe749bd351cd57b38bb61403d700686aa7b4c90851e", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "kbnkfFYnhmLXXAmDsiyo6mqlBZt6L_djfrKXXjhq1mM", + "y" : "SaqP8oPQ93wY1tEdwGIWX9E8PAMQZ5wUCDAqFoVOz70" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0491b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad66349aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd", + "wx" : "0091b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad663", + "wy" : "49aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000491b9e47c56278662d75c0983b22ca8ea6aa5059b7a2ff7637eb2975e386ad66349aa8ff283d0f77c18d6d11dc062165fd13c3c0310679c1408302a16854ecfbd", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkbnkfFYnhmLXXAmDsiyo6mqlBZt6\nL/djfrKXXjhq1mNJqo/yg9D3fBjW0R3AYhZf0Tw8AxBnnBQIMCoWhU7PvQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 160, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd66755a00638cdaec1c732513ca0234ece52545dac11f816e818f725b4f60aaf2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "8-wvE8rwTQGStH-0xTEfttTcawqegC5TJ_fsXujkg00", + "y" : "-X4-Rot9Dbhn1uz-geKw-VMd-H79tHwTOKwyH-_lpDI" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834df97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432", + "wx" : "00f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834d", + "wy" : "00f97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f3ec2f13caf04d0192b47fb4c5311fb6d4dc6b0a9e802e5327f7ec5ee8e4834df97e3e468b7d0db867d6ecfe81e2b0f9531df87efdb47c1338ac321fefe5a432", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8+wvE8rwTQGStH+0xTEfttTcawqe\ngC5TJ/fsXujkg035fj5Gi30NuGfW7P6B4rD5Ux34fv20fBM4rDIf7+WkMg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 161, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd55a00c9fcdaebb6032513ca0234ecfffe98ebe492fdf02e48ca48e982beb3669", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "2SsgCu_Ktqx9r9msry-hCzGAI1uPRrRQPkaTxnD8zIg", + "y" : "XvLzrr9bMXR1M2JWdo98Ge-3NS0n5MzK3IW2uKuSLHI" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc885ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72", + "wx" : "00d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc88", + "wy" : "5ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d92b200aefcab6ac7dafd9acaf2fa10b3180235b8f46b4503e4693c670fccc885ef2f3aebf5b317475336256768f7c19efb7352d27e4cccadc85b6b8ab922c72", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2SsgCu/Ktqx9r9msry+hCzGAI1uP\nRrRQPkaTxnD8zIhe8vOuv1sxdHUzYlZ2j3wZ77c1LSfkzMrchba4q5Iscg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 162, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdab40193f9b5d76c064a27940469d9fffd31d7c925fbe05c919491d3057d66cd2", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "Cog2HrkuzKJiWzjl-Yu6u5a_F5s9dvxIFAo7zYgVI80", + "y" : "5r31YDP4SlBUA1WXN12QhmqiyWuGpBzPbt6_RymK1Ik" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cde6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489", + "wx" : "0a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cd", + "wy" : "00e6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040a88361eb92ecca2625b38e5f98bbabb96bf179b3d76fc48140a3bcd881523cde6bdf56033f84a5054035597375d90866aa2c96b86a41ccf6edebf47298ad489", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECog2HrkuzKJiWzjl+Yu6u5a/F5s9\ndvxIFAo7zYgVI83mvfVgM/hKUFQDVZc3XZCGaqLJa4akHM9u3r9HKYrUiQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 163, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdca0234ebb5fdcb13ca0234ecffffffffcb0dadbbc7f549f8a26b4408d0dc8600", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "0PsXzNj6_oJ-DBr8XY2ANm4rIOfxSlY6K6UEadhDdeg", + "y" : "aGEladOeK7n1VDVVZGRt6ZrGAsxjSc-MHiNqfedjfZM" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e868612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93", + "wx" : "00d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e8", + "wy" : "68612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d0fb17ccd8fafe827e0c1afc5d8d80366e2b20e7f14a563a2ba50469d84375e868612569d39e2bb9f554355564646de99ac602cc6349cf8c1e236a7de7637d93", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0PsXzNj6/oJ+DBr8XY2ANm4rIOfx\nSlY6K6UEadhDdehoYSVp054rufVUNVVkZG3pmsYCzGNJz4weI2p952N9kw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 164, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdbfffffff3ea3677e082b9310572620ae19933a9e65b285598711c77298815ad3", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "g28zu8HcDT06u87w2R8R4qxBgQdsmvCiKx5DCdPtsnY", + "y" : "mrRD_2-QHjDHc4Z1gpl8K-wrDLgSDXYCNvOpW76IH3U" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb2769ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75", + "wx" : "00836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb276", + "wy" : "009ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004836f33bbc1dc0d3d3abbcef0d91f11e2ac4181076c9af0a22b1e4309d3edb2769ab443ff6f901e30c773867582997c2bec2b0cb8120d760236f3a95bbe881f75", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg28zu8HcDT06u87w2R8R4qxBgQds\nmvCiKx5DCdPtsnaatEP/b5AeMMdzhnWCmXwr7CsMuBINdgI286lbvogfdQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 165, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd266666663bbbbbbbe6666666666666665b37902e023fab7c8f055d86e5cc41f4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "kvmfvpc-1KKZcZuu5LQydBI3A03sjXK6UQPLM-Vf7rg", + "y" : "Az3Q6RE0xzQXSInz688behrAV2cokoDuenlM69bmlpc" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0492f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697", + "wx" : "0092f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8", + "wy" : "033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000492f99fbe973ed4a299719baee4b432741237034dec8d72ba5103cb33e55feeb8033dd0e91134c734174889f3ebcf1b7a1ac05767289280ee7a794cebd6e69697", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkvmfvpc+1KKZcZuu5LQydBI3A03s\njXK6UQPLM+Vf7rgDPdDpETTHNBdIifPrzxt6GsBXZyiSgO56eUzr1uaWlw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 166, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdbfffffff36db6db7a492492492492492146c573f4c6dfc8d08a443e258970b09", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "01uljaMBl9N45hjsD6fi4tEs_9c-u7IEnRMLukNK8J4", + "y" : "_4OYbmh15B6kMrdYWkmzpsd8uzxHkZ-OgodMeUY1wdI" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09eff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2", + "wx" : "00d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09e", + "wy" : "00ff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004d35ba58da30197d378e618ec0fa7e2e2d12cffd73ebbb2049d130bba434af09eff83986e6875e41ea432b7585a49b3a6c77cbb3c47919f8e82874c794635c1d2", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01uljaMBl9N45hjsD6fi4tEs/9c+\nu7IEnRMLukNK8J7/g5huaHXkHqQyt1haSbOmx3y7PEeRn46Ch0x5RjXB0g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 167, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdbfffffff2aaaaaab7fffffffffffffffc815d0e60b3e596ecb1ad3a27cfd49c4", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "hlHOSQ8bRtc_P_R1FJvikTZpczSlGdfdqwclyNB5MiQ", + "y" : "4RxlvYypLci8mugpEfC1J1HOId2QA65gkAvYJfWQzCg" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28", + "wx" : "008651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224", + "wy" : "00e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048651ce490f1b46d73f3ff475149be29136697334a519d7ddab0725c8d0793224e11c65bd8ca92dc8bc9ae82911f0b52751ce21dd9003ae60900bd825f590cc28", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhlHOSQ8bRtc/P/R1FJvikTZpczSl\nGdfdqwclyNB5MiThHGW9jKktyLya6CkR8LUnUc4h3ZADrmCQC9gl9ZDMKA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 168, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd7fffffff55555555ffffffffffffffffd344a71e6f651458a27bdc81fd976e37", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "bY4bEsgxoNqHlWUP-V8QHtkh2eL3KxWxzaypgmuc_G0", + "y" : "721j4rxcCJVwOUpLyfiS1ebHpqY3sgRppYwQatSGvzc" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6def6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37", + "wx" : "6d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6d", + "wy" : "00ef6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046d8e1b12c831a0da8795650ff95f101ed921d9e2f72b15b1cdaca9826b9cfc6def6d63e2bc5c089570394a4bc9f892d5e6c7a6a637b20469a58c106ad486bf37", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbY4bEsgxoNqHlWUP+V8QHtkh2eL3\nKxWxzaypgmuc/G3vbWPivFwIlXA5SkvJ+JLV5sempjeyBGmljBBq1Ia/Nw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 169, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd3fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192aa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "CuWAuukztO8pl8vbsJIjKMqaQQ9ieg99_yTLTZIOFUI", + "y" : "iRHn-Mw2WoqI64FCGjYczCuZ4wnY3Nmpi6g8OUnYk-M" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e15428911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3", + "wx" : "0ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e1542", + "wy" : "008911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040ae580bae933b4ef2997cbdbb0922328ca9a410f627a0f7dff24cb4d920e15428911e7f8cc365a8a88eb81421a361ccc2b99e309d8dcd9a98ba83c3949d893e3", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECuWAuukztO8pl8vbsJIjKMqaQQ9i\neg99/yTLTZIOFUKJEef4zDZaiojrgUIaNhzMK5njCdjc2amLqDw5SdiT4w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 170, + "comment" : "edge case for u2", + "msg" : "313233343030", + "sig" : "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd5d8ecd64a4eeba466815ddf3a4de9a8e6abd9c5db0a01eb80343553da648428f", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "W4Ev1SGq-mmDWoSczm-962mDtELSRE_nDhNMAn_EaWM", + "y" : "g4pA8qNgkukATpLY2UDPVjhVDOZyzouNThXrpUmSSek" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9", + "wx" : "5b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963", + "wy" : "00838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963838a40f2a36092e9004e92d8d940cf5638550ce672ce8b8d4e15eba5499249e9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW4Ev1SGq+mmDWoSczm+962mDtELS\nRE/nDhNMAn/EaWODikDyo2CS6QBOktjZQM9WOFUM5nLOi41OFeulSZJJ6Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 171, + "comment" : "point duplication during verification", + "msg" : "313233343030", + "sig" : "6f2347cab7dd76858fe0555ac3bc99048c4aacafdfb6bcbe05ea6c42c4934569bb726660235793aa9957a61e76e00c2c435109cf9a15dd624d53f4301047856b", + "result" : "valid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "W4Ev1SGq-mmDWoSczm-962mDtELSRE_nDhNMAn_EaWM", + "y" : "fHW_DFyfbRf_sW0nJr8wqceq8xqNMXRyseoUWrZtthY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc469637c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616", + "wx" : "5b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc46963", + "wy" : "7c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045b812fd521aafa69835a849cce6fbdeb6983b442d2444fe70e134c027fc469637c75bf0c5c9f6d17ffb16d2726bf30a9c7aaf31a8d317472b1ea145ab66db616", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW4Ev1SGq+mmDWoSczm+962mDtELS\nRE/nDhNMAn/EaWN8db8MXJ9tF/+xbScmvzCpx6rzGo0xdHKx6hRatm22Fg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 172, + "comment" : "duplication bug", + "msg" : "313233343030", + "sig" : "6f2347cab7dd76858fe0555ac3bc99048c4aacafdfb6bcbe05ea6c42c4934569bb726660235793aa9957a61e76e00c2c435109cf9a15dd624d53f4301047856b", + "result" : "invalid", + "flags" : [ + "PointDuplication" + ] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "at2oK5AmGw8xn6oNh4ZlprbaSX8JyQMXYiLDSs_vcqY", + "y" : "R-b1DcxArV2bWfdgK7Ii-tcaQb9eH530lZo2TGLkiNk" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a647e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9", + "wx" : "6adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a6", + "wy" : "47e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046adda82b90261b0f319faa0d878665a6b6da497f09c903176222c34acfef72a647e6f50dcc40ad5d9b59f7602bb222fad71a41bf5e1f9df4959a364c62e488d9", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEat2oK5AmGw8xn6oNh4ZlprbaSX8J\nyQMXYiLDSs/vcqZH5vUNzECtXZtZ92ArsiL61xpBv14fnfSVmjZMYuSI2Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 173, + "comment" : "point with x-coordinate 0", + "msg" : "313233343030", + "sig" : "0000000000000000000000000000000000000000000000000000000000000001555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "L8oNCkeRTed-1W5-zMMnamARIMbfAGnIJcj2oByfOCA", + "y" : "ZfNFCh0XxrJJiaOb6xx97PyoOE-9wpRBjl2Aezxu194" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f382065f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de", + "wx" : "2fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f3820", + "wy" : "65f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042fca0d0a47914de77ed56e7eccc3276a601120c6df0069c825c8f6a01c9f382065f3450a1d17c6b24989a39beb1c7decfca8384fbdc294418e5d807b3c6ed7de", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL8oNCkeRTed+1W5+zMMnamARIMbf\nAGnIJcj2oByfOCBl80UKHRfGskmJo5vrHH3s/Kg4T73ClEGOXYB7PG7X3g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 174, + "comment" : "point with x-coordinate 0", + "msg" : "313233343030", + "sig" : "010000000000000000000000000000000000000000000000000000000000000000003333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aa9", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "3YbTtfShPoURCDt4ACCBxT_0Z_EevZilGmM9t2Zl0lA", + "y" : "RdXIIAyJ8voQ2Ek0kibSHY367W_41cs-G34XR068GPc" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d25045d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7", + "wx" : "00dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d250", + "wy" : "45d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004dd86d3b5f4a13e8511083b78002081c53ff467f11ebd98a51a633db76665d25045d5c8200c89f2fa10d849349226d21d8dfaed6ff8d5cb3e1b7e17474ebc18f7", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3YbTtfShPoURCDt4ACCBxT/0Z/Ee\nvZilGmM9t2Zl0lBF1cggDIny+hDYSTSSJtIdjfrtb/jVyz4bfhdHTrwY9w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 175, + "comment" : "comparison with point at infinity ", + "msg" : "313233343030", + "sig" : "555555550000000055555555555555553ef7a8e48d07df81a693439654210c703333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aa9", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "T-pVsyyzKsoMEsTNCr-05ksPWlFuV4wBZZGpP1oPvMU", + "y" : "19P9ELK-ZoxUeyEva7FMiPD-zTiopLLHhe075izksoA" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280", + "wx" : "4fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5", + "wy" : "00d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044fea55b32cb32aca0c12c4cd0abfb4e64b0f5a516e578c016591a93f5a0fbcc5d7d3fd10b2be668c547b212f6bb14c88f0fecd38a8a4b2c785ed3be62ce4b280", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET+pVsyyzKsoMEsTNCr+05ksPWlFu\nV4wBZZGpP1oPvMXX0/0Qsr5mjFR7IS9rsUyI8P7NOKiksseF7TvmLOSygA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 176, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "xqdxUnAkIneSFwpvju5zW_Mrf5ivZp6tKZgC4y18MQc", + "y" : "vDtLXmWriHu9NDVys-VhkmH-Ogc-L_14QS9yaGfbWJ4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e", + "wx" : "00c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107", + "wy" : "00bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004c6a771527024227792170a6f8eee735bf32b7f98af669ead299802e32d7c3107bc3b4b5e65ab887bbd343572b3e5619261fe3a073e2ffd78412f726867db589e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExqdxUnAkIneSFwpvju5zW/Mrf5iv\nZp6tKZgC4y18MQe8O0teZauIe700NXKz5WGSYf46Bz4v/XhBL3JoZ9tYng==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 177, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978b6db6db6249249254924924924924924625bd7a09bec4ca81bcdd9f8fd6b63cc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "hRwrutCOVOx6mvmfSfA2RNbsbVmyB_7JjehafRW5Vu8", + "y" : "zumWAoMEUHVoS0EL6ND3SUuRqiN59gcnMZ8Q3esP6dY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956efcee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6", + "wx" : "00851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956ef", + "wy" : "00cee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004851c2bbad08e54ec7a9af99f49f03644d6ec6d59b207fec98de85a7d15b956efcee9960283045075684b410be8d0f7494b91aa2379f60727319f10ddeb0fe9d6", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhRwrutCOVOx6mvmfSfA2RNbsbVmy\nB/7JjehafRW5Vu/O6ZYCgwRQdWhLQQvo0PdJS5GqI3n2BycxnxDd6w/p1g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 178, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978cccccccc00000000cccccccccccccccc971f2ef152794b9d8fc7d568c9e8eaa7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "9kF8imcFhOOIZ2lJ5T2n_FWRH_aDGNG_MGEgWssZxI8", + "y" : "jyt0PfNK0PcmdKy3UFkpeEd5zZrJFsNmnq1DAmq21D8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f8f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f", + "wx" : "00f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f", + "wy" : "008f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004f6417c8a670584e388676949e53da7fc55911ff68318d1bf3061205acb19c48f8f2b743df34ad0f72674acb7505929784779cd9ac916c3669ead43026ab6d43f", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9kF8imcFhOOIZ2lJ5T2n/FWRH/aD\nGNG/MGEgWssZxI+PK3Q980rQ9yZ0rLdQWSl4R3nNmskWw2aerUMCarbUPw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 179, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc476699783333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aaa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "UBQhJ3vkWl7v7GxjmTDWNgMlZa9CDPM3P1V_qn-KBkM", + "y" : "hnPWy2B24c_Nx9_nOEyOXKwI10UB8q5uicrRldCqE3E" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a06438673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371", + "wx" : "501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a0643", + "wy" : "008673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004501421277be45a5eefec6c639930d636032565af420cf3373f557faa7f8a06438673d6cb6076e1cfcdc7dfe7384c8e5cac08d74501f2ae6e89cad195d0aa1371", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUBQhJ3vkWl7v7GxjmTDWNgMlZa9C\nDPM3P1V/qn+KBkOGc9bLYHbhz83H3+c4TI5crAjXRQHyrm6JytGV0KoTcQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 180, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc4766997849249248db6db6dbb6db6db6db6db6db5a8b230d0b2b51dcd7ebf0c9fef7c185", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "DZNb-f_BFaUnc19ynKikyiPuAaSJSt8ONBWshOgIuzQ", + "y" : "MZWjdi_qKe04kSvZ6mxP3nDDBQiTpDdYUM5h2C66M8U" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "040d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb343195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5", + "wx" : "0d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb34", + "wy" : "3195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200040d935bf9ffc115a527735f729ca8a4ca23ee01a4894adf0e3415ac84e808bb343195a3762fea29ed38912bd9ea6c4fde70c3050893a4375850ce61d82eba33c5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDZNb+f/BFaUnc19ynKikyiPuAaSJ\nSt8ONBWshOgIuzQxlaN2L+op7TiRK9nqbE/ecMMFCJOkN1hQzmHYLrozxQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 181, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc4766997816a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "Xln1Bwhka-iliTVQFDCOYLZo-2cBliBsQedI5k5NyiE", + "y" : "XeN_7lyXvK9xRNW0WZgvUu7q-98Dqsuv7zjiE2JKAd4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "045e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca215de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de", + "wx" : "5e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca21", + "wy" : "5de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200045e59f50708646be8a589355014308e60b668fb670196206c41e748e64e4dca215de37fee5c97bcaf7144d5b459982f52eeeafbdf03aacbafef38e213624a01de", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXln1Bwhka+iliTVQFDCOYLZo+2cB\nliBsQedI5k5NyiFd43/uXJe8r3FE1bRZmC9S7ur73wOqy6/vOOITYkoB3g==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 182, + "comment" : "extreme value for k and edgecase s", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296555555550000000055555555555555553ef7a8e48d07df81a693439654210c70", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "Fp-3lzJYQ_r_L3pbVEXani_WIm9--Q7wv-kkEEsC244", + "y" : "e7uN5mLHubHPmyL3ouWCvUbVgdaIeO-yuGGxMdih1mc" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667", + "wx" : "169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e", + "wy" : "7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004169fb797325843faff2f7a5b5445da9e2fd6226f7ef90ef0bfe924104b02db8e7bbb8de662c7b9b1cf9b22f7a2e582bd46d581d68878efb2b861b131d8a1d667", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFp+3lzJYQ/r/L3pbVEXani/WIm9+\n+Q7wv+kkEEsC2457u43mYse5sc+bIvei5YK9RtWB1oh477K4YbEx2KHWZw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 183, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b6db6db6249249254924924924924924625bd7a09bec4ca81bcdd9f8fd6b63cc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "JxzYnAABQwlrYtTp5MqIWu8vcCPRiv_a-Le1SJgUh1Q", + "y" : "ChxulU4yEIQ1tV-jhbD3ZIGmCbkUnMtLArLKR_6OTaU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b548981487540a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5", + "wx" : "271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b54898148754", + "wy" : "0a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004271cd89c000143096b62d4e9e4ca885aef2f7023d18affdaf8b7b548981487540a1c6e954e32108435b55fa385b0f76481a609b9149ccb4b02b2ca47fe8e4da5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJxzYnAABQwlrYtTp5MqIWu8vcCPR\niv/a+Le1SJgUh1QKHG6VTjIQhDW1X6OFsPdkgaYJuRScy0sCsspH/o5NpQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 184, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296cccccccc00000000cccccccccccccccc971f2ef152794b9d8fc7d568c9e8eaa7", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "PQvH7Y8J0st920brwe15mrFWOpq4S_UkWHoiCv5JnBI", + "y" : "4i3Ds8EDgkpPN42WrbCkCKvxnOfWiqYkT3jLIW-j-N8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df", + "wx" : "3d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12", + "wy" : "00e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043d0bc7ed8f09d2cb7ddb46ebc1ed799ab1563a9ab84bf524587a220afe499c12e22dc3b3c103824a4f378d96adb0a408abf19ce7d68aa6244f78cb216fa3f8df", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPQvH7Y8J0st920brwe15mrFWOpq4\nS/UkWHoiCv5JnBLiLcOzwQOCSk83jZatsKQIq/Gc59aKpiRPeMshb6P43w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 185, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2963333333300000000333333333333333325c7cbbc549e52e763f1f55a327a3aaa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "psiFreGkxWb5uwENBml0q7KBeX-nASiMchvL0jZjqbc", + "y" : "LkJLaQlXFo0ZOmCW_HeisASpx9Rn4Afh8gWEWPmK8xY" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b72e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316", + "wx" : "00a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b7", + "wy" : "2e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004a6c885ade1a4c566f9bb010d066974abb281797fa701288c721bcbd23663a9b72e424b690957168d193a6096fc77a2b004a9c7d467e007e1f2058458f98af316", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpsiFreGkxWb5uwENBml0q7KBeX+n\nASiMchvL0jZjqbcuQktpCVcWjRk6YJb8d6KwBKnH1GfgB+HyBYRY+YrzFg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 186, + "comment" : "extreme value for k and s^-1", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29649249248db6db6dbb6db6db6db6db6db5a8b230d0b2b51dcd7ebf0c9fef7c185", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "jTwsLDt2W6gonmrDgSVyolv3XfYth6tzMMO9utnr-lw", + "y" : "TGhFRC1mk1sjhXjUOuxU98qhYh0a8kHUYy4LeAxCP10" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "048d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d", + "wx" : "008d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c", + "wy" : "4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200048d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjTwsLDt2W6gonmrDgSVyolv3XfYt\nh6tzMMO9utnr+lxMaEVELWaTWyOFeNQ67FT3yqFiHRryQdRjLgt4DEI/XQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 187, + "comment" : "extreme value for k", + "msg" : "313233343030", + "sig" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29616a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY", + "y" : "T-NC4v4af5uO5-tKfA-eFivOM1drMV7Oy7ZAaDe_UfU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + "wx" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + "wy" : "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaxfR8uEsQkf4vOblY6RA8ncDfYEt\n6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9Q==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 188, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 189, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "44a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY", + "y" : "sBy9HAHlgGVxGBS1g_Bh6dQxzKmUzqExNEm_l8hArgo" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a", + "wx" : "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + "wy" : "00b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaxfR8uEsQkf4vOblY6RA8ncDfYEt\n6zOg9KE5RdiYwpawHL0cAeWAZXEYFLWD8GHp1DHMqZTOoTE0Sb+XyECuCg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 190, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 191, + "comment" : "testing point duplication", + "msg" : "313233343030", + "sig" : "44a5ad0ad0636d9f12bc9e0a6bdd5e1cbcb012ea7bf091fcec15b0c43202d52e249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "BKrsc2NXJvIT-4qeZNo7hjLkFJWpRNAEW1IuunJA-tU", + "y" : "h9kxV5iqo6W6AXdXh87QXqr3tOCfyB1tGqVG6DZdUl0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0404aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad587d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d", + "wx" : "04aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad5", + "wy" : "0087d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000404aaec73635726f213fb8a9e64da3b8632e41495a944d0045b522eba7240fad587d9315798aaa3a5ba01775787ced05eaaf7b4e09fc81d6d1aa546e8365d525d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBKrsc2NXJvIT+4qeZNo7hjLkFJWp\nRNAEW1IuunJA+tWH2TFXmKqjpboBd1eHztBeqve04J/IHW0apUboNl1SXQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 192, + "comment" : "pseudorandom signature", + "msg" : "", + "sig" : "b292a619339f6e567a305c951c0dcbcc42d16e47f219f9e98e76e09d8770b34a0177e60492c5a8242f76f07bfe3661bde59ec2a17ce5bd2dab2abebdf89a62e2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 193, + "comment" : "pseudorandom signature", + "msg" : "4d7367", + "sig" : "530bd6b0c9af2d69ba897f6b5fb59695cfbf33afe66dbadcf5b8d2a2a6538e23d85e489cb7a161fd55ededcedbf4cc0c0987e3e3f0f242cae934c72caa3f43e9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 194, + "comment" : "pseudorandom signature", + "msg" : "313233343030", + "sig" : "a8ea150cb80125d7381c4c1f1da8e9de2711f9917060406a73d7904519e51388f3ab9fa68bd47973a73b2d40480c2ba50c22c9d76ec217257288293285449b86", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 195, + "comment" : "pseudorandom signature", + "msg" : "0000000000000000000000000000000000000000", + "sig" : "986e65933ef2ed4ee5aada139f52b70539aaf63f00a91f29c69178490d57fb713dafedfb8da6189d372308cbf1489bbbdabf0c0217d1c0ff0f701aaa7a694b9c", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "TzN8z9Z3JqgF5PFgCuKEnfOAfsoRc4Ajn72BaQAAAAA", + "y" : "7Z3qEkzIw5ZBZBHpiMMPQn61BK9DoxRs1d9-pgZm1oU" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "044f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685", + "wx" : "4f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000", + "wy" : "00ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200044f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000ed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETzN8z9Z3JqgF5PFgCuKEnfOAfsoR\nc4Ajn72BaQAAAADtneoSTMjDlkFkEemIww9CfrUEr0OjFGzV336mBmbWhQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 196, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "d434e262a49eab7781e353a3565e482550dd0fd5defa013c7f29745eff3569f19b0c0a93f267fb6052fd8077be769c2b98953195d7bc10de844218305c6ba17a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 197, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "0fe774355c04d060f76d79fd7a772e421463489221bf0a33add0be9b1979110b500dcba1c69a8fbd43fa4f57f743ce124ca8b91a1f325f3fac6181175df55737", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 198, + "comment" : "x-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "bb40bf217bed3fb3950c7d39f03d36dc8e3b2cd79693f125bfd06595ee1135e3541bf3532351ebb032710bdb6a1bf1bfc89a1e291ac692b3fa4780745bb55677", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "PPA9YU2JOc_UmaB4c_rCgWGPBrj_h-gBXD9JcmUASTU", + "y" : "hPoXTXkccr8s44gKiWDdKnx6EzioL4Wp5Zzb3oAAAAA" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f49726500493584fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000", + "wx" : "3cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f497265004935", + "wy" : "0084fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f49726500493584fa174d791c72bf2ce3880a8960dd2a7c7a1338a82f85a9e59cdbde80000000", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPPA9YU2JOc/UmaB4c/rCgWGPBrj/\nh+gBXD9JcmUASTWE+hdNeRxyvyzjiAqJYN0qfHoTOKgvhanlnNvegAAAAA==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 199, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "664eb7ee6db84a34df3c86ea31389a5405badd5ca99231ff556d3e75a233e73a59f3c752e52eca46137642490a51560ce0badc678754b8f72e51a2901426a1bd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 200, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "4cd0429bbabd2827009d6fcd843d4ce39c3e42e2d1631fd001985a79d1fd8b439638bf12dd682f60be7ef1d0e0d98f08b7bca77a1a2b869ae466189d2acdabe3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 201, + "comment" : "y-coordinate of the public key has many trailing 0's", + "msg" : "4d657373616765", + "sig" : "e56c6ea2d1b017091c44d8b6cb62b9f460e3ce9aed5e5fd41e8added97c56c04a308ec31f281e955be20b457e463440b4fcf2b80258078207fc1378180f89b55", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "PPA9YU2JOc_UmaB4c_rCgWGPBrj_h-gBXD9JcmUASTU", + "y" : "ewXosYbjjUHTHHf1dp8i1YOF7MhX0HpWGmMkIX____8" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f4972650049357b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff", + "wx" : "3cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f497265004935", + "wy" : "7b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200043cf03d614d8939cfd499a07873fac281618f06b8ff87e8015c3f4972650049357b05e8b186e38d41d31c77f5769f22d58385ecc857d07a561a6324217fffffff", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPPA9YU2JOc/UmaB4c/rCgWGPBrj/\nh+gBXD9JcmUASTV7BeixhuONQdMcd/V2nyLVg4XsyFfQelYaYyQhf////w==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 202, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "1158a08d291500b4cabed3346d891eee57c176356a2624fb011f8fbbf3466830228a8c486a736006e082325b85290c5bc91f378b75d487dda46798c18f285519", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 203, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "b1db9289649f59410ea36b0c0fc8d6aa2687b29176939dd23e0dde56d309fa9d3e1535e4280559015b0dbd987366dcf43a6d1af5c23c7d584e1c3f48a1251336", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 204, + "comment" : "y-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "b7b16e762286cb96446aa8d4e6e7578b0a341a79f2dd1a220ac6f0ca4e24ed86ddc60a700a139b04661c547d07bbb0721780146df799ccf55e55234ecb8f12bc", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "KCnDH6ouQA40TtlLyj_NBUWVbrz-itD236X_jv____8", + "y" : "oBqvrwAOUlhYVa-nZ2reKEETCZBS31fn6zvTfr65Ii4" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "042829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffffa01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e", + "wx" : "2829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffff", + "wy" : "00a01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d030107034200042829c31faa2e400e344ed94bca3fcd0545956ebcfe8ad0f6dfa5ff8effffffffa01aafaf000e52585855afa7676ade284113099052df57e7eb3bd37ebeb9222e", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKCnDH6ouQA40TtlLyj/NBUWVbrz+\nitD236X/jv////+gGq+vAA5SWFhVr6dnat4oQRMJkFLfV+frO9N+vrkiLg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 205, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "d82a7c2717261187c8e00d8df963ff35d796edad36bc6e6bd1c91c670d9105b43dcabddaf8fcaa61f4603e7cbac0f3c0351ecd5988efb23f680d07debd139929", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 206, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "5eb9c8845de68eb13d5befe719f462d77787802baff30ce96a5cba063254af782c026ae9be2e2a5e7ca0ff9bbd92fb6e44972186228ee9a62b87ddbe2ef66fb5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 207, + "comment" : "x-coordinate of the public key has many trailing 1's", + "msg" : "4d657373616765", + "sig" : "96843dd03c22abd2f3b782b170239f90f277921becc117d0404a8e4e36230c28f2be378f526f74a543f67165976de9ed9a31214eb4d7e6db19e1ede123dd991d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "____-UgIHmoEWN2PnnOPJmX_kFmtaqwHCDGMTKmnpPU", + "y" : "Woq8ui3ahHQxHuVBSblzyuDA-4lVetC_eOZSmhZjvXM" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f55a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73", + "wx" : "00fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f5", + "wy" : "5a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004fffffff948081e6a0458dd8f9e738f2665ff9059ad6aac0708318c4ca9a7a4f55a8abcba2dda8474311ee54149b973cae0c0fb89557ad0bf78e6529a1663bd73", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE////+UgIHmoEWN2PnnOPJmX/kFmt\naqwHCDGMTKmnpPVairy6LdqEdDEe5UFJuXPK4MD7iVV60L945lKaFmO9cw==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 208, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "766456dce1857c906f9996af729339464d27e9d98edc2d0e3b760297067421f6402385ecadae0d8081dccaf5d19037ec4e55376eced699e93646bfbbf19d0b41", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 209, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "c605c4b2edeab20419e6518a11b2dbc2b97ed8b07cced0b19c34f777de7b9fd9edf0f612c5f46e03c719647bc8af1b29b2cde2eda700fb1cff5e159d47326dba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 210, + "comment" : "x-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "d48b68e6cabfe03cf6141c9ac54141f210e64485d9929ad7b732bfe3b7eb8a84feedae50c61bd00e19dc26f9b7e2265e4508c389109ad2f208f0772315b6c941", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "AAAAA_oV-WOUnV8DpvXH-G-eABXusjrrv_EXOTe6dI4", + "y" : "EJmHIHDo6HxVX6E2Wcyl1_rc_LACPqiJVIykivK6fnE" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "0400000003fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71", + "wx" : "03fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e", + "wy" : "1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000400000003fa15f963949d5f03a6f5c7f86f9e0015eeb23aebbff1173937ba748e1099872070e8e87c555fa13659cca5d7fadcfcb0023ea889548ca48af2ba7e71", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAA/oV+WOUnV8DpvXH+G+eABXu\nsjrrv/EXOTe6dI4QmYcgcOjofFVfoTZZzKXX+tz8sAI+qIlUjKSK8rp+cQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 211, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "b7c81457d4aeb6aa65957098569f0479710ad7f6595d5874c35a93d12a5dd4c7b7961a0b652878c2d568069a432ca18a1a9199f2ca574dad4b9e3a05c0a1cdb3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 212, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "6b01332ddb6edfa9a30a1321d5858e1ee3cf97e263e669f8de5e9652e76ff3f75939545fced457309a6a04ace2bd0f70139c8f7d86b02cb1cc58f9e69e96cd5a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 213, + "comment" : "x-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "efdb884720eaeadc349f9fc356b6c0344101cd2fd8436b7d0e6a4fb93f106361f24bee6ad5dc05f7613975473aadf3aacba9e77de7d69b6ce48cb60d8113385d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "vLspFMefBF6qbsu8YSgWs75dLWeWcH2BJen4UcGK8BU", + "y" : "AAAAABNSu0oPoupMzrmrY91oSt5aESe88wCmmKcZO8I" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015000000001352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2", + "wx" : "00bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015", + "wy" : "1352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015000000001352bb4a0fa2ea4cceb9ab63dd684ade5a1127bcf300a698a7193bc2", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvLspFMefBF6qbsu8YSgWs75dLWeW\ncH2BJen4UcGK8BUAAAAAE1K7Sg+i6kzOuatj3WhK3loRJ7zzAKaYpxk7wg==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 214, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "31230428405560dcb88fb5a646836aea9b23a23dd973dcbe8014c87b8b20eb070f9344d6e812ce166646747694a41b0aaf97374e19f3c5fb8bd7ae3d9bd0beff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 215, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "caa797da65b320ab0d5c470cda0b36b294359c7db9841d679174db34c4855743cf543a62f23e212745391aaf7505f345123d2685ee3b941d3de6d9b36242e5a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 216, + "comment" : "y-coordinate of the public key is small", + "msg" : "4d657373616765", + "sig" : "7e5f0ab5d900d3d3d7867657e5d6d36519bc54084536e7d21c336ed8001859459450c07f201faec94b82dfb322e5ac676688294aad35aa72e727ff0b19b646aa", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "jwk" : { + "crv" : "P-256", + "kid" : "none", + "kty" : "EC", + "x" : "vLspFMefBF6qbsu8YSgWs75dLWeWcH2BJen4UcGK8BU", + "y" : "_____uytRLbwXRWzMUZUnCKXtSKl7thDDP9ZZ1jmxD0" + }, + "key" : { + "curve" : "secp256r1", + "keySize" : 256, + "type" : "EcPublicKey", + "uncompressed" : "04bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d", + "wx" : "00bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015", + "wy" : "00fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d" + }, + "keyDer" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004bcbb2914c79f045eaa6ecbbc612816b3be5d2d6796707d8125e9f851c18af015fffffffeecad44b6f05d15b33146549c2297b522a5eed8430cff596758e6c43d", + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvLspFMefBF6qbsu8YSgWs75dLWeW\ncH2BJen4UcGK8BX////+7K1EtvBdFbMxRlScIpe1IqXu2EMM/1lnWObEPQ==\n-----END PUBLIC KEY-----", + "sha" : "SHA-256", + "type" : "EcdsaP1363Verify", + "tests" : [ + { + "tcId" : 217, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "d7d70c581ae9e3f66dc6a480bf037ae23f8a1e4a2136fe4b03aa69f0ca25b35689c460f8a5a5c2bbba962c8a3ee833a413e85658e62a59e2af41d9127cc47224", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 218, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "341c1b9ff3c83dd5e0dfa0bf68bcdf4bb7aa20c625975e5eeee34bb396266b3472b69f061b750fd5121b22b11366fad549c634e77765a017902a67099e0a4469", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 219, + "comment" : "y-coordinate of the public key is large", + "msg" : "4d657373616765", + "sig" : "70bebe684cdcb5ca72a42f0d873879359bd1781a591809947628d313a3814f67aec03aca8f5587a4d535fa31027bbe9cc0e464b1c3577f4c2dcde6b2094798a9", + "result" : "valid", + "flags" : [] + } + ] + } + ] +} diff --git a/dependencies/@openzeppelin/test/utils/introspection/ERC165.test.js b/dependencies/@openzeppelin/test/utils/introspection/ERC165.test.js new file mode 100644 index 00000000..8117c695 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/introspection/ERC165.test.js @@ -0,0 +1,18 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { shouldSupportInterfaces } = require('./SupportsInterface.behavior'); + +async function fixture() { + return { + mock: await ethers.deployContract('$ERC165'), + }; +} + +describe('ERC165', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + shouldSupportInterfaces(); +}); diff --git a/dependencies/@openzeppelin/test/utils/introspection/ERC165Checker.test.js b/dependencies/@openzeppelin/test/utils/introspection/ERC165Checker.test.js new file mode 100644 index 00000000..1bbe8a57 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/introspection/ERC165Checker.test.js @@ -0,0 +1,245 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const DUMMY_ID = '0xdeadbeef'; +const DUMMY_ID_2 = '0xcafebabe'; +const DUMMY_ID_3 = '0xdecafbad'; +const DUMMY_UNSUPPORTED_ID = '0xbaddcafe'; +const DUMMY_UNSUPPORTED_ID_2 = '0xbaadcafe'; +const DUMMY_ACCOUNT = '0x1111111111111111111111111111111111111111'; + +async function fixture() { + return { mock: await ethers.deployContract('$ERC165Checker') }; +} + +describe('ERC165Checker', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('ERC165 missing return data', function () { + before(async function () { + this.target = await ethers.deployContract('ERC165MissingData'); + }); + + it('does not support ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.false; + }); + + it('does not support mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(this.target, DUMMY_ID)).to.be.false; + }); + + it('does not support mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, [DUMMY_ID])).to.be.false; + }); + + it('does not support mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, [DUMMY_ID])).to.deep.equal([false]); + }); + + it('does not support mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, DUMMY_ID)).to.be.false; + }); + }); + + describe('ERC165 malicious return data', function () { + beforeEach(async function () { + this.target = await ethers.deployContract('ERC165MaliciousData'); + }); + + it('does not support ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.false; + }); + + it('does not support mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(this.target, DUMMY_ID)).to.be.false; + }); + + it('does not support mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, [DUMMY_ID])).to.be.false; + }); + + it('does not support mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, [DUMMY_ID])).to.deep.equal([false]); + }); + + it('does not support mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, DUMMY_ID)).to.be.true; + }); + }); + + describe('ERC165 not supported', function () { + beforeEach(async function () { + this.target = await ethers.deployContract('ERC165NotSupported'); + }); + + it('does not support ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.false; + }); + + it('does not support mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(this.target, DUMMY_ID)).to.be.false; + }); + + it('does not support mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, [DUMMY_ID])).to.be.false; + }); + + it('does not support mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, [DUMMY_ID])).to.deep.equal([false]); + }); + + it('does not support mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, DUMMY_ID)).to.be.false; + }); + }); + + describe('ERC165 supported', function () { + beforeEach(async function () { + this.target = await ethers.deployContract('ERC165InterfacesSupported', [[]]); + }); + + it('supports ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.true; + }); + + it('does not support mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(this.target, DUMMY_ID)).to.be.false; + }); + + it('does not support mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, [DUMMY_ID])).to.be.false; + }); + + it('does not support mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, [DUMMY_ID])).to.deep.equal([false]); + }); + + it('does not support mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, DUMMY_ID)).to.be.false; + }); + }); + + describe('ERC165 and single interface supported', function () { + beforeEach(async function () { + this.target = await ethers.deployContract('ERC165InterfacesSupported', [[DUMMY_ID]]); + }); + + it('supports ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.true; + }); + + it('supports mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(this.target, DUMMY_ID)).to.be.true; + }); + + it('supports mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, [DUMMY_ID])).to.be.true; + }); + + it('supports mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, [DUMMY_ID])).to.deep.equal([true]); + }); + + it('supports mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, DUMMY_ID)).to.be.true; + }); + }); + + describe('ERC165 and many interfaces supported', function () { + const supportedInterfaces = [DUMMY_ID, DUMMY_ID_2, DUMMY_ID_3]; + beforeEach(async function () { + this.target = await ethers.deployContract('ERC165InterfacesSupported', [supportedInterfaces]); + }); + + it('supports ERC165', async function () { + expect(await this.mock.$supportsERC165(this.target)).to.be.true; + }); + + it('supports each interfaceId via supportsInterface', async function () { + for (const interfaceId of supportedInterfaces) { + expect(await this.mock.$supportsInterface(this.target, interfaceId)).to.be.true; + } + }); + + it('supports all interfaceIds via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(this.target, supportedInterfaces)).to.be.true; + }); + + it('supports none of the interfaces queried via supportsAllInterfaces', async function () { + const interfaceIdsToTest = [DUMMY_UNSUPPORTED_ID, DUMMY_UNSUPPORTED_ID_2]; + + expect(await this.mock.$supportsAllInterfaces(this.target, interfaceIdsToTest)).to.be.false; + }); + + it('supports not all of the interfaces queried via supportsAllInterfaces', async function () { + const interfaceIdsToTest = [...supportedInterfaces, DUMMY_UNSUPPORTED_ID]; + expect(await this.mock.$supportsAllInterfaces(this.target, interfaceIdsToTest)).to.be.false; + }); + + it('supports all interfaceIds via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(this.target, supportedInterfaces)).to.deep.equal( + supportedInterfaces.map(i => supportedInterfaces.includes(i)), + ); + }); + + it('supports none of the interfaces queried via getSupportedInterfaces', async function () { + const interfaceIdsToTest = [DUMMY_UNSUPPORTED_ID, DUMMY_UNSUPPORTED_ID_2]; + + expect(await this.mock.$getSupportedInterfaces(this.target, interfaceIdsToTest)).to.deep.equal( + interfaceIdsToTest.map(i => supportedInterfaces.includes(i)), + ); + }); + + it('supports not all of the interfaces queried via getSupportedInterfaces', async function () { + const interfaceIdsToTest = [...supportedInterfaces, DUMMY_UNSUPPORTED_ID]; + + expect(await this.mock.$getSupportedInterfaces(this.target, interfaceIdsToTest)).to.deep.equal( + interfaceIdsToTest.map(i => supportedInterfaces.includes(i)), + ); + }); + + it('supports each interfaceId via supportsERC165InterfaceUnchecked', async function () { + for (const interfaceId of supportedInterfaces) { + expect(await this.mock.$supportsERC165InterfaceUnchecked(this.target, interfaceId)).to.be.true; + } + }); + }); + + describe('account address does not support ERC165', function () { + it('does not support ERC165', async function () { + expect(await this.mock.$supportsERC165(DUMMY_ACCOUNT)).to.be.false; + }); + + it('does not support mock interface via supportsInterface', async function () { + expect(await this.mock.$supportsInterface(DUMMY_ACCOUNT, DUMMY_ID)).to.be.false; + }); + + it('does not support mock interface via supportsAllInterfaces', async function () { + expect(await this.mock.$supportsAllInterfaces(DUMMY_ACCOUNT, [DUMMY_ID])).to.be.false; + }); + + it('does not support mock interface via getSupportedInterfaces', async function () { + expect(await this.mock.$getSupportedInterfaces(DUMMY_ACCOUNT, [DUMMY_ID])).to.deep.equal([false]); + }); + + it('does not support mock interface via supportsERC165InterfaceUnchecked', async function () { + expect(await this.mock.$supportsERC165InterfaceUnchecked(DUMMY_ACCOUNT, DUMMY_ID)).to.be.false; + }); + }); + + it('Return bomb resistance', async function () { + this.target = await ethers.deployContract('ERC165ReturnBombMock'); + + const { gasUsed: gasUsed1 } = await this.mock.$supportsInterface.send(this.target, DUMMY_ID).then(tx => tx.wait()); + expect(gasUsed1).to.be.lessThan(120_000n); // 3*30k + 21k + some margin + + const { gasUsed: gasUsed2 } = await this.mock.$getSupportedInterfaces + .send(this.target, [DUMMY_ID, DUMMY_ID_2, DUMMY_ID_3, DUMMY_UNSUPPORTED_ID, DUMMY_UNSUPPORTED_ID_2]) + .then(tx => tx.wait()); + + expect(gasUsed2).to.be.lessThan(250_000n); // (2+5)*30k + 21k + some margin + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/introspection/SupportsInterface.behavior.js b/dependencies/@openzeppelin/test/utils/introspection/SupportsInterface.behavior.js new file mode 100644 index 00000000..c2bd1a47 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/introspection/SupportsInterface.behavior.js @@ -0,0 +1,145 @@ +const { expect } = require('chai'); +const { interfaceId } = require('../../helpers/methods'); +const { mapValues } = require('../../helpers/iterate'); + +const INVALID_ID = '0xffffffff'; +const SIGNATURES = { + ERC165: ['supportsInterface(bytes4)'], + ERC721: [ + 'balanceOf(address)', + 'ownerOf(uint256)', + 'approve(address,uint256)', + 'getApproved(uint256)', + 'setApprovalForAll(address,bool)', + 'isApprovedForAll(address,address)', + 'transferFrom(address,address,uint256)', + 'safeTransferFrom(address,address,uint256)', + 'safeTransferFrom(address,address,uint256,bytes)', + ], + ERC721Enumerable: ['totalSupply()', 'tokenOfOwnerByIndex(address,uint256)', 'tokenByIndex(uint256)'], + ERC721Metadata: ['name()', 'symbol()', 'tokenURI(uint256)'], + ERC1155: [ + 'balanceOf(address,uint256)', + 'balanceOfBatch(address[],uint256[])', + 'setApprovalForAll(address,bool)', + 'isApprovedForAll(address,address)', + 'safeTransferFrom(address,address,uint256,uint256,bytes)', + 'safeBatchTransferFrom(address,address,uint256[],uint256[],bytes)', + ], + ERC1155MetadataURI: ['uri(uint256)'], + ERC1155Receiver: [ + 'onERC1155Received(address,address,uint256,uint256,bytes)', + 'onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)', + ], + ERC1363: [ + 'transferAndCall(address,uint256)', + 'transferAndCall(address,uint256,bytes)', + 'transferFromAndCall(address,address,uint256)', + 'transferFromAndCall(address,address,uint256,bytes)', + 'approveAndCall(address,uint256)', + 'approveAndCall(address,uint256,bytes)', + ], + AccessControl: [ + 'hasRole(bytes32,address)', + 'getRoleAdmin(bytes32)', + 'grantRole(bytes32,address)', + 'revokeRole(bytes32,address)', + 'renounceRole(bytes32,address)', + ], + AccessControlEnumerable: ['getRoleMember(bytes32,uint256)', 'getRoleMemberCount(bytes32)'], + AccessControlDefaultAdminRules: [ + 'defaultAdminDelay()', + 'pendingDefaultAdminDelay()', + 'defaultAdmin()', + 'pendingDefaultAdmin()', + 'defaultAdminDelayIncreaseWait()', + 'changeDefaultAdminDelay(uint48)', + 'rollbackDefaultAdminDelay()', + 'beginDefaultAdminTransfer(address)', + 'acceptDefaultAdminTransfer()', + 'cancelDefaultAdminTransfer()', + ], + Governor: [ + 'name()', + 'version()', + 'COUNTING_MODE()', + 'hashProposal(address[],uint256[],bytes[],bytes32)', + 'state(uint256)', + 'proposalThreshold()', + 'proposalSnapshot(uint256)', + 'proposalDeadline(uint256)', + 'proposalProposer(uint256)', + 'proposalEta(uint256)', + 'proposalNeedsQueuing(uint256)', + 'votingDelay()', + 'votingPeriod()', + 'quorum(uint256)', + 'getVotes(address,uint256)', + 'getVotesWithParams(address,uint256,bytes)', + 'hasVoted(uint256,address)', + 'propose(address[],uint256[],bytes[],string)', + 'queue(address[],uint256[],bytes[],bytes32)', + 'execute(address[],uint256[],bytes[],bytes32)', + 'cancel(address[],uint256[],bytes[],bytes32)', + 'castVote(uint256,uint8)', + 'castVoteWithReason(uint256,uint8,string)', + 'castVoteWithReasonAndParams(uint256,uint8,string,bytes)', + 'castVoteBySig(uint256,uint8,address,bytes)', + 'castVoteWithReasonAndParamsBySig(uint256,uint8,address,string,bytes,bytes)', + ], + ERC2981: ['royaltyInfo(uint256,uint256)'], +}; + +const INTERFACE_IDS = mapValues(SIGNATURES, interfaceId); + +function shouldSupportInterfaces(interfaces = []) { + interfaces.unshift('ERC165'); + + describe('ERC165', function () { + beforeEach(function () { + this.contractUnderTest = this.mock || this.token; + }); + + describe('when the interfaceId is supported', function () { + it('uses less than 30k gas', async function () { + for (const k of interfaces) { + const interface = INTERFACE_IDS[k] ?? k; + expect(await this.contractUnderTest.supportsInterface.estimateGas(interface)).to.lte(30_000n); + } + }); + + it('returns true', async function () { + for (const k of interfaces) { + const interfaceId = INTERFACE_IDS[k] ?? k; + expect(await this.contractUnderTest.supportsInterface(interfaceId), `does not support ${k}`).to.be.true; + } + }); + }); + + describe('when the interfaceId is not supported', function () { + it('uses less than 30k', async function () { + expect(await this.contractUnderTest.supportsInterface.estimateGas(INVALID_ID)).to.lte(30_000n); + }); + + it('returns false', async function () { + expect(await this.contractUnderTest.supportsInterface(INVALID_ID), `supports ${INVALID_ID}`).to.be.false; + }); + }); + + it('all interface functions are in ABI', async function () { + for (const k of interfaces) { + // skip interfaces for which we don't have a function list + if (SIGNATURES[k] === undefined) continue; + + // Check the presence of each function in the contract's interface + for (const fnSig of SIGNATURES[k]) { + expect(this.contractUnderTest.interface.hasFunction(fnSig), `did not find ${fnSig}`).to.be.true; + } + } + }); + }); +} + +module.exports = { + shouldSupportInterfaces, +}; diff --git a/dependencies/@openzeppelin/test/utils/math/Math.t.sol b/dependencies/@openzeppelin/test/utils/math/Math.t.sol new file mode 100644 index 00000000..3d4932ee --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/math/Math.t.sol @@ -0,0 +1,311 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test, stdError} from "forge-std/Test.sol"; + +import {Math} from "@openzeppelin/contracts/utils/math/Math.sol"; + +contract MathTest is Test { + function testSymbolicTernary(bool f, uint256 a, uint256 b) public { + assertEq(Math.ternary(f, a, b), f ? a : b); + } + + // MIN & MAX + function testSymbolicMinMax(uint256 a, uint256 b) public { + assertEq(Math.min(a, b), a < b ? a : b); + assertEq(Math.max(a, b), a > b ? a : b); + } + + // CEILDIV + function testCeilDiv(uint256 a, uint256 b) public { + vm.assume(b > 0); + + uint256 result = Math.ceilDiv(a, b); + + if (result == 0) { + assertEq(a, 0); + } else { + uint256 expect = a / b; + if (expect * b < a) { + expect += 1; + } + assertEq(result, expect); + } + } + + // SQRT + function testSqrt(uint256 input, uint8 r) public { + Math.Rounding rounding = _asRounding(r); + + uint256 result = Math.sqrt(input, rounding); + + // square of result is bigger than input + if (_squareBigger(result, input)) { + assertTrue(Math.unsignedRoundsUp(rounding)); + assertTrue(_squareSmaller(result - 1, input)); + } + // square of result is smaller than input + else if (_squareSmaller(result, input)) { + assertFalse(Math.unsignedRoundsUp(rounding)); + assertTrue(_squareBigger(result + 1, input)); + } + // input is perfect square + else { + assertEq(result * result, input); + } + } + + function _squareBigger(uint256 value, uint256 ref) private pure returns (bool) { + (bool noOverflow, uint256 square) = Math.tryMul(value, value); + return !noOverflow || square > ref; + } + + function _squareSmaller(uint256 value, uint256 ref) private pure returns (bool) { + return value * value < ref; + } + + // INV + function testInvMod(uint256 value, uint256 p) public { + _testInvMod(value, p, true); + } + + function testInvMod2(uint256 seed) public { + uint256 p = 2; // prime + _testInvMod(bound(seed, 1, p - 1), p, false); + } + + function testInvMod17(uint256 seed) public { + uint256 p = 17; // prime + _testInvMod(bound(seed, 1, p - 1), p, false); + } + + function testInvMod65537(uint256 seed) public { + uint256 p = 65537; // prime + _testInvMod(bound(seed, 1, p - 1), p, false); + } + + function testInvModP256(uint256 seed) public { + uint256 p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff; // prime + _testInvMod(bound(seed, 1, p - 1), p, false); + } + + function _testInvMod(uint256 value, uint256 p, bool allowZero) private { + uint256 inverse = Math.invMod(value, p); + if (inverse != 0) { + assertEq(mulmod(value, inverse, p), 1); + assertLt(inverse, p); + } else { + assertTrue(allowZero); + } + } + + // LOG2 + function testLog2(uint256 input, uint8 r) public { + Math.Rounding rounding = _asRounding(r); + + uint256 result = Math.log2(input, rounding); + + if (input == 0) { + assertEq(result, 0); + } else if (_powerOf2Bigger(result, input)) { + assertTrue(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf2Smaller(result - 1, input)); + } else if (_powerOf2Smaller(result, input)) { + assertFalse(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf2Bigger(result + 1, input)); + } else { + assertEq(2 ** result, input); + } + } + + function _powerOf2Bigger(uint256 value, uint256 ref) private pure returns (bool) { + return value >= 256 || 2 ** value > ref; // 2**256 overflows uint256 + } + + function _powerOf2Smaller(uint256 value, uint256 ref) private pure returns (bool) { + return 2 ** value < ref; + } + + // LOG10 + function testLog10(uint256 input, uint8 r) public { + Math.Rounding rounding = _asRounding(r); + + uint256 result = Math.log10(input, rounding); + + if (input == 0) { + assertEq(result, 0); + } else if (_powerOf10Bigger(result, input)) { + assertTrue(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf10Smaller(result - 1, input)); + } else if (_powerOf10Smaller(result, input)) { + assertFalse(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf10Bigger(result + 1, input)); + } else { + assertEq(10 ** result, input); + } + } + + function _powerOf10Bigger(uint256 value, uint256 ref) private pure returns (bool) { + return value >= 78 || 10 ** value > ref; // 10**78 overflows uint256 + } + + function _powerOf10Smaller(uint256 value, uint256 ref) private pure returns (bool) { + return 10 ** value < ref; + } + + // LOG256 + function testLog256(uint256 input, uint8 r) public { + Math.Rounding rounding = _asRounding(r); + + uint256 result = Math.log256(input, rounding); + + if (input == 0) { + assertEq(result, 0); + } else if (_powerOf256Bigger(result, input)) { + assertTrue(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf256Smaller(result - 1, input)); + } else if (_powerOf256Smaller(result, input)) { + assertFalse(Math.unsignedRoundsUp(rounding)); + assertTrue(_powerOf256Bigger(result + 1, input)); + } else { + assertEq(256 ** result, input); + } + } + + function _powerOf256Bigger(uint256 value, uint256 ref) private pure returns (bool) { + return value >= 32 || 256 ** value > ref; // 256**32 overflows uint256 + } + + function _powerOf256Smaller(uint256 value, uint256 ref) private pure returns (bool) { + return 256 ** value < ref; + } + + // MULDIV + function testMulDiv(uint256 x, uint256 y, uint256 d) public { + // Full precision for x * y + (uint256 xyHi, uint256 xyLo) = _mulHighLow(x, y); + + // Assume result won't overflow (see {testMulDivDomain}) + // This also checks that `d` is positive + vm.assume(xyHi < d); + + // Perform muldiv + uint256 q = Math.mulDiv(x, y, d); + + // Full precision for q * d + (uint256 qdHi, uint256 qdLo) = _mulHighLow(q, d); + // Add remainder of x * y / d (computed as rem = (x * y % d)) + (uint256 qdRemLo, uint256 c) = _addCarry(qdLo, mulmod(x, y, d)); + uint256 qdRemHi = qdHi + c; + + // Full precision check that x * y = q * d + rem + assertEq(xyHi, qdRemHi); + assertEq(xyLo, qdRemLo); + } + + function testMulDivDomain(uint256 x, uint256 y, uint256 d) public { + (uint256 xyHi, ) = _mulHighLow(x, y); + + // Violate {testMulDiv} assumption (covers d is 0 and result overflow) + vm.assume(xyHi >= d); + + // we are outside the scope of {testMulDiv}, we expect muldiv to revert + vm.expectRevert(d == 0 ? stdError.divisionError : stdError.arithmeticError); + Math.mulDiv(x, y, d); + } + + // MOD EXP + function testModExp(uint256 b, uint256 e, uint256 m) public { + if (m == 0) { + vm.expectRevert(stdError.divisionError); + } + uint256 result = Math.modExp(b, e, m); + assertLt(result, m); + assertEq(result, _nativeModExp(b, e, m)); + } + + function testTryModExp(uint256 b, uint256 e, uint256 m) public { + (bool success, uint256 result) = Math.tryModExp(b, e, m); + assertEq(success, m != 0); + if (success) { + assertLt(result, m); + assertEq(result, _nativeModExp(b, e, m)); + } else { + assertEq(result, 0); + } + } + + function testModExpMemory(uint256 b, uint256 e, uint256 m) public { + if (m == 0) { + vm.expectRevert(stdError.divisionError); + } + bytes memory result = Math.modExp(abi.encodePacked(b), abi.encodePacked(e), abi.encodePacked(m)); + assertEq(result.length, 0x20); + uint256 res = abi.decode(result, (uint256)); + assertLt(res, m); + assertEq(res, _nativeModExp(b, e, m)); + } + + function testTryModExpMemory(uint256 b, uint256 e, uint256 m) public { + (bool success, bytes memory result) = Math.tryModExp( + abi.encodePacked(b), + abi.encodePacked(e), + abi.encodePacked(m) + ); + if (success) { + assertEq(result.length, 0x20); // m is a uint256, so abi.encodePacked(m).length is 0x20 + uint256 res = abi.decode(result, (uint256)); + assertLt(res, m); + assertEq(res, _nativeModExp(b, e, m)); + } else { + assertEq(result.length, 0); + } + } + + function _nativeModExp(uint256 b, uint256 e, uint256 m) private pure returns (uint256) { + if (m == 1) return 0; + uint256 r = 1; + while (e > 0) { + if (e % 2 > 0) { + r = mulmod(r, b, m); + } + b = mulmod(b, b, m); + e >>= 1; + } + return r; + } + + // Helpers + function _asRounding(uint8 r) private pure returns (Math.Rounding) { + vm.assume(r < uint8(type(Math.Rounding).max)); + return Math.Rounding(r); + } + + function _mulHighLow(uint256 x, uint256 y) private pure returns (uint256 high, uint256 low) { + (uint256 x0, uint256 x1) = (x & type(uint128).max, x >> 128); + (uint256 y0, uint256 y1) = (y & type(uint128).max, y >> 128); + + // Karatsuba algorithm + // https://en.wikipedia.org/wiki/Karatsuba_algorithm + uint256 z2 = x1 * y1; + uint256 z1a = x1 * y0; + uint256 z1b = x0 * y1; + uint256 z0 = x0 * y0; + + uint256 carry = ((z1a & type(uint128).max) + (z1b & type(uint128).max) + (z0 >> 128)) >> 128; + + high = z2 + (z1a >> 128) + (z1b >> 128) + carry; + + unchecked { + low = x * y; + } + } + + function _addCarry(uint256 x, uint256 y) private pure returns (uint256 res, uint256 carry) { + unchecked { + res = x + y; + } + carry = res < x ? 1 : 0; + } +} diff --git a/dependencies/@openzeppelin/test/utils/math/Math.test.js b/dependencies/@openzeppelin/test/utils/math/Math.test.js new file mode 100644 index 00000000..f38f2f31 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/math/Math.test.js @@ -0,0 +1,562 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { Rounding } = require('../../helpers/enums'); +const { min, max, modExp } = require('../../helpers/math'); +const { generators } = require('../../helpers/random'); +const { product, range } = require('../../helpers/iterate'); + +const RoundingDown = [Rounding.Floor, Rounding.Trunc]; +const RoundingUp = [Rounding.Ceil, Rounding.Expand]; + +const bytes = (value, width = undefined) => ethers.Typed.bytes(ethers.toBeHex(value, width)); +const uint256 = value => ethers.Typed.uint256(value); +bytes.zero = '0x'; +uint256.zero = 0n; + +async function testCommutative(fn, lhs, rhs, expected, ...extra) { + expect(await fn(lhs, rhs, ...extra)).to.deep.equal(expected); + expect(await fn(rhs, lhs, ...extra)).to.deep.equal(expected); +} + +async function fixture() { + const mock = await ethers.deployContract('$Math'); + + // disambiguation, we use the version with explicit rounding + mock.$mulDiv = mock['$mulDiv(uint256,uint256,uint256,uint8)']; + mock.$sqrt = mock['$sqrt(uint256,uint8)']; + mock.$log2 = mock['$log2(uint256,uint8)']; + mock.$log10 = mock['$log10(uint256,uint8)']; + mock.$log256 = mock['$log256(uint256,uint8)']; + + return { mock }; +} + +describe('Math', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('tryAdd', function () { + it('adds correctly', async function () { + const a = 5678n; + const b = 1234n; + await testCommutative(this.mock.$tryAdd, a, b, [true, a + b]); + }); + + it('reverts on addition overflow', async function () { + const a = ethers.MaxUint256; + const b = 1n; + await testCommutative(this.mock.$tryAdd, a, b, [false, 0n]); + }); + }); + + describe('trySub', function () { + it('subtracts correctly', async function () { + const a = 5678n; + const b = 1234n; + expect(await this.mock.$trySub(a, b)).to.deep.equal([true, a - b]); + }); + + it('reverts if subtraction result would be negative', async function () { + const a = 1234n; + const b = 5678n; + expect(await this.mock.$trySub(a, b)).to.deep.equal([false, 0n]); + }); + }); + + describe('tryMul', function () { + it('multiplies correctly', async function () { + const a = 1234n; + const b = 5678n; + await testCommutative(this.mock.$tryMul, a, b, [true, a * b]); + }); + + it('multiplies by zero correctly', async function () { + const a = 0n; + const b = 5678n; + await testCommutative(this.mock.$tryMul, a, b, [true, a * b]); + }); + + it('reverts on multiplication overflow', async function () { + const a = ethers.MaxUint256; + const b = 2n; + await testCommutative(this.mock.$tryMul, a, b, [false, 0n]); + }); + }); + + describe('tryDiv', function () { + it('divides correctly', async function () { + const a = 5678n; + const b = 5678n; + expect(await this.mock.$tryDiv(a, b)).to.deep.equal([true, a / b]); + }); + + it('divides zero correctly', async function () { + const a = 0n; + const b = 5678n; + expect(await this.mock.$tryDiv(a, b)).to.deep.equal([true, a / b]); + }); + + it('returns complete number result on non-even division', async function () { + const a = 7000n; + const b = 5678n; + expect(await this.mock.$tryDiv(a, b)).to.deep.equal([true, a / b]); + }); + + it('reverts on division by zero', async function () { + const a = 5678n; + const b = 0n; + expect(await this.mock.$tryDiv(a, b)).to.deep.equal([false, 0n]); + }); + }); + + describe('tryMod', function () { + describe('modulos correctly', function () { + it('when the dividend is smaller than the divisor', async function () { + const a = 284n; + const b = 5678n; + expect(await this.mock.$tryMod(a, b)).to.deep.equal([true, a % b]); + }); + + it('when the dividend is equal to the divisor', async function () { + const a = 5678n; + const b = 5678n; + expect(await this.mock.$tryMod(a, b)).to.deep.equal([true, a % b]); + }); + + it('when the dividend is larger than the divisor', async function () { + const a = 7000n; + const b = 5678n; + expect(await this.mock.$tryMod(a, b)).to.deep.equal([true, a % b]); + }); + + it('when the dividend is a multiple of the divisor', async function () { + const a = 17034n; // 17034 == 5678 * 3 + const b = 5678n; + expect(await this.mock.$tryMod(a, b)).to.deep.equal([true, a % b]); + }); + }); + + it('reverts with a 0 divisor', async function () { + const a = 5678n; + const b = 0n; + expect(await this.mock.$tryMod(a, b)).to.deep.equal([false, 0n]); + }); + }); + + describe('max', function () { + it('is correctly detected in both position', async function () { + await testCommutative(this.mock.$max, 1234n, 5678n, max(1234n, 5678n)); + }); + }); + + describe('min', function () { + it('is correctly detected in both position', async function () { + await testCommutative(this.mock.$min, 1234n, 5678n, min(1234n, 5678n)); + }); + }); + + describe('average', function () { + it('is correctly calculated with two odd numbers', async function () { + const a = 57417n; + const b = 95431n; + expect(await this.mock.$average(a, b)).to.equal((a + b) / 2n); + }); + + it('is correctly calculated with two even numbers', async function () { + const a = 42304n; + const b = 84346n; + expect(await this.mock.$average(a, b)).to.equal((a + b) / 2n); + }); + + it('is correctly calculated with one even and one odd number', async function () { + const a = 57417n; + const b = 84346n; + expect(await this.mock.$average(a, b)).to.equal((a + b) / 2n); + }); + + it('is correctly calculated with two max uint256 numbers', async function () { + const a = ethers.MaxUint256; + expect(await this.mock.$average(a, a)).to.equal(a); + }); + }); + + describe('ceilDiv', function () { + it('reverts on zero division', async function () { + const a = 2n; + const b = 0n; + // It's unspecified because it's a low level 0 division error + await expect(this.mock.$ceilDiv(a, b)).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + + it('does not round up a zero result', async function () { + const a = 0n; + const b = 2n; + const r = 0n; + expect(await this.mock.$ceilDiv(a, b)).to.equal(r); + }); + + it('does not round up on exact division', async function () { + const a = 10n; + const b = 5n; + const r = 2n; + expect(await this.mock.$ceilDiv(a, b)).to.equal(r); + }); + + it('rounds up on division with remainders', async function () { + const a = 42n; + const b = 13n; + const r = 4n; + expect(await this.mock.$ceilDiv(a, b)).to.equal(r); + }); + + it('does not overflow', async function () { + const a = ethers.MaxUint256; + const b = 2n; + const r = 1n << 255n; + expect(await this.mock.$ceilDiv(a, b)).to.equal(r); + }); + + it('correctly computes max uint256 divided by 1', async function () { + const a = ethers.MaxUint256; + const b = 1n; + const r = ethers.MaxUint256; + expect(await this.mock.$ceilDiv(a, b)).to.equal(r); + }); + }); + + describe('mulDiv', function () { + it('divide by 0', async function () { + const a = 1n; + const b = 1n; + const c = 0n; + await expect(this.mock.$mulDiv(a, b, c, Rounding.Floor)).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO); + }); + + it('reverts with result higher than 2 ^ 256', async function () { + const a = 5n; + const b = ethers.MaxUint256; + const c = 2n; + await expect(this.mock.$mulDiv(a, b, c, Rounding.Floor)).to.be.revertedWithPanic( + PANIC_CODES.ARITHMETIC_UNDER_OR_OVERFLOW, + ); + }); + + describe('does round down', function () { + it('small values', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$mulDiv(3n, 4n, 5n, rounding)).to.equal(2n); + expect(await this.mock.$mulDiv(3n, 5n, 5n, rounding)).to.equal(3n); + } + }); + + it('large values', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$mulDiv(42n, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding)).to.equal(41n); + + expect(await this.mock.$mulDiv(17n, ethers.MaxUint256, ethers.MaxUint256, rounding)).to.equal(17n); + + expect( + await this.mock.$mulDiv(ethers.MaxUint256 - 1n, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding), + ).to.equal(ethers.MaxUint256 - 2n); + + expect( + await this.mock.$mulDiv(ethers.MaxUint256, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding), + ).to.equal(ethers.MaxUint256 - 1n); + + expect(await this.mock.$mulDiv(ethers.MaxUint256, ethers.MaxUint256, ethers.MaxUint256, rounding)).to.equal( + ethers.MaxUint256, + ); + } + }); + }); + + describe('does round up', function () { + it('small values', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$mulDiv(3n, 4n, 5n, rounding)).to.equal(3n); + expect(await this.mock.$mulDiv(3n, 5n, 5n, rounding)).to.equal(3n); + } + }); + + it('large values', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$mulDiv(42n, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding)).to.equal(42n); + + expect(await this.mock.$mulDiv(17n, ethers.MaxUint256, ethers.MaxUint256, rounding)).to.equal(17n); + + expect( + await this.mock.$mulDiv(ethers.MaxUint256 - 1n, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding), + ).to.equal(ethers.MaxUint256 - 1n); + + expect( + await this.mock.$mulDiv(ethers.MaxUint256, ethers.MaxUint256 - 1n, ethers.MaxUint256, rounding), + ).to.equal(ethers.MaxUint256 - 1n); + + expect(await this.mock.$mulDiv(ethers.MaxUint256, ethers.MaxUint256, ethers.MaxUint256, rounding)).to.equal( + ethers.MaxUint256, + ); + } + }); + }); + }); + + describe('invMod', function () { + for (const factors of [ + [0n], + [1n], + [2n], + [17n], + [65537n], + [0xffffffff00000001000000000000000000000000ffffffffffffffffffffffffn], + [3n, 5n], + [3n, 7n], + [47n, 53n], + ]) { + const p = factors.reduce((acc, f) => acc * f, 1n); + + describe(`using p=${p} which is ${p > 1 && factors.length > 1 ? 'not ' : ''}a prime`, function () { + it('trying to inverse 0 returns 0', async function () { + expect(await this.mock.$invMod(0, p)).to.equal(0n); + expect(await this.mock.$invMod(p, p)).to.equal(0n); // p is 0 mod p + }); + + if (p != 0) { + for (const value of Array.from({ length: 16 }, generators.uint256)) { + const isInversible = factors.every(f => value % f); + it(`trying to inverse ${value}`, async function () { + const result = await this.mock.$invMod(value, p); + if (isInversible) { + expect((value * result) % p).to.equal(1n); + } else { + expect(result).to.equal(0n); + } + }); + } + } + }); + } + }); + + describe('modExp', function () { + for (const [name, type] of Object.entries({ uint256, bytes })) { + describe(`with ${name} inputs`, function () { + it('is correctly calculating modulus', async function () { + const b = 3n; + const e = 200n; + const m = 50n; + + expect(await this.mock.$modExp(type(b), type(e), type(m))).to.equal(type(b ** e % m).value); + }); + + it('is correctly reverting when modulus is zero', async function () { + const b = 3n; + const e = 200n; + const m = 0n; + + await expect(this.mock.$modExp(type(b), type(e), type(m))).to.be.revertedWithPanic( + PANIC_CODES.DIVISION_BY_ZERO, + ); + }); + }); + } + + describe('with large bytes inputs', function () { + for (const [[b, log2b], [e, log2e], [m, log2m]] of product( + range(320, 512, 64).map(e => [2n ** BigInt(e) + 1n, e]), + range(320, 512, 64).map(e => [2n ** BigInt(e) + 1n, e]), + range(320, 512, 64).map(e => [2n ** BigInt(e) + 1n, e]), + )) { + it(`calculates b ** e % m (b=2**${log2b}+1) (e=2**${log2e}+1) (m=2**${log2m}+1)`, async function () { + const mLength = ethers.dataLength(ethers.toBeHex(m)); + + expect(await this.mock.$modExp(bytes(b), bytes(e), bytes(m))).to.equal(bytes(modExp(b, e, m), mLength).value); + }); + } + }); + }); + + describe('tryModExp', function () { + for (const [name, type] of Object.entries({ uint256, bytes })) { + describe(`with ${name} inputs`, function () { + it('is correctly calculating modulus', async function () { + const b = 3n; + const e = 200n; + const m = 50n; + + expect(await this.mock.$tryModExp(type(b), type(e), type(m))).to.deep.equal([true, type(b ** e % m).value]); + }); + + it('is correctly reverting when modulus is zero', async function () { + const b = 3n; + const e = 200n; + const m = 0n; + + expect(await this.mock.$tryModExp(type(b), type(e), type(m))).to.deep.equal([false, type.zero]); + }); + }); + } + + describe('with large bytes inputs', function () { + for (const [[b, log2b], [e, log2e], [m, log2m]] of product( + range(320, 513, 64).map(e => [2n ** BigInt(e) + 1n, e]), + range(320, 513, 64).map(e => [2n ** BigInt(e) + 1n, e]), + range(320, 513, 64).map(e => [2n ** BigInt(e) + 1n, e]), + )) { + it(`calculates b ** e % m (b=2**${log2b}+1) (e=2**${log2e}+1) (m=2**${log2m}+1)`, async function () { + const mLength = ethers.dataLength(ethers.toBeHex(m)); + + expect(await this.mock.$tryModExp(bytes(b), bytes(e), bytes(m))).to.deep.equal([ + true, + bytes(modExp(b, e, m), mLength).value, + ]); + }); + } + }); + }); + + describe('sqrt', function () { + it('rounds down', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$sqrt(0n, rounding)).to.equal(0n); + expect(await this.mock.$sqrt(1n, rounding)).to.equal(1n); + expect(await this.mock.$sqrt(2n, rounding)).to.equal(1n); + expect(await this.mock.$sqrt(3n, rounding)).to.equal(1n); + expect(await this.mock.$sqrt(4n, rounding)).to.equal(2n); + expect(await this.mock.$sqrt(144n, rounding)).to.equal(12n); + expect(await this.mock.$sqrt(999999n, rounding)).to.equal(999n); + expect(await this.mock.$sqrt(1000000n, rounding)).to.equal(1000n); + expect(await this.mock.$sqrt(1000001n, rounding)).to.equal(1000n); + expect(await this.mock.$sqrt(1002000n, rounding)).to.equal(1000n); + expect(await this.mock.$sqrt(1002001n, rounding)).to.equal(1001n); + expect(await this.mock.$sqrt(ethers.MaxUint256, rounding)).to.equal(340282366920938463463374607431768211455n); + } + }); + + it('rounds up', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$sqrt(0n, rounding)).to.equal(0n); + expect(await this.mock.$sqrt(1n, rounding)).to.equal(1n); + expect(await this.mock.$sqrt(2n, rounding)).to.equal(2n); + expect(await this.mock.$sqrt(3n, rounding)).to.equal(2n); + expect(await this.mock.$sqrt(4n, rounding)).to.equal(2n); + expect(await this.mock.$sqrt(144n, rounding)).to.equal(12n); + expect(await this.mock.$sqrt(999999n, rounding)).to.equal(1000n); + expect(await this.mock.$sqrt(1000000n, rounding)).to.equal(1000n); + expect(await this.mock.$sqrt(1000001n, rounding)).to.equal(1001n); + expect(await this.mock.$sqrt(1002000n, rounding)).to.equal(1001n); + expect(await this.mock.$sqrt(1002001n, rounding)).to.equal(1001n); + expect(await this.mock.$sqrt(ethers.MaxUint256, rounding)).to.equal(340282366920938463463374607431768211456n); + } + }); + }); + + describe('log', function () { + describe('log2', function () { + it('rounds down', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$log2(0n, rounding)).to.equal(0n); + expect(await this.mock.$log2(1n, rounding)).to.equal(0n); + expect(await this.mock.$log2(2n, rounding)).to.equal(1n); + expect(await this.mock.$log2(3n, rounding)).to.equal(1n); + expect(await this.mock.$log2(4n, rounding)).to.equal(2n); + expect(await this.mock.$log2(5n, rounding)).to.equal(2n); + expect(await this.mock.$log2(6n, rounding)).to.equal(2n); + expect(await this.mock.$log2(7n, rounding)).to.equal(2n); + expect(await this.mock.$log2(8n, rounding)).to.equal(3n); + expect(await this.mock.$log2(9n, rounding)).to.equal(3n); + expect(await this.mock.$log2(ethers.MaxUint256, rounding)).to.equal(255n); + } + }); + + it('rounds up', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$log2(0n, rounding)).to.equal(0n); + expect(await this.mock.$log2(1n, rounding)).to.equal(0n); + expect(await this.mock.$log2(2n, rounding)).to.equal(1n); + expect(await this.mock.$log2(3n, rounding)).to.equal(2n); + expect(await this.mock.$log2(4n, rounding)).to.equal(2n); + expect(await this.mock.$log2(5n, rounding)).to.equal(3n); + expect(await this.mock.$log2(6n, rounding)).to.equal(3n); + expect(await this.mock.$log2(7n, rounding)).to.equal(3n); + expect(await this.mock.$log2(8n, rounding)).to.equal(3n); + expect(await this.mock.$log2(9n, rounding)).to.equal(4n); + expect(await this.mock.$log2(ethers.MaxUint256, rounding)).to.equal(256n); + } + }); + }); + + describe('log10', function () { + it('rounds down', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$log10(0n, rounding)).to.equal(0n); + expect(await this.mock.$log10(1n, rounding)).to.equal(0n); + expect(await this.mock.$log10(2n, rounding)).to.equal(0n); + expect(await this.mock.$log10(9n, rounding)).to.equal(0n); + expect(await this.mock.$log10(10n, rounding)).to.equal(1n); + expect(await this.mock.$log10(11n, rounding)).to.equal(1n); + expect(await this.mock.$log10(99n, rounding)).to.equal(1n); + expect(await this.mock.$log10(100n, rounding)).to.equal(2n); + expect(await this.mock.$log10(101n, rounding)).to.equal(2n); + expect(await this.mock.$log10(999n, rounding)).to.equal(2n); + expect(await this.mock.$log10(1000n, rounding)).to.equal(3n); + expect(await this.mock.$log10(1001n, rounding)).to.equal(3n); + expect(await this.mock.$log10(ethers.MaxUint256, rounding)).to.equal(77n); + } + }); + + it('rounds up', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$log10(0n, rounding)).to.equal(0n); + expect(await this.mock.$log10(1n, rounding)).to.equal(0n); + expect(await this.mock.$log10(2n, rounding)).to.equal(1n); + expect(await this.mock.$log10(9n, rounding)).to.equal(1n); + expect(await this.mock.$log10(10n, rounding)).to.equal(1n); + expect(await this.mock.$log10(11n, rounding)).to.equal(2n); + expect(await this.mock.$log10(99n, rounding)).to.equal(2n); + expect(await this.mock.$log10(100n, rounding)).to.equal(2n); + expect(await this.mock.$log10(101n, rounding)).to.equal(3n); + expect(await this.mock.$log10(999n, rounding)).to.equal(3n); + expect(await this.mock.$log10(1000n, rounding)).to.equal(3n); + expect(await this.mock.$log10(1001n, rounding)).to.equal(4n); + expect(await this.mock.$log10(ethers.MaxUint256, rounding)).to.equal(78n); + } + }); + }); + + describe('log256', function () { + it('rounds down', async function () { + for (const rounding of RoundingDown) { + expect(await this.mock.$log256(0n, rounding)).to.equal(0n); + expect(await this.mock.$log256(1n, rounding)).to.equal(0n); + expect(await this.mock.$log256(2n, rounding)).to.equal(0n); + expect(await this.mock.$log256(255n, rounding)).to.equal(0n); + expect(await this.mock.$log256(256n, rounding)).to.equal(1n); + expect(await this.mock.$log256(257n, rounding)).to.equal(1n); + expect(await this.mock.$log256(65535n, rounding)).to.equal(1n); + expect(await this.mock.$log256(65536n, rounding)).to.equal(2n); + expect(await this.mock.$log256(65537n, rounding)).to.equal(2n); + expect(await this.mock.$log256(ethers.MaxUint256, rounding)).to.equal(31n); + } + }); + + it('rounds up', async function () { + for (const rounding of RoundingUp) { + expect(await this.mock.$log256(0n, rounding)).to.equal(0n); + expect(await this.mock.$log256(1n, rounding)).to.equal(0n); + expect(await this.mock.$log256(2n, rounding)).to.equal(1n); + expect(await this.mock.$log256(255n, rounding)).to.equal(1n); + expect(await this.mock.$log256(256n, rounding)).to.equal(1n); + expect(await this.mock.$log256(257n, rounding)).to.equal(2n); + expect(await this.mock.$log256(65535n, rounding)).to.equal(2n); + expect(await this.mock.$log256(65536n, rounding)).to.equal(2n); + expect(await this.mock.$log256(65537n, rounding)).to.equal(3n); + expect(await this.mock.$log256(ethers.MaxUint256, rounding)).to.equal(32n); + } + }); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/math/SafeCast.test.js b/dependencies/@openzeppelin/test/utils/math/SafeCast.test.js new file mode 100644 index 00000000..ab62406c --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/math/SafeCast.test.js @@ -0,0 +1,159 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { range } = require('../../helpers/iterate'); + +async function fixture() { + const mock = await ethers.deployContract('$SafeCast'); + return { mock }; +} + +describe('SafeCast', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const bits of range(8, 256, 8).map(ethers.toBigInt)) { + const maxValue = 2n ** bits - 1n; + + describe(`toUint${bits}`, () => { + it('downcasts 0', async function () { + expect(await this.mock[`$toUint${bits}`](0n)).is.equal(0n); + }); + + it('downcasts 1', async function () { + expect(await this.mock[`$toUint${bits}`](1n)).is.equal(1n); + }); + + it(`downcasts 2^${bits} - 1 (${maxValue})`, async function () { + expect(await this.mock[`$toUint${bits}`](maxValue)).is.equal(maxValue); + }); + + it(`reverts when downcasting 2^${bits} (${maxValue + 1n})`, async function () { + await expect(this.mock[`$toUint${bits}`](maxValue + 1n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedUintDowncast') + .withArgs(bits, maxValue + 1n); + }); + + it(`reverts when downcasting 2^${bits} + 1 (${maxValue + 2n})`, async function () { + await expect(this.mock[`$toUint${bits}`](maxValue + 2n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedUintDowncast') + .withArgs(bits, maxValue + 2n); + }); + }); + } + + describe('toUint256', () => { + it('casts 0', async function () { + expect(await this.mock.$toUint256(0n)).is.equal(0n); + }); + + it('casts 1', async function () { + expect(await this.mock.$toUint256(1n)).is.equal(1n); + }); + + it(`casts INT256_MAX (${ethers.MaxInt256})`, async function () { + expect(await this.mock.$toUint256(ethers.MaxInt256)).is.equal(ethers.MaxInt256); + }); + + it('reverts when casting -1', async function () { + await expect(this.mock.$toUint256(-1n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntToUint') + .withArgs(-1n); + }); + + it(`reverts when casting INT256_MIN (${ethers.MinInt256})`, async function () { + await expect(this.mock.$toUint256(ethers.MinInt256)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntToUint') + .withArgs(ethers.MinInt256); + }); + }); + + for (const bits of range(8, 256, 8).map(ethers.toBigInt)) { + const minValue = -(2n ** (bits - 1n)); + const maxValue = 2n ** (bits - 1n) - 1n; + + describe(`toInt${bits}`, () => { + it('downcasts 0', async function () { + expect(await this.mock[`$toInt${bits}`](0n)).is.equal(0n); + }); + + it('downcasts 1', async function () { + expect(await this.mock[`$toInt${bits}`](1n)).is.equal(1n); + }); + + it('downcasts -1', async function () { + expect(await this.mock[`$toInt${bits}`](-1n)).is.equal(-1n); + }); + + it(`downcasts -2^${bits - 1n} (${minValue})`, async function () { + expect(await this.mock[`$toInt${bits}`](minValue)).is.equal(minValue); + }); + + it(`downcasts 2^${bits - 1n} - 1 (${maxValue})`, async function () { + expect(await this.mock[`$toInt${bits}`](maxValue)).is.equal(maxValue); + }); + + it(`reverts when downcasting -2^${bits - 1n} - 1 (${minValue - 1n})`, async function () { + await expect(this.mock[`$toInt${bits}`](minValue - 1n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntDowncast') + .withArgs(bits, minValue - 1n); + }); + + it(`reverts when downcasting -2^${bits - 1n} - 2 (${minValue - 2n})`, async function () { + await expect(this.mock[`$toInt${bits}`](minValue - 2n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntDowncast') + .withArgs(bits, minValue - 2n); + }); + + it(`reverts when downcasting 2^${bits - 1n} (${maxValue + 1n})`, async function () { + await expect(this.mock[`$toInt${bits}`](maxValue + 1n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntDowncast') + .withArgs(bits, maxValue + 1n); + }); + + it(`reverts when downcasting 2^${bits - 1n} + 1 (${maxValue + 2n})`, async function () { + await expect(this.mock[`$toInt${bits}`](maxValue + 2n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedIntDowncast') + .withArgs(bits, maxValue + 2n); + }); + }); + } + + describe('toInt256', () => { + it('casts 0', async function () { + expect(await this.mock.$toInt256(0)).is.equal(0n); + }); + + it('casts 1', async function () { + expect(await this.mock.$toInt256(1)).is.equal(1n); + }); + + it(`casts INT256_MAX (${ethers.MaxInt256})`, async function () { + expect(await this.mock.$toInt256(ethers.MaxInt256)).is.equal(ethers.MaxInt256); + }); + + it(`reverts when casting INT256_MAX + 1 (${ethers.MaxInt256 + 1n})`, async function () { + await expect(this.mock.$toInt256(ethers.MaxInt256 + 1n)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedUintToInt') + .withArgs(ethers.MaxInt256 + 1n); + }); + + it(`reverts when casting UINT256_MAX (${ethers.MaxUint256})`, async function () { + await expect(this.mock.$toInt256(ethers.MaxUint256)) + .to.be.revertedWithCustomError(this.mock, 'SafeCastOverflowedUintToInt') + .withArgs(ethers.MaxUint256); + }); + }); + + describe('toUint (bool)', function () { + it('toUint(false) should be 0', async function () { + expect(await this.mock.$toUint(false)).to.equal(0n); + }); + + it('toUint(true) should be 1', async function () { + expect(await this.mock.$toUint(true)).to.equal(1n); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/math/SignedMath.t.sol b/dependencies/@openzeppelin/test/utils/math/SignedMath.t.sol new file mode 100644 index 00000000..bbad109b --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/math/SignedMath.t.sol @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; + +import {Math} from "../../../contracts/utils/math/Math.sol"; +import {SignedMath} from "../../../contracts/utils/math/SignedMath.sol"; + +contract SignedMathTest is Test { + function testSymbolicTernary(bool f, int256 a, int256 b) public { + assertEq(SignedMath.ternary(f, a, b), f ? a : b); + } + + // MIN & MAX + function testSymbolicMinMax(int256 a, int256 b) public { + assertEq(SignedMath.min(a, b), a < b ? a : b); + assertEq(SignedMath.max(a, b), a > b ? a : b); + } + + // MIN + function testSymbolicMin(int256 a, int256 b) public { + int256 result = SignedMath.min(a, b); + + assertLe(result, a); + assertLe(result, b); + assertTrue(result == a || result == b); + } + + // MAX + function testSymbolicMax(int256 a, int256 b) public { + int256 result = SignedMath.max(a, b); + + assertGe(result, a); + assertGe(result, b); + assertTrue(result == a || result == b); + } + + // AVERAGE + // 1. simple test, not full int256 range + function testAverage1(int256 a, int256 b) public { + a = bound(a, type(int256).min / 2, type(int256).max / 2); + b = bound(b, type(int256).min / 2, type(int256).max / 2); + + int256 result = SignedMath.average(a, b); + + assertEq(result, (a + b) / 2); + } + + // 2. more complex test, full int256 range + function testAverage2(int256 a, int256 b) public { + (int256 result, int256 min, int256 max) = ( + SignedMath.average(a, b), + SignedMath.min(a, b), + SignedMath.max(a, b) + ); + + // average must be between `a` and `b` + assertGe(result, min); + assertLe(result, max); + + unchecked { + // must be unchecked in order to support `a = type(int256).min, b = type(int256).max` + uint256 deltaLower = uint256(result - min); + uint256 deltaUpper = uint256(max - result); + uint256 remainder = uint256((a & 1) ^ (b & 1)); + assertEq(remainder, Math.max(deltaLower, deltaUpper) - Math.min(deltaLower, deltaUpper)); + } + } + + // ABS + function testSymbolicAbs(int256 a) public { + uint256 result = SignedMath.abs(a); + + unchecked { + // must be unchecked in order to support `n = type(int256).min` + assertEq(result, a < 0 ? uint256(-a) : uint256(a)); + } + } +} diff --git a/dependencies/@openzeppelin/test/utils/math/SignedMath.test.js b/dependencies/@openzeppelin/test/utils/math/SignedMath.test.js new file mode 100644 index 00000000..877f3b48 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/math/SignedMath.test.js @@ -0,0 +1,53 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { min, max } = require('../../helpers/math'); + +async function testCommutative(fn, lhs, rhs, expected, ...extra) { + expect(await fn(lhs, rhs, ...extra)).to.deep.equal(expected); + expect(await fn(rhs, lhs, ...extra)).to.deep.equal(expected); +} + +async function fixture() { + const mock = await ethers.deployContract('$SignedMath'); + return { mock }; +} + +describe('SignedMath', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('max', function () { + it('is correctly detected in both position', async function () { + await testCommutative(this.mock.$max, -1234n, 5678n, max(-1234n, 5678n)); + }); + }); + + describe('min', function () { + it('is correctly detected in both position', async function () { + await testCommutative(this.mock.$min, -1234n, 5678n, min(-1234n, 5678n)); + }); + }); + + describe('average', function () { + it('is correctly calculated with various input', async function () { + for (const x of [ethers.MinInt256, -57417n, -42304n, -4n, -3n, 0n, 3n, 4n, 42304n, 57417n, ethers.MaxInt256]) { + for (const y of [ethers.MinInt256, -57417n, -42304n, -5n, -2n, 0n, 2n, 5n, 42304n, 57417n, ethers.MaxInt256]) { + expect(await this.mock.$average(x, y)).to.equal((x + y) / 2n); + } + } + }); + }); + + describe('abs', function () { + const abs = x => (x < 0n ? -x : x); + + for (const n of [ethers.MinInt256, ethers.MinInt256 + 1n, -1n, 0n, 1n, ethers.MaxInt256 - 1n, ethers.MaxInt256]) { + it(`correctly computes the absolute value of ${n}`, async function () { + expect(await this.mock.$abs(n)).to.equal(abs(n)); + }); + } + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/BitMap.test.js b/dependencies/@openzeppelin/test/utils/structs/BitMap.test.js new file mode 100644 index 00000000..5662ab13 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/BitMap.test.js @@ -0,0 +1,149 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +async function fixture() { + const bitmap = await ethers.deployContract('$BitMaps'); + return { bitmap }; +} + +describe('BitMap', function () { + const keyA = 7891n; + const keyB = 451n; + const keyC = 9592328n; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('starts empty', async function () { + expect(await this.bitmap.$get(0, keyA)).to.be.false; + expect(await this.bitmap.$get(0, keyB)).to.be.false; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + describe('setTo', function () { + it('set a key to true', async function () { + await this.bitmap.$setTo(0, keyA, true); + expect(await this.bitmap.$get(0, keyA)).to.be.true; + expect(await this.bitmap.$get(0, keyB)).to.be.false; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + it('set a key to false', async function () { + await this.bitmap.$setTo(0, keyA, true); + await this.bitmap.$setTo(0, keyA, false); + expect(await this.bitmap.$get(0, keyA)).to.be.false; + expect(await this.bitmap.$get(0, keyB)).to.be.false; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + it('set several consecutive keys', async function () { + await this.bitmap.$setTo(0, keyA + 0n, true); + await this.bitmap.$setTo(0, keyA + 1n, true); + await this.bitmap.$setTo(0, keyA + 2n, true); + await this.bitmap.$setTo(0, keyA + 3n, true); + await this.bitmap.$setTo(0, keyA + 4n, true); + await this.bitmap.$setTo(0, keyA + 2n, false); + await this.bitmap.$setTo(0, keyA + 4n, false); + expect(await this.bitmap.$get(0, keyA + 0n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 1n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 2n)).to.be.false; + expect(await this.bitmap.$get(0, keyA + 3n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 4n)).to.be.false; + }); + }); + + describe('set', function () { + it('adds a key', async function () { + await this.bitmap.$set(0, keyA); + expect(await this.bitmap.$get(0, keyA)).to.be.true; + expect(await this.bitmap.$get(0, keyB)).to.be.false; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + it('adds several keys', async function () { + await this.bitmap.$set(0, keyA); + await this.bitmap.$set(0, keyB); + expect(await this.bitmap.$get(0, keyA)).to.be.true; + expect(await this.bitmap.$get(0, keyB)).to.be.true; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + it('adds several consecutive keys', async function () { + await this.bitmap.$set(0, keyA + 0n); + await this.bitmap.$set(0, keyA + 1n); + await this.bitmap.$set(0, keyA + 3n); + expect(await this.bitmap.$get(0, keyA + 0n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 1n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 2n)).to.be.false; + expect(await this.bitmap.$get(0, keyA + 3n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 4n)).to.be.false; + }); + }); + + describe('unset', function () { + it('removes added keys', async function () { + await this.bitmap.$set(0, keyA); + await this.bitmap.$set(0, keyB); + await this.bitmap.$unset(0, keyA); + expect(await this.bitmap.$get(0, keyA)).to.be.false; + expect(await this.bitmap.$get(0, keyB)).to.be.true; + expect(await this.bitmap.$get(0, keyC)).to.be.false; + }); + + it('removes consecutive added keys', async function () { + await this.bitmap.$set(0, keyA + 0n); + await this.bitmap.$set(0, keyA + 1n); + await this.bitmap.$set(0, keyA + 3n); + await this.bitmap.$unset(0, keyA + 1n); + expect(await this.bitmap.$get(0, keyA + 0n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 1n)).to.be.false; + expect(await this.bitmap.$get(0, keyA + 2n)).to.be.false; + expect(await this.bitmap.$get(0, keyA + 3n)).to.be.true; + expect(await this.bitmap.$get(0, keyA + 4n)).to.be.false; + }); + + it('adds and removes multiple keys', async function () { + // [] + + await this.bitmap.$set(0, keyA); + await this.bitmap.$set(0, keyC); + + // [A, C] + + await this.bitmap.$unset(0, keyA); + await this.bitmap.$unset(0, keyB); + + // [C] + + await this.bitmap.$set(0, keyB); + + // [C, B] + + await this.bitmap.$set(0, keyA); + await this.bitmap.$unset(0, keyC); + + // [A, B] + + await this.bitmap.$set(0, keyA); + await this.bitmap.$set(0, keyB); + + // [A, B] + + await this.bitmap.$set(0, keyC); + await this.bitmap.$unset(0, keyA); + + // [B, C] + + await this.bitmap.$set(0, keyA); + await this.bitmap.$unset(0, keyB); + + // [A, C] + + expect(await this.bitmap.$get(0, keyA)).to.be.true; + expect(await this.bitmap.$get(0, keyB)).to.be.false; + expect(await this.bitmap.$get(0, keyC)).to.be.true; + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/Checkpoints.t.sol b/dependencies/@openzeppelin/test/utils/structs/Checkpoints.t.sol new file mode 100644 index 00000000..1f4b344c --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/Checkpoints.t.sol @@ -0,0 +1,332 @@ +// SPDX-License-Identifier: MIT +// This file was procedurally generated from scripts/generate/templates/Checkpoints.t.js. + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol"; +import {Checkpoints} from "@openzeppelin/contracts/utils/structs/Checkpoints.sol"; + +contract CheckpointsTrace224Test is Test { + using Checkpoints for Checkpoints.Trace224; + + // Maximum gap between keys used during the fuzzing tests: the `_prepareKeys` function with make sure that + // key#n+1 is in the [key#n, key#n + _KEY_MAX_GAP] range. + uint8 internal constant _KEY_MAX_GAP = 64; + + Checkpoints.Trace224 internal _ckpts; + + // helpers + function _boundUint32(uint32 x, uint32 min, uint32 max) internal pure returns (uint32) { + return SafeCast.toUint32(bound(uint256(x), uint256(min), uint256(max))); + } + + function _prepareKeys(uint32[] memory keys, uint32 maxSpread) internal pure { + uint32 lastKey = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint32 key = _boundUint32(keys[i], lastKey, lastKey + maxSpread); + keys[i] = key; + lastKey = key; + } + } + + function _assertLatestCheckpoint(bool exist, uint32 key, uint224 value) internal { + (bool _exist, uint32 _key, uint224 _value) = _ckpts.latestCheckpoint(); + assertEq(_exist, exist); + assertEq(_key, key); + assertEq(_value, value); + } + + // tests + function testPush(uint32[] memory keys, uint224[] memory values, uint32 pastKey) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + // initial state + assertEq(_ckpts.length(), 0); + assertEq(_ckpts.latest(), 0); + _assertLatestCheckpoint(false, 0, 0); + + uint256 duplicates = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint32 key = keys[i]; + uint224 value = values[i % values.length]; + if (i > 0 && key == keys[i - 1]) ++duplicates; + + // push + _ckpts.push(key, value); + + // check length & latest + assertEq(_ckpts.length(), i + 1 - duplicates); + assertEq(_ckpts.latest(), value); + _assertLatestCheckpoint(true, key, value); + } + + if (keys.length > 0) { + uint32 lastKey = keys[keys.length - 1]; + if (lastKey > 0) { + pastKey = _boundUint32(pastKey, 0, lastKey - 1); + + vm.expectRevert(); + this.push(pastKey, values[keys.length % values.length]); + } + } + } + + // used to test reverts + function push(uint32 key, uint224 value) external { + _ckpts.push(key, value); + } + + function testLookup(uint32[] memory keys, uint224[] memory values, uint32 lookup) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + uint32 lastKey = keys.length == 0 ? 0 : keys[keys.length - 1]; + lookup = _boundUint32(lookup, 0, lastKey + _KEY_MAX_GAP); + + uint224 upper = 0; + uint224 lower = 0; + uint32 lowerKey = type(uint32).max; + for (uint256 i = 0; i < keys.length; ++i) { + uint32 key = keys[i]; + uint224 value = values[i % values.length]; + + // push + _ckpts.push(key, value); + + // track expected result of lookups + if (key <= lookup) { + upper = value; + } + // find the first key that is not smaller than the lookup key + if (key >= lookup && (i == 0 || keys[i - 1] < lookup)) { + lowerKey = key; + } + if (key == lowerKey) { + lower = value; + } + } + + // check lookup + assertEq(_ckpts.lowerLookup(lookup), lower); + assertEq(_ckpts.upperLookup(lookup), upper); + assertEq(_ckpts.upperLookupRecent(lookup), upper); + } +} + +contract CheckpointsTrace208Test is Test { + using Checkpoints for Checkpoints.Trace208; + + // Maximum gap between keys used during the fuzzing tests: the `_prepareKeys` function with make sure that + // key#n+1 is in the [key#n, key#n + _KEY_MAX_GAP] range. + uint8 internal constant _KEY_MAX_GAP = 64; + + Checkpoints.Trace208 internal _ckpts; + + // helpers + function _boundUint48(uint48 x, uint48 min, uint48 max) internal pure returns (uint48) { + return SafeCast.toUint48(bound(uint256(x), uint256(min), uint256(max))); + } + + function _prepareKeys(uint48[] memory keys, uint48 maxSpread) internal pure { + uint48 lastKey = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint48 key = _boundUint48(keys[i], lastKey, lastKey + maxSpread); + keys[i] = key; + lastKey = key; + } + } + + function _assertLatestCheckpoint(bool exist, uint48 key, uint208 value) internal { + (bool _exist, uint48 _key, uint208 _value) = _ckpts.latestCheckpoint(); + assertEq(_exist, exist); + assertEq(_key, key); + assertEq(_value, value); + } + + // tests + function testPush(uint48[] memory keys, uint208[] memory values, uint48 pastKey) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + // initial state + assertEq(_ckpts.length(), 0); + assertEq(_ckpts.latest(), 0); + _assertLatestCheckpoint(false, 0, 0); + + uint256 duplicates = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint48 key = keys[i]; + uint208 value = values[i % values.length]; + if (i > 0 && key == keys[i - 1]) ++duplicates; + + // push + _ckpts.push(key, value); + + // check length & latest + assertEq(_ckpts.length(), i + 1 - duplicates); + assertEq(_ckpts.latest(), value); + _assertLatestCheckpoint(true, key, value); + } + + if (keys.length > 0) { + uint48 lastKey = keys[keys.length - 1]; + if (lastKey > 0) { + pastKey = _boundUint48(pastKey, 0, lastKey - 1); + + vm.expectRevert(); + this.push(pastKey, values[keys.length % values.length]); + } + } + } + + // used to test reverts + function push(uint48 key, uint208 value) external { + _ckpts.push(key, value); + } + + function testLookup(uint48[] memory keys, uint208[] memory values, uint48 lookup) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + uint48 lastKey = keys.length == 0 ? 0 : keys[keys.length - 1]; + lookup = _boundUint48(lookup, 0, lastKey + _KEY_MAX_GAP); + + uint208 upper = 0; + uint208 lower = 0; + uint48 lowerKey = type(uint48).max; + for (uint256 i = 0; i < keys.length; ++i) { + uint48 key = keys[i]; + uint208 value = values[i % values.length]; + + // push + _ckpts.push(key, value); + + // track expected result of lookups + if (key <= lookup) { + upper = value; + } + // find the first key that is not smaller than the lookup key + if (key >= lookup && (i == 0 || keys[i - 1] < lookup)) { + lowerKey = key; + } + if (key == lowerKey) { + lower = value; + } + } + + // check lookup + assertEq(_ckpts.lowerLookup(lookup), lower); + assertEq(_ckpts.upperLookup(lookup), upper); + assertEq(_ckpts.upperLookupRecent(lookup), upper); + } +} + +contract CheckpointsTrace160Test is Test { + using Checkpoints for Checkpoints.Trace160; + + // Maximum gap between keys used during the fuzzing tests: the `_prepareKeys` function with make sure that + // key#n+1 is in the [key#n, key#n + _KEY_MAX_GAP] range. + uint8 internal constant _KEY_MAX_GAP = 64; + + Checkpoints.Trace160 internal _ckpts; + + // helpers + function _boundUint96(uint96 x, uint96 min, uint96 max) internal pure returns (uint96) { + return SafeCast.toUint96(bound(uint256(x), uint256(min), uint256(max))); + } + + function _prepareKeys(uint96[] memory keys, uint96 maxSpread) internal pure { + uint96 lastKey = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint96 key = _boundUint96(keys[i], lastKey, lastKey + maxSpread); + keys[i] = key; + lastKey = key; + } + } + + function _assertLatestCheckpoint(bool exist, uint96 key, uint160 value) internal { + (bool _exist, uint96 _key, uint160 _value) = _ckpts.latestCheckpoint(); + assertEq(_exist, exist); + assertEq(_key, key); + assertEq(_value, value); + } + + // tests + function testPush(uint96[] memory keys, uint160[] memory values, uint96 pastKey) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + // initial state + assertEq(_ckpts.length(), 0); + assertEq(_ckpts.latest(), 0); + _assertLatestCheckpoint(false, 0, 0); + + uint256 duplicates = 0; + for (uint256 i = 0; i < keys.length; ++i) { + uint96 key = keys[i]; + uint160 value = values[i % values.length]; + if (i > 0 && key == keys[i - 1]) ++duplicates; + + // push + _ckpts.push(key, value); + + // check length & latest + assertEq(_ckpts.length(), i + 1 - duplicates); + assertEq(_ckpts.latest(), value); + _assertLatestCheckpoint(true, key, value); + } + + if (keys.length > 0) { + uint96 lastKey = keys[keys.length - 1]; + if (lastKey > 0) { + pastKey = _boundUint96(pastKey, 0, lastKey - 1); + + vm.expectRevert(); + this.push(pastKey, values[keys.length % values.length]); + } + } + } + + // used to test reverts + function push(uint96 key, uint160 value) external { + _ckpts.push(key, value); + } + + function testLookup(uint96[] memory keys, uint160[] memory values, uint96 lookup) public { + vm.assume(values.length > 0 && values.length <= keys.length); + _prepareKeys(keys, _KEY_MAX_GAP); + + uint96 lastKey = keys.length == 0 ? 0 : keys[keys.length - 1]; + lookup = _boundUint96(lookup, 0, lastKey + _KEY_MAX_GAP); + + uint160 upper = 0; + uint160 lower = 0; + uint96 lowerKey = type(uint96).max; + for (uint256 i = 0; i < keys.length; ++i) { + uint96 key = keys[i]; + uint160 value = values[i % values.length]; + + // push + _ckpts.push(key, value); + + // track expected result of lookups + if (key <= lookup) { + upper = value; + } + // find the first key that is not smaller than the lookup key + if (key >= lookup && (i == 0 || keys[i - 1] < lookup)) { + lowerKey = key; + } + if (key == lowerKey) { + lower = value; + } + } + + // check lookup + assertEq(_ckpts.lowerLookup(lookup), lower); + assertEq(_ckpts.upperLookup(lookup), upper); + assertEq(_ckpts.upperLookupRecent(lookup), upper); + } +} diff --git a/dependencies/@openzeppelin/test/utils/structs/Checkpoints.test.js b/dependencies/@openzeppelin/test/utils/structs/Checkpoints.test.js new file mode 100644 index 00000000..fd22544b --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/Checkpoints.test.js @@ -0,0 +1,146 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { VALUE_SIZES } = require('../../../scripts/generate/templates/Checkpoints.opts'); + +describe('Checkpoints', function () { + for (const length of VALUE_SIZES) { + describe(`Trace${length}`, function () { + const fixture = async () => { + const mock = await ethers.deployContract('$Checkpoints'); + const methods = { + at: (...args) => mock.getFunction(`$at_Checkpoints_Trace${length}`)(0, ...args), + latest: (...args) => mock.getFunction(`$latest_Checkpoints_Trace${length}`)(0, ...args), + latestCheckpoint: (...args) => mock.getFunction(`$latestCheckpoint_Checkpoints_Trace${length}`)(0, ...args), + length: (...args) => mock.getFunction(`$length_Checkpoints_Trace${length}`)(0, ...args), + push: (...args) => mock.getFunction(`$push(uint256,uint${256 - length},uint${length})`)(0, ...args), + lowerLookup: (...args) => mock.getFunction(`$lowerLookup(uint256,uint${256 - length})`)(0, ...args), + upperLookup: (...args) => mock.getFunction(`$upperLookup(uint256,uint${256 - length})`)(0, ...args), + upperLookupRecent: (...args) => + mock.getFunction(`$upperLookupRecent(uint256,uint${256 - length})`)(0, ...args), + }; + + return { mock, methods }; + }; + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('without checkpoints', function () { + it('at zero reverts', async function () { + // Reverts with array out of bound access, which is unspecified + await expect(this.methods.at(0)).to.be.reverted; + }); + + it('returns zero as latest value', async function () { + expect(await this.methods.latest()).to.equal(0n); + + const ckpt = await this.methods.latestCheckpoint(); + expect(ckpt[0]).to.be.false; + expect(ckpt[1]).to.equal(0n); + expect(ckpt[2]).to.equal(0n); + }); + + it('lookup returns 0', async function () { + expect(await this.methods.lowerLookup(0)).to.equal(0n); + expect(await this.methods.upperLookup(0)).to.equal(0n); + expect(await this.methods.upperLookupRecent(0)).to.equal(0n); + }); + }); + + describe('with checkpoints', function () { + beforeEach('pushing checkpoints', async function () { + this.checkpoints = [ + { key: 2n, value: 17n }, + { key: 3n, value: 42n }, + { key: 5n, value: 101n }, + { key: 7n, value: 23n }, + { key: 11n, value: 99n }, + ]; + for (const { key, value } of this.checkpoints) { + await this.methods.push(key, value); + } + }); + + it('at keys', async function () { + for (const [index, { key, value }] of this.checkpoints.entries()) { + const at = await this.methods.at(index); + expect(at._value).to.equal(value); + expect(at._key).to.equal(key); + } + }); + + it('length', async function () { + expect(await this.methods.length()).to.equal(this.checkpoints.length); + }); + + it('returns latest value', async function () { + const latest = this.checkpoints.at(-1); + expect(await this.methods.latest()).to.equal(latest.value); + expect(await this.methods.latestCheckpoint()).to.deep.equal([true, latest.key, latest.value]); + }); + + it('cannot push values in the past', async function () { + await expect(this.methods.push(this.checkpoints.at(-1).key - 1n, 0n)).to.be.revertedWithCustomError( + this.mock, + 'CheckpointUnorderedInsertion', + ); + }); + + it('can update last value', async function () { + const newValue = 42n; + + // check length before the update + expect(await this.methods.length()).to.equal(this.checkpoints.length); + + // update last key + await this.methods.push(this.checkpoints.at(-1).key, newValue); + expect(await this.methods.latest()).to.equal(newValue); + + // check that length did not change + expect(await this.methods.length()).to.equal(this.checkpoints.length); + }); + + it('lower lookup', async function () { + for (let i = 0; i < 14; ++i) { + const value = this.checkpoints.find(x => i <= x.key)?.value || 0n; + + expect(await this.methods.lowerLookup(i)).to.equal(value); + } + }); + + it('upper lookup & upperLookupRecent', async function () { + for (let i = 0; i < 14; ++i) { + const value = this.checkpoints.findLast(x => i >= x.key)?.value || 0n; + + expect(await this.methods.upperLookup(i)).to.equal(value); + expect(await this.methods.upperLookupRecent(i)).to.equal(value); + } + }); + + it('upperLookupRecent with more than 5 checkpoints', async function () { + const moreCheckpoints = [ + { key: 12n, value: 22n }, + { key: 13n, value: 131n }, + { key: 17n, value: 45n }, + { key: 19n, value: 31452n }, + { key: 21n, value: 0n }, + ]; + const allCheckpoints = [].concat(this.checkpoints, moreCheckpoints); + + for (const { key, value } of moreCheckpoints) { + await this.methods.push(key, value); + } + + for (let i = 0; i < 25; ++i) { + const value = allCheckpoints.findLast(x => i >= x.key)?.value || 0n; + expect(await this.methods.upperLookup(i)).to.equal(value); + expect(await this.methods.upperLookupRecent(i)).to.equal(value); + } + }); + }); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/CircularBuffer.test.js b/dependencies/@openzeppelin/test/utils/structs/CircularBuffer.test.js new file mode 100644 index 00000000..e79ba692 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/CircularBuffer.test.js @@ -0,0 +1,83 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +const { generators } = require('../../helpers/random'); + +const LENGTH = 4; + +async function fixture() { + const mock = await ethers.deployContract('$CircularBuffer'); + await mock.$setup(0, LENGTH); + return { mock }; +} + +describe('CircularBuffer', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('reverts on invalid setup', async function () { + await expect(this.mock.$setup(0, 0)).to.be.revertedWithCustomError(this.mock, 'InvalidBufferSize'); + }); + + it('starts empty', async function () { + expect(await this.mock.$count(0)).to.equal(0n); + expect(await this.mock.$length(0)).to.equal(LENGTH); + expect(await this.mock.$includes(0, ethers.ZeroHash)).to.be.false; + await expect(this.mock.$last(0, 0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); + + it('push', async function () { + const values = Array.from({ length: LENGTH + 3 }, generators.bytes32); + + for (const [i, value] of values.map((v, i) => [i, v])) { + // push value + await this.mock.$push(0, value); + + // view of the values + const pushed = values.slice(0, i + 1); + const stored = pushed.slice(-LENGTH); + const dropped = pushed.slice(0, -LENGTH); + + // check count + expect(await this.mock.$length(0)).to.equal(LENGTH); + expect(await this.mock.$count(0)).to.equal(stored.length); + + // check last + for (const j in stored) { + expect(await this.mock.$last(0, j)).to.equal(stored.at(-j - 1)); + } + await expect(this.mock.$last(0, stored.length + 1)).to.be.revertedWithPanic( + PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS, + ); + + // check included and non-included values + for (const v of stored) { + expect(await this.mock.$includes(0, v)).to.be.true; + } + for (const v of dropped) { + expect(await this.mock.$includes(0, v)).to.be.false; + } + expect(await this.mock.$includes(0, ethers.ZeroHash)).to.be.false; + } + }); + + it('clear', async function () { + const value = generators.bytes32(); + await this.mock.$push(0, value); + + expect(await this.mock.$count(0)).to.equal(1n); + expect(await this.mock.$length(0)).to.equal(LENGTH); + expect(await this.mock.$includes(0, value)).to.be.true; + await this.mock.$last(0, 0); // not revert + + await this.mock.$clear(0); + + expect(await this.mock.$count(0)).to.equal(0n); + expect(await this.mock.$length(0)).to.equal(LENGTH); + expect(await this.mock.$includes(0, value)).to.be.false; + await expect(this.mock.$last(0, 0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/DoubleEndedQueue.test.js b/dependencies/@openzeppelin/test/utils/structs/DoubleEndedQueue.test.js new file mode 100644 index 00000000..3615dfbf --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/DoubleEndedQueue.test.js @@ -0,0 +1,102 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +async function fixture() { + const mock = await ethers.deployContract('$DoubleEndedQueue'); + + /** Rebuild the content of the deque as a JS array. */ + const getContent = () => + mock.$length(0).then(length => Promise.all(Array.from({ length: Number(length) }, (_, i) => mock.$at(0, i)))); + + return { mock, getContent }; +} + +describe('DoubleEndedQueue', function () { + const coder = ethers.AbiCoder.defaultAbiCoder(); + const bytesA = coder.encode(['uint256'], [0xdeadbeef]); + const bytesB = coder.encode(['uint256'], [0x0123456789]); + const bytesC = coder.encode(['uint256'], [0x42424242]); + const bytesD = coder.encode(['uint256'], [0x171717]); + + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('when empty', function () { + it('getters', async function () { + expect(await this.mock.$empty(0)).to.be.true; + expect(await this.getContent()).to.have.ordered.members([]); + }); + + it('reverts on accesses', async function () { + await expect(this.mock.$popBack(0)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + await expect(this.mock.$popFront(0)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + await expect(this.mock.$back(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + await expect(this.mock.$front(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); + }); + + describe('when not empty', function () { + beforeEach(async function () { + await this.mock.$pushBack(0, bytesB); + await this.mock.$pushFront(0, bytesA); + await this.mock.$pushBack(0, bytesC); + this.content = [bytesA, bytesB, bytesC]; + }); + + it('getters', async function () { + expect(await this.mock.$empty(0)).to.be.false; + expect(await this.mock.$length(0)).to.equal(this.content.length); + expect(await this.mock.$front(0)).to.equal(this.content[0]); + expect(await this.mock.$back(0)).to.equal(this.content[this.content.length - 1]); + expect(await this.getContent()).to.have.ordered.members(this.content); + }); + + it('out of bounds access', async function () { + await expect(this.mock.$at(0, this.content.length)).to.be.revertedWithPanic( + PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS, + ); + }); + + describe('push', function () { + it('front', async function () { + await this.mock.$pushFront(0, bytesD); + this.content.unshift(bytesD); // add element at the beginning + + expect(await this.getContent()).to.have.ordered.members(this.content); + }); + + it('back', async function () { + await this.mock.$pushBack(0, bytesD); + this.content.push(bytesD); // add element at the end + + expect(await this.getContent()).to.have.ordered.members(this.content); + }); + }); + + describe('pop', function () { + it('front', async function () { + const value = this.content.shift(); // remove first element + await expect(this.mock.$popFront(0)).to.emit(this.mock, 'return$popFront').withArgs(value); + + expect(await this.getContent()).to.have.ordered.members(this.content); + }); + + it('back', async function () { + const value = this.content.pop(); // remove last element + await expect(this.mock.$popBack(0)).to.emit(this.mock, 'return$popBack').withArgs(value); + + expect(await this.getContent()).to.have.ordered.members(this.content); + }); + }); + + it('clear', async function () { + await this.mock.$clear(0); + + expect(await this.mock.$empty(0)).to.be.true; + expect(await this.getContent()).to.have.ordered.members([]); + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.behavior.js b/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.behavior.js new file mode 100644 index 00000000..37da4179 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.behavior.js @@ -0,0 +1,151 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); + +const zip = (array1, array2) => array1.map((item, index) => [item, array2[index]]); + +function shouldBehaveLikeMap() { + async function expectMembersMatch(methods, keys, values) { + expect(keys.length).to.equal(values.length); + expect(await methods.length()).to.equal(keys.length); + expect([...(await methods.keys())]).to.have.members(keys); + + for (const [key, value] of zip(keys, values)) { + expect(await methods.contains(key)).to.be.true; + expect(await methods.get(key)).to.equal(value); + } + + expect(await Promise.all(keys.map((_, index) => methods.at(index)))).to.have.deep.members(zip(keys, values)); + } + + it('starts empty', async function () { + expect(await this.methods.contains(this.keyA)).to.be.false; + + await expectMembersMatch(this.methods, [], []); + }); + + describe('set', function () { + it('adds a key', async function () { + await expect(this.methods.set(this.keyA, this.valueA)).to.emit(this.mock, this.events.setReturn).withArgs(true); + + await expectMembersMatch(this.methods, [this.keyA], [this.valueA]); + }); + + it('adds several keys', async function () { + await this.methods.set(this.keyA, this.valueA); + await this.methods.set(this.keyB, this.valueB); + + await expectMembersMatch(this.methods, [this.keyA, this.keyB], [this.valueA, this.valueB]); + expect(await this.methods.contains(this.keyC)).to.be.false; + }); + + it('returns false when adding keys already in the set', async function () { + await this.methods.set(this.keyA, this.valueA); + + await expect(this.methods.set(this.keyA, this.valueA)).to.emit(this.mock, this.events.setReturn).withArgs(false); + + await expectMembersMatch(this.methods, [this.keyA], [this.valueA]); + }); + + it('updates values for keys already in the set', async function () { + await this.methods.set(this.keyA, this.valueA); + await this.methods.set(this.keyA, this.valueB); + + await expectMembersMatch(this.methods, [this.keyA], [this.valueB]); + }); + }); + + describe('remove', function () { + it('removes added keys', async function () { + await this.methods.set(this.keyA, this.valueA); + + await expect(this.methods.remove(this.keyA)).to.emit(this.mock, this.events.removeReturn).withArgs(true); + + expect(await this.methods.contains(this.keyA)).to.be.false; + await expectMembersMatch(this.methods, [], []); + }); + + it('returns false when removing keys not in the set', async function () { + await expect(await this.methods.remove(this.keyA)) + .to.emit(this.mock, this.events.removeReturn) + .withArgs(false); + + expect(await this.methods.contains(this.keyA)).to.be.false; + }); + + it('adds and removes multiple keys', async function () { + // [] + + await this.methods.set(this.keyA, this.valueA); + await this.methods.set(this.keyC, this.valueC); + + // [A, C] + + await this.methods.remove(this.keyA); + await this.methods.remove(this.keyB); + + // [C] + + await this.methods.set(this.keyB, this.valueB); + + // [C, B] + + await this.methods.set(this.keyA, this.valueA); + await this.methods.remove(this.keyC); + + // [A, B] + + await this.methods.set(this.keyA, this.valueA); + await this.methods.set(this.keyB, this.valueB); + + // [A, B] + + await this.methods.set(this.keyC, this.valueC); + await this.methods.remove(this.keyA); + + // [B, C] + + await this.methods.set(this.keyA, this.valueA); + await this.methods.remove(this.keyB); + + // [A, C] + + await expectMembersMatch(this.methods, [this.keyA, this.keyC], [this.valueA, this.valueC]); + + expect(await this.methods.contains(this.keyA)).to.be.true; + expect(await this.methods.contains(this.keyB)).to.be.false; + expect(await this.methods.contains(this.keyC)).to.be.true; + }); + }); + + describe('read', function () { + beforeEach(async function () { + await this.methods.set(this.keyA, this.valueA); + }); + + describe('get', function () { + it('existing value', async function () { + expect(await this.methods.get(this.keyA)).to.equal(this.valueA); + }); + + it('missing value', async function () { + await expect(this.methods.get(this.keyB)) + .to.be.revertedWithCustomError(this.mock, 'EnumerableMapNonexistentKey') + .withArgs(ethers.AbiCoder.defaultAbiCoder().encode([this.keyType], [this.keyB])); + }); + }); + + describe('tryGet', function () { + it('existing value', async function () { + expect(await this.methods.tryGet(this.keyA)).to.have.ordered.members([true, this.valueA]); + }); + + it('missing value', async function () { + expect(await this.methods.tryGet(this.keyB)).to.have.ordered.members([false, this.zeroValue]); + }); + }); + }); +} + +module.exports = { + shouldBehaveLikeMap, +}; diff --git a/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.test.js b/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.test.js new file mode 100644 index 00000000..5362e873 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/EnumerableMap.test.js @@ -0,0 +1,65 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { mapValues } = require('../../helpers/iterate'); +const { generators } = require('../../helpers/random'); +const { TYPES, formatType } = require('../../../scripts/generate/templates/EnumerableMap.opts'); + +const { shouldBehaveLikeMap } = require('./EnumerableMap.behavior'); + +// Add Bytes32ToBytes32Map that must be tested but is not part of the generated types. +TYPES.unshift(formatType('bytes32', 'bytes32')); + +async function fixture() { + const mock = await ethers.deployContract('$EnumerableMap'); + const env = Object.fromEntries( + TYPES.map(({ name, keyType, valueType }) => [ + name, + { + keyType, + keys: Array.from({ length: 3 }, generators[keyType]), + values: Array.from({ length: 3 }, generators[valueType]), + zeroValue: generators[valueType].zero, + methods: mapValues( + { + set: `$set(uint256,${keyType},${valueType})`, + get: `$get_EnumerableMap_${name}(uint256,${keyType})`, + tryGet: `$tryGet_EnumerableMap_${name}(uint256,${keyType})`, + remove: `$remove_EnumerableMap_${name}(uint256,${keyType})`, + length: `$length_EnumerableMap_${name}(uint256)`, + at: `$at_EnumerableMap_${name}(uint256,uint256)`, + contains: `$contains_EnumerableMap_${name}(uint256,${keyType})`, + keys: `$keys_EnumerableMap_${name}(uint256)`, + }, + fnSig => + (...args) => + mock.getFunction(fnSig)(0, ...args), + ), + events: { + setReturn: `return$set_EnumerableMap_${name}_${keyType}_${valueType}`, + removeReturn: `return$remove_EnumerableMap_${name}_${keyType}`, + }, + }, + ]), + ); + + return { mock, env }; +} + +describe('EnumerableMap', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const { name } of TYPES) { + describe(name, function () { + beforeEach(async function () { + Object.assign(this, this.env[name]); + [this.keyA, this.keyB, this.keyC] = this.keys; + [this.valueA, this.valueB, this.valueC] = this.values; + }); + + shouldBehaveLikeMap(); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.behavior.js b/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.behavior.js new file mode 100644 index 00000000..d3d4f26d --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.behavior.js @@ -0,0 +1,116 @@ +const { expect } = require('chai'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +function shouldBehaveLikeSet() { + async function expectMembersMatch(methods, values) { + expect(await methods.length()).to.equal(values.length); + for (const value of values) expect(await methods.contains(value)).to.be.true; + + expect(await Promise.all(values.map((_, index) => methods.at(index)))).to.have.deep.members(values); + expect([...(await methods.values())]).to.have.deep.members(values); + } + + it('starts empty', async function () { + expect(await this.methods.contains(this.valueA)).to.be.false; + + await expectMembersMatch(this.methods, []); + }); + + describe('add', function () { + it('adds a value', async function () { + await expect(this.methods.add(this.valueA)).to.emit(this.mock, this.events.addReturn).withArgs(true); + + await expectMembersMatch(this.methods, [this.valueA]); + }); + + it('adds several values', async function () { + await this.methods.add(this.valueA); + await this.methods.add(this.valueB); + + await expectMembersMatch(this.methods, [this.valueA, this.valueB]); + expect(await this.methods.contains(this.valueC)).to.be.false; + }); + + it('returns false when adding values already in the set', async function () { + await this.methods.add(this.valueA); + + await expect(this.methods.add(this.valueA)).to.emit(this.mock, this.events.addReturn).withArgs(false); + + await expectMembersMatch(this.methods, [this.valueA]); + }); + }); + + describe('at', function () { + it('reverts when retrieving non-existent elements', async function () { + await expect(this.methods.at(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); + + it('retrieves existing element', async function () { + await this.methods.add(this.valueA); + expect(await this.methods.at(0)).to.equal(this.valueA); + }); + }); + + describe('remove', function () { + it('removes added values', async function () { + await this.methods.add(this.valueA); + + await expect(this.methods.remove(this.valueA)).to.emit(this.mock, this.events.removeReturn).withArgs(true); + + expect(await this.methods.contains(this.valueA)).to.be.false; + await expectMembersMatch(this.methods, []); + }); + + it('returns false when removing values not in the set', async function () { + await expect(this.methods.remove(this.valueA)).to.emit(this.mock, this.events.removeReturn).withArgs(false); + + expect(await this.methods.contains(this.valueA)).to.be.false; + }); + + it('adds and removes multiple values', async function () { + // [] + + await this.methods.add(this.valueA); + await this.methods.add(this.valueC); + + // [A, C] + + await this.methods.remove(this.valueA); + await this.methods.remove(this.valueB); + + // [C] + + await this.methods.add(this.valueB); + + // [C, B] + + await this.methods.add(this.valueA); + await this.methods.remove(this.valueC); + + // [A, B] + + await this.methods.add(this.valueA); + await this.methods.add(this.valueB); + + // [A, B] + + await this.methods.add(this.valueC); + await this.methods.remove(this.valueA); + + // [B, C] + + await this.methods.add(this.valueA); + await this.methods.remove(this.valueB); + + // [A, C] + + await expectMembersMatch(this.methods, [this.valueA, this.valueC]); + + expect(await this.methods.contains(this.valueB)).to.be.false; + }); + }); +} + +module.exports = { + shouldBehaveLikeSet, +}; diff --git a/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.test.js b/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.test.js new file mode 100644 index 00000000..66d66605 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/EnumerableSet.test.js @@ -0,0 +1,61 @@ +const { ethers } = require('hardhat'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { mapValues } = require('../../helpers/iterate'); +const { generators } = require('../../helpers/random'); +const { TYPES } = require('../../../scripts/generate/templates/EnumerableSet.opts'); + +const { shouldBehaveLikeSet } = require('./EnumerableSet.behavior'); + +const getMethods = (mock, fnSigs) => { + return mapValues( + fnSigs, + fnSig => + (...args) => + mock.getFunction(fnSig)(0, ...args), + ); +}; + +async function fixture() { + const mock = await ethers.deployContract('$EnumerableSet'); + + const env = Object.fromEntries( + TYPES.map(({ name, type }) => [ + type, + { + values: Array.from({ length: 3 }, generators[type]), + methods: getMethods(mock, { + add: `$add(uint256,${type})`, + remove: `$remove(uint256,${type})`, + contains: `$contains(uint256,${type})`, + length: `$length_EnumerableSet_${name}(uint256)`, + at: `$at_EnumerableSet_${name}(uint256,uint256)`, + values: `$values_EnumerableSet_${name}(uint256)`, + }), + events: { + addReturn: `return$add_EnumerableSet_${name}_${type}`, + removeReturn: `return$remove_EnumerableSet_${name}_${type}`, + }, + }, + ]), + ); + + return { mock, env }; +} + +describe('EnumerableSet', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + for (const { type } of TYPES) { + describe(type, function () { + beforeEach(function () { + Object.assign(this, this.env[type]); + [this.valueA, this.valueB, this.valueC] = this.values; + }); + + shouldBehaveLikeSet(); + }); + } +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/Heap.t.sol b/dependencies/@openzeppelin/test/utils/structs/Heap.t.sol new file mode 100644 index 00000000..434f37f6 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/Heap.t.sol @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.20; + +import {Test} from "forge-std/Test.sol"; +import {Math} from "@openzeppelin/contracts/utils/math/Math.sol"; +import {Heap} from "@openzeppelin/contracts/utils/structs/Heap.sol"; +import {Comparators} from "@openzeppelin/contracts/utils/Comparators.sol"; + +contract Uint256HeapTest is Test { + using Heap for Heap.Uint256Heap; + + Heap.Uint256Heap internal heap; + + function _validateHeap(function(uint256, uint256) view returns (bool) comp) internal { + for (uint32 i = 1; i < heap.length(); ++i) { + assertFalse(comp(heap.tree[i], heap.tree[(i - 1) / 2])); + } + } + + function testFuzz(uint256[] calldata input) public { + vm.assume(input.length < 0x20); + assertEq(heap.length(), 0); + + uint256 min = type(uint256).max; + for (uint256 i = 0; i < input.length; ++i) { + heap.insert(input[i]); + assertEq(heap.length(), i + 1); + _validateHeap(Comparators.lt); + + min = Math.min(min, input[i]); + assertEq(heap.peek(), min); + } + + uint256 max = 0; + for (uint256 i = 0; i < input.length; ++i) { + uint256 top = heap.peek(); + uint256 pop = heap.pop(); + assertEq(heap.length(), input.length - i - 1); + _validateHeap(Comparators.lt); + + assertEq(pop, top); + assertGe(pop, max); + max = pop; + } + } + + function testFuzzGt(uint256[] calldata input) public { + vm.assume(input.length < 0x20); + assertEq(heap.length(), 0); + + uint256 max = 0; + for (uint256 i = 0; i < input.length; ++i) { + heap.insert(input[i], Comparators.gt); + assertEq(heap.length(), i + 1); + _validateHeap(Comparators.gt); + + max = Math.max(max, input[i]); + assertEq(heap.peek(), max); + } + + uint256 min = type(uint256).max; + for (uint256 i = 0; i < input.length; ++i) { + uint256 top = heap.peek(); + uint256 pop = heap.pop(Comparators.gt); + assertEq(heap.length(), input.length - i - 1); + _validateHeap(Comparators.gt); + + assertEq(pop, top); + assertLe(pop, min); + min = pop; + } + } +} diff --git a/dependencies/@openzeppelin/test/utils/structs/Heap.test.js b/dependencies/@openzeppelin/test/utils/structs/Heap.test.js new file mode 100644 index 00000000..6d751205 --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/Heap.test.js @@ -0,0 +1,113 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); + +async function fixture() { + const mock = await ethers.deployContract('$Heap'); + return { mock }; +} + +describe('Heap', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('Uint256Heap', function () { + it('starts empty', async function () { + expect(await this.mock.$length(0)).to.equal(0n); + }); + + it('peek, pop and replace from empty', async function () { + await expect(this.mock.$peek(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + await expect(this.mock.$pop(0)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + await expect(this.mock.$replace(0, 0n)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + }); + + it('clear', async function () { + await this.mock.$insert(0, 42n); + + expect(await this.mock.$length(0)).to.equal(1n); + expect(await this.mock.$peek(0)).to.equal(42n); + + await this.mock.$clear(0); + + expect(await this.mock.$length(0)).to.equal(0n); + await expect(this.mock.$peek(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + }); + + it('support duplicated items', async function () { + expect(await this.mock.$length(0)).to.equal(0n); + + // insert 5 times + await this.mock.$insert(0, 42n); + await this.mock.$insert(0, 42n); + await this.mock.$insert(0, 42n); + await this.mock.$insert(0, 42n); + await this.mock.$insert(0, 42n); + + // pop 5 times + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(42n); + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(42n); + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(42n); + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(42n); + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(42n); + + // popping a 6th time panics + await expect(this.mock.$pop(0)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + }); + + it('insert, pop and replace', async function () { + const heap = []; + for (const { op, value } of [ + { op: 'insert', value: 712 }, // [712] + { op: 'insert', value: 20 }, // [20, 712] + { op: 'insert', value: 4337 }, // [20, 712, 4437] + { op: 'pop' }, // 20, [712, 4437] + { op: 'insert', value: 1559 }, // [712, 1559, 4437] + { op: 'insert', value: 165 }, // [165, 712, 1559, 4437] + { op: 'insert', value: 155 }, // [155, 165, 712, 1559, 4437] + { op: 'insert', value: 7702 }, // [155, 165, 712, 1559, 4437, 7702] + { op: 'pop' }, // 155, [165, 712, 1559, 4437, 7702] + { op: 'replace', value: 721 }, // 165, [712, 721, 1559, 4437, 7702] + { op: 'pop' }, // 712, [721, 1559, 4437, 7702] + { op: 'pop' }, // 721, [1559, 4437, 7702] + { op: 'pop' }, // 1559, [4437, 7702] + { op: 'pop' }, // 4437, [7702] + { op: 'pop' }, // 7702, [] + { op: 'pop' }, // panic + { op: 'replace', value: '1363' }, // panic + ]) { + switch (op) { + case 'insert': + await this.mock.$insert(0, value); + heap.push(value); + heap.sort((a, b) => a - b); + break; + case 'pop': + if (heap.length == 0) { + await expect(this.mock.$pop(0)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + } else { + await expect(this.mock.$pop(0)).to.emit(this.mock, 'return$pop').withArgs(heap.shift()); + } + break; + case 'replace': + if (heap.length == 0) { + await expect(this.mock.$replace(0, value)).to.be.revertedWithPanic(PANIC_CODES.POP_ON_EMPTY_ARRAY); + } else { + await expect(this.mock.$replace(0, value)).to.emit(this.mock, 'return$replace').withArgs(heap.shift()); + heap.push(value); + heap.sort((a, b) => a - b); + } + break; + } + expect(await this.mock.$length(0)).to.equal(heap.length); + if (heap.length == 0) { + await expect(this.mock.$peek(0)).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS); + } else { + expect(await this.mock.$peek(0)).to.equal(heap[0]); + } + } + }); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/structs/MerkleTree.test.js b/dependencies/@openzeppelin/test/utils/structs/MerkleTree.test.js new file mode 100644 index 00000000..bec39cee --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/structs/MerkleTree.test.js @@ -0,0 +1,100 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic'); +const { StandardMerkleTree } = require('@openzeppelin/merkle-tree'); + +const { generators } = require('../../helpers/random'); + +const makeTree = (leaves = [ethers.ZeroHash]) => + StandardMerkleTree.of( + leaves.map(leaf => [leaf]), + ['bytes32'], + { sortLeaves: false }, + ); + +const hashLeaf = leaf => makeTree().leafHash([leaf]); + +const DEPTH = 4n; // 16 slots +const ZERO = hashLeaf(ethers.ZeroHash); + +async function fixture() { + const mock = await ethers.deployContract('MerkleTreeMock'); + await mock.setup(DEPTH, ZERO); + return { mock }; +} + +describe('MerkleTree', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + it('sets initial values at setup', async function () { + const merkleTree = makeTree(Array.from({ length: 2 ** Number(DEPTH) }, () => ethers.ZeroHash)); + + expect(await this.mock.root()).to.equal(merkleTree.root); + expect(await this.mock.depth()).to.equal(DEPTH); + expect(await this.mock.nextLeafIndex()).to.equal(0n); + }); + + describe('push', function () { + it('tree is correctly updated', async function () { + const leaves = Array.from({ length: 2 ** Number(DEPTH) }, () => ethers.ZeroHash); + + // for each leaf slot + for (const i in leaves) { + // generate random leaf and hash it + const hashedLeaf = hashLeaf((leaves[i] = generators.bytes32())); + + // update leaf list and rebuild tree. + const tree = makeTree(leaves); + + // push value to tree + await expect(this.mock.push(hashedLeaf)).to.emit(this.mock, 'LeafInserted').withArgs(hashedLeaf, i, tree.root); + + // check tree + expect(await this.mock.root()).to.equal(tree.root); + expect(await this.mock.nextLeafIndex()).to.equal(BigInt(i) + 1n); + } + }); + + it('revert when tree is full', async function () { + await Promise.all(Array.from({ length: 2 ** Number(DEPTH) }).map(() => this.mock.push(ethers.ZeroHash))); + + await expect(this.mock.push(ethers.ZeroHash)).to.be.revertedWithPanic(PANIC_CODES.TOO_MUCH_MEMORY_ALLOCATED); + }); + }); + + it('reset', async function () { + // empty tree + const zeroLeaves = Array.from({ length: 2 ** Number(DEPTH) }, () => ethers.ZeroHash); + const zeroTree = makeTree(zeroLeaves); + + // tree with one element + const leaves = Array.from({ length: 2 ** Number(DEPTH) }, () => ethers.ZeroHash); + const hashedLeaf = hashLeaf((leaves[0] = generators.bytes32())); // fill first leaf and hash it + const tree = makeTree(leaves); + + // root should be that of a zero tree + expect(await this.mock.root()).to.equal(zeroTree.root); + expect(await this.mock.nextLeafIndex()).to.equal(0n); + + // push leaf and check root + await expect(this.mock.push(hashedLeaf)).to.emit(this.mock, 'LeafInserted').withArgs(hashedLeaf, 0, tree.root); + + expect(await this.mock.root()).to.equal(tree.root); + expect(await this.mock.nextLeafIndex()).to.equal(1n); + + // reset tree + await this.mock.setup(DEPTH, ZERO); + + expect(await this.mock.root()).to.equal(zeroTree.root); + expect(await this.mock.nextLeafIndex()).to.equal(0n); + + // re-push leaf and check root + await expect(this.mock.push(hashedLeaf)).to.emit(this.mock, 'LeafInserted').withArgs(hashedLeaf, 0, tree.root); + + expect(await this.mock.root()).to.equal(tree.root); + expect(await this.mock.nextLeafIndex()).to.equal(1n); + }); +}); diff --git a/dependencies/@openzeppelin/test/utils/types/Time.test.js b/dependencies/@openzeppelin/test/utils/types/Time.test.js new file mode 100644 index 00000000..3ab6fefa --- /dev/null +++ b/dependencies/@openzeppelin/test/utils/types/Time.test.js @@ -0,0 +1,135 @@ +const { ethers } = require('hardhat'); +const { expect } = require('chai'); +const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); + +const { product } = require('../../helpers/iterate'); +const { max } = require('../../helpers/math'); +const time = require('../../helpers/time'); + +const MAX_UINT32 = 1n << (32n - 1n); +const MAX_UINT48 = 1n << (48n - 1n); +const SOME_VALUES = [0n, 1n, 2n, 15n, 16n, 17n, 42n]; + +const asUint = (value, size) => { + value = ethers.toBigInt(value); + size = ethers.toBigInt(size); + expect(value).to.be.greaterThanOrEqual(0n, `value is not a valid uint${size}`); + expect(value).to.be.lessThan(1n << size, `value is not a valid uint${size}`); + return value; +}; + +const unpackDelay = delay => ({ + valueBefore: (asUint(delay, 112) >> 32n) % (1n << 32n), + valueAfter: (asUint(delay, 112) >> 0n) % (1n << 32n), + effect: (asUint(delay, 112) >> 64n) % (1n << 48n), +}); + +const packDelay = ({ valueBefore, valueAfter = 0n, effect = 0n }) => + (asUint(valueAfter, 32) << 0n) + (asUint(valueBefore, 32) << 32n) + (asUint(effect, 48) << 64n); + +const effectSamplesForTimepoint = timepoint => [ + 0n, + timepoint, + ...product([-1n, 1n], [1n, 2n, 17n, 42n]) + .map(([sign, shift]) => timepoint + sign * shift) + .filter(effect => effect > 0n && effect <= MAX_UINT48), + MAX_UINT48, +]; + +async function fixture() { + const mock = await ethers.deployContract('$Time'); + return { mock }; +} + +describe('Time', function () { + beforeEach(async function () { + Object.assign(this, await loadFixture(fixture)); + }); + + describe('clocks', function () { + it('timestamp', async function () { + expect(await this.mock.$timestamp()).to.equal(await time.clock.timestamp()); + }); + + it('block number', async function () { + expect(await this.mock.$blockNumber()).to.equal(await time.clock.blocknumber()); + }); + }); + + describe('Delay', function () { + describe('packing and unpacking', function () { + const valueBefore = 17n; + const valueAfter = 42n; + const effect = 69n; + const delay = 1272825341158973505578n; + + it('pack', async function () { + expect(await this.mock.$pack(valueBefore, valueAfter, effect)).to.equal(delay); + expect(packDelay({ valueBefore, valueAfter, effect })).to.equal(delay); + }); + + it('unpack', async function () { + expect(await this.mock.$unpack(delay)).to.deep.equal([valueBefore, valueAfter, effect]); + + expect(unpackDelay(delay)).to.deep.equal({ + valueBefore, + valueAfter, + effect, + }); + }); + }); + + it('toDelay', async function () { + for (const value of [...SOME_VALUES, MAX_UINT32]) { + expect(await this.mock.$toDelay(value).then(unpackDelay)).to.deep.equal({ + valueBefore: 0n, + valueAfter: value, + effect: 0n, + }); + } + }); + + it('get & getFull', async function () { + const timepoint = await time.clock.timestamp(); + const valueBefore = 24194n; + const valueAfter = 4214143n; + + for (const effect of effectSamplesForTimepoint(timepoint)) { + const isPast = effect <= timepoint; + const delay = packDelay({ valueBefore, valueAfter, effect }); + + expect(await this.mock.$get(delay)).to.equal(isPast ? valueAfter : valueBefore); + expect(await this.mock.$getFull(delay)).to.deep.equal([ + isPast ? valueAfter : valueBefore, + isPast ? 0n : valueAfter, + isPast ? 0n : effect, + ]); + } + }); + + it('withUpdate', async function () { + const timepoint = await time.clock.timestamp(); + const valueBefore = 24194n; + const valueAfter = 4214143n; + const newvalueAfter = 94716n; + + for (const effect of effectSamplesForTimepoint(timepoint)) + for (const minSetback of [...SOME_VALUES, MAX_UINT32]) { + const isPast = effect <= timepoint; + const expectedvalueBefore = isPast ? valueAfter : valueBefore; + const expectedSetback = max(minSetback, expectedvalueBefore - newvalueAfter, 0n); + + expect( + await this.mock.$withUpdate(packDelay({ valueBefore, valueAfter, effect }), newvalueAfter, minSetback), + ).to.deep.equal([ + packDelay({ + valueBefore: expectedvalueBefore, + valueAfter: newvalueAfter, + effect: timepoint + expectedSetback, + }), + timepoint + expectedSetback, + ]); + } + }); + }); +}); diff --git a/dependencies/@openzeppelin/yarn.lock b/dependencies/@openzeppelin/yarn.lock new file mode 100644 index 00000000..84ca2aae --- /dev/null +++ b/dependencies/@openzeppelin/yarn.lock @@ -0,0 +1,4560 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@adraffy/ens-normalize@1.10.0": + version "1.10.0" + resolved "https://registry.yarnpkg.com/@adraffy/ens-normalize/-/ens-normalize-1.10.0.tgz#d2a39395c587e092d77cbbc80acf956a54f38bf7" + integrity sha512-nA9XHtlAkYfJxY7bce8DcN7eKxWWCWkU+1GR9d+U6MbNpfwQp8TI7vqOsBsMcHoT4mBu2kypKoSKnghEzOOq5Q== + +"@adraffy/ens-normalize@1.10.1": + version "1.10.1" + resolved "https://registry.yarnpkg.com/@adraffy/ens-normalize/-/ens-normalize-1.10.1.tgz#63430d04bd8c5e74f8d7d049338f1cd9d4f02069" + integrity sha512-96Z2IP3mYmF1Xg2cDm8f1gWGf/HUVedQ3FMifV4kG/PQ4yEP51xDtRAEfhVNt5f/uzpNkZHwWQuUcu6D6K+Ekw== + +"@babel/code-frame@^7.0.0": + version "7.26.2" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.26.2.tgz#4b5fab97d33338eff916235055f0ebc21e573a85" + integrity sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ== + dependencies: + "@babel/helper-validator-identifier" "^7.25.9" + js-tokens "^4.0.0" + picocolors "^1.0.0" + +"@babel/helper-validator-identifier@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz#24b64e2c3ec7cd3b3c547729b8d16871f22cbdc7" + integrity sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ== + +"@babel/runtime@^7.5.5": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.26.0.tgz#8600c2f595f277c60815256418b85356a65173c1" + integrity sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw== + dependencies: + regenerator-runtime "^0.14.0" + +"@bytecodealliance/preview2-shim@0.17.0": + version "0.17.0" + resolved "https://registry.yarnpkg.com/@bytecodealliance/preview2-shim/-/preview2-shim-0.17.0.tgz#9bc1cadbb9f86c446c6f579d3431c08a06a6672e" + integrity sha512-JorcEwe4ud0x5BS/Ar2aQWOQoFzjq/7jcnxYXCvSMh0oRm0dQXzOA+hqLDBnOMks1LLBA7dmiLLsEBl09Yd6iQ== + +"@changesets/apply-release-plan@^7.0.7": + version "7.0.7" + resolved "https://registry.yarnpkg.com/@changesets/apply-release-plan/-/apply-release-plan-7.0.7.tgz#cabeaed77de07c6bd9878a9bc5ffd3ea7db7f7ff" + integrity sha512-qnPOcmmmnD0MfMg9DjU1/onORFyRpDXkMMl2IJg9mECY6RnxL3wN0TCCc92b2sXt1jt8DgjAUUsZYGUGTdYIXA== + dependencies: + "@changesets/config" "^3.0.5" + "@changesets/get-version-range-type" "^0.4.0" + "@changesets/git" "^3.0.2" + "@changesets/should-skip-package" "^0.1.1" + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + detect-indent "^6.0.0" + fs-extra "^7.0.1" + lodash.startcase "^4.4.0" + outdent "^0.5.0" + prettier "^2.7.1" + resolve-from "^5.0.0" + semver "^7.5.3" + +"@changesets/assemble-release-plan@^6.0.5": + version "6.0.5" + resolved "https://registry.yarnpkg.com/@changesets/assemble-release-plan/-/assemble-release-plan-6.0.5.tgz#d987b01c2d91c8b2f81eedd2df56ba355e4ce536" + integrity sha512-IgvBWLNKZd6k4t72MBTBK3nkygi0j3t3zdC1zrfusYo0KpdsvnDjrMM9vPnTCLCMlfNs55jRL4gIMybxa64FCQ== + dependencies: + "@changesets/errors" "^0.2.0" + "@changesets/get-dependents-graph" "^2.1.2" + "@changesets/should-skip-package" "^0.1.1" + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + semver "^7.5.3" + +"@changesets/changelog-git@^0.2.0": + version "0.2.0" + resolved "https://registry.yarnpkg.com/@changesets/changelog-git/-/changelog-git-0.2.0.tgz#1f3de11becafff5a38ebe295038a602403c93a86" + integrity sha512-bHOx97iFI4OClIT35Lok3sJAwM31VbUM++gnMBV16fdbtBhgYu4dxsphBF/0AZZsyAHMrnM0yFcj5gZM1py6uQ== + dependencies: + "@changesets/types" "^6.0.0" + +"@changesets/changelog-github@^0.5.0": + version "0.5.0" + resolved "https://registry.yarnpkg.com/@changesets/changelog-github/-/changelog-github-0.5.0.tgz#ae96e5029209f7386527b3821d9c988b1ab16662" + integrity sha512-zoeq2LJJVcPJcIotHRJEEA2qCqX0AQIeFE+L21L8sRLPVqDhSXY8ZWAt2sohtBpFZkBwu+LUwMSKRr2lMy3LJA== + dependencies: + "@changesets/get-github-info" "^0.6.0" + "@changesets/types" "^6.0.0" + dotenv "^8.1.0" + +"@changesets/cli@^2.26.0": + version "2.27.11" + resolved "https://registry.yarnpkg.com/@changesets/cli/-/cli-2.27.11.tgz#1d510044b350a7c78a8b55a0591637d7ad224469" + integrity sha512-1QislpE+nvJgSZZo9+Lj3Lno5pKBgN46dAV8IVxKJy9wX8AOrs9nn5pYVZuDpoxWJJCALmbfOsHkyxujgetQSg== + dependencies: + "@changesets/apply-release-plan" "^7.0.7" + "@changesets/assemble-release-plan" "^6.0.5" + "@changesets/changelog-git" "^0.2.0" + "@changesets/config" "^3.0.5" + "@changesets/errors" "^0.2.0" + "@changesets/get-dependents-graph" "^2.1.2" + "@changesets/get-release-plan" "^4.0.6" + "@changesets/git" "^3.0.2" + "@changesets/logger" "^0.1.1" + "@changesets/pre" "^2.0.1" + "@changesets/read" "^0.6.2" + "@changesets/should-skip-package" "^0.1.1" + "@changesets/types" "^6.0.0" + "@changesets/write" "^0.3.2" + "@manypkg/get-packages" "^1.1.3" + ansi-colors "^4.1.3" + ci-info "^3.7.0" + enquirer "^2.4.1" + external-editor "^3.1.0" + fs-extra "^7.0.1" + mri "^1.2.0" + p-limit "^2.2.0" + package-manager-detector "^0.2.0" + picocolors "^1.1.0" + resolve-from "^5.0.0" + semver "^7.5.3" + spawndamnit "^3.0.1" + term-size "^2.1.0" + +"@changesets/config@^3.0.5": + version "3.0.5" + resolved "https://registry.yarnpkg.com/@changesets/config/-/config-3.0.5.tgz#cb59e9f338a4b35d3266af8a32799cb940d54ee0" + integrity sha512-QyXLSSd10GquX7hY0Mt4yQFMEeqnO5z/XLpbIr4PAkNNoQNKwDyiSrx4yd749WddusH1v3OSiA0NRAYmH/APpQ== + dependencies: + "@changesets/errors" "^0.2.0" + "@changesets/get-dependents-graph" "^2.1.2" + "@changesets/logger" "^0.1.1" + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + fs-extra "^7.0.1" + micromatch "^4.0.8" + +"@changesets/errors@^0.2.0": + version "0.2.0" + resolved "https://registry.yarnpkg.com/@changesets/errors/-/errors-0.2.0.tgz#3c545e802b0f053389cadcf0ed54e5636ff9026a" + integrity sha512-6BLOQUscTpZeGljvyQXlWOItQyU71kCdGz7Pi8H8zdw6BI0g3m43iL4xKUVPWtG+qrrL9DTjpdn8eYuCQSRpow== + dependencies: + extendable-error "^0.1.5" + +"@changesets/get-dependents-graph@^2.1.2": + version "2.1.2" + resolved "https://registry.yarnpkg.com/@changesets/get-dependents-graph/-/get-dependents-graph-2.1.2.tgz#108304652d4bf22c9fee9f1d31dcf9908c24ca51" + integrity sha512-sgcHRkiBY9i4zWYBwlVyAjEM9sAzs4wYVwJUdnbDLnVG3QwAaia1Mk5P8M7kraTOZN+vBET7n8KyB0YXCbFRLQ== + dependencies: + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + picocolors "^1.1.0" + semver "^7.5.3" + +"@changesets/get-github-info@^0.6.0": + version "0.6.0" + resolved "https://registry.yarnpkg.com/@changesets/get-github-info/-/get-github-info-0.6.0.tgz#faba66a20a3a5a0cbabea28efd43c9ede7429f11" + integrity sha512-v/TSnFVXI8vzX9/w3DU2Ol+UlTZcu3m0kXTjTT4KlAdwSvwutcByYwyYn9hwerPWfPkT2JfpoX0KgvCEi8Q/SA== + dependencies: + dataloader "^1.4.0" + node-fetch "^2.5.0" + +"@changesets/get-release-plan@^4.0.6": + version "4.0.6" + resolved "https://registry.yarnpkg.com/@changesets/get-release-plan/-/get-release-plan-4.0.6.tgz#40d70c2524be51a70b7e1a778826854bb6c8562a" + integrity sha512-FHRwBkY7Eili04Y5YMOZb0ezQzKikTka4wL753vfUA5COSebt7KThqiuCN9BewE4/qFGgF/5t3AuzXx1/UAY4w== + dependencies: + "@changesets/assemble-release-plan" "^6.0.5" + "@changesets/config" "^3.0.5" + "@changesets/pre" "^2.0.1" + "@changesets/read" "^0.6.2" + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + +"@changesets/get-version-range-type@^0.4.0": + version "0.4.0" + resolved "https://registry.yarnpkg.com/@changesets/get-version-range-type/-/get-version-range-type-0.4.0.tgz#429a90410eefef4368502c41c63413e291740bf5" + integrity sha512-hwawtob9DryoGTpixy1D3ZXbGgJu1Rhr+ySH2PvTLHvkZuQ7sRT4oQwMh0hbqZH1weAooedEjRsbrWcGLCeyVQ== + +"@changesets/git@^3.0.2": + version "3.0.2" + resolved "https://registry.yarnpkg.com/@changesets/git/-/git-3.0.2.tgz#669c700049dc3b8ba53f46de45f5c4b1e6ddea3b" + integrity sha512-r1/Kju9Y8OxRRdvna+nxpQIsMsRQn9dhhAZt94FLDeu0Hij2hnOozW8iqnHBgvu+KdnJppCveQwK4odwfw/aWQ== + dependencies: + "@changesets/errors" "^0.2.0" + "@manypkg/get-packages" "^1.1.3" + is-subdir "^1.1.1" + micromatch "^4.0.8" + spawndamnit "^3.0.1" + +"@changesets/logger@^0.1.1": + version "0.1.1" + resolved "https://registry.yarnpkg.com/@changesets/logger/-/logger-0.1.1.tgz#9926ac4dc8fb00472fe1711603b6b4755d64b435" + integrity sha512-OQtR36ZlnuTxKqoW4Sv6x5YIhOmClRd5pWsjZsddYxpWs517R0HkyiefQPIytCVh4ZcC5x9XaG8KTdd5iRQUfg== + dependencies: + picocolors "^1.1.0" + +"@changesets/parse@^0.4.0": + version "0.4.0" + resolved "https://registry.yarnpkg.com/@changesets/parse/-/parse-0.4.0.tgz#5cabbd9844b3b213cb83f5edb5768454c70dd2b4" + integrity sha512-TS/9KG2CdGXS27S+QxbZXgr8uPsP4yNJYb4BC2/NeFUj80Rni3TeD2qwWmabymxmrLo7JEsytXH1FbpKTbvivw== + dependencies: + "@changesets/types" "^6.0.0" + js-yaml "^3.13.1" + +"@changesets/pre@^2.0.0", "@changesets/pre@^2.0.1": + version "2.0.1" + resolved "https://registry.yarnpkg.com/@changesets/pre/-/pre-2.0.1.tgz#3ed60f9d218b3b81d3074d72139582da11a94d5f" + integrity sha512-vvBJ/If4jKM4tPz9JdY2kGOgWmCowUYOi5Ycv8dyLnEE8FgpYYUo1mgJZxcdtGGP3aG8rAQulGLyyXGSLkIMTQ== + dependencies: + "@changesets/errors" "^0.2.0" + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + fs-extra "^7.0.1" + +"@changesets/read@^0.6.0", "@changesets/read@^0.6.2": + version "0.6.2" + resolved "https://registry.yarnpkg.com/@changesets/read/-/read-0.6.2.tgz#816cf75dd22a70e75ac279474e44be52fb3fb91b" + integrity sha512-wjfQpJvryY3zD61p8jR87mJdyx2FIhEcdXhKUqkja87toMrP/3jtg/Yg29upN+N4Ckf525/uvV7a4tzBlpk6gg== + dependencies: + "@changesets/git" "^3.0.2" + "@changesets/logger" "^0.1.1" + "@changesets/parse" "^0.4.0" + "@changesets/types" "^6.0.0" + fs-extra "^7.0.1" + p-filter "^2.1.0" + picocolors "^1.1.0" + +"@changesets/should-skip-package@^0.1.1": + version "0.1.1" + resolved "https://registry.yarnpkg.com/@changesets/should-skip-package/-/should-skip-package-0.1.1.tgz#76218ef4ce7691351a6dffdb356e8893267b0b3a" + integrity sha512-H9LjLbF6mMHLtJIc/eHR9Na+MifJ3VxtgP/Y+XLn4BF7tDTEN1HNYtH6QMcjP1uxp9sjaFYmW8xqloaCi/ckTg== + dependencies: + "@changesets/types" "^6.0.0" + "@manypkg/get-packages" "^1.1.3" + +"@changesets/types@^4.0.1": + version "4.1.0" + resolved "https://registry.yarnpkg.com/@changesets/types/-/types-4.1.0.tgz#fb8f7ca2324fd54954824e864f9a61a82cb78fe0" + integrity sha512-LDQvVDv5Kb50ny2s25Fhm3d9QSZimsoUGBsUioj6MC3qbMUCuC8GPIvk/M6IvXx3lYhAs0lwWUQLb+VIEUCECw== + +"@changesets/types@^6.0.0": + version "6.0.0" + resolved "https://registry.yarnpkg.com/@changesets/types/-/types-6.0.0.tgz#e46abda9890610dd1fbe1617730173d2267544bd" + integrity sha512-b1UkfNulgKoWfqyHtzKS5fOZYSJO+77adgL7DLRDr+/7jhChN+QcHnbjiQVOz/U+Ts3PGNySq7diAItzDgugfQ== + +"@changesets/write@^0.3.2": + version "0.3.2" + resolved "https://registry.yarnpkg.com/@changesets/write/-/write-0.3.2.tgz#bee64e4ccdff480872df5d1e38f2b913cb940116" + integrity sha512-kDxDrPNpUgsjDbWBvUo27PzKX4gqeKOlhibaOXDJA6kuBisGqNHv/HwGJrAu8U/dSf8ZEFIeHIPtvSlZI1kULw== + dependencies: + "@changesets/types" "^6.0.0" + fs-extra "^7.0.1" + human-id "^1.0.2" + prettier "^2.7.1" + +"@colors/colors@1.5.0": + version "1.5.0" + resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9" + integrity sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ== + +"@eslint-community/eslint-utils@^4.2.0": + version "4.4.1" + resolved "https://registry.yarnpkg.com/@eslint-community/eslint-utils/-/eslint-utils-4.4.1.tgz#d1145bf2c20132d6400495d6df4bf59362fd9d56" + integrity sha512-s3O3waFUrMV8P/XaF/+ZTp1X9XBZW1a4B97ZnjQF2KYWaFD2A8KyFBsrsfSjEmjn3RGWAIuvlneuZm3CUK3jbA== + dependencies: + eslint-visitor-keys "^3.4.3" + +"@eslint-community/regexpp@^4.6.1": + version "4.12.1" + resolved "https://registry.yarnpkg.com/@eslint-community/regexpp/-/regexpp-4.12.1.tgz#cfc6cffe39df390a3841cde2abccf92eaa7ae0e0" + integrity sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ== + +"@eslint/eslintrc@^2.1.4": + version "2.1.4" + resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-2.1.4.tgz#388a269f0f25c1b6adc317b5a2c55714894c70ad" + integrity sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ== + dependencies: + ajv "^6.12.4" + debug "^4.3.2" + espree "^9.6.0" + globals "^13.19.0" + ignore "^5.2.0" + import-fresh "^3.2.1" + js-yaml "^4.1.0" + minimatch "^3.1.2" + strip-json-comments "^3.1.1" + +"@eslint/js@8.57.1": + version "8.57.1" + resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.57.1.tgz#de633db3ec2ef6a3c89e2f19038063e8a122e2c2" + integrity sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q== + +"@ethereumjs/rlp@^4.0.1": + version "4.0.1" + resolved "https://registry.yarnpkg.com/@ethereumjs/rlp/-/rlp-4.0.1.tgz#626fabfd9081baab3d0a3074b0c7ecaf674aaa41" + integrity sha512-tqsQiBQDQdmPWE1xkkBq4rlSW5QZpLOUJ5RJh2/9fug+q9tnUhuZoVLk7s0scUIKTOzEtR72DFBXI4WiZcMpvw== + +"@ethereumjs/util@^8.1.0": + version "8.1.0" + resolved "https://registry.yarnpkg.com/@ethereumjs/util/-/util-8.1.0.tgz#299df97fb6b034e0577ce9f94c7d9d1004409ed4" + integrity sha512-zQ0IqbdX8FZ9aw11vP+dZkKDkS+kgIvQPHnSAXzP9pLu+Rfu3D3XEeLbicvoXJTYnhZiPmsZUxgdzXwNKxRPbA== + dependencies: + "@ethereumjs/rlp" "^4.0.1" + ethereum-cryptography "^2.0.0" + micro-ftch "^0.3.1" + +"@ethersproject/abi@^5.0.9", "@ethersproject/abi@^5.1.2", "@ethersproject/abi@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/abi/-/abi-5.7.0.tgz#b3f3e045bbbeed1af3947335c247ad625a44e449" + integrity sha512-351ktp42TiRcYB3H1OP8yajPeAQstMW/yCFokj/AthP9bLHzQFPlOrxOcwYEDkUAICmOHljvN4K39OMTMUa9RA== + dependencies: + "@ethersproject/address" "^5.7.0" + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/constants" "^5.7.0" + "@ethersproject/hash" "^5.7.0" + "@ethersproject/keccak256" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + "@ethersproject/strings" "^5.7.0" + +"@ethersproject/abstract-provider@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/abstract-provider/-/abstract-provider-5.7.0.tgz#b0a8550f88b6bf9d51f90e4795d48294630cb9ef" + integrity sha512-R41c9UkchKCpAqStMYUpdunjo3pkEvZC3FAwZn5S5MGbXoMQOHIdHItezTETxAO5bevtMApSyEhn9+CHcDsWBw== + dependencies: + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/networks" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + "@ethersproject/transactions" "^5.7.0" + "@ethersproject/web" "^5.7.0" + +"@ethersproject/abstract-signer@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/abstract-signer/-/abstract-signer-5.7.0.tgz#13f4f32117868452191a4649723cb086d2b596b2" + integrity sha512-a16V8bq1/Cz+TGCkE2OPMTOUDLS3grCpdjoJCYNnVBbdYEMSgKrU0+B90s8b6H+ByYTBZN7a3g76jdIJi7UfKQ== + dependencies: + "@ethersproject/abstract-provider" "^5.7.0" + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + +"@ethersproject/address@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/address/-/address-5.7.0.tgz#19b56c4d74a3b0a46bfdbb6cfcc0a153fc697f37" + integrity sha512-9wYhYt7aghVGo758POM5nqcOMaE168Q6aRLJZwUmiqSrAungkG74gSSeKEIR7ukixesdRZGPgVqme6vmxs1fkA== + dependencies: + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/keccak256" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/rlp" "^5.7.0" + +"@ethersproject/base64@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/base64/-/base64-5.7.0.tgz#ac4ee92aa36c1628173e221d0d01f53692059e1c" + integrity sha512-Dr8tcHt2mEbsZr/mwTPIQAf3Ai0Bks/7gTw9dSqk1mQvhW3XvRlmDJr/4n+wg1JmCl16NZue17CDh8xb/vZ0sQ== + dependencies: + "@ethersproject/bytes" "^5.7.0" + +"@ethersproject/bignumber@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/bignumber/-/bignumber-5.7.0.tgz#e2f03837f268ba655ffba03a57853e18a18dc9c2" + integrity sha512-n1CAdIHRWjSucQO3MC1zPSVgV/6dy/fjL9pMrPP9peL+QxEg9wOsVqwD4+818B6LUEtaXzVHQiuivzRoxPxUGw== + dependencies: + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + bn.js "^5.2.1" + +"@ethersproject/bytes@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/bytes/-/bytes-5.7.0.tgz#a00f6ea8d7e7534d6d87f47188af1148d71f155d" + integrity sha512-nsbxwgFXWh9NyYWo+U8atvmMsSdKJprTcICAkvbBffT75qDocbuggBU0SJiVK2MuTrp0q+xvLkTnGMPK1+uA9A== + dependencies: + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/constants@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/constants/-/constants-5.7.0.tgz#df80a9705a7e08984161f09014ea012d1c75295e" + integrity sha512-DHI+y5dBNvkpYUMiRQyxRBYBefZkJfo70VUkUAsRjcPs47muV9evftfZ0PJVCXYbAiCgght0DtcF9srFQmIgWA== + dependencies: + "@ethersproject/bignumber" "^5.7.0" + +"@ethersproject/hash@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/hash/-/hash-5.7.0.tgz#eb7aca84a588508369562e16e514b539ba5240a7" + integrity sha512-qX5WrQfnah1EFnO5zJv1v46a8HW0+E5xuBBDTwMFZLuVTx0tbU2kkx15NqdjxecrLGatQN9FGQKpb1FKdHCt+g== + dependencies: + "@ethersproject/abstract-signer" "^5.7.0" + "@ethersproject/address" "^5.7.0" + "@ethersproject/base64" "^5.7.0" + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/keccak256" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + "@ethersproject/strings" "^5.7.0" + +"@ethersproject/keccak256@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/keccak256/-/keccak256-5.7.0.tgz#3186350c6e1cd6aba7940384ec7d6d9db01f335a" + integrity sha512-2UcPboeL/iW+pSg6vZ6ydF8tCnv3Iu/8tUmLLzWWGzxWKFFqOBQFLo6uLUv6BDrLgCDfN28RJ/wtByx+jZ4KBg== + dependencies: + "@ethersproject/bytes" "^5.7.0" + js-sha3 "0.8.0" + +"@ethersproject/logger@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/logger/-/logger-5.7.0.tgz#6ce9ae168e74fecf287be17062b590852c311892" + integrity sha512-0odtFdXu/XHtjQXJYA3u9G0G8btm0ND5Cu8M7i5vhEcE8/HmF4Lbdqanwyv4uQTr2tx6b7fQRmgLrsnpQlmnig== + +"@ethersproject/networks@^5.7.0": + version "5.7.1" + resolved "https://registry.yarnpkg.com/@ethersproject/networks/-/networks-5.7.1.tgz#118e1a981d757d45ccea6bb58d9fd3d9db14ead6" + integrity sha512-n/MufjFYv3yFcUyfhnXotyDlNdFb7onmkSy8aQERi2PjNcnWQ66xXxa3XlS8nCcA8aJKJjIIMNJTC7tu80GwpQ== + dependencies: + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/properties@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/properties/-/properties-5.7.0.tgz#a6e12cb0439b878aaf470f1902a176033067ed30" + integrity sha512-J87jy8suntrAkIZtecpxEPxY//szqr1mlBaYlQ0r4RCaiD2hjheqF9s1LVE8vVuJCXisjIP+JgtK/Do54ej4Sw== + dependencies: + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/rlp@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/rlp/-/rlp-5.7.0.tgz#de39e4d5918b9d74d46de93af80b7685a9c21304" + integrity sha512-rBxzX2vK8mVF7b0Tol44t5Tb8gomOHkj5guL+HhzQ1yBh/ydjGnpw6at+X6Iw0Kp3OzzzkcKp8N9r0W4kYSs9w== + dependencies: + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/signing-key@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/signing-key/-/signing-key-5.7.0.tgz#06b2df39411b00bc57c7c09b01d1e41cf1b16ab3" + integrity sha512-MZdy2nL3wO0u7gkB4nA/pEf8lu1TlFswPNmy8AiYkfKTdO6eXBJyUdmHO/ehm/htHw9K/qF8ujnTyUAD+Ry54Q== + dependencies: + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + bn.js "^5.2.1" + elliptic "6.5.4" + hash.js "1.1.7" + +"@ethersproject/strings@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/strings/-/strings-5.7.0.tgz#54c9d2a7c57ae8f1205c88a9d3a56471e14d5ed2" + integrity sha512-/9nu+lj0YswRNSH0NXYqrh8775XNyEdUQAuf3f+SmOrnVewcJ5SBNAjF7lpgehKi4abvNNXyf+HX86czCdJ8Mg== + dependencies: + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/constants" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/transactions@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/transactions/-/transactions-5.7.0.tgz#91318fc24063e057885a6af13fdb703e1f993d3b" + integrity sha512-kmcNicCp1lp8qanMTC3RIikGgoJ80ztTyvtsFvCYpSCfkjhD0jZ2LOrnbcuxuToLIUYYf+4XwD1rP+B/erDIhQ== + dependencies: + "@ethersproject/address" "^5.7.0" + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/constants" "^5.7.0" + "@ethersproject/keccak256" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + "@ethersproject/rlp" "^5.7.0" + "@ethersproject/signing-key" "^5.7.0" + +"@ethersproject/units@^5.7.0": + version "5.7.0" + resolved "https://registry.yarnpkg.com/@ethersproject/units/-/units-5.7.0.tgz#637b563d7e14f42deeee39245275d477aae1d8b1" + integrity sha512-pD3xLMy3SJu9kG5xDGI7+xhTEmGXlEqXU4OfNapmfnxLVY4EMSSRp7j1k7eezutBPH7RBN/7QPnwR7hzNlEFeg== + dependencies: + "@ethersproject/bignumber" "^5.7.0" + "@ethersproject/constants" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + +"@ethersproject/web@^5.7.0": + version "5.7.1" + resolved "https://registry.yarnpkg.com/@ethersproject/web/-/web-5.7.1.tgz#de1f285b373149bee5928f4eb7bcb87ee5fbb4ae" + integrity sha512-Gueu8lSvyjBWL4cYsWsjh6MtMwM0+H4HvqFPZfB6dV8ctbP9zFAO73VG1cMWae0FLPCtz0peKPpZY8/ugJJX2w== + dependencies: + "@ethersproject/base64" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/logger" "^5.7.0" + "@ethersproject/properties" "^5.7.0" + "@ethersproject/strings" "^5.7.0" + +"@fastify/busboy@^2.0.0": + version "2.1.1" + resolved "https://registry.yarnpkg.com/@fastify/busboy/-/busboy-2.1.1.tgz#b9da6a878a371829a0502c9b6c1c143ef6663f4d" + integrity sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA== + +"@frangio/servbot@^0.2.5": + version "0.2.5" + resolved "https://registry.yarnpkg.com/@frangio/servbot/-/servbot-0.2.5.tgz#d4524c15c8a34fcdde36037b84407c4c60b4cf16" + integrity sha512-ogja4iAPZ1VwM5MU3C1ZhB88358F0PGbmSTGOkIZwOyLaDoMHIqOVCnavHjR7DV5h+oAI4Z4KDqlam3myQUrmg== + +"@humanwhocodes/config-array@^0.13.0": + version "0.13.0" + resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.13.0.tgz#fb907624df3256d04b9aa2df50d7aa97ec648748" + integrity sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw== + dependencies: + "@humanwhocodes/object-schema" "^2.0.3" + debug "^4.3.1" + minimatch "^3.0.5" + +"@humanwhocodes/module-importer@^1.0.1": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz#af5b2691a22b44be847b0ca81641c5fb6ad0172c" + integrity sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA== + +"@humanwhocodes/object-schema@^2.0.3": + version "2.0.3" + resolved "https://registry.yarnpkg.com/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz#4a2868d75d6d6963e423bcf90b7fd1be343409d3" + integrity sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA== + +"@isaacs/cliui@^8.0.2": + version "8.0.2" + resolved "https://registry.yarnpkg.com/@isaacs/cliui/-/cliui-8.0.2.tgz#b37667b7bc181c168782259bab42474fbf52b550" + integrity sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA== + dependencies: + string-width "^5.1.2" + string-width-cjs "npm:string-width@^4.2.0" + strip-ansi "^7.0.1" + strip-ansi-cjs "npm:strip-ansi@^6.0.1" + wrap-ansi "^8.1.0" + wrap-ansi-cjs "npm:wrap-ansi@^7.0.0" + +"@manypkg/find-root@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@manypkg/find-root/-/find-root-1.1.0.tgz#a62d8ed1cd7e7d4c11d9d52a8397460b5d4ad29f" + integrity sha512-mki5uBvhHzO8kYYix/WRy2WX8S3B5wdVSc9D6KcU5lQNglP2yt58/VfLuAK49glRXChosY8ap2oJ1qgma3GUVA== + dependencies: + "@babel/runtime" "^7.5.5" + "@types/node" "^12.7.1" + find-up "^4.1.0" + fs-extra "^8.1.0" + +"@manypkg/get-packages@^1.1.3": + version "1.1.3" + resolved "https://registry.yarnpkg.com/@manypkg/get-packages/-/get-packages-1.1.3.tgz#e184db9bba792fa4693de4658cfb1463ac2c9c47" + integrity sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A== + dependencies: + "@babel/runtime" "^7.5.5" + "@changesets/types" "^4.0.1" + "@manypkg/find-root" "^1.1.0" + fs-extra "^8.1.0" + globby "^11.0.0" + read-yaml-file "^1.1.0" + +"@metamask/eth-sig-util@^4.0.0": + version "4.0.1" + resolved "https://registry.yarnpkg.com/@metamask/eth-sig-util/-/eth-sig-util-4.0.1.tgz#3ad61f6ea9ad73ba5b19db780d40d9aae5157088" + integrity sha512-tghyZKLHZjcdlDqCA3gNZmLeR0XvOE9U1qoQO9ohyAZT6Pya+H9vkBPcsyXytmYLNgVoin7CKCmweo/R43V+tQ== + dependencies: + ethereumjs-abi "^0.6.8" + ethereumjs-util "^6.2.1" + ethjs-util "^0.1.6" + tweetnacl "^1.0.3" + tweetnacl-util "^0.15.1" + +"@noble/curves@1.2.0", "@noble/curves@~1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@noble/curves/-/curves-1.2.0.tgz#92d7e12e4e49b23105a2555c6984d41733d65c35" + integrity sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw== + dependencies: + "@noble/hashes" "1.3.2" + +"@noble/curves@1.4.2", "@noble/curves@~1.4.0": + version "1.4.2" + resolved "https://registry.yarnpkg.com/@noble/curves/-/curves-1.4.2.tgz#40309198c76ed71bc6dbf7ba24e81ceb4d0d1fe9" + integrity sha512-TavHr8qycMChk8UwMld0ZDRvatedkzWfH8IiaeGCfymOP5i0hSCozz9vHOL0nkwk7HRMlFnAiKpS2jrUmSybcw== + dependencies: + "@noble/hashes" "1.4.0" + +"@noble/hashes@1.2.0", "@noble/hashes@~1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.2.0.tgz#a3150eeb09cc7ab207ebf6d7b9ad311a9bdbed12" + integrity sha512-FZfhjEDbT5GRswV3C6uvLPHMiVD6lQBmpoX5+eSiPaMTXte/IKqI5dykDxzZB/WBeK/CDuQRBWarPdi3FNY2zQ== + +"@noble/hashes@1.3.2": + version "1.3.2" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.2.tgz#6f26dbc8fbc7205873ce3cee2f690eba0d421b39" + integrity sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ== + +"@noble/hashes@1.4.0", "@noble/hashes@~1.4.0": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.4.0.tgz#45814aa329f30e4fe0ba49426f49dfccdd066426" + integrity sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg== + +"@noble/hashes@^1.4.0": + version "1.7.0" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.7.0.tgz#5d9e33af2c7d04fee35de1519b80c958b2e35e39" + integrity sha512-HXydb0DgzTpDPwbVeDGCG1gIu7X6+AuU6Zl6av/E/KG8LMsvPntvq+w17CHRpKBmN6Ybdrt1eP3k4cj8DJa78w== + +"@noble/hashes@~1.3.0", "@noble/hashes@~1.3.2": + version "1.3.3" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.3.tgz#39908da56a4adc270147bb07968bf3b16cfe1699" + integrity sha512-V7/fPHgl+jsVPXqqeOzT8egNj2iBIVt+ECeMMG8TdcnTikP3oaBtUVqpT/gYCR68aEBJSF+XbYUxStjbFMqIIA== + +"@noble/secp256k1@1.7.1", "@noble/secp256k1@~1.7.0": + version "1.7.1" + resolved "https://registry.yarnpkg.com/@noble/secp256k1/-/secp256k1-1.7.1.tgz#b251c70f824ce3ca7f8dc3df08d58f005cc0507c" + integrity sha512-hOUk6AyBFmqVrv7k5WAw/LpszxVbj9gGN4JRkIX52fdFAj1UA61KXmZDvqVEm+pOyec3+fIeZB02LYa/pWOArw== + +"@nodelib/fs.scandir@2.1.5": + version "2.1.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" + integrity sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== + dependencies: + "@nodelib/fs.stat" "2.0.5" + run-parallel "^1.1.9" + +"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz#5bd262af94e9d25bd1e71b05deed44876a222e8b" + integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== + +"@nodelib/fs.walk@^1.2.3", "@nodelib/fs.walk@^1.2.8": + version "1.2.8" + resolved "https://registry.yarnpkg.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz#e95737e8bb6746ddedf69c556953494f196fe69a" + integrity sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== + dependencies: + "@nodelib/fs.scandir" "2.1.5" + fastq "^1.6.0" + +"@nomicfoundation/edr-darwin-arm64@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-darwin-arm64/-/edr-darwin-arm64-0.7.0.tgz#2be3338a61508ed1d24326c82b9aa9224a844dd7" + integrity sha512-vAH20oh4GaSB/iQFTRcoO8jLc0CLd9XuLY9I7vtcqZWAiM4U1J4Y8cu67PWmtxbvUQOqXR7S6FtAr8/AlWm14g== + +"@nomicfoundation/edr-darwin-x64@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-darwin-x64/-/edr-darwin-x64-0.7.0.tgz#d2f782fc43bcae1c9aca3130aca6aa2a964e8559" + integrity sha512-WHDdIrPvLlgXQr2eKypBM5xOZAwdxhDAEQIvEMQL8tEEm2qYW2bliUlssBPrs8E3bdivFbe1HizImslMAfU3+g== + +"@nomicfoundation/edr-linux-arm64-gnu@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-linux-arm64-gnu/-/edr-linux-arm64-gnu-0.7.0.tgz#48b156744989acc8e6b0b754158a26e10ad865ed" + integrity sha512-WXpJB54ukz1no7gxCPXVEw9pgl/9UZ/WO3l1ctyv/T7vOygjqA4SUd6kppTs6MNXAuTiisPtvJ/fmvHiMBLrsw== + +"@nomicfoundation/edr-linux-arm64-musl@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-linux-arm64-musl/-/edr-linux-arm64-musl-0.7.0.tgz#60351352ec26704fed8a232430bf3793d17c29cd" + integrity sha512-1iZYOcEgc+zJI7JQrlAFziuy9sBz1WgnIx3HIIu0J7lBRZ/AXeHHgATb+4InqxtEx9O3W8A0s7f11SyFqJL4Aw== + +"@nomicfoundation/edr-linux-x64-gnu@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-linux-x64-gnu/-/edr-linux-x64-gnu-0.7.0.tgz#a7b056bfd46ccfde4d55c9601da5a410c2fce40f" + integrity sha512-wSjC94WcR5MM8sg9w3OsAmT6+bbmChJw6uJKoXR3qscps/jdhjzJWzfgT0XGRq3XMUfimyafW2RWOyfX3ouhrQ== + +"@nomicfoundation/edr-linux-x64-musl@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-linux-x64-musl/-/edr-linux-x64-musl-0.7.0.tgz#0fe9f5ace05072e845f71c8fbd28e57798dd6ab5" + integrity sha512-Us22+AZ7wkG1mZwxqE4S4ZcuwkEA5VrUiBOJSvKHGOgy6vFvB/Euh5Lkp4GovwjrtiXuvyGO2UmtkzymZKDxZw== + +"@nomicfoundation/edr-win32-x64-msvc@0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr-win32-x64-msvc/-/edr-win32-x64-msvc-0.7.0.tgz#f1b9a0a643db8dffcf5edb827c18e1cef25c4367" + integrity sha512-HAry0heTsWkzReVtjHwoIq3BgFCvXpVhJ5qPmTnegZGsr/KxqvMmHyDMifzKao4bycU8yrpTSyOiAJt27RWjzQ== + +"@nomicfoundation/edr@^0.7.0": + version "0.7.0" + resolved "https://registry.yarnpkg.com/@nomicfoundation/edr/-/edr-0.7.0.tgz#175cb8a81eac585dc76ad41585c908542acb9383" + integrity sha512-+Zyu7TE47TGNcPhOfWLPA/zISs32WDMXrhSWdWYyPHDVn/Uux5TVuOeScKb0BR/R8EJ+leR8COUF/EGxvDOVKg== + dependencies: + "@nomicfoundation/edr-darwin-arm64" "0.7.0" + "@nomicfoundation/edr-darwin-x64" "0.7.0" + "@nomicfoundation/edr-linux-arm64-gnu" "0.7.0" + "@nomicfoundation/edr-linux-arm64-musl" "0.7.0" + "@nomicfoundation/edr-linux-x64-gnu" "0.7.0" + "@nomicfoundation/edr-linux-x64-musl" "0.7.0" + "@nomicfoundation/edr-win32-x64-msvc" "0.7.0" + +"@nomicfoundation/ethereumjs-common@4.0.4": + version "4.0.4" + resolved "https://registry.yarnpkg.com/@nomicfoundation/ethereumjs-common/-/ethereumjs-common-4.0.4.tgz#9901f513af2d4802da87c66d6f255b510bef5acb" + integrity sha512-9Rgb658lcWsjiicr5GzNCjI1llow/7r0k50dLL95OJ+6iZJcVbi15r3Y0xh2cIO+zgX0WIHcbzIu6FeQf9KPrg== + dependencies: + "@nomicfoundation/ethereumjs-util" "9.0.4" + +"@nomicfoundation/ethereumjs-rlp@5.0.4": + version "5.0.4" + resolved "https://registry.yarnpkg.com/@nomicfoundation/ethereumjs-rlp/-/ethereumjs-rlp-5.0.4.tgz#66c95256fc3c909f6fb18f6a586475fc9762fa30" + integrity sha512-8H1S3s8F6QueOc/X92SdrA4RDenpiAEqMg5vJH99kcQaCy/a3Q6fgseo75mgWlbanGJXSlAPtnCeG9jvfTYXlw== + +"@nomicfoundation/ethereumjs-tx@5.0.4": + version "5.0.4" + resolved "https://registry.yarnpkg.com/@nomicfoundation/ethereumjs-tx/-/ethereumjs-tx-5.0.4.tgz#b0ceb58c98cc34367d40a30d255d6315b2f456da" + integrity sha512-Xjv8wAKJGMrP1f0n2PeyfFCCojHd7iS3s/Ab7qzF1S64kxZ8Z22LCMynArYsVqiFx6rzYy548HNVEyI+AYN/kw== + dependencies: + "@nomicfoundation/ethereumjs-common" "4.0.4" + "@nomicfoundation/ethereumjs-rlp" "5.0.4" + "@nomicfoundation/ethereumjs-util" "9.0.4" + ethereum-cryptography "0.1.3" + +"@nomicfoundation/ethereumjs-util@9.0.4": + version "9.0.4" + resolved "https://registry.yarnpkg.com/@nomicfoundation/ethereumjs-util/-/ethereumjs-util-9.0.4.tgz#84c5274e82018b154244c877b76bc049a4ed7b38" + integrity sha512-sLOzjnSrlx9Bb9EFNtHzK/FJFsfg2re6bsGqinFinH1gCqVfz9YYlXiMWwDM4C/L4ywuHFCYwfKTVr/QHQcU0Q== + dependencies: + "@nomicfoundation/ethereumjs-rlp" "5.0.4" + ethereum-cryptography "0.1.3" + +"@nomicfoundation/hardhat-chai-matchers@^2.0.6": + version "2.0.8" + resolved "https://registry.yarnpkg.com/@nomicfoundation/hardhat-chai-matchers/-/hardhat-chai-matchers-2.0.8.tgz#9c7cfc4ad0f0a5e9cf16aba8ab668c02f6e273aa" + integrity sha512-Z5PiCXH4xhNLASROlSUOADfhfpfhYO6D7Hn9xp8PddmHey0jq704cr6kfU8TRrQ4PUZbpfsZadPj+pCfZdjPIg== + dependencies: + "@types/chai-as-promised" "^7.1.3" + chai-as-promised "^7.1.1" + deep-eql "^4.0.1" + ordinal "^1.0.3" + +"@nomicfoundation/hardhat-ethers@^3.0.4": + version "3.0.8" + resolved "https://registry.yarnpkg.com/@nomicfoundation/hardhat-ethers/-/hardhat-ethers-3.0.8.tgz#af078f566373abeb77e11cbe69fe3dd47f8bfc27" + integrity sha512-zhOZ4hdRORls31DTOqg+GmEZM0ujly8GGIuRY7t7szEk2zW/arY1qDug/py8AEktT00v5K+b6RvbVog+va51IA== + dependencies: + debug "^4.1.1" + lodash.isequal "^4.5.0" + +"@nomicfoundation/hardhat-network-helpers@^1.0.3": + version "1.0.12" + resolved "https://registry.yarnpkg.com/@nomicfoundation/hardhat-network-helpers/-/hardhat-network-helpers-1.0.12.tgz#2c0abec0c50b75f9d0d71776e49e3b5ef746d289" + integrity sha512-xTNQNI/9xkHvjmCJnJOTyqDSl8uq1rKb2WOVmixQxFtRd7Oa3ecO8zM0cyC2YmOK+jHB9WPZ+F/ijkHg1CoORA== + dependencies: + ethereumjs-util "^7.1.4" + +"@nomicfoundation/slang@^0.18.3": + version "0.18.3" + resolved "https://registry.yarnpkg.com/@nomicfoundation/slang/-/slang-0.18.3.tgz#976b6c3820081cebf050afbea434038aac9313cc" + integrity sha512-YqAWgckqbHM0/CZxi9Nlf4hjk9wUNLC9ngWCWBiqMxPIZmzsVKYuChdlrfeBPQyvQQBoOhbx+7C1005kLVQDZQ== + dependencies: + "@bytecodealliance/preview2-shim" "0.17.0" + +"@nomicfoundation/solidity-analyzer-darwin-arm64@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-darwin-arm64/-/solidity-analyzer-darwin-arm64-0.1.2.tgz#3a9c3b20d51360b20affb8f753e756d553d49557" + integrity sha512-JaqcWPDZENCvm++lFFGjrDd8mxtf+CtLd2MiXvMNTBD33dContTZ9TWETwNFwg7JTJT5Q9HEecH7FA+HTSsIUw== + +"@nomicfoundation/solidity-analyzer-darwin-x64@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-darwin-x64/-/solidity-analyzer-darwin-x64-0.1.2.tgz#74dcfabeb4ca373d95bd0d13692f44fcef133c28" + integrity sha512-fZNmVztrSXC03e9RONBT+CiksSeYcxI1wlzqyr0L7hsQlK1fzV+f04g2JtQ1c/Fe74ZwdV6aQBdd6Uwl1052sw== + +"@nomicfoundation/solidity-analyzer-linux-arm64-gnu@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-linux-arm64-gnu/-/solidity-analyzer-linux-arm64-gnu-0.1.2.tgz#4af5849a89e5a8f511acc04f28eb5d4460ba2b6a" + integrity sha512-3d54oc+9ZVBuB6nbp8wHylk4xh0N0Gc+bk+/uJae+rUgbOBwQSfuGIbAZt1wBXs5REkSmynEGcqx6DutoK0tPA== + +"@nomicfoundation/solidity-analyzer-linux-arm64-musl@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-linux-arm64-musl/-/solidity-analyzer-linux-arm64-musl-0.1.2.tgz#54036808a9a327b2ff84446c130a6687ee702a8e" + integrity sha512-iDJfR2qf55vgsg7BtJa7iPiFAsYf2d0Tv/0B+vhtnI16+wfQeTbP7teookbGvAo0eJo7aLLm0xfS/GTkvHIucA== + +"@nomicfoundation/solidity-analyzer-linux-x64-gnu@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-linux-x64-gnu/-/solidity-analyzer-linux-x64-gnu-0.1.2.tgz#466cda0d6e43691986c944b909fc6dbb8cfc594e" + integrity sha512-9dlHMAt5/2cpWyuJ9fQNOUXFB/vgSFORg1jpjX1Mh9hJ/MfZXlDdHQ+DpFCs32Zk5pxRBb07yGvSHk9/fezL+g== + +"@nomicfoundation/solidity-analyzer-linux-x64-musl@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-linux-x64-musl/-/solidity-analyzer-linux-x64-musl-0.1.2.tgz#2b35826987a6e94444140ac92310baa088ee7f94" + integrity sha512-GzzVeeJob3lfrSlDKQw2bRJ8rBf6mEYaWY+gW0JnTDHINA0s2gPR4km5RLIj1xeZZOYz4zRw+AEeYgLRqB2NXg== + +"@nomicfoundation/solidity-analyzer-win32-x64-msvc@0.1.2": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer-win32-x64-msvc/-/solidity-analyzer-win32-x64-msvc-0.1.2.tgz#e6363d13b8709ca66f330562337dbc01ce8bbbd9" + integrity sha512-Fdjli4DCcFHb4Zgsz0uEJXZ2K7VEO+w5KVv7HmT7WO10iODdU9csC2az4jrhEsRtiR9Gfd74FlG0NYlw1BMdyA== + +"@nomicfoundation/solidity-analyzer@^0.1.0": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@nomicfoundation/solidity-analyzer/-/solidity-analyzer-0.1.2.tgz#8bcea7d300157bf3a770a851d9f5c5e2db34ac55" + integrity sha512-q4n32/FNKIhQ3zQGGw5CvPF6GTvDCpYwIf7bEY/dZTZbgfDsHyjJwURxUJf3VQuuJj+fDIFl4+KkBVbw4Ef6jA== + optionalDependencies: + "@nomicfoundation/solidity-analyzer-darwin-arm64" "0.1.2" + "@nomicfoundation/solidity-analyzer-darwin-x64" "0.1.2" + "@nomicfoundation/solidity-analyzer-linux-arm64-gnu" "0.1.2" + "@nomicfoundation/solidity-analyzer-linux-arm64-musl" "0.1.2" + "@nomicfoundation/solidity-analyzer-linux-x64-gnu" "0.1.2" + "@nomicfoundation/solidity-analyzer-linux-x64-musl" "0.1.2" + "@nomicfoundation/solidity-analyzer-win32-x64-msvc" "0.1.2" + +"@openzeppelin/docs-utils@^0.1.5": + version "0.1.5" + resolved "https://registry.yarnpkg.com/@openzeppelin/docs-utils/-/docs-utils-0.1.5.tgz#ae5b50612f84cba08006b25554dab4a05910c527" + integrity sha512-GfqXArKmdq8rv+hsP+g8uS1VEkvMIzWs31dCONffzmqFwJ+MOsaNQNZNXQnLRgUkzk8i5mTNDjJuxDy+aBZImQ== + dependencies: + "@frangio/servbot" "^0.2.5" + chalk "^3.0.0" + chokidar "^3.5.3" + env-paths "^2.2.0" + find-up "^4.1.0" + is-port-reachable "^3.0.0" + js-yaml "^3.13.1" + lodash.startcase "^4.4.0" + minimist "^1.2.0" + +"@openzeppelin/merkle-tree@^1.0.7": + version "1.0.7" + resolved "https://registry.yarnpkg.com/@openzeppelin/merkle-tree/-/merkle-tree-1.0.7.tgz#88f815df8ba39033e312e5f3dc6debeb62845916" + integrity sha512-i93t0YYv6ZxTCYU3CdO5Q+DXK0JH10A4dCBOMlzYbX+ujTXm+k1lXiEyVqmf94t3sqmv8sm/XT5zTa0+efnPgQ== + dependencies: + "@ethersproject/abi" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/constants" "^5.7.0" + "@ethersproject/keccak256" "^5.7.0" + +"@openzeppelin/upgrade-safe-transpiler@^0.3.32": + version "0.3.33" + resolved "https://registry.yarnpkg.com/@openzeppelin/upgrade-safe-transpiler/-/upgrade-safe-transpiler-0.3.33.tgz#136dd6947bb094f3078b64bf6254a8090f083317" + integrity sha512-yKdnfZtfDw0ivonZmDx1YgFJXLNHz/5+XPN7bx/9ObQYKUawmTiOcGC6BKezpphL+witvHQbMhmQbwGIyEoR8g== + dependencies: + ajv "^8.0.0" + compare-versions "^6.0.0" + ethereum-cryptography "^2.0.0" + lodash "^4.17.20" + minimatch "^9.0.0" + minimist "^1.2.5" + solidity-ast "^0.4.51" + +"@openzeppelin/upgrades-core@^1.20.6": + version "1.41.0" + resolved "https://registry.yarnpkg.com/@openzeppelin/upgrades-core/-/upgrades-core-1.41.0.tgz#3a5e044cf53acd50c392f3297e7c37e4ff8f8355" + integrity sha512-+oryinqZnxkiZvg7bWqWX4Ki/CNwVUZEqC6Elpi5PQoahpL3/6Sq9xjIozD5AiI2O61h8JHQ+A//5NtczyavJw== + dependencies: + "@nomicfoundation/slang" "^0.18.3" + cbor "^9.0.0" + chalk "^4.1.0" + compare-versions "^6.0.0" + debug "^4.1.1" + ethereumjs-util "^7.0.3" + minimatch "^9.0.5" + minimist "^1.2.7" + proper-lockfile "^4.1.1" + solidity-ast "^0.4.51" + +"@pkgjs/parseargs@^0.11.0": + version "0.11.0" + resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33" + integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== + +"@pnpm/config.env-replace@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@pnpm/config.env-replace/-/config.env-replace-1.1.0.tgz#ab29da53df41e8948a00f2433f085f54de8b3a4c" + integrity sha512-htyl8TWnKL7K/ESFa1oW2UB5lVDxuF5DpM7tBi6Hu2LNL3mWkIzNLG6N4zoCUP1lCKNxWy/3iu8mS8MvToGd6w== + +"@pnpm/network.ca-file@^1.0.1": + version "1.0.2" + resolved "https://registry.yarnpkg.com/@pnpm/network.ca-file/-/network.ca-file-1.0.2.tgz#2ab05e09c1af0cdf2fcf5035bea1484e222f7983" + integrity sha512-YcPQ8a0jwYU9bTdJDpXjMi7Brhkr1mXsXrUJvjqM2mQDgkRiz8jFaQGOdaLxgjtUfQgZhKy/O3cG/YwmgKaxLA== + dependencies: + graceful-fs "4.2.10" + +"@pnpm/npm-conf@^2.1.0": + version "2.3.1" + resolved "https://registry.yarnpkg.com/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz#bb375a571a0bd63ab0a23bece33033c683e9b6b0" + integrity sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw== + dependencies: + "@pnpm/config.env-replace" "^1.1.0" + "@pnpm/network.ca-file" "^1.0.1" + config-chain "^1.1.11" + +"@scure/base@~1.1.0", "@scure/base@~1.1.2", "@scure/base@~1.1.6": + version "1.1.9" + resolved "https://registry.yarnpkg.com/@scure/base/-/base-1.1.9.tgz#e5e142fbbfe251091f9c5f1dd4c834ac04c3dbd1" + integrity sha512-8YKhl8GHiNI/pU2VMaofa2Tor7PJRAjwQLBBuilkJ9L5+13yVbC7JO/wS7piioAvPSwR3JKM1IJ/u4xQzbcXKg== + +"@scure/bip32@1.1.5": + version "1.1.5" + resolved "https://registry.yarnpkg.com/@scure/bip32/-/bip32-1.1.5.tgz#d2ccae16dcc2e75bc1d75f5ef3c66a338d1ba300" + integrity sha512-XyNh1rB0SkEqd3tXcXMi+Xe1fvg+kUIcoRIEujP1Jgv7DqW2r9lg3Ah0NkFaCs9sTkQAQA8kw7xiRXzENi9Rtw== + dependencies: + "@noble/hashes" "~1.2.0" + "@noble/secp256k1" "~1.7.0" + "@scure/base" "~1.1.0" + +"@scure/bip32@1.3.2": + version "1.3.2" + resolved "https://registry.yarnpkg.com/@scure/bip32/-/bip32-1.3.2.tgz#90e78c027d5e30f0b22c1f8d50ff12f3fb7559f8" + integrity sha512-N1ZhksgwD3OBlwTv3R6KFEcPojl/W4ElJOeCZdi+vuI5QmTFwLq3OFf2zd2ROpKvxFdgZ6hUpb0dx9bVNEwYCA== + dependencies: + "@noble/curves" "~1.2.0" + "@noble/hashes" "~1.3.2" + "@scure/base" "~1.1.2" + +"@scure/bip32@1.4.0": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@scure/bip32/-/bip32-1.4.0.tgz#4e1f1e196abedcef395b33b9674a042524e20d67" + integrity sha512-sVUpc0Vq3tXCkDGYVWGIZTRfnvu8LoTDaev7vbwh0omSvVORONr960MQWdKqJDCReIEmTj3PAr73O3aoxz7OPg== + dependencies: + "@noble/curves" "~1.4.0" + "@noble/hashes" "~1.4.0" + "@scure/base" "~1.1.6" + +"@scure/bip39@1.1.1": + version "1.1.1" + resolved "https://registry.yarnpkg.com/@scure/bip39/-/bip39-1.1.1.tgz#b54557b2e86214319405db819c4b6a370cf340c5" + integrity sha512-t+wDck2rVkh65Hmv280fYdVdY25J9YeEUIgn2LG1WM6gxFkGzcksoDiUkWVpVp3Oex9xGC68JU2dSbUfwZ2jPg== + dependencies: + "@noble/hashes" "~1.2.0" + "@scure/base" "~1.1.0" + +"@scure/bip39@1.2.1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@scure/bip39/-/bip39-1.2.1.tgz#5cee8978656b272a917b7871c981e0541ad6ac2a" + integrity sha512-Z3/Fsz1yr904dduJD0NpiyRHhRYHdcnyh73FZWiV+/qhWi83wNJ3NWolYqCEN+ZWsUz2TWwajJggcRE9r1zUYg== + dependencies: + "@noble/hashes" "~1.3.0" + "@scure/base" "~1.1.0" + +"@scure/bip39@1.3.0": + version "1.3.0" + resolved "https://registry.yarnpkg.com/@scure/bip39/-/bip39-1.3.0.tgz#0f258c16823ddd00739461ac31398b4e7d6a18c3" + integrity sha512-disdg7gHuTDZtY+ZdkmLpPCk7fxZSu3gBiEGuoC1XYxv9cGx3Z6cpTggCgW6odSOOIXCiDjuGejW+aJKCY/pIQ== + dependencies: + "@noble/hashes" "~1.4.0" + "@scure/base" "~1.1.6" + +"@sentry/core@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/core/-/core-5.30.0.tgz#6b203664f69e75106ee8b5a2fe1d717379b331f3" + integrity sha512-TmfrII8w1PQZSZgPpUESqjB+jC6MvZJZdLtE/0hZ+SrnKhW3x5WlYLvTXZpcWePYBku7rl2wn1RZu6uT0qCTeg== + dependencies: + "@sentry/hub" "5.30.0" + "@sentry/minimal" "5.30.0" + "@sentry/types" "5.30.0" + "@sentry/utils" "5.30.0" + tslib "^1.9.3" + +"@sentry/hub@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-5.30.0.tgz#2453be9b9cb903404366e198bd30c7ca74cdc100" + integrity sha512-2tYrGnzb1gKz2EkMDQcfLrDTvmGcQPuWxLnJKXJvYTQDGLlEvi2tWz1VIHjunmOvJrB5aIQLhm+dcMRwFZDCqQ== + dependencies: + "@sentry/types" "5.30.0" + "@sentry/utils" "5.30.0" + tslib "^1.9.3" + +"@sentry/minimal@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/minimal/-/minimal-5.30.0.tgz#ce3d3a6a273428e0084adcb800bc12e72d34637b" + integrity sha512-BwWb/owZKtkDX+Sc4zCSTNcvZUq7YcH3uAVlmh/gtR9rmUvbzAA3ewLuB3myi4wWRAMEtny6+J/FN/x+2wn9Xw== + dependencies: + "@sentry/hub" "5.30.0" + "@sentry/types" "5.30.0" + tslib "^1.9.3" + +"@sentry/node@^5.18.1": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/node/-/node-5.30.0.tgz#4ca479e799b1021285d7fe12ac0858951c11cd48" + integrity sha512-Br5oyVBF0fZo6ZS9bxbJZG4ApAjRqAnqFFurMVJJdunNb80brh7a5Qva2kjhm+U6r9NJAB5OmDyPkA1Qnt+QVg== + dependencies: + "@sentry/core" "5.30.0" + "@sentry/hub" "5.30.0" + "@sentry/tracing" "5.30.0" + "@sentry/types" "5.30.0" + "@sentry/utils" "5.30.0" + cookie "^0.4.1" + https-proxy-agent "^5.0.0" + lru_map "^0.3.3" + tslib "^1.9.3" + +"@sentry/tracing@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-5.30.0.tgz#501d21f00c3f3be7f7635d8710da70d9419d4e1f" + integrity sha512-dUFowCr0AIMwiLD7Fs314Mdzcug+gBVo/+NCMyDw8tFxJkwWAKl7Qa2OZxLQ0ZHjakcj1hNKfCQJ9rhyfOl4Aw== + dependencies: + "@sentry/hub" "5.30.0" + "@sentry/minimal" "5.30.0" + "@sentry/types" "5.30.0" + "@sentry/utils" "5.30.0" + tslib "^1.9.3" + +"@sentry/types@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/types/-/types-5.30.0.tgz#19709bbe12a1a0115bc790b8942917da5636f402" + integrity sha512-R8xOqlSTZ+htqrfteCWU5Nk0CDN5ApUTvrlvBuiH1DyP6czDZ4ktbZB0hAgBlVcK0U+qpD3ag3Tqqpa5Q67rPw== + +"@sentry/utils@5.30.0": + version "5.30.0" + resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-5.30.0.tgz#9a5bd7ccff85ccfe7856d493bffa64cabc41e980" + integrity sha512-zaYmoH0NWWtvnJjC9/CBseXMtKHm/tm40sz3YfJRxeQjyzRqNQPgivpd9R/oDJCYj999mzdW382p/qi2ypjLww== + dependencies: + "@sentry/types" "5.30.0" + tslib "^1.9.3" + +"@sindresorhus/is@^5.2.0": + version "5.6.0" + resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-5.6.0.tgz#41dd6093d34652cddb5d5bdeee04eafc33826668" + integrity sha512-TV7t8GKYaJWsn00tFDqBw8+Uqmr8A0fRU1tvTQhyZzGv0sJCGRQL3JGMI3ucuKo3XIZdUP+Lx7/gh2t3lewy7g== + +"@solidity-parser/parser@^0.19.0": + version "0.19.0" + resolved "https://registry.yarnpkg.com/@solidity-parser/parser/-/parser-0.19.0.tgz#37a8983b2725af9b14ff8c4a475fa0e98d773c3f" + integrity sha512-RV16k/qIxW/wWc+mLzV3ARyKUaMUTBy9tOLMzFhtNSKYeTAanQ3a5MudJKf/8arIFnA2L27SNjarQKmFg0w/jA== + +"@szmarczak/http-timer@^5.0.1": + version "5.0.1" + resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-5.0.1.tgz#c7c1bf1141cdd4751b0399c8fc7b8b664cd5be3a" + integrity sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw== + dependencies: + defer-to-connect "^2.0.1" + +"@types/bn.js@^4.11.3": + version "4.11.6" + resolved "https://registry.yarnpkg.com/@types/bn.js/-/bn.js-4.11.6.tgz#c306c70d9358aaea33cd4eda092a742b9505967c" + integrity sha512-pqr857jrp2kPuO9uRjZ3PwnJTjoQy+fcdxvBTvHm6dkmEL9q+hDD/2j/0ELOBPtPnS8LjCX0gI9nbl8lVkadpg== + dependencies: + "@types/node" "*" + +"@types/bn.js@^5.1.0": + version "5.1.6" + resolved "https://registry.yarnpkg.com/@types/bn.js/-/bn.js-5.1.6.tgz#9ba818eec0c85e4d3c679518428afdf611d03203" + integrity sha512-Xh8vSwUeMKeYYrj3cX4lGQgFSF/N03r+tv4AiLl1SucqV+uTQpxRcnM8AkXKHwYP9ZPXOYXRr2KPXpVlIvqh9w== + dependencies: + "@types/node" "*" + +"@types/chai-as-promised@^7.1.3": + version "7.1.8" + resolved "https://registry.yarnpkg.com/@types/chai-as-promised/-/chai-as-promised-7.1.8.tgz#f2b3d82d53c59626b5d6bbc087667ccb4b677fe9" + integrity sha512-ThlRVIJhr69FLlh6IctTXFkmhtP3NpMZ2QGq69StYLyKZFp/HOp1VdKZj7RvfNWYYcJ1xlbLGLLWj1UvP5u/Gw== + dependencies: + "@types/chai" "*" + +"@types/chai@*": + version "5.0.1" + resolved "https://registry.yarnpkg.com/@types/chai/-/chai-5.0.1.tgz#2c3705555cf11f5f59c836a84c44afcfe4e5689d" + integrity sha512-5T8ajsg3M/FOncpLYW7sdOcD6yf4+722sze/tc4KQV0P8Z2rAr3SAuHCIkYmYpt8VbcQlnz8SxlOlPQYefe4cA== + dependencies: + "@types/deep-eql" "*" + +"@types/deep-eql@*": + version "4.0.2" + resolved "https://registry.yarnpkg.com/@types/deep-eql/-/deep-eql-4.0.2.tgz#334311971d3a07121e7eb91b684a605e7eea9cbd" + integrity sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw== + +"@types/glob@^7.1.1": + version "7.2.0" + resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.2.0.tgz#bc1b5bf3aa92f25bd5dd39f35c57361bdce5b2eb" + integrity sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA== + dependencies: + "@types/minimatch" "*" + "@types/node" "*" + +"@types/http-cache-semantics@^4.0.2": + version "4.0.4" + resolved "https://registry.yarnpkg.com/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz#b979ebad3919799c979b17c72621c0bc0a31c6c4" + integrity sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA== + +"@types/lru-cache@^5.1.0": + version "5.1.1" + resolved "https://registry.yarnpkg.com/@types/lru-cache/-/lru-cache-5.1.1.tgz#c48c2e27b65d2a153b19bfc1a317e30872e01eef" + integrity sha512-ssE3Vlrys7sdIzs5LOxCzTVMsU7i9oa/IaW92wF32JFb3CVczqOkru2xspuKczHEbG3nvmPY7IFqVmGGHdNbYw== + +"@types/minimatch@*": + version "5.1.2" + resolved "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-5.1.2.tgz#07508b45797cb81ec3f273011b054cd0755eddca" + integrity sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA== + +"@types/node@*": + version "22.10.7" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.7.tgz#14a1ca33fd0ebdd9d63593ed8d3fbc882a6d28d7" + integrity sha512-V09KvXxFiutGp6B7XkpaDXlNadZxrzajcY50EuoLIpQ6WWYCSvf19lVIazzfIzQvhUN2HjX12spLojTnhuKlGg== + dependencies: + undici-types "~6.20.0" + +"@types/node@22.7.5": + version "22.7.5" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.7.5.tgz#cfde981727a7ab3611a481510b473ae54442b92b" + integrity sha512-jML7s2NAzMWc//QSJ1a3prpk78cOPchGvXJsC3C6R6PSMoooztvRVQEz89gmBTBY1SPMaqo5teB4uNHPdetShQ== + dependencies: + undici-types "~6.19.2" + +"@types/node@^12.7.1": + version "12.20.55" + resolved "https://registry.yarnpkg.com/@types/node/-/node-12.20.55.tgz#c329cbd434c42164f846b909bd6f85b5537f6240" + integrity sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ== + +"@types/pbkdf2@^3.0.0": + version "3.1.2" + resolved "https://registry.yarnpkg.com/@types/pbkdf2/-/pbkdf2-3.1.2.tgz#2dc43808e9985a2c69ff02e2d2027bd4fe33e8dc" + integrity sha512-uRwJqmiXmh9++aSu1VNEn3iIxWOhd8AHXNSdlaLfdAAdSTY9jYVeGWnzejM3dvrkbqE3/hyQkQQ29IFATEGlew== + dependencies: + "@types/node" "*" + +"@types/secp256k1@^4.0.1": + version "4.0.6" + resolved "https://registry.yarnpkg.com/@types/secp256k1/-/secp256k1-4.0.6.tgz#d60ba2349a51c2cbc5e816dcd831a42029d376bf" + integrity sha512-hHxJU6PAEUn0TP4S/ZOzuTUvJWuZ6eIKeNKb5RBpODvSl6hp1Wrw4s7ATY50rklRCScUDpHzVA/DQdSjJ3UoYQ== + dependencies: + "@types/node" "*" + +"@ungap/structured-clone@^1.2.0": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@ungap/structured-clone/-/structured-clone-1.2.1.tgz#28fa185f67daaf7b7a1a8c1d445132c5d979f8bd" + integrity sha512-fEzPV3hSkSMltkw152tJKNARhOupqbH96MZWyRjNaYZOMIzbrTeQDG+MTc6Mr2pgzFQzFxAfmhGDNP5QK++2ZA== + +abbrev@1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8" + integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q== + +abbrev@1.0.x: + version "1.0.9" + resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.0.9.tgz#91b4792588a7738c25f35dd6f63752a2f8776135" + integrity sha512-LEyx4aLEC3x6T0UguF6YILf+ntvmOaWsVfENmIW0E9H09vKlLDGelMjjSm0jkDHALj8A8quZ/HapKNigzwge+Q== + +abitype@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/abitype/-/abitype-1.0.0.tgz#237176dace81d90d018bebf3a45cb42f2a2d9e97" + integrity sha512-NMeMah//6bJ56H5XRj8QCV4AwuW6hB6zqz2LnhhLdcWVQOsXki6/Pn3APeqxCma62nXIcmZWdu1DlHWS74umVQ== + +acorn-jsx@^5.3.2: + version "5.3.2" + resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937" + integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ== + +acorn@^8.9.0: + version "8.14.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.14.0.tgz#063e2c70cac5fb4f6467f0b11152e04c682795b0" + integrity sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA== + +adm-zip@^0.4.16: + version "0.4.16" + resolved "https://registry.yarnpkg.com/adm-zip/-/adm-zip-0.4.16.tgz#cf4c508fdffab02c269cbc7f471a875f05570365" + integrity sha512-TFi4HBKSGfIKsK5YCkKaaFG2m4PEDyViZmEwof3MTIgzimHLto6muaHVpbrljdIvIrFZzEq/p4nafOeLcYegrg== + +aes-js@4.0.0-beta.5: + version "4.0.0-beta.5" + resolved "https://registry.yarnpkg.com/aes-js/-/aes-js-4.0.0-beta.5.tgz#8d2452c52adedebc3a3e28465d858c11ca315873" + integrity sha512-G965FqalsNyrPqgEGON7nIx1e/OVENSgiEIzyC63haUMuvNnwIgIjMs52hlTCKhkBny7A2ORNlfY9Zu+jmGk1Q== + +agent-base@6: + version "6.0.2" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77" + integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug "4" + +aggregate-error@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/aggregate-error/-/aggregate-error-3.1.0.tgz#92670ff50f5359bdb7a3e0d40d0ec30c5737687a" + integrity sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA== + dependencies: + clean-stack "^2.0.0" + indent-string "^4.0.0" + +ajv@^6.12.4, ajv@^6.12.6: + version "6.12.6" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" + integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== + dependencies: + fast-deep-equal "^3.1.1" + fast-json-stable-stringify "^2.0.0" + json-schema-traverse "^0.4.1" + uri-js "^4.2.2" + +ajv@^8.0.0, ajv@^8.0.1: + version "8.17.1" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + +amdefine@>=0.0.4: + version "1.0.1" + resolved "https://registry.yarnpkg.com/amdefine/-/amdefine-1.0.1.tgz#4a5282ac164729e93619bcfd3ad151f817ce91f5" + integrity sha512-S2Hw0TtNkMJhIabBwIojKL9YHO5T0n5eNqWJ7Lrlel/zDbftQpxpapi8tZs3X1HWa+u+QeydGmzzNU0m09+Rcg== + +ansi-align@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-3.0.1.tgz#0cdf12e111ace773a86e9a1fad1225c43cb19a59" + integrity sha512-IOfwwBF5iczOjp/WeY4YxyjqAFMQoZufdQWDd19SEExbVLNXqvpzSJ/M7Za4/sCPmQ0+GRquoA7bGcINcxew6w== + dependencies: + string-width "^4.1.0" + +ansi-colors@^4.1.1, ansi-colors@^4.1.3: + version "4.1.3" + resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-4.1.3.tgz#37611340eb2243e70cc604cad35d63270d48781b" + integrity sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw== + +ansi-escapes@^4.3.0: + version "4.3.2" + resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e" + integrity sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ== + dependencies: + type-fest "^0.21.3" + +ansi-regex@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" + integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== + +ansi-regex@^6.0.1: + version "6.1.0" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-6.1.0.tgz#95ec409c69619d6cb1b8b34f14b660ef28ebd654" + integrity sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA== + +ansi-styles@^3.2.1: + version "3.2.1" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d" + integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== + dependencies: + color-convert "^1.9.0" + +ansi-styles@^4.0.0, ansi-styles@^4.1.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937" + integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== + dependencies: + color-convert "^2.0.1" + +ansi-styles@^6.1.0: + version "6.2.1" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-6.2.1.tgz#0e62320cf99c21afff3b3012192546aacbfb05c5" + integrity sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug== + +antlr4@^4.13.1-patch-1: + version "4.13.2" + resolved "https://registry.yarnpkg.com/antlr4/-/antlr4-4.13.2.tgz#0d084ad0e32620482a9c3a0e2470c02e72e4006d" + integrity sha512-QiVbZhyy4xAZ17UPEuG3YTOt8ZaoeOR1CvEAqrEsDBsOqINslaB147i9xqljZqoyf5S+EUlGStaj+t22LT9MOg== + +anymatch@~3.1.2: + version "3.1.3" + resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" + integrity sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== + dependencies: + normalize-path "^3.0.0" + picomatch "^2.0.4" + +argparse@^1.0.7: + version "1.0.10" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" + integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg== + dependencies: + sprintf-js "~1.0.2" + +argparse@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== + +array-union@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d" + integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw== + +assertion-error@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/assertion-error/-/assertion-error-1.1.0.tgz#e60b6b0e8f301bd97e5375215bda406c85118c0b" + integrity sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw== + +ast-parents@^0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/ast-parents/-/ast-parents-0.0.1.tgz#508fd0f05d0c48775d9eccda2e174423261e8dd3" + integrity sha512-XHusKxKz3zoYk1ic8Un640joHbFMhbqneyoZfoKnEGtf2ey9Uh/IdpcQplODdO/kENaMIWsD0nJm4+wX3UNLHA== + +astral-regex@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31" + integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ== + +async@1.x: + version "1.5.2" + resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" + integrity sha512-nSVgobk4rv61R9PUSDtYt7mPVB2olxNR5RWJcAsH676/ef11bUZwvu7+RGYrYauVdDPcO519v68wRhXQtxsV9w== + +asynckit@^0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" + integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== + +axios@^1.6.7: + version "1.7.9" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.9.tgz#d7d071380c132a24accda1b2cfc1535b79ec650a" + integrity sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw== + dependencies: + follow-redirects "^1.15.6" + form-data "^4.0.0" + proxy-from-env "^1.1.0" + +balanced-match@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" + integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== + +base-x@^3.0.2: + version "3.0.10" + resolved "https://registry.yarnpkg.com/base-x/-/base-x-3.0.10.tgz#62de58653f8762b5d6f8d9fe30fa75f7b2585a75" + integrity sha512-7d0s06rR9rYaIWHkpfLIFICM/tkSVdoPC9qYAQRpxn9DdKNWNsKC0uk++akckyLq16Tx2WIinnZ6WRriAt6njQ== + dependencies: + safe-buffer "^5.0.1" + +better-path-resolve@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/better-path-resolve/-/better-path-resolve-1.0.0.tgz#13a35a1104cdd48a7b74bf8758f96a1ee613f99d" + integrity sha512-pbnl5XzGBdrFU/wT4jqmJVPn2B6UHPBOhzMQkY/SPUPB6QtUXtmBHBIwCbXJol93mOpGMnQyP/+BB19q04xj7g== + dependencies: + is-windows "^1.0.0" + +binary-extensions@^2.0.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" + integrity sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== + +blakejs@^1.1.0: + version "1.2.1" + resolved "https://registry.yarnpkg.com/blakejs/-/blakejs-1.2.1.tgz#5057e4206eadb4a97f7c0b6e197a505042fc3814" + integrity sha512-QXUSXI3QVc/gJME0dBpXrag1kbzOqCjCX8/b54ntNyW6sjtoqxqRk3LTmXzaJoh71zMsDCjM+47jS7XiwN/+fQ== + +bn.js@4.11.6: + version "4.11.6" + resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.6.tgz#53344adb14617a13f6e8dd2ce28905d1c0ba3215" + integrity sha512-XWwnNNFCuuSQ0m3r3C4LE3EiORltHd9M05pq6FOlVeiophzRbMo50Sbz1ehl8K3Z+jw9+vmgnXefY1hz8X+2wA== + +bn.js@^4.11.0, bn.js@^4.11.8, bn.js@^4.11.9: + version "4.12.1" + resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.1.tgz#215741fe3c9dba2d7e12c001d0cfdbae43975ba7" + integrity sha512-k8TVBiPkPJT9uHLdOKfFpqcfprwBFOAAXXozRubr7R7PfIuKvQlzcI4M0pALeqXN09vdaMbUdUj+pass+uULAg== + +bn.js@^5.1.2, bn.js@^5.2.0, bn.js@^5.2.1: + version "5.2.1" + resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.2.1.tgz#0bc527a6a0d18d0aa8d5b0538ce4a77dccfa7b70" + integrity sha512-eXRvHzWyYPBuB4NBy0cmYQjGitUrtqwbvlzP3G6VFnNRbsZQIxQ10PbKKHt8gZ/HW/D/747aDl+QkDqg3KQLMQ== + +boxen@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/boxen/-/boxen-5.1.2.tgz#788cb686fc83c1f486dfa8a40c68fc2b831d2b50" + integrity sha512-9gYgQKXx+1nP8mP7CzFyaUARhg7D3n1dF/FnErWmu9l6JvGpNUN278h0aSb+QjoiKSWG+iZ3uHrcqk0qrY9RQQ== + dependencies: + ansi-align "^3.0.0" + camelcase "^6.2.0" + chalk "^4.1.0" + cli-boxes "^2.2.1" + string-width "^4.2.2" + type-fest "^0.20.2" + widest-line "^3.1.0" + wrap-ansi "^7.0.0" + +brace-expansion@^1.1.7: + version "1.1.11" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" + integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA== + dependencies: + balanced-match "^1.0.0" + concat-map "0.0.1" + +brace-expansion@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.1.tgz#1edc459e0f0c548486ecf9fc99f2221364b9a0ae" + integrity sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA== + dependencies: + balanced-match "^1.0.0" + +braces@^3.0.3, braces@~3.0.2: + version "3.0.3" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" + integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== + dependencies: + fill-range "^7.1.1" + +brorand@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f" + integrity sha512-cKV8tMCEpQs4hK/ik71d6LrPOnpkpGBR0wzxqr68g2m/LB2GxVYQroAjMJZRVM1Y4BCjCKc3vAamxSzOY2RP+w== + +brotli-wasm@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/brotli-wasm/-/brotli-wasm-2.0.1.tgz#2b3f4dc3db0c3e60d2635c055e6bac4ddf4bd3f5" + integrity sha512-+3USgYsC7bzb5yU0/p2HnnynZl0ak0E6uoIm4UW4Aby/8s8HFCq6NCfrrf1E9c3O8OCSzq3oYO1tUVqIi61Nww== + +browser-stdout@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" + integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== + +browserify-aes@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.2.0.tgz#326734642f403dabc3003209853bb70ad428ef48" + integrity sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA== + dependencies: + buffer-xor "^1.0.3" + cipher-base "^1.0.0" + create-hash "^1.1.0" + evp_bytestokey "^1.0.3" + inherits "^2.0.1" + safe-buffer "^5.0.1" + +bs58@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/bs58/-/bs58-4.0.1.tgz#be161e76c354f6f788ae4071f63f34e8c4f0a42a" + integrity sha512-Ok3Wdf5vOIlBrgCvTq96gBkJw+JUEzdBgyaza5HLtPm7yTHkjRy8+JzNyHF7BHa0bNWOQIp3m5YF0nnFcOIKLw== + dependencies: + base-x "^3.0.2" + +bs58check@^2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/bs58check/-/bs58check-2.1.2.tgz#53b018291228d82a5aa08e7d796fdafda54aebfc" + integrity sha512-0TS1jicxdU09dwJMNZtVAfzPi6Q6QeN0pM1Fkzrjn+XYHvzMKPU3pHVpva+769iNVSfIYWf7LJ6WR+BuuMf8cA== + dependencies: + bs58 "^4.0.0" + create-hash "^1.1.0" + safe-buffer "^5.1.2" + +buffer-from@^1.0.0: + version "1.1.2" + resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" + integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== + +buffer-xor@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9" + integrity sha512-571s0T7nZWK6vB67HI5dyUF7wXiNcfaPPPTl6zYCNApANjIvYJTg7hlud/+cJpdAhS7dVzqMLmfhfHR3rAcOjQ== + +bytes@3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5" + integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg== + +cacheable-lookup@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz#3476a8215d046e5a3202a9209dd13fec1f933a27" + integrity sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w== + +cacheable-request@^10.2.8: + version "10.2.14" + resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-10.2.14.tgz#eb915b665fda41b79652782df3f553449c406b9d" + integrity sha512-zkDT5WAF4hSSoUgyfg5tFIxz8XQK+25W/TLVojJTMKBaxevLBBtLxgqguAuVQB8PVW79FVjHcU+GJ9tVbDZ9mQ== + dependencies: + "@types/http-cache-semantics" "^4.0.2" + get-stream "^6.0.1" + http-cache-semantics "^4.1.1" + keyv "^4.5.3" + mimic-response "^4.0.0" + normalize-url "^8.0.0" + responselike "^3.0.0" + +callsites@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" + integrity sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ== + +camelcase@^6.0.0, camelcase@^6.2.0: + version "6.3.0" + resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a" + integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== + +cbor@^9.0.0: + version "9.0.2" + resolved "https://registry.yarnpkg.com/cbor/-/cbor-9.0.2.tgz#536b4f2d544411e70ec2b19a2453f10f83cd9fdb" + integrity sha512-JPypkxsB10s9QOWwa6zwPzqE1Md3vqpPc+cai4sAecuCsRyAtAl/pMyhPlMbT/xtPnm2dznJZYRLui57qiRhaQ== + dependencies: + nofilter "^3.1.0" + +chai-as-promised@^7.1.1: + version "7.1.2" + resolved "https://registry.yarnpkg.com/chai-as-promised/-/chai-as-promised-7.1.2.tgz#70cd73b74afd519754161386421fb71832c6d041" + integrity sha512-aBDHZxRzYnUYuIAIPBH2s511DjlKPzXNlXSGFC8CwmroWQLfrW0LtE1nK3MAwwNhJPa9raEjNCmRoFpG0Hurdw== + dependencies: + check-error "^1.0.2" + +chai@^4.2.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/chai/-/chai-4.5.0.tgz#707e49923afdd9b13a8b0b47d33d732d13812fd8" + integrity sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw== + dependencies: + assertion-error "^1.1.0" + check-error "^1.0.3" + deep-eql "^4.1.3" + get-func-name "^2.0.2" + loupe "^2.3.6" + pathval "^1.1.1" + type-detect "^4.1.0" + +chalk@4.1.2, chalk@^4.0.0, chalk@^4.1.0, chalk@^4.1.2: + version "4.1.2" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01" + integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA== + dependencies: + ansi-styles "^4.1.0" + supports-color "^7.1.0" + +chalk@^2.4.2: + version "2.4.2" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" + integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== + dependencies: + ansi-styles "^3.2.1" + escape-string-regexp "^1.0.5" + supports-color "^5.3.0" + +chalk@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-3.0.0.tgz#3f73c2bf526591f574cc492c51e2456349f844e4" + integrity sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg== + dependencies: + ansi-styles "^4.1.0" + supports-color "^7.1.0" + +chardet@^0.7.0: + version "0.7.0" + resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e" + integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA== + +"charenc@>= 0.0.1": + version "0.0.2" + resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667" + integrity sha512-yrLQ/yVUFXkzg7EDQsPieE/53+0RlaWTs+wBrvW36cyilJ2SaDWfl4Yj7MtLTXleV9uEKefbAGUPv2/iWSooRA== + +check-error@^1.0.2, check-error@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.3.tgz#a6502e4312a7ee969f646e83bb3ddd56281bd694" + integrity sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg== + dependencies: + get-func-name "^2.0.2" + +chokidar@^3.5.3: + version "3.6.0" + resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b" + integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== + dependencies: + anymatch "~3.1.2" + braces "~3.0.2" + glob-parent "~5.1.2" + is-binary-path "~2.1.0" + is-glob "~4.0.1" + normalize-path "~3.0.0" + readdirp "~3.6.0" + optionalDependencies: + fsevents "~2.3.2" + +chokidar@^4.0.0: + version "4.0.3" + resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-4.0.3.tgz#7be37a4c03c9aee1ecfe862a4a23b2c70c205d30" + integrity sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA== + dependencies: + readdirp "^4.0.1" + +ci-info@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-2.0.0.tgz#67a9e964be31a51e15e5010d58e6f12834002f46" + integrity sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ== + +ci-info@^3.7.0: + version "3.9.0" + resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4" + integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ== + +cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3: + version "1.0.6" + resolved "https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.6.tgz#8fe672437d01cd6c4561af5334e0cc50ff1955f7" + integrity sha512-3Ek9H3X6pj5TgenXYtNWdaBon1tgYCaebd+XPg0keyjEbEfkD4KkmAxkQ/i1vYvxdcT5nscLBfq9VJRmCBcFSw== + dependencies: + inherits "^2.0.4" + safe-buffer "^5.2.1" + +clean-stack@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/clean-stack/-/clean-stack-2.2.0.tgz#ee8472dbb129e727b31e8a10a427dee9dfe4008b" + integrity sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A== + +cli-boxes@^2.2.1: + version "2.2.1" + resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.1.tgz#ddd5035d25094fce220e9cab40a45840a440318f" + integrity sha512-y4coMcylgSCdVinjiDBuR8PCC2bLjyGTwEmPb9NHR/QaNU6EUOXcTY/s6VjGMD6ENSEaeQYHCY0GNGS5jfMwPw== + +cli-table3@^0.6.3: + version "0.6.5" + resolved "https://registry.yarnpkg.com/cli-table3/-/cli-table3-0.6.5.tgz#013b91351762739c16a9567c21a04632e449bf2f" + integrity sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ== + dependencies: + string-width "^4.2.0" + optionalDependencies: + "@colors/colors" "1.5.0" + +cliui@^7.0.2: + version "7.0.4" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-7.0.4.tgz#a0265ee655476fc807aea9df3df8df7783808b4f" + integrity sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ== + dependencies: + string-width "^4.2.0" + strip-ansi "^6.0.0" + wrap-ansi "^7.0.0" + +cliui@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa" + integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== + dependencies: + string-width "^4.2.0" + strip-ansi "^6.0.1" + wrap-ansi "^7.0.0" + +color-convert@^1.9.0: + version "1.9.3" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8" + integrity sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg== + dependencies: + color-name "1.1.3" + +color-convert@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== + dependencies: + color-name "~1.1.4" + +color-name@1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25" + integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== + +color-name@~1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2" + integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + +combined-stream@^1.0.8: + version "1.0.8" + resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f" + integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg== + dependencies: + delayed-stream "~1.0.0" + +command-exists@^1.2.8: + version "1.2.9" + resolved "https://registry.yarnpkg.com/command-exists/-/command-exists-1.2.9.tgz#c50725af3808c8ab0260fd60b01fbfa25b954f69" + integrity sha512-LTQ/SGc+s0Xc0Fu5WaKnR0YiygZkm9eKFvyS+fRsU7/ZWFF8ykFM6Pc9aCVf1+xasOOZpO3BAVgVrKvsqKHV7w== + +commander@^10.0.0: + version "10.0.1" + resolved "https://registry.yarnpkg.com/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06" + integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== + +commander@^8.1.0: + version "8.3.0" + resolved "https://registry.yarnpkg.com/commander/-/commander-8.3.0.tgz#4837ea1b2da67b9c616a67afbb0fafee567bca66" + integrity sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww== + +compare-versions@^6.0.0: + version "6.1.1" + resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.1.tgz#7af3cc1099ba37d244b3145a9af5201b629148a9" + integrity sha512-4hm4VPpIecmlg59CHXnRDnqGplJFrbLG4aFEl5vl6cK1u76ws3LLvX7ikFnTDl5vo39sjWD6AaDPYodJp/NNHg== + +concat-map@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" + integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg== + +config-chain@^1.1.11: + version "1.1.13" + resolved "https://registry.yarnpkg.com/config-chain/-/config-chain-1.1.13.tgz#fad0795aa6a6cdaff9ed1b68e9dff94372c232f4" + integrity sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ== + dependencies: + ini "^1.3.4" + proto-list "~1.2.1" + +cookie@^0.4.1: + version "0.4.2" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432" + integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA== + +cosmiconfig@^8.0.0: + version "8.3.6" + resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-8.3.6.tgz#060a2b871d66dba6c8538ea1118ba1ac16f5fae3" + integrity sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA== + dependencies: + import-fresh "^3.3.0" + js-yaml "^4.1.0" + parse-json "^5.2.0" + path-type "^4.0.0" + +create-hash@^1.1.0, create-hash@^1.1.2, create-hash@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196" + integrity sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg== + dependencies: + cipher-base "^1.0.1" + inherits "^2.0.1" + md5.js "^1.3.4" + ripemd160 "^2.0.1" + sha.js "^2.4.0" + +create-hmac@^1.1.4, create-hmac@^1.1.7: + version "1.1.7" + resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff" + integrity sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg== + dependencies: + cipher-base "^1.0.3" + create-hash "^1.1.0" + inherits "^2.0.1" + ripemd160 "^2.0.0" + safe-buffer "^5.0.1" + sha.js "^2.4.8" + +cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.5: + version "7.0.6" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f" + integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== + dependencies: + path-key "^3.1.0" + shebang-command "^2.0.0" + which "^2.0.1" + +"crypt@>= 0.0.1": + version "0.0.2" + resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b" + integrity sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow== + +dataloader@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/dataloader/-/dataloader-1.4.0.tgz#bca11d867f5d3f1b9ed9f737bd15970c65dff5c8" + integrity sha512-68s5jYdlvasItOJnCuI2Q9s4q98g0pCyL3HrcKJu8KNugUl8ahgmZYg38ysLTgQjjXX3H8CJLkAvWrclWfcalw== + +death@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/death/-/death-1.1.0.tgz#01aa9c401edd92750514470b8266390c66c67318" + integrity sha512-vsV6S4KVHvTGxbEcij7hkWRv0It+sGGWVOM67dQde/o5Xjnr+KmLjxWJii2uEObIrt1CcM9w0Yaovx+iOlIL+w== + +debug@4, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, debug@^4.3.5: + version "4.4.0" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.0.tgz#2b3f2aea2ffeb776477460267377dc8710faba8a" + integrity sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA== + dependencies: + ms "^2.1.3" + +decamelize@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-4.0.0.tgz#aa472d7bf660eb15f3494efd531cab7f2a709837" + integrity sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ== + +decompress-response@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" + integrity sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ== + dependencies: + mimic-response "^3.1.0" + +deep-eql@^4.0.1, deep-eql@^4.1.3: + version "4.1.4" + resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-4.1.4.tgz#d0d3912865911bb8fac5afb4e3acfa6a28dc72b7" + integrity sha512-SUwdGfqdKOwxCPeVYjwSyRpJ7Z+fhpwIAtmCUdZIWZ/YP5R9WAsyuSgpLVDi9bjWoN2LXHNss/dk3urXtdQxGg== + dependencies: + type-detect "^4.0.0" + +deep-extend@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac" + integrity sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA== + +deep-is@^0.1.3, deep-is@~0.1.3: + version "0.1.4" + resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831" + integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ== + +defer-to-connect@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-2.0.1.tgz#8016bdb4143e4632b77a3449c6236277de520587" + integrity sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg== + +delayed-stream@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" + integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== + +depd@2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df" + integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== + +detect-indent@^6.0.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/detect-indent/-/detect-indent-6.1.0.tgz#592485ebbbf6b3b1ab2be175c8393d04ca0d57e6" + integrity sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA== + +diff@^5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531" + integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A== + +difflib@^0.2.4: + version "0.2.4" + resolved "https://registry.yarnpkg.com/difflib/-/difflib-0.2.4.tgz#b5e30361a6db023176d562892db85940a718f47e" + integrity sha512-9YVwmMb0wQHQNr5J9m6BSj6fk4pfGITGQOOs+D9Fl+INODWFOfvhIU1hNv6GgR1RBoC/9NJcwu77zShxV0kT7w== + dependencies: + heap ">= 0.2.0" + +dir-glob@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f" + integrity sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA== + dependencies: + path-type "^4.0.0" + +doctrine@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-3.0.0.tgz#addebead72a6574db783639dc87a121773973961" + integrity sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w== + dependencies: + esutils "^2.0.2" + +dotenv@^8.1.0: + version "8.6.0" + resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-8.6.0.tgz#061af664d19f7f4d8fc6e4ff9b584ce237adcb8b" + integrity sha512-IrPdXQsk2BbzvCBGBOTmmSH5SodmqZNt4ERAZDmW4CT+tL8VtvinqywuANaFu4bOMWki16nqf0e4oC0QIaDr/g== + +eastasianwidth@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" + integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== + +elliptic@6.5.4: + version "6.5.4" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb" + integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ== + dependencies: + bn.js "^4.11.9" + brorand "^1.1.0" + hash.js "^1.0.0" + hmac-drbg "^1.0.1" + inherits "^2.0.4" + minimalistic-assert "^1.0.1" + minimalistic-crypto-utils "^1.0.1" + +elliptic@^6.5.2, elliptic@^6.5.7: + version "6.6.1" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.1.tgz#3b8ffb02670bf69e382c7f65bf524c97c5405c06" + integrity sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g== + dependencies: + bn.js "^4.11.9" + brorand "^1.1.0" + hash.js "^1.0.0" + hmac-drbg "^1.0.1" + inherits "^2.0.4" + minimalistic-assert "^1.0.1" + minimalistic-crypto-utils "^1.0.1" + +emoji-regex@^8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" + integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== + +emoji-regex@^9.2.2: + version "9.2.2" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" + integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== + +enquirer@^2.3.0, enquirer@^2.4.1: + version "2.4.1" + resolved "https://registry.yarnpkg.com/enquirer/-/enquirer-2.4.1.tgz#93334b3fbd74fc7097b224ab4a8fb7e40bf4ae56" + integrity sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ== + dependencies: + ansi-colors "^4.1.1" + strip-ansi "^6.0.1" + +env-paths@^2.2.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.1.tgz#420399d416ce1fbe9bc0a07c62fa68d67fd0f8f2" + integrity sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A== + +error-ex@^1.3.1: + version "1.3.2" + resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf" + integrity sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g== + dependencies: + is-arrayish "^0.2.1" + +escalade@^3.1.1: + version "3.2.0" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5" + integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== + +escape-string-regexp@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" + integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg== + +escape-string-regexp@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" + integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== + +escodegen@1.8.x: + version "1.8.1" + resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.8.1.tgz#5a5b53af4693110bebb0867aa3430dd3b70a1018" + integrity sha512-yhi5S+mNTOuRvyW4gWlg5W1byMaQGWWSYHXsuFZ7GBo7tpyOwi2EdzMP/QWxh9hwkD2m+wDVHJsxhRIj+v/b/A== + dependencies: + esprima "^2.7.1" + estraverse "^1.9.1" + esutils "^2.0.2" + optionator "^0.8.1" + optionalDependencies: + source-map "~0.2.0" + +eslint-config-prettier@^9.0.0: + version "9.1.0" + resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz#31af3d94578645966c082fcb71a5846d3c94867f" + integrity sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw== + +eslint-scope@^7.2.2: + version "7.2.2" + resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-7.2.2.tgz#deb4f92563390f32006894af62a22dba1c46423f" + integrity sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg== + dependencies: + esrecurse "^4.3.0" + estraverse "^5.2.0" + +eslint-visitor-keys@^3.4.1, eslint-visitor-keys@^3.4.3: + version "3.4.3" + resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz#0cd72fe8550e3c2eae156a96a4dddcd1c8ac5800" + integrity sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag== + +eslint@^8.30.0: + version "8.57.1" + resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.57.1.tgz#7df109654aba7e3bbe5c8eae533c5e461d3c6ca9" + integrity sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA== + dependencies: + "@eslint-community/eslint-utils" "^4.2.0" + "@eslint-community/regexpp" "^4.6.1" + "@eslint/eslintrc" "^2.1.4" + "@eslint/js" "8.57.1" + "@humanwhocodes/config-array" "^0.13.0" + "@humanwhocodes/module-importer" "^1.0.1" + "@nodelib/fs.walk" "^1.2.8" + "@ungap/structured-clone" "^1.2.0" + ajv "^6.12.4" + chalk "^4.0.0" + cross-spawn "^7.0.2" + debug "^4.3.2" + doctrine "^3.0.0" + escape-string-regexp "^4.0.0" + eslint-scope "^7.2.2" + eslint-visitor-keys "^3.4.3" + espree "^9.6.1" + esquery "^1.4.2" + esutils "^2.0.2" + fast-deep-equal "^3.1.3" + file-entry-cache "^6.0.1" + find-up "^5.0.0" + glob-parent "^6.0.2" + globals "^13.19.0" + graphemer "^1.4.0" + ignore "^5.2.0" + imurmurhash "^0.1.4" + is-glob "^4.0.0" + is-path-inside "^3.0.3" + js-yaml "^4.1.0" + json-stable-stringify-without-jsonify "^1.0.1" + levn "^0.4.1" + lodash.merge "^4.6.2" + minimatch "^3.1.2" + natural-compare "^1.4.0" + optionator "^0.9.3" + strip-ansi "^6.0.1" + text-table "^0.2.0" + +espree@^9.6.0, espree@^9.6.1: + version "9.6.1" + resolved "https://registry.yarnpkg.com/espree/-/espree-9.6.1.tgz#a2a17b8e434690a5432f2f8018ce71d331a48c6f" + integrity sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ== + dependencies: + acorn "^8.9.0" + acorn-jsx "^5.3.2" + eslint-visitor-keys "^3.4.1" + +esprima@2.7.x, esprima@^2.7.1: + version "2.7.3" + resolved "https://registry.yarnpkg.com/esprima/-/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581" + integrity sha512-OarPfz0lFCiW4/AV2Oy1Rp9qu0iusTKqykwTspGCZtPxmF81JR4MmIebvF1F9+UOKth2ZubLQ4XGGaU+hSn99A== + +esprima@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" + integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== + +esquery@^1.4.2: + version "1.6.0" + resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.6.0.tgz#91419234f804d852a82dceec3e16cdc22cf9dae7" + integrity sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg== + dependencies: + estraverse "^5.1.0" + +esrecurse@^4.3.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.3.0.tgz#7ad7964d679abb28bee72cec63758b1c5d2c9921" + integrity sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag== + dependencies: + estraverse "^5.2.0" + +estraverse@^1.9.1: + version "1.9.3" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-1.9.3.tgz#af67f2dc922582415950926091a4005d29c9bb44" + integrity sha512-25w1fMXQrGdoquWnScXZGckOv+Wes+JDnuN/+7ex3SauFRS72r2lFDec0EKPt2YD1wUJ/IrfEex+9yp4hfSOJA== + +estraverse@^5.1.0, estraverse@^5.2.0: + version "5.3.0" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.3.0.tgz#2eea5290702f26ab8fe5370370ff86c965d21123" + integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== + +esutils@^2.0.2: + version "2.0.3" + resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" + integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== + +ethereum-bloom-filters@^1.0.6: + version "1.2.0" + resolved "https://registry.yarnpkg.com/ethereum-bloom-filters/-/ethereum-bloom-filters-1.2.0.tgz#8294f074c1a6cbd32c39d2cc77ce86ff14797dab" + integrity sha512-28hyiE7HVsWubqhpVLVmZXFd4ITeHi+BUu05o9isf0GUpMtzBUi+8/gFrGaGYzvGAJQmJ3JKj77Mk9G98T84rA== + dependencies: + "@noble/hashes" "^1.4.0" + +ethereum-cryptography@0.1.3, ethereum-cryptography@^0.1.3: + version "0.1.3" + resolved "https://registry.yarnpkg.com/ethereum-cryptography/-/ethereum-cryptography-0.1.3.tgz#8d6143cfc3d74bf79bbd8edecdf29e4ae20dd191" + integrity sha512-w8/4x1SGGzc+tO97TASLja6SLd3fRIK2tLVcV2Gx4IB21hE19atll5Cq9o3d0ZmAYC/8aw0ipieTSiekAea4SQ== + dependencies: + "@types/pbkdf2" "^3.0.0" + "@types/secp256k1" "^4.0.1" + blakejs "^1.1.0" + browserify-aes "^1.2.0" + bs58check "^2.1.2" + create-hash "^1.2.0" + create-hmac "^1.1.7" + hash.js "^1.1.7" + keccak "^3.0.0" + pbkdf2 "^3.0.17" + randombytes "^2.1.0" + safe-buffer "^5.1.2" + scrypt-js "^3.0.0" + secp256k1 "^4.0.1" + setimmediate "^1.0.5" + +ethereum-cryptography@^1.0.3: + version "1.2.0" + resolved "https://registry.yarnpkg.com/ethereum-cryptography/-/ethereum-cryptography-1.2.0.tgz#5ccfa183e85fdaf9f9b299a79430c044268c9b3a" + integrity sha512-6yFQC9b5ug6/17CQpCyE3k9eKBMdhyVjzUy1WkiuY/E4vj/SXDBbCw8QEIaXqf0Mf2SnY6RmpDcwlUmBSS0EJw== + dependencies: + "@noble/hashes" "1.2.0" + "@noble/secp256k1" "1.7.1" + "@scure/bip32" "1.1.5" + "@scure/bip39" "1.1.1" + +ethereum-cryptography@^2.0.0, ethereum-cryptography@^2.1.2, ethereum-cryptography@^2.1.3: + version "2.2.1" + resolved "https://registry.yarnpkg.com/ethereum-cryptography/-/ethereum-cryptography-2.2.1.tgz#58f2810f8e020aecb97de8c8c76147600b0b8ccf" + integrity sha512-r/W8lkHSiTLxUxW8Rf3u4HGB0xQweG2RyETjywylKZSzLWoWAijRz8WCuOtJ6wah+avllXBqZuk29HCCvhEIRg== + dependencies: + "@noble/curves" "1.4.2" + "@noble/hashes" "1.4.0" + "@scure/bip32" "1.4.0" + "@scure/bip39" "1.3.0" + +ethereumjs-abi@^0.6.8: + version "0.6.8" + resolved "https://registry.yarnpkg.com/ethereumjs-abi/-/ethereumjs-abi-0.6.8.tgz#71bc152db099f70e62f108b7cdfca1b362c6fcae" + integrity sha512-Tx0r/iXI6r+lRsdvkFDlut0N08jWMnKRZ6Gkq+Nmw75lZe4e6o3EkSnkaBP5NF6+m5PTGAr9JP43N3LyeoglsA== + dependencies: + bn.js "^4.11.8" + ethereumjs-util "^6.0.0" + +ethereumjs-util@^6.0.0, ethereumjs-util@^6.2.1: + version "6.2.1" + resolved "https://registry.yarnpkg.com/ethereumjs-util/-/ethereumjs-util-6.2.1.tgz#fcb4e4dd5ceacb9d2305426ab1a5cd93e3163b69" + integrity sha512-W2Ktez4L01Vexijrm5EB6w7dg4n/TgpoYU4avuT5T3Vmnw/eCRtiBrJfQYS/DCSvDIOLn2k57GcHdeBcgVxAqw== + dependencies: + "@types/bn.js" "^4.11.3" + bn.js "^4.11.0" + create-hash "^1.1.2" + elliptic "^6.5.2" + ethereum-cryptography "^0.1.3" + ethjs-util "0.1.6" + rlp "^2.2.3" + +ethereumjs-util@^7.0.3, ethereumjs-util@^7.1.4: + version "7.1.5" + resolved "https://registry.yarnpkg.com/ethereumjs-util/-/ethereumjs-util-7.1.5.tgz#9ecf04861e4fbbeed7465ece5f23317ad1129181" + integrity sha512-SDl5kKrQAudFBUe5OJM9Ac6WmMyYmXX/6sTmLZ3ffG2eY6ZIGBes3pEDxNN6V72WyOw4CPD5RomKdsa8DAAwLg== + dependencies: + "@types/bn.js" "^5.1.0" + bn.js "^5.1.2" + create-hash "^1.1.2" + ethereum-cryptography "^0.1.3" + rlp "^2.2.4" + +ethers@^6.7.1: + version "6.13.5" + resolved "https://registry.yarnpkg.com/ethers/-/ethers-6.13.5.tgz#8c1d6ac988ac08abc3c1d8fabbd4b8b602851ac4" + integrity sha512-+knKNieu5EKRThQJWwqaJ10a6HE9sSehGeqWN65//wE7j47ZpFhKAnHB/JJFibwwg61I/koxaPsXbXpD/skNOQ== + dependencies: + "@adraffy/ens-normalize" "1.10.1" + "@noble/curves" "1.2.0" + "@noble/hashes" "1.3.2" + "@types/node" "22.7.5" + aes-js "4.0.0-beta.5" + tslib "2.7.0" + ws "8.17.1" + +ethjs-unit@0.1.6: + version "0.1.6" + resolved "https://registry.yarnpkg.com/ethjs-unit/-/ethjs-unit-0.1.6.tgz#c665921e476e87bce2a9d588a6fe0405b2c41699" + integrity sha512-/Sn9Y0oKl0uqQuvgFk/zQgR7aw1g36qX/jzSQ5lSwlO0GigPymk4eGQfeNTD03w1dPOqfz8V77Cy43jH56pagw== + dependencies: + bn.js "4.11.6" + number-to-bn "1.7.0" + +ethjs-util@0.1.6, ethjs-util@^0.1.6: + version "0.1.6" + resolved "https://registry.yarnpkg.com/ethjs-util/-/ethjs-util-0.1.6.tgz#f308b62f185f9fe6237132fb2a9818866a5cd536" + integrity sha512-CUnVOQq7gSpDHZVVrQW8ExxUETWrnrvXYvYz55wOU8Uj4VCgw56XC2B/fVqQN+f7gmrnRHSLVnFAwsCuNwji8w== + dependencies: + is-hex-prefixed "1.0.0" + strip-hex-prefix "1.0.0" + +evp_bytestokey@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02" + integrity sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA== + dependencies: + md5.js "^1.3.4" + safe-buffer "^5.1.1" + +extendable-error@^0.1.5: + version "0.1.7" + resolved "https://registry.yarnpkg.com/extendable-error/-/extendable-error-0.1.7.tgz#60b9adf206264ac920058a7395685ae4670c2b96" + integrity sha512-UOiS2in6/Q0FK0R0q6UY9vYpQ21mr/Qn1KOnte7vsACuNJf514WvCCUHSRCPcgjPT2bAhNIJdlE6bVap1GKmeg== + +external-editor@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/external-editor/-/external-editor-3.1.0.tgz#cb03f740befae03ea4d283caed2741a83f335495" + integrity sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew== + dependencies: + chardet "^0.7.0" + iconv-lite "^0.4.24" + tmp "^0.0.33" + +fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: + version "3.1.3" + resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" + integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== + +fast-diff@^1.2.0: + version "1.3.0" + resolved "https://registry.yarnpkg.com/fast-diff/-/fast-diff-1.3.0.tgz#ece407fa550a64d638536cd727e129c61616e0f0" + integrity sha512-VxPP4NqbUjj6MaAOafWeUn2cXWLcCtljklUtZf0Ind4XQ+QPtmA0b18zZy0jIQx+ExRVCR/ZQpBmik5lXshNsw== + +fast-glob@^3.0.3, fast-glob@^3.2.9: + version "3.3.3" + resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.3.tgz#d06d585ce8dba90a16b0505c543c3ccfb3aeb818" + integrity sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg== + dependencies: + "@nodelib/fs.stat" "^2.0.2" + "@nodelib/fs.walk" "^1.2.3" + glob-parent "^5.1.2" + merge2 "^1.3.0" + micromatch "^4.0.8" + +fast-json-stable-stringify@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" + integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== + +fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6: + version "2.0.6" + resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" + integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw== + +fast-uri@^3.0.1: + version "3.0.5" + resolved "https://registry.yarnpkg.com/fast-uri/-/fast-uri-3.0.5.tgz#19f5f9691d0dab9b85861a7bb5d98fca961da9cd" + integrity sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q== + +fastq@^1.6.0: + version "1.18.0" + resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.18.0.tgz#d631d7e25faffea81887fe5ea8c9010e1b36fee0" + integrity sha512-QKHXPW0hD8g4UET03SdOdunzSouc9N4AuHdsX8XNcTsuz+yYFILVNIX4l9yHABMhiEI9Db0JTTIpu0wB+Y1QQw== + dependencies: + reusify "^1.0.4" + +fdir@^6.4.2: + version "6.4.2" + resolved "https://registry.yarnpkg.com/fdir/-/fdir-6.4.2.tgz#ddaa7ce1831b161bc3657bb99cb36e1622702689" + integrity sha512-KnhMXsKSPZlAhp7+IjUkRZKPb4fUyccpDrdFXbi4QL1qkmFh9kVY09Yox+n4MaOb3lHZ1Tv829C3oaaXoMYPDQ== + +file-entry-cache@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/file-entry-cache/-/file-entry-cache-6.0.1.tgz#211b2dd9659cb0394b073e7323ac3c933d522027" + integrity sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg== + dependencies: + flat-cache "^3.0.4" + +fill-range@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" + integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== + dependencies: + to-regex-range "^5.0.1" + +find-up@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-4.1.0.tgz#97afe7d6cdc0bc5928584b7c8d7b16e8a9aa5d19" + integrity sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw== + dependencies: + locate-path "^5.0.0" + path-exists "^4.0.0" + +find-up@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc" + integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng== + dependencies: + locate-path "^6.0.0" + path-exists "^4.0.0" + +flat-cache@^3.0.4: + version "3.2.0" + resolved "https://registry.yarnpkg.com/flat-cache/-/flat-cache-3.2.0.tgz#2c0c2d5040c99b1632771a9d105725c0115363ee" + integrity sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw== + dependencies: + flatted "^3.2.9" + keyv "^4.5.3" + rimraf "^3.0.2" + +flat@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241" + integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ== + +flatted@^3.2.9: + version "3.3.2" + resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.3.2.tgz#adba1448a9841bec72b42c532ea23dbbedef1a27" + integrity sha512-AiwGJM8YcNOaobumgtng+6NHuOqC3A7MixFeDafM3X9cIUM+xUXoS5Vfgf+OihAYe20fxqNM9yPBXJzRtZ/4eA== + +follow-redirects@^1.12.1, follow-redirects@^1.15.6: + version "1.15.9" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1" + integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ== + +foreground-child@^3.1.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/foreground-child/-/foreground-child-3.3.0.tgz#0ac8644c06e431439f8561db8ecf29a7b5519c77" + integrity sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg== + dependencies: + cross-spawn "^7.0.0" + signal-exit "^4.0.1" + +form-data-encoder@^2.1.2: + version "2.1.4" + resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-2.1.4.tgz#261ea35d2a70d48d30ec7a9603130fa5515e9cd5" + integrity sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw== + +form-data@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.1.tgz#ba1076daaaa5bfd7e99c1a6cb02aa0a5cff90d48" + integrity sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw== + dependencies: + asynckit "^0.4.0" + combined-stream "^1.0.8" + mime-types "^2.1.12" + +fp-ts@1.19.3: + version "1.19.3" + resolved "https://registry.yarnpkg.com/fp-ts/-/fp-ts-1.19.3.tgz#261a60d1088fbff01f91256f91d21d0caaaaa96f" + integrity sha512-H5KQDspykdHuztLTg+ajGN0Z2qUjcEf3Ybxc6hLt0k7/zPkn29XnKnxlBPyW2XIddWrGaJBzBl4VLYOtk39yZg== + +fp-ts@^1.0.0: + version "1.19.5" + resolved "https://registry.yarnpkg.com/fp-ts/-/fp-ts-1.19.5.tgz#3da865e585dfa1fdfd51785417357ac50afc520a" + integrity sha512-wDNqTimnzs8QqpldiId9OavWK2NptormjXnRJTQecNjzwfyp6P/8s/zG8e4h3ja3oqkKaY72UlTjQYt/1yXf9A== + +fs-extra@^7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-7.0.1.tgz#4f189c44aa123b895f722804f55ea23eadc348e9" + integrity sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw== + dependencies: + graceful-fs "^4.1.2" + jsonfile "^4.0.0" + universalify "^0.1.0" + +fs-extra@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-8.1.0.tgz#49d43c45a88cd9677668cb7be1b46efdb8d2e1c0" + integrity sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^4.0.0" + universalify "^0.1.0" + +fs.realpath@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" + integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw== + +fsevents@~2.3.2: + version "2.3.3" + resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" + integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== + +function-bind@^1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" + integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== + +get-caller-file@^2.0.5: + version "2.0.5" + resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" + integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== + +get-func-name@^2.0.1, get-func-name@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.2.tgz#0d7cf20cd13fda808669ffa88f4ffc7a3943fc41" + integrity sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ== + +get-stream@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7" + integrity sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg== + +ghost-testrpc@^0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/ghost-testrpc/-/ghost-testrpc-0.0.2.tgz#c4de9557b1d1ae7b2d20bbe474a91378ca90ce92" + integrity sha512-i08dAEgJ2g8z5buJIrCTduwPIhih3DP+hOCTyyryikfV8T0bNvHnGXO67i0DD1H4GBDETTclPy9njZbfluQYrQ== + dependencies: + chalk "^2.4.2" + node-emoji "^1.10.0" + +glob-parent@^5.1.2, glob-parent@~5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== + dependencies: + is-glob "^4.0.1" + +glob-parent@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" + integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== + dependencies: + is-glob "^4.0.3" + +glob@^10.3.10: + version "10.4.5" + resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956" + integrity sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg== + dependencies: + foreground-child "^3.1.0" + jackspeak "^3.1.2" + minimatch "^9.0.4" + minipass "^7.1.2" + package-json-from-dist "^1.0.0" + path-scurry "^1.11.1" + +glob@^11.0.0: + version "11.0.1" + resolved "https://registry.yarnpkg.com/glob/-/glob-11.0.1.tgz#1c3aef9a59d680e611b53dcd24bb8639cef064d9" + integrity sha512-zrQDm8XPnYEKawJScsnM0QzobJxlT/kHOOlRTio8IH/GrmxRE5fjllkzdaHclIuNjUQTJYH2xHNIGfdpJkDJUw== + dependencies: + foreground-child "^3.1.0" + jackspeak "^4.0.1" + minimatch "^10.0.0" + minipass "^7.1.2" + package-json-from-dist "^1.0.0" + path-scurry "^2.0.0" + +glob@^5.0.15: + version "5.0.15" + resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1" + integrity sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA== + dependencies: + inflight "^1.0.4" + inherits "2" + minimatch "2 || 3" + once "^1.3.0" + path-is-absolute "^1.0.0" + +glob@^7.0.0, glob@^7.1.3: + version "7.2.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.1.1" + once "^1.3.0" + path-is-absolute "^1.0.0" + +glob@^8.0.3, glob@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e" + integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^5.0.1" + once "^1.3.0" + +global-modules@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/global-modules/-/global-modules-2.0.0.tgz#997605ad2345f27f51539bea26574421215c7780" + integrity sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A== + dependencies: + global-prefix "^3.0.0" + +global-prefix@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/global-prefix/-/global-prefix-3.0.0.tgz#fc85f73064df69f50421f47f883fe5b913ba9b97" + integrity sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg== + dependencies: + ini "^1.3.5" + kind-of "^6.0.2" + which "^1.3.1" + +globals@^13.19.0: + version "13.24.0" + resolved "https://registry.yarnpkg.com/globals/-/globals-13.24.0.tgz#8432a19d78ce0c1e833949c36adb345400bb1171" + integrity sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ== + dependencies: + type-fest "^0.20.2" + +globby@^10.0.1: + version "10.0.2" + resolved "https://registry.yarnpkg.com/globby/-/globby-10.0.2.tgz#277593e745acaa4646c3ab411289ec47a0392543" + integrity sha512-7dUi7RvCoT/xast/o/dLN53oqND4yk0nsHkhRgn9w65C4PofCLOoJ39iSOg+qVDdWQPIEj+eszMHQ+aLVwwQSg== + dependencies: + "@types/glob" "^7.1.1" + array-union "^2.1.0" + dir-glob "^3.0.1" + fast-glob "^3.0.3" + glob "^7.1.3" + ignore "^5.1.1" + merge2 "^1.2.3" + slash "^3.0.0" + +globby@^11.0.0: + version "11.1.0" + resolved "https://registry.yarnpkg.com/globby/-/globby-11.1.0.tgz#bd4be98bb042f83d796f7e3811991fbe82a0d34b" + integrity sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g== + dependencies: + array-union "^2.1.0" + dir-glob "^3.0.1" + fast-glob "^3.2.9" + ignore "^5.2.0" + merge2 "^1.4.1" + slash "^3.0.0" + +got@^12.1.0: + version "12.6.1" + resolved "https://registry.yarnpkg.com/got/-/got-12.6.1.tgz#8869560d1383353204b5a9435f782df9c091f549" + integrity sha512-mThBblvlAF1d4O5oqyvN+ZxLAYwIJK7bpMxgYqPD9okW0C3qm5FFn7k811QrcuEBwaogR3ngOFoCfs6mRv7teQ== + dependencies: + "@sindresorhus/is" "^5.2.0" + "@szmarczak/http-timer" "^5.0.1" + cacheable-lookup "^7.0.0" + cacheable-request "^10.2.8" + decompress-response "^6.0.0" + form-data-encoder "^2.1.2" + get-stream "^6.0.1" + http2-wrapper "^2.1.10" + lowercase-keys "^3.0.0" + p-cancelable "^3.0.0" + responselike "^3.0.0" + +graceful-fs@4.2.10: + version "4.2.10" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c" + integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA== + +graceful-fs@^4.1.2, graceful-fs@^4.1.5, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.4: + version "4.2.11" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" + integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== + +graphemer@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/graphemer/-/graphemer-1.4.0.tgz#fb2f1d55e0e3a1849aeffc90c4fa0dd53a0e66c6" + integrity sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag== + +graphlib@^2.1.8: + version "2.1.8" + resolved "https://registry.yarnpkg.com/graphlib/-/graphlib-2.1.8.tgz#5761d414737870084c92ec7b5dbcb0592c9d35da" + integrity sha512-jcLLfkpoVGmH7/InMC/1hIvOPSUh38oJtGhvrOFGzioE1DZ+0YW16RgmOJhHiuWTvGiJQ9Z1Ik43JvkRPRvE+A== + dependencies: + lodash "^4.17.15" + +handlebars@^4.0.1, handlebars@^4.7.7: + version "4.7.8" + resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.8.tgz#41c42c18b1be2365439188c77c6afae71c0cd9e9" + integrity sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ== + dependencies: + minimist "^1.2.5" + neo-async "^2.6.2" + source-map "^0.6.1" + wordwrap "^1.0.0" + optionalDependencies: + uglify-js "^3.1.4" + +hardhat-exposed@^0.3.15: + version "0.3.15" + resolved "https://registry.yarnpkg.com/hardhat-exposed/-/hardhat-exposed-0.3.15.tgz#8096b5b65ac9059e126f2413f9415e2ec0eb458b" + integrity sha512-jqxErCnSWGYf4vAkLmh3H3u+IuLuCLw/EVeV13z1JKJMJAd/iO+G283n8T124S/Q2BF/BoA2zgzYAlqXgNyKew== + dependencies: + micromatch "^4.0.4" + solidity-ast "^0.4.52" + +hardhat-gas-reporter@^2.0.0: + version "2.2.2" + resolved "https://registry.yarnpkg.com/hardhat-gas-reporter/-/hardhat-gas-reporter-2.2.2.tgz#b1530b1938b994d67dffda207314504b7946af09" + integrity sha512-xlg3d00wrgUvP2S5tw3Zf6nO7OyS5crK3P6/ZP69i24pz4grM+6oFHGW/eJPSGqiDWBYX+gKp9XoqP4rwRXrdQ== + dependencies: + "@ethersproject/abi" "^5.7.0" + "@ethersproject/bytes" "^5.7.0" + "@ethersproject/units" "^5.7.0" + "@solidity-parser/parser" "^0.19.0" + axios "^1.6.7" + brotli-wasm "^2.0.1" + chalk "4.1.2" + cli-table3 "^0.6.3" + ethereum-cryptography "^2.1.3" + glob "^10.3.10" + jsonschema "^1.4.1" + lodash "^4.17.21" + markdown-table "2.0.0" + sha1 "^1.1.1" + viem "2.7.14" + +hardhat-ignore-warnings@^0.2.11: + version "0.2.12" + resolved "https://registry.yarnpkg.com/hardhat-ignore-warnings/-/hardhat-ignore-warnings-0.2.12.tgz#49c7b5e889d04de261efb87d4f13604fc4374eae" + integrity sha512-SaxCLKzYBMk3Rd1275TnanUmmxwgU+bu4Ekf2MKcqXxxt6xTGcPTtTaM+USrLgmejZHC4Itg/PaWITlOp4RL3g== + dependencies: + minimatch "^5.1.0" + node-interval-tree "^2.0.1" + solidity-comments "^0.0.2" + +hardhat@^2.22.2: + version "2.22.18" + resolved "https://registry.yarnpkg.com/hardhat/-/hardhat-2.22.18.tgz#e299a26a67b521bbb225370eb47a032d4e097e3a" + integrity sha512-2+kUz39gvMo56s75cfLBhiFedkQf+gXdrwCcz4R/5wW0oBdwiyfj2q9BIkMoaA0WIGYYMU2I1Cc4ucTunhfjzw== + dependencies: + "@ethersproject/abi" "^5.1.2" + "@metamask/eth-sig-util" "^4.0.0" + "@nomicfoundation/edr" "^0.7.0" + "@nomicfoundation/ethereumjs-common" "4.0.4" + "@nomicfoundation/ethereumjs-tx" "5.0.4" + "@nomicfoundation/ethereumjs-util" "9.0.4" + "@nomicfoundation/solidity-analyzer" "^0.1.0" + "@sentry/node" "^5.18.1" + "@types/bn.js" "^5.1.0" + "@types/lru-cache" "^5.1.0" + adm-zip "^0.4.16" + aggregate-error "^3.0.0" + ansi-escapes "^4.3.0" + boxen "^5.1.2" + chokidar "^4.0.0" + ci-info "^2.0.0" + debug "^4.1.1" + enquirer "^2.3.0" + env-paths "^2.2.0" + ethereum-cryptography "^1.0.3" + ethereumjs-abi "^0.6.8" + find-up "^5.0.0" + fp-ts "1.19.3" + fs-extra "^7.0.1" + immutable "^4.0.0-rc.12" + io-ts "1.10.4" + json-stream-stringify "^3.1.4" + keccak "^3.0.2" + lodash "^4.17.11" + mnemonist "^0.38.0" + mocha "^10.0.0" + p-map "^4.0.0" + picocolors "^1.1.0" + raw-body "^2.4.1" + resolve "1.17.0" + semver "^6.3.0" + solc "0.8.26" + source-map-support "^0.5.13" + stacktrace-parser "^0.1.10" + tinyglobby "^0.2.6" + tsort "0.0.1" + undici "^5.14.0" + uuid "^8.3.2" + ws "^7.4.6" + +has-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-1.0.0.tgz#9d9e793165ce017a00f00418c43f942a7b1d11fa" + integrity sha512-DyYHfIYwAJmjAjSSPKANxI8bFY9YtFrgkAfinBojQ8YJTOuOuav64tMUJv584SES4xl74PmuaevIyaLESHdTAA== + +has-flag@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd" + integrity sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw== + +has-flag@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b" + integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== + +hash-base@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.1.0.tgz#55c381d9e06e1d2997a883b4a3fddfe7f0d3af33" + integrity sha512-1nmYp/rhMDiE7AYkDw+lLwlAzz0AntGIe51F3RfFfEqyQ3feY2eI/NcwC6umIQVOASPMsWJLJScWKSSvzL9IVA== + dependencies: + inherits "^2.0.4" + readable-stream "^3.6.0" + safe-buffer "^5.2.0" + +hash.js@1.1.7, hash.js@^1.0.0, hash.js@^1.0.3, hash.js@^1.1.7: + version "1.1.7" + resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42" + integrity sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA== + dependencies: + inherits "^2.0.3" + minimalistic-assert "^1.0.1" + +hasown@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" + integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== + dependencies: + function-bind "^1.1.2" + +he@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" + integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== + +"heap@>= 0.2.0": + version "0.2.7" + resolved "https://registry.yarnpkg.com/heap/-/heap-0.2.7.tgz#1e6adf711d3f27ce35a81fe3b7bd576c2260a8fc" + integrity sha512-2bsegYkkHO+h/9MGbn6KWcE45cHZgPANo5LXF7EvWdT0yT2EguSVO1nDgU5c8+ZOPwp2vMNa7YFsJhVcDR9Sdg== + +hmac-drbg@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1" + integrity sha512-Tti3gMqLdZfhOQY1Mzf/AanLiqh1WTiJgEj26ZuYQ9fbkLomzGchCws4FyrSd4VkpBfiNhaE1On+lOz894jvXg== + dependencies: + hash.js "^1.0.3" + minimalistic-assert "^1.0.0" + minimalistic-crypto-utils "^1.0.1" + +http-cache-semantics@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz#abe02fcb2985460bf0323be664436ec3476a6d5a" + integrity sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ== + +http-errors@2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-2.0.0.tgz#b7774a1486ef73cf7667ac9ae0858c012c57b9d3" + integrity sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ== + dependencies: + depd "2.0.0" + inherits "2.0.4" + setprototypeof "1.2.0" + statuses "2.0.1" + toidentifier "1.0.1" + +http2-wrapper@^2.1.10: + version "2.2.1" + resolved "https://registry.yarnpkg.com/http2-wrapper/-/http2-wrapper-2.2.1.tgz#310968153dcdedb160d8b72114363ef5fce1f64a" + integrity sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ== + dependencies: + quick-lru "^5.1.1" + resolve-alpn "^1.2.0" + +https-proxy-agent@^5.0.0: + version "5.0.1" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz#c59ef224a04fe8b754f3db0063a25ea30d0005d6" + integrity sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== + dependencies: + agent-base "6" + debug "4" + +human-id@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/human-id/-/human-id-1.0.2.tgz#e654d4b2b0d8b07e45da9f6020d8af17ec0a5df3" + integrity sha512-UNopramDEhHJD+VR+ehk8rOslwSfByxPIZyJRfV739NDhN5LF1fa1MqnzKm2lGTQRjNrjK19Q5fhkgIfjlVUKw== + +iconv-lite@0.4.24, iconv-lite@^0.4.24: + version "0.4.24" + resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b" + integrity sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA== + dependencies: + safer-buffer ">= 2.1.2 < 3" + +ignore@^5.1.1, ignore@^5.2.0, ignore@^5.2.4: + version "5.3.2" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" + integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g== + +immutable@^4.0.0-rc.12: + version "4.3.7" + resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.7.tgz#c70145fc90d89fb02021e65c84eb0226e4e5a381" + integrity sha512-1hqclzwYwjRDFLjcFxOM5AYkkG0rpFPpr1RLPMEuGczoS7YA8gLhy8SWXYRAA/XwfEHpfo3cw5JGioS32fnMRw== + +import-fresh@^3.2.1, import-fresh@^3.3.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.0.tgz#37162c25fcb9ebaa2e6e53d5b4d88ce17d9e0c2b" + integrity sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw== + dependencies: + parent-module "^1.0.0" + resolve-from "^4.0.0" + +imurmurhash@^0.1.4: + version "0.1.4" + resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea" + integrity sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA== + +indent-string@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251" + integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg== + +inflight@^1.0.4: + version "1.0.6" + resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" + integrity sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA== + dependencies: + once "^1.3.0" + wrappy "1" + +inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4: + version "2.0.4" + resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" + integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== + +ini@^1.3.4, ini@^1.3.5, ini@~1.3.0: + version "1.3.8" + resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== + +interpret@^1.0.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/interpret/-/interpret-1.4.0.tgz#665ab8bc4da27a774a40584e812e3e0fa45b1a1e" + integrity sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA== + +io-ts@1.10.4: + version "1.10.4" + resolved "https://registry.yarnpkg.com/io-ts/-/io-ts-1.10.4.tgz#cd5401b138de88e4f920adbcb7026e2d1967e6e2" + integrity sha512-b23PteSnYXSONJ6JQXRAlvJhuw8KOtkqa87W4wDtvMrud/DTJd5X+NpOOI+O/zZwVq6v0VLAaJ+1EDViKEuN9g== + dependencies: + fp-ts "^1.0.0" + +is-arrayish@^0.2.1: + version "0.2.1" + resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d" + integrity sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg== + +is-binary-path@~2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09" + integrity sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw== + dependencies: + binary-extensions "^2.0.0" + +is-core-module@^2.16.0: + version "2.16.1" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.16.1.tgz#2a98801a849f43e2add644fbb6bc6229b19a4ef4" + integrity sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w== + dependencies: + hasown "^2.0.2" + +is-extglob@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" + integrity sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== + +is-fullwidth-code-point@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" + integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== + +is-glob@^4.0.0, is-glob@^4.0.1, is-glob@^4.0.3, is-glob@~4.0.1: + version "4.0.3" + resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" + integrity sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== + dependencies: + is-extglob "^2.1.1" + +is-hex-prefixed@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/is-hex-prefixed/-/is-hex-prefixed-1.0.0.tgz#7d8d37e6ad77e5d127148913c573e082d777f554" + integrity sha512-WvtOiug1VFrE9v1Cydwm+FnXd3+w9GaeVUss5W4v/SLy3UW00vP+6iNF2SdnfiBoLy4bTqVdkftNGTUeOFVsbA== + +is-number@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" + integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== + +is-path-inside@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283" + integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ== + +is-plain-obj@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-2.1.0.tgz#45e42e37fccf1f40da8e5f76ee21515840c09287" + integrity sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA== + +is-port-reachable@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/is-port-reachable/-/is-port-reachable-3.1.0.tgz#f6668d3bca9c36b07f737c48a8f875ab0653cd2b" + integrity sha512-vjc0SSRNZ32s9SbZBzGaiP6YVB+xglLShhgZD/FHMZUXBvQWaV9CtzgeVhjccFJrI6RAMV+LX7NYxueW/A8W5A== + +is-subdir@^1.1.1: + version "1.2.0" + resolved "https://registry.yarnpkg.com/is-subdir/-/is-subdir-1.2.0.tgz#b791cd28fab5202e91a08280d51d9d7254fd20d4" + integrity sha512-2AT6j+gXe/1ueqbW6fLZJiIw3F8iXGJtt0yDrZaBhAZEG1raiTxKWU+IPqMCzQAXOUCKdA4UDMgacKH25XG2Cw== + dependencies: + better-path-resolve "1.0.0" + +is-unicode-supported@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz#3f26c76a809593b52bfa2ecb5710ed2779b522a7" + integrity sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw== + +is-windows@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d" + integrity sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA== + +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== + +isows@1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/isows/-/isows-1.0.3.tgz#93c1cf0575daf56e7120bab5c8c448b0809d0d74" + integrity sha512-2cKei4vlmg2cxEjm3wVSqn8pcoRF/LX/wpifuuNquFO4SQmPwarClT+SUCA2lt+l581tTeZIPIZuIDo2jWN1fg== + +jackspeak@^3.1.2: + version "3.4.3" + resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-3.4.3.tgz#8833a9d89ab4acde6188942bd1c53b6390ed5a8a" + integrity sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw== + dependencies: + "@isaacs/cliui" "^8.0.2" + optionalDependencies: + "@pkgjs/parseargs" "^0.11.0" + +jackspeak@^4.0.1: + version "4.0.2" + resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-4.0.2.tgz#11f9468a3730c6ff6f56823a820d7e3be9bef015" + integrity sha512-bZsjR/iRjl1Nk1UkjGpAzLNfQtzuijhn2g+pbZb98HQ1Gk8vM9hfbxeMBP+M2/UUdwj0RqGG3mlvk2MsAqwvEw== + dependencies: + "@isaacs/cliui" "^8.0.2" + +js-sha3@0.8.0: + version "0.8.0" + resolved "https://registry.yarnpkg.com/js-sha3/-/js-sha3-0.8.0.tgz#b9b7a5da73afad7dedd0f8c463954cbde6818840" + integrity sha512-gF1cRrHhIzNfToc802P800N8PpXS+evLLXfsVpowqmAFR9uwbi89WvXg2QspOmXL8QL86J4T1EpFu+yUkwJY3Q== + +js-tokens@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" + integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== + +js-yaml@3.x, js-yaml@^3.13.1, js-yaml@^3.6.1: + version "3.14.1" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" + integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== + dependencies: + argparse "^1.0.7" + esprima "^4.0.0" + +js-yaml@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + dependencies: + argparse "^2.0.1" + +json-buffer@3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.1.tgz#9338802a30d3b6605fbe0613e094008ca8c05a13" + integrity sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ== + +json-parse-even-better-errors@^2.3.0: + version "2.3.1" + resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" + integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== + +json-schema-traverse@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" + integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== + +json-schema-traverse@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2" + integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug== + +json-stable-stringify-without-jsonify@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651" + integrity sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw== + +json-stream-stringify@^3.1.4: + version "3.1.6" + resolved "https://registry.yarnpkg.com/json-stream-stringify/-/json-stream-stringify-3.1.6.tgz#ebe32193876fb99d4ec9f612389a8d8e2b5d54d4" + integrity sha512-x7fpwxOkbhFCaJDJ8vb1fBY3DdSa4AlITaz+HHILQJzdPMnHEFjxPwVUi1ALIbcIxDE0PNe/0i7frnY8QnBQog== + +jsonfile@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-4.0.0.tgz#8771aae0799b64076b76640fca058f9c10e33ecb" + integrity sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg== + optionalDependencies: + graceful-fs "^4.1.6" + +jsonschema@^1.2.4, jsonschema@^1.4.1: + version "1.5.0" + resolved "https://registry.yarnpkg.com/jsonschema/-/jsonschema-1.5.0.tgz#f6aceb1ab9123563dd901d05f81f9d4883d3b7d8" + integrity sha512-K+A9hhqbn0f3pJX17Q/7H6yQfD/5OXgdrR5UE12gMXCiN9D5Xq2o5mddV2QEcX/bjla99ASsAAQUyMCCRWAEhw== + +keccak@^3.0.0, keccak@^3.0.2: + version "3.0.4" + resolved "https://registry.yarnpkg.com/keccak/-/keccak-3.0.4.tgz#edc09b89e633c0549da444432ecf062ffadee86d" + integrity sha512-3vKuW0jV8J3XNTzvfyicFR5qvxrSAGl7KIhvgOu5cmWwM7tZRj3fMbj/pfIf4be7aznbc+prBWGjywox/g2Y6Q== + dependencies: + node-addon-api "^2.0.0" + node-gyp-build "^4.2.0" + readable-stream "^3.6.0" + +keyv@^4.5.3: + version "4.5.4" + resolved "https://registry.yarnpkg.com/keyv/-/keyv-4.5.4.tgz#a879a99e29452f942439f2a405e3af8b31d4de93" + integrity sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw== + dependencies: + json-buffer "3.0.1" + +kind-of@^6.0.2: + version "6.0.3" + resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd" + integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw== + +latest-version@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-7.0.0.tgz#843201591ea81a4d404932eeb61240fe04e9e5da" + integrity sha512-KvNT4XqAMzdcL6ka6Tl3i2lYeFDgXNCuIX+xNx6ZMVR1dFq+idXd9FLKNMOIx0t9mJ9/HudyX4oZWXZQ0UJHeg== + dependencies: + package-json "^8.1.0" + +levn@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/levn/-/levn-0.4.1.tgz#ae4562c007473b932a6200d403268dd2fffc6ade" + integrity sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ== + dependencies: + prelude-ls "^1.2.1" + type-check "~0.4.0" + +levn@~0.3.0: + version "0.3.0" + resolved "https://registry.yarnpkg.com/levn/-/levn-0.3.0.tgz#3b09924edf9f083c0490fdd4c0bc4421e04764ee" + integrity sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA== + dependencies: + prelude-ls "~1.1.2" + type-check "~0.3.2" + +lines-and-columns@^1.1.6: + version "1.2.4" + resolved "https://registry.yarnpkg.com/lines-and-columns/-/lines-and-columns-1.2.4.tgz#eca284f75d2965079309dc0ad9255abb2ebc1632" + integrity sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== + +locate-path@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-5.0.0.tgz#1afba396afd676a6d42504d0a67a3a7eb9f62aa0" + integrity sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g== + dependencies: + p-locate "^4.1.0" + +locate-path@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-6.0.0.tgz#55321eb309febbc59c4801d931a72452a681d286" + integrity sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw== + dependencies: + p-locate "^5.0.0" + +lodash.isequal@^4.5.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/lodash.isequal/-/lodash.isequal-4.5.0.tgz#415c4478f2bcc30120c22ce10ed3226f7d3e18e0" + integrity sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ== + +lodash.merge@^4.6.2: + version "4.6.2" + resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" + integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== + +lodash.startcase@^4.4.0: + version "4.4.0" + resolved "https://registry.yarnpkg.com/lodash.startcase/-/lodash.startcase-4.4.0.tgz#9436e34ed26093ed7ffae1936144350915d9add8" + integrity sha512-+WKqsK294HMSc2jEbNgpHpd0JfIBhp7rEV4aqXWqFr6AlXov+SlcgB1Fv01y2kGe3Gc8nMW7VA0SrGuSkRfIEg== + +lodash.truncate@^4.4.2: + version "4.4.2" + resolved "https://registry.yarnpkg.com/lodash.truncate/-/lodash.truncate-4.4.2.tgz#5a350da0b1113b837ecfffd5812cbe58d6eae193" + integrity sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw== + +lodash@^4.17.11, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + +log-symbols@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503" + integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg== + dependencies: + chalk "^4.1.0" + is-unicode-supported "^0.1.0" + +loupe@^2.3.6: + version "2.3.7" + resolved "https://registry.yarnpkg.com/loupe/-/loupe-2.3.7.tgz#6e69b7d4db7d3ab436328013d37d1c8c3540c697" + integrity sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA== + dependencies: + get-func-name "^2.0.1" + +lowercase-keys@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-3.0.0.tgz#c5e7d442e37ead247ae9db117a9d0a467c89d4f2" + integrity sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ== + +lru-cache@^10.2.0: + version "10.4.3" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.4.3.tgz#410fc8a17b70e598013df257c2446b7f3383f119" + integrity sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ== + +lru-cache@^11.0.0: + version "11.0.2" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-11.0.2.tgz#fbd8e7cf8211f5e7e5d91905c415a3f55755ca39" + integrity sha512-123qHRfJBmo2jXDbo/a5YOQrJoHF/GNQTLzQ5+IdK5pWpceK17yRc6ozlWd25FxvGKQbIUs91fDFkXmDHTKcyA== + +lru_map@^0.3.3: + version "0.3.3" + resolved "https://registry.yarnpkg.com/lru_map/-/lru_map-0.3.3.tgz#b5c8351b9464cbd750335a79650a0ec0e56118dd" + integrity sha512-Pn9cox5CsMYngeDbmChANltQl+5pi6XmTrraMSzhPmMBbmgcxmqWry0U3PGapCU1yB4/LqCcom7qhHZiF/jGfQ== + +markdown-table@2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-2.0.0.tgz#194a90ced26d31fe753d8b9434430214c011865b" + integrity sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A== + dependencies: + repeat-string "^1.0.0" + +md5.js@^1.3.4: + version "1.3.5" + resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.5.tgz#b5d07b8e3216e3e27cd728d72f70d1e6a342005f" + integrity sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg== + dependencies: + hash-base "^3.0.0" + inherits "^2.0.1" + safe-buffer "^5.1.2" + +memorystream@^0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2" + integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw== + +merge2@^1.2.3, merge2@^1.3.0, merge2@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" + integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== + +micro-ftch@^0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/micro-ftch/-/micro-ftch-0.3.1.tgz#6cb83388de4c1f279a034fb0cf96dfc050853c5f" + integrity sha512-/0LLxhzP0tfiR5hcQebtudP56gUurs2CLkGarnCiB/OqEyUFQ6U3paQi/tgLv0hBJYt2rnr9MNpxz4fiiugstg== + +micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.8: + version "4.0.8" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.8.tgz#d66fa18f3a47076789320b9b1af32bd86d9fa202" + integrity sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA== + dependencies: + braces "^3.0.3" + picomatch "^2.3.1" + +mime-db@1.52.0: + version "1.52.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" + integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== + +mime-types@^2.1.12: + version "2.1.35" + resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + +mimic-response@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-3.1.0.tgz#2d1d59af9c1b129815accc2c46a022a5ce1fa3c9" + integrity sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ== + +mimic-response@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-4.0.0.tgz#35468b19e7c75d10f5165ea25e75a5ceea7cf70f" + integrity sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg== + +minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" + integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== + +minimalistic-crypto-utils@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a" + integrity sha512-JIYlbt6g8i5jKfJ3xz7rF0LXmv2TkDxBLUkiBeZ7bAx4GnnNMr8xFpGnOxn6GhTEHx3SjRrZEoU+j04prX1ktg== + +"minimatch@2 || 3", minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" + integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + dependencies: + brace-expansion "^1.1.7" + +minimatch@^10.0.0: + version "10.0.1" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.0.1.tgz#ce0521856b453c86e25f2c4c0d03e6ff7ddc440b" + integrity sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ== + dependencies: + brace-expansion "^2.0.1" + +minimatch@^5.0.1, minimatch@^5.1.0, minimatch@^5.1.6: + version "5.1.6" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96" + integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== + dependencies: + brace-expansion "^2.0.1" + +minimatch@^9.0.0, minimatch@^9.0.4, minimatch@^9.0.5: + version "9.0.5" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.5.tgz#d74f9dd6b57d83d8e98cfb82133b03978bc929e5" + integrity sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow== + dependencies: + brace-expansion "^2.0.1" + +minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6, minimist@^1.2.7: + version "1.2.8" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" + integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== + +"minipass@^5.0.0 || ^6.0.2 || ^7.0.0", minipass@^7.1.2: + version "7.1.2" + resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" + integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== + +mkdirp@0.5.x: + version "0.5.6" + resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6" + integrity sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw== + dependencies: + minimist "^1.2.6" + +mnemonist@^0.38.0: + version "0.38.5" + resolved "https://registry.yarnpkg.com/mnemonist/-/mnemonist-0.38.5.tgz#4adc7f4200491237fe0fa689ac0b86539685cade" + integrity sha512-bZTFT5rrPKtPJxj8KSV0WkPyNxl72vQepqqVUAW2ARUpUSF2qXMB6jZj7hW5/k7C1rtpzqbD/IIbJwLXUjCHeg== + dependencies: + obliterator "^2.0.0" + +mocha@^10.0.0, mocha@^10.2.0: + version "10.8.2" + resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.8.2.tgz#8d8342d016ed411b12a429eb731b825f961afb96" + integrity sha512-VZlYo/WE8t1tstuRmqgeyBgCbJc/lEdopaa+axcKzTBJ+UIdlAB9XnmvTCAH4pwR4ElNInaedhEBmZD8iCSVEg== + dependencies: + ansi-colors "^4.1.3" + browser-stdout "^1.3.1" + chokidar "^3.5.3" + debug "^4.3.5" + diff "^5.2.0" + escape-string-regexp "^4.0.0" + find-up "^5.0.0" + glob "^8.1.0" + he "^1.2.0" + js-yaml "^4.1.0" + log-symbols "^4.1.0" + minimatch "^5.1.6" + ms "^2.1.3" + serialize-javascript "^6.0.2" + strip-json-comments "^3.1.1" + supports-color "^8.1.1" + workerpool "^6.5.1" + yargs "^16.2.0" + yargs-parser "^20.2.9" + yargs-unparser "^2.0.0" + +mri@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/mri/-/mri-1.2.0.tgz#6721480fec2a11a4889861115a48b6cbe7cc8f0b" + integrity sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA== + +ms@^2.1.3: + version "2.1.3" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" + integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== + +natural-compare@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" + integrity sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw== + +neo-async@^2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" + integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== + +node-addon-api@^2.0.0: + version "2.0.2" + resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32" + integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA== + +node-addon-api@^5.0.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-5.1.0.tgz#49da1ca055e109a23d537e9de43c09cca21eb762" + integrity sha512-eh0GgfEkpnoWDq+VY8OyvYhFEzBk6jIYbRKdIlyTiAXIVJ8PyBaKb0rp7oDtoddbdoHWhq8wwr+XZ81F1rpNdA== + +node-emoji@^1.10.0: + version "1.11.0" + resolved "https://registry.yarnpkg.com/node-emoji/-/node-emoji-1.11.0.tgz#69a0150e6946e2f115e9d7ea4df7971e2628301c" + integrity sha512-wo2DpQkQp7Sjm2A0cq+sN7EHKO6Sl0ctXeBdFZrL9T9+UywORbufTcTZxom8YqpLQt/FqNMUkOpkZrJVYSKD3A== + dependencies: + lodash "^4.17.21" + +node-fetch@^2.5.0: + version "2.7.0" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d" + integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== + dependencies: + whatwg-url "^5.0.0" + +node-gyp-build@^4.2.0: + version "4.8.4" + resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-4.8.4.tgz#8a70ee85464ae52327772a90d66c6077a900cfc8" + integrity sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ== + +node-interval-tree@^2.0.1: + version "2.1.2" + resolved "https://registry.yarnpkg.com/node-interval-tree/-/node-interval-tree-2.1.2.tgz#316e380db08d1c0de0a620d551f0327e8397dad8" + integrity sha512-bJ9zMDuNGzVQg1xv0bCPzyEDxHgbrx7/xGj6CDokvizZZmastPsOh0JJLuY8wA5q2SfX1TLNMk7XNV8WxbGxzA== + dependencies: + shallowequal "^1.1.0" + +nofilter@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/nofilter/-/nofilter-3.1.0.tgz#c757ba68801d41ff930ba2ec55bab52ca184aa66" + integrity sha512-l2NNj07e9afPnhAhvgVrCD/oy2Ai1yfLpuo3EpiO1jFTsB4sFz6oIfAfSZyQzVpkZQ9xS8ZS5g1jCBgq4Hwo0g== + +nopt@3.x: + version "3.0.6" + resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9" + integrity sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg== + dependencies: + abbrev "1" + +normalize-path@^3.0.0, normalize-path@~3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" + integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== + +normalize-url@^8.0.0: + version "8.0.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-8.0.1.tgz#9b7d96af9836577c58f5883e939365fa15623a4a" + integrity sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w== + +number-to-bn@1.7.0: + version "1.7.0" + resolved "https://registry.yarnpkg.com/number-to-bn/-/number-to-bn-1.7.0.tgz#bb3623592f7e5f9e0030b1977bd41a0c53fe1ea0" + integrity sha512-wsJ9gfSz1/s4ZsJN01lyonwuxA1tml6X1yBDnfpMglypcBRFZZkus26EdPSlqS5GJfYddVZa22p3VNb3z5m5Ig== + dependencies: + bn.js "4.11.6" + strip-hex-prefix "1.0.0" + +obliterator@^2.0.0: + version "2.0.5" + resolved "https://registry.yarnpkg.com/obliterator/-/obliterator-2.0.5.tgz#031e0145354b0c18840336ae51d41e7d6d2c76aa" + integrity sha512-42CPE9AhahZRsMNslczq0ctAEtqk8Eka26QofnqC346BZdHDySk3LWka23LI7ULIw11NmltpiLagIq8gBozxTw== + +once@1.x, once@^1.3.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" + integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== + dependencies: + wrappy "1" + +optionator@^0.8.1: + version "0.8.3" + resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.3.tgz#84fa1d036fe9d3c7e21d99884b601167ec8fb495" + integrity sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA== + dependencies: + deep-is "~0.1.3" + fast-levenshtein "~2.0.6" + levn "~0.3.0" + prelude-ls "~1.1.2" + type-check "~0.3.2" + word-wrap "~1.2.3" + +optionator@^0.9.3: + version "0.9.4" + resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.9.4.tgz#7ea1c1a5d91d764fb282139c88fe11e182a3a734" + integrity sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g== + dependencies: + deep-is "^0.1.3" + fast-levenshtein "^2.0.6" + levn "^0.4.1" + prelude-ls "^1.2.1" + type-check "^0.4.0" + word-wrap "^1.2.5" + +ordinal@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/ordinal/-/ordinal-1.0.3.tgz#1a3c7726a61728112f50944ad7c35c06ae3a0d4d" + integrity sha512-cMddMgb2QElm8G7vdaa02jhUNbTSrhsgAGUz1OokD83uJTwSUn+nKoNoKVVaRa08yF6sgfO7Maou1+bgLd9rdQ== + +os-tmpdir@~1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274" + integrity sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g== + +outdent@^0.5.0: + version "0.5.0" + resolved "https://registry.yarnpkg.com/outdent/-/outdent-0.5.0.tgz#9e10982fdc41492bb473ad13840d22f9655be2ff" + integrity sha512-/jHxFIzoMXdqPzTaCpFzAAWhpkSjZPF4Vsn6jAfNpmbH/ymsmd7Qc6VE9BGn0L6YMj6uwpQLxCECpus4ukKS9Q== + +p-cancelable@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/p-cancelable/-/p-cancelable-3.0.0.tgz#63826694b54d61ca1c20ebcb6d3ecf5e14cd8050" + integrity sha512-mlVgR3PGuzlo0MmTdk4cXqXWlwQDLnONTAg6sm62XkMJEiRxN3GL3SffkYvqwonbkJBcrI7Uvv5Zh9yjvn2iUw== + +p-filter@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/p-filter/-/p-filter-2.1.0.tgz#1b1472562ae7a0f742f0f3d3d3718ea66ff9c09c" + integrity sha512-ZBxxZ5sL2HghephhpGAQdoskxplTwr7ICaehZwLIlfL6acuVgZPm8yBNuRAFBGEqtD/hmUeq9eqLg2ys9Xr/yw== + dependencies: + p-map "^2.0.0" + +p-limit@^2.2.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1" + integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w== + dependencies: + p-try "^2.0.0" + +p-limit@^3.0.2, p-limit@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-3.1.0.tgz#e1daccbe78d0d1388ca18c64fea38e3e57e3706b" + integrity sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ== + dependencies: + yocto-queue "^0.1.0" + +p-locate@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-4.1.0.tgz#a3428bb7088b3a60292f66919278b7c297ad4f07" + integrity sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A== + dependencies: + p-limit "^2.2.0" + +p-locate@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-5.0.0.tgz#83c8315c6785005e3bd021839411c9e110e6d834" + integrity sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw== + dependencies: + p-limit "^3.0.2" + +p-map@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/p-map/-/p-map-2.1.0.tgz#310928feef9c9ecc65b68b17693018a665cea175" + integrity sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw== + +p-map@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/p-map/-/p-map-4.0.0.tgz#bb2f95a5eda2ec168ec9274e06a747c3e2904d2b" + integrity sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ== + dependencies: + aggregate-error "^3.0.0" + +p-try@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6" + integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== + +package-json-from-dist@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz#4f1471a010827a86f94cfd9b0727e36d267de505" + integrity sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw== + +package-json@^8.1.0: + version "8.1.1" + resolved "https://registry.yarnpkg.com/package-json/-/package-json-8.1.1.tgz#3e9948e43df40d1e8e78a85485f1070bf8f03dc8" + integrity sha512-cbH9IAIJHNj9uXi196JVsRlt7cHKak6u/e6AkL/bkRelZ7rlL3X1YKxsZwa36xipOEKAsdtmaG6aAJoM1fx2zA== + dependencies: + got "^12.1.0" + registry-auth-token "^5.0.1" + registry-url "^6.0.0" + semver "^7.3.7" + +package-manager-detector@^0.2.0: + version "0.2.8" + resolved "https://registry.yarnpkg.com/package-manager-detector/-/package-manager-detector-0.2.8.tgz#f5ace2dbd37666af54e5acec11bc37c8450f72d0" + integrity sha512-ts9KSdroZisdvKMWVAVCXiKqnqNfXz4+IbrBG8/BWx/TR5le+jfenvoBuIZ6UWM9nz47W7AbD9qYfAwfWMIwzA== + +parent-module@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2" + integrity sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g== + dependencies: + callsites "^3.0.0" + +parse-json@^5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-5.2.0.tgz#c76fc66dee54231c962b22bcc8a72cf2f99753cd" + integrity sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg== + dependencies: + "@babel/code-frame" "^7.0.0" + error-ex "^1.3.1" + json-parse-even-better-errors "^2.3.0" + lines-and-columns "^1.1.6" + +path-exists@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3" + integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== + +path-is-absolute@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" + integrity sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg== + +path-key@^3.1.0: + version "3.1.1" + resolved "https://registry.yarnpkg.com/path-key/-/path-key-3.1.1.tgz#581f6ade658cbba65a0d3380de7753295054f375" + integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== + +path-parse@^1.0.6, path-parse@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== + +path-scurry@^1.11.1: + version "1.11.1" + resolved "https://registry.yarnpkg.com/path-scurry/-/path-scurry-1.11.1.tgz#7960a668888594a0720b12a911d1a742ab9f11d2" + integrity sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== + dependencies: + lru-cache "^10.2.0" + minipass "^5.0.0 || ^6.0.2 || ^7.0.0" + +path-scurry@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/path-scurry/-/path-scurry-2.0.0.tgz#9f052289f23ad8bf9397a2a0425e7b8615c58580" + integrity sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg== + dependencies: + lru-cache "^11.0.0" + minipass "^7.1.2" + +path-type@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" + integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== + +pathval@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.1.tgz#8534e77a77ce7ac5a2512ea21e0fdb8fcf6c3d8d" + integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ== + +pbkdf2@^3.0.17: + version "3.1.2" + resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.2.tgz#dd822aa0887580e52f1a039dc3eda108efae3075" + integrity sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA== + dependencies: + create-hash "^1.1.2" + create-hmac "^1.1.4" + ripemd160 "^2.0.1" + safe-buffer "^5.0.1" + sha.js "^2.4.8" + +picocolors@^1.0.0, picocolors@^1.1.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" + integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== + +picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" + integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== + +picomatch@^4.0.2: + version "4.0.2" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.2.tgz#77c742931e8f3b8820946c76cd0c1f13730d1dab" + integrity sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg== + +pify@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/pify/-/pify-4.0.1.tgz#4b2cd25c50d598735c50292224fd8c6df41e3231" + integrity sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g== + +pluralize@^8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-8.0.0.tgz#1a6fa16a38d12a1901e0320fa017051c539ce3b1" + integrity sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA== + +prelude-ls@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" + integrity sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g== + +prelude-ls@~1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54" + integrity sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w== + +prettier-plugin-solidity@^1.1.0: + version "1.4.2" + resolved "https://registry.yarnpkg.com/prettier-plugin-solidity/-/prettier-plugin-solidity-1.4.2.tgz#d4f6173674e73a29731a8c79c45ab6f5246310df" + integrity sha512-VVD/4XlDjSzyPWWCPW8JEleFa8JNKFYac5kNlMjVXemQyQZKfpekPMhFZSePuXB6L+RixlFvWe20iacGjFYrLw== + dependencies: + "@solidity-parser/parser" "^0.19.0" + semver "^7.6.3" + +prettier@^2.7.1, prettier@^2.8.3: + version "2.8.8" + resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.8.tgz#e8c5d7e98a4305ffe3de2e1fc4aca1a71c28b1da" + integrity sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q== + +prettier@^3.0.0: + version "3.4.2" + resolved "https://registry.yarnpkg.com/prettier/-/prettier-3.4.2.tgz#a5ce1fb522a588bf2b78ca44c6e6fe5aa5a2b13f" + integrity sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ== + +proper-lockfile@^4.1.1: + version "4.1.2" + resolved "https://registry.yarnpkg.com/proper-lockfile/-/proper-lockfile-4.1.2.tgz#c8b9de2af6b2f1601067f98e01ac66baa223141f" + integrity sha512-TjNPblN4BwAWMXU8s9AEz4JmQxnD1NNL7bNOY/AKUzyamc379FWASUhc/K1pL2noVb+XmZKLL68cjzLsiOAMaA== + dependencies: + graceful-fs "^4.2.4" + retry "^0.12.0" + signal-exit "^3.0.2" + +proto-list@~1.2.1: + version "1.2.4" + resolved "https://registry.yarnpkg.com/proto-list/-/proto-list-1.2.4.tgz#212d5bfe1318306a420f6402b8e26ff39647a849" + integrity sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA== + +proxy-from-env@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" + integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg== + +punycode@^2.1.0: + version "2.3.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" + integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== + +queue-microtask@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" + integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== + +quick-lru@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-5.1.1.tgz#366493e6b3e42a3a6885e2e99d18f80fb7a8c932" + integrity sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA== + +randombytes@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" + integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ== + dependencies: + safe-buffer "^5.1.0" + +raw-body@^2.4.1: + version "2.5.2" + resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.2.tgz#99febd83b90e08975087e8f1f9419a149366b68a" + integrity sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA== + dependencies: + bytes "3.1.2" + http-errors "2.0.0" + iconv-lite "0.4.24" + unpipe "1.0.0" + +rc@1.2.8: + version "1.2.8" + resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" + integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== + dependencies: + deep-extend "^0.6.0" + ini "~1.3.0" + minimist "^1.2.0" + strip-json-comments "~2.0.1" + +read-yaml-file@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/read-yaml-file/-/read-yaml-file-1.1.0.tgz#9362bbcbdc77007cc8ea4519fe1c0b821a7ce0d8" + integrity sha512-VIMnQi/Z4HT2Fxuwg5KrY174U1VdUIASQVWXXyqtNRtxSr9IYkn1rsI6Tb6HsrHCmB7gVpNwX6JxPTHcH6IoTA== + dependencies: + graceful-fs "^4.1.5" + js-yaml "^3.6.1" + pify "^4.0.1" + strip-bom "^3.0.0" + +readable-stream@^3.6.0: + version "3.6.2" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== + dependencies: + inherits "^2.0.3" + string_decoder "^1.1.1" + util-deprecate "^1.0.1" + +readdirp@^4.0.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-4.1.1.tgz#bd115327129672dc47f87408f05df9bd9ca3ef55" + integrity sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw== + +readdirp@~3.6.0: + version "3.6.0" + resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-3.6.0.tgz#74a370bd857116e245b29cc97340cd431a02a6c7" + integrity sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== + dependencies: + picomatch "^2.2.1" + +rechoir@^0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/rechoir/-/rechoir-0.6.2.tgz#85204b54dba82d5742e28c96756ef43af50e3384" + integrity sha512-HFM8rkZ+i3zrV+4LQjwQ0W+ez98pApMGM3HUrN04j3CqzPOzl9nmP15Y8YXNm8QHGv/eacOVEjqhmWpkRV0NAw== + dependencies: + resolve "^1.1.6" + +recursive-readdir@^2.2.2: + version "2.2.3" + resolved "https://registry.yarnpkg.com/recursive-readdir/-/recursive-readdir-2.2.3.tgz#e726f328c0d69153bcabd5c322d3195252379372" + integrity sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA== + dependencies: + minimatch "^3.0.5" + +regenerator-runtime@^0.14.0: + version "0.14.1" + resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz#356ade10263f685dda125100cd862c1db895327f" + integrity sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw== + +registry-auth-token@^5.0.1: + version "5.0.3" + resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-5.0.3.tgz#417d758c8164569de8cf5cabff16cc937902dcc6" + integrity sha512-1bpc9IyC+e+CNFRaWyn77tk4xGG4PPUyfakSmA6F6cvUDjrm58dfyJ3II+9yb10EDkHoy1LaPSmHaWLOH3m6HA== + dependencies: + "@pnpm/npm-conf" "^2.1.0" + +registry-url@^6.0.0: + version "6.0.1" + resolved "https://registry.yarnpkg.com/registry-url/-/registry-url-6.0.1.tgz#056d9343680f2f64400032b1e199faa692286c58" + integrity sha512-+crtS5QjFRqFCoQmvGduwYWEBng99ZvmFvF+cUJkGYF1L1BfU8C6Zp9T7f5vPAwyLkUExpvK+ANVZmGU49qi4Q== + dependencies: + rc "1.2.8" + +repeat-string@^1.0.0: + version "1.6.1" + resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637" + integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w== + +require-directory@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" + integrity sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q== + +require-from-string@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" + integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== + +resolve-alpn@^1.2.0: + version "1.2.1" + resolved "https://registry.yarnpkg.com/resolve-alpn/-/resolve-alpn-1.2.1.tgz#b7adbdac3546aaaec20b45e7d8265927072726f9" + integrity sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g== + +resolve-from@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" + integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== + +resolve-from@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-5.0.0.tgz#c35225843df8f776df21c57557bc087e9dfdfc69" + integrity sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw== + +resolve@1.1.x: + version "1.1.7" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.1.7.tgz#203114d82ad2c5ed9e8e0411b3932875e889e97b" + integrity sha512-9znBF0vBcaSN3W2j7wKvdERPwqTxSpCq+if5C0WoTCyV9n24rua28jeuQ2pL/HOf+yUe/Mef+H/5p60K0Id3bg== + +resolve@1.17.0: + version "1.17.0" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.17.0.tgz#b25941b54968231cc2d1bb76a79cb7f2c0bf8444" + integrity sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w== + dependencies: + path-parse "^1.0.6" + +resolve@^1.1.6: + version "1.22.10" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.10.tgz#b663e83ffb09bbf2386944736baae803029b8b39" + integrity sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w== + dependencies: + is-core-module "^2.16.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" + +responselike@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/responselike/-/responselike-3.0.0.tgz#20decb6c298aff0dbee1c355ca95461d42823626" + integrity sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg== + dependencies: + lowercase-keys "^3.0.0" + +retry@^0.12.0: + version "0.12.0" + resolved "https://registry.yarnpkg.com/retry/-/retry-0.12.0.tgz#1b42a6266a21f07421d1b0b54b7dc167b01c013b" + integrity sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow== + +reusify@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" + integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== + +rimraf@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" + integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA== + dependencies: + glob "^7.1.3" + +rimraf@^6.0.0: + version "6.0.1" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-6.0.1.tgz#ffb8ad8844dd60332ab15f52bc104bc3ed71ea4e" + integrity sha512-9dkvaxAsk/xNXSJzMgFqqMCuFgt2+KsOFek3TMLfo8NCPfWpBmqwyNn5Y+NX56QUYfCtsyhF3ayiboEoUmJk/A== + dependencies: + glob "^11.0.0" + package-json-from-dist "^1.0.0" + +ripemd160@^2.0.0, ripemd160@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c" + integrity sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA== + dependencies: + hash-base "^3.0.0" + inherits "^2.0.1" + +rlp@^2.2.3, rlp@^2.2.4: + version "2.2.7" + resolved "https://registry.yarnpkg.com/rlp/-/rlp-2.2.7.tgz#33f31c4afac81124ac4b283e2bd4d9720b30beaf" + integrity sha512-d5gdPmgQ0Z+AklL2NVXr/IoSjNZFfTVvQWzL/AM2AOcSzYP2xjlb0AC8YyCLc41MSNf6P6QVtjgPdmVtzb+4lQ== + dependencies: + bn.js "^5.2.0" + +run-parallel@^1.1.9: + version "1.2.0" + resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee" + integrity sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== + dependencies: + queue-microtask "^1.2.2" + +safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0: + version "5.2.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" + integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + +"safer-buffer@>= 2.1.2 < 3": + version "2.1.2" + resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" + integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== + +sc-istanbul@^0.4.5: + version "0.4.6" + resolved "https://registry.yarnpkg.com/sc-istanbul/-/sc-istanbul-0.4.6.tgz#cf6784355ff2076f92d70d59047d71c13703e839" + integrity sha512-qJFF/8tW/zJsbyfh/iT/ZM5QNHE3CXxtLJbZsL+CzdJLBsPD7SedJZoUA4d8iAcN2IoMp/Dx80shOOd2x96X/g== + dependencies: + abbrev "1.0.x" + async "1.x" + escodegen "1.8.x" + esprima "2.7.x" + glob "^5.0.15" + handlebars "^4.0.1" + js-yaml "3.x" + mkdirp "0.5.x" + nopt "3.x" + once "1.x" + resolve "1.1.x" + supports-color "^3.1.0" + which "^1.1.1" + wordwrap "^1.0.0" + +scrypt-js@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/scrypt-js/-/scrypt-js-3.0.1.tgz#d314a57c2aef69d1ad98a138a21fe9eafa9ee312" + integrity sha512-cdwTTnqPu0Hyvf5in5asVdZocVDTNRmR7XEcJuIzMjJeSHybHl7vpB66AzwTaIg6CLSbtjcxc8fqcySfnTkccA== + +secp256k1@^4.0.1: + version "4.0.4" + resolved "https://registry.yarnpkg.com/secp256k1/-/secp256k1-4.0.4.tgz#58f0bfe1830fe777d9ca1ffc7574962a8189f8ab" + integrity sha512-6JfvwvjUOn8F/jUoBY2Q1v5WY5XS+rj8qSe0v8Y4ezH4InLgTEeOOPQsRll9OV429Pvo6BCHGavIyJfr3TAhsw== + dependencies: + elliptic "^6.5.7" + node-addon-api "^5.0.0" + node-gyp-build "^4.2.0" + +semver@^5.5.0: + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== + +semver@^6.3.0: + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== + +semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.5.2, semver@^7.5.3, semver@^7.6.3: + version "7.6.3" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" + integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== + +serialize-javascript@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" + integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== + dependencies: + randombytes "^2.1.0" + +setimmediate@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" + integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA== + +setprototypeof@1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424" + integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw== + +sha.js@^2.4.0, sha.js@^2.4.8: + version "2.4.11" + resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7" + integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ== + dependencies: + inherits "^2.0.1" + safe-buffer "^5.0.1" + +sha1@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/sha1/-/sha1-1.1.1.tgz#addaa7a93168f393f19eb2b15091618e2700f848" + integrity sha512-dZBS6OrMjtgVkopB1Gmo4RQCDKiZsqcpAQpkV/aaj+FCrCg8r4I4qMkDPQjBgLIxlmu9k4nUbWq6ohXahOneYA== + dependencies: + charenc ">= 0.0.1" + crypt ">= 0.0.1" + +shallowequal@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/shallowequal/-/shallowequal-1.1.0.tgz#188d521de95b9087404fd4dcb68b13df0ae4e7f8" + integrity sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ== + +shebang-command@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" + integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== + dependencies: + shebang-regex "^3.0.0" + +shebang-regex@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" + integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== + +shelljs@^0.8.3: + version "0.8.5" + resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.5.tgz#de055408d8361bed66c669d2f000538ced8ee20c" + integrity sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow== + dependencies: + glob "^7.0.0" + interpret "^1.0.0" + rechoir "^0.6.2" + +signal-exit@^3.0.2: + version "3.0.7" + resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" + integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== + +signal-exit@^4.0.1: + version "4.1.0" + resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" + integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== + +slash@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" + integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== + +slice-ansi@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-4.0.0.tgz#500e8dd0fd55b05815086255b3195adf2a45fe6b" + integrity sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ== + dependencies: + ansi-styles "^4.0.0" + astral-regex "^2.0.0" + is-fullwidth-code-point "^3.0.0" + +solc@0.8.26: + version "0.8.26" + resolved "https://registry.yarnpkg.com/solc/-/solc-0.8.26.tgz#afc78078953f6ab3e727c338a2fefcd80dd5b01a" + integrity sha512-yiPQNVf5rBFHwN6SIf3TUUvVAFKcQqmSUFeq+fb6pNRCo0ZCgpYOZDi3BVoezCPIAcKrVYd/qXlBLUP9wVrZ9g== + dependencies: + command-exists "^1.2.8" + commander "^8.1.0" + follow-redirects "^1.12.1" + js-sha3 "0.8.0" + memorystream "^0.3.1" + semver "^5.5.0" + tmp "0.0.33" + +"solhint-plugin-openzeppelin@file:scripts/solhint-custom": + version "0.0.0" + +solhint@^5.0.0: + version "5.0.4" + resolved "https://registry.yarnpkg.com/solhint/-/solhint-5.0.4.tgz#0a59c45c43f45121be9d455577e6964557182130" + integrity sha512-GzKBjJ8S2utRsEOCJXhY2H35gwHGmoQY2rQXcPGT4XdDlzwgGYz0Ovo9Xm7cmWYgSo121uF+5tiwrqQT2b+Rtw== + dependencies: + "@solidity-parser/parser" "^0.19.0" + ajv "^6.12.6" + antlr4 "^4.13.1-patch-1" + ast-parents "^0.0.1" + chalk "^4.1.2" + commander "^10.0.0" + cosmiconfig "^8.0.0" + fast-diff "^1.2.0" + glob "^8.0.3" + ignore "^5.2.4" + js-yaml "^4.1.0" + latest-version "^7.0.0" + lodash "^4.17.21" + pluralize "^8.0.0" + semver "^7.5.2" + strip-ansi "^6.0.1" + table "^6.8.1" + text-table "^0.2.0" + optionalDependencies: + prettier "^2.8.3" + +solidity-ast@^0.4.38, solidity-ast@^0.4.50, solidity-ast@^0.4.51, solidity-ast@^0.4.52: + version "0.4.59" + resolved "https://registry.yarnpkg.com/solidity-ast/-/solidity-ast-0.4.59.tgz#290a2815aef70a61092591ab3e991da080ae5931" + integrity sha512-I+CX0wrYUN9jDfYtcgWSe+OAowaXy8/1YQy7NS4ni5IBDmIYBq7ZzaP/7QqouLjzZapmQtvGLqCaYgoUWqBo5g== + +solidity-comments-darwin-arm64@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-darwin-arm64/-/solidity-comments-darwin-arm64-0.0.2.tgz#07d89176967d805d41177b38d4f7b16f17c4fa29" + integrity sha512-HidWkVLSh7v+Vu0CA7oI21GWP/ZY7ro8g8OmIxE8oTqyMwgMbE8F1yc58Sj682Hj199HCZsjmtn1BE4PCbLiGA== + +solidity-comments-darwin-x64@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-darwin-x64/-/solidity-comments-darwin-x64-0.0.2.tgz#aaadbfcc08d9fdd1b564c8ce71d6ba50d67b1829" + integrity sha512-Zjs0Ruz6faBTPT6fBecUt6qh4CdloT8Bwoc0+qxRoTn9UhYscmbPQkUgQEbS0FQPysYqVzzxJB4h1Ofbf4wwtA== + +solidity-comments-freebsd-x64@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-freebsd-x64/-/solidity-comments-freebsd-x64-0.0.2.tgz#b2bbf4fe04daefb5e97d595ef5581d56b61ea275" + integrity sha512-8Qe4mpjuAxFSwZJVk7B8gAoLCdbtS412bQzBwk63L8dmlHogvE39iT70aAk3RHUddAppT5RMBunlPUCFYJ3ZTw== + +solidity-comments-linux-arm64-gnu@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-linux-arm64-gnu/-/solidity-comments-linux-arm64-gnu-0.0.2.tgz#db9cd6c46606d46ce66ff781aa37d596bf06b5f1" + integrity sha512-spkb0MZZnmrP+Wtq4UxP+nyPAVRe82idOjqndolcNR0S9Xvu4ebwq+LvF4HiUgjTDmeiqYiFZQ8T9KGdLSIoIg== + +solidity-comments-linux-arm64-musl@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-linux-arm64-musl/-/solidity-comments-linux-arm64-musl-0.0.2.tgz#e37d20bb18447a4761cb48c80909833874b60d27" + integrity sha512-guCDbHArcjE+JDXYkxx5RZzY1YF6OnAKCo+sTC5fstyW/KGKaQJNPyBNWuwYsQiaEHpvhW1ha537IvlGek8GqA== + +solidity-comments-linux-x64-gnu@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-linux-x64-gnu/-/solidity-comments-linux-x64-gnu-0.0.2.tgz#19d09f0d52181ed2661d188ded0f9f22399eb17d" + integrity sha512-zIqLehBK/g7tvrFmQljrfZXfkEeLt2v6wbe+uFu6kH/qAHZa7ybt8Vc0wYcmjo2U0PeBm15d79ee3AkwbIjFdQ== + +solidity-comments-linux-x64-musl@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-linux-x64-musl/-/solidity-comments-linux-x64-musl-0.0.2.tgz#ec1297208481c70bcdceae11ab1ef50c5a955553" + integrity sha512-R9FeDloVlFGTaVkOlELDVC7+1Tjx5WBPI5L8r0AGOPHK3+jOcRh6sKYpI+VskSPDc3vOO46INkpDgUXrKydlIw== + +solidity-comments-win32-arm64-msvc@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-win32-arm64-msvc/-/solidity-comments-win32-arm64-msvc-0.0.2.tgz#48dc8a623f9e34a7c1ff62e406d67862d660ff04" + integrity sha512-QnWJoCQcJj+rnutULOihN9bixOtYWDdF5Rfz9fpHejL1BtNjdLW1om55XNVHGAHPqBxV4aeQQ6OirKnp9zKsug== + +solidity-comments-win32-ia32-msvc@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-win32-ia32-msvc/-/solidity-comments-win32-ia32-msvc-0.0.2.tgz#5110e57d247d59131c82310ee1c88a8a9cfc7da5" + integrity sha512-vUg4nADtm/NcOtlIymG23NWJUSuMsvX15nU7ynhGBsdKtt8xhdP3C/zA6vjDk8Jg+FXGQL6IHVQ++g/7rSQi0w== + +solidity-comments-win32-x64-msvc@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments-win32-x64-msvc/-/solidity-comments-win32-x64-msvc-0.0.2.tgz#271ad8fbbaf17f6026362964ba3e1880e3dc3685" + integrity sha512-36j+KUF4V/y0t3qatHm/LF5sCUCBx2UndxE1kq5bOzh/s+nQgatuyB+Pd5BfuPQHdWu2KaExYe20FlAa6NL7+Q== + +solidity-comments@^0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/solidity-comments/-/solidity-comments-0.0.2.tgz#e1158d243ad55d5803882f2a67c0298466df573b" + integrity sha512-G+aK6qtyUfkn1guS8uzqUeua1dURwPlcOjoTYW/TwmXAcE7z/1+oGCfZUdMSe4ZMKklNbVZNiG5ibnF8gkkFfw== + optionalDependencies: + solidity-comments-darwin-arm64 "0.0.2" + solidity-comments-darwin-x64 "0.0.2" + solidity-comments-freebsd-x64 "0.0.2" + solidity-comments-linux-arm64-gnu "0.0.2" + solidity-comments-linux-arm64-musl "0.0.2" + solidity-comments-linux-x64-gnu "0.0.2" + solidity-comments-linux-x64-musl "0.0.2" + solidity-comments-win32-arm64-msvc "0.0.2" + solidity-comments-win32-ia32-msvc "0.0.2" + solidity-comments-win32-x64-msvc "0.0.2" + +solidity-coverage@^0.8.5: + version "0.8.14" + resolved "https://registry.yarnpkg.com/solidity-coverage/-/solidity-coverage-0.8.14.tgz#db9bfcc10e3bc369fc074b35b267d665bcc6ae2e" + integrity sha512-ItAAObe5GaEOp20kXC2BZRnph+9P7Rtoqg2mQc2SXGEHgSDF2wWd1Wxz3ntzQWXkbCtIIGdJT918HG00cObwbA== + dependencies: + "@ethersproject/abi" "^5.0.9" + "@solidity-parser/parser" "^0.19.0" + chalk "^2.4.2" + death "^1.1.0" + difflib "^0.2.4" + fs-extra "^8.1.0" + ghost-testrpc "^0.0.2" + global-modules "^2.0.0" + globby "^10.0.1" + jsonschema "^1.2.4" + lodash "^4.17.21" + mocha "^10.2.0" + node-emoji "^1.10.0" + pify "^4.0.1" + recursive-readdir "^2.2.2" + sc-istanbul "^0.4.5" + semver "^7.3.4" + shelljs "^0.8.3" + web3-utils "^1.3.6" + +solidity-docgen@^0.6.0-beta.29: + version "0.6.0-beta.36" + resolved "https://registry.yarnpkg.com/solidity-docgen/-/solidity-docgen-0.6.0-beta.36.tgz#9c76eda58580fb52e2db318c22fe3154e0c09dd1" + integrity sha512-f/I5G2iJgU1h0XrrjRD0hHMr7C10u276vYvm//rw1TzFcYQ4xTOyAoi9oNAHRU0JU4mY9eTuxdVc2zahdMuhaQ== + dependencies: + handlebars "^4.7.7" + solidity-ast "^0.4.38" + +source-map-support@^0.5.13: + version "0.5.21" + resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f" + integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w== + dependencies: + buffer-from "^1.0.0" + source-map "^0.6.0" + +source-map@^0.6.0, source-map@^0.6.1: + version "0.6.1" + resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" + integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== + +source-map@~0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.2.0.tgz#dab73fbcfc2ba819b4de03bd6f6eaa48164b3f9d" + integrity sha512-CBdZ2oa/BHhS4xj5DlhjWNHcan57/5YuvfdLf17iVmIpd9KRm+DFLmC6nBNj+6Ua7Kt3TmOjDpQT1aTYOQtoUA== + dependencies: + amdefine ">=0.0.4" + +spawndamnit@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/spawndamnit/-/spawndamnit-3.0.1.tgz#44410235d3dc4e21f8e4f740ae3266e4486c2aed" + integrity sha512-MmnduQUuHCoFckZoWnXsTg7JaiLBJrKFj9UI2MbRPGaJeVpsLcVBu6P/IGZovziM/YBsellCmsprgNA+w0CzVg== + dependencies: + cross-spawn "^7.0.5" + signal-exit "^4.0.1" + +sprintf-js@~1.0.2: + version "1.0.3" + resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" + integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g== + +stacktrace-parser@^0.1.10: + version "0.1.10" + resolved "https://registry.yarnpkg.com/stacktrace-parser/-/stacktrace-parser-0.1.10.tgz#29fb0cae4e0d0b85155879402857a1639eb6051a" + integrity sha512-KJP1OCML99+8fhOHxwwzyWrlUuVX5GQ0ZpJTd1DFXhdkrvg1szxfHhawXUZ3g9TkXORQd4/WG68jMlQZ2p8wlg== + dependencies: + type-fest "^0.7.1" + +statuses@2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63" + integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== + +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^5.0.1, string-width@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-5.1.2.tgz#14f8daec6d81e7221d2a357e668cab73bdbca794" + integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== + dependencies: + eastasianwidth "^0.2.0" + emoji-regex "^9.2.2" + strip-ansi "^7.0.1" + +string_decoder@^1.1.1: + version "1.3.0" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" + integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer "~5.2.0" + +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^7.0.1: + version "7.1.0" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45" + integrity sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ== + dependencies: + ansi-regex "^6.0.1" + +strip-bom@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/strip-bom/-/strip-bom-3.0.0.tgz#2334c18e9c759f7bdd56fdef7e9ae3d588e68ed3" + integrity sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA== + +strip-hex-prefix@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/strip-hex-prefix/-/strip-hex-prefix-1.0.0.tgz#0c5f155fef1151373377de9dbb588da05500e36f" + integrity sha512-q8d4ue7JGEiVcypji1bALTos+0pWtyGlivAWyPuTkHzuTCJqrK9sWxYQZUq6Nq3cuyv3bm734IhHvHtGGURU6A== + dependencies: + is-hex-prefixed "1.0.0" + +strip-json-comments@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" + integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== + +strip-json-comments@~2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" + integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ== + +supports-color@^3.1.0: + version "3.2.3" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-3.2.3.tgz#65ac0504b3954171d8a64946b2ae3cbb8a5f54f6" + integrity sha512-Jds2VIYDrlp5ui7t8abHN2bjAu4LV/q4N2KivFPpGH0lrka0BMq/33AmECUXlKPcHigkNaqfXRENFju+rlcy+A== + dependencies: + has-flag "^1.0.0" + +supports-color@^5.3.0: + version "5.5.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f" + integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow== + dependencies: + has-flag "^3.0.0" + +supports-color@^7.1.0: + version "7.2.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da" + integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== + dependencies: + has-flag "^4.0.0" + +supports-color@^8.1.1: + version "8.1.1" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" + integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== + dependencies: + has-flag "^4.0.0" + +supports-preserve-symlinks-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + +table@^6.8.1: + version "6.9.0" + resolved "https://registry.yarnpkg.com/table/-/table-6.9.0.tgz#50040afa6264141c7566b3b81d4d82c47a8668f5" + integrity sha512-9kY+CygyYM6j02t5YFHbNz2FN5QmYGv9zAjVp4lCDjlCw7amdckXlEt/bjMhUIfj4ThGRE4gCUH5+yGnNuPo5A== + dependencies: + ajv "^8.0.1" + lodash.truncate "^4.4.2" + slice-ansi "^4.0.0" + string-width "^4.2.3" + strip-ansi "^6.0.1" + +term-size@^2.1.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/term-size/-/term-size-2.2.1.tgz#2a6a54840432c2fb6320fea0f415531e90189f54" + integrity sha512-wK0Ri4fOGjv/XPy8SBHZChl8CM7uMc5VML7SqiQ0zG7+J5Vr+RMQDoHa2CNT6KHUnTGIXH34UDMkPzAUyapBZg== + +text-table@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" + integrity sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw== + +tinyglobby@^0.2.6: + version "0.2.10" + resolved "https://registry.yarnpkg.com/tinyglobby/-/tinyglobby-0.2.10.tgz#e712cf2dc9b95a1f5c5bbd159720e15833977a0f" + integrity sha512-Zc+8eJlFMvgatPZTl6A9L/yht8QqdmUNtURHaKZLmKBE12hNPSrqNkUp2cs3M/UKmNVVAMFQYSjYIVHDjW5zew== + dependencies: + fdir "^6.4.2" + picomatch "^4.0.2" + +tmp@0.0.33, tmp@^0.0.33: + version "0.0.33" + resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.0.33.tgz#6d34335889768d21b2bcda0aa277ced3b1bfadf9" + integrity sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw== + dependencies: + os-tmpdir "~1.0.2" + +to-regex-range@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4" + integrity sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== + dependencies: + is-number "^7.0.0" + +toidentifier@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" + integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== + +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + +tslib@2.7.0: + version "2.7.0" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.7.0.tgz#d9b40c5c40ab59e8738f297df3087bf1a2690c01" + integrity sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA== + +tslib@^1.9.3: + version "1.14.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00" + integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== + +tsort@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/tsort/-/tsort-0.0.1.tgz#e2280f5e817f8bf4275657fd0f9aebd44f5a2786" + integrity sha512-Tyrf5mxF8Ofs1tNoxA13lFeZ2Zrbd6cKbuH3V+MQ5sb6DtBj5FjrXVsRWT8YvNAQTqNoz66dz1WsbigI22aEnw== + +tweetnacl-util@^0.15.1: + version "0.15.1" + resolved "https://registry.yarnpkg.com/tweetnacl-util/-/tweetnacl-util-0.15.1.tgz#b80fcdb5c97bcc508be18c44a4be50f022eea00b" + integrity sha512-RKJBIj8lySrShN4w6i/BonWp2Z/uxwC3h4y7xsRrpP59ZboCd0GpEVsOnMDYLMmKBpYhb5TgHzZXy7wTfYFBRw== + +tweetnacl@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-1.0.3.tgz#ac0af71680458d8a6378d0d0d050ab1407d35596" + integrity sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw== + +type-check@^0.4.0, type-check@~0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" + integrity sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew== + dependencies: + prelude-ls "^1.2.1" + +type-check@~0.3.2: + version "0.3.2" + resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.3.2.tgz#5884cab512cf1d355e3fb784f30804b2b520db72" + integrity sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg== + dependencies: + prelude-ls "~1.1.2" + +type-detect@^4.0.0, type-detect@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.1.0.tgz#deb2453e8f08dcae7ae98c626b13dddb0155906c" + integrity sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw== + +type-fest@^0.20.2: + version "0.20.2" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.20.2.tgz#1bf207f4b28f91583666cb5fbd327887301cd5f4" + integrity sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ== + +type-fest@^0.21.3: + version "0.21.3" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37" + integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w== + +type-fest@^0.7.1: + version "0.7.1" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.7.1.tgz#8dda65feaf03ed78f0a3f9678f1869147f7c5c48" + integrity sha512-Ne2YiiGN8bmrmJJEuTWTLJR32nh/JdL1+PSicowtNb0WFpn59GK8/lfD61bVtzguz7b3PBt74nxpv/Pw5po5Rg== + +uglify-js@^3.1.4: + version "3.19.3" + resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.19.3.tgz#82315e9bbc6f2b25888858acd1fff8441035b77f" + integrity sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ== + +undici-types@~6.19.2: + version "6.19.8" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.19.8.tgz#35111c9d1437ab83a7cdc0abae2f26d88eda0a02" + integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw== + +undici-types@~6.20.0: + version "6.20.0" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.20.0.tgz#8171bf22c1f588d1554d55bf204bc624af388433" + integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg== + +undici@^5.14.0: + version "5.28.5" + resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.5.tgz#b2b94b6bf8f1d919bc5a6f31f2c01deb02e54d4b" + integrity sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA== + dependencies: + "@fastify/busboy" "^2.0.0" + +undici@^6.11.1: + version "6.21.1" + resolved "https://registry.yarnpkg.com/undici/-/undici-6.21.1.tgz#336025a14162e6837e44ad7b819b35b6c6af0e05" + integrity sha512-q/1rj5D0/zayJB2FraXdaWxbhWiNKDvu8naDT2dl1yTlvJp4BLtOcp2a5BvgGNQpYYJzau7tf1WgKv3b+7mqpQ== + +universalify@^0.1.0: + version "0.1.2" + resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66" + integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg== + +unpipe@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" + integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== + +uri-js@^4.2.2: + version "4.4.1" + resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e" + integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg== + dependencies: + punycode "^2.1.0" + +utf8@3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/utf8/-/utf8-3.0.0.tgz#f052eed1364d696e769ef058b183df88c87f69d1" + integrity sha512-E8VjFIQ/TyQgp+TZfS6l8yp/xWppSAHzidGiRrqe4bK4XP9pTRyKFgGJpO3SN7zdX4DeomTrwaseCHovfpFcqQ== + +util-deprecate@^1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" + integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== + +uuid@^8.3.2: + version "8.3.2" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" + integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== + +viem@2.7.14: + version "2.7.14" + resolved "https://registry.yarnpkg.com/viem/-/viem-2.7.14.tgz#347d316cb5400f0b896b2205b1bc8073aa5e27e0" + integrity sha512-5b1KB1gXli02GOQHZIUsRluNUwssl2t4hqdFAzyWPwJ744N83jAOBOjOkrGz7K3qMIv9b0GQt3DoZIErSQTPkQ== + dependencies: + "@adraffy/ens-normalize" "1.10.0" + "@noble/curves" "1.2.0" + "@noble/hashes" "1.3.2" + "@scure/bip32" "1.3.2" + "@scure/bip39" "1.2.1" + abitype "1.0.0" + isows "1.0.3" + ws "8.13.0" + +web3-utils@^1.3.6: + version "1.10.4" + resolved "https://registry.yarnpkg.com/web3-utils/-/web3-utils-1.10.4.tgz#0daee7d6841641655d8b3726baf33b08eda1cbec" + integrity sha512-tsu8FiKJLk2PzhDl9fXbGUWTkkVXYhtTA+SmEFkKft+9BgwLxfCRpU96sWv7ICC8zixBNd3JURVoiR3dUXgP8A== + dependencies: + "@ethereumjs/util" "^8.1.0" + bn.js "^5.2.1" + ethereum-bloom-filters "^1.0.6" + ethereum-cryptography "^2.1.2" + ethjs-unit "0.1.6" + number-to-bn "1.7.0" + randombytes "^2.1.0" + utf8 "3.0.0" + +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + +which@^1.1.1, which@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a" + integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ== + dependencies: + isexe "^2.0.0" + +which@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" + integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe "^2.0.0" + +widest-line@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/widest-line/-/widest-line-3.1.0.tgz#8292333bbf66cb45ff0de1603b136b7ae1496eca" + integrity sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg== + dependencies: + string-width "^4.0.0" + +word-wrap@^1.2.5, word-wrap@~1.2.3: + version "1.2.5" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" + integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== + +wordwrap@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb" + integrity sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q== + +workerpool@^6.5.1: + version "6.5.1" + resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544" + integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA== + +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" + integrity sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== + dependencies: + ansi-styles "^6.1.0" + string-width "^5.0.1" + strip-ansi "^7.0.1" + +wrappy@1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" + integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ== + +ws@8.13.0: + version "8.13.0" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.13.0.tgz#9a9fb92f93cf41512a0735c8f4dd09b8a1211cd0" + integrity sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA== + +ws@8.17.1: + version "8.17.1" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b" + integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ== + +ws@^7.4.6: + version "7.5.10" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9" + integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ== + +y18n@^5.0.5: + version "5.0.8" + resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" + integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== + +yargs-parser@^20.2.2, yargs-parser@^20.2.9: + version "20.2.9" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" + integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w== + +yargs-parser@^21.1.1: + version "21.1.1" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35" + integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== + +yargs-unparser@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/yargs-unparser/-/yargs-unparser-2.0.0.tgz#f131f9226911ae5d9ad38c432fe809366c2325eb" + integrity sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA== + dependencies: + camelcase "^6.0.0" + decamelize "^4.0.0" + flat "^5.0.2" + is-plain-obj "^2.1.0" + +yargs@^16.2.0: + version "16.2.0" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66" + integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw== + dependencies: + cliui "^7.0.2" + escalade "^3.1.1" + get-caller-file "^2.0.5" + require-directory "^2.1.1" + string-width "^4.2.0" + y18n "^5.0.5" + yargs-parser "^20.2.2" + +yargs@^17.0.0: + version "17.7.2" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269" + integrity sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== + dependencies: + cliui "^8.0.1" + escalade "^3.1.1" + get-caller-file "^2.0.5" + require-directory "^2.1.1" + string-width "^4.2.3" + y18n "^5.0.5" + yargs-parser "^21.1.1" + +yocto-queue@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" + integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== diff --git a/dependencies/account-abstraction/.eslintrc.js b/dependencies/account-abstraction/.eslintrc.js new file mode 100644 index 00000000..fde1d6d6 --- /dev/null +++ b/dependencies/account-abstraction/.eslintrc.js @@ -0,0 +1,79 @@ +module.exports = { + env: { + browser: true, + es6: true, + jest: true, + mocha: true, + node: true + }, + globals: { + artifacts: false, + assert: false, + contract: false, + web3: false + }, + extends: + [ + 'standard-with-typescript' + ], + // This is needed to add configuration to rules with type information + parser: '@typescript-eslint/parser', + parserOptions: { + project: ['./tsconfig.json'] + }, + ignorePatterns: [ + '.eslintrc.js', + '**/types/truffle-contracts', + 'coverage', + 'dist/' + ], + rules: { + 'no-console': 'off', + '@typescript-eslint/no-var-requires': 'off', + '@typescript-eslint/return-await': 'off', + '@typescript-eslint/no-unnecessary-type-assertion': 'off', + '@typescript-eslint/require-array-sort-compare': ['error', + { + ignoreStringArrays: true + } + ] + }, + overrides: [ + { + files: '*', + rules: { + '@typescript-eslint/naming-convention': 'off', + '@typescript-eslint/no-non-null-assertion': 'off', + '@typescript-eslint/restrict-template-expressions': 'off' + } + }, + { + files: [ + '**/test/**/*.ts' + ], + rules: { + 'no-unused-expressions': 'off', + // chai assertions trigger this rule + '@typescript-eslint/no-unused-expressions': 'off', + '@typescript-eslint/no-non-null-assertion': 'off' + } + }, + { + // otherwise it will raise an error in every JavaScript file + files: ['*.ts'], + rules: { + '@typescript-eslint/prefer-ts-expect-error': 'off', + // allow using '${val}' with numbers, bool and null types + '@typescript-eslint/restrict-template-expressions': [ + 'error', + { + allowNumber: true, + allowBoolean: true, + allowNullish: true, + allowNullable: true + } + ] + } + } + ] +} diff --git a/dependencies/account-abstraction/.github/workflows/build.yml b/dependencies/account-abstraction/.github/workflows/build.yml new file mode 100644 index 00000000..c2ef0af8 --- /dev/null +++ b/dependencies/account-abstraction/.github/workflows/build.yml @@ -0,0 +1,89 @@ +name: Build +on: + push: + branches: + - '*' + pull_request: + types: [opened, reopened, synchronize] + +env: + TS_NODE_TRANSPILE_ONLY: 1 + FORCE_COLORS: 1 + +# todo: extract shared seto/checkout/install/compile, instead of repeat in each job. +jobs: + + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/setup-node@v1 + with: + node-version: '16' + - uses: actions/checkout@v1 + - uses: actions/cache@v2 + with: + path: node_modules + key: ${{ runner.os }}-${{ hashFiles('yarn.lock') }} + - run: yarn install + - run: yarn compile + - run: yarn tsc + + - run: yarn run ci + + gas-checks: + runs-on: ubuntu-latest + services: + localgeth: + image: dtr22/geth-dev + + steps: + - uses: actions/setup-node@v1 + with: + node-version: '16' + - uses: actions/checkout@v1 + - uses: actions/cache@v2 + with: + path: node_modules + key: ${{ runner.os }}-${{ hashFiles('yarn.lock') }} + - run: yarn install + - run: yarn compile + - run: yarn ci-gas-calc + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-node@v1 + with: + node-version: '16' + - uses: actions/checkout@v1 + - uses: actions/cache@v2 + with: + path: node_modules + key: ${{ runner.os }}-${{ hashFiles('yarn.lock') }} + - run: yarn install + - run: yarn lint + + coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-node@v1 + with: + node-version: '16' + - uses: actions/checkout@v1 + - uses: actions/cache@v2 + with: + path: node_modules + key: ${{ runner.os }}-${{ hashFiles('yarn.lock') }} + - run: yarn install + + - run: yarn compile + + - run: FORCE_COLOR=1 yarn coverage + - uses: actions/upload-artifact@v2 + with: + name: solidity-coverage + path: | + coverage/ + coverage.json + diff --git a/dependencies/account-abstraction/.gitignore b/dependencies/account-abstraction/.gitignore new file mode 100644 index 00000000..f6a4ff52 --- /dev/null +++ b/dependencies/account-abstraction/.gitignore @@ -0,0 +1,20 @@ +node_modules + +#Hardhat files +cache +artifacts +/.idea/ +/typechain/ +/dist/ +/yarn-error.log +/deployments/dev/ +/deployments/localhost/ +/deployments/proxy/ +/typechain-types/ +/reports/gas-used-output.color +/coverage +/coverage.json +/.DS_Store +.DS_Store +/contracts/dist/ +/contracts/types/ diff --git a/dependencies/account-abstraction/.solcover.js b/dependencies/account-abstraction/.solcover.js new file mode 100644 index 00000000..851e37d6 --- /dev/null +++ b/dependencies/account-abstraction/.solcover.js @@ -0,0 +1,8 @@ +module.exports = { + skipFiles: [ + "test", + "samples/bls/lib", + "utils/Exec.sol" + ], + configureYulOptimizer: true, +}; diff --git a/dependencies/account-abstraction/.solhint.json b/dependencies/account-abstraction/.solhint.json new file mode 100644 index 00000000..2b5dda04 --- /dev/null +++ b/dependencies/account-abstraction/.solhint.json @@ -0,0 +1,12 @@ +{ + "extends": "solhint:recommended", + "rules": { + "compiler-version": ["error",">=0.7.5"], + "func-visibility": ["off",{"ignoreConstructors":true}], + "custom-errors": ["off"], + "explicit-types": ["warn", "explicit"], + "no-global-import": ["off"], + "immutable-vars-naming": ["off"], + "mark-callable-contracts": ["off"] + } +} diff --git a/dependencies/account-abstraction/.solhintignore b/dependencies/account-abstraction/.solhintignore new file mode 100644 index 00000000..4972aa1b --- /dev/null +++ b/dependencies/account-abstraction/.solhintignore @@ -0,0 +1 @@ +contracts/samples/bls/lib/ diff --git a/dependencies/account-abstraction/LICENSE b/dependencies/account-abstraction/LICENSE new file mode 100644 index 00000000..f288702d --- /dev/null +++ b/dependencies/account-abstraction/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/dependencies/account-abstraction/README.md b/dependencies/account-abstraction/README.md new file mode 100644 index 00000000..57216f82 --- /dev/null +++ b/dependencies/account-abstraction/README.md @@ -0,0 +1,11 @@ +Implementation of contracts for [ERC-4337](https://eips.ethereum.org/EIPS/eip-4337) account abstraction via alternative mempool. + +# Resources + +[Vitalik's post on account abstraction without Ethereum protocol changes](https://medium.com/infinitism/erc-4337-account-abstraction-without-ethereum-protocol-changes-d75c9d94dc4a) + +[Discord server](http://discord.gg/fbDyENb6Y9) + +[Bundler reference implementation](https://github.com/eth-infinitism/bundler) + +[Bundler specification test suite](https://github.com/eth-infinitism/bundler-spec-tests) diff --git "a/dependencies/account-abstraction/audits/EIP_4337_\342\200\223_Ethereum_Account_Abstraction_Incremental_Audit_Feb_2023.pdf" "b/dependencies/account-abstraction/audits/EIP_4337_\342\200\223_Ethereum_Account_Abstraction_Incremental_Audit_Feb_2023.pdf" new file mode 100644 index 00000000..7050f47a Binary files /dev/null and "b/dependencies/account-abstraction/audits/EIP_4337_\342\200\223_Ethereum_Account_Abstraction_Incremental_Audit_Feb_2023.pdf" differ diff --git a/dependencies/account-abstraction/contracts/.npmignore b/dependencies/account-abstraction/contracts/.npmignore new file mode 100644 index 00000000..b6abf238 --- /dev/null +++ b/dependencies/account-abstraction/contracts/.npmignore @@ -0,0 +1,2 @@ +**/*Test* +yarn* diff --git a/dependencies/account-abstraction/contracts/core/BaseAccount.sol b/dependencies/account-abstraction/contracts/core/BaseAccount.sol new file mode 100644 index 00000000..459fc6ab --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/BaseAccount.sol @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable no-empty-blocks */ + +import "../interfaces/IAccount.sol"; +import "../interfaces/IEntryPoint.sol"; +import "./UserOperationLib.sol"; + +/** + * Basic account implementation. + * This contract provides the basic logic for implementing the IAccount interface - validateUserOp + * Specific account implementation should inherit it and provide the account-specific logic. + */ +abstract contract BaseAccount is IAccount { + using UserOperationLib for PackedUserOperation; + + /** + * Return the account nonce. + * This method returns the next sequential nonce. + * For a nonce of a specific key, use `entrypoint.getNonce(account, key)` + */ + function getNonce() public view virtual returns (uint256) { + return entryPoint().getNonce(address(this), 0); + } + + /** + * Return the entryPoint used by this account. + * Subclass should return the current entryPoint used by this account. + */ + function entryPoint() public view virtual returns (IEntryPoint); + + /// @inheritdoc IAccount + function validateUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash, + uint256 missingAccountFunds + ) external virtual override returns (uint256 validationData) { + _requireFromEntryPoint(); + validationData = _validateSignature(userOp, userOpHash); + _validateNonce(userOp.nonce); + _payPrefund(missingAccountFunds); + } + + /** + * Ensure the request comes from the known entrypoint. + */ + function _requireFromEntryPoint() internal view virtual { + require( + msg.sender == address(entryPoint()), + "account: not from EntryPoint" + ); + } + + /** + * Validate the signature is valid for this message. + * @param userOp - Validate the userOp.signature field. + * @param userOpHash - Convenient field: the hash of the request, to check the signature against. + * (also hashes the entrypoint and chain id) + * @return validationData - Signature and time-range of this operation. + * <20-byte> aggregatorOrSigFail - 0 for valid signature, 1 to mark signature failure, + * otherwise, an address of an aggregator contract. + * <6-byte> validUntil - last timestamp this operation is valid. 0 for "indefinite" + * <6-byte> validAfter - first timestamp this operation is valid + * If the account doesn't use time-range, it is enough to return + * SIG_VALIDATION_FAILED value (1) for signature failure. + * Note that the validation code cannot use block.timestamp (or block.number) directly. + */ + function _validateSignature( + PackedUserOperation calldata userOp, + bytes32 userOpHash + ) internal virtual returns (uint256 validationData); + + /** + * Validate the nonce of the UserOperation. + * This method may validate the nonce requirement of this account. + * e.g. + * To limit the nonce to use sequenced UserOps only (no "out of order" UserOps): + * `require(nonce < type(uint64).max)` + * For a hypothetical account that *requires* the nonce to be out-of-order: + * `require(nonce & type(uint64).max == 0)` + * + * The actual nonce uniqueness is managed by the EntryPoint, and thus no other + * action is needed by the account itself. + * + * @param nonce to validate + * + * solhint-disable-next-line no-empty-blocks + */ + function _validateNonce(uint256 nonce) internal view virtual { + } + + /** + * Sends to the entrypoint (msg.sender) the missing funds for this transaction. + * SubClass MAY override this method for better funds management + * (e.g. send to the entryPoint more than the minimum required, so that in future transactions + * it will not be required to send again). + * @param missingAccountFunds - The minimum value this method should send the entrypoint. + * This value MAY be zero, in case there is enough deposit, + * or the userOp has a paymaster. + */ + function _payPrefund(uint256 missingAccountFunds) internal virtual { + if (missingAccountFunds != 0) { + (bool success, ) = payable(msg.sender).call{ + value: missingAccountFunds, + gas: type(uint256).max + }(""); + (success); + //ignore failure (its EntryPoint's job to verify, not account.) + } + } +} diff --git a/dependencies/account-abstraction/contracts/core/BasePaymaster.sol b/dependencies/account-abstraction/contracts/core/BasePaymaster.sol new file mode 100644 index 00000000..9bcb6fe6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/BasePaymaster.sol @@ -0,0 +1,151 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable reason-string */ + +import "@openzeppelin/contracts/access/Ownable.sol"; +import "@openzeppelin/contracts/utils/introspection/IERC165.sol"; +import "../interfaces/IPaymaster.sol"; +import "../interfaces/IEntryPoint.sol"; +import "./UserOperationLib.sol"; +/** + * Helper class for creating a paymaster. + * provides helper methods for staking. + * Validates that the postOp is called only by the entryPoint. + */ +abstract contract BasePaymaster is IPaymaster, Ownable { + IEntryPoint public immutable entryPoint; + + uint256 internal constant PAYMASTER_VALIDATION_GAS_OFFSET = UserOperationLib.PAYMASTER_VALIDATION_GAS_OFFSET; + uint256 internal constant PAYMASTER_POSTOP_GAS_OFFSET = UserOperationLib.PAYMASTER_POSTOP_GAS_OFFSET; + uint256 internal constant PAYMASTER_DATA_OFFSET = UserOperationLib.PAYMASTER_DATA_OFFSET; + + constructor(IEntryPoint _entryPoint) Ownable(msg.sender) { + _validateEntryPointInterface(_entryPoint); + entryPoint = _entryPoint; + } + + //sanity check: make sure this EntryPoint was compiled against the same + // IEntryPoint of this paymaster + function _validateEntryPointInterface(IEntryPoint _entryPoint) internal virtual { + require(IERC165(address(_entryPoint)).supportsInterface(type(IEntryPoint).interfaceId), "IEntryPoint interface mismatch"); + } + + /// @inheritdoc IPaymaster + function validatePaymasterUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash, + uint256 maxCost + ) external override returns (bytes memory context, uint256 validationData) { + _requireFromEntryPoint(); + return _validatePaymasterUserOp(userOp, userOpHash, maxCost); + } + + /** + * Validate a user operation. + * @param userOp - The user operation. + * @param userOpHash - The hash of the user operation. + * @param maxCost - The maximum cost of the user operation. + */ + function _validatePaymasterUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash, + uint256 maxCost + ) internal virtual returns (bytes memory context, uint256 validationData); + + /// @inheritdoc IPaymaster + function postOp( + PostOpMode mode, + bytes calldata context, + uint256 actualGasCost, + uint256 actualUserOpFeePerGas + ) external override { + _requireFromEntryPoint(); + _postOp(mode, context, actualGasCost, actualUserOpFeePerGas); + } + + /** + * Post-operation handler. + * (verified to be called only through the entryPoint) + * @dev If subclass returns a non-empty context from validatePaymasterUserOp, + * it must also implement this method. + * @param mode - Enum with the following options: + * opSucceeded - User operation succeeded. + * opReverted - User op reverted. The paymaster still has to pay for gas. + * postOpReverted - never passed in a call to postOp(). + * @param context - The context value returned by validatePaymasterUserOp + * @param actualGasCost - Actual gas used so far (without this postOp call). + * @param actualUserOpFeePerGas - the gas price this UserOp pays. This value is based on the UserOp's maxFeePerGas + * and maxPriorityFee (and basefee) + * It is not the same as tx.gasprice, which is what the bundler pays. + */ + function _postOp( + PostOpMode mode, + bytes calldata context, + uint256 actualGasCost, + uint256 actualUserOpFeePerGas + ) internal virtual { + (mode, context, actualGasCost, actualUserOpFeePerGas); // unused params + // subclass must override this method if validatePaymasterUserOp returns a context + revert("must override"); + } + + /** + * Add a deposit for this paymaster, used for paying for transaction fees. + */ + function deposit() public payable { + entryPoint.depositTo{value: msg.value}(address(this)); + } + + /** + * Withdraw value from the deposit. + * @param withdrawAddress - Target to send to. + * @param amount - Amount to withdraw. + */ + function withdrawTo( + address payable withdrawAddress, + uint256 amount + ) public onlyOwner { + entryPoint.withdrawTo(withdrawAddress, amount); + } + + /** + * Add stake for this paymaster. + * This method can also carry eth value to add to the current stake. + * @param unstakeDelaySec - The unstake delay for this paymaster. Can only be increased. + */ + function addStake(uint32 unstakeDelaySec) external payable onlyOwner { + entryPoint.addStake{value: msg.value}(unstakeDelaySec); + } + + /** + * Return current paymaster's deposit on the entryPoint. + */ + function getDeposit() public view returns (uint256) { + return entryPoint.balanceOf(address(this)); + } + + /** + * Unlock the stake, in order to withdraw it. + * The paymaster can't serve requests once unlocked, until it calls addStake again + */ + function unlockStake() external onlyOwner { + entryPoint.unlockStake(); + } + + /** + * Withdraw the entire paymaster's stake. + * stake must be unlocked first (and then wait for the unstakeDelay to be over) + * @param withdrawAddress - The address to send withdrawn value. + */ + function withdrawStake(address payable withdrawAddress) external onlyOwner { + entryPoint.withdrawStake(withdrawAddress); + } + + /** + * Validate the call is made from a valid entrypoint + */ + function _requireFromEntryPoint() internal virtual { + require(msg.sender == address(entryPoint), "Sender not EntryPoint"); + } +} diff --git a/dependencies/account-abstraction/contracts/core/EntryPoint.sol b/dependencies/account-abstraction/contracts/core/EntryPoint.sol new file mode 100644 index 00000000..0f3dca7c --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/EntryPoint.sol @@ -0,0 +1,701 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable no-inline-assembly */ + +import "../interfaces/IAccount.sol"; +import "../interfaces/IAccountExecute.sol"; +import "../interfaces/IPaymaster.sol"; +import "../interfaces/IEntryPoint.sol"; + +import "../utils/Exec.sol"; +import "./StakeManager.sol"; +import "./SenderCreator.sol"; +import "./Helpers.sol"; +import "./NonceManager.sol"; +import "./UserOperationLib.sol"; +import "./GasDebug.sol"; + +import "@openzeppelin/contracts/utils/introspection/ERC165.sol"; +import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; + +/* + * Account-Abstraction (EIP-4337) singleton EntryPoint implementation. + * Only one instance required on each chain. + */ + +/// @custom:security-contact https://bounty.ethereum.org +contract EntryPoint is IEntryPoint, StakeManager, NonceManager, ReentrancyGuard, ERC165, GasDebug { + using UserOperationLib for PackedUserOperation; + + SenderCreator private immutable _senderCreator = new SenderCreator(); + + function senderCreator() internal view virtual returns (SenderCreator) { + return _senderCreator; + } + + //compensate for innerHandleOps' emit message and deposit refund. + // allow some slack for future gas price changes. + uint256 private constant INNER_GAS_OVERHEAD = 10000; + + // Marker for inner call revert on out of gas + bytes32 private constant INNER_OUT_OF_GAS = hex"deaddead"; + bytes32 private constant INNER_REVERT_LOW_PREFUND = hex"deadaa51"; + + uint256 private constant REVERT_REASON_MAX_LEN = 2048; + uint256 private constant PENALTY_PERCENT = 10; + + /// @inheritdoc IERC165 + function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { + // note: solidity "type(IEntryPoint).interfaceId" is without inherited methods but we want to check everything + return interfaceId + == (type(IEntryPoint).interfaceId ^ type(IStakeManager).interfaceId ^ type(INonceManager).interfaceId) + || interfaceId == type(IEntryPoint).interfaceId || interfaceId == type(IStakeManager).interfaceId + || interfaceId == type(INonceManager).interfaceId || super.supportsInterface(interfaceId); + } + + /** + * Compensate the caller's beneficiary address with the collected fees of all UserOperations. + * @param beneficiary - The address to receive the fees. + * @param amount - Amount to transfer. + */ + function _compensate(address payable beneficiary, uint256 amount) internal { + require(beneficiary != address(0), "AA90 invalid beneficiary"); + (bool success,) = beneficiary.call{value: amount}(""); + require(success, "AA91 failed send to beneficiary"); + } + + /** + * Execute a user operation. + * @param opIndex - Index into the opInfo array. + * @param userOp - The userOp to execute. + * @param opInfo - The opInfo filled by validatePrepayment for this userOp. + * @return collected - The total amount this userOp paid. + */ + function _executeUserOp(uint256 opIndex, PackedUserOperation calldata userOp, UserOpInfo memory opInfo) + internal + returns (uint256 collected) + { + uint256 preGas = gasleft(); + bytes memory context = getMemoryBytesFromOffset(opInfo.contextOffset); + bool success; + { + uint256 saveFreePtr; + assembly ("memory-safe") { + saveFreePtr := mload(0x40) + } + bytes calldata callData = userOp.callData; + bytes memory innerCall; + bytes4 methodSig; + assembly { + let len := callData.length + if gt(len, 3) { methodSig := calldataload(callData.offset) } + } + if (methodSig == IAccountExecute.executeUserOp.selector) { + bytes memory executeUserOp = abi.encodeCall(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash)); + innerCall = abi.encodeCall(this.innerHandleOp, (executeUserOp, opInfo, context)); + } else { + innerCall = abi.encodeCall(this.innerHandleOp, (callData, opInfo, context)); + } + assembly ("memory-safe") { + success := call(gas(), address(), 0, add(innerCall, 0x20), mload(innerCall), 0, 32) + collected := mload(0) + mstore(0x40, saveFreePtr) + } + } + if (!success) { + bytes32 innerRevertCode; + assembly ("memory-safe") { + let len := returndatasize() + if eq(32, len) { + returndatacopy(0, 0, 32) + innerRevertCode := mload(0) + } + } + if (innerRevertCode == INNER_OUT_OF_GAS) { + // handleOps was called with gas limit too low. abort entire bundle. + //can only be caused by bundler (leaving not enough gas for inner call) + revert FailedOp(opIndex, "AA95 out of gas"); + } else if (innerRevertCode == INNER_REVERT_LOW_PREFUND) { + // innerCall reverted on prefund too low. treat entire prefund as "gas cost" + uint256 actualGas = preGas - gasleft() + opInfo.preOpGas; + uint256 actualGasCost = opInfo.prefund; + emitPrefundTooLow(opInfo); + emitUserOperationEvent(opInfo, false, actualGasCost, actualGas); + collected = actualGasCost; + } else { + emit PostOpRevertReason( + opInfo.userOpHash, + opInfo.mUserOp.sender, + opInfo.mUserOp.nonce, + Exec.getReturnData(REVERT_REASON_MAX_LEN) + ); + + uint256 actualGas = preGas - gasleft() + opInfo.preOpGas; + collected = _postExecution(IPaymaster.PostOpMode.postOpReverted, opInfo, context, actualGas); + } + } + } + + function emitUserOperationEvent(UserOpInfo memory opInfo, bool success, uint256 actualGasCost, uint256 actualGas) + internal + virtual + { + emit UserOperationEvent( + opInfo.userOpHash, + opInfo.mUserOp.sender, + opInfo.mUserOp.paymaster, + opInfo.mUserOp.nonce, + success, + actualGasCost, + actualGas + ); + } + + function emitPrefundTooLow(UserOpInfo memory opInfo) internal virtual { + emit UserOperationPrefundTooLow(opInfo.userOpHash, opInfo.mUserOp.sender, opInfo.mUserOp.nonce); + } + + /// @inheritdoc IEntryPoint + function handleOps(PackedUserOperation[] calldata ops, address payable beneficiary) public nonReentrant { + uint256 opslen = ops.length; + UserOpInfo[] memory opInfos = new UserOpInfo[](opslen); + + unchecked { + for (uint256 i = 0; i < opslen; i++) { + UserOpInfo memory opInfo = opInfos[i]; + (uint256 validationData, uint256 pmValidationData) = _validatePrepayment(i, ops[i], opInfo); + _validateAccountAndPaymasterValidationData(i, validationData, pmValidationData, address(0)); + } + + uint256 collected = 0; + emit BeforeExecution(); + + for (uint256 i = 0; i < opslen; i++) { + collected += _executeUserOp(i, ops[i], opInfos[i]); + } + + _compensate(beneficiary, collected); + } + } + + /// @inheritdoc IEntryPoint + function handleAggregatedOps(UserOpsPerAggregator[] calldata opsPerAggregator, address payable beneficiary) + public + nonReentrant + { + uint256 opasLen = opsPerAggregator.length; + uint256 totalOps = 0; + for (uint256 i = 0; i < opasLen; i++) { + UserOpsPerAggregator calldata opa = opsPerAggregator[i]; + PackedUserOperation[] calldata ops = opa.userOps; + IAggregator aggregator = opa.aggregator; + + //address(1) is special marker of "signature error" + require(address(aggregator) != address(1), "AA96 invalid aggregator"); + + if (address(aggregator) != address(0)) { + // solhint-disable-next-line no-empty-blocks + try aggregator.validateSignatures(ops, opa.signature) {} + catch { + revert SignatureValidationFailed(address(aggregator)); + } + } + + totalOps += ops.length; + } + + UserOpInfo[] memory opInfos = new UserOpInfo[](totalOps); + + uint256 opIndex = 0; + for (uint256 a = 0; a < opasLen; a++) { + UserOpsPerAggregator calldata opa = opsPerAggregator[a]; + PackedUserOperation[] calldata ops = opa.userOps; + IAggregator aggregator = opa.aggregator; + + uint256 opslen = ops.length; + for (uint256 i = 0; i < opslen; i++) { + UserOpInfo memory opInfo = opInfos[opIndex]; + (uint256 validationData, uint256 paymasterValidationData) = _validatePrepayment(opIndex, ops[i], opInfo); + _validateAccountAndPaymasterValidationData( + i, validationData, paymasterValidationData, address(aggregator) + ); + opIndex++; + } + } + + emit BeforeExecution(); + + uint256 collected = 0; + opIndex = 0; + for (uint256 a = 0; a < opasLen; a++) { + UserOpsPerAggregator calldata opa = opsPerAggregator[a]; + emit SignatureAggregatorChanged(address(opa.aggregator)); + PackedUserOperation[] calldata ops = opa.userOps; + uint256 opslen = ops.length; + + for (uint256 i = 0; i < opslen; i++) { + collected += _executeUserOp(opIndex, ops[i], opInfos[opIndex]); + opIndex++; + } + } + emit SignatureAggregatorChanged(address(0)); + + _compensate(beneficiary, collected); + } + + /** + * A memory copy of UserOp static fields only. + * Excluding: callData, initCode and signature. Replacing paymasterAndData with paymaster. + */ + struct MemoryUserOp { + address sender; + uint256 nonce; + uint256 verificationGasLimit; + uint256 callGasLimit; + uint256 paymasterVerificationGasLimit; + uint256 paymasterPostOpGasLimit; + uint256 preVerificationGas; + address paymaster; + uint256 maxFeePerGas; + uint256 maxPriorityFeePerGas; + } + + struct UserOpInfo { + MemoryUserOp mUserOp; + bytes32 userOpHash; + uint256 prefund; + uint256 contextOffset; + uint256 preOpGas; + } + + /** + * Inner function to handle a UserOperation. + * Must be declared "external" to open a call context, but it can only be called by handleOps. + * @param callData - The callData to execute. + * @param opInfo - The UserOpInfo struct. + * @param context - The context bytes. + * @return actualGasCost - the actual cost in eth this UserOperation paid for gas + */ + function innerHandleOp(bytes memory callData, UserOpInfo memory opInfo, bytes calldata context) + external + returns (uint256 actualGasCost) + { + uint256 preGas = gasleft(); + require(msg.sender == address(this), "AA92 internal call only"); + MemoryUserOp memory mUserOp = opInfo.mUserOp; + + uint256 callGasLimit = mUserOp.callGasLimit; + unchecked { + // handleOps was called with gas limit too low. abort entire bundle. + if (gasleft() * 63 / 64 < callGasLimit + mUserOp.paymasterPostOpGasLimit + INNER_GAS_OVERHEAD) { + assembly ("memory-safe") { + mstore(0, INNER_OUT_OF_GAS) + revert(0, 32) + } + } + } + + IPaymaster.PostOpMode mode = IPaymaster.PostOpMode.opSucceeded; + if (callData.length > 0) { + uint256 _execGas = gasleft(); + bool success = Exec.call(mUserOp.sender, 0, callData, callGasLimit); + setGasConsumed(mUserOp.sender, 2, _execGas - gasleft()); + if (!success) { + bytes memory result = Exec.getReturnData(REVERT_REASON_MAX_LEN); + if (result.length > 0) { + emit UserOperationRevertReason(opInfo.userOpHash, mUserOp.sender, mUserOp.nonce, result); + } + mode = IPaymaster.PostOpMode.opReverted; + } + } + + unchecked { + uint256 actualGas = preGas - gasleft() + opInfo.preOpGas; + return _postExecution(mode, opInfo, context, actualGas); + } + } + + /// @inheritdoc IEntryPoint + function getUserOpHash(PackedUserOperation calldata userOp) public view returns (bytes32) { + return keccak256(abi.encode(userOp.hash(), address(this), block.chainid)); + } + + /** + * Copy general fields from userOp into the memory opInfo structure. + * @param userOp - The user operation. + * @param mUserOp - The memory user operation. + */ + function _copyUserOpToMemory(PackedUserOperation calldata userOp, MemoryUserOp memory mUserOp) internal pure { + mUserOp.sender = userOp.sender; + mUserOp.nonce = userOp.nonce; + (mUserOp.verificationGasLimit, mUserOp.callGasLimit) = UserOperationLib.unpackUints(userOp.accountGasLimits); + mUserOp.preVerificationGas = userOp.preVerificationGas; + (mUserOp.maxPriorityFeePerGas, mUserOp.maxFeePerGas) = UserOperationLib.unpackUints(userOp.gasFees); + bytes calldata paymasterAndData = userOp.paymasterAndData; + if (paymasterAndData.length > 0) { + require(paymasterAndData.length >= UserOperationLib.PAYMASTER_DATA_OFFSET, "AA93 invalid paymasterAndData"); + (mUserOp.paymaster, mUserOp.paymasterVerificationGasLimit, mUserOp.paymasterPostOpGasLimit) = + UserOperationLib.unpackPaymasterStaticFields(paymasterAndData); + } else { + mUserOp.paymaster = address(0); + mUserOp.paymasterVerificationGasLimit = 0; + mUserOp.paymasterPostOpGasLimit = 0; + } + } + + /** + * Get the required prefunded gas fee amount for an operation. + * @param mUserOp - The user operation in memory. + */ + function _getRequiredPrefund(MemoryUserOp memory mUserOp) internal pure returns (uint256 requiredPrefund) { + unchecked { + uint256 requiredGas = mUserOp.verificationGasLimit + mUserOp.callGasLimit + + mUserOp.paymasterVerificationGasLimit + mUserOp.paymasterPostOpGasLimit + mUserOp.preVerificationGas; + + requiredPrefund = requiredGas * mUserOp.maxFeePerGas; + } + } + + /** + * Create sender smart contract account if init code is provided. + * @param opIndex - The operation index. + * @param opInfo - The operation info. + * @param initCode - The init code for the smart contract account. + */ + function _createSenderIfNeeded(uint256 opIndex, UserOpInfo memory opInfo, bytes calldata initCode) internal { + if (initCode.length != 0) { + address sender = opInfo.mUserOp.sender; + if (sender.code.length != 0) { + revert FailedOp(opIndex, "AA10 sender already constructed"); + } + uint256 _creationGas = gasleft(); + address sender1 = senderCreator().createSender{gas: opInfo.mUserOp.verificationGasLimit}(initCode); + setGasConsumed(sender, 0, _creationGas - gasleft()); + if (sender1 == address(0)) { + revert FailedOp(opIndex, "AA13 initCode failed or OOG"); + } + if (sender1 != sender) { + revert FailedOp(opIndex, "AA14 initCode must return sender"); + } + if (sender1.code.length == 0) { + revert FailedOp(opIndex, "AA15 initCode must create sender"); + } + address factory = address(bytes20(initCode[0:20])); + emit AccountDeployed(opInfo.userOpHash, sender, factory, opInfo.mUserOp.paymaster); + } + } + + /// @inheritdoc IEntryPoint + function getSenderAddress(bytes calldata initCode) public { + address sender = senderCreator().createSender(initCode); + revert SenderAddressResult(sender); + } + + /** + * Call account.validateUserOp. + * Revert (with FailedOp) in case validateUserOp reverts, or account didn't send required prefund. + * Decrement account's deposit if needed. + * @param opIndex - The operation index. + * @param op - The user operation. + * @param opInfo - The operation info. + * @param requiredPrefund - The required prefund amount. + */ + function _validateAccountPrepayment( + uint256 opIndex, + PackedUserOperation calldata op, + UserOpInfo memory opInfo, + uint256 requiredPrefund, + uint256 verificationGasLimit + ) internal returns (uint256 validationData) { + unchecked { + MemoryUserOp memory mUserOp = opInfo.mUserOp; + address sender = mUserOp.sender; + _createSenderIfNeeded(opIndex, opInfo, op.initCode); + address paymaster = mUserOp.paymaster; + uint256 missingAccountFunds = 0; + if (paymaster == address(0)) { + uint256 bal = balanceOf(sender); + missingAccountFunds = bal > requiredPrefund ? 0 : requiredPrefund - bal; + } + uint256 _verificationGas = gasleft(); + try IAccount(sender).validateUserOp{gas: verificationGasLimit}(op, opInfo.userOpHash, missingAccountFunds) + returns (uint256 _validationData) { + validationData = _validationData; + setGasConsumed(sender, 1, _verificationGas - gasleft()); + } catch { + revert FailedOpWithRevert(opIndex, "AA23 reverted", Exec.getReturnData(REVERT_REASON_MAX_LEN)); + } + if (paymaster == address(0)) { + DepositInfo storage senderInfo = deposits[sender]; + uint256 deposit = senderInfo.deposit; + if (requiredPrefund > deposit) { + revert FailedOp(opIndex, "AA21 didn't pay prefund"); + } + senderInfo.deposit = deposit - requiredPrefund; + } + } + } + + /** + * In case the request has a paymaster: + * - Validate paymaster has enough deposit. + * - Call paymaster.validatePaymasterUserOp. + * - Revert with proper FailedOp in case paymaster reverts. + * - Decrement paymaster's deposit. + * @param opIndex - The operation index. + * @param op - The user operation. + * @param opInfo - The operation info. + * @param requiredPreFund - The required prefund amount. + */ + function _validatePaymasterPrepayment( + uint256 opIndex, + PackedUserOperation calldata op, + UserOpInfo memory opInfo, + uint256 requiredPreFund + ) internal returns (bytes memory context, uint256 validationData) { + unchecked { + uint256 preGas = gasleft(); + MemoryUserOp memory mUserOp = opInfo.mUserOp; + address paymaster = mUserOp.paymaster; + DepositInfo storage paymasterInfo = deposits[paymaster]; + uint256 deposit = paymasterInfo.deposit; + if (deposit < requiredPreFund) { + revert FailedOp(opIndex, "AA31 paymaster deposit too low"); + } + paymasterInfo.deposit = deposit - requiredPreFund; + uint256 pmVerificationGasLimit = mUserOp.paymasterVerificationGasLimit; + try IPaymaster(paymaster).validatePaymasterUserOp{gas: pmVerificationGasLimit}( + op, opInfo.userOpHash, requiredPreFund + ) returns (bytes memory _context, uint256 _validationData) { + context = _context; + validationData = _validationData; + } catch { + revert FailedOpWithRevert(opIndex, "AA33 reverted", Exec.getReturnData(REVERT_REASON_MAX_LEN)); + } + if (preGas - gasleft() > pmVerificationGasLimit) { + revert FailedOp(opIndex, "AA36 over paymasterVerificationGasLimit"); + } + } + } + + /** + * Revert if either account validationData or paymaster validationData is expired. + * @param opIndex - The operation index. + * @param validationData - The account validationData. + * @param paymasterValidationData - The paymaster validationData. + * @param expectedAggregator - The expected aggregator. + */ + function _validateAccountAndPaymasterValidationData( + uint256 opIndex, + uint256 validationData, + uint256 paymasterValidationData, + address expectedAggregator + ) internal view { + (address aggregator, bool outOfTimeRange) = _getValidationData(validationData); + if (expectedAggregator != aggregator) { + revert FailedOp(opIndex, "AA24 signature error"); + } + if (outOfTimeRange) { + revert FailedOp(opIndex, "AA22 expired or not due"); + } + // pmAggregator is not a real signature aggregator: we don't have logic to handle it as address. + // Non-zero address means that the paymaster fails due to some signature check (which is ok only during estimation). + address pmAggregator; + (pmAggregator, outOfTimeRange) = _getValidationData(paymasterValidationData); + if (pmAggregator != address(0)) { + revert FailedOp(opIndex, "AA34 signature error"); + } + if (outOfTimeRange) { + revert FailedOp(opIndex, "AA32 paymaster expired or not due"); + } + } + + /** + * Parse validationData into its components. + * @param validationData - The packed validation data (sigFailed, validAfter, validUntil). + * @return aggregator the aggregator of the validationData + * @return outOfTimeRange true if current time is outside the time range of this validationData. + */ + function _getValidationData(uint256 validationData) + internal + view + returns (address aggregator, bool outOfTimeRange) + { + if (validationData == 0) { + return (address(0), false); + } + ValidationData memory data = _parseValidationData(validationData); + // solhint-disable-next-line not-rely-on-time + outOfTimeRange = block.timestamp > data.validUntil || block.timestamp < data.validAfter; + aggregator = data.aggregator; + } + + /** + * Validate account and paymaster (if defined) and + * also make sure total validation doesn't exceed verificationGasLimit. + * This method is called off-chain (simulateValidation()) and on-chain (from handleOps) + * @param opIndex - The index of this userOp into the "opInfos" array. + * @param userOp - The userOp to validate. + */ + function _validatePrepayment(uint256 opIndex, PackedUserOperation calldata userOp, UserOpInfo memory outOpInfo) + internal + returns (uint256 validationData, uint256 paymasterValidationData) + { + uint256 preGas = gasleft(); + MemoryUserOp memory mUserOp = outOpInfo.mUserOp; + _copyUserOpToMemory(userOp, mUserOp); + outOpInfo.userOpHash = getUserOpHash(userOp); + + // Validate all numeric values in userOp are well below 128 bit, so they can safely be added + // and multiplied without causing overflow. + uint256 verificationGasLimit = mUserOp.verificationGasLimit; + uint256 maxGasValues = mUserOp.preVerificationGas | verificationGasLimit | mUserOp.callGasLimit + | mUserOp.paymasterVerificationGasLimit | mUserOp.paymasterPostOpGasLimit | mUserOp.maxFeePerGas + | mUserOp.maxPriorityFeePerGas; + require(maxGasValues <= type(uint120).max, "AA94 gas values overflow"); + + uint256 requiredPreFund = _getRequiredPrefund(mUserOp); + validationData = _validateAccountPrepayment(opIndex, userOp, outOpInfo, requiredPreFund, verificationGasLimit); + + if (!_validateAndUpdateNonce(mUserOp.sender, mUserOp.nonce)) { + revert FailedOp(opIndex, "AA25 invalid account nonce"); + } + + unchecked { + if (preGas - gasleft() > verificationGasLimit) { + revert FailedOp(opIndex, "AA26 over verificationGasLimit"); + } + } + + bytes memory context; + if (mUserOp.paymaster != address(0)) { + (context, paymasterValidationData) = + _validatePaymasterPrepayment(opIndex, userOp, outOpInfo, requiredPreFund); + } + unchecked { + outOpInfo.prefund = requiredPreFund; + outOpInfo.contextOffset = getOffsetOfMemoryBytes(context); + outOpInfo.preOpGas = preGas - gasleft() + userOp.preVerificationGas; + } + } + + /** + * Process post-operation, called just after the callData is executed. + * If a paymaster is defined and its validation returned a non-empty context, its postOp is called. + * The excess amount is refunded to the account (or paymaster - if it was used in the request). + * @param mode - Whether is called from innerHandleOp, or outside (postOpReverted). + * @param opInfo - UserOp fields and info collected during validation. + * @param context - The context returned in validatePaymasterUserOp. + * @param actualGas - The gas used so far by this user operation. + */ + function _postExecution( + IPaymaster.PostOpMode mode, + UserOpInfo memory opInfo, + bytes memory context, + uint256 actualGas + ) private returns (uint256 actualGasCost) { + uint256 preGas = gasleft(); + unchecked { + address refundAddress; + MemoryUserOp memory mUserOp = opInfo.mUserOp; + uint256 gasPrice = getUserOpGasPrice(mUserOp); + + address paymaster = mUserOp.paymaster; + if (paymaster == address(0)) { + refundAddress = mUserOp.sender; + } else { + refundAddress = paymaster; + if (context.length > 0) { + actualGasCost = actualGas * gasPrice; + if (mode != IPaymaster.PostOpMode.postOpReverted) { + try IPaymaster(paymaster).postOp{gas: mUserOp.paymasterPostOpGasLimit}( + mode, context, actualGasCost, gasPrice + ) { + // solhint-disable-next-line no-empty-blocks + } catch { + bytes memory reason = Exec.getReturnData(REVERT_REASON_MAX_LEN); + revert PostOpReverted(reason); + } + } + } + } + actualGas += preGas - gasleft(); + + // Calculating a penalty for unused execution gas + { + uint256 executionGasLimit = mUserOp.callGasLimit + mUserOp.paymasterPostOpGasLimit; + uint256 executionGasUsed = actualGas - opInfo.preOpGas; + // this check is required for the gas used within EntryPoint and not covered by explicit gas limits + if (executionGasLimit > executionGasUsed) { + uint256 unusedGas = executionGasLimit - executionGasUsed; + uint256 unusedGasPenalty = (unusedGas * PENALTY_PERCENT) / 100; + actualGas += unusedGasPenalty; + } + } + + actualGasCost = actualGas * gasPrice; + uint256 prefund = opInfo.prefund; + if (prefund < actualGasCost) { + if (mode == IPaymaster.PostOpMode.postOpReverted) { + actualGasCost = prefund; + emitPrefundTooLow(opInfo); + emitUserOperationEvent(opInfo, false, actualGasCost, actualGas); + } else { + assembly ("memory-safe") { + mstore(0, INNER_REVERT_LOW_PREFUND) + revert(0, 32) + } + } + } else { + uint256 refund = prefund - actualGasCost; + _incrementDeposit(refundAddress, refund); + bool success = mode == IPaymaster.PostOpMode.opSucceeded; + emitUserOperationEvent(opInfo, success, actualGasCost, actualGas); + } + } // unchecked + } + + /** + * The gas price this UserOp agrees to pay. + * Relayer/block builder might submit the TX with higher priorityFee, but the user should not. + * @param mUserOp - The userOp to get the gas price from. + */ + function getUserOpGasPrice(MemoryUserOp memory mUserOp) internal view returns (uint256) { + unchecked { + uint256 maxFeePerGas = mUserOp.maxFeePerGas; + uint256 maxPriorityFeePerGas = mUserOp.maxPriorityFeePerGas; + if (maxFeePerGas == maxPriorityFeePerGas) { + //legacy mode (for networks that don't support basefee opcode) + return maxFeePerGas; + } + return min(maxFeePerGas, maxPriorityFeePerGas + block.basefee); + } + } + + /** + * The offset of the given bytes in memory. + * @param data - The bytes to get the offset of. + */ + function getOffsetOfMemoryBytes(bytes memory data) internal pure returns (uint256 offset) { + assembly { + offset := data + } + } + + /** + * The bytes in memory at the given offset. + * @param offset - The offset to get the bytes from. + */ + function getMemoryBytesFromOffset(uint256 offset) internal pure returns (bytes memory data) { + assembly ("memory-safe") { + data := offset + } + } + + /// @inheritdoc IEntryPoint + function delegateAndRevert(address target, bytes calldata data) external { + (bool success, bytes memory ret) = target.delegatecall(data); + revert DelegateAndRevert(success, ret); + } +} diff --git a/dependencies/account-abstraction/contracts/core/EntryPointSimulations.sol b/dependencies/account-abstraction/contracts/core/EntryPointSimulations.sol new file mode 100644 index 00000000..2001239e --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/EntryPointSimulations.sol @@ -0,0 +1,192 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable no-inline-assembly */ + +import "./EntryPoint.sol"; +import "../interfaces/IEntryPointSimulations.sol"; + +/* + * This contract inherits the EntryPoint and extends it with the view-only methods that are executed by + * the bundler in order to check UserOperation validity and estimate its gas consumption. + * This contract should never be deployed on-chain and is only used as a parameter for the "eth_call" request. + */ +contract EntryPointSimulations is EntryPoint, IEntryPointSimulations { + // solhint-disable-next-line var-name-mixedcase + AggregatorStakeInfo private NOT_AGGREGATED = AggregatorStakeInfo(address(0), StakeInfo(0, 0)); + + SenderCreator private _senderCreator; + + function initSenderCreator() internal virtual { + //this is the address of the first contract created with CREATE by this address. + address createdObj = address(uint160(uint256(keccak256(abi.encodePacked(hex"d694", address(this), hex"01"))))); + _senderCreator = SenderCreator(createdObj); + } + + function senderCreator() internal view virtual override returns (SenderCreator) { + // return the same senderCreator as real EntryPoint. + // this call is slightly (100) more expensive than EntryPoint's access to immutable member + return _senderCreator; + } + + /** + * simulation contract should not be deployed, and specifically, accounts should not trust + * it as entrypoint, since the simulation functions don't check the signatures + */ + constructor() { + // THIS CONTRACT SHOULD NOT BE DEPLOYED + // however, the line of code below is commented to allow this entryPoint to be used in fork tests + // require(block.number < 100, "should not be deployed"); + } + + /// @inheritdoc IEntryPointSimulations + function simulateValidation( + PackedUserOperation calldata userOp + ) + external + returns ( + ValidationResult memory + ){ + UserOpInfo memory outOpInfo; + + _simulationOnlyValidations(userOp); + ( + uint256 validationData, + uint256 paymasterValidationData + ) = _validatePrepayment(0, userOp, outOpInfo); + StakeInfo memory paymasterInfo = _getStakeInfo( + outOpInfo.mUserOp.paymaster + ); + StakeInfo memory senderInfo = _getStakeInfo(outOpInfo.mUserOp.sender); + StakeInfo memory factoryInfo; + { + bytes calldata initCode = userOp.initCode; + address factory = initCode.length >= 20 + ? address(bytes20(initCode[0 : 20])) + : address(0); + factoryInfo = _getStakeInfo(factory); + } + + address aggregator = address(uint160(validationData)); + ReturnInfo memory returnInfo = ReturnInfo( + outOpInfo.preOpGas, + outOpInfo.prefund, + validationData, + paymasterValidationData, + getMemoryBytesFromOffset(outOpInfo.contextOffset) + ); + + AggregatorStakeInfo memory aggregatorInfo = NOT_AGGREGATED; + if (uint160(aggregator) != SIG_VALIDATION_SUCCESS && uint160(aggregator) != SIG_VALIDATION_FAILED) { + aggregatorInfo = AggregatorStakeInfo( + aggregator, + _getStakeInfo(aggregator) + ); + } + return ValidationResult( + returnInfo, + senderInfo, + factoryInfo, + paymasterInfo, + aggregatorInfo + ); + } + + /// @inheritdoc IEntryPointSimulations + function simulateHandleOp( + PackedUserOperation calldata op, + address target, + bytes calldata targetCallData + ) + external nonReentrant + returns ( + ExecutionResult memory + ){ + UserOpInfo memory opInfo; + _simulationOnlyValidations(op); + ( + uint256 validationData, + uint256 paymasterValidationData + ) = _validatePrepayment(0, op, opInfo); + + uint256 paid = _executeUserOp(0, op, opInfo); + bool targetSuccess; + bytes memory targetResult; + if (target != address(0)) { + (targetSuccess, targetResult) = target.call(targetCallData); + } + return ExecutionResult( + opInfo.preOpGas, + paid, + validationData, + paymasterValidationData, + targetSuccess, + targetResult + ); + } + + function _simulationOnlyValidations( + PackedUserOperation calldata userOp + ) + internal + { + //initialize senderCreator(). we can't rely on constructor + initSenderCreator(); + + try + this._validateSenderAndPaymaster( + userOp.initCode, + userOp.sender, + userOp.paymasterAndData + ) + // solhint-disable-next-line no-empty-blocks + {} catch Error(string memory revertReason) { + if (bytes(revertReason).length != 0) { + revert FailedOp(0, revertReason); + } + } + } + + /** + * Called only during simulation. + * This function always reverts to prevent warm/cold storage differentiation in simulation vs execution. + * @param initCode - The smart account constructor code. + * @param sender - The sender address. + * @param paymasterAndData - The paymaster address (followed by other params, ignored by this method) + */ + function _validateSenderAndPaymaster( + bytes calldata initCode, + address sender, + bytes calldata paymasterAndData + ) external view { + if (initCode.length == 0 && sender.code.length == 0) { + // it would revert anyway. but give a meaningful message + revert("AA20 account not deployed"); + } + if (paymasterAndData.length >= 20) { + address paymaster = address(bytes20(paymasterAndData[0 : 20])); + if (paymaster.code.length == 0) { + // It would revert anyway. but give a meaningful message. + revert("AA30 paymaster not deployed"); + } + } + // always revert + revert(""); + } + + //make sure depositTo cost is more than normal EntryPoint's cost, + // to mitigate DoS vector on the bundler + // empiric test showed that without this wrapper, simulation depositTo costs less.. + function depositTo(address account) public override(IStakeManager, StakeManager) payable { + unchecked{ + // silly code, to waste some gas to make sure depositTo is always little more + // expensive than on-chain call + uint256 x = 1; + while (x < 5) { + x++; + } + StakeManager.depositTo(account); + } + } +} diff --git a/dependencies/account-abstraction/contracts/core/GasDebug.sol b/dependencies/account-abstraction/contracts/core/GasDebug.sol new file mode 100644 index 00000000..bb8075a6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/GasDebug.sol @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +contract GasDebug { + // Phase 0: account creation + // Phase 1: validation + // Phase 2: execution + mapping(address account => mapping(uint256 phase => uint256 gas)) gasConsumed; + + function setGasConsumed(address account, uint256 phase, uint256 gas) internal { + gasConsumed[account][phase] = gas; + } + + function getGasConsumed(address account, uint256 phase) public view returns (uint256) { + return gasConsumed[account][phase]; + } +} diff --git a/dependencies/account-abstraction/contracts/core/Helpers.sol b/dependencies/account-abstraction/contracts/core/Helpers.sol new file mode 100644 index 00000000..85790086 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/Helpers.sol @@ -0,0 +1,106 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable no-inline-assembly */ + + + /* + * For simulation purposes, validateUserOp (and validatePaymasterUserOp) + * must return this value in case of signature failure, instead of revert. + */ +uint256 constant SIG_VALIDATION_FAILED = 1; + + +/* + * For simulation purposes, validateUserOp (and validatePaymasterUserOp) + * return this value on success. + */ +uint256 constant SIG_VALIDATION_SUCCESS = 0; + + +/** + * Returned data from validateUserOp. + * validateUserOp returns a uint256, which is created by `_packedValidationData` and + * parsed by `_parseValidationData`. + * @param aggregator - address(0) - The account validated the signature by itself. + * address(1) - The account failed to validate the signature. + * otherwise - This is an address of a signature aggregator that must + * be used to validate the signature. + * @param validAfter - This UserOp is valid only after this timestamp. + * @param validaUntil - This UserOp is valid only up to this timestamp. + */ +struct ValidationData { + address aggregator; + uint48 validAfter; + uint48 validUntil; +} + +/** + * Extract sigFailed, validAfter, validUntil. + * Also convert zero validUntil to type(uint48).max. + * @param validationData - The packed validation data. + */ +function _parseValidationData( + uint256 validationData +) pure returns (ValidationData memory data) { + address aggregator = address(uint160(validationData)); + uint48 validUntil = uint48(validationData >> 160); + if (validUntil == 0) { + validUntil = type(uint48).max; + } + uint48 validAfter = uint48(validationData >> (48 + 160)); + return ValidationData(aggregator, validAfter, validUntil); +} + +/** + * Helper to pack the return value for validateUserOp. + * @param data - The ValidationData to pack. + */ +function _packValidationData( + ValidationData memory data +) pure returns (uint256) { + return + uint160(data.aggregator) | + (uint256(data.validUntil) << 160) | + (uint256(data.validAfter) << (160 + 48)); +} + +/** + * Helper to pack the return value for validateUserOp, when not using an aggregator. + * @param sigFailed - True for signature failure, false for success. + * @param validUntil - Last timestamp this UserOperation is valid (or zero for infinite). + * @param validAfter - First timestamp this UserOperation is valid. + */ +function _packValidationData( + bool sigFailed, + uint48 validUntil, + uint48 validAfter +) pure returns (uint256) { + return + (sigFailed ? 1 : 0) | + (uint256(validUntil) << 160) | + (uint256(validAfter) << (160 + 48)); +} + +/** + * keccak function over calldata. + * @dev copy calldata into memory, do keccak and drop allocated memory. Strangely, this is more efficient than letting solidity do it. + */ + function calldataKeccak(bytes calldata data) pure returns (bytes32 ret) { + assembly ("memory-safe") { + let mem := mload(0x40) + let len := data.length + calldatacopy(mem, data.offset, len) + ret := keccak256(mem, len) + } + } + + +/** + * The minimum of two numbers. + * @param a - First number. + * @param b - Second number. + */ + function min(uint256 a, uint256 b) pure returns (uint256) { + return a < b ? a : b; + } diff --git a/dependencies/account-abstraction/contracts/core/NonceManager.sol b/dependencies/account-abstraction/contracts/core/NonceManager.sol new file mode 100644 index 00000000..7bef62e9 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/NonceManager.sol @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../interfaces/INonceManager.sol"; + +/** + * nonce management functionality + */ +abstract contract NonceManager is INonceManager { + + /** + * The next valid sequence number for a given nonce key. + */ + mapping(address => mapping(uint192 => uint256)) public nonceSequenceNumber; + + /// @inheritdoc INonceManager + function getNonce(address sender, uint192 key) + public view override returns (uint256 nonce) { + return nonceSequenceNumber[sender][key] | (uint256(key) << 64); + } + + // allow an account to manually increment its own nonce. + // (mainly so that during construction nonce can be made non-zero, + // to "absorb" the gas cost of first nonce increment to 1st transaction (construction), + // not to 2nd transaction) + function incrementNonce(uint192 key) public override { + nonceSequenceNumber[msg.sender][key]++; + } + + /** + * validate nonce uniqueness for this account. + * called just after validateUserOp() + * @return true if the nonce was incremented successfully. + * false if the current nonce doesn't match the given one. + */ + function _validateAndUpdateNonce(address sender, uint256 nonce) internal returns (bool) { + + uint192 key = uint192(nonce >> 64); + uint64 seq = uint64(nonce); + return nonceSequenceNumber[sender][key]++ == seq; + } + +} diff --git a/dependencies/account-abstraction/contracts/core/SenderCreator.sol b/dependencies/account-abstraction/contracts/core/SenderCreator.sol new file mode 100644 index 00000000..43ea8036 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/SenderCreator.sol @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/** + * Helper contract for EntryPoint, to call userOp.initCode from a "neutral" address, + * which is explicitly not the entryPoint itself. + */ +contract SenderCreator { + /** + * Call the "initCode" factory to create and return the sender account address. + * @param initCode - The initCode value from a UserOp. contains 20 bytes of factory address, + * followed by calldata. + * @return sender - The returned address of the created account, or zero address on failure. + */ + function createSender( + bytes calldata initCode + ) external returns (address sender) { + address factory = address(bytes20(initCode[0:20])); + bytes memory initCallData = initCode[20:]; + bool success; + /* solhint-disable no-inline-assembly */ + assembly ("memory-safe") { + success := call( + gas(), + factory, + 0, + add(initCallData, 0x20), + mload(initCallData), + 0, + 32 + ) + sender := mload(0) + } + if (!success) { + sender = address(0); + } + } +} diff --git a/dependencies/account-abstraction/contracts/core/StakeManager.sol b/dependencies/account-abstraction/contracts/core/StakeManager.sol new file mode 100644 index 00000000..f90210b7 --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/StakeManager.sol @@ -0,0 +1,145 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "../interfaces/IStakeManager.sol"; + +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable not-rely-on-time */ + +/** + * Manage deposits and stakes. + * Deposit is just a balance used to pay for UserOperations (either by a paymaster or an account). + * Stake is value locked for at least "unstakeDelay" by a paymaster. + */ +abstract contract StakeManager is IStakeManager { + /// maps paymaster to their deposits and stakes + mapping(address => DepositInfo) public deposits; + + /// @inheritdoc IStakeManager + function getDepositInfo( + address account + ) public view returns (DepositInfo memory info) { + return deposits[account]; + } + + /** + * Internal method to return just the stake info. + * @param addr - The account to query. + */ + function _getStakeInfo( + address addr + ) internal view returns (StakeInfo memory info) { + DepositInfo storage depositInfo = deposits[addr]; + info.stake = depositInfo.stake; + info.unstakeDelaySec = depositInfo.unstakeDelaySec; + } + + /// @inheritdoc IStakeManager + function balanceOf(address account) public view returns (uint256) { + return deposits[account].deposit; + } + + receive() external payable { + depositTo(msg.sender); + } + + /** + * Increments an account's deposit. + * @param account - The account to increment. + * @param amount - The amount to increment by. + * @return the updated deposit of this account + */ + function _incrementDeposit(address account, uint256 amount) internal returns (uint256) { + DepositInfo storage info = deposits[account]; + uint256 newAmount = info.deposit + amount; + info.deposit = newAmount; + return newAmount; + } + + /** + * Add to the deposit of the given account. + * @param account - The account to add to. + */ + function depositTo(address account) public virtual payable { + uint256 newDeposit = _incrementDeposit(account, msg.value); + emit Deposited(account, newDeposit); + } + + /** + * Add to the account's stake - amount and delay + * any pending unstake is first cancelled. + * @param unstakeDelaySec The new lock duration before the deposit can be withdrawn. + */ + function addStake(uint32 unstakeDelaySec) public payable { + DepositInfo storage info = deposits[msg.sender]; + require(unstakeDelaySec > 0, "must specify unstake delay"); + require( + unstakeDelaySec >= info.unstakeDelaySec, + "cannot decrease unstake time" + ); + uint256 stake = info.stake + msg.value; + require(stake > 0, "no stake specified"); + require(stake <= type(uint112).max, "stake overflow"); + deposits[msg.sender] = DepositInfo( + info.deposit, + true, + uint112(stake), + unstakeDelaySec, + 0 + ); + emit StakeLocked(msg.sender, stake, unstakeDelaySec); + } + + /** + * Attempt to unlock the stake. + * The value can be withdrawn (using withdrawStake) after the unstake delay. + */ + function unlockStake() external { + DepositInfo storage info = deposits[msg.sender]; + require(info.unstakeDelaySec != 0, "not staked"); + require(info.staked, "already unstaking"); + uint48 withdrawTime = uint48(block.timestamp) + info.unstakeDelaySec; + info.withdrawTime = withdrawTime; + info.staked = false; + emit StakeUnlocked(msg.sender, withdrawTime); + } + + /** + * Withdraw from the (unlocked) stake. + * Must first call unlockStake and wait for the unstakeDelay to pass. + * @param withdrawAddress - The address to send withdrawn value. + */ + function withdrawStake(address payable withdrawAddress) external { + DepositInfo storage info = deposits[msg.sender]; + uint256 stake = info.stake; + require(stake > 0, "No stake to withdraw"); + require(info.withdrawTime > 0, "must call unlockStake() first"); + require( + info.withdrawTime <= block.timestamp, + "Stake withdrawal is not due" + ); + info.unstakeDelaySec = 0; + info.withdrawTime = 0; + info.stake = 0; + emit StakeWithdrawn(msg.sender, withdrawAddress, stake); + (bool success,) = withdrawAddress.call{value: stake}(""); + require(success, "failed to withdraw stake"); + } + + /** + * Withdraw from the deposit. + * @param withdrawAddress - The address to send withdrawn value. + * @param withdrawAmount - The amount to withdraw. + */ + function withdrawTo( + address payable withdrawAddress, + uint256 withdrawAmount + ) external { + DepositInfo storage info = deposits[msg.sender]; + require(withdrawAmount <= info.deposit, "Withdraw amount too large"); + info.deposit = info.deposit - withdrawAmount; + emit Withdrawn(msg.sender, withdrawAddress, withdrawAmount); + (bool success,) = withdrawAddress.call{value: withdrawAmount}(""); + require(success, "failed to withdraw"); + } +} diff --git a/dependencies/account-abstraction/contracts/core/UserOperationLib.sol b/dependencies/account-abstraction/contracts/core/UserOperationLib.sol new file mode 100644 index 00000000..dcf5740c --- /dev/null +++ b/dependencies/account-abstraction/contracts/core/UserOperationLib.sol @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable no-inline-assembly */ + +import "../interfaces/PackedUserOperation.sol"; +import {calldataKeccak, min} from "./Helpers.sol"; + +/** + * Utility functions helpful when working with UserOperation structs. + */ +library UserOperationLib { + + uint256 public constant PAYMASTER_VALIDATION_GAS_OFFSET = 20; + uint256 public constant PAYMASTER_POSTOP_GAS_OFFSET = 36; + uint256 public constant PAYMASTER_DATA_OFFSET = 52; + /** + * Get sender from user operation data. + * @param userOp - The user operation data. + */ + function getSender( + PackedUserOperation calldata userOp + ) internal pure returns (address) { + address data; + //read sender from userOp, which is first userOp member (saves 800 gas...) + assembly { + data := calldataload(userOp) + } + return address(uint160(data)); + } + + /** + * Relayer/block builder might submit the TX with higher priorityFee, + * but the user should not pay above what he signed for. + * @param userOp - The user operation data. + */ + function gasPrice( + PackedUserOperation calldata userOp + ) internal view returns (uint256) { + unchecked { + (uint256 maxPriorityFeePerGas, uint256 maxFeePerGas) = unpackUints(userOp.gasFees); + if (maxFeePerGas == maxPriorityFeePerGas) { + //legacy mode (for networks that don't support basefee opcode) + return maxFeePerGas; + } + return min(maxFeePerGas, maxPriorityFeePerGas + block.basefee); + } + } + + /** + * Pack the user operation data into bytes for hashing. + * @param userOp - The user operation data. + */ + function encode( + PackedUserOperation calldata userOp + ) internal pure returns (bytes memory ret) { + address sender = getSender(userOp); + uint256 nonce = userOp.nonce; + bytes32 hashInitCode = calldataKeccak(userOp.initCode); + bytes32 hashCallData = calldataKeccak(userOp.callData); + bytes32 accountGasLimits = userOp.accountGasLimits; + uint256 preVerificationGas = userOp.preVerificationGas; + bytes32 gasFees = userOp.gasFees; + bytes32 hashPaymasterAndData = calldataKeccak(userOp.paymasterAndData); + + return abi.encode( + sender, nonce, + hashInitCode, hashCallData, + accountGasLimits, preVerificationGas, gasFees, + hashPaymasterAndData + ); + } + + function unpackUints( + bytes32 packed + ) internal pure returns (uint256 high128, uint256 low128) { + return (uint128(bytes16(packed)), uint128(uint256(packed))); + } + + //unpack just the high 128-bits from a packed value + function unpackHigh128(bytes32 packed) internal pure returns (uint256) { + return uint256(packed) >> 128; + } + + // unpack just the low 128-bits from a packed value + function unpackLow128(bytes32 packed) internal pure returns (uint256) { + return uint128(uint256(packed)); + } + + function unpackMaxPriorityFeePerGas(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return unpackHigh128(userOp.gasFees); + } + + function unpackMaxFeePerGas(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return unpackLow128(userOp.gasFees); + } + + function unpackVerificationGasLimit(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return unpackHigh128(userOp.accountGasLimits); + } + + function unpackCallGasLimit(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return unpackLow128(userOp.accountGasLimits); + } + + function unpackPaymasterVerificationGasLimit(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return uint128(bytes16(userOp.paymasterAndData[PAYMASTER_VALIDATION_GAS_OFFSET : PAYMASTER_POSTOP_GAS_OFFSET])); + } + + function unpackPostOpGasLimit(PackedUserOperation calldata userOp) + internal pure returns (uint256) { + return uint128(bytes16(userOp.paymasterAndData[PAYMASTER_POSTOP_GAS_OFFSET : PAYMASTER_DATA_OFFSET])); + } + + function unpackPaymasterStaticFields( + bytes calldata paymasterAndData + ) internal pure returns (address paymaster, uint256 validationGasLimit, uint256 postOpGasLimit) { + return ( + address(bytes20(paymasterAndData[: PAYMASTER_VALIDATION_GAS_OFFSET])), + uint128(bytes16(paymasterAndData[PAYMASTER_VALIDATION_GAS_OFFSET : PAYMASTER_POSTOP_GAS_OFFSET])), + uint128(bytes16(paymasterAndData[PAYMASTER_POSTOP_GAS_OFFSET : PAYMASTER_DATA_OFFSET])) + ); + } + + /** + * Hash the user operation data. + * @param userOp - The user operation data. + */ + function hash( + PackedUserOperation calldata userOp + ) internal pure returns (bytes32) { + return keccak256(encode(userOp)); + } +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IAccount.sol b/dependencies/account-abstraction/contracts/interfaces/IAccount.sol new file mode 100644 index 00000000..e3b355fb --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IAccount.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +import "./PackedUserOperation.sol"; + +interface IAccount { + /** + * Validate user's signature and nonce + * the entryPoint will make the call to the recipient only if this validation call returns successfully. + * signature failure should be reported by returning SIG_VALIDATION_FAILED (1). + * This allows making a "simulation call" without a valid signature + * Other failures (e.g. nonce mismatch, or invalid signature format) should still revert to signal failure. + * + * @dev Must validate caller is the entryPoint. + * Must validate the signature and nonce + * @param userOp - The operation that is about to be executed. + * @param userOpHash - Hash of the user's request data. can be used as the basis for signature. + * @param missingAccountFunds - Missing funds on the account's deposit in the entrypoint. + * This is the minimum amount to transfer to the sender(entryPoint) to be + * able to make the call. The excess is left as a deposit in the entrypoint + * for future calls. Can be withdrawn anytime using "entryPoint.withdrawTo()". + * In case there is a paymaster in the request (or the current deposit is high + * enough), this value will be zero. + * @return validationData - Packaged ValidationData structure. use `_packValidationData` and + * `_unpackValidationData` to encode and decode. + * <20-byte> sigAuthorizer - 0 for valid signature, 1 to mark signature failure, + * otherwise, an address of an "authorizer" contract. + * <6-byte> validUntil - Last timestamp this operation is valid. 0 for "indefinite" + * <6-byte> validAfter - First timestamp this operation is valid + * If an account doesn't use time-range, it is enough to + * return SIG_VALIDATION_FAILED value (1) for signature failure. + * Note that the validation code cannot use block.timestamp (or block.number) directly. + */ + function validateUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash, + uint256 missingAccountFunds + ) external returns (uint256 validationData); +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IAccountExecute.sol b/dependencies/account-abstraction/contracts/interfaces/IAccountExecute.sol new file mode 100644 index 00000000..4433c80c --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IAccountExecute.sol @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +import "./PackedUserOperation.sol"; + +interface IAccountExecute { + /** + * Account may implement this execute method. + * passing this methodSig at the beginning of callData will cause the entryPoint to pass the full UserOp (and hash) + * to the account. + * The account should skip the methodSig, and use the callData (and optionally, other UserOp fields) + * + * @param userOp - The operation that was just validated. + * @param userOpHash - Hash of the user's request data. + */ + function executeUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash + ) external; +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IAggregator.sol b/dependencies/account-abstraction/contracts/interfaces/IAggregator.sol new file mode 100644 index 00000000..070d8f27 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IAggregator.sol @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +import "./PackedUserOperation.sol"; + +/** + * Aggregated Signatures validator. + */ +interface IAggregator { + /** + * Validate aggregated signature. + * Revert if the aggregated signature does not match the given list of operations. + * @param userOps - Array of UserOperations to validate the signature for. + * @param signature - The aggregated signature. + */ + function validateSignatures( + PackedUserOperation[] calldata userOps, + bytes calldata signature + ) external view; + + /** + * Validate signature of a single userOp. + * This method should be called by bundler after EntryPointSimulation.simulateValidation() returns + * the aggregator this account uses. + * First it validates the signature over the userOp. Then it returns data to be used when creating the handleOps. + * @param userOp - The userOperation received from the user. + * @return sigForUserOp - The value to put into the signature field of the userOp when calling handleOps. + * (usually empty, unless account and aggregator support some kind of "multisig". + */ + function validateUserOpSignature( + PackedUserOperation calldata userOp + ) external view returns (bytes memory sigForUserOp); + + /** + * Aggregate multiple signatures into a single value. + * This method is called off-chain to calculate the signature to pass with handleOps() + * bundler MAY use optimized custom code perform this aggregation. + * @param userOps - Array of UserOperations to collect the signatures from. + * @return aggregatedSignature - The aggregated signature. + */ + function aggregateSignatures( + PackedUserOperation[] calldata userOps + ) external view returns (bytes memory aggregatedSignature); +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IEntryPoint.sol b/dependencies/account-abstraction/contracts/interfaces/IEntryPoint.sol new file mode 100644 index 00000000..28c26f98 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IEntryPoint.sol @@ -0,0 +1,223 @@ +/** + ** Account-Abstraction (EIP-4337) singleton EntryPoint implementation. + ** Only one instance required on each chain. + **/ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable no-inline-assembly */ +/* solhint-disable reason-string */ + +import "./PackedUserOperation.sol"; +import "./IStakeManager.sol"; +import "./IAggregator.sol"; +import "./INonceManager.sol"; + +interface IEntryPoint is IStakeManager, INonceManager { + /*** + * An event emitted after each successful request. + * @param userOpHash - Unique identifier for the request (hash its entire content, except signature). + * @param sender - The account that generates this request. + * @param paymaster - If non-null, the paymaster that pays for this request. + * @param nonce - The nonce value from the request. + * @param success - True if the sender transaction succeeded, false if reverted. + * @param actualGasCost - Actual amount paid (by account or paymaster) for this UserOperation. + * @param actualGasUsed - Total gas used by this UserOperation (including preVerification, creation, + * validation and execution). + */ + event UserOperationEvent( + bytes32 indexed userOpHash, + address indexed sender, + address indexed paymaster, + uint256 nonce, + bool success, + uint256 actualGasCost, + uint256 actualGasUsed + ); + + /** + * Account "sender" was deployed. + * @param userOpHash - The userOp that deployed this account. UserOperationEvent will follow. + * @param sender - The account that is deployed + * @param factory - The factory used to deploy this account (in the initCode) + * @param paymaster - The paymaster used by this UserOp + */ + event AccountDeployed( + bytes32 indexed userOpHash, + address indexed sender, + address factory, + address paymaster + ); + + /** + * An event emitted if the UserOperation "callData" reverted with non-zero length. + * @param userOpHash - The request unique identifier. + * @param sender - The sender of this request. + * @param nonce - The nonce used in the request. + * @param revertReason - The return bytes from the (reverted) call to "callData". + */ + event UserOperationRevertReason( + bytes32 indexed userOpHash, + address indexed sender, + uint256 nonce, + bytes revertReason + ); + + /** + * An event emitted if the UserOperation Paymaster's "postOp" call reverted with non-zero length. + * @param userOpHash - The request unique identifier. + * @param sender - The sender of this request. + * @param nonce - The nonce used in the request. + * @param revertReason - The return bytes from the (reverted) call to "callData". + */ + event PostOpRevertReason( + bytes32 indexed userOpHash, + address indexed sender, + uint256 nonce, + bytes revertReason + ); + + /** + * UserOp consumed more than prefund. The UserOperation is reverted, and no refund is made. + * @param userOpHash - The request unique identifier. + * @param sender - The sender of this request. + * @param nonce - The nonce used in the request. + */ + event UserOperationPrefundTooLow( + bytes32 indexed userOpHash, + address indexed sender, + uint256 nonce + ); + + /** + * An event emitted by handleOps(), before starting the execution loop. + * Any event emitted before this event, is part of the validation. + */ + event BeforeExecution(); + + /** + * Signature aggregator used by the following UserOperationEvents within this bundle. + * @param aggregator - The aggregator used for the following UserOperationEvents. + */ + event SignatureAggregatorChanged(address indexed aggregator); + + /** + * A custom revert error of handleOps, to identify the offending op. + * Should be caught in off-chain handleOps simulation and not happen on-chain. + * Useful for mitigating DoS attempts against batchers or for troubleshooting of factory/account/paymaster reverts. + * NOTE: If simulateValidation passes successfully, there should be no reason for handleOps to fail on it. + * @param opIndex - Index into the array of ops to the failed one (in simulateValidation, this is always zero). + * @param reason - Revert reason. The string starts with a unique code "AAmn", + * where "m" is "1" for factory, "2" for account and "3" for paymaster issues, + * so a failure can be attributed to the correct entity. + */ + error FailedOp(uint256 opIndex, string reason); + + /** + * A custom revert error of handleOps, to report a revert by account or paymaster. + * @param opIndex - Index into the array of ops to the failed one (in simulateValidation, this is always zero). + * @param reason - Revert reason. see FailedOp(uint256,string), above + * @param inner - data from inner cought revert reason + * @dev note that inner is truncated to 2048 bytes + */ + error FailedOpWithRevert(uint256 opIndex, string reason, bytes inner); + + error PostOpReverted(bytes returnData); + + /** + * Error case when a signature aggregator fails to verify the aggregated signature it had created. + * @param aggregator The aggregator that failed to verify the signature + */ + error SignatureValidationFailed(address aggregator); + + // Return value of getSenderAddress. + error SenderAddressResult(address sender); + + // UserOps handled, per aggregator. + struct UserOpsPerAggregator { + PackedUserOperation[] userOps; + // Aggregator address + IAggregator aggregator; + // Aggregated signature + bytes signature; + } + + /** + * Execute a batch of UserOperations. + * No signature aggregator is used. + * If any account requires an aggregator (that is, it returned an aggregator when + * performing simulateValidation), then handleAggregatedOps() must be used instead. + * @param ops - The operations to execute. + * @param beneficiary - The address to receive the fees. + */ + function handleOps( + PackedUserOperation[] calldata ops, + address payable beneficiary + ) external; + + /** + * Execute a batch of UserOperation with Aggregators + * @param opsPerAggregator - The operations to execute, grouped by aggregator (or address(0) for no-aggregator accounts). + * @param beneficiary - The address to receive the fees. + */ + function handleAggregatedOps( + UserOpsPerAggregator[] calldata opsPerAggregator, + address payable beneficiary + ) external; + + /** + * Generate a request Id - unique identifier for this request. + * The request ID is a hash over the content of the userOp (except the signature), the entrypoint and the chainid. + * @param userOp - The user operation to generate the request ID for. + * @return hash the hash of this UserOperation + */ + function getUserOpHash( + PackedUserOperation calldata userOp + ) external view returns (bytes32); + + /** + * Gas and return values during simulation. + * @param preOpGas - The gas used for validation (including preValidationGas) + * @param prefund - The required prefund for this operation + * @param accountValidationData - returned validationData from account. + * @param paymasterValidationData - return validationData from paymaster. + * @param paymasterContext - Returned by validatePaymasterUserOp (to be passed into postOp) + */ + struct ReturnInfo { + uint256 preOpGas; + uint256 prefund; + uint256 accountValidationData; + uint256 paymasterValidationData; + bytes paymasterContext; + } + + /** + * Returned aggregated signature info: + * The aggregator returned by the account, and its current stake. + */ + struct AggregatorStakeInfo { + address aggregator; + StakeInfo stakeInfo; + } + + /** + * Get counterfactual sender address. + * Calculate the sender contract address that will be generated by the initCode and salt in the UserOperation. + * This method always revert, and returns the address in SenderAddressResult error + * @param initCode - The constructor code to be passed into the UserOperation. + */ + function getSenderAddress(bytes memory initCode) external; + + error DelegateAndRevert(bool success, bytes ret); + + /** + * Helper method for dry-run testing. + * @dev calling this method, the EntryPoint will make a delegatecall to the given data, and report (via revert) the result. + * The method always revert, so is only useful off-chain for dry run calls, in cases where state-override to replace + * actual EntryPoint code is less convenient. + * @param target a target contract to make a delegatecall from entrypoint + * @param data data to pass to target in a delegatecall + */ + function delegateAndRevert(address target, bytes calldata data) external; +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IEntryPointSimulations.sol b/dependencies/account-abstraction/contracts/interfaces/IEntryPointSimulations.sol new file mode 100644 index 00000000..a5a894f2 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IEntryPointSimulations.sol @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +import "./PackedUserOperation.sol"; +import "./IEntryPoint.sol"; + +interface IEntryPointSimulations is IEntryPoint { + // Return value of simulateHandleOp. + struct ExecutionResult { + uint256 preOpGas; + uint256 paid; + uint256 accountValidationData; + uint256 paymasterValidationData; + bool targetSuccess; + bytes targetResult; + } + + /** + * Successful result from simulateValidation. + * If the account returns a signature aggregator the "aggregatorInfo" struct is filled in as well. + * @param returnInfo Gas and time-range returned values + * @param senderInfo Stake information about the sender + * @param factoryInfo Stake information about the factory (if any) + * @param paymasterInfo Stake information about the paymaster (if any) + * @param aggregatorInfo Signature aggregation info (if the account requires signature aggregator) + * Bundler MUST use it to verify the signature, or reject the UserOperation. + */ + struct ValidationResult { + ReturnInfo returnInfo; + StakeInfo senderInfo; + StakeInfo factoryInfo; + StakeInfo paymasterInfo; + AggregatorStakeInfo aggregatorInfo; + } + + /** + * Simulate a call to account.validateUserOp and paymaster.validatePaymasterUserOp. + * @dev The node must also verify it doesn't use banned opcodes, and that it doesn't reference storage + * outside the account's data. + * @param userOp - The user operation to validate. + * @return the validation result structure + */ + function simulateValidation( + PackedUserOperation calldata userOp + ) + external + returns ( + ValidationResult memory + ); + + /** + * Simulate full execution of a UserOperation (including both validation and target execution) + * It performs full validation of the UserOperation, but ignores signature error. + * An optional target address is called after the userop succeeds, + * and its value is returned (before the entire call is reverted). + * Note that in order to collect the the success/failure of the target call, it must be executed + * with trace enabled to track the emitted events. + * @param op The UserOperation to simulate. + * @param target - If nonzero, a target address to call after userop simulation. If called, + * the targetSuccess and targetResult are set to the return from that call. + * @param targetCallData - CallData to pass to target address. + * @return the execution result structure + */ + function simulateHandleOp( + PackedUserOperation calldata op, + address target, + bytes calldata targetCallData + ) + external + returns ( + ExecutionResult memory + ); +} diff --git a/dependencies/account-abstraction/contracts/interfaces/INonceManager.sol b/dependencies/account-abstraction/contracts/interfaces/INonceManager.sol new file mode 100644 index 00000000..2f993f68 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/INonceManager.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +interface INonceManager { + + /** + * Return the next nonce for this sender. + * Within a given key, the nonce values are sequenced (starting with zero, and incremented by one on each userop) + * But UserOp with different keys can come with arbitrary order. + * + * @param sender the account address + * @param key the high 192 bit of the nonce + * @return nonce a full nonce to pass for next UserOp with this sender. + */ + function getNonce(address sender, uint192 key) + external view returns (uint256 nonce); + + /** + * Manually increment the nonce of the sender. + * This method is exposed just for completeness.. + * Account does NOT need to call it, neither during validation, nor elsewhere, + * as the EntryPoint will update the nonce regardless. + * Possible use-case is call it with various keys to "initialize" their nonces to one, so that future + * UserOperations will not pay extra for the first transaction with a given key. + */ + function incrementNonce(uint192 key) external; +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IPaymaster.sol b/dependencies/account-abstraction/contracts/interfaces/IPaymaster.sol new file mode 100644 index 00000000..9176a0b2 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IPaymaster.sol @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +import "./PackedUserOperation.sol"; + +/** + * The interface exposed by a paymaster contract, who agrees to pay the gas for user's operations. + * A paymaster must hold a stake to cover the required entrypoint stake and also the gas for the transaction. + */ +interface IPaymaster { + enum PostOpMode { + // User op succeeded. + opSucceeded, + // User op reverted. Still has to pay for gas. + opReverted, + // Only used internally in the EntryPoint (cleanup after postOp reverts). Never calling paymaster with this value + postOpReverted + } + + /** + * Payment validation: check if paymaster agrees to pay. + * Must verify sender is the entryPoint. + * Revert to reject this request. + * Note that bundlers will reject this method if it changes the state, unless the paymaster is trusted (whitelisted). + * The paymaster pre-pays using its deposit, and receive back a refund after the postOp method returns. + * @param userOp - The user operation. + * @param userOpHash - Hash of the user's request data. + * @param maxCost - The maximum cost of this transaction (based on maximum gas and gas price from userOp). + * @return context - Value to send to a postOp. Zero length to signify postOp is not required. + * @return validationData - Signature and time-range of this operation, encoded the same as the return + * value of validateUserOperation. + * <20-byte> sigAuthorizer - 0 for valid signature, 1 to mark signature failure, + * other values are invalid for paymaster. + * <6-byte> validUntil - last timestamp this operation is valid. 0 for "indefinite" + * <6-byte> validAfter - first timestamp this operation is valid + * Note that the validation code cannot use block.timestamp (or block.number) directly. + */ + function validatePaymasterUserOp( + PackedUserOperation calldata userOp, + bytes32 userOpHash, + uint256 maxCost + ) external returns (bytes memory context, uint256 validationData); + + /** + * Post-operation handler. + * Must verify sender is the entryPoint. + * @param mode - Enum with the following options: + * opSucceeded - User operation succeeded. + * opReverted - User op reverted. The paymaster still has to pay for gas. + * postOpReverted - never passed in a call to postOp(). + * @param context - The context value returned by validatePaymasterUserOp + * @param actualGasCost - Actual gas used so far (without this postOp call). + * @param actualUserOpFeePerGas - the gas price this UserOp pays. This value is based on the UserOp's maxFeePerGas + * and maxPriorityFee (and basefee) + * It is not the same as tx.gasprice, which is what the bundler pays. + */ + function postOp( + PostOpMode mode, + bytes calldata context, + uint256 actualGasCost, + uint256 actualUserOpFeePerGas + ) external; +} diff --git a/dependencies/account-abstraction/contracts/interfaces/IStakeManager.sol b/dependencies/account-abstraction/contracts/interfaces/IStakeManager.sol new file mode 100644 index 00000000..69083e93 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/IStakeManager.sol @@ -0,0 +1,111 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity >=0.7.5; + +/** + * Manage deposits and stakes. + * Deposit is just a balance used to pay for UserOperations (either by a paymaster or an account). + * Stake is value locked for at least "unstakeDelay" by the staked entity. + */ +interface IStakeManager { + event Deposited(address indexed account, uint256 totalDeposit); + + event Withdrawn( + address indexed account, + address withdrawAddress, + uint256 amount + ); + + // Emitted when stake or unstake delay are modified. + event StakeLocked( + address indexed account, + uint256 totalStaked, + uint256 unstakeDelaySec + ); + + // Emitted once a stake is scheduled for withdrawal. + event StakeUnlocked(address indexed account, uint256 withdrawTime); + + event StakeWithdrawn( + address indexed account, + address withdrawAddress, + uint256 amount + ); + + /** + * @param deposit - The entity's deposit. + * @param staked - True if this entity is staked. + * @param stake - Actual amount of ether staked for this entity. + * @param unstakeDelaySec - Minimum delay to withdraw the stake. + * @param withdrawTime - First block timestamp where 'withdrawStake' will be callable, or zero if already locked. + * @dev Sizes were chosen so that deposit fits into one cell (used during handleOp) + * and the rest fit into a 2nd cell (used during stake/unstake) + * - 112 bit allows for 10^15 eth + * - 48 bit for full timestamp + * - 32 bit allows 150 years for unstake delay + */ + struct DepositInfo { + uint256 deposit; + bool staked; + uint112 stake; + uint32 unstakeDelaySec; + uint48 withdrawTime; + } + + // API struct used by getStakeInfo and simulateValidation. + struct StakeInfo { + uint256 stake; + uint256 unstakeDelaySec; + } + + /** + * Get deposit info. + * @param account - The account to query. + * @return info - Full deposit information of given account. + */ + function getDepositInfo( + address account + ) external view returns (DepositInfo memory info); + + /** + * Get account balance. + * @param account - The account to query. + * @return - The deposit (for gas payment) of the account. + */ + function balanceOf(address account) external view returns (uint256); + + /** + * Add to the deposit of the given account. + * @param account - The account to add to. + */ + function depositTo(address account) external payable; + + /** + * Add to the account's stake - amount and delay + * any pending unstake is first cancelled. + * @param _unstakeDelaySec - The new lock duration before the deposit can be withdrawn. + */ + function addStake(uint32 _unstakeDelaySec) external payable; + + /** + * Attempt to unlock the stake. + * The value can be withdrawn (using withdrawStake) after the unstake delay. + */ + function unlockStake() external; + + /** + * Withdraw from the (unlocked) stake. + * Must first call unlockStake and wait for the unstakeDelay to pass. + * @param withdrawAddress - The address to send withdrawn value. + */ + function withdrawStake(address payable withdrawAddress) external; + + /** + * Withdraw from the deposit. + * @param withdrawAddress - The address to send withdrawn value. + * @param withdrawAmount - The amount to withdraw. + */ + function withdrawTo( + address payable withdrawAddress, + uint256 withdrawAmount + ) external; +} diff --git a/dependencies/account-abstraction/contracts/interfaces/PackedUserOperation.sol b/dependencies/account-abstraction/contracts/interfaces/PackedUserOperation.sol new file mode 100644 index 00000000..fe20de56 --- /dev/null +++ b/dependencies/account-abstraction/contracts/interfaces/PackedUserOperation.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity >=0.7.5; + +/** + * User Operation struct + * @param sender - The sender account of this request. + * @param nonce - Unique value the sender uses to verify it is not a replay. + * @param initCode - If set, the account contract will be created by this constructor/ + * @param callData - The method call to execute on this account. + * @param accountGasLimits - Packed gas limits for validateUserOp and gas limit passed to the callData method call. + * @param preVerificationGas - Gas not calculated by the handleOps method, but added to the gas paid. + * Covers batch overhead. + * @param gasFees - packed gas fields maxPriorityFeePerGas and maxFeePerGas - Same as EIP-1559 gas parameters. + * @param paymasterAndData - If set, this field holds the paymaster address, verification gas limit, postOp gas limit and paymaster-specific extra data + * The paymaster will pay for the transaction instead of the sender. + * @param signature - Sender-verified signature over the entire request, the EntryPoint address and the chain ID. + */ +struct PackedUserOperation { + address sender; + uint256 nonce; + bytes initCode; + bytes callData; + bytes32 accountGasLimits; + uint256 preVerificationGas; + bytes32 gasFees; + bytes paymasterAndData; + bytes signature; +} diff --git a/dependencies/account-abstraction/contracts/package.json b/dependencies/account-abstraction/contracts/package.json new file mode 100644 index 00000000..bb1703cb --- /dev/null +++ b/dependencies/account-abstraction/contracts/package.json @@ -0,0 +1,29 @@ +{ + "name": "@account-abstraction/contracts", + "description": "Account Abstraction (EIP 4337) contracts", + "version": "0.7.0", + "scripts": { + "prepack": "../scripts/prepack-contracts-package.sh", + "postpack": "../scripts/postpack-contracts-package.sh" + }, + "repository": { + "type": "git", + "url": "https://github.com/eth-infinitism/account-abstraction" + }, + "keywords": [ + "solidity", + "ethereum", + "smart", + "contracts", + "account-abstraction", + "erc-4337" + ], + "license": "MIT", + "bugs": { + "url": "https://github.com/eth-infinitism/account-abstraction/issues" + }, + "dependencies": { + "@openzeppelin/contracts": "^5.0.0", + "@uniswap/v3-periphery": "^1.4.3" + } +} diff --git a/dependencies/account-abstraction/contracts/samples/LegacyTokenPaymaster.sol b/dependencies/account-abstraction/contracts/samples/LegacyTokenPaymaster.sol new file mode 100644 index 00000000..1589696d --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/LegacyTokenPaymaster.sol @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable reason-string */ + +import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; +import "../core/BasePaymaster.sol"; +import "../core/UserOperationLib.sol"; +import "../core/Helpers.sol"; + +/** + * A sample paymaster that defines itself as a token to pay for gas. + * The paymaster IS the token to use, since a paymaster cannot use an external contract. + * Also, the exchange rate has to be fixed, since it can't reference an external Uniswap or other exchange contract. + * subclass should override "getTokenValueOfEth" to provide actual token exchange rate, settable by the owner. + * Known Limitation: this paymaster is exploitable when put into a batch with multiple ops (of different accounts): + * - while a single op can't exploit the paymaster (if postOp fails to withdraw the tokens, the user's op is reverted, + * and then we know we can withdraw the tokens), multiple ops with different senders (all using this paymaster) + * in a batch can withdraw funds from 2nd and further ops, forcing the paymaster itself to pay (from its deposit) + * - Possible workarounds are either use a more complex paymaster scheme (e.g. the DepositPaymaster) or + * to whitelist the account and the called method ids. + */ +contract LegacyTokenPaymaster is BasePaymaster, ERC20 { + using UserOperationLib for PackedUserOperation; + + //calculated cost of the postOp + uint256 constant public COST_OF_POST = 15000; + + address public immutable theFactory; + + constructor(address accountFactory, string memory _symbol, IEntryPoint _entryPoint) ERC20(_symbol, _symbol) BasePaymaster(_entryPoint) { + theFactory = accountFactory; + //make it non-empty + _mint(address(this), 1); + + //owner is allowed to withdraw tokens from the paymaster's balance + _approve(address(this), msg.sender, type(uint256).max); + } + + + /** + * helpers for owner, to mint and withdraw tokens. + * @param recipient - the address that will receive the minted tokens. + * @param amount - the amount it will receive. + */ + function mintTokens(address recipient, uint256 amount) external onlyOwner { + _mint(recipient, amount); + } + + /** + * transfer paymaster ownership. + * owner of this paymaster is allowed to withdraw funds (tokens transferred to this paymaster's balance) + * when changing owner, the old owner's withdrawal rights are revoked. + */ + function transferOwnership(address newOwner) public override virtual onlyOwner { + // remove allowance of current owner + _approve(address(this), owner(), 0); + super.transferOwnership(newOwner); + // new owner is allowed to withdraw tokens from the paymaster's balance + _approve(address(this), newOwner, type(uint256).max); + } + + //Note: this method assumes a fixed ratio of token-to-eth. subclass should override to supply oracle + // or a setter. + function getTokenValueOfEth(uint256 valueEth) internal view virtual returns (uint256 valueToken) { + return valueEth / 100; + } + + /** + * validate the request: + * if this is a constructor call, make sure it is a known account. + * verify the sender has enough tokens. + * (since the paymaster is also the token, there is no notion of "approval") + */ + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32 /*userOpHash*/, uint256 requiredPreFund) + internal view override returns (bytes memory context, uint256 validationData) { + uint256 tokenPrefund = getTokenValueOfEth(requiredPreFund); + + uint256 postOpGasLimit = userOp.unpackPostOpGasLimit(); + require( postOpGasLimit > COST_OF_POST, "TokenPaymaster: gas too low for postOp"); + + if (userOp.initCode.length != 0) { + _validateConstructor(userOp); + require(balanceOf(userOp.sender) >= tokenPrefund, "TokenPaymaster: no balance (pre-create)"); + } else { + + require(balanceOf(userOp.sender) >= tokenPrefund, "TokenPaymaster: no balance"); + } + + return (abi.encode(userOp.sender), SIG_VALIDATION_SUCCESS); + } + + // when constructing an account, validate constructor code and parameters + // we trust our factory (and that it doesn't have any other public methods) + function _validateConstructor(PackedUserOperation calldata userOp) internal virtual view { + address factory = address(bytes20(userOp.initCode[0 : 20])); + require(factory == theFactory, "TokenPaymaster: wrong account factory"); + } + + /** + * actual charge of user. + * this method will be called just after the user's TX with mode==OpSucceeded|OpReverted (account pays in both cases) + * BUT: if the user changed its balance in a way that will cause postOp to revert, then it gets called again, after reverting + * the user's TX , back to the state it was before the transaction started (before the validatePaymasterUserOp), + * and the transaction should succeed there. + */ + function _postOp(PostOpMode mode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas) internal override { + //we don't really care about the mode, we just pay the gas with the user's tokens. + (mode); + address sender = abi.decode(context, (address)); + uint256 charge = getTokenValueOfEth(actualGasCost + COST_OF_POST * actualUserOpFeePerGas); + //actualGasCost is known to be no larger than the above requiredPreFund, so the transfer should succeed. + _transfer(sender, address(this), charge); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/SimpleAccount.sol b/dependencies/account-abstraction/contracts/samples/SimpleAccount.sol new file mode 100644 index 00000000..61af6ca6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/SimpleAccount.sol @@ -0,0 +1,150 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable avoid-low-level-calls */ +/* solhint-disable no-inline-assembly */ +/* solhint-disable reason-string */ + +import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; +import "@openzeppelin/contracts/proxy/utils/Initializable.sol"; +import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol"; +import "../core/BaseAccount.sol"; +import "../core/Helpers.sol"; +import "./callback/TokenCallbackHandler.sol"; + +/** + * minimal account. + * this is sample minimal account. + * has execute, eth handling methods + * has a single signer that can send requests through the entryPoint. + */ +contract SimpleAccount is BaseAccount, TokenCallbackHandler, UUPSUpgradeable, Initializable { + address public owner; + + IEntryPoint private immutable _entryPoint; + + event SimpleAccountInitialized(IEntryPoint indexed entryPoint, address indexed owner); + + modifier onlyOwner() { + _onlyOwner(); + _; + } + + /// @inheritdoc BaseAccount + function entryPoint() public view virtual override returns (IEntryPoint) { + return _entryPoint; + } + + // solhint-disable-next-line no-empty-blocks + receive() external payable {} + + constructor(IEntryPoint anEntryPoint) { + _entryPoint = anEntryPoint; + _disableInitializers(); + } + + function _onlyOwner() internal view { + //directly from EOA owner, or through the account itself (which gets redirected through execute()) + require(msg.sender == owner || msg.sender == address(this), "only owner"); + } + + /** + * execute a transaction (called directly from owner, or by entryPoint) + * @param dest destination address to call + * @param value the value to pass in this call + * @param func the calldata to pass in this call + */ + function execute(address dest, uint256 value, bytes calldata func) external { + _requireFromEntryPointOrOwner(); + _call(dest, value, func); + } + + /** + * execute a sequence of transactions + * @dev to reduce gas consumption for trivial case (no value), use a zero-length array to mean zero value + * @param dest an array of destination addresses + * @param value an array of values to pass to each call. can be zero-length for no-value calls + * @param func an array of calldata to pass to each call + */ + function executeBatch(address[] calldata dest, uint256[] calldata value, bytes[] calldata func) external { + _requireFromEntryPointOrOwner(); + require(dest.length == func.length && (value.length == 0 || value.length == func.length), "wrong array lengths"); + if (value.length == 0) { + for (uint256 i = 0; i < dest.length; i++) { + _call(dest[i], 0, func[i]); + } + } else { + for (uint256 i = 0; i < dest.length; i++) { + _call(dest[i], value[i], func[i]); + } + } + } + + /** + * @dev The _entryPoint member is immutable, to reduce gas consumption. To upgrade EntryPoint, + * a new implementation of SimpleAccount must be deployed with the new EntryPoint address, then upgrading + * the implementation by calling `upgradeTo()` + * @param anOwner the owner (signer) of this account + */ + function initialize(address anOwner) public virtual initializer { + _initialize(anOwner); + } + + function _initialize(address anOwner) internal virtual { + owner = anOwner; + emit SimpleAccountInitialized(_entryPoint, owner); + } + + // Require the function call went through EntryPoint or owner + function _requireFromEntryPointOrOwner() internal view { + require(msg.sender == address(entryPoint()) || msg.sender == owner, "account: not Owner or EntryPoint"); + } + + /// implement template method of BaseAccount + function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash) + internal override virtual returns (uint256 validationData) { + bytes32 hash = MessageHashUtils.toEthSignedMessageHash(userOpHash); + if (owner != ECDSA.recover(hash, userOp.signature)) + return SIG_VALIDATION_FAILED; + return SIG_VALIDATION_SUCCESS; + } + + function _call(address target, uint256 value, bytes memory data) internal { + (bool success, bytes memory result) = target.call{value: value}(data); + if (!success) { + assembly { + revert(add(result, 32), mload(result)) + } + } + } + + /** + * check current account deposit in the entryPoint + */ + function getDeposit() public view returns (uint256) { + return entryPoint().balanceOf(address(this)); + } + + /** + * deposit more funds for this account in the entryPoint + */ + function addDeposit() public payable { + entryPoint().depositTo{value: msg.value}(address(this)); + } + + /** + * withdraw value from the account's deposit + * @param withdrawAddress target to send to + * @param amount to withdraw + */ + function withdrawDepositTo(address payable withdrawAddress, uint256 amount) public onlyOwner { + entryPoint().withdrawTo(withdrawAddress, amount); + } + + function _authorizeUpgrade(address newImplementation) internal view override { + (newImplementation); + _onlyOwner(); + } +} + diff --git a/dependencies/account-abstraction/contracts/samples/SimpleAccountFactory.sol b/dependencies/account-abstraction/contracts/samples/SimpleAccountFactory.sol new file mode 100644 index 00000000..5afa2ce6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/SimpleAccountFactory.sol @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/utils/Create2.sol"; +import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import "./SimpleAccount.sol"; + +/** + * A sample factory contract for SimpleAccount + * A UserOperations "initCode" holds the address of the factory, and a method call (to createAccount, in this sample factory). + * The factory's createAccount returns the target account address even if it is already installed. + * This way, the entryPoint.getSenderAddress() can be called either before or after the account is created. + */ +contract SimpleAccountFactory { + SimpleAccount public immutable accountImplementation; + + constructor(IEntryPoint _entryPoint) { + accountImplementation = new SimpleAccount(_entryPoint); + } + + /** + * create an account, and return its address. + * returns the address even if the account is already deployed. + * Note that during UserOperation execution, this method is called only if the account is not deployed. + * This method returns an existing account address so that entryPoint.getSenderAddress() would work even after account creation + */ + function createAccount(address owner,uint256 salt) public returns (SimpleAccount ret) { + address addr = getAddress(owner, salt); + uint256 codeSize = addr.code.length; + if (codeSize > 0) { + return SimpleAccount(payable(addr)); + } + ret = SimpleAccount(payable(new ERC1967Proxy{salt : bytes32(salt)}( + address(accountImplementation), + abi.encodeCall(SimpleAccount.initialize, (owner)) + ))); + } + + /** + * calculate the counterfactual address of this account as it would be returned by createAccount() + */ + function getAddress(address owner,uint256 salt) public view returns (address) { + return Create2.computeAddress(bytes32(salt), keccak256(abi.encodePacked( + type(ERC1967Proxy).creationCode, + abi.encode( + address(accountImplementation), + abi.encodeCall(SimpleAccount.initialize, (owner)) + ) + ))); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/TokenPaymaster.sol b/dependencies/account-abstraction/contracts/samples/TokenPaymaster.sol new file mode 100644 index 00000000..1d4c50d6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/TokenPaymaster.sol @@ -0,0 +1,217 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +// Import the required libraries and contracts +import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol"; +import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import "@openzeppelin/contracts/utils/cryptography/EIP712.sol"; + +import "../interfaces/IEntryPoint.sol"; +import "../core/BasePaymaster.sol"; +import "../core/Helpers.sol"; +import "./utils/UniswapHelper.sol"; +import "./utils/OracleHelper.sol"; + +/// @title Sample ERC-20 Token Paymaster for ERC-4337 +/// This Paymaster covers gas fees in exchange for ERC20 tokens charged using allowance pre-issued by ERC-4337 accounts. +/// The contract refunds excess tokens if the actual gas cost is lower than the initially provided amount. +/// The token price cannot be queried in the validation code due to storage access restrictions of ERC-4337. +/// The price is cached inside the contract and is updated in the 'postOp' stage if the change is >10%. +/// It is theoretically possible the token has depreciated so much since the last 'postOp' the refund becomes negative. +/// The contract reverts the inner user transaction in that case but keeps the charge. +/// The contract also allows honest clients to prepay tokens at a higher price to avoid getting reverted. +/// It also allows updating price configuration and withdrawing tokens by the contract owner. +/// The contract uses an Oracle to fetch the latest token prices. +/// @dev Inherits from BasePaymaster. +contract TokenPaymaster is BasePaymaster, UniswapHelper, OracleHelper { + + using UserOperationLib for PackedUserOperation; + + struct TokenPaymasterConfig { + /// @notice The price markup percentage applied to the token price (1e26 = 100%). Ranges from 1e26 to 2e26 + uint256 priceMarkup; + + /// @notice Exchange tokens to native currency if the EntryPoint balance of this Paymaster falls below this value + uint128 minEntryPointBalance; + + /// @notice Estimated gas cost for refunding tokens after the transaction is completed + uint48 refundPostopCost; + + /// @notice Transactions are only valid as long as the cached price is not older than this value + uint48 priceMaxAge; + } + + event ConfigUpdated(TokenPaymasterConfig tokenPaymasterConfig); + + event UserOperationSponsored(address indexed user, uint256 actualTokenCharge, uint256 actualGasCost, uint256 actualTokenPriceWithMarkup); + + event Received(address indexed sender, uint256 value); + + /// @notice All 'price' variables are multiplied by this value to avoid rounding up + uint256 private constant PRICE_DENOMINATOR = 1e26; + + TokenPaymasterConfig public tokenPaymasterConfig; + + /// @notice Initializes the TokenPaymaster contract with the given parameters. + /// @param _token The ERC20 token used for transaction fee payments. + /// @param _entryPoint The EntryPoint contract used in the Account Abstraction infrastructure. + /// @param _wrappedNative The ERC-20 token that wraps the native asset for current chain. + /// @param _uniswap The Uniswap V3 SwapRouter contract. + /// @param _tokenPaymasterConfig The configuration for the Token Paymaster. + /// @param _oracleHelperConfig The configuration for the Oracle Helper. + /// @param _uniswapHelperConfig The configuration for the Uniswap Helper. + /// @param _owner The address that will be set as the owner of the contract. + constructor( + IERC20Metadata _token, + IEntryPoint _entryPoint, + IERC20 _wrappedNative, + ISwapRouter _uniswap, + TokenPaymasterConfig memory _tokenPaymasterConfig, + OracleHelperConfig memory _oracleHelperConfig, + UniswapHelperConfig memory _uniswapHelperConfig, + address _owner + ) + BasePaymaster( + _entryPoint + ) + OracleHelper( + _oracleHelperConfig + ) + UniswapHelper( + _token, + _wrappedNative, + _uniswap, + _uniswapHelperConfig + ) + { + setTokenPaymasterConfig(_tokenPaymasterConfig); + transferOwnership(_owner); + } + + /// @notice Updates the configuration for the Token Paymaster. + /// @param _tokenPaymasterConfig The new configuration struct. + function setTokenPaymasterConfig( + TokenPaymasterConfig memory _tokenPaymasterConfig + ) public onlyOwner { + require(_tokenPaymasterConfig.priceMarkup <= 2 * PRICE_DENOMINATOR, "TPM: price markup too high"); + require(_tokenPaymasterConfig.priceMarkup >= PRICE_DENOMINATOR, "TPM: price markup too low"); + tokenPaymasterConfig = _tokenPaymasterConfig; + emit ConfigUpdated(_tokenPaymasterConfig); + } + + function setUniswapConfiguration( + UniswapHelperConfig memory _uniswapHelperConfig + ) external onlyOwner { + _setUniswapHelperConfiguration(_uniswapHelperConfig); + } + + /// @notice Allows the contract owner to withdraw a specified amount of tokens from the contract. + /// @param to The address to transfer the tokens to. + /// @param amount The amount of tokens to transfer. + function withdrawToken(address to, uint256 amount) external onlyOwner { + SafeERC20.safeTransfer(token, to, amount); + } + + /// @notice Validates a paymaster user operation and calculates the required token amount for the transaction. + /// @param userOp The user operation data. + /// @param requiredPreFund The maximum cost (in native token) the paymaster has to prefund. + /// @return context The context containing the token amount and user sender address (if applicable). + /// @return validationResult A uint256 value indicating the result of the validation (always 0 in this implementation). + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32, uint256 requiredPreFund) + internal + override + returns (bytes memory context, uint256 validationResult) {unchecked { + uint256 priceMarkup = tokenPaymasterConfig.priceMarkup; + uint256 dataLength = userOp.paymasterAndData.length - PAYMASTER_DATA_OFFSET; + require(dataLength == 0 || dataLength == 32, + "TPM: invalid data length" + ); + uint256 maxFeePerGas = userOp.unpackMaxFeePerGas(); + uint256 refundPostopCost = tokenPaymasterConfig.refundPostopCost; + require(refundPostopCost < userOp.unpackPostOpGasLimit(), "TPM: postOpGasLimit too low"); + uint256 preChargeNative = requiredPreFund + (refundPostopCost * maxFeePerGas); + // note: as price is in native-asset-per-token and we want more tokens increasing it means dividing it by markup + uint256 cachedPriceWithMarkup = cachedPrice * PRICE_DENOMINATOR / priceMarkup; + if (dataLength == 32) { + uint256 clientSuppliedPrice = uint256(bytes32(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET : PAYMASTER_DATA_OFFSET + 32])); + if (clientSuppliedPrice < cachedPriceWithMarkup) { + // note: smaller number means 'more native asset per token' + cachedPriceWithMarkup = clientSuppliedPrice; + } + } + uint256 tokenAmount = weiToToken(preChargeNative, cachedPriceWithMarkup); + SafeERC20.safeTransferFrom(token, userOp.sender, address(this), tokenAmount); + context = abi.encode(tokenAmount, userOp.sender); + validationResult = _packValidationData( + false, + uint48(cachedPriceTimestamp + tokenPaymasterConfig.priceMaxAge), + 0 + ); + } + } + + /// @notice Performs post-operation tasks, such as updating the token price and refunding excess tokens. + /// @dev This function is called after a user operation has been executed or reverted. + /// @param context The context containing the token amount and user sender address. + /// @param actualGasCost The actual gas cost of the transaction. + /// @param actualUserOpFeePerGas - the gas price this UserOp pays. This value is based on the UserOp's maxFeePerGas + // and maxPriorityFee (and basefee) + // It is not the same as tx.gasprice, which is what the bundler pays. + function _postOp(PostOpMode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas) internal override { + unchecked { + uint256 priceMarkup = tokenPaymasterConfig.priceMarkup; + ( + uint256 preCharge, + address userOpSender + ) = abi.decode(context, (uint256, address)); + uint256 _cachedPrice = updateCachedPrice(false); + // note: as price is in native-asset-per-token and we want more tokens increasing it means dividing it by markup + uint256 cachedPriceWithMarkup = _cachedPrice * PRICE_DENOMINATOR / priceMarkup; + // Refund tokens based on actual gas cost + uint256 actualChargeNative = actualGasCost + tokenPaymasterConfig.refundPostopCost * actualUserOpFeePerGas; + uint256 actualTokenNeeded = weiToToken(actualChargeNative, cachedPriceWithMarkup); + if (preCharge > actualTokenNeeded) { + // If the initially provided token amount is greater than the actual amount needed, refund the difference + SafeERC20.safeTransfer( + token, + userOpSender, + preCharge - actualTokenNeeded + ); + } else if (preCharge < actualTokenNeeded) { + // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client + // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat + SafeERC20.safeTransferFrom( + token, + userOpSender, + address(this), + actualTokenNeeded - preCharge + ); + } + + emit UserOperationSponsored(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup); + refillEntryPointDeposit(_cachedPrice); + } + } + + /// @notice If necessary this function uses this Paymaster's token balance to refill the deposit on EntryPoint + /// @param _cachedPrice the token price that will be used to calculate the swap amount. + function refillEntryPointDeposit(uint256 _cachedPrice) private { + uint256 currentEntryPointBalance = entryPoint.balanceOf(address(this)); + if ( + currentEntryPointBalance < tokenPaymasterConfig.minEntryPointBalance + ) { + uint256 swappedWeth = _maybeSwapTokenToWeth(token, _cachedPrice); + unwrapWeth(swappedWeth); + entryPoint.depositTo{value: address(this).balance}(address(this)); + } + } + + receive() external payable { + emit Received(msg.sender, msg.value); + } + + function withdrawEth(address payable recipient, uint256 amount) external onlyOwner { + (bool success,) = recipient.call{value: amount}(""); + require(success, "withdraw failed"); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/VerifyingPaymaster.sol b/dependencies/account-abstraction/contracts/samples/VerifyingPaymaster.sol new file mode 100644 index 00000000..1ddce2f4 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/VerifyingPaymaster.sol @@ -0,0 +1,96 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable reason-string */ +/* solhint-disable no-inline-assembly */ + +import "../core/BasePaymaster.sol"; +import "../core/UserOperationLib.sol"; +import "../core/Helpers.sol"; +import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; +/** + * A sample paymaster that uses external service to decide whether to pay for the UserOp. + * The paymaster trusts an external signer to sign the transaction. + * The calling user must pass the UserOp to that external signer first, which performs + * whatever off-chain verification before signing the UserOp. + * Note that this signature is NOT a replacement for the account-specific signature: + * - the paymaster checks a signature to agree to PAY for GAS. + * - the account checks a signature to prove identity and account ownership. + */ +contract VerifyingPaymaster is BasePaymaster { + + using UserOperationLib for PackedUserOperation; + + address public immutable verifyingSigner; + + uint256 private constant VALID_TIMESTAMP_OFFSET = PAYMASTER_DATA_OFFSET; + + uint256 private constant SIGNATURE_OFFSET = VALID_TIMESTAMP_OFFSET + 64; + + constructor(IEntryPoint _entryPoint, address _verifyingSigner) BasePaymaster(_entryPoint) { + verifyingSigner = _verifyingSigner; + } + + /** + * return the hash we're going to sign off-chain (and validate on-chain) + * this method is called by the off-chain service, to sign the request. + * it is called on-chain from the validatePaymasterUserOp, to validate the signature. + * note that this signature covers all fields of the UserOperation, except the "paymasterAndData", + * which will carry the signature itself. + */ + function getHash(PackedUserOperation calldata userOp, uint48 validUntil, uint48 validAfter) + public view returns (bytes32) { + //can't use userOp.hash(), since it contains also the paymasterAndData itself. + address sender = userOp.getSender(); + return + keccak256( + abi.encode( + sender, + userOp.nonce, + keccak256(userOp.initCode), + keccak256(userOp.callData), + userOp.accountGasLimits, + uint256(bytes32(userOp.paymasterAndData[PAYMASTER_VALIDATION_GAS_OFFSET : PAYMASTER_DATA_OFFSET])), + userOp.preVerificationGas, + userOp.gasFees, + block.chainid, + address(this), + validUntil, + validAfter + ) + ); + } + + /** + * verify our external signer signed this request. + * the "paymasterAndData" is expected to be the paymaster and a signature over the entire request params + * paymasterAndData[:20] : address(this) + * paymasterAndData[20:84] : abi.encode(validUntil, validAfter) + * paymasterAndData[84:] : signature + */ + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32 /*userOpHash*/, uint256 requiredPreFund) + internal view override returns (bytes memory context, uint256 validationData) { + (requiredPreFund); + + (uint48 validUntil, uint48 validAfter, bytes calldata signature) = parsePaymasterAndData(userOp.paymasterAndData); + //ECDSA library supports both 64 and 65-byte long signatures. + // we only "require" it here so that the revert reason on invalid signature will be of "VerifyingPaymaster", and not "ECDSA" + require(signature.length == 64 || signature.length == 65, "VerifyingPaymaster: invalid signature length in paymasterAndData"); + bytes32 hash = MessageHashUtils.toEthSignedMessageHash(getHash(userOp, validUntil, validAfter)); + + //don't revert on signature failure: return SIG_VALIDATION_FAILED + if (verifyingSigner != ECDSA.recover(hash, signature)) { + return ("", _packValidationData(true, validUntil, validAfter)); + } + + //no need for other on-chain validation: entire UserOp should have been checked + // by the external service prior to signing it. + return ("", _packValidationData(false, validUntil, validAfter)); + } + + function parsePaymasterAndData(bytes calldata paymasterAndData) public pure returns (uint48 validUntil, uint48 validAfter, bytes calldata signature) { + (validUntil, validAfter) = abi.decode(paymasterAndData[VALID_TIMESTAMP_OFFSET :], (uint48, uint48)); + signature = paymasterAndData[SIGNATURE_OFFSET :]; + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/BLSAccount.sol b/dependencies/account-abstraction/contracts/samples/bls/BLSAccount.sol new file mode 100644 index 00000000..cd480a79 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/BLSAccount.sol @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../SimpleAccount.sol"; +import "./IBLSAccount.sol"; +import "../../core/Helpers.sol"; + +/** + * Minimal BLS-based account that uses an aggregated signature. + * The account must maintain its own BLS public key, and expose its trusted signature aggregator. + * Note that unlike the "standard" SimpleAccount, this account can't be called directly + * (normal SimpleAccount uses its "signer" address as both the ecrecover signer, and as a legitimate + * Ethereum sender address. Obviously, a BLS public key is not a valid Ethereum sender address.) + */ +contract BLSAccount is SimpleAccount, IBLSAccount { + address public immutable aggregator; + uint256[4] private publicKey; + + // The constructor is used only for the "implementation" and only sets immutable values. + // Mutable value slots for proxy accounts are set by the 'initialize' function. + constructor(IEntryPoint anEntryPoint, address anAggregator) SimpleAccount(anEntryPoint) { + aggregator = anAggregator; + } + + /** + * The initializer for the BLSAccount instance. + * @param aPublicKey public key from a BLS keypair that will have a full ownership and control of this account. + */ + function initialize(uint256[4] memory aPublicKey) public virtual initializer { + super._initialize(address(0)); + _setBlsPublicKey(aPublicKey); + } + + function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash) + internal override view returns (uint256 validationData) { + + (userOp, userOpHash); + if (userOp.initCode.length != 0) { + // BLSSignatureAggregator.getUserOpPublicKey() assumes that during account creation, the public key is + // the suffix of the initCode. + // The account MUST validate it + bytes32 pubKeyHash = keccak256(abi.encode(getBlsPublicKey())); + require(keccak256(userOp.initCode[userOp.initCode.length - 128 :]) == pubKeyHash, "wrong pubkey"); + } + return _packValidationData(ValidationData(aggregator, 0,0)); + } + + /** + * Allows the owner to set or change the BLS key. + * @param newPublicKey public key from a BLS keypair that will have a full ownership and control of this account. + */ + function setBlsPublicKey(uint256[4] memory newPublicKey) public onlyOwner { + _setBlsPublicKey(newPublicKey); + } + + function _setBlsPublicKey(uint256[4] memory newPublicKey) internal { + emit PublicKeyChanged(publicKey, newPublicKey); + publicKey = newPublicKey; + } + + /// @inheritdoc IBLSAccount + function getBlsPublicKey() public override view returns (uint256[4] memory) { + return publicKey; + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/BLSAccountFactory.sol b/dependencies/account-abstraction/contracts/samples/bls/BLSAccountFactory.sol new file mode 100644 index 00000000..95947142 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/BLSAccountFactory.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/utils/Create2.sol"; +import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import "../../interfaces/IEntryPoint.sol"; +import "./BLSAccount.sol"; + +/* solhint-disable no-inline-assembly */ + +/** + * Based on SimpleAccountFactory. + * Cannot be a subclass since both constructor and createAccount depend on the + * constructor and initializer of the actual account contract. + */ +contract BLSAccountFactory { + BLSAccount public immutable accountImplementation; + + constructor(IEntryPoint entryPoint, address aggregator){ + accountImplementation = new BLSAccount(entryPoint, aggregator); + } + + /** + * create an account, and return its address. + * returns the address even if the account is already deployed. + * Note that during UserOperation execution, this method is called only if the account is not deployed. + * This method returns an existing account address so that entryPoint.getSenderAddress() would work even after account creation + * Also note that our BLSSignatureAggregator requires that the public key is the last parameter + */ + function createAccount(uint256 salt, uint256[4] calldata aPublicKey) public returns (BLSAccount) { + + // the BLSSignatureAggregator depends on the public-key being the last 4 uint256 of msg.data. + uint256 slot; + assembly {slot := aPublicKey} + require(slot == msg.data.length - 128, "wrong pubkey offset"); + + address addr = getAddress(salt, aPublicKey); + uint256 codeSize = addr.code.length; + if (codeSize > 0) { + return BLSAccount(payable(addr)); + } + return BLSAccount(payable(new ERC1967Proxy{salt : bytes32(salt)}( + address(accountImplementation), + abi.encodeCall(BLSAccount.initialize, aPublicKey) + ))); + } + + /** + * calculate the counterfactual address of this account as it would be returned by createAccount() + */ + function getAddress(uint256 salt, uint256[4] memory aPublicKey) public view returns (address) { + return Create2.computeAddress(bytes32(salt), keccak256(abi.encodePacked( + type(ERC1967Proxy).creationCode, + abi.encode( + address(accountImplementation), + abi.encodeCall(BLSAccount.initialize, (aPublicKey)) + ) + ))); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/BLSHelper.sol b/dependencies/account-abstraction/contracts/samples/bls/BLSHelper.sol new file mode 100644 index 00000000..a1a19713 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/BLSHelper.sol @@ -0,0 +1,232 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +// code taken from : https://github.com/witnet/elliptic-curve-solidity/blob/master/contracts/EllipticCurve.sol +// missing core functions from "thehubbleproject/bls": jacAdd (and sum) +library BLSHelper { + + struct XY { + uint256 x; + uint256 y; + } + /** + * sum all the points in the array + * NOTE: the "ecAdd" (below) has a special case where x1==y2. + * @param points an array of bytes32[2], representing an (x,y) of a point + * @param _pp the modulus of the curve + * @return ret the sum of all points + */ + function sum(XY[] memory points, uint256 _pp) internal pure returns (XY memory ret){ + uint256 x = points[0].x; + uint256 y = points[0].y; + uint256 z = 1; + + for (uint256 i = 1; i < points.length; i++) { + (x, y, z) = jacAdd(x, y, z, points[i].x, points[i].y, 1, _pp); + } + (x, y) = toAffine(x, y, z, _pp); + ret.x = x; + ret.y = y; + } + + /// @dev Adds two points (x1, y1, z1) and (x2, y2, z2). + /// @param _x1 coordinate x of P1 + /// @param _y1 coordinate y of P1 + /// @param _z1 coordinate z of P1 + /// @param _x2 coordinate x of square + /// @param _y2 coordinate y of square + /// @param _z2 coordinate z of square + /// @param _pp the modulus + /// @return (qx, qy, qz) P1+square in Jacobian + function jacAdd( + uint256 _x1, + uint256 _y1, + uint256 _z1, + uint256 _x2, + uint256 _y2, + uint256 _z2, + uint256 _pp) + internal pure returns (uint256, uint256, uint256) + { + if (_x1 == 0 && _y1 == 0) + return (_x2, _y2, _z2); + if (_x2 == 0 && _y2 == 0) + return (_x1, _y1, _z1); + + // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5 + uint256[4] memory zs; + // z1^2, z1^3, z2^2, z2^3 + zs[0] = mulmod(_z1, _z1, _pp); + zs[1] = mulmod(_z1, zs[0], _pp); + zs[2] = mulmod(_z2, _z2, _pp); + zs[3] = mulmod(_z2, zs[2], _pp); + + // u1, s1, u2, s2 + zs = [ + mulmod(_x1, zs[2], _pp), + mulmod(_y1, zs[3], _pp), + mulmod(_x2, zs[0], _pp), + mulmod(_y2, zs[1], _pp) + ]; + + // In case of zs[0] == zs[2] && zs[1] == zs[3], double function should be used + require(zs[0] != zs[2] || zs[1] != zs[3], "Use jacDouble function instead"); + + uint256[4] memory hr; + //h + hr[0] = addmod(zs[2], _pp - zs[0], _pp); + //r + hr[1] = addmod(zs[3], _pp - zs[1], _pp); + //h^2 + hr[2] = mulmod(hr[0], hr[0], _pp); + // h^3 + hr[3] = mulmod(hr[2], hr[0], _pp); + // qx = -h^3 -2u1h^2+r^2 + uint256 qx = addmod(mulmod(hr[1], hr[1], _pp), _pp - hr[3], _pp); + qx = addmod(qx, _pp - mulmod(2, mulmod(zs[0], hr[2], _pp), _pp), _pp); + // qy = -s1*z1*h^3+r(u1*h^2 -x^3) + uint256 qy = mulmod(hr[1], addmod(mulmod(zs[0], hr[2], _pp), _pp - qx, _pp), _pp); + qy = addmod(qy, _pp - mulmod(zs[1], hr[3], _pp), _pp); + // qz = h*z1*z2 + uint256 qz = mulmod(hr[0], mulmod(_z1, _z2, _pp), _pp); + return (qx, qy, qz); + } + + + /// @dev Converts a point (x, y, z) expressed in Jacobian coordinates to affine coordinates (x', y', 1). + /// @param _x coordinate x + /// @param _y coordinate y + /// @param _z coordinate z + /// @param _pp the modulus + /// @return (x', y') affine coordinates + function toAffine( + uint256 _x, + uint256 _y, + uint256 _z, + uint256 _pp) + internal pure returns (uint256, uint256) + { + uint256 zInv = invMod(_z, _pp); + uint256 zInv2 = mulmod(zInv, zInv, _pp); + uint256 x2 = mulmod(_x, zInv2, _pp); + uint256 y2 = mulmod(_y, mulmod(zInv, zInv2, _pp), _pp); + + return (x2, y2); + } + + + /// @dev Modular euclidean inverse of a number (mod p). + /// @param _x The number + /// @param _pp The modulus + /// @return q such that x*q = 1 (mod _pp) + function invMod(uint256 _x, uint256 _pp) internal pure returns (uint256) { + require(_x != 0 && _x != _pp && _pp != 0, "Invalid number"); + uint256 q = 0; + uint256 newT = 1; + uint256 r = _pp; + uint256 t; + while (_x != 0) { + t = r / _x; + (q, newT) = (newT, addmod(q, (_pp - mulmod(t, newT, _pp)), _pp)); + (r, _x) = (_x, r - t * _x); + } + + return q; + } + + /// @dev Doubles a point (x, y, z). + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _z coordinate z of P1 + /// @param _aa the a scalar in the curve equation + /// @param _pp the modulus + /// @return (qx, qy, qz) 2P in Jacobian + function jacDouble( + uint256 _x, + uint256 _y, + uint256 _z, + uint256 _aa, + uint256 _pp) + internal pure returns (uint256, uint256, uint256) + { + if (_z == 0) + return (_x, _y, _z); + + // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5 + // Note: there is a bug in the paper regarding the m parameter, M=3*(x1^2)+a*(z1^4) + // x, y, z at this point represent the squares of _x, _y, _z + uint256 x = mulmod(_x, _x, _pp); //x1^2 + uint256 y = mulmod(_y, _y, _pp); //y1^2 + uint256 z = mulmod(_z, _z, _pp); //z1^2 + + // s + uint256 s = mulmod(4, mulmod(_x, y, _pp), _pp); + // m + uint256 m = addmod(mulmod(3, x, _pp), mulmod(_aa, mulmod(z, z, _pp), _pp), _pp); + + // x, y, z at this point will be reassigned and rather represent qx, qy, qz from the paper + // This allows to reduce the gas cost and stack footprint of the algorithm + // qx + x = addmod(mulmod(m, m, _pp), _pp - addmod(s, s, _pp), _pp); + // qy = -8*y1^4 + M(S-T) + y = addmod(mulmod(m, addmod(s, _pp - x, _pp), _pp), _pp - mulmod(8, mulmod(y, y, _pp), _pp), _pp); + // qz = 2*y1*z1 + z = mulmod(2, mulmod(_y, _z, _pp), _pp); + + return (x, y, z); + } + + /// @dev Add two points (x1, y1) and (x2, y2) in affine coordinates. + /// @param _x1 coordinate x of P1 + /// @param _y1 coordinate y of P1 + /// @param _x2 coordinate x of P2 + /// @param _y2 coordinate y of P2 + /// @param _aa constant of the curve + /// @param _pp the modulus + /// @return (qx, qy) = P1+P2 in affine coordinates + function ecAdd( + uint256 _x1, + uint256 _y1, + uint256 _x2, + uint256 _y2, + uint256 _aa, + uint256 _pp) + internal pure returns (uint256, uint256) + { + uint256 x = 0; + uint256 y = 0; + uint256 z = 0; + + // Double if x1==x2 else add + if (_x1 == _x2) { + // y1 = -y2 mod p + if (addmod(_y1, _y2, _pp) == 0) { + return (0, 0); + } else { + // P1 = P2 + (x, y, z) = jacDouble( + _x1, + _y1, + 1, + _aa, + _pp); + } + } else { + (x, y, z) = jacAdd( + _x1, + _y1, + 1, + _x2, + _y2, + 1, + _pp); + } + // Get back to affine + return toAffine( + x, + y, + z, + _pp); + } + +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/BLSSignatureAggregator.sol b/dependencies/account-abstraction/contracts/samples/bls/BLSSignatureAggregator.sol new file mode 100644 index 00000000..a2ac0f32 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/BLSSignatureAggregator.sol @@ -0,0 +1,171 @@ +//SPDX-License-Identifier: Unlicense +pragma solidity ^0.8.23; + +import "../../interfaces/IAggregator.sol"; +import "../../interfaces/IEntryPoint.sol"; +import "../../core/UserOperationLib.sol"; +import {BLSOpen} from "./lib/BLSOpen.sol"; +import "./IBLSAccount.sol"; +import "./BLSHelper.sol"; + +/** + * A BLS-based signature aggregator, to validate aggregated signature of multiple UserOps if BLSAccount + */ +contract BLSSignatureAggregator is IAggregator { + using UserOperationLib for PackedUserOperation; + + bytes32 public constant BLS_DOMAIN = keccak256("eip4337.bls.domain"); + + //copied from BLS.sol + uint256 public constant N = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + + address public immutable entryPoint; + + constructor(address _entryPoint) { + entryPoint = _entryPoint; + } + + /** + * return the public key of this account. + * @param userOp the UserOperation that we need the account's public key for. + * @return publicKey - the public key from a BLS keypair the Aggregator will use to verify this UserOp; + * normally public key will be queried from the deployed BLSAccount itself; + * the public key will be read from the 'initCode' if the account is not deployed yet; + */ + function getUserOpPublicKey(PackedUserOperation memory userOp) public view returns (uint256[4] memory publicKey) { + bytes memory initCode = userOp.initCode; + if (initCode.length > 0) { + publicKey = getTrailingPublicKey(initCode); + } else { + return IBLSAccount(userOp.sender).getBlsPublicKey{gas : 50000}(); + } + } + + /** + * return the trailing 4 words of input data + */ + function getTrailingPublicKey(bytes memory data) public pure returns (uint256[4] memory publicKey) { + uint256 len = data.length; + require(len > 32 * 4, "data too short for sig"); + + /* solhint-disable-next-line no-inline-assembly */ + assembly { + // actual buffer starts at data+32, so last 128 bytes start at data+32+len-128 = data+len-96 + let ofs := sub(add(data, len), 96) + mstore(publicKey, mload(ofs)) + mstore(add(publicKey, 32), mload(add(ofs, 32))) + mstore(add(publicKey, 64), mload(add(ofs, 64))) + mstore(add(publicKey, 96), mload(add(ofs, 96))) + } + } + + /// @inheritdoc IAggregator + function validateSignatures(PackedUserOperation[] calldata userOps, bytes calldata signature) + external view override { + require(signature.length == 64, "BLS: invalid signature"); + (uint256[2] memory blsSignature) = abi.decode(signature, (uint256[2])); + + uint256 userOpsLen = userOps.length; + uint256[4][] memory blsPublicKeys = new uint256[4][](userOpsLen); + uint256[2][] memory messages = new uint256[2][](userOpsLen); + for (uint256 i = 0; i < userOpsLen; i++) { + + PackedUserOperation memory userOp = userOps[i]; + blsPublicKeys[i] = getUserOpPublicKey(userOp); + + messages[i] = _userOpToMessage(userOp, _getPublicKeyHash(blsPublicKeys[i])); + } + require(BLSOpen.verifyMultiple(blsSignature, blsPublicKeys, messages), "BLS: validateSignatures failed"); + } + + /** + * get a hash of userOp + * NOTE: this hash is not the same as UserOperation.hash() + * (slightly less efficient, since it uses memory userOp) + */ + function internalUserOpHash(PackedUserOperation memory userOp) internal pure returns (bytes32) { + return keccak256(abi.encode( + userOp.sender, + userOp.nonce, + keccak256(userOp.initCode), + keccak256(userOp.callData), + userOp.accountGasLimits, + userOp.preVerificationGas, + userOp.gasFees, + keccak256(userOp.paymasterAndData) + )); + } + + /** + * return the BLS "message" for the given UserOp. + * the account checks the signature over this value using its public key + */ + function userOpToMessage(PackedUserOperation memory userOp) public view returns (uint256[2] memory) { + bytes32 publicKeyHash = _getPublicKeyHash(getUserOpPublicKey(userOp)); + return _userOpToMessage(userOp, publicKeyHash); + } + + function _userOpToMessage(PackedUserOperation memory userOp, bytes32 publicKeyHash) internal view returns (uint256[2] memory) { + bytes32 userOpHash = _getUserOpHash(userOp, publicKeyHash); + return BLSOpen.hashToPoint(BLS_DOMAIN, abi.encodePacked(userOpHash)); + } + + + function getUserOpHash(PackedUserOperation memory userOp) public view returns (bytes32) { + bytes32 publicKeyHash = _getPublicKeyHash(getUserOpPublicKey(userOp)); + return _getUserOpHash(userOp, publicKeyHash); + } + + function _getUserOpHash(PackedUserOperation memory userOp, bytes32 publicKeyHash) internal view returns (bytes32) { + return keccak256(abi.encode(internalUserOpHash(userOp), publicKeyHash, address(this), block.chainid, entryPoint)); + } + + function _getPublicKeyHash(uint256[4] memory publicKey) internal pure returns(bytes32) { + return keccak256(abi.encode(publicKey)); + } + /** + * validate signature of a single userOp + * This method is called after EntryPoint.simulateValidation() returns an aggregator. + * First it validates the signature over the userOp. then it return data to be used when creating the handleOps: + * @param userOp the userOperation received from the user. + * @return sigForUserOp the value to put into the signature field of the userOp when calling handleOps. + * (usually empty, unless account and aggregator support some kind of "multisig" + */ + function validateUserOpSignature(PackedUserOperation calldata userOp) + external view returns (bytes memory sigForUserOp) { + uint256[2] memory signature = abi.decode(userOp.signature, (uint256[2])); + uint256[4] memory pubkey = getUserOpPublicKey(userOp); + uint256[2] memory message = _userOpToMessage(userOp, _getPublicKeyHash(pubkey)); + + require(BLSOpen.verifySingle(signature, pubkey, message), "BLS: wrong sig"); + return ""; + } + + + /** + * aggregate multiple signatures into a single value. + * This method is called off-chain to calculate the signature to pass with handleOps() + * bundler MAY use optimized custom code perform this aggregation + * @param userOps array of UserOperations to collect the signatures from. + * @return aggregatedSignature the aggregated signature + */ + function aggregateSignatures(PackedUserOperation[] calldata userOps) external pure returns (bytes memory aggregatedSignature) { + BLSHelper.XY[] memory points = new BLSHelper.XY[](userOps.length); + for (uint256 i = 0; i < points.length; i++) { + (uint256 x, uint256 y) = abi.decode(userOps[i].signature, (uint256, uint256)); + points[i] = BLSHelper.XY(x, y); + } + BLSHelper.XY memory sum = BLSHelper.sum(points, N); + return abi.encode(sum.x, sum.y); + } + + /** + * allow staking for this aggregator + * there is no limit on stake or delay, but it is not a problem, since it is a permissionless + * signature aggregator, which doesn't support unstaking. + * @param unstakeDelaySec - the required unstaked delay + */ + function addStake(uint32 unstakeDelaySec) external payable { + IEntryPoint(entryPoint).addStake{value : msg.value}(unstakeDelaySec); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/IBLSAccount.sol b/dependencies/account-abstraction/contracts/samples/bls/IBLSAccount.sol new file mode 100644 index 00000000..c7d0e7f6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/IBLSAccount.sol @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity >=0.7.5; + +import "../../interfaces/IAccount.sol"; + +/** + * a BLS account should expose its own public key. + */ +interface IBLSAccount is IAccount { + event PublicKeyChanged(uint256[4] oldPublicKey, uint256[4] newPublicKey); + + /** + * @return public key from a BLS keypair that is used to verify the BLS signature, both separately and aggregated. + */ + function getBlsPublicKey() external view returns (uint256[4] memory); +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/lib/BLSOpen.sol b/dependencies/account-abstraction/contracts/samples/bls/lib/BLSOpen.sol new file mode 100644 index 00000000..914955b3 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/lib/BLSOpen.sol @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import { BLS } from "./hubble-contracts/contracts/libs/BLS.sol"; + +library BLSOpen { + function verifySingle( + uint256[2] memory signature, + uint256[4] memory pubkey, + uint256[2] memory message + ) external view returns (bool) { + uint256[4][] memory pubkeys = new uint256[4][](1); + uint256[2][] memory messages = new uint256[2][](1); + pubkeys[0] = pubkey; + messages[0] = message; + + (bool verified, bool callSuccess) = BLS.verifyMultiple( + signature, + pubkeys, + messages + ); + return callSuccess && verified; + + // // NB: (result, success) opposite of `call` convention (success, result). + // (bool verified, bool callSuccess) = BLS.verifySingle( + // signature, + // pubkey, + // message + // ); + // return callSuccess && verified; + } + + function verifyMultiple( + uint256[2] memory signature, + uint256[4][] memory pubkeys, + uint256[2][] memory messages + ) external view returns (bool) { + (bool verified, bool callSuccess) = BLS.verifyMultiple( + signature, + pubkeys, + messages + ); + return callSuccess && verified; + } + + function hashToPoint( + bytes32 domain, + bytes memory message + ) external view returns (uint256[2] memory) { + return BLS.hashToPoint( + domain, + message + ); + } + + function isZeroBLSKey(uint256[4] memory blsKey) public pure returns (bool) { + bool isZero = true; + for (uint256 i=0; isZero && i<4; i++) { + isZero = (blsKey[i] == 0); + } + return isZero; + } + +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BLS.sol b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BLS.sol new file mode 100644 index 00000000..e02bc10c --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BLS.sol @@ -0,0 +1,440 @@ +// SPDX-License-Identifier: MIT +pragma solidity >= 0.6.12; + +import { ModexpInverse, ModexpSqrt } from "./ModExp.sol"; +import { + BNPairingPrecompileCostEstimator +} from "./BNPairingPrecompileCostEstimator.sol"; + +/** + @title Boneh–Lynn–Shacham (BLS) signature scheme on Barreto-Naehrig 254 bit curve (BN-254) + @notice We use BLS signature aggregation to reduce the size of signature data to store on chain. + @dev We use G1 points for signatures and messages, and G2 points for public keys + */ +library BLS { + // Field order + // prettier-ignore + uint256 private constant N = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + + // Negated genarator of G2 + // prettier-ignore + uint256 private constant N_G2_X1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; + // prettier-ignore + uint256 private constant N_G2_X0 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; + // prettier-ignore + uint256 private constant N_G2_Y1 = 17805874995975841540914202342111839520379459829704422454583296818431106115052; + // prettier-ignore + uint256 private constant N_G2_Y0 = 13392588948715843804641432497768002650278120570034223513918757245338268106653; + + // sqrt(-3) + // prettier-ignore + uint256 private constant Z0 = 0x0000000000000000b3c4d79d41a91759a9e4c7e359b6b89eaec68e62effffffd; + // (sqrt(-3) - 1) / 2 + // prettier-ignore + uint256 private constant Z1 = 0x000000000000000059e26bcea0d48bacd4f263f1acdb5c4f5763473177fffffe; + + // prettier-ignore + uint256 private constant T24 = 0x1000000000000000000000000000000000000000000000000; + // prettier-ignore + uint256 private constant MASK24 = 0xffffffffffffffffffffffffffffffffffffffffffffffff; + + // estimator address +// address private constant COST_ESTIMATOR_ADDRESS = new 0x22E4a5251C1F02de8369Dd6f192033F6CB7531A4; + + function verifySingle( + uint256[2] memory signature, + uint256[4] memory pubkey, + uint256[2] memory message + ) internal view returns (bool, bool) { + uint256[12] memory input = + [ + signature[0], + signature[1], + N_G2_X1, + N_G2_X0, + N_G2_Y1, + N_G2_Y0, + message[0], + message[1], + pubkey[1], + pubkey[0], + pubkey[3], + pubkey[2] + ]; + uint256[1] memory out; + uint256 precompileGasCost = gasleft(); +// BNPairingPrecompileCostEstimator(COST_ESTIMATOR_ADDRESS).getGasCost( +// 2 +// ); + bool callSuccess; + // solium-disable-next-line security/no-inline-assembly + assembly { + callSuccess := staticcall( + precompileGasCost, + 8, + input, + 384, + out, + 0x20 + ) + } + if (!callSuccess) { + return (false, false); + } + return (out[0] != 0, true); + } + + function verifyMultiple( + uint256[2] memory signature, + uint256[4][] memory pubkeys, + uint256[2][] memory messages + ) internal view returns (bool checkResult, bool callSuccess) { + uint256 size = pubkeys.length; + require(size > 0, "BLS: number of public key is zero"); + require( + size == messages.length, + "BLS: number of public keys and messages must be equal" + ); + uint256 inputSize = (size + 1) * 6; + uint256[] memory input = new uint256[](inputSize); + input[0] = signature[0]; + input[1] = signature[1]; + input[2] = N_G2_X1; + input[3] = N_G2_X0; + input[4] = N_G2_Y1; + input[5] = N_G2_Y0; + for (uint256 i = 0; i < size; i++) { + input[i * 6 + 6] = messages[i][0]; + input[i * 6 + 7] = messages[i][1]; + input[i * 6 + 8] = pubkeys[i][1]; + input[i * 6 + 9] = pubkeys[i][0]; + input[i * 6 + 10] = pubkeys[i][3]; + input[i * 6 + 11] = pubkeys[i][2]; + } + uint256[1] memory out; + + // prettier-ignore + uint256 precompileGasCost = gasleft(); +// uint256 precompileGasCost = BNPairingPrecompileCostEstimator(COST_ESTIMATOR_ADDRESS).getGasCost(size + 1); + // solium-disable-next-line security/no-inline-assembly + assembly { + callSuccess := staticcall( + precompileGasCost, + 8, + add(input, 0x20), + mul(inputSize, 0x20), + out, + 0x20 + ) + } + if (!callSuccess) { + return (false, false); + } + return (out[0] != 0, true); + } + + /** + @notice Fouque-Tibouchi Hash to Curve + */ + function hashToPoint(bytes32 domain, bytes memory message) + internal + view + returns (uint256[2] memory) + { + uint256[2] memory u = hashToField(domain, message); + uint256[2] memory p0 = mapToPoint(u[0]); + uint256[2] memory p1 = mapToPoint(u[1]); + uint256[4] memory bnAddInput; + bnAddInput[0] = p0[0]; + bnAddInput[1] = p0[1]; + bnAddInput[2] = p1[0]; + bnAddInput[3] = p1[1]; + bool success; + // solium-disable-next-line security/no-inline-assembly + assembly { + success := staticcall(sub(gas(), 2000), 6, bnAddInput, 128, p0, 64) + switch success + case 0 { + invalid() + } + } + require(success, "BLS: bn add call failed"); + return p0; + } + + function mapToPoint(uint256 _x) + internal + pure + returns (uint256[2] memory p) + { + require(_x < N, "mapToPointFT: invalid field element"); + uint256 x = _x; + + (, bool decision) = sqrt(x); + + uint256 a0 = mulmod(x, x, N); + a0 = addmod(a0, 4, N); + uint256 a1 = mulmod(x, Z0, N); + uint256 a2 = mulmod(a1, a0, N); + a2 = inverse(a2); + a1 = mulmod(a1, a1, N); + a1 = mulmod(a1, a2, N); + + // x1 + a1 = mulmod(x, a1, N); + x = addmod(Z1, N - a1, N); + // check curve + a1 = mulmod(x, x, N); + a1 = mulmod(a1, x, N); + a1 = addmod(a1, 3, N); + bool found; + (a1, found) = sqrt(a1); + if (found) { + if (!decision) { + a1 = N - a1; + } + return [x, a1]; + } + + // x2 + x = N - addmod(x, 1, N); + // check curve + a1 = mulmod(x, x, N); + a1 = mulmod(a1, x, N); + a1 = addmod(a1, 3, N); + (a1, found) = sqrt(a1); + if (found) { + if (!decision) { + a1 = N - a1; + } + return [x, a1]; + } + + // x3 + x = mulmod(a0, a0, N); + x = mulmod(x, x, N); + x = mulmod(x, a2, N); + x = mulmod(x, a2, N); + x = addmod(x, 1, N); + // must be on curve + a1 = mulmod(x, x, N); + a1 = mulmod(a1, x, N); + a1 = addmod(a1, 3, N); + (a1, found) = sqrt(a1); + require(found, "BLS: bad ft mapping implementation"); + if (!decision) { + a1 = N - a1; + } + return [x, a1]; + } + + function isValidSignature(uint256[2] memory signature) + internal + pure + returns (bool) + { + if ((signature[0] >= N) || (signature[1] >= N)) { + return false; + } else { + return isOnCurveG1(signature); + } + } + + function isOnCurveG1(uint256[2] memory point) + internal + pure + returns (bool _isOnCurve) + { + // solium-disable-next-line security/no-inline-assembly + assembly { + let t0 := mload(point) + let t1 := mload(add(point, 32)) + let t2 := mulmod(t0, t0, N) + t2 := mulmod(t2, t0, N) + t2 := addmod(t2, 3, N) + t1 := mulmod(t1, t1, N) + _isOnCurve := eq(t1, t2) + } + } + + function isOnCurveG2(uint256[4] memory point) + internal + pure + returns (bool _isOnCurve) + { + // solium-disable-next-line security/no-inline-assembly + assembly { + // x0, x1 + let t0 := mload(point) + let t1 := mload(add(point, 32)) + // x0 ^ 2 + let t2 := mulmod(t0, t0, N) + // x1 ^ 2 + let t3 := mulmod(t1, t1, N) + // 3 * x0 ^ 2 + let t4 := add(add(t2, t2), t2) + // 3 * x1 ^ 2 + let t5 := addmod(add(t3, t3), t3, N) + // x0 * (x0 ^ 2 - 3 * x1 ^ 2) + t2 := mulmod(add(t2, sub(N, t5)), t0, N) + // x1 * (3 * x0 ^ 2 - x1 ^ 2) + t3 := mulmod(add(t4, sub(N, t3)), t1, N) + + // x ^ 3 + b + t0 := addmod( + t2, + 0x2b149d40ceb8aaae81be18991be06ac3b5b4c5e559dbefa33267e6dc24a138e5, + N + ) + t1 := addmod( + t3, + 0x009713b03af0fed4cd2cafadeed8fdf4a74fa084e52d1852e4a2bd0685c315d2, + N + ) + + // y0, y1 + t2 := mload(add(point, 64)) + t3 := mload(add(point, 96)) + // y ^ 2 + t4 := mulmod(addmod(t2, t3, N), addmod(t2, sub(N, t3), N), N) + t3 := mulmod(shl(1, t2), t3, N) + + // y ^ 2 == x ^ 3 + b + _isOnCurve := and(eq(t0, t4), eq(t1, t3)) + } + } + + function sqrt(uint256 xx) internal pure returns (uint256 x, bool hasRoot) { + x = ModexpSqrt.run(xx); + hasRoot = mulmod(x, x, N) == xx; + } + + function inverse(uint256 a) internal pure returns (uint256) { + return ModexpInverse.run(a); + } + + function hashToField(bytes32 domain, bytes memory messages) + internal + pure + returns (uint256[2] memory) + { + bytes memory _msg = expandMsgTo96(domain, messages); + uint256 u0; + uint256 u1; + uint256 a0; + uint256 a1; + // solium-disable-next-line security/no-inline-assembly + assembly { + let p := add(_msg, 24) + u1 := and(mload(p), MASK24) + p := add(_msg, 48) + u0 := and(mload(p), MASK24) + a0 := addmod(mulmod(u1, T24, N), u0, N) + p := add(_msg, 72) + u1 := and(mload(p), MASK24) + p := add(_msg, 96) + u0 := and(mload(p), MASK24) + a1 := addmod(mulmod(u1, T24, N), u0, N) + } + return [a0, a1]; + } + + function expandMsgTo96(bytes32 domain, bytes memory message) + internal + pure + returns (bytes memory) + { + // zero<64>|msg|lib_str<2>|I2OSP(0, 1)<1>|dst|dst_len<1> + uint256 t0 = message.length; + bytes memory msg0 = new bytes(32 + t0 + 64 + 4); + bytes memory out = new bytes(96); + // b0 + // solium-disable-next-line security/no-inline-assembly + assembly { + let p := add(msg0, 96) + for { + let z := 0 + } lt(z, t0) { + z := add(z, 32) + } { + mstore(add(p, z), mload(add(message, add(z, 32)))) + } + p := add(p, t0) + + mstore8(p, 0) + p := add(p, 1) + mstore8(p, 96) + p := add(p, 1) + mstore8(p, 0) + p := add(p, 1) + + mstore(p, domain) + p := add(p, 32) + mstore8(p, 32) + } + bytes32 b0 = sha256(msg0); + bytes32 bi; + t0 = 32 + 34; + + // resize intermediate message + // solium-disable-next-line security/no-inline-assembly + assembly { + mstore(msg0, t0) + } + + // b1 + + // solium-disable-next-line security/no-inline-assembly + assembly { + mstore(add(msg0, 32), b0) + mstore8(add(msg0, 64), 1) + mstore(add(msg0, 65), domain) + mstore8(add(msg0, add(32, 65)), 32) + } + + bi = sha256(msg0); + + // solium-disable-next-line security/no-inline-assembly + assembly { + mstore(add(out, 32), bi) + } + + // b2 + + // solium-disable-next-line security/no-inline-assembly + assembly { + let t := xor(b0, bi) + mstore(add(msg0, 32), t) + mstore8(add(msg0, 64), 2) + mstore(add(msg0, 65), domain) + mstore8(add(msg0, add(32, 65)), 32) + } + + bi = sha256(msg0); + + // solium-disable-next-line security/no-inline-assembly + assembly { + mstore(add(out, 64), bi) + } + + // b3 + + // solium-disable-next-line security/no-inline-assembly + assembly { + let t := xor(b0, bi) + mstore(add(msg0, 32), t) + mstore8(add(msg0, 64), 3) + mstore(add(msg0, 65), domain) + mstore8(add(msg0, add(32, 65)), 32) + } + + bi = sha256(msg0); + + // solium-disable-next-line security/no-inline-assembly + assembly { + mstore(add(out, 96), bi) + } + + return out; + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BNPairingPrecompileCostEstimator.sol b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BNPairingPrecompileCostEstimator.sol new file mode 100644 index 00000000..30d04a40 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/BNPairingPrecompileCostEstimator.sol @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: MIT +pragma solidity >=0.6.12; + +contract BNPairingPrecompileCostEstimator { + uint256 public baseCost; + uint256 public perPairCost; + + // G1 Generator + uint256 private constant G1_X = 1; + uint256 private constant G1_Y = 2; + + // G2 genarator + // prettier-ignore + uint256 private constant G2_X0 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; + // prettier-ignore + uint256 private constant G2_X1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; + // prettier-ignore + uint256 private constant G2_Y0 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; + // prettier-ignore + uint256 private constant G2_Y1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; + + // G2 negated genarator y coordinates + // prettier-ignore + uint256 private constant N_G2_Y0 = 13392588948715843804641432497768002650278120570034223513918757245338268106653; + // prettier-ignore + uint256 private constant N_G2_Y1 = 17805874995975841540914202342111839520379459829704422454583296818431106115052; + + function run() external { + _run(); + } + + function getGasCost(uint256 pairCount) external view returns (uint256) { + return pairCount * perPairCost + baseCost; + } + + function _run() internal { + uint256 gasCost1Pair = _gasCost1Pair(); + uint256 gasCost2Pair = _gasCost2Pair(); + perPairCost = gasCost2Pair - gasCost1Pair; + baseCost = gasCost1Pair - perPairCost; + } + + function _gasCost1Pair() internal view returns (uint256) { + uint256[6] memory input = [G1_X, G1_Y, G2_X1, G2_X0, G2_Y1, G2_Y0]; + uint256[1] memory out; + bool callSuccess; + uint256 suppliedGas = gasleft() - 2000; + require( + gasleft() > 2000, + "BNPairingPrecompileCostEstimator: not enough gas, single pair" + ); + uint256 gasT0 = gasleft(); + // solium-disable-next-line security/no-inline-assembly + assembly { + callSuccess := staticcall(suppliedGas, 8, input, 192, out, 0x20) + } + uint256 gasCost = gasT0 - gasleft(); + require( + callSuccess, + "BNPairingPrecompileCostEstimator: single pair call is failed" + ); + require( + out[0] == 0, + "BNPairingPrecompileCostEstimator: single pair call result must be 0" + ); + return gasCost; + } + + function _gasCost2Pair() internal view returns (uint256) { + uint256[12] memory input = + [ + G1_X, + G1_Y, + G2_X1, + G2_X0, + G2_Y1, + G2_Y0, + G1_X, + G1_Y, + G2_X1, + G2_X0, + N_G2_Y1, + N_G2_Y0 + ]; + uint256[1] memory out; + bool callSuccess; + uint256 suppliedGas = gasleft() - 2000; + require( + gasleft() > 2000, + "BNPairingPrecompileCostEstimator: not enough gas, couple pair" + ); + uint256 gasT0 = gasleft(); + // solium-disable-next-line security/no-inline-assembly + assembly { + callSuccess := staticcall(suppliedGas, 8, input, 384, out, 0x20) + } + uint256 gasCost = gasT0 - gasleft(); + require( + callSuccess, + "BNPairingPrecompileCostEstimator: couple pair call is failed" + ); + require( + out[0] == 1, + "BNPairingPrecompileCostEstimator: couple pair call result must be 1" + ); + return gasCost; + } +} diff --git a/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/ModExp.sol b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/ModExp.sol new file mode 100644 index 00000000..6fd08f11 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/bls/lib/hubble-contracts/contracts/libs/ModExp.sol @@ -0,0 +1,652 @@ +// SPDX-License-Identifier: MIT +pragma solidity >= 0.6.12; + +/** + @title Compute Inverse by Modular Exponentiation + @notice Compute $input^(N - 2) mod N$ using Addition Chain method. + Where N = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 + and N - 2 = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd45 + @dev the function body is generated with the modified addchain script + see https://github.com/kobigurk/addchain/commit/2c37a2ace567a9bdc680b4e929c94aaaa3ec700f + */ +library ModexpInverse { + function run(uint256 t2) internal pure returns (uint256 t0) { + // solium-disable-next-line security/no-inline-assembly + assembly { + let + n + := 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 + t0 := mulmod(t2, t2, n) + let t5 := mulmod(t0, t2, n) + let t1 := mulmod(t5, t0, n) + let t3 := mulmod(t5, t5, n) + let t8 := mulmod(t1, t0, n) + let t4 := mulmod(t3, t5, n) + let t6 := mulmod(t3, t1, n) + t0 := mulmod(t3, t3, n) + let t7 := mulmod(t8, t3, n) + t3 := mulmod(t4, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + } + } +} + +/** + @title Compute Squre Root by Modular Exponentiation + @notice Compute $input^{(N + 1) / 4} mod N$ using Addition Chain method. + Where N = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 + and (N + 1) / 4 = 0xc19139cb84c680a6e14116da060561765e05aa45a1c72a34f082305b61f3f52 + */ +library ModexpSqrt { + function run(uint256 t6) internal pure returns (uint256 t0) { + // solium-disable-next-line security/no-inline-assembly + assembly { + let + n + := 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 + + t0 := mulmod(t6, t6, n) + let t4 := mulmod(t0, t6, n) + let t2 := mulmod(t4, t0, n) + let t3 := mulmod(t4, t4, n) + let t8 := mulmod(t2, t0, n) + let t1 := mulmod(t3, t4, n) + let t5 := mulmod(t3, t2, n) + t0 := mulmod(t3, t3, n) + let t7 := mulmod(t8, t3, n) + t3 := mulmod(t1, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t8, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t7, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t6, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t5, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t4, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t3, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t2, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t0, n) + t0 := mulmod(t0, t1, n) + t0 := mulmod(t0, t0, n) + } + } +} diff --git a/dependencies/account-abstraction/contracts/samples/callback/TokenCallbackHandler.sol b/dependencies/account-abstraction/contracts/samples/callback/TokenCallbackHandler.sol new file mode 100644 index 00000000..2b4a72ff --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/callback/TokenCallbackHandler.sol @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable no-empty-blocks */ + +import "@openzeppelin/contracts/utils/introspection/IERC165.sol"; +import "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol"; +import "@openzeppelin/contracts/token/ERC1155/IERC1155Receiver.sol"; + +/** + * Token callback handler. + * Handles supported tokens' callbacks, allowing account receiving these tokens. + */ +abstract contract TokenCallbackHandler is IERC721Receiver, IERC1155Receiver { + + function onERC721Received( + address, + address, + uint256, + bytes calldata + ) external pure override returns (bytes4) { + return IERC721Receiver.onERC721Received.selector; + } + + function onERC1155Received( + address, + address, + uint256, + uint256, + bytes calldata + ) external pure override returns (bytes4) { + return IERC1155Receiver.onERC1155Received.selector; + } + + function onERC1155BatchReceived( + address, + address, + uint256[] calldata, + uint256[] calldata, + bytes calldata + ) external pure override returns (bytes4) { + return IERC1155Receiver.onERC1155BatchReceived.selector; + } + + function supportsInterface(bytes4 interfaceId) external view virtual override returns (bool) { + return + interfaceId == type(IERC721Receiver).interfaceId || + interfaceId == type(IERC1155Receiver).interfaceId || + interfaceId == type(IERC165).interfaceId; + } +} diff --git a/dependencies/account-abstraction/contracts/samples/utils/IOracle.sol b/dependencies/account-abstraction/contracts/samples/utils/IOracle.sol new file mode 100644 index 00000000..a8c23812 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/utils/IOracle.sol @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +interface IOracle { + function decimals() external view returns (uint8); + function latestRoundData() + external + view + returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound); +} diff --git a/dependencies/account-abstraction/contracts/samples/utils/OracleHelper.sol b/dependencies/account-abstraction/contracts/samples/utils/OracleHelper.sol new file mode 100644 index 00000000..49e6fcf5 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/utils/OracleHelper.sol @@ -0,0 +1,170 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable not-rely-on-time */ + +import "./IOracle.sol"; + +/// @title Helper functions for dealing with various forms of price feed oracles. +/// @notice Maintains a price cache and updates the current price if needed. +/// In the best case scenario we have a direct oracle from the token to the native asset. +/// Also support tokens that have no direct price oracle to the native asset. +/// Sometimes oracles provide the price in the opposite direction of what we need in the moment. +abstract contract OracleHelper { + + event TokenPriceUpdated(uint256 currentPrice, uint256 previousPrice, uint256 cachedPriceTimestamp); + + uint256 private constant PRICE_DENOMINATOR = 1e26; + + struct OracleHelperConfig { + + /// @notice The price cache will be returned without even fetching the oracles for this number of seconds + uint48 cacheTimeToLive; + + /// @notice The maximum acceptable age of the price oracle round + uint48 maxOracleRoundAge; + + /// @notice The Oracle contract used to fetch the latest token prices + IOracle tokenOracle; + + /// @notice The Oracle contract used to fetch the latest native asset prices. Only needed if tokenToNativeOracle flag is not set. + IOracle nativeOracle; + + /// @notice If 'true' we will fetch price directly from tokenOracle + /// @notice If 'false' we will use nativeOracle to establish a token price through a shared third currency + bool tokenToNativeOracle; + + /// @notice 'false' if price is bridging-asset-per-token (or native-asset-per-token), 'true' if price is tokens-per-bridging-asset + bool tokenOracleReverse; + + /// @notice 'false' if price is bridging-asset-per-native-asset, 'true' if price is native-asset-per-bridging-asset + bool nativeOracleReverse; + + /// @notice The price update threshold percentage from PRICE_DENOMINATOR that triggers a price update (1e26 = 100%) + uint256 priceUpdateThreshold; + + } + + /// @notice The cached token price from the Oracle, always in (native-asset-per-token) * PRICE_DENOMINATOR format + uint256 public cachedPrice; + + /// @notice The timestamp of a block when the cached price was updated + uint48 public cachedPriceTimestamp; + + OracleHelperConfig private oracleHelperConfig; + + /// @notice The "10^(tokenOracle.decimals)" value used for the price calculation + uint128 private tokenOracleDecimalPower; + + /// @notice The "10^(nativeOracle.decimals)" value used for the price calculation + uint128 private nativeOracleDecimalPower; + + constructor ( + OracleHelperConfig memory _oracleHelperConfig + ) { + cachedPrice = type(uint256).max; // initialize the storage slot to invalid value + _setOracleConfiguration( + _oracleHelperConfig + ); + } + + function _setOracleConfiguration( + OracleHelperConfig memory _oracleHelperConfig + ) private { + oracleHelperConfig = _oracleHelperConfig; + require(_oracleHelperConfig.priceUpdateThreshold <= PRICE_DENOMINATOR, "TPM: update threshold too high"); + tokenOracleDecimalPower = uint128(10 ** oracleHelperConfig.tokenOracle.decimals()); + if (oracleHelperConfig.tokenToNativeOracle) { + require(address(oracleHelperConfig.nativeOracle) == address(0), "TPM: native oracle must be zero"); + nativeOracleDecimalPower = 1; + } else { + nativeOracleDecimalPower = uint128(10 ** oracleHelperConfig.nativeOracle.decimals()); + } + } + + /// @notice Updates the token price by fetching the latest price from the Oracle. + /// @param force true to force cache update, even if called after short time or the change is lower than the update threshold. + /// @return newPrice the new cached token price + function updateCachedPrice(bool force) public returns (uint256) { + uint256 cacheTimeToLive = oracleHelperConfig.cacheTimeToLive; + uint256 cacheAge = block.timestamp - cachedPriceTimestamp; + if (!force && cacheAge <= cacheTimeToLive) { + return cachedPrice; + } + uint256 priceUpdateThreshold = oracleHelperConfig.priceUpdateThreshold; + IOracle tokenOracle = oracleHelperConfig.tokenOracle; + IOracle nativeOracle = oracleHelperConfig.nativeOracle; + + uint256 _cachedPrice = cachedPrice; + uint256 tokenPrice = fetchPrice(tokenOracle); + uint256 nativeAssetPrice = 1; + // If the 'TokenOracle' returns the price in the native asset units there is no need to fetch native asset price + if (!oracleHelperConfig.tokenToNativeOracle) { + nativeAssetPrice = fetchPrice(nativeOracle); + } + uint256 newPrice = calculatePrice( + tokenPrice, + nativeAssetPrice, + oracleHelperConfig.tokenOracleReverse, + oracleHelperConfig.nativeOracleReverse + ); + uint256 priceRatio = PRICE_DENOMINATOR * newPrice / _cachedPrice; + bool updateRequired = force || + priceRatio > PRICE_DENOMINATOR + priceUpdateThreshold || + priceRatio < PRICE_DENOMINATOR - priceUpdateThreshold; + if (!updateRequired) { + return _cachedPrice; + } + cachedPrice = newPrice; + cachedPriceTimestamp = uint48(block.timestamp); + emit TokenPriceUpdated(newPrice, _cachedPrice, cachedPriceTimestamp); + return newPrice; + } + + /** + * Calculate the effective price of the selected token denominated in native asset. + * + * @param tokenPrice - the price of the token relative to a native asset or a bridging asset like the U.S. dollar. + * @param nativeAssetPrice - the price of the native asset relative to a bridging asset or 1 if no bridging needed. + * @param tokenOracleReverse - flag indicating direction of the "tokenPrice". + * @param nativeOracleReverse - flag indicating direction of the "nativeAssetPrice". + * @return the native-asset-per-token price multiplied by the PRICE_DENOMINATOR constant. + */ + function calculatePrice( + uint256 tokenPrice, + uint256 nativeAssetPrice, + bool tokenOracleReverse, + bool nativeOracleReverse + ) private view returns (uint256){ + // tokenPrice is normalized as bridging-asset-per-token + if (tokenOracleReverse) { + // inverting tokenPrice that was tokens-per-bridging-asset (or tokens-per-native-asset) + tokenPrice = PRICE_DENOMINATOR * tokenOracleDecimalPower / tokenPrice; + } else { + // tokenPrice already bridging-asset-per-token (or native-asset-per-token) + tokenPrice = PRICE_DENOMINATOR * tokenPrice / tokenOracleDecimalPower; + } + + if (nativeOracleReverse) { + // multiplying by nativeAssetPrice that is native-asset-per-bridging-asset + // => result = (bridging-asset / token) * (native-asset / bridging-asset) = native-asset / token + return nativeAssetPrice * tokenPrice / nativeOracleDecimalPower; + } else { + // dividing by nativeAssetPrice that is bridging-asset-per-native-asset + // => result = (bridging-asset / token) / (bridging-asset / native-asset) = native-asset / token + return tokenPrice * nativeOracleDecimalPower / nativeAssetPrice; + } + } + + /// @notice Fetches the latest price from the given Oracle. + /// @dev This function is used to get the latest price from the tokenOracle or nativeOracle. + /// @param _oracle The Oracle contract to fetch the price from. + /// @return price The latest price fetched from the Oracle. + function fetchPrice(IOracle _oracle) internal view returns (uint256 price) { + (uint80 roundId, int256 answer,, uint256 updatedAt, uint80 answeredInRound) = _oracle.latestRoundData(); + require(answer > 0, "TPM: Chainlink price <= 0"); + require(updatedAt >= block.timestamp - oracleHelperConfig.maxOracleRoundAge, "TPM: Incomplete round"); + require(answeredInRound >= roundId, "TPM: Stale price"); + price = uint256(answer); + } +} diff --git a/dependencies/account-abstraction/contracts/samples/utils/UniswapHelper.sol b/dependencies/account-abstraction/contracts/samples/utils/UniswapHelper.sol new file mode 100644 index 00000000..a670ced8 --- /dev/null +++ b/dependencies/account-abstraction/contracts/samples/utils/UniswapHelper.sol @@ -0,0 +1,111 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable not-rely-on-time */ + +import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; + +import "@uniswap/v3-periphery/contracts/interfaces/ISwapRouter.sol"; +import "@uniswap/v3-periphery/contracts/interfaces/IPeripheryPayments.sol"; + +abstract contract UniswapHelper { + event UniswapReverted(address tokenIn, address tokenOut, uint256 amountIn, uint256 amountOutMin); + + uint256 private constant PRICE_DENOMINATOR = 1e26; + + struct UniswapHelperConfig { + /// @notice Minimum native asset amount to receive from a single swap + uint256 minSwapAmount; + + uint24 uniswapPoolFee; + + uint8 slippage; + } + + /// @notice The Uniswap V3 SwapRouter contract + ISwapRouter public immutable uniswap; + + /// @notice The ERC20 token used for transaction fee payments + IERC20 public immutable token; + + /// @notice The ERC-20 token that wraps the native asset for current chain + IERC20 public immutable wrappedNative; + + UniswapHelperConfig private uniswapHelperConfig; + + constructor( + IERC20 _token, + IERC20 _wrappedNative, + ISwapRouter _uniswap, + UniswapHelperConfig memory _uniswapHelperConfig + ){ + _token.approve(address(_uniswap), type(uint256).max); + token = _token; + wrappedNative = _wrappedNative; + uniswap = _uniswap; + _setUniswapHelperConfiguration(_uniswapHelperConfig); + } + + function _setUniswapHelperConfiguration(UniswapHelperConfig memory _uniswapHelperConfig) internal { + uniswapHelperConfig = _uniswapHelperConfig; + } + + function _maybeSwapTokenToWeth(IERC20 tokenIn, uint256 quote) internal returns (uint256) { + uint256 tokenBalance = tokenIn.balanceOf(address(this)); + uint256 amountOutMin = addSlippage(tokenToWei(tokenBalance, quote), uniswapHelperConfig.slippage); + if (amountOutMin < uniswapHelperConfig.minSwapAmount) { + return 0; + } + // note: calling 'swapToToken' but destination token is Wrapped Ether + return swapToToken( + address(tokenIn), + address(wrappedNative), + tokenBalance, + amountOutMin, + uniswapHelperConfig.uniswapPoolFee + ); + } + + function addSlippage(uint256 amount, uint8 slippage) private pure returns (uint256) { + return amount * (1000 - slippage) / 1000; + } + + + function tokenToWei(uint256 amount, uint256 price) public pure returns (uint256) { + return amount * price / PRICE_DENOMINATOR; + } + + function weiToToken(uint256 amount, uint256 price) public pure returns (uint256) { + return amount * PRICE_DENOMINATOR / price; + } + + function unwrapWeth(uint256 amount) internal { + IPeripheryPayments(address(uniswap)).unwrapWETH9(amount, address(this)); + } + + // swap ERC-20 tokens at market price + function swapToToken( + address tokenIn, + address tokenOut, + uint256 amountIn, + uint256 amountOutMin, + uint24 fee + ) internal returns (uint256 amountOut) { + ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams( + tokenIn, //tokenIn + tokenOut, //tokenOut + fee, + address(uniswap), + block.timestamp, //deadline + amountIn, + amountOutMin, + 0 + ); + try uniswap.exactInputSingle(params) returns (uint256 _amountOut) { + amountOut = _amountOut; + } catch { + emit UniswapReverted(tokenIn, tokenOut, amountIn, amountOutMin); + amountOut = 0; + } + } +} diff --git a/dependencies/account-abstraction/contracts/test/BrokenBlsAccount.sol b/dependencies/account-abstraction/contracts/test/BrokenBlsAccount.sol new file mode 100644 index 00000000..e299108b --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/BrokenBlsAccount.sol @@ -0,0 +1,89 @@ +// SPDX-License-Identifier: GPL-3.0 + +/* solhint-disable one-contract-per-file */ +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/utils/Create2.sol"; +import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import "../samples/SimpleAccount.sol"; +import "../samples/bls/IBLSAccount.sol"; +import "../core/Helpers.sol"; + +/** + * for testing: a BLS account that fails to return its public-key (completely ignores its publickey) + * this is a copy of the normal bls account, but it returns a public-key unrelated to the one it is constructed with. + */ +contract BrokenBLSAccount is SimpleAccount, IBLSAccount { + address public immutable aggregator; + + // The constructor is used only for the "implementation" and only sets immutable values. + // Mutable values slots for proxy accounts are set by the 'initialize' function. + constructor(IEntryPoint anEntryPoint, address anAggregator) SimpleAccount(anEntryPoint) { + aggregator = anAggregator; + } + + function initialize(uint256[4] memory aPublicKey) public virtual initializer { + (aPublicKey); + super._initialize(address(0)); + } + + function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash) + internal override view returns (uint256 validationData) { + + (userOp, userOpHash); + return _packValidationData(ValidationData(aggregator, 0,0)); + } + + function getBlsPublicKey() external override pure returns (uint256[4] memory) { + uint256[4] memory pubkey; + return pubkey; + } +} + + +/** + * Based n SimpleAccountFactory + * can't be a subclass, since both constructor and createAccount depend on the + * actual wallet contract constructor and initializer + */ +contract BrokenBLSAccountFactory { + BrokenBLSAccount public immutable accountImplementation; + + constructor(IEntryPoint entryPoint, address aggregator){ + accountImplementation = new BrokenBLSAccount(entryPoint, aggregator); + } + + /** + * create an account, and return its address. + * returns the address even if the account is already deployed. + * Note that during UserOperation execution, this method is called only if the account is not deployed. + * This method returns an existing account address so that entryPoint.getSenderAddress() would work even after account creation + * Also note that out BLSSignatureAggregator requires that the public-key is the last parameter + */ + function createAccount(uint256 salt, uint256[4] memory aPublicKey) public returns (BrokenBLSAccount) { + + address addr = getAddress(salt, aPublicKey); + uint256 codeSize = addr.code.length; + if (codeSize > 0) { + return BrokenBLSAccount(payable(addr)); + } + return BrokenBLSAccount(payable(new ERC1967Proxy{salt : bytes32(salt)}( + address(accountImplementation), + abi.encodeCall(BrokenBLSAccount.initialize, aPublicKey) + ))); + } + + /** + * calculate the counterfactual address of this account as it would be returned by createAccount() + */ + function getAddress(uint256 salt, uint256[4] memory aPublicKey) public view returns (address) { + return Create2.computeAddress(bytes32(salt), keccak256(abi.encodePacked( + type(ERC1967Proxy).creationCode, + abi.encode( + address(accountImplementation), + abi.encodeCall(BrokenBLSAccount.initialize, (aPublicKey)) + ) + ))); + } +} diff --git a/dependencies/account-abstraction/contracts/test/MaliciousAccount.sol b/dependencies/account-abstraction/contracts/test/MaliciousAccount.sol new file mode 100644 index 00000000..8c64b8a4 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/MaliciousAccount.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../interfaces/IAccount.sol"; +import "../interfaces/IEntryPoint.sol"; +import "../core/UserOperationLib.sol"; +import "../core/Helpers.sol"; + +contract MaliciousAccount is IAccount { + using UserOperationLib for PackedUserOperation; + IEntryPoint private ep; + constructor(IEntryPoint _ep) payable { + ep = _ep; + } + function validateUserOp(PackedUserOperation calldata userOp, bytes32, uint256 missingAccountFunds) + external returns (uint256 validationData) { + ep.depositTo{value: missingAccountFunds}(address(this)); + // Now calculate basefee per EntryPoint.getUserOpGasPrice() and compare it to the basefe we pass off-chain in the signature + uint256 externalBaseFee = abi.decode(userOp.signature, (uint256)); + uint256 verificationGasLimit = userOp.unpackVerificationGasLimit(); + uint256 callGasLimit = userOp.unpackCallGasLimit(); + uint256 requiredGas = verificationGasLimit + + callGasLimit + + userOp.preVerificationGas; + uint256 gasPrice = missingAccountFunds / requiredGas; + uint256 maxPriorityFeePerGas = userOp.unpackMaxPriorityFeePerGas(); + uint256 basefee = gasPrice - maxPriorityFeePerGas; + require (basefee == externalBaseFee, "Revert after first validation"); + return SIG_VALIDATION_SUCCESS; + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestAggregatedAccount.sol b/dependencies/account-abstraction/contracts/test/TestAggregatedAccount.sol new file mode 100644 index 00000000..81db88e2 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestAggregatedAccount.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../samples/SimpleAccount.sol"; +import "../core/Helpers.sol"; + +/** + * test aggregated-signature account. + * works only with TestAggregatedSignature, which doesn't really check signature, but nonce sum + * a true aggregated account should expose data (e.g. its public key) to the aggregator. + */ +contract TestAggregatedAccount is SimpleAccount { + address public immutable aggregator; + + // The constructor is used only for the "implementation" and only sets immutable values. + // Mutable value slots for proxy accounts are set by the 'initialize' function. + constructor(IEntryPoint anEntryPoint, address anAggregator) SimpleAccount(anEntryPoint) { + aggregator = anAggregator; + } + + /// @inheritdoc SimpleAccount + function initialize(address) public virtual override initializer { + super._initialize(address(0)); + } + + function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash) + internal override view returns (uint256 validationData) { + (userOp, userOpHash); + return _packValidationData(ValidationData(aggregator, 0, 0)); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestAggregatedAccountFactory.sol b/dependencies/account-abstraction/contracts/test/TestAggregatedAccountFactory.sol new file mode 100644 index 00000000..401498ed --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestAggregatedAccountFactory.sol @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/utils/Create2.sol"; +import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import "./TestAggregatedAccount.sol"; + +/** + * Based on SimpleAccountFactory. + * Cannot be a subclass since both constructor and createAccount depend on the + * constructor and initializer of the actual account contract. + */ +contract TestAggregatedAccountFactory { + TestAggregatedAccount public immutable accountImplementation; + + constructor(IEntryPoint anEntryPoint, address anAggregator){ + accountImplementation = new TestAggregatedAccount(anEntryPoint, anAggregator); + } + + /** + * create an account, and return its address. + * returns the address even if the account is already deployed. + * Note that during UserOperation execution, this method is called only if the account is not deployed. + * This method returns an existing account address so that entryPoint.getSenderAddress() would work even after account creation + */ + function createAccount(address owner,uint256 salt) public returns (TestAggregatedAccount ret) { + address addr = getAddress(owner, salt); + uint256 codeSize = addr.code.length; + if (codeSize > 0) { + return TestAggregatedAccount(payable(addr)); + } + ret = TestAggregatedAccount(payable(new ERC1967Proxy{salt : bytes32(salt)}( + address(accountImplementation), + abi.encodeCall(TestAggregatedAccount.initialize, (owner)) + ))); + } + + /** + * calculate the counterfactual address of this account as it would be returned by createAccount() + */ + function getAddress(address owner,uint256 salt) public view returns (address) { + return Create2.computeAddress(bytes32(salt), keccak256(abi.encodePacked( + type(ERC1967Proxy).creationCode, + abi.encode( + address(accountImplementation), + abi.encodeCall(TestAggregatedAccount.initialize, (owner)) + ) + ))); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestCounter.sol b/dependencies/account-abstraction/contracts/test/TestCounter.sol new file mode 100644 index 00000000..50480ee6 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestCounter.sol @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +//sample "receiver" contract, for testing "exec" from account. +contract TestCounter { + mapping(address => uint256) public counters; + + function count() public { + counters[msg.sender] = counters[msg.sender] + 1; + } + + function countFail() public pure { + revert("count failed"); + } + + function justemit() public { + emit CalledFrom(msg.sender); + } + + event CalledFrom(address sender); + + //helper method to waste gas + // repeat - waste gas on writing storage in a loop + // junk - dynamic buffer to stress the function size. + mapping(uint256 => uint256) public xxx; + uint256 public offset; + + function gasWaster(uint256 repeat, string calldata /*junk*/) external { + for (uint256 i = 1; i <= repeat; i++) { + offset++; + xxx[offset] = i; + } + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestERC20.sol b/dependencies/account-abstraction/contracts/test/TestERC20.sol new file mode 100644 index 00000000..8e3b2fbd --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestERC20.sol @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; + +contract TestERC20 is ERC20 { + uint8 private immutable __decimals; + + constructor(uint8 _decimals) ERC20("TestERC20", "T20") { + _mint(msg.sender, 1000000000000000000000000); + __decimals = _decimals; + } + + function decimals() public view override returns (uint8) { + return __decimals; + } + + function sudoMint(address _to, uint256 _amount) external { + _mint(_to, _amount); + } + + function sudoTransfer(address _from, address _to) external { + _transfer(_from, _to, balanceOf(_from)); + } + + function sudoApprove(address _from, address _to, uint256 _amount) external { + _approve(_from, _to, _amount); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestExecAccount.sol b/dependencies/account-abstraction/contracts/test/TestExecAccount.sol new file mode 100644 index 00000000..6df2c802 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestExecAccount.sol @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-3.0 + +/* solhint-disable one-contract-per-file */ +/* solhint-disable avoid-low-level-calls */ +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/utils/Create2.sol"; +import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import "../samples/SimpleAccount.sol"; +import "../interfaces/IAccountExecute.sol"; + +/** + * a sample account with execUserOp. + * Note that this account does nothing special with the userop, just extract + * call to execute. In theory, such account can reference the signature, the hash, etc. + */ +contract TestExecAccount is SimpleAccount, IAccountExecute { + + constructor(IEntryPoint anEntryPoint) SimpleAccount(anEntryPoint){ + } + + event Executed(PackedUserOperation userOp, bytes innerCallRet); + + function executeUserOp(PackedUserOperation calldata userOp, bytes32 /*userOpHash*/) external { + _requireFromEntryPointOrOwner(); + + // read from the userOp.callData, but skip the "magic" prefix (executeUserOp sig), + // which caused it to call this method. + bytes calldata innerCall = userOp.callData[4 :]; + + bytes memory innerCallRet; + if (innerCall.length > 0) { + (address target, bytes memory data) = abi.decode(innerCall, (address, bytes)); + bool success; + (success, innerCallRet) = target.call(data); + require(success, "inner call failed"); + } + + emit Executed(userOp, innerCallRet); + } +} + +contract TestExecAccountFactory { + TestExecAccount public immutable accountImplementation; + + constructor(IEntryPoint _entryPoint) { + accountImplementation = new TestExecAccount(_entryPoint); + } + + function createAccount(address owner, uint256 salt) public returns (address ret) { + address addr = getAddress(owner, salt); + uint256 codeSize = addr.code.length; + if (codeSize > 0) { + return addr; + } + ret = address(new ERC1967Proxy{salt: bytes32(salt)}( + address(accountImplementation), + abi.encodeCall(SimpleAccount.initialize, (owner)) + )); + } + + /** + * calculate the counterfactual address of this account as it would be returned by createAccount() + */ + function getAddress(address owner, uint256 salt) public view returns (address) { + return Create2.computeAddress(bytes32(salt), keccak256(abi.encodePacked( + type(ERC1967Proxy).creationCode, + abi.encode( + address(accountImplementation), + abi.encodeCall(SimpleAccount.initialize, (owner)) + ) + ))); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestExpirePaymaster.sol b/dependencies/account-abstraction/contracts/test/TestExpirePaymaster.sol new file mode 100644 index 00000000..1110a1dd --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestExpirePaymaster.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "../core/BasePaymaster.sol"; +import "../core/UserOperationLib.sol"; +import "../core/Helpers.sol"; + +/** + * test expiry mechanism: paymasterData encodes the "validUntil" and validAfter" times + */ +contract TestExpirePaymaster is BasePaymaster { + // solhint-disable no-empty-blocks + constructor(IEntryPoint _entryPoint) BasePaymaster(_entryPoint) + {} + + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash, uint256 maxCost) + internal virtual override view + returns (bytes memory context, uint256 validationData) { + (userOp, userOpHash, maxCost); + (uint48 validAfter, uint48 validUntil) = abi.decode(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET :], (uint48, uint48)); + validationData = _packValidationData(false, validUntil, validAfter); + context = ""; + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestExpiryAccount.sol b/dependencies/account-abstraction/contracts/test/TestExpiryAccount.sol new file mode 100644 index 00000000..5e423575 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestExpiryAccount.sol @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "../samples/SimpleAccount.sol"; +import "../core/Helpers.sol"; + +/** + * A test account, for testing expiry. + * add "temporary" owners, each with a time range (since..till) times for each. + * NOTE: this is not a full "session key" implementation: a real session key should probably limit + * other things, like target contracts and methods to be called. + * also, the "since" value is not really useful, only for testing the entrypoint. + */ +contract TestExpiryAccount is SimpleAccount { + + mapping(address => uint48) public ownerAfter; + mapping(address => uint48) public ownerUntil; + + // solhint-disable-next-line no-empty-blocks + constructor(IEntryPoint anEntryPoint) SimpleAccount(anEntryPoint) {} + + function initialize(address anOwner) public virtual override initializer { + super._initialize(anOwner); + addTemporaryOwner(anOwner, 0, type(uint48).max); + } + + // As this is a test contract, no need for proxy, so no need to disable init + // solhint-disable-next-line no-empty-blocks + function _disableInitializers() internal override {} + + function addTemporaryOwner(address owner, uint48 _after, uint48 _until) public onlyOwner { + require(_until > _after, "wrong until/after"); + ownerAfter[owner] = _after; + ownerUntil[owner] = _until; + } + + /// implement template method of BaseAccount + function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash) + internal override view returns (uint256 validationData) { + bytes32 hash = MessageHashUtils.toEthSignedMessageHash(userOpHash); + address signer = ECDSA.recover(hash,userOp.signature); + uint48 _until = ownerUntil[signer]; + uint48 _after = ownerAfter[signer]; + + //we have "until" value for all valid owners. so zero means "invalid signature" + bool sigFailed = _until == 0; + return _packValidationData(sigFailed, _until, _after); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestHelpers.sol b/dependencies/account-abstraction/contracts/test/TestHelpers.sol new file mode 100644 index 00000000..fff96ca4 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestHelpers.sol @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../core/Helpers.sol"; + +contract TestHelpers { + + function parseValidationData(uint256 validationData) public pure returns (ValidationData memory) { + return _parseValidationData(validationData); + } + + function packValidationDataStruct(ValidationData memory data) public pure returns (uint256) { + return _packValidationData(data); + } + + function packValidationData(bool sigFailed, uint48 validUntil, uint48 validAfter) public pure returns (uint256) { + return _packValidationData(sigFailed, validUntil, validAfter); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestOracle2.sol b/dependencies/account-abstraction/contracts/test/TestOracle2.sol new file mode 100644 index 00000000..03bc1dd4 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestOracle2.sol @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../samples/utils/IOracle.sol"; + +contract TestOracle2 is IOracle { + int256 public price; + uint8 private _decimals_; + + constructor(int256 _price, uint8 _decimals) { + price = _price; + _decimals_ = _decimals; + } + + function setPrice(int256 _price) external { + price = _price; + } + + function setDecimals(uint8 _decimals) external { + _decimals_ = _decimals; + } + + function decimals() external view override returns (uint8) { + return _decimals_; + } + + function latestRoundData() + external + view + override + returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) + { + // solhint-disable-next-line not-rely-on-time + return (73786976294838215802, price, 1680509051, block.timestamp, 73786976294838215802); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestPaymasterAcceptAll.sol b/dependencies/account-abstraction/contracts/test/TestPaymasterAcceptAll.sol new file mode 100644 index 00000000..54f6d202 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestPaymasterAcceptAll.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "../core/BasePaymaster.sol"; +import "../core/Helpers.sol"; + +/** + * test paymaster, that pays for everything, without any check. + */ +contract TestPaymasterAcceptAll is BasePaymaster { + + constructor(IEntryPoint _entryPoint) BasePaymaster(_entryPoint) { + // to support "deterministic address" factory + // solhint-disable avoid-tx-origin + if (tx.origin != msg.sender) { + _transferOwnership(tx.origin); + } + + } + + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash, uint256 maxCost) + internal virtual override view + returns (bytes memory context, uint256 validationData) { + (userOp, userOpHash, maxCost); + return ("", SIG_VALIDATION_SUCCESS); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestPaymasterRevertCustomError.sol b/dependencies/account-abstraction/contracts/test/TestPaymasterRevertCustomError.sol new file mode 100644 index 00000000..b4ddb5ed --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestPaymasterRevertCustomError.sol @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "../core/BasePaymaster.sol"; + +/** + * test postOp revert with custom error + */ +error CustomError(string customReason); + +contract TestPaymasterRevertCustomError is BasePaymaster { + bytes32 private constant INNER_OUT_OF_GAS = hex"deaddead"; + + enum RevertType { + customError, + entryPointError + } + + RevertType private revertType; + + // solhint-disable no-empty-blocks + constructor(IEntryPoint _entryPoint) BasePaymaster(_entryPoint) + {} + + function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32, uint256) + internal virtual override view + returns (bytes memory context, uint256 validationData) { + validationData = 0; + context = abi.encodePacked(userOp.sender); + } + + function setRevertType(RevertType _revertType) external { + revertType = _revertType; + } + + function _postOp(PostOpMode, bytes calldata, uint256, uint256) internal view override { + if (revertType == RevertType.customError){ + revert CustomError("this is a long revert reason string we are looking for"); + } + else if (revertType == RevertType.entryPointError){ + // solhint-disable-next-line no-inline-assembly + assembly { + mstore(0, INNER_OUT_OF_GAS) + revert(0, 32) + } + } + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestPaymasterWithPostOp.sol b/dependencies/account-abstraction/contracts/test/TestPaymasterWithPostOp.sol new file mode 100644 index 00000000..7ebeda03 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestPaymasterWithPostOp.sol @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; + +import "./TestPaymasterAcceptAll.sol"; +/* solhint-disable no-empty-blocks */ + +/** + * test paymaster, that pays for everything, without any check. + * explicitly returns a context, to test cost (for entrypoint) to call postOp + */ +contract TestPaymasterWithPostOp is TestPaymasterAcceptAll { + + constructor(IEntryPoint _entryPoint) TestPaymasterAcceptAll(_entryPoint) { + } + + function _validatePaymasterUserOp(PackedUserOperation calldata, bytes32, uint256) + internal virtual override view + returns (bytes memory context, uint256 validationData) { + // return a context, to force a call for postOp. + return ("1", SIG_VALIDATION_SUCCESS); + } + + function _postOp(PostOpMode, bytes calldata, uint256, uint256) + internal override { + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestRevertAccount.sol b/dependencies/account-abstraction/contracts/test/TestRevertAccount.sol new file mode 100644 index 00000000..39122b52 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestRevertAccount.sol @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; +/* solhint-disable no-inline-assembly */ + +import "../samples/SimpleAccount.sol"; +contract TestRevertAccount is IAccount { + IEntryPoint private ep; + constructor(IEntryPoint _ep) payable { + ep = _ep; + } + + function validateUserOp(PackedUserOperation calldata, bytes32, uint256 missingAccountFunds) + external override returns (uint256 validationData) { + ep.depositTo{value : missingAccountFunds}(address(this)); + return SIG_VALIDATION_SUCCESS; + } + + function revertLong(uint256 length) public pure{ + assembly { + revert(0, length) + } + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestSignatureAggregator.sol b/dependencies/account-abstraction/contracts/test/TestSignatureAggregator.sol new file mode 100644 index 00000000..b7340316 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestSignatureAggregator.sol @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +/* solhint-disable reason-string */ + +import "../interfaces/IAggregator.sol"; +import "../interfaces/IEntryPoint.sol"; +import "../samples/SimpleAccount.sol"; + +/** + * test signature aggregator. + * the aggregated signature is the SUM of the nonce fields.. + */ +contract TestSignatureAggregator is IAggregator { + + /// @inheritdoc IAggregator + function validateSignatures(PackedUserOperation[] calldata userOps, bytes calldata signature) external pure override { + uint256 sum = 0; + for (uint256 i = 0; i < userOps.length; i++) { + uint256 nonce = userOps[i].nonce; + sum += nonce; + } + require(signature.length == 32, "TestSignatureValidator: sig must be uint256"); + (uint256 sig) = abi.decode(signature, (uint256)); + require(sig == sum, "TestSignatureValidator: aggregated signature mismatch (nonce sum)"); + } + + /// @inheritdoc IAggregator + function validateUserOpSignature(PackedUserOperation calldata) + external pure returns (bytes memory) { + return ""; + } + + /** + * dummy test aggregator: sum all nonce values of UserOps. + */ + function aggregateSignatures(PackedUserOperation[] calldata userOps) external pure returns (bytes memory aggregatedSignature) { + uint256 sum = 0; + for (uint256 i = 0; i < userOps.length; i++) { + sum += userOps[i].nonce; + } + return abi.encode(sum); + } + + /** + * Calls the 'addStake' method of the EntryPoint. Forwards the entire msg.value to this call. + * @param entryPoint - the EntryPoint to send the stake to. + * @param delay - the new lock duration before the deposit can be withdrawn. + */ + function addStake(IEntryPoint entryPoint, uint32 delay) external payable { + entryPoint.addStake{value: msg.value}(delay); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestToken.sol b/dependencies/account-abstraction/contracts/test/TestToken.sol new file mode 100644 index 00000000..72db013d --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestToken.sol @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; + +contract TestToken is ERC20 { + constructor () + // solhint-disable-next-line no-empty-blocks + ERC20("TST", "TestToken") { + } + + function mint(address sender, uint256 amount) external { + _mint(sender, amount); + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestUniswap.sol b/dependencies/account-abstraction/contracts/test/TestUniswap.sol new file mode 100644 index 00000000..1732d196 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestUniswap.sol @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import "@uniswap/v3-periphery/contracts/interfaces/ISwapRouter.sol"; + +import "./TestWrappedNativeToken.sol"; + +/// @notice Very basic simulation of what Uniswap does with the swaps for the unit tests on the TokenPaymaster +/// @dev Do not use to test any actual Uniswap interaction logic as this is way too simplistic +contract TestUniswap { + TestWrappedNativeToken public weth; + + constructor(TestWrappedNativeToken _weth){ + weth = _weth; + } + + event StubUniswapExchangeEvent(uint256 amountIn, uint256 amountOut, address tokenIn, address tokenOut); + + function exactOutputSingle(ISwapRouter.ExactOutputSingleParams calldata params) external returns (uint256) { + uint256 amountIn = params.amountInMaximum - 5; + emit StubUniswapExchangeEvent( + amountIn, + params.amountOut, + params.tokenIn, + params.tokenOut + ); + IERC20(params.tokenIn).transferFrom(msg.sender, address(this), amountIn); + IERC20(params.tokenOut).transfer(params.recipient, params.amountOut); + return amountIn; + } + + function exactInputSingle(ISwapRouter.ExactInputSingleParams calldata params) external returns (uint256) { + uint256 amountOut = params.amountOutMinimum + 5; + emit StubUniswapExchangeEvent( + params.amountIn, + amountOut, + params.tokenIn, + params.tokenOut + ); + IERC20(params.tokenIn).transferFrom(msg.sender, address(this), params.amountIn); + IERC20(params.tokenOut).transfer(params.recipient, amountOut); + return amountOut; + } + + /// @notice Simplified code copied from here: + /// https://github.com/Uniswap/v3-periphery/blob/main/contracts/base/PeripheryPayments.sol#L19 + function unwrapWETH9(uint256 amountMinimum, address recipient) public payable { + uint256 balanceWETH9 = weth.balanceOf(address(this)); + require(balanceWETH9 >= amountMinimum, "Insufficient WETH9"); + + if (balanceWETH9 > 0) { + weth.withdraw(balanceWETH9); + payable(recipient).transfer(balanceWETH9); + } + } + + // solhint-disable-next-line no-empty-blocks + receive() external payable {} +} diff --git a/dependencies/account-abstraction/contracts/test/TestUtil.sol b/dependencies/account-abstraction/contracts/test/TestUtil.sol new file mode 100644 index 00000000..4c9f38c8 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestUtil.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.23; + +import "../interfaces/PackedUserOperation.sol"; +import "../core/UserOperationLib.sol"; + +contract TestUtil { + using UserOperationLib for PackedUserOperation; + + function encodeUserOp(PackedUserOperation calldata op) external pure returns (bytes memory){ + return op.encode(); + } + +} diff --git a/dependencies/account-abstraction/contracts/test/TestWarmColdAccount.sol b/dependencies/account-abstraction/contracts/test/TestWarmColdAccount.sol new file mode 100644 index 00000000..65b4eeae --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestWarmColdAccount.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-3.0-only +pragma solidity ^0.8.23; +/* solhint-disable no-inline-assembly */ + +import "../interfaces/IEntryPoint.sol"; +import "../interfaces/IAccount.sol"; +import "../core/Helpers.sol"; + +// Using eip-2929 (https://eips.ethereum.org/EIPS/eip-2929) warm/cold storage access gas costs to detect simulation vs execution +// COLD_ACCOUNT_ACCESS_COST == 2600, COLD_SLOAD_COST == 2100, WARM_STORAGE_READ_COST == 100 +contract TestWarmColdAccount is IAccount { + IEntryPoint private ep; + uint256 public state = 1; + constructor(IEntryPoint _ep) payable { + ep = _ep; + } + + function validateUserOp(PackedUserOperation calldata userOp, bytes32, uint256 missingAccountFunds) + external override returns (uint256 validationData) { + ep.depositTo{value : missingAccountFunds}(address(this)); + if (userOp.nonce == 1) { + // can only succeed if storage is already warm + this.touchStorage{gas: 1000}(); + } else if (userOp.nonce == 2) { + address paymaster = address(bytes20(userOp.paymasterAndData[: 20])); + // can only succeed if storage is already warm + this.touchPaymaster{gas: 1000}(paymaster); + } + return SIG_VALIDATION_SUCCESS; + } + + function touchStorage() public view returns (uint256) { + return state; + } + + function touchPaymaster(address paymaster) public view returns (uint256) { + return paymaster.code.length; + } +} diff --git a/dependencies/account-abstraction/contracts/test/TestWrappedNativeToken.sol b/dependencies/account-abstraction/contracts/test/TestWrappedNativeToken.sol new file mode 100644 index 00000000..9a4f8c51 --- /dev/null +++ b/dependencies/account-abstraction/contracts/test/TestWrappedNativeToken.sol @@ -0,0 +1,29 @@ +// SPDX-License-Identifier:MIT +pragma solidity ^0.8.23; + +import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; + +/** + * @notice The minimal "Wrapped Ether" ERC-20 token implementation. + */ +contract TestWrappedNativeToken is ERC20 { + + // solhint-disable-next-line no-empty-blocks + constructor() ERC20("Wrapped Native Token", "wnTok") { + } + + receive() external payable { + deposit(); + } + + function deposit() public payable { + _mint(msg.sender, msg.value); + } + + function withdraw(uint256 amount) public { + _burn(msg.sender, amount); + // solhint-disable-next-line avoid-low-level-calls + (bool success,) = msg.sender.call{value:amount}(""); + require(success, "transfer failed"); + } +} diff --git a/dependencies/account-abstraction/contracts/utils/Exec.sol b/dependencies/account-abstraction/contracts/utils/Exec.sol new file mode 100644 index 00000000..ee8d71ac --- /dev/null +++ b/dependencies/account-abstraction/contracts/utils/Exec.sol @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: LGPL-3.0-only +pragma solidity ^0.8.23; + +// solhint-disable no-inline-assembly + +/** + * Utility functions helpful when making different kinds of contract calls in Solidity. + */ +library Exec { + + function call( + address to, + uint256 value, + bytes memory data, + uint256 txGas + ) internal returns (bool success) { + assembly ("memory-safe") { + success := call(txGas, to, value, add(data, 0x20), mload(data), 0, 0) + } + } + + function staticcall( + address to, + bytes memory data, + uint256 txGas + ) internal view returns (bool success) { + assembly ("memory-safe") { + success := staticcall(txGas, to, add(data, 0x20), mload(data), 0, 0) + } + } + + function delegateCall( + address to, + bytes memory data, + uint256 txGas + ) internal returns (bool success) { + assembly ("memory-safe") { + success := delegatecall(txGas, to, add(data, 0x20), mload(data), 0, 0) + } + } + + // get returned data from last call or calldelegate + function getReturnData(uint256 maxLen) internal pure returns (bytes memory returnData) { + assembly ("memory-safe") { + let len := returndatasize() + if gt(len, maxLen) { + len := maxLen + } + let ptr := mload(0x40) + mstore(0x40, add(ptr, add(len, 0x20))) + mstore(ptr, len) + returndatacopy(add(ptr, 0x20), 0, len) + returnData := ptr + } + } + + // revert with explicit byte array (probably reverted info from call) + function revertWithData(bytes memory returnData) internal pure { + assembly ("memory-safe") { + revert(add(returnData, 32), mload(returnData)) + } + } + + function callAndRevert(address to, bytes memory data, uint256 maxLen) internal { + bool success = call(to,0,data,gasleft()); + if (!success) { + revertWithData(getReturnData(maxLen)); + } + } +} diff --git a/dependencies/account-abstraction/deploy/1_deploy_entrypoint.ts b/dependencies/account-abstraction/deploy/1_deploy_entrypoint.ts new file mode 100644 index 00000000..f714da04 --- /dev/null +++ b/dependencies/account-abstraction/deploy/1_deploy_entrypoint.ts @@ -0,0 +1,20 @@ +import { HardhatRuntimeEnvironment } from 'hardhat/types' +import { DeployFunction } from 'hardhat-deploy/types' +import { ethers } from 'hardhat' + +const deployEntryPoint: DeployFunction = async function (hre: HardhatRuntimeEnvironment) { + const provider = ethers.provider + const from = await provider.getSigner().getAddress() + + const ret = await hre.deployments.deploy( + 'EntryPoint', { + from, + args: [], + gasLimit: 6e6, + deterministicDeployment: process.env.SALT ?? true, + log: true + }) + console.log('==entrypoint addr=', ret.address) +} + +export default deployEntryPoint diff --git a/dependencies/account-abstraction/deploy/2_deploy_SimpleAccountFactory.ts b/dependencies/account-abstraction/deploy/2_deploy_SimpleAccountFactory.ts new file mode 100644 index 00000000..ca8ce0d2 --- /dev/null +++ b/dependencies/account-abstraction/deploy/2_deploy_SimpleAccountFactory.ts @@ -0,0 +1,34 @@ +import { HardhatRuntimeEnvironment } from 'hardhat/types' +import { DeployFunction } from 'hardhat-deploy/types' +import { ethers } from 'hardhat' + +const deploySimpleAccountFactory: DeployFunction = async function (hre: HardhatRuntimeEnvironment) { + const provider = ethers.provider + const from = await provider.getSigner().getAddress() + const network = await provider.getNetwork() + // only deploy on local test network. + + const forceDeployFactory = process.argv.join(' ').match(/simple-account-factory/) != null + + if (!forceDeployFactory && network.chainId !== 31337 && network.chainId !== 1337) { + return + } + + const entrypoint = await hre.deployments.get('EntryPoint') + await hre.deployments.deploy( + 'SimpleAccountFactory', { + from, + args: [entrypoint.address], + gasLimit: 6e6, + log: true, + deterministicDeployment: true + }) + + await hre.deployments.deploy('TestCounter', { + from, + deterministicDeployment: true, + log: true + }) +} + +export default deploySimpleAccountFactory diff --git a/dependencies/account-abstraction/erc/ERCS/erc-4337.md b/dependencies/account-abstraction/erc/ERCS/erc-4337.md new file mode 100644 index 00000000..ef3f571e --- /dev/null +++ b/dependencies/account-abstraction/erc/ERCS/erc-4337.md @@ -0,0 +1,1024 @@ +--- +eip: 4337 +title: Account Abstraction Using Alt Mempool +description: An account abstraction proposal which completely avoids consensus-layer protocol changes, instead relying on higher-layer infrastructure. +author: Vitalik Buterin (@vbuterin), Yoav Weiss (@yoavw), Dror Tirosh (@drortirosh), Shahaf Nacson (@shahafn), Alex Forshtat (@forshtat), Kristof Gazso (@kristofgazso), Tjaden Hess (@tjade273) +discussions-to: https://ethereum-magicians.org/t/erc-4337-account-abstraction-via-entry-point-contract-specification/7160 +status: Draft +type: Standards Track +category: ERC +created: 2021-09-29 +requires: 7562 +--- + +## Abstract + +An account abstraction proposal which completely avoids the need for consensus-layer protocol changes. Instead of adding new protocol features and changing the bottom-layer transaction type, this proposal instead introduces a higher-layer pseudo-transaction object called a `UserOperation`. Users send `UserOperation` objects into a separate mempool. A special class of actor called bundlers package up a set of these objects into a transaction making a `handleOps` call to a special contract, and that transaction then gets included in a block. + +## Motivation + +See also `https://ethereum-magicians.org/t/implementing-account-abstraction-as-part-of-eth1-x/4020` and the links therein for historical work and motivation, and [EIP-2938](./eip-2938.md) for a consensus layer proposal for implementing the same goal. + +This proposal takes a different approach, avoiding any adjustments to the consensus layer. It seeks to achieve the following goals: + +* **Achieve the key goal of account abstraction**: allow users to use smart contract wallets containing arbitrary verification logic instead of EOAs as their primary account. Completely remove any need at all for users to also have EOAs (as status quo SC wallets and [EIP-3074](./eip-3074.md) both require) +* **Decentralization** + * Allow any bundler (think: block builder) to participate in the process of including account-abstracted user operations + * Work with all activity happening over a public mempool; users do not need to know the direct communication addresses (eg. IP, onion) of any specific actors + * Avoid trust assumptions on bundlers +* **Do not require any Ethereum consensus changes**: Ethereum consensus layer development is focusing on the merge and later on scalability-oriented features, and there may not be any opportunity for further protocol changes for a long time. Hence, to increase the chance of faster adoption, this proposal avoids Ethereum consensus changes. +* **Try to support other use cases** + * Privacy-preserving applications + * Atomic multi-operations (similar goal to [EIP-3074]) + * Pay tx fees with [ERC-20](./erc-20.md) tokens, allow developers to pay fees for their users, and [EIP-3074]-like **sponsored transaction** use cases more generally + * Support aggregated signature (e.g. BLS) + +## Specification + +### Definitions + +* **UserOperation** - a structure that describes a transaction to be sent on behalf of a user. To avoid confusion, it is not named "transaction". + * Like a transaction, it contains "sender", "to", "calldata", "maxFeePerGas", "maxPriorityFee", "signature", "nonce" + * unlike a transaction, it contains several other fields, described below + * also, the "signature" field usage is not defined by the protocol, but by each account implementation +* **Sender** - the account contract sending a user operation. +* **EntryPoint** - a singleton contract to execute bundles of UserOperations. Bundlers/Clients whitelist the supported entrypoint. +* **Bundler** - a node (block builder) that can handle UserOperations, + create a valid an EntryPoint.handleOps() transaction, + and add it to the block while it is still valid. + This can be achieved by a number of ways: + * Bundler can act as a block builder itself + * If the bundler is not a block builder, it MUST work with the block building infrastructure such as `mev-boost` or + other kind of PBS (proposer-builder separation) + * The `bundler` can also rely on an experimental `eth_sendRawTransactionConditional` RPC API if it is available. +* **Aggregator** - a helper contract trusted by accounts to validate an aggregated signature. Bundlers/Clients whitelist the supported aggregators. + +To avoid Ethereum consensus changes, we do not attempt to create new transaction types for account-abstracted transactions. Instead, users package up the action they want their account to take in a struct named `UserOperation`: + +| Field | Type | Description | +|---------------------------------|-----------|--------------------------------------------------------------------------------| +| `sender` | `address` | The account making the operation | +| `nonce` | `uint256` | Anti-replay parameter (see "Semi-abstracted Nonce Support" ) | +| `factory` | `address` | account factory, only for new accounts | +| `factoryData` | `bytes` | data for account factory (only if account factory exists) | +| `callData` | `bytes` | The data to pass to the `sender` during the main execution call | +| `callGasLimit` | `uint256` | The amount of gas to allocate the main execution call | +| `verificationGasLimit` | `uint256` | The amount of gas to allocate for the verification step | +| `preVerificationGas` | `uint256` | Extra gas to pay the bunder | +| `maxFeePerGas` | `uint256` | Maximum fee per gas (similar to [EIP-1559](./eip-1559.md) `max_fee_per_gas`) | +| `maxPriorityFeePerGas` | `uint256` | Maximum priority fee per gas (similar to EIP-1559 `max_priority_fee_per_gas`) | +| `paymaster` | `address` | Address of paymaster contract, (or empty, if account pays for itself) | +| `paymasterVerificationGasLimit` | `uint256` | The amount of gas to allocate for the paymaster validation code | +| `paymasterPostOpGasLimit` | `uint256` | The amount of gas to allocate for the paymaster post-operation code | +| `paymasterData` | `bytes` | Data for paymaster (only if paymaster exists) | +| `signature` | `bytes` | Data passed into the account to verify authorization | + +Users send `UserOperation` objects to a dedicated user operation mempool. The are not concerned with the packed version. +A specialized class of actors called **bundlers** (either block builders running special-purpose code, or users that can relay transactions to block builders eg. through a bundle marketplace such as Flashbots that can guarantee next-block-or-never inclusion) listen in on the user operation mempool, and create **bundle transactions**. A bundle transaction packages up multiple `UserOperation` objects into a single `handleOps` call to a pre-published global **entry point contract**. + +To prevent replay attacks (both cross-chain and multiple `EntryPoint` implementations), the `signature` should depend on `chainid` and the `EntryPoint` address. + +When passed to on-chain contacts (the EntryPoint contract, and then to account and paymaster), a packed version of the above structure is used: + +| Field | Type | Description | +|----------------------|-----------|------------------------------------------------------------------------| +| `sender` | `address` | | +| `nonce` | `uint256` | | +| `initCode` | `bytes` | concatenation of factory address and factoryData (or empty) | +| `callData` | `bytes` | | +| `accountGasLimits` | `bytes32` | concatenation of verificationGas (16 bytes) and callGas (16 bytes) | +| `preVerificationGas` | `uint256` | | +| `gasFees` | `bytes32` | concatenation of maxPriorityFee (16 bytes) and maxFeePerGas (16 bytes) | +| `paymasterAndData` | `bytes` | concatenation of paymaster fields (or empty) | +| `signature` | `bytes` | | + + +The core interface of the entry point contract is as follows: + +```solidity +function handleOps(PackedUserOperation[] calldata ops, address payable beneficiary); + +function handleAggregatedOps( + UserOpsPerAggregator[] calldata opsPerAggregator, + address payable beneficiary +); + +struct UserOpsPerAggregator { + PackedUserOperation[] userOps; + IAggregator aggregator; + bytes signature; +} +``` + +The core interface required for an account to have is: + +```solidity +interface IAccount { + function validateUserOp + (PackedUserOperation calldata userOp, bytes32 userOpHash, uint256 missingAccountFunds) + external returns (uint256 validationData); +} +``` + +The `userOpHash` is a hash over the userOp (except signature), entryPoint and chainId. + +The account: + +* MUST validate the caller is a trusted EntryPoint +* If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the `userOpHash`, and + SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert. +* MUST pay the entryPoint (caller) at least the "missingAccountFunds" (which might be zero, in case current account's deposit is high enough) +* The account MAY pay more than this minimum, to cover future transactions (it can always issue `withdrawTo` to retrieve it) +* The return value MUST be packed of `authorizer`, `validUntil` and `validAfter` timestamps. + * authorizer - 0 for valid signature, 1 to mark signature failure. Otherwise, an address of an authorizer contract. This ERC defines "signature aggregator" as authorizer. + * `validUntil` is 6-byte timestamp value, or zero for "infinite". The UserOp is valid only up to this time. + * `validAfter` is 6-byte timestamp. The UserOp is valid only after this time. + +An account that works with aggregated signature, should return its signature aggregator address in the "sigAuthorizer" return value of validateUserOp. +It MAY ignore the signature field. + +The account MAY implement the interface `IAccountExecute` + +```solidity +interface IAccountExecute { + function executeUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash) external; +} +``` + +This method will be called by the entryPoint with the current UserOperation, instead of executing the `callData` itself on the account. + +The core interface required by an aggregator is: + +```solidity +interface IAggregator { + + function validateUserOpSignature(PackedUserOperation calldata userOp) + external view returns (bytes memory sigForUserOp); + + function aggregateSignatures(PackedUserOperation[] calldata userOps) external view returns (bytes memory aggregatesSignature); + + function validateSignatures(PackedUserOperation[] calldata userOps, bytes calldata signature) view external; +} +``` + +* If an account uses an aggregator (returns it from validateUserOp), then its address is returned by `simulateValidation()` (in `aggregatorInfo`) +* To accept the UserOp, the bundler must call **validateUserOpSignature()** to validate the userOp's signature. +* **aggregateSignatures()** must aggregate all UserOp signature into a single value. +* Note that the above methods are helper method for the bundler. The bundler MAY use a native library to perform the same validation and aggregation logic. +* **validateSignatures()** MUST validate the aggregated signature matches for all UserOperations in the array, and revert otherwise. + This method is called on-chain by `handleOps()` + +#### Semi-abstracted Nonce Support + +In Ethereum protocol, the sequential transaction `nonce` value is used as a replay protection method as well as to +determine the valid order of transaction being included in blocks. + +It also contributes to the transaction hash uniqueness, as a transaction by the same sender with the same +nonce may not be included in the chain twice. + +However, requiring a single sequential `nonce` value is limiting the senders' ability to define their custom logic +with regard to transaction ordering and replay protection. + +Instead of sequential `nonce` we implement a nonce mechanism that uses a single `uint256` nonce value in the `UserOperation`, +but treats it as two values: + +* 192-bit "key" +* 64-bit "sequence" + +These values are represented on-chain in the `EntryPoint` contract. +We define the following method in the `EntryPoint` interface to expose these values: + +```solidity +function getNonce(address sender, uint192 key) external view returns (uint256 nonce); +``` + +For each `key` the `sequence` is validated and incremented sequentially and monotonically by the `EntryPoint` for +each UserOperation, however a new key can be introduced with an arbitrary value at any point. + +This approach maintains the guarantee of `UserOperation` hash uniqueness on-chain on the protocol level while allowing +wallets to implement any custom logic they may need operating on a 192-bit "key" field, while fitting the 32 byte word. + +##### Reading and validating the nonce + +When preparing the UserOp clients may make a view call to this method to determine a valid value for the `nonce` field. + +Bundler's validation of a UserOp should start with `getNonce` to ensure the transaction has a valid `nonce` field. + +If the bundler is willing to accept multiple UserOperations by the same sender into their mempool, +this bundler is supposed to track the `key` and `sequence` pair of the UserOperations already added in the mempool. + +##### Usage examples + +1. Classic sequential nonce. + + In order to require the wallet to have classic, sequential nonce, the validation function should perform: + + ```solidity + require(userOp.nonce> 64; + if (sig == ADMIN_METHODSIG) { + require(key == ADMIN_KEY, "wrong nonce-key for admin operation"); + } else { + require(key == 0, "wrong nonce-key for normal operation"); + } + ``` + +#### Using signature aggregators + +An account signifies it uses signature aggregation returning its address from `validateUserOp`. +During `simulateValidation`, this aggregator is returned as part of the `aggregatorInfo` struct. + +The bundler should first accept the aggregator (validate its stake info and that it is not throttled/banned) +Then it MUST verify the userOp using `aggregator.validateUserOpSignature()`. This method returned an alternate signature (usually empty) that should be used during bundling. +The bundler MUST call `validateUserOp` a second time on the account with the UserOperation using that returned signature. + +Signature aggregator MUST be staked. +Bundlers MAY throttle down and ban aggregators in case they take too much resources (or revert) when the above methods are called in view mode, or if the signature aggregation fails. + +### Required entry point contract functionality + +There are 2 separate entry point methods: `handleOps` and `handleAggregatedOps` + +* `handleOps` handle userOps of accounts that don't require any signature aggregator. +* `handleAggregatedOps` can handle a batch that contains userOps of multiple aggregators (and also requests without any aggregator) +* `handleAggregatedOps` performs the same logic below as `handleOps`, but it must transfer the correct aggregator to each userOp, and also must call `validateSignatures` on each aggregator before doing all the per-account validation. +The entry point's `handleOps` function must perform the following steps (we first describe the simpler non-paymaster case). It must make two loops, the **verification loop** and the **execution loop**. In the verification loop, the `handleOps` call must perform the following steps for each `UserOperation`: + +* **Create the account if it does not yet exist**, using the initcode provided in the `UserOperation`. If the account does not exist, _and_ the initcode is empty, or does not deploy a contract at the "sender" address, the call must fail. +* calculate the maximum possible fee the account needs to pay (based on validation and call gas limits, and current gas values) +* calculate the fee the account must add to its "deposit" in the EntryPoint +* **Call `validateUserOp` on the account**, passing in the `UserOperation`, its hash and the required fee. The account should verify the operation's signature, and pay the fee if the account considers the operation valid. If any `validateUserOp` call fails, `handleOps` must skip execution of at least that operation, and may revert entirely. +* Validate the account's deposit in the entryPoint is high enough to cover the max possible cost (cover the already-done verification and max execution gas) + +In the execution loop, the `handleOps` call must perform the following steps for each `UserOperation`: + +* **Call the account with the `UserOperation`'s calldata**. It's up to the account to choose how to parse the calldata; an expected workflow is for the account to have an `execute` function that parses the remaining calldata as a series of one or more calls that the account should make. +* If the calldata starts with the methodsig `IAccountExecute.executeUserOp`, then the EntryPoint must build a calldata by encoding `executeUserOp(userOp,userOpHash)` and call the account using that calldata. +* After the call, refund the account's deposit with the excess gas cost that was pre-charged.\ + A penalty of `10%` (`UNUSED_GAS_PENALTY_PERCENT`) is applied on the amount of gas that is refunded.\ + This penalty is necessary to prevent the UserOps from reserving large parts of the gas space in the bundle but leaving it unused and preventing the bundler from including other UserOperations. +* After the execution of all calls, pay the collected fees from all UserOperations to the bundler's provided address + +![](../assets/erc-4337/bundle-seq.svg) + +Before accepting a `UserOperation`, bundlers should use an RPC method to locally call the `simulateValidation` function on the entry point, to verify that the signature is correct and the operation actually pays fees; see the [Simulation section below](#simulation) for details. +A node/bundler SHOULD drop (not add to the mempool) a `UserOperation` that fails the validation + +### Extension: paymasters + +We extend the entry point logic to support **paymasters** that can sponsor transactions for other users. This feature can be used to allow application developers to subsidize fees for their users, allow users to pay fees with [ERC-20](./erc-20.md) tokens and many other use cases. When the paymasterAndData field in the UserOp is not empty, the entry point implements a different flow for that UserOperation: + +![](../assets/erc-4337/bundle-seq-pm.svg) + +During the verification loop, in addition to calling `validateUserOp`, the `handleOps` execution also must check that the paymaster has enough ETH deposited with the entry point to pay for the operation, and then call `validatePaymasterUserOp` on the paymaster to verify that the paymaster is willing to pay for the operation. Note that in this case, the `validateUserOp` is called with a `missingAccountFunds` of 0 to reflect that the account's deposit is not used for payment for this userOp. + +If the paymaster's validatePaymasterUserOp returns a "context", then `handleOps` must call `postOp` on the paymaster after making the main execution call. + +Maliciously crafted paymasters _can_ DoS the system. To prevent this, we use a reputation system. paymaster must either limit its storage usage, or have a stake. see the [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) for details. + +The paymaster interface is as follows: + +```solidity +function validatePaymasterUserOp + (PackedUserOperation calldata userOp, bytes32 userOpHash, uint256 maxCost) + external returns (bytes memory context, uint256 validationData); + +function postOp + (PostOpMode mode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas) + external; + +enum PostOpMode { + opSucceeded, // user op succeeded + opReverted, // user op reverted. still has to pay for gas. + postOpReverted // Regardless of the UserOp call status, the postOp reverted, and caused both executions to revert. +} +``` + +The EntryPoint must implement the following API to let entities like paymasters to have a stake, and thus have more flexibility in their storage access (see [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) for details.) + +```solidity +// add a stake to the calling entity +function addStake(uint32 _unstakeDelaySec) external payable + +// unlock the stake (must wait unstakeDelay before can withdraw) +function unlockStake() external + +// withdraw the unlocked stake +function withdrawStake(address payable withdrawAddress) external +``` + +The paymaster must also have a deposit, which the entry point will charge UserOperation costs from. +The deposit (for paying gas fees) is separate from the stake (which is locked). + +The EntryPoint must implement the following interface to allow paymasters (and optionally accounts) manage their deposit: + +```c++ +// return the deposit of an account +function balanceOf(address account) public view returns (uint256) + +// add to the deposit of the given account +function depositTo(address account) public payable + +// withdraw from the deposit of the current account +function withdrawTo(address payable withdrawAddress, uint256 withdrawAmount) external +``` + +### Client behavior upon receiving a UserOperation + +When a client receives a `UserOperation`, it must first run some basic sanity checks, namely that: + +* Either the `sender` is an existing contract, or the `initCode` is not empty (but not both) +* If `initCode` is not empty, parse its first 20 bytes as a factory address. Record whether the factory is staked, in case the later simulation indicates that it needs to be. If the factory accesses global state, it must be staked - see [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) for details. +* The `verificationGasLimit` is sufficiently low (`<= MAX_VERIFICATION_GAS`) and the `preVerificationGas` is sufficiently high (enough to pay for the calldata gas cost of serializing the `UserOperation` plus `PRE_VERIFICATION_OVERHEAD_GAS`) +* The `paymasterAndData` is either empty, or start with the **paymaster** address, which is a contract that (i) currently has nonempty code on chain, (ii) has a sufficient deposit to pay for the UserOperation, and (iii) is not currently banned. During simulation, the paymaster's stake is also checked, depending on its storage usage - see [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) for details. +* The callgas is at least the cost of a `CALL` with non-zero value. +* The `maxFeePerGas` and `maxPriorityFeePerGas` are above a configurable minimum value that the client is willing to accept. At the minimum, they are sufficiently high to be included with the current `block.basefee`. +* The sender doesn't have another `UserOperation` already present in the pool (or it replaces an existing entry with the same sender and nonce, with a higher `maxPriorityFeePerGas` and an equally increased `maxFeePerGas`). Only one `UserOperation` per sender may be included in a single batch. A sender is exempt from this rule and may have multiple `UserOperations` in the pool and in a batch if it is staked (see [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) below), but this exception is of limited use to normal accounts. + +If the `UserOperation` object passes these sanity checks, the client must next run the first op simulation, and if the simulation succeeds, the client must add the op to the pool. A second simulation must also happen during bundling to make sure the UserOperation is still valid. + +### Simulation + +#### Simulation Rationale + +In order to add a UserOperation into the mempool (and later to add it into a bundle) we need to "simulate" its validation to make sure it is valid, and that it is capable of paying for its own execution. +In addition, we need to verify that the same will hold true when executed on-chain. +For this purpose, a UserOperation is not allowed to access any information that might change between simulation and execution, such as current block time, number, hash etc. +In addition, a UserOperation is only allowed to access data related to this sender address: Multiple UserOperations should not access the same storage, so that it is impossible to invalidate a large number of UserOperations with a single state change. +There are 3 special contracts that interact with the account: the factory (initCode) that deploys the contract, the paymaster that can pay for the gas, and signature aggregator (described later) +Each of these contracts is also restricted in its storage access, to make sure UserOperation validations are isolated. + +#### Specification: + +To simulate a `UserOperation` validation, the client makes a view call to `simulateValidation(userop)`. + +The EntryPoint itself does not implement the simulation methods. Instead, when making the simulation view call, +The bundler should provide the alternate EntryPointSimulations code, which extends the EntryPoint with the simulation methods. + +The simulation core methods: + +```solidity + +struct ValidationResult { + ReturnInfo returnInfo; + StakeInfo senderInfo; + StakeInfo factoryInfo; + StakeInfo paymasterInfo; + AggregatorStakeInfo aggregatorInfo; +} + +function simulateValidation(PackedUserOperation calldata userOp) +external returns (ValidationResult memory); + +struct ReturnInfo { + uint256 preOpGas; + uint256 prefund; + uint256 accountValidationData; + uint256 paymasterValidationData; + bytes paymasterContext; +} + +struct AggregatorStakeInfo { + address aggregator; + StakeInfo stakeInfo; +} + +struct StakeInfo { + uint256 stake; + uint256 unstakeDelaySec; +} + + +``` + +This method returns `ValidationResult` or revert on validation failure. +The node should drop the UserOperation if the simulation fails (either by revert or by "signature failure") + +The simulated call performs the full validation, by calling: + +1. If `initCode` is present, create the account. +2. `account.validateUserOp`. +3. if specified a paymaster: `paymaster.validatePaymasterUserOp`. + +The simulateValidation should validate the return value (validationData) returned by the account's `validateUserOp` and paymaster's `validatePaymasterUserOp`. +The account MAY return an aggregator. See [Using Signature Aggregator](#using-signature-aggregators) +The paymaster MUST return either "0" (success) or SIG_VALIDATION_FAILED for aggregator, and not an address. +Either return value may contain a "validAfter" and "validUntil" timestamps, which is the time-range that this UserOperation is valid on-chain. +A node MAY drop a UserOperation if it expires too soon (e.g. wouldn't make it to the next block) by either the account or paymaster. +If the `ValidationResult` includes `sigFail`, the client SHOULD drop the `UserOperation`. + +In order to prevent DoS attack on bundlers, they must make sure the validation methods above pass the validation rules, which constraint their usage of opcodes and storage. +For the complete procedure see [ERC-7562](./erc-7562.md) + +#### Alternative Mempools + +The simulation rules above are strict and prevent the ability of paymasters and signature aggregators to grief the system. +However, there might be use-cases where specific paymasters (and signature aggregators) can be validated +(through manual auditing) and verified that they cannot cause any problem, while still require relaxing of the opcode rules. +A bundler cannot simply "whitelist" request from a specific paymaster: if that paymaster is not accepted by all +bundlers, then its support will be sporadic at best. +Instead, we introduce the term "alternate mempool": a modified validation rules, and procedure of propagating them to other bundlers. + +The procedure of using alternate mempools is defined in [ERC-7562](./erc-7562.md#Alt-mempools-rules) + +### Bundling + +During bundling, the client should: + +* Exclude UserOps that access any sender address of another UserOp in the same batch. +* Exclude UserOps that access any address created by another UserOp validation in the same batch (via a factory). +* For each paymaster used in the batch, keep track of the balance while adding UserOps. Ensure that it has sufficient deposit to pay for all the UserOps that use it. +* Sort UserOps by aggregator, to create the lists of UserOps-per-aggregator. +* For each aggregator, run the aggregator-specific code to create aggregated signature, and update the UserOps + +After creating the batch, before including the transaction in a block, the client should: + +* Run `debug_traceCall` with maximum possible gas, to enforce the validation rules on opcode and storage access. + as well as to verify the entire `handleOps` batch transaction, + and use the consumed gas for the actual transaction execution. +* If the call reverted, the bundler MUST use the trace result to find the entity that reverted the call. \ + This is the last entity that is CALL'ed by the EntryPoint prior to the revert. \ + (the bundler cannot assume the revert is `FailedOp`) +* If any verification context rule was violated the bundlers should treat it the same as + if this UserOperation reverted. +* Remove the offending UserOperation from the current bundle and from mempool. +* If the error is caused by a `factory` or a `paymaster`, and the `sender` + of the UserOp **is not** a staked entity, then issue a "ban" (see ["Reputation, throttling and banning"](#reputation-scoring-and-throttlingbanning-for-global-entities)) + for the guilty factory or paymaster. +* If the error is caused by a `factory` or a `paymaster`, and the `sender` + of the UserOp **is** a staked entity, do not ban the `factory` / `paymaster` from the mempool. + Instead, issue a "ban" for the staked `sender` entity. +* Repeat until `debug_traceCall` succeeds. + +As staked entries may use some kind of transient storage to communicate data between UserOperations in the same bundle, +it is critical that the exact same opcode and precompile banning rules as well as storage access rules are enforced +for the `handleOps` validation in its entirety as for individual UserOperations. +Otherwise, attackers may be able to use the banned opcodes to detect running on-chain and trigger a `FailedOp` revert. + +When a bundler includes a bundle in a block it must ensure that earlier transactions in the block don't make any UserOperation fail. It should either use access lists to prevent conflicts, or place the bundle as the first transaction in the block. + + +### Error codes. + +While performing validation, the EntryPoint must revert on failures. During simulation, the calling bundler MUST be able to determine which entity (factory, account or paymaster) caused the failure. +The attribution of revert to entity is done using the call-tracing: the last entity called by the EntryPoint prior the revert is the entity that caused the revert. +* For diagnostic purposes, the EntryPoint must only revert with explicit FailedOp() or FailedOpWithRevert() errors. +* The message of the error starts with event code, AA## +* Event code starting with "AA1" signify an error during account creation +* Event code starting with "AA2" signify an error during account validation (validateUserOp) +* Event code starting with "AA3" signify an error during paymaster validation (validatePaymasterUserOp) + + +## Rationale + +The main challenge with a purely smart contract wallet based account abstraction system is DoS safety: how can a block builder including an operation make sure that it will actually pay fees, without having to first execute the entire operation? Requiring the block builder to execute the entire operation opens a DoS attack vector, as an attacker could easily send many operations that pretend to pay a fee but then revert at the last moment after a long execution. Similarly, to prevent attackers from cheaply clogging the mempool, nodes in the P2P network need to check if an operation will pay a fee before they are willing to forward it. + +The first step is clean separation between validation (acceptance of UserOperation, and acceptance to pay) and execution. +In this proposal, we expect accounts to have a `validateUserOp` method that takes as input a `UserOperation`, and verify the signature and pay the fee. +Only if this method returns successfully, the execution will happen. + +The entry point-based approach allows for a clean separation between verification and execution, and keeps accounts' logic simple. It enforces the simple rule that only after validation is successful (and the UserOp can pay), the execution is done, and also guarantees the fee payment. + +The last step is protecting the bundlers from denial-of-service attacks by a mass number of UserOperation that appear to be valid (and pay) but that eventually revert, and thus block the bundler from processing valid UserOperations. +For this purpose, the bundler requires a set of [restrictions on the validation function](./erc-7526.md), to prevent such denial-of-service attacks. + + +### Reputation scoring and throttling/banning for global entities + +#### Reputation Rationale. + +UserOperation's storage access rules prevent them from interfere with each other. +But "global" entities - paymasters, factories and aggregators are accessed by multiple UserOperations, and thus might invalidate multiple previously-valid UserOperations. + +To prevent abuse, we throttle down (or completely ban for a period of time) an entity that causes invalidation of large number of UserOperations in the mempool. +To prevent such entities from "sybil-attack", we require them to stake with the system, and thus make such DoS attack very expensive. +Note that this stake is never slashed, and can be withdrawn any time (after unstake delay) + +Unstaked entities are allowed, under the rules below. + +When staked, an entity is less restricted in its memory usage. + +The stake value is not enforced on-chain, but specifically by each node while simulating a transaction. + +### Paymasters + +Paymaster contracts allow abstraction of gas: having a contract, that is not the sender of the transaction, pay for the transaction fees. + +Paymaster architecture allows them to follow the model of "pre-charge, and later refund". +E.g. a token-paymaster may pre-charge the user with the max possible price of the transaction, and refund the user with the excess afterwards. + +### First-time account creation + +It is an important design goal of this proposal to replicate the key property of EOAs that users do not need to perform some custom action or rely on an existing user to create their wallet; they can simply generate an address locally and immediately start accepting funds. + +The wallet creation itself is done by a "factory" contract, with wallet-specific data. +The factory is expected to use CREATE2 (not CREATE) to create the wallet, so that the order of creation of wallets doesn't interfere with the generated addresses. +The `initCode` field (if non-zero length) is parsed as a 20-byte address, followed by "calldata" to pass to this address. +This method call is expected to create a wallet and return its address. +If the factory does use CREATE2 or some other deterministic method to create the wallet, it's expected to return the wallet address even if the wallet has already been created. This is to make it easier for clients to query the address without knowing if the wallet has already been deployed, by simulating a call to `entryPoint.getSenderAddress()`, which calls the factory under the hood. +When `initCode` is specified, if either the `sender` address points to an existing contract, or (after calling the initCode) the `sender` address still does not exist, +then the operation is aborted. +The `initCode` MUST NOT be called directly from the entryPoint, but from another address. +The contract created by this factory method should accept a call to `validateUserOp` to validate the UserOp's signature. +For security reasons, it is important that the generated contract address will depend on the initial signature. +This way, even if someone can create a wallet at that address, he can't set different credentials to control it. +The factory has to be staked if it accesses global storage - see [reputation, throttling and banning section](#reputation-scoring-and-throttlingbanning-for-global-entities) for details. + +NOTE: In order for the wallet to determine the "counterfactual" address of the wallet (prior its creation), +it should make a static call to the `entryPoint.getSenderAddress()` + +### Entry point upgrading + +Accounts are encouraged to be DELEGATECALL forwarding contracts for gas efficiency and to allow account upgradability. The account code is expected to hard-code the entry point into their code for gas efficiency. If a new entry point is introduced, whether to add new functionality, improve gas efficiency, or fix a critical security bug, users can self-call to replace their account's code address with a new code address containing code that points to a new entry point. During an upgrade process, it's expected that two mempools will run in parallel. + +### RPC methods (eth namespace) + +#### * eth_sendUserOperation + +eth_sendUserOperation submits a User Operation object to the User Operation pool of the client. The client MUST validate the UserOperation, and return a result accordingly. + +The result `SHOULD` be set to the **userOpHash** if and only if the request passed simulation and was accepted in the client's User Operation pool. If the validation, simulation, or User Operation pool inclusion fails, `result` `SHOULD NOT` be returned. Rather, the client `SHOULD` return the failure reason. + +##### Parameters: + +1. **UserOperation** a full user-operation struct. All fields MUST be set as hex values. empty `bytes` block (e.g. empty `initCode`) MUST be set to `"0x"` +2. **factory** and **factoryData** - either both exist, or none +3. paymaster fields (**paymaster**, **paymasterData**, **paymasterValidationGasLimit**, **paymasterPostOpGasLimit**) either all exist, or none. +4. **EntryPoint** the entrypoint address the request should be sent through. this MUST be one of the entry points returned by the `supportedEntryPoints` rpc call. + +##### Return value: + +* If the UserOperation is valid, the client MUST return the calculated **userOpHash** for it +* in case of failure, MUST return an `error` result object, with `code` and `message`. The error code and message SHOULD be set as follows: + * **code: -32602** - invalid UserOperation struct/fields + * **code: -32500** - transaction rejected by entryPoint's simulateValidation, during wallet creation or validation + * The `message` field MUST be set to the FailedOp's "`AAxx`" error message from the EntryPoint + * **code: -32501** - transaction rejected by paymaster's validatePaymasterUserOp + * The `message` field SHOULD be set to the revert message from the paymaster + * The `data` field MUST contain a `paymaster` value + * **code: -32502** - transaction rejected because of opcode validation + * **code: -32503** - UserOperation out of time-range: either wallet or paymaster returned a time-range, and it is already expired (or will expire soon) + * The `data` field SHOULD contain the `validUntil` and `validAfter` values + * The `data` field SHOULD contain a `paymaster` value, if this error was triggered by the paymaster + * **code: -32504** - transaction rejected because paymaster (or signature aggregator) is throttled/banned + * The `data` field SHOULD contain a `paymaster` or `aggregator` value, depending on the failed entity + * **code: -32505** - transaction rejected because paymaster (or signature aggregator) stake or unstake-delay is too low + * The `data` field SHOULD contain a `paymaster` or `aggregator` value, depending on the failed entity + * The `data` field SHOULD contain a `minimumStake` and `minimumUnstakeDelay` + * **code: -32506** - transaction rejected because wallet specified unsupported signature aggregator + * The `data` field SHOULD contain an `aggregator` value + * **code: -32507** - transaction rejected because of wallet signature check failed (or paymaster signature, if the paymaster uses its data as signature) + +##### Example: + +Request: + +```json= +{ + "jsonrpc": "2.0", + "id": 1, + "method": "eth_sendUserOperation", + "params": [ + { + sender, // address + nonce, // uint256 + factory, // address + factoryData, // bytes + callData, // bytes + callGasLimit, // uint256 + verificationGasLimit, // uint256 + preVerificationGas, // uint256 + maxFeePerGas, // uint256 + maxPriorityFeePerGas, // uint256 + paymaster, // address + paymasterVerificationGasLimit, // uint256 + paymasterPostOpGasLimit, // uint256 + paymasterData, // bytes + signature // bytes + }, + entryPoint // address + ] +} + +``` + +Response: + +``` +{ + "jsonrpc": "2.0", + "id": 1, + "result": "0x1234...5678" +} +``` + +##### Example failure responses: + +```json +{ + "jsonrpc": "2.0", + "id": 1, + "error": { + "message": "AA21 didn't pay prefund", + "code": -32500 + } +} +``` + +```json +{ + "jsonrpc": "2.0", + "id": 1, + "error": { + "message": "paymaster stake too low", + "data": { + "paymaster": "0x123456789012345678901234567890123456790", + "minimumStake": "0xde0b6b3a7640000", + "minimumUnstakeDelay": "0x15180" + }, + "code": -32504 + } +} +``` + + +#### * eth_estimateUserOperationGas + +Estimate the gas values for a UserOperation. +Given UserOperation optionally without gas limits and gas prices, return the needed gas limits. +The signature field is ignored by the wallet, so that the operation will not require user's approval. +Still, it might require putting a "semi-valid" signature (e.g. a signature in the right length) + +**Parameters**: +* Same as `eth_sendUserOperation`\ + gas limits (and prices) parameters are optional, but are used if specified. + `maxFeePerGas` and `maxPriorityFeePerGas` default to zero, so no payment is required by neither account nor paymaster. +* Optionally accepts the `State Override Set` to allow users to modify the state during the gas estimation.\ + This field as well as its behavior is equivalent to the ones defined for `eth_call` RPC method. + + +**Return Values:** + +* **preVerificationGas** gas overhead of this UserOperation +* **verificationGasLimit** actual gas used by the validation of this UserOperation +* **callGasLimit** value used by inner account execution +* **paymasterVerificationGasLimit** value used for paymaster verification (if paymaster exists in the UserOperation) +* **paymasterPostOpGasLimit** value used for paymaster post op execution (if paymaster exists in the UserOperation) + +##### Error Codes: + +Same as `eth_sendUserOperation` +This operation may also return an error if the inner call to the account contract reverts. + +#### * eth_getUserOperationByHash + +Return a UserOperation based on a hash (userOpHash) returned by `eth_sendUserOperation` + +**Parameters** + +* **hash** a userOpHash value returned by `eth_sendUserOperation` + +**Return value**: + +* If the UserOperation is included in a block: + * Return a full UserOperation, with the addition of `entryPoint`, `blockNumber`, `blockHash` and `transactionHash`. + +* Else if the UserOperation is pending in the bundler's mempool: + * MAY return `null`, or: a full UserOperation, with the addition of the `entryPoint` field and a `null` value for `blockNumber`, `blockHash` and `transactionHash`. + +* Else: + * Return `null` + +#### * eth_getUserOperationReceipt + +Return a UserOperation receipt based on a hash (userOpHash) returned by `eth_sendUserOperation` + +**Parameters** + +* **hash** a userOpHash value returned by `eth_sendUserOperation` + +**Return value**: + +`null` in case the UserOperation is not yet included in a block, or: + +* **userOpHash** the request hash +* **entryPoint** +* **sender** +* **nonce** +* **paymaster** the paymaster used for this userOp (or empty) +* **actualGasCost** - actual amount paid (by account or paymaster) for this UserOperation +* **actualGasUsed** - total gas used by this UserOperation (including preVerification, creation, validation and execution) +* **success** boolean - did this execution completed without revert +* **reason** in case of revert, this is the revert reason +* **logs** the logs generated by this UserOperation (not including logs of other UserOperations in the same bundle) +* **receipt** the TransactionReceipt object. + Note that the returned TransactionReceipt is for the entire bundle, not only for this UserOperation. + +#### * eth_supportedEntryPoints + +Returns an array of the entryPoint addresses supported by the client. The first element of the array `SHOULD` be the entryPoint addressed preferred by the client. + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "eth_supportedEntryPoints", + "params": [] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": [ + "0xcd01C8aa8995A59eB7B2627E69b40e0524B5ecf8", + "0x7A0A0d159218E6a2f407B99173A2b12A6DDfC2a6" + ] +} +``` + +#### * eth_chainId + +Returns [EIP-155](./eip-155.md) Chain ID. + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "eth_chainId", + "params": [] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "0x1" +} +``` + +### RPC methods (debug Namespace) + +This api must only be available on testing mode and is required by the compatibility test suite. In production, any `debug_*` rpc calls should be blocked. + +#### * debug_bundler_clearState + +Clears the bundler mempool and reputation data of paymasters/accounts/factories/aggregators. + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_clearState", + "params": [] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "ok" +} +``` + +#### * debug_bundler_dumpMempool + +Dumps the current UserOperations mempool + +**Parameters:** + +* **EntryPoint** the entrypoint used by eth_sendUserOperation + +**Returns:** + +`array` - Array of UserOperations currently in the mempool. + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_dumpMempool", + "params": ["0x1306b01bC3e4AD202612D3843387e94737673F53"] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": [ + { + sender, // address + nonce, // uint256 + factory, // address + factoryData, // bytes + callData, // bytes + callGasLimit, // uint256 + verificationGasLimit, // uint256 + preVerificationGas, // uint256 + maxFeePerGas, // uint256 + maxPriorityFeePerGas, // uint256 + signature // bytes + } + ] +} +``` + +#### * debug_bundler_sendBundleNow + +Forces the bundler to build and execute a bundle from the mempool as `handleOps()` transaction. + +Returns: `transactionHash` + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_sendBundleNow", + "params": [] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "0xdead9e43632ac70c46b4003434058b18db0ad809617bd29f3448d46ca9085576" +} +``` + +#### * debug_bundler_setBundlingMode + +Sets bundling mode. + +After setting mode to "manual", an explicit call to debug_bundler_sendBundleNow is required to send a bundle. + +##### parameters: + +`mode` - 'manual' | 'auto' + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_setBundlingMode", + "params": ["manual"] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "ok" +} +``` + +#### * debug_bundler_setReputation + +Sets reputation of given addresses. parameters: + +**Parameters:** + +* An array of reputation entries to add/replace, with the fields: + + * `address` - The address to set the reputation for. + * `opsSeen` - number of times a user operations with that entity was seen and added to the mempool + * `opsIncluded` - number of times a user operations that uses this entity was included on-chain + +* **EntryPoint** the entrypoint used by eth_sendUserOperation + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_setReputation", + "params": [ + [ + { + "address": "0x7A0A0d159218E6a2f407B99173A2b12A6DDfC2a6", + "opsSeen": "0x14", + "opsIncluded": "0x0D" + } + ], + "0x1306b01bC3e4AD202612D3843387e94737673F53" + ] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "ok" +} +``` + + +#### * debug_bundler_dumpReputation + +Returns the reputation data of all observed addresses. +Returns an array of reputation objects, each with the fields described above in `debug_bundler_setReputation` with the + + +**Parameters:** + +* **EntryPoint** the entrypoint used by eth_sendUserOperation + +**Return value:** + +An array of reputation entries with the fields: + +* `address` - The address to set the reputation for. +* `opsSeen` - number of times a user operations with that entity was seen and added to the mempool +* `opsIncluded` - number of times a user operations that uses this entity was included on-chain +* `status` - (string) The status of the address in the bundler 'ok' | 'throttled' | 'banned'. + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_dumpReputation", + "params": ["0x1306b01bC3e4AD202612D3843387e94737673F53"] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": [ + { "address": "0x7A0A0d159218E6a2f407B99173A2b12A6DDfC2a6", + "opsSeen": "0x14", + "opsIncluded": "0x13", + "status": "ok" + } + ] +} +``` + +#### * debug_bundler_addUserOps + +Accept UserOperations into the mempool. +Assume the given UserOperations all pass validation (without actually validating them), and accept them directly into th mempool + +**Parameters:** + +* An array of UserOperations + +```json= +# Request +{ + "jsonrpc": "2.0", + "id": 1, + "method": "debug_bundler_addUserOps", + "params": [ + [ + { sender: "0xa...", ... }, + { sender: "0xb...", ... } + ] + ] +} + +# Response +{ + "jsonrpc": "2.0", + "id": 1, + "result": "ok" +} +``` + +## Backwards Compatibility + +This ERC does not change the consensus layer, so there are no backwards compatibility issues for Ethereum as a whole. Unfortunately it is not easily compatible with pre-[ERC-4337](./eip-4337.md) accounts, because those accounts do not have a `validateUserOp` function. If the account has a function for authorizing a trusted op submitter, then this could be fixed by creating an [ERC-4337](./eip-4337.md) compatible account that re-implements the verification logic as a wrapper and setting it to be the original account's trusted op submitter. + +## Reference Implementation + +See `https://github.com/eth-infinitism/account-abstraction/tree/main/contracts` + +## Security Considerations + +The entry point contract will need to be very heavily audited and formally verified, because it will serve as a central trust point for _all_ [ERC-4337]. In total, this architecture reduces auditing and formal verification load for the ecosystem, because the amount of work that individual _accounts_ have to do becomes much smaller (they need only verify the `validateUserOp` function and its "check signature and pay fees" logic) and check that other functions are `msg.sender == ENTRY_POINT` gated (perhaps also allowing `msg.sender == self`), but it is nevertheless the case that this is done precisely by concentrating security risk in the entry point contract that needs to be verified to be very robust. + +Verification would need to cover two primary claims (not including claims needed to protect paymasters, and claims needed to establish p2p-level DoS resistance): + +* **Safety against arbitrary hijacking**: The entry point only calls an account generically if `validateUserOp` to that specific account has passed (and with `op.calldata` equal to the generic call's calldata) +* **Safety against fee draining**: If the entry point calls `validateUserOp` and passes, it also must make the generic call with calldata equal to `op.calldata` + +## Copyright + +Copyright and related rights waived via [CC0](../LICENSE.md). diff --git a/dependencies/account-abstraction/erc/ERCS/erc-7562.md b/dependencies/account-abstraction/erc/ERCS/erc-7562.md new file mode 100644 index 00000000..f87c38d6 --- /dev/null +++ b/dependencies/account-abstraction/erc/ERCS/erc-7562.md @@ -0,0 +1,392 @@ +--- +eip: 7562 +title: Account Abstraction Validation Scope Rules +description: A set of limitations on validation EVM code to protect Account Abstraction nodes from denial-of-service attacks through unpaid computation. +author: Yoav Weiss (@yoavw), Dror Tirosh (@drortirosh), Alex Forshtat (@forshtat), Shahaf Nacson (@shahafn) +discussions-to: https://ethereum-magicians.org/t/erc-7562-account-abstraction-validation-scope-rules/16683 +status: Draft +type: Standards Track +category: ERC +created: 2023-09-01 +--- + +## Abstract + +This document describes the rules we impose on the validation context of Account Abstraction transactions, +such as [ERC-4337](./erc-4337.md) `UserOperation` or [RIP-7560](./rip-7560.md) (Native Account Abstraction), which are enforced off-chain by a +block builder or a standalone bundler, and the rationale behind each one of them. + +## Motivation + +With Account-Abstraction, instead of hard-coded logic for processing a transaction (validation, gas-payment, and execution), this logic is executed by EVM code. +The benefits for the account are countless - +- abstracting the validation allows the contract to use different signature schemes, multisig configuration, custom recovery, and more. +- abstracting gas payments allows easy onboarding by 3rd party payments, paying with tokens, cross-chain gas payments +- abstracting execution allows batch transactions + +All of the above are missing from the EOA account model. + +However, there is one rule a transaction must follow to preserve the decentralized network: once submitted into the network (the mempool), the transaction is guaranteed to pay. This comes to prevent denial of service attacks on the network. + +The EOA model implicitly follows the rule: a valid transaction can't become invalid without payment by the account: e.g account balance can't be reduced (except with a higher paying transaction) + +This simple rule makes the network sustainable and DoS-protected: the network can't be cheaply attacked by a mass of transactions. An attack (sending a mass of transactions) is expensive, and gets more expensive as the network clogs. Legitimate users pay more, and can delay operations to avoid the cost, but the attacker pays a huge (and increasing) amount to keep the network clogged. + +For Account-Abstraction system we want to keep the same rule, so that attempting a DoS attack on the network should be as expensive. +In order to do so, we add the following validation rules. + +For the actual interfaces of those contract-based accounts see the definitions in ERC-4337 and RIP-7560. + +This documentation uses the terminology "UserOperation" for a transaction created by a smart contract account, and closely follows [ERC-4337](./erc-4337.md) terminology. +However, the rules apply to any account-abstraction framework that uses EVM code to perform transaction validation and makes a distinction between validation and execution. + +## Rationale + +All transactions initiated by EOAs have an implicit validation phase where balance, nonce, and signature are +checked to be valid for the current state of the Ethereum blockchain. +Once the transaction is checked to be valid by a node, only another transaction by the same EOA can modify the Ethereum +state in a way that makes the first transaction invalid. + +With Account Abstraction, however, the validation can also include an arbitrary EVM code and rely on storage as well, +which means that unrelated `UserOperations` or transactions may invalidate each other. + +If not addressed, this would make the job of maintaining a mempool of valid `UserOperations` and producing valid +bundles computationally infeasible and susceptible to DoS attacks. + +This document describes a set of validation rules that if applied by a bundler before accepting a `UserOperation` +into the mempool can prevent such attacks. + +### The high-level goal + +The purpose of this specification is to define a consensus between nodes (bundlers or block-builders) when processing incoming UserOperations from an external source. +This external source for UserOperations is either an end-user node (via RPC) or another node in the p2p network. + +The protocol tries to detect "spam" - which are large bursts of UserOperations that cannot be included on-chain (and thus can't pay). +The network is protected by throttling down requests from such spammer nodes. + +All nodes in the network must have the same definition of "spam": otherwise, if some nodes accept some type of UserOperations and propagate them while others consider them spam, those "forgiving" nodes will be considered "spammers" by the rest of the nodes, and the network effectively gets split. + +### The processing flow of a UserOperation + +- First, a UserOperation is received - either via RPC (submitted on behalf of a single application) or via the p2p protocol, from another node in the mempool. +- The node performs validation on the UserOperation, and then adds it to its in-memory mempool, and submits it to its peers. +- Lastly, when building a block, a node collects UserOperations from the mempool, performs a 2nd validation to make sure they are all still valid as a bundle and submits them into the next block. + +### The need for 2nd validation before submitting a block + +A normal Ethereum transaction in the mempool can be invalidated if another transaction was received with the same nonce. That other transaction had to increase the gas price in order to replace the first one, so it satisfied the rule of "must pay to get included into the mempool" +With contract-based accounts, since the UserOperation validity may depend on mutable state, other transactions may invalidate a previously valid UserOperation, so we must check it before inclusion + +### Rationale of limiting opcodes: + +- the validation is performed off-chain, before creating a block. Some opcodes access information that is known only when creating the block. +- using those opcodes while validating a transaction can easily create a validation rule that will succeed off-chain, but always revert on-chain, and thus cause a DoS attack. +- a simple example is `require block.number==12345`. It can be valid when validating the UserOperation and adding it to the mempool + but will be invalid when attempting to include it on-chain at a later block. + +### Rationale for limiting storage access + +- We need UserOperation validations not to overlap so that a single storage change can't easily invalidate a large number of UserOperations in the mempool. By limiting UserOperations to access storage associated with the account itself, we know that we can for sure include a single UserOperation for each account in a bundle +- (A bundler MAY include more than one UserOperation of an account in a bundle, MUST first validate them together) + +### Rationale of requiring a stake + +We want to be able to allow globally-used contracts (paymasters, factories) to use storage not associated with the account, but still prevent them from +spamming the mempool. +If a contract causes too many UserOperations to fail in their second validation after succeeding in their first, we can throttle its use in the mempool. +By requiring such a contract to have a stake, we prevent a "Sybil attack", by making it expensive to create a large number of such paymasters to continue the spam attack. + +By following the validation rules, we can detect contracts that cause spam UserOperations, and throttle them. +The stake comes to prevent the fast re-creation of malicious entities. +The stake is never slashed (since it is only used for off-chain detection) but is locked for a period of time, which makes such an attack much more expensive. + + +### Definition of the `mass invalidation attack` + +A possible set of actions is considered to be a `mass invalidation attack` on the network if a large number of +`UserOperations` that did pass the initial validation and were accepted by nodes and propagated further into the +mempool to other bundlers in the network becomes invalid and not eligible for inclusion in a block. + +There are 3 ways to perform such an attack: + +1. Submit `UserOperation`s that pass the initial validation, but later fail the re-validation + that is performed during the bundle creation. +2. Submit `UserOperation`s that are valid in isolation during validation, but when bundled + together become invalid. +3. Submit valid `UserOperation`s but "front-run" them by executing a state change on the + network that causes them to become invalid. The "front-run" in question must be economically viable. + +To prevent such attacks, we attempt to "sandbox" the validation code. +We isolate the validation code from other `UserOperations`, from external changes to the storage, and +from information about the environment such as a current block timestamp. + +### What is not considered a `mass invalidation attack` + +A `UserOperation` that fails the initial validation by a receiving node without entering its mempool is not +considered an attack. The node is expected to apply web2 security measures and throttle requests based on API key, +source IP address, etc. +RPC nodes already do that to prevent being spammed with invalid transactions which also have a validation cost. +P2P nodes already have (and should apply) a scoring mechanism to determine spammer nodes. + +Also, if the invalidation of `N` UserOperations from the mempool costs `N*X` with a sufficiently large `X`, it is not considered an economically viable attack. + +- The minimum change to cause an invalidation is a storage change (5k gas) +- Assuming a Node can sustain processing 2000 invalid UserOps per block, the cost of a DoS attack is 10M gas per block. +- The above value is high, but we take further measures to make such an attack more expensive. + + +## Specification + +### Rule Types + +There are two types of rules: + +- **Network-wide rules** rules that MUST be applied to each UserOperation before accepting it into the local mempool and propagating it. + These rules include the opcode and storage rules. + - Failing these validation rules SHOULD drop the UserOperation + - Failing these validations during 2nd validation phase (before submitting a bundle) SHOULD degrade + the reputation of the offending entity + - Bundler MUST NOT propagate UserOperations that fail the validation rules, otherwise + it will be considered a "spammer" by other bundlers in the mempool, and get disconnected. + +- **Local rules** + These are "soft" rules, based on the reputation of entities. + These rules come to protect the bundler itself from spamming attacks. + - Bundlers SHOULD drop such UserOperations without performing validation. + - Bundlers SHOULD NOT propagate such UserOperations to other bundlers. + - Bundlers SHOULD NOT consider another bundler a "spammer" if it does. + +### Constants + +| Title | Value | Comment | +|--------------------------------------|-----------------------------|---------------------------------------------------------------------------------| +| `MIN_UNSTAKE_DELAY` | 86400 | 1 day | +| `MIN_STAKE_VALUE` | Adjustable per chain value | Equivalent to ~$1000 in native tokens | +| `SAME_SENDER_MEMPOOL_COUNT` | 4 | | +| `SAME_UNSTAKED_ENTITY_MEMPOOL_COUNT` | 10 | | +| `THROTTLED_ENTITY_MEMPOOL_COUNT` | 4 | Number of `UserOperations` with a throttled entity that can stay in the mempool | +| `THROTTLED_ENTITY_LIVE_BLOCKS` | 10 | Number of blocks a `UserOperations` with a throttled entity can stay in mempool | +| `THROTTLED_ENTITY_BUNDLE_COUNT` | 4 | | +| `MIN_INCLUSION_RATE_DENOMINATOR` | 100 (client) \ 10 (bundler) | | +| `THROTTLING_SLACK` | 10 | | +| `BAN_SLACK` | 50 | | +| `BAN_OPS_SEEN_PENALTY` | 10000 | | +| `MAX_OPS_ALLOWED_UNSTAKED_ENTITY` | 10000 | + +### Validation Rules + +### **Definitions**: +1. **Validation Phases**: there are up to 3 phases of validation + 1. smart account deployment + 2. smart account validation + 3. paymaster validation. +2. **Entity**: a contract that is explicitly specified by the `UserOperation`. + Includes the `factory`, `paymaster`, `aggregator`, and staked `account`, as discussed below. \ + Each "validation phase" is attributed to a single entity. \ + Entity contracts must have non-empty code on-chain. +3. **Canonical Mempool**: The rules defined in this document apply to the main mempool shared by all bundlers on the network. +4. **Staked Entity:** an entity that has a locked stake of at least `MIN_STAKE_VALUE` + and an unstake delay of at least `MIN_UNSTAKE_DELAY`. +5. **Associated storage:** a storage slot of any smart contract is considered to be "associated" with address `A` if: + 1. The slot value is `A` + 2. The slot value was calculated as `keccak(A||x)+n`, where `x` is a `bytes32` value, and `n` is a value in the range 0..128 +6. **Using an address**: accessing the code of a given address in any way. + This can be done by executing `*CALL` or `EXTCODE*` opcodes for a given address. + +### Reputation Definitions +1. **opsSeen**: a per-entity counter of how many times a unique valid `UserOperation` referencing this entity + was received by this bundler. + This includes `UserOperation` received via incoming RPC calls or through a P2P mempool protocol. + +2. **opsIncluded**: a per-entity counter of how many times a unique valid `UserOperation` referencing this entity + appeared in an actual included `UserOperation`. \ + Calculation of this value is based on UserOperationEvents and is only counted for `UserOperations` that were + previously counted as `opsSeen` by this bundler. +3. Both values are updated every hour as `value = value * 23 // 24` \ + Effectively, the value is reduced to 1% after 4 days. +4. **inclusionRate**: Relation of `opsIncluded` to `opsSeen` + + +### Reputation Calculation + +We define a value `max_seen = opsSeen // MIN_INCLUSION_RATE_DENOMINATOR`. + +The reputation state of each entity is determined as follows: + +1. **BANNED**: `max_seen > opsIncluded + BAN_SLACK` +2. **THROTTLED**: `max_seen > opsIncluded + THROTTLING_SLACK` +3. **OK**: otherwise + +Note that new entities start with an `OK` reputation. + +To help make sense of these params, note that a malicious paymaster can at most cause the network (only the p2p network, not the blockchain) to process `BAN_SLACK * MIN_INCLUSION_RATE_DENOMINATOR / 24` non-paying ops per hour. + +### Running the Validation Rules + +1. A block builder or a bundler should perform a full validation before accepting a `UserOperation` into its mempool. +2. During the validation phase, the bundler should trace the execution and apply all the rules defined in this document. +3. A bundler should also perform a full validation of the entire bundle before submission. +4. The validation rules prevent an unstaked entity from detecting the bundle validation. + However, a malicious staked entity can detect that it is running in a bundle validation and cause a revert. +5. The failed `UserOperation` should be dropped from the bundle. +6. The staked entity that caused a revert violated the Account Abstraction rules and should be marked as `THROTTLED`. + +### Mempool Validation Rules + +1. A `UserOperation` is broadcast over the P2P protocol with the following information: + 1. The `UserOperation` itself + 2. The blockhash this `UserOperation` was originally verified against. +2. Once a `UserOperation` is received from another bundler it should be verified locally by a receiving bundler. +3. A received `UserOperation` may fail any of the reasonable static checks, such as: \ + invalid format, values below minimum, submitted with a blockhash that isn't recent, etc. \ + In this case, the bundler should drop this particular `UserOperation` but keep the connection. +4. The bundler should check the `UserOperation` against the nonces of last-included bundles. \ + Silently drop `UserOperations` with `nonce` that was recently included. + This invalidation is likely attributable to a network race condition and should not cause a reputation change. +5. If a received `UserOperation` fails against the current block: + 1. Retry the validation against the block the `UserOperation` was originally verified against. + 2. If it succeeds, silently drop the `UserOperation` and keep the connection. + 3. If it fails, mark the sender as a "spammer" + +### Opcode Rules +* Block access from opcodes that access information outside of storage and code (aka "environment"). + * **[OP-011]** Blocked Opcodes: + * `BALANCE` (`0x31`) + * `ORIGIN` (`0x32`) + * `GASPRICE` (`0x3A`) + * `BLOCKHASH` (`0x40`) + * `COINBASE` (`0x41`) + * `TIMESTAMP` (`0x42`) + * `NUMBER` (`0x43`) + * `PREVRANDAO`/`DIFFICULTY` (`0x44`) + * `GASLIMIT` (`0x45`) + * `SELFBALANCE` (`0x47`) + * `BASEFEE` (`0x48`) + * `GAS` (`0x5A`) + * `CREATE` (`0xF0`) + * `INVALID` (`0xFE`) + * `SELFDESTRUCT` (`0xFF`) + * **[OP-012]** `GAS `opcode is allowed, but only if followed immediately by `*CALL` instructions.\ + This is a common way to pass all remaining gas to an external call, and it means that the actual value is + consumed from the stack immediately and cannot be accessed by any other opcode. + * **[OP-13]** any "unassigned" opcode. +* **[OP-020]** Revert on "out of gas" is forbidden as it can "leak" the gas limit or the current call stack depth. +* Contract creation: + * **[OP-031]** `CREATE2` is allowed exactly once in the deployment phase and must deploy code for the "sender" address. +* Access to an address without a deployed code is forbidden: + * **[OP-041]** For `EXTCODE*` and `*CALL` opcodes. + * **[OP-042]** Exception: access to the "sender" address is allowed. + This is only possible in `factory` code during the deployment phase. +* Allowed access to the `EntryPoint` address: + * **[OP-051]** May call `EXTCODESIZE ISZERO`\ + This pattern is used to check destination has a code before the `depositTo` function is called. + * **[OP-052]** May call `depositTo(sender)` with any value from either the `sender` or `factory`. + * **[OP-053]** May call the fallback function from the `sender` with any value. + * **[OP-054]** Any other access to the `EntryPoint` is forbidden. +* `*CALL` opcodes: + * **[OP-061]** `CALL` with `value` is forbidden. The only exception is a call to the `EntryPoint` described above. + * **[OP-062]** Precompiles: + * Only allow known accepted precompiles on the network, that do not access anything in the blockchain state or environment. + * The core precompiles 0x1 .. 0x9 + * The [RIP-7212](./rip-7212.md) sec256r1 precompile, on networks that accepted it. +* **[OP-070]** Transient Storage slots defined in [EIP-1153](./eip-1153) and accessed using `TLOAD` (`0x5c`) and `TSTORE` (`0x5d`) opcodes + are treated exactly like persistent storage (SLOAD/SSTORE). + +### Code Rules + +* **[COD-010]** Between the first and the second validations, the `EXTCODEHASH` value of any visited address, + entity, or referenced library, may not be changed.\ + If the code is modified, the UserOperation is considered invalid. + +### Storage Rules + +The permanent storage access with `SLOAD` and `SSTORE` instructions within each phase is limited as follows: + +* **[STO-010]** Access to the "account" storage is always allowed. +* Access to associated storage of the account in an external (non-entity) contract is allowed if either: + * **[STO-021]** The account already exists. + * **[STO-022]** There is an `initCode` and the `factory` contract is staked. +* If the entity (`paymaster`, `factory`) is staked, then it is also allowed: + * **[STO-031]** Access the entity's own storage. + * **[STO-032]** Read/Write Access to storage slots that are associated with the entity, in any non-entity contract. + * **[STO-033]** Read-only access to any storage in non-entity contract. + +### Local Rules + +Local storage rules protect the bundler against denial of service at the time of bundling. They do not affect mempool propagation and cannot cause a bundler to be marked as a "spammer". +* **[STO-040]** `UserOperation` may not use an entity address (`factory`/`paymaster`/`aggregator`) that is used as an "account" in another `UserOperation` in the mempool. \ + This means that `Paymaster` and `Factory` contracts cannot practically be an "account" contract as well. +* **[STO-041]** `UserOperation` may not use associated storage (of either its account or from staked entity) in a contract that is a "sender" of another UserOperation in the mempool. + +### General Reputation Rules + +The following reputation rules apply for all staked entities, and for unstaked paymasters. All rules apply to all of these entities unless specified otherwise. + +* **[GREP-010]** A `BANNED` address is not allowed into the mempool.\ + Also, all existing `UserOperations` referencing this address are removed from the mempool. +* **[GREP-020]** A `THROTTLED` address is limited to: + * `THROTTLED_ENTITY_MEMPOOL_COUNT` entries in the mempool. + * `THROTTLED_ENTITY_BUNDLE_COUNT` `UserOperations` in a bundle. + * Can remain in the mempool only for `THROTTLED_ENTITY_LIVE_BLOCKS`. +* **[GREP-040]** If an entity fails the bundle creation after passing second validation, its `opsSeen` set to `BAN_OPS_SEEN_PENALTY`, and `opsIncluded` to zero, causing it to be `BANNED`. + +### Staked Entities Reputation Rules + +* **[SREP-010]** The "canonical mempool" defines a staked entity if it has `MIN_STAKE_VALUE` and unstake delay of `MIN_UNSTAKE_DELAY` +* **[SREP-020]** An `OK` staked entity is unlimited by the reputation rule. + * Allowed in unlimited numbers in the mempool. + * Allowed in unlimited numbers in a bundle. + +### Entity-specific Rules + +* **[EREP-010]** For each `paymaster`, the mempool must maintain the total gas `UserOperations` using this `paymaster` may consume. + * Do not add a `UserOperation` to the mempool if the maximum total gas cost, including the new `UserOperation`, is above the deposit of the `paymaster` at the current gas price. +* **[EREP-015]** A `paymaster` should not have its opsSeen incremented on failure of factory or account + * When running 2nd validation (before inclusion in a bundle), if a UserOperation fails because of factory or account error (either a FailOp revert or validation rule), then the paymaster's opsSeen valid is decremented by 1. +* **[EREP-020]** A staked factory is "accountable" for account breaking the rules. \ + That is, if the `validateUserOp()` is rejected for any reason in a `UserOperation` that has an `initCode`, it is treated as if the factory caused this failure, and thus this affects its reputation. +* **[EREP-030]** A Staked Account is accountable for failures in other entities (`paymaster`, `aggregator`) even if they are staked. +* **[EREP-040]** An `aggregator` must be staked, regardless of storage usage. + +### Unstaked Paymasters Reputation Rules + +* Definitions: + * **`opsSeen`, `opsIncluded`, and reputation calculation** are defined above. + * `UnstakedReputation` of an entity determines the maximum number of entries using this entity allowed in the mempool. + * `opsAllowed` is a reputation-based calculation for an unstaked entity, representing how many `UserOperations` it is allowed to have in the mempool. + * Rules: + * **[UREP-010]** An unstaked sender is only allowed to have `SAME_SENDER_MEMPOOL_COUNT` `UserOperation`s in the mempool. A staked sender is only limited by the SREP rules. + * **[UREP-020]** For an unstaked paymaster only that is not throttled/banned: \ + `opsAllowed = SAME_UNSTAKED_ENTITY_MEMPOOL_COUNT + inclusionRate * min(opsIncluded, MAX_OPS_ALLOWED_UNSTAKED_ENTITY)`. + * This is a default of `SAME_UNSTAKED_ENTITY_MEMPOOL_COUNT` for new entity + +### Alt-mempools Rules + +Alternate mempool is an agreed-upon rule that the bundlers may opt into, in addition to the canonical mempool +The alt-mempool "topic" is a unique identifier. By convention, this is the IPFS hash of the document describing (in clear test and YAML file) the specifics of this alt mempool + +* **[ALT-010]** The bundler listens to the alt-mempool "topic" over the P2P protocol +* **[ALT-020]** The alt mempool rules MUST be checked only when a canonical rule is violated + * That is, if validation follows the canonical rules above, it is not considered part of an alt-mempool. +* **[ALT-021]** Such a `UserOperation` (that violates the canonical rules) is checked against all the "alternate mempools", and is considered part of all those alt-mempools +* **[ALT-030]** Bundlers SHOULD forward `UserOperations` to other bundlers only once, regardless of how many (shared) alt-mempools they have. \ + The receiving bundler validates the `UserOperations`, and based on the above rules (and subscribed alt-mempools) decides which alt-mempools to propagate it to. +* **[ALT-040]** opsInclude and opsSeen of entities are kept per alt-mempool. That is, an entity can be considered throttled (or banned) in one mempool, while still active on another. + +### Alt-mempool Reputation + +Alt-mempools are served by the same bundlers participating in the canonical mempool, but change the rules and may introduce denial-of-service attack vectors. To prevent them from taking the canonical mempool or other alt mempools down with them, a reputation is managed for each. An alt mempool that causes too many invalidations gets throttled. This limits the scope of the attack and lets the bundler continue doing its work for other mempools. + +* **[AREP-010]** each alt-mempool manages "opsSeen" and "opsIncluded", much like entities. The opsSeen is incremented after `UserOperation` initial validation, where it is considered part of this mempool. + The "opsIncluded" is incremented after this UserOperation is included on-chain (either by this bundler, or another) +* **[AREP-020]** the alt-mempool becomes THROTTLED based on the [Reputation Calculation](#reputation-calculation) + +## Security Considerations + +This document describes the security considerations bundlers must take to protect themselves (and the entire mempool network) +from denial-of-service attacks. + +## Copyright + +Copyright and related rights waived via [CC0](../LICENSE.md). + diff --git a/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq-pm.svg b/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq-pm.svg new file mode 100644 index 00000000..67befce8 --- /dev/null +++ b/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq-pm.svg @@ -0,0 +1 @@ +EntryPointAccountPaymasterAccount21handleOps(userOps[]):Validation2validateUserOp3validatePaymasterUserOp4deduct paymaster depositExecution5exec6postOp7refund paymaster8compensate(beneficiary) \ No newline at end of file diff --git a/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq.svg b/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq.svg new file mode 100644 index 00000000..a637d705 --- /dev/null +++ b/dependencies/account-abstraction/erc/assets/erc-4337/bundle-seq.svg @@ -0,0 +1 @@ +EntryPointFactoryAccountAccount21handleOps(userOps[]):Validations2create (initCode)3create4account5validateUserOp6deposit7deduct account deposit8validateUserOp9deposit10deduct account2 depositExecutions11exec12refund account113exec14refund account215compensate(beneficiary) \ No newline at end of file diff --git a/dependencies/account-abstraction/erc/assets/erc-4337/image1.png b/dependencies/account-abstraction/erc/assets/erc-4337/image1.png new file mode 100644 index 00000000..ced8ea57 Binary files /dev/null and b/dependencies/account-abstraction/erc/assets/erc-4337/image1.png differ diff --git a/dependencies/account-abstraction/erc/assets/erc-4337/image2.png b/dependencies/account-abstraction/erc/assets/erc-4337/image2.png new file mode 100644 index 00000000..6d0c6f71 Binary files /dev/null and b/dependencies/account-abstraction/erc/assets/erc-4337/image2.png differ diff --git a/dependencies/account-abstraction/gascalc/0-init-gas-checker.ts b/dependencies/account-abstraction/gascalc/0-init-gas-checker.ts new file mode 100644 index 00000000..78d6b7fc --- /dev/null +++ b/dependencies/account-abstraction/gascalc/0-init-gas-checker.ts @@ -0,0 +1,12 @@ +import { GasCheckCollector, GasChecker } from './GasChecker' + +describe('gas calculations', function () { + this.timeout(60000) + const g = new GasChecker() + + it('warmup', async function () { + await GasCheckCollector.init() + // dummy run - first run is slower. + await g.runTest({ title: 'simple', count: 1, diffLastGas: false }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/1-simple-wallet.gas.ts b/dependencies/account-abstraction/gascalc/1-simple-wallet.gas.ts new file mode 100644 index 00000000..0943d1f0 --- /dev/null +++ b/dependencies/account-abstraction/gascalc/1-simple-wallet.gas.ts @@ -0,0 +1,17 @@ +import { GasChecker } from './GasChecker' + +context('simple account', function () { + this.timeout(60000) + const g = new GasChecker() + + it('simple 1', async function () { + await g.addTestRow({ title: 'simple', count: 1, diffLastGas: false }) + await g.addTestRow({ title: 'simple - diff from previous', count: 2, diffLastGas: true }) + }) + + it('simple 10', async function () { + if (g.skipLong()) this.skip() + await g.addTestRow({ title: 'simple', count: 10, diffLastGas: false }) + await g.addTestRow({ title: 'simple - diff from previous', count: 11, diffLastGas: true }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/2-paymaster.gas.ts b/dependencies/account-abstraction/gascalc/2-paymaster.gas.ts new file mode 100644 index 00000000..89a5d3dc --- /dev/null +++ b/dependencies/account-abstraction/gascalc/2-paymaster.gas.ts @@ -0,0 +1,43 @@ +import { parseEther } from 'ethers/lib/utils' +import { TestPaymasterAcceptAll__factory } from '../typechain' +import { ethers } from 'hardhat' +import { GasChecker } from './GasChecker' +import { Create2Factory } from '../src/Create2Factory' +import { hexValue } from '@ethersproject/bytes' + +const ethersSigner = ethers.provider.getSigner() + +context('Minimal Paymaster', function () { + this.timeout(60000) + const g = new GasChecker() + + let paymasterAddress: string + before(async () => { + const paymasterInit = hexValue(new TestPaymasterAcceptAll__factory(ethersSigner).getDeployTransaction(g.entryPoint().address).data!) + paymasterAddress = await new Create2Factory(ethers.provider, ethersSigner).deploy(paymasterInit, 0) + const paymaster = TestPaymasterAcceptAll__factory.connect(paymasterAddress, ethersSigner) + await paymaster.addStake(1, { value: 1 }) + await g.entryPoint().depositTo(paymaster.address, { value: parseEther('10') }) + }) + it('simple paymaster', async function () { + await g.addTestRow({ title: 'simple paymaster', count: 1, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'simple paymaster with diff', + count: 2, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) + + it('simple paymaster 10', async function () { + if (g.skipLong()) this.skip() + + await g.addTestRow({ title: 'simple paymaster', count: 10, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'simple paymaster with diff', + count: 11, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/3-huge-tx-gas.ts b/dependencies/account-abstraction/gascalc/3-huge-tx-gas.ts new file mode 100644 index 00000000..ae762478 --- /dev/null +++ b/dependencies/account-abstraction/gascalc/3-huge-tx-gas.ts @@ -0,0 +1,17 @@ +import { DefaultGasTestInfo, GasChecker } from './GasChecker' + +context('huge tx - 5k', function () { + this.timeout(60000) + const huge = DefaultGasTestInfo.destCallData!.padEnd(10240, 'f') + const g = new GasChecker() + + it('big tx 5k', async () => { + await g.addTestRow({ title: 'big tx 5k', count: 1, destCallData: huge, diffLastGas: false }) + await g.addTestRow({ title: 'big tx - diff from previous', count: 2, destCallData: huge, diffLastGas: true }) + }) + it('big tx 10', async function () { + if (g.skipLong()) this.skip() + await g.addTestRow({ title: 'big tx 5k', count: 10, destCallData: huge, diffLastGas: false }) + await g.addTestRow({ title: 'big tx - diff from previous', count: 11, destCallData: huge, diffLastGas: true }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/4-paymaster-postop.gas.ts b/dependencies/account-abstraction/gascalc/4-paymaster-postop.gas.ts new file mode 100644 index 00000000..c7495dc7 --- /dev/null +++ b/dependencies/account-abstraction/gascalc/4-paymaster-postop.gas.ts @@ -0,0 +1,45 @@ +import { parseEther } from 'ethers/lib/utils' +import { TestPaymasterWithPostOp__factory } from '../typechain' +import { ethers } from 'hardhat' +import { GasChecker } from './GasChecker' +import { Create2Factory } from '../src/Create2Factory' +import { hexValue } from '@ethersproject/bytes' + +const ethersSigner = ethers.provider.getSigner() + +context('Paymaster with PostOp', function () { + this.timeout(60000) + const g = new GasChecker() + + let paymasterAddress: string + + before(async () => { + const paymasterInit = hexValue(new TestPaymasterWithPostOp__factory(ethersSigner).getDeployTransaction(g.entryPoint().address).data!) + paymasterAddress = await new Create2Factory(ethers.provider, ethersSigner).deploy(paymasterInit, 0) + const paymaster = TestPaymasterWithPostOp__factory.connect(paymasterAddress, ethersSigner) + await paymaster.addStake(1, { value: 1 }) + await g.entryPoint().depositTo(paymaster.address, { value: parseEther('10') }) + }) + + it('paymaster with PostOp', async function () { + await g.addTestRow({ title: 'paymaster+postOp', count: 1, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'paymaster+postOp with diff', + count: 2, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) + + it('paymaster with postOp 10', async function () { + if (g.skipLong()) this.skip() + + await g.addTestRow({ title: 'paymaster+postOp', count: 10, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'paymaster+postOp with diff', + count: 11, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/5-token-paymaster.gas.ts b/dependencies/account-abstraction/gascalc/5-token-paymaster.gas.ts new file mode 100644 index 00000000..b9505882 --- /dev/null +++ b/dependencies/account-abstraction/gascalc/5-token-paymaster.gas.ts @@ -0,0 +1,133 @@ +import { parseEther } from 'ethers/lib/utils' +import { + TestERC20__factory, TestOracle2__factory, + TestUniswap__factory, + TestWrappedNativeToken__factory, TokenPaymaster, + TokenPaymaster__factory +} from '../typechain' +import { ethers } from 'hardhat' +import { GasCheckCollector, GasChecker } from './GasChecker' +import { Create2Factory } from '../src/Create2Factory' +import { hexValue } from '@ethersproject/bytes' +import { + OracleHelper as OracleHelperNamespace, + UniswapHelper as UniswapHelperNamespace +} from '../typechain/contracts/samples/TokenPaymaster' +import { BigNumber } from 'ethers' +import { createAccountOwner } from '../test/testutils' +// const ethersSigner = ethers.provider.getSigner() + +context('Token Paymaster', function () { + this.timeout(60000) + const g = new GasChecker() + + let paymasterAddress: string + before(async () => { + await GasCheckCollector.init() + const globalSigner = ethers.provider.getSigner() + const create2Factory = new Create2Factory(ethers.provider, globalSigner) + + const ethersSigner = createAccountOwner() + await globalSigner.sendTransaction({ to: ethersSigner.getAddress(), value: parseEther('10') }) + + const minEntryPointBalance = 1e17.toString() + const initialPriceToken = 100000000 // USD per TOK + const initialPriceEther = 500000000 // USD per ETH + const priceDenominator = BigNumber.from(10).pow(26) + + const tokenInit = await new TestERC20__factory(ethersSigner).getDeployTransaction(6) + const tokenAddress = await create2Factory.deploy(tokenInit, 0) + const token = TestERC20__factory.connect(tokenAddress, ethersSigner) + + const wethInit = await new TestWrappedNativeToken__factory(ethersSigner).getDeployTransaction() + const wethAddress = await create2Factory.deploy(wethInit, 0) + const testUniswapInit = await new TestUniswap__factory(ethersSigner).getDeployTransaction(wethAddress) + const testUniswapAddress = await create2Factory.deploy(testUniswapInit, 0) + + const tokenPaymasterConfig: TokenPaymaster.TokenPaymasterConfigStruct = { + priceMaxAge: 86400, + refundPostopCost: 40000, + minEntryPointBalance, + priceMarkup: priceDenominator.mul(15).div(10) // +50% + } + + const nativeAssetOracleInit = await new TestOracle2__factory(ethersSigner).getDeployTransaction(initialPriceEther, 8) + const nativeAssetOracleAddress = await create2Factory.deploy(nativeAssetOracleInit, 0, 10_000_000) + const tokenOracleInit = await new TestOracle2__factory(ethersSigner).getDeployTransaction(initialPriceToken, 8) + const tokenOracleAddress = await create2Factory.deploy(tokenOracleInit, 0, 10_000_000) + + const oracleHelperConfig: OracleHelperNamespace.OracleHelperConfigStruct = { + cacheTimeToLive: 100000000, + maxOracleRoundAge: 0, + nativeOracle: nativeAssetOracleAddress, + nativeOracleReverse: false, + priceUpdateThreshold: priceDenominator.mul(2).div(10), // +20% + tokenOracle: tokenOracleAddress, + tokenOracleReverse: false, + tokenToNativeOracle: false + } + + const uniswapHelperConfig: UniswapHelperNamespace.UniswapHelperConfigStruct = { + minSwapAmount: 1, + slippage: 5, + uniswapPoolFee: 3 + } + + const owner = await ethersSigner.getAddress() + + const paymasterInit = hexValue(new TokenPaymaster__factory(ethersSigner).getDeployTransaction( + tokenAddress, + g.entryPoint().address, + wethAddress, + testUniswapAddress, + tokenPaymasterConfig, + oracleHelperConfig, + uniswapHelperConfig, + owner + ).data!) + paymasterAddress = await create2Factory.deploy(paymasterInit, 0) + const paymaster = TokenPaymaster__factory.connect(paymasterAddress, ethersSigner) + await paymaster.addStake(1, { value: 1 }) + await g.entryPoint().depositTo(paymaster.address, { value: parseEther('10') }) + await paymaster.updateCachedPrice(true) + await g.createAccounts1(11) + await token.sudoMint(await ethersSigner.getAddress(), parseEther('20')) + await token.transfer(paymaster.address, parseEther('0.1')) + for (const address of g.createdAccounts) { + await token.transfer(address, parseEther('1')) + await token.sudoApprove(address, paymaster.address, ethers.constants.MaxUint256) + } + + console.log('==addresses:', { + ethersSigner: await ethersSigner.getAddress(), + paymasterAddress, + nativeAssetOracleAddress, + tokenOracleAddress, + tokenAddress, + owner, + createdAccounts: g.createdAccounts + }) + }) + + it('token paymaster', async function () { + await g.addTestRow({ title: 'token paymaster', count: 1, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'token paymaster with diff', + count: 2, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) + + it('token paymaster 10', async function () { + if (g.skipLong()) this.skip() + + await g.addTestRow({ title: 'token paymaster', count: 10, paymaster: paymasterAddress, diffLastGas: false }) + await g.addTestRow({ + title: 'token paymaster with diff', + count: 11, + paymaster: paymasterAddress, + diffLastGas: true + }) + }) +}) diff --git a/dependencies/account-abstraction/gascalc/GasChecker.ts b/dependencies/account-abstraction/gascalc/GasChecker.ts new file mode 100644 index 00000000..45a21ff4 --- /dev/null +++ b/dependencies/account-abstraction/gascalc/GasChecker.ts @@ -0,0 +1,412 @@ +// calculate gas usage of different bundle sizes +import '../test/aa.init' +import { defaultAbiCoder, hexConcat, parseEther } from 'ethers/lib/utils' +import { + AddressZero, + checkForGeth, + createAddress, + createAccountOwner, + deployEntryPoint, decodeRevertReason +} from '../test/testutils' +import { + EntryPoint, EntryPoint__factory, SimpleAccountFactory, + SimpleAccountFactory__factory, SimpleAccount__factory +} from '../typechain' +import { BigNumberish, Wallet } from 'ethers' +import hre from 'hardhat' +import { fillSignAndPack, fillUserOp, packUserOp, signUserOp } from '../test/UserOp' +import { TransactionReceipt } from '@ethersproject/abstract-provider' +import { table, TableUserConfig } from 'table' +import { Create2Factory } from '../src/Create2Factory' +import * as fs from 'fs' +import { SimpleAccountInterface } from '../typechain/contracts/samples/SimpleAccount' +import { PackedUserOperation } from '../test/UserOperation' +import { expect } from 'chai' + +const gasCheckerLogFile = './reports/gas-checker.txt' + +const ethers = hre.ethers +const provider = hre.ethers.provider +let ethersSigner = provider.getSigner() +let lastGasUsed: number + +const minDepositOrBalance = parseEther('0.1') + +const getBalance = hre.ethers.provider.getBalance + +function range (n: number): number[] { + return Array(n).fill(0).map((val, index) => index) +} + +interface GasTestInfo { + title: string + diffLastGas: boolean + paymaster: string + count: number + // address, or 'random' or 'self' (for account itself) + dest: string + destValue: BigNumberish + destCallData: string + beneficiary: string + gasPrice: number +} + +export const DefaultGasTestInfo: Partial = { + dest: 'self', // destination is the account itself. + destValue: parseEther('0'), + destCallData: '0xb0d691fe', // entryPoint() + gasPrice: 10e9 +} + +interface GasTestResult { + title: string + count: number + gasUsed: number // actual gas used + accountEst: number // estimateGas of the inner transaction (from EP to account) + gasDiff?: number // different from last test's gas used + receipt?: TransactionReceipt +} + +/** + * singleton contract used by all GasChecker modules ("tests") + * init() static method - + * - create the singleton the first time (or return its existing instance) + * run + */ + +// gas estimate of the "execFromSingleton" methods +// we assume a given call signature has the same gas usage +// (TODO: the estimate also depends on contract code. for test purposes, assume each contract implementation has different method signature) +// at the end of the checks, we report the gas usage of all those method calls +const gasEstimatePerExec: { [key: string]: { title: string, accountEst: number } } = {} + +/** + * helper contract to generate gas test. + * see runTest() method for "test template" info + * override for different account implementation: + * - accountInitCode() - the constructor code + * - accountExec() the account execution method. + */ +export class GasChecker { + accounts: { [account: string]: Wallet } = {} + + accountOwner: Wallet + + accountInterface: SimpleAccountInterface + + constructor () { + this.accountOwner = createAccountOwner() + this.accountInterface = SimpleAccount__factory.createInterface() + void GasCheckCollector.init() + } + + // generate the "exec" calldata for this account + accountExec (dest: string, value: BigNumberish, data: string): string { + return this.accountInterface.encodeFunctionData('execute', [dest, value, data]) + } + + // generate the account "creation code" + accountInitCode (factory: SimpleAccountFactory, salt: BigNumberish): string { + return hexConcat([ + factory.address, + factory.interface.encodeFunctionData('createAccount', [this.accountOwner.address, salt]) + ]) + } + + createdAccounts = new Set() + + /** + * create accounts up to this counter. + * make sure they all have balance. + * do nothing for account already created + * @param count + */ + async createAccounts1 (count: number): Promise { + const create2Factory = new Create2Factory(this.entryPoint().provider) + const factoryAddress = await create2Factory.deploy( + hexConcat([ + SimpleAccountFactory__factory.bytecode, + defaultAbiCoder.encode(['address'], [this.entryPoint().address]) + ]), 0, 2885201) + console.log('factaddr', factoryAddress) + const fact = SimpleAccountFactory__factory.connect(factoryAddress, ethersSigner) + // create accounts + const creationOps: PackedUserOperation[] = [] + for (const n of range(count)) { + const salt = n + // const initCode = this.accountInitCode(fact, salt) + + const addr = await fact.getAddress(this.accountOwner.address, salt) + + if (!this.createdAccounts.has(addr)) { + // explicit call to fillUseROp with no "entryPoint", to make sure we manually fill everything and + // not attempt to fill from blockchain. + const op = signUserOp(await fillUserOp({ + sender: addr, + nonce: 0, + callGasLimit: 30000, + verificationGasLimit: 1000000, + // paymasterAndData: paymaster, + preVerificationGas: 1, + maxFeePerGas: 0 + }), this.accountOwner, this.entryPoint().address, await provider.getNetwork().then(net => net.chainId)) + creationOps.push(packUserOp(op)) + this.createdAccounts.add(addr) + } + + this.accounts[addr] = this.accountOwner + // deploy if not already deployed. + await fact.createAccount(this.accountOwner.address, salt) + const accountBalance = await GasCheckCollector.inst.entryPoint.balanceOf(addr) + if (accountBalance.lte(minDepositOrBalance)) { + await GasCheckCollector.inst.entryPoint.depositTo(addr, { value: minDepositOrBalance.mul(5) }) + } + } + await this.entryPoint().handleOps(creationOps, ethersSigner.getAddress()) + } + + /** + * helper: run a test scenario, and add a table row + * @param params - test parameters. missing values filled in from DefaultGasTestInfo + * note that 2 important params are methods: accountExec() and accountInitCode() + */ + async addTestRow (params: Partial): Promise { + await GasCheckCollector.init() + GasCheckCollector.inst.addRow(await this.runTest(params)) + } + + /** + * run a single test scenario + * @param params - test parameters. missing values filled in from DefaultGasTestInfo + * note that 2 important params are methods: accountExec() and accountInitCode() + */ + async runTest (params: Partial): Promise { + // eslint-disable-next-line @typescript-eslint/consistent-type-assertions + const info: GasTestInfo = { ...DefaultGasTestInfo, ...params } as GasTestInfo + + console.debug('== running test count=', info.count) + + // fill accounts up to this code. + await this.createAccounts1(info.count) + + let accountEst: number = 0 + const userOps = await Promise.all(range(info.count) + .map(index => Object.entries(this.accounts)[index]) + .map(async ([account, accountOwner]) => { + const paymaster = info.paymaster + + let { dest, destValue, destCallData } = info + if (dest === 'self') { + dest = account + } else if (dest === 'random') { + dest = createAddress() + const destBalance = await getBalance(dest) + if (destBalance.eq(0)) { + console.log('dest replenish', dest) + await ethersSigner.sendTransaction({ to: dest, value: 1 }) + } + } + const accountExecFromEntryPoint = this.accountExec(dest, destValue, destCallData) + + // remove the "dest" from the key to the saved estimations + // so we have a single estimation per method. + const estimateGasKey = this.accountExec(AddressZero, destValue, destCallData) + + let est = gasEstimatePerExec[estimateGasKey] + // technically, each UserOp needs estimate - but we know they are all the same for each test. + if (est == null) { + const accountEst = (await ethers.provider.estimateGas({ + from: GasCheckCollector.inst.entryPoint.address, + to: account, + data: accountExecFromEntryPoint + })).toNumber() + est = gasEstimatePerExec[estimateGasKey] = { accountEst, title: info.title } + } + // console.debug('== account est=', accountEst.toString()) + accountEst = est.accountEst + const op = await fillSignAndPack({ + sender: account, + callData: accountExecFromEntryPoint, + maxPriorityFeePerGas: info.gasPrice, + maxFeePerGas: info.gasPrice, + callGasLimit: accountEst, + verificationGasLimit: 1000000, + paymaster: paymaster, + paymasterVerificationGasLimit: 50000, + paymasterPostOpGasLimit: 50000, + preVerificationGas: 1 + }, accountOwner, GasCheckCollector.inst.entryPoint) + // const packed = packUserOp(op, false) + // console.log('== packed cost=', callDataCost(packed), packed) + return op + })) + + const txdata = GasCheckCollector.inst.entryPoint.interface.encodeFunctionData('handleOps', [userOps, info.beneficiary]) + console.log('=== encoded data=', txdata.length) + const gasEst = await GasCheckCollector.inst.entryPoint.estimateGas.handleOps( + userOps, info.beneficiary, {} + ).catch(e => { + const data = e.error?.data?.data ?? e.error?.data + if (data != null) { + const e1 = GasCheckCollector.inst.entryPoint.interface.parseError(data) + throw new Error(`${e1.name}(${e1.args?.toString()})`) + } + throw e + }) + const ret = await GasCheckCollector.inst.entryPoint.handleOps(userOps, info.beneficiary, { gasLimit: gasEst.mul(3).div(2) }) + const rcpt = await ret.wait() + const gasUsed = rcpt.gasUsed.toNumber() + const countSuccessOps = rcpt.events?.filter(e => e.event === 'UserOperationEvent' && e.args?.success).length + + rcpt.events?.filter(e => e.event?.match(/PostOpRevertReason|UserOperationRevertReason/)).find(e => { + // console.log(e.event, e.args) + throw new Error(`${e.event}(${decodeRevertReason(e.args?.revertReason)})`) + }) + // check for failure with no revert reason (e.g. OOG) + expect(countSuccessOps).to.eq(userOps.length, 'Some UserOps failed to execute (with no revert reason)') + + console.debug('count', info.count, 'gasUsed', gasUsed) + const gasDiff = gasUsed - lastGasUsed + if (info.diffLastGas) { + console.debug('\tgas diff=', gasDiff) + } + lastGasUsed = gasUsed + console.debug('handleOps tx.hash=', rcpt.transactionHash) + const ret1: GasTestResult = { + count: info.count, + gasUsed, + accountEst, + title: info.title + // receipt: rcpt + } + if (info.diffLastGas) { + ret1.gasDiff = gasDiff + } + console.debug(ret1) + return ret1 + } + + // helper methods to access the GasCheckCollector singleton + addRow (res: GasTestResult): void { + GasCheckCollector.inst.addRow(res) + } + + entryPoint (): EntryPoint { + return GasCheckCollector.inst.entryPoint + } + + skipLong (): boolean { + return process.env.SKIP_LONG != null + } +} + +export class GasCheckCollector { + static inst: GasCheckCollector + static initPromise?: Promise + + entryPoint: EntryPoint + + static async init (): Promise { + if (this.inst == null) { + if (this.initPromise == null) { + this.initPromise = new GasCheckCollector()._init() + } + this.inst = await this.initPromise + } + } + + async _init (entryPointAddressOrTest: string = 'test'): Promise { + console.log('signer=', await ethersSigner.getAddress()) + DefaultGasTestInfo.beneficiary = createAddress() + + const bal = await getBalance(ethersSigner.getAddress()) + if (bal.gt(parseEther('100000000'))) { + console.log('DONT use geth miner.. use account 2 instead') + await checkForGeth() + ethersSigner = ethers.provider.getSigner(2) + } + + if (entryPointAddressOrTest === 'test') { + this.entryPoint = await deployEntryPoint(provider) + } else { + this.entryPoint = EntryPoint__factory.connect(entryPointAddressOrTest, ethersSigner) + } + + const tableHeaders = [ + 'handleOps description ', + 'count', + 'total gasUsed', + 'per UserOp gas\n(delta for\none UserOp)', + // 'account.exec()\nestimateGas', + 'per UserOp overhead\n(compared to\naccount.exec())' + ] + + this.initTable(tableHeaders) + return this + } + + tableConfig: TableUserConfig + tabRows: any[] + + /** + * initialize our formatted table. + * each header define the width of the column, so make sure to pad with spaces + * (we stream the table, so can't learn the content length) + */ + initTable (tableHeaders: string[]): void { + console.log('inittable') + + // multiline header - check the length of the longest line. + // function columnWidth (header: string): number { + // return Math.max(...header.split('\n').map(s => s.length)) + // } + + this.tableConfig = { + columnDefault: { alignment: 'right' }, + columns: [{ alignment: 'left' }] + // columns: tableHeaders.map((header, index) => ({ + // alignment: index == 0 ? 'left' : 'right', + // width: columnWidth(header) + // })), + // columnCount: tableHeaders.length + } + this.tabRows = [tableHeaders] + } + + doneTable (): void { + fs.rmSync(gasCheckerLogFile, { force: true }) + const write = (s: string): void => { + console.log(s) + fs.appendFileSync(gasCheckerLogFile, s + '\n') + } + + write('== gas estimate of direct calling the account\'s "execute" method') + write(' the destination is "account.entryPoint()", which is known to be "hot" address used by this account') + write(' it little higher than EOA call: its an exec from entrypoint (or account owner) into account contract, verifying msg.sender and exec to target)') + + write(table(Object.values(gasEstimatePerExec).map((row) => [ + `gas estimate "${row.title}"`, row.accountEst + ]), this.tableConfig)) + + const tableOutput = table(this.tabRows, this.tableConfig) + write(tableOutput) + // process.exit(0) + } + + addRow (res: GasTestResult): void { + const gasUsed = res.gasDiff != null ? '' : res.gasUsed // hide "total gasUsed" if there is a diff + const perOp = res.gasDiff != null ? res.gasDiff - res.accountEst : '' + + this.tabRows.push([ + res.title, + res.count, + gasUsed, + res.gasDiff ?? '', + // res.accountEst, + perOp]) + } +} + +after(() => { + GasCheckCollector.inst.doneTable() +}) diff --git a/dependencies/account-abstraction/hardhat.config.ts b/dependencies/account-abstraction/hardhat.config.ts new file mode 100644 index 00000000..4c499c2e --- /dev/null +++ b/dependencies/account-abstraction/hardhat.config.ts @@ -0,0 +1,81 @@ +import '@nomiclabs/hardhat-waffle' +import '@typechain/hardhat' +import { HardhatUserConfig, task } from 'hardhat/config' +import 'hardhat-deploy' +import '@nomiclabs/hardhat-etherscan' + +import 'solidity-coverage' + +import * as fs from 'fs' + +const SALT = '0x90d8084deab30c2a37c45e8d47f49f2f7965183cb6990a98943ef94940681de3' +process.env.SALT = process.env.SALT ?? SALT + +task('deploy', 'Deploy contracts') + .addFlag('simpleAccountFactory', 'deploy sample factory (by default, enabled only on localhost)') + +const mnemonicFileName = process.env.MNEMONIC_FILE! +let mnemonic = 'test '.repeat(11) + 'junk' +if (fs.existsSync(mnemonicFileName)) { mnemonic = fs.readFileSync(mnemonicFileName, 'ascii') } + +function getNetwork1 (url: string): { url: string, accounts: { mnemonic: string } } { + return { + url, + accounts: { mnemonic } + } +} + +function getNetwork (name: string): { url: string, accounts: { mnemonic: string } } { + return getNetwork1(`https://${name}.infura.io/v3/${process.env.INFURA_ID}`) + // return getNetwork1(`wss://${name}.infura.io/ws/v3/${process.env.INFURA_ID}`) +} + +const optimizedComilerSettings = { + version: '0.8.23', + settings: { + optimizer: { enabled: true, runs: 1000000 }, + viaIR: true + } +} + +// You need to export an object to set up your config +// Go to https://hardhat.org/config/ to learn more + +const config: HardhatUserConfig = { + solidity: { + compilers: [{ + version: '0.8.23', + settings: { + optimizer: { enabled: true, runs: 1000000 } + } + }], + overrides: { + 'contracts/core/EntryPoint.sol': optimizedComilerSettings, + 'contracts/samples/SimpleAccount.sol': optimizedComilerSettings + } + }, + networks: { + dev: { url: 'http://localhost:8545' }, + // github action starts localgeth service, for gas calculations + localgeth: { url: 'http://localgeth:8545' }, + goerli: getNetwork('goerli'), + sepolia: getNetwork('sepolia'), + proxy: getNetwork1('http://localhost:8545') + }, + mocha: { + timeout: 10000 + }, + // @ts-ignore + etherscan: { + apiKey: process.env.ETHERSCAN_API_KEY + } + +} + +// coverage chokes on the "compilers" settings +if (process.env.COVERAGE != null) { + // @ts-ignore + config.solidity = config.solidity.compilers[0] +} + +export default config diff --git a/dependencies/account-abstraction/package.json b/dependencies/account-abstraction/package.json new file mode 100644 index 00000000..21f3550b --- /dev/null +++ b/dependencies/account-abstraction/package.json @@ -0,0 +1,71 @@ +{ + "name": "accountabstraction", + "version": "0.7.0", + "description": "ERC-4337 Account Abstraction Implementation", + "scripts": { + "clean": "rm -rf cache artifacts typechain typechain-types", + "compile": "./scripts/hh-wrapper compile", + "tsc": "tsc", + "lint": "yarn compile && yarn run lint:sol && yarn run lint:js ", + "lint:js": "eslint -f unix .", + "lint-fix": "eslint -f unix . --fix", + "lint:sol": "solhint -f unix \"contracts/**/*.sol\" --max-warnings 0", + "gas-calc": "./scripts/gascalc", + "mocha-gascalc": "TS_NODE_TRANSPILE_ONLY=1 npx ts-mocha --bail gascalc/*", + "test": "./scripts/hh-wrapper test", + "coverage": "COVERAGE=1 hardhat coverage", + "deploy": "./scripts/hh-wrapper deploy", + "test-dev": "hardhat test --network dev", + "ci": "yarn compile && hardhat test && yarn run runop", + "ci-gas-calc": "yarn gas-calc && yarn check-gas-reports", + "check-gas-reports": "./scripts/check-gas-reports", + "runop": "hardhat run src/runop.ts " + }, + "keywords": [], + "author": "", + "license": "ISC", + "devDependencies": { + "@nomicfoundation/hardhat-chai-matchers": "^1.0.6", + "@nomiclabs/hardhat-ethers": "^2.0.2", + "@nomiclabs/hardhat-waffle": "^2.0.1", + "@typechain/ethers-v5": "^10.1.0", + "@types/chai": "^4.2.21", + "@types/node": "^16.4.12", + "@typescript-eslint/eslint-plugin": "^5.30.5", + "@typescript-eslint/parser": "^5.30.5", + "@uniswap/v3-periphery": "^1.4.3", + "chai": "^4.3.4", + "eslint": "^8.19.0", + "eslint-config-standard": "^17.0.0", + "eslint-config-standard-with-typescript": "^21.0.1", + "eslint-plugin-import": "^2.26.0", + "eslint-plugin-node": "^11.1.0", + "eslint-plugin-promise": "^6.0.0", + "eslint-plugin-standard": "^5.0.0", + "ethereum-waffle": "^3.4.0", + "ethers": "^5.4.2", + "hardhat": "^2.17.2", + "solhint": "^3.3.7", + "ts-generator": "^0.1.1", + "ts-mocha": "^10.0.0", + "ts-node": "^10.1.0", + "typechain": "^8.1.0" + }, + "dependencies": { + "@nomiclabs/hardhat-etherscan": "^2.1.6", + "@openzeppelin/contracts": "^5.0.0", + "@thehubbleproject/bls": "^0.5.1", + "@typechain/hardhat": "^2.3.0", + "@types/debug": "^4.1.12", + "@types/mocha": "^9.0.0", + "debug": "^4.3.4", + "ethereumjs-util": "^7.1.0", + "ethereumjs-wallet": "^1.0.1", + "hardhat-deploy": "^0.11.23", + "hardhat-deploy-ethers": "^0.3.0-beta.11", + "solidity-coverage": "^0.8.4", + "source-map-support": "^0.5.19", + "table": "^6.8.0", + "typescript": "^4.3.5" + } +} diff --git a/dependencies/account-abstraction/reports/gas-checker.txt b/dependencies/account-abstraction/reports/gas-checker.txt new file mode 100644 index 00000000..692322bf --- /dev/null +++ b/dependencies/account-abstraction/reports/gas-checker.txt @@ -0,0 +1,55 @@ +== gas estimate of direct calling the account's "execute" method + the destination is "account.entryPoint()", which is known to be "hot" address used by this account + it little higher than EOA call: its an exec from entrypoint (or account owner) into account contract, verifying msg.sender and exec to target) +╔══════════════════════════╀════════╗ +β•‘ gas estimate "simple" β”‚ 28979 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ gas estimate "big tx 5k" β”‚ 125224 β•‘ +β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•§β•β•β•β•β•β•β•β•β• + +╔════════════════════════════════╀═══════╀═══════════════╀════════════════╀═════════════════════╗ +β•‘ handleOps description β”‚ count β”‚ total gasUsed β”‚ per UserOp gas β”‚ per UserOp overhead β•‘ +β•‘ β”‚ β”‚ β”‚ (delta for β”‚ (compared to β•‘ +β•‘ β”‚ β”‚ β”‚ one UserOp) β”‚ account.exec()) β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple β”‚ 1 β”‚ 79994 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple - diff from previous β”‚ 2 β”‚ β”‚ 42192 β”‚ 13213 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple β”‚ 10 β”‚ 459921 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple - diff from previous β”‚ 11 β”‚ β”‚ 42223 β”‚ 13244 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple paymaster β”‚ 1 β”‚ 86113 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple paymaster with diff β”‚ 2 β”‚ β”‚ 41024 β”‚ 12045 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple paymaster β”‚ 10 β”‚ 455444 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ simple paymaster with diff β”‚ 11 β”‚ β”‚ 41088 β”‚ 12109 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ big tx 5k β”‚ 1 β”‚ 181026 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ big tx - diff from previous β”‚ 2 β”‚ β”‚ 142714 β”‚ 17490 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ big tx 5k β”‚ 10 β”‚ 1465443 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ big tx - diff from previous β”‚ 11 β”‚ β”‚ 142686 β”‚ 17462 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ paymaster+postOp β”‚ 1 β”‚ 87712 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ paymaster+postOp with diff β”‚ 2 β”‚ β”‚ 42671 β”‚ 13692 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ paymaster+postOp β”‚ 10 β”‚ 471754 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ paymaster+postOp with diff β”‚ 11 β”‚ β”‚ 42728 β”‚ 13749 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ token paymaster β”‚ 1 β”‚ 128777 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ token paymaster with diff β”‚ 2 β”‚ β”‚ 66386 β”‚ 37407 β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ token paymaster β”‚ 10 β”‚ 726504 β”‚ β”‚ β•‘ +β•Ÿβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β•’ +β•‘ token paymaster with diff β”‚ 11 β”‚ β”‚ 66394 β”‚ 37415 β•‘ +β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•§β•β•β•β•β•β•β•β•§β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•§β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•§β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• + diff --git a/dependencies/account-abstraction/scripts/check-gas-reports b/dependencies/account-abstraction/scripts/check-gas-reports new file mode 100755 index 00000000..d0af47d1 --- /dev/null +++ b/dependencies/account-abstraction/scripts/check-gas-reports @@ -0,0 +1,17 @@ +#!/bin/bash +# make sure gas reports are checked in with this commit +# dump report diff +# exit with "1" if there is a diff, zero if no diff + +folder=${1:-reports} +git diff --color=always $folder +git diff ${folder} | grep -q . + +if [ "$?" == 1 ]; then + #diff with no error - ok + exit +else + echo ERROR: found above unchecked reports. + exit 1 +fi + diff --git a/dependencies/account-abstraction/scripts/docker-gascalc b/dependencies/account-abstraction/scripts/docker-gascalc new file mode 100755 index 00000000..05c0eb27 --- /dev/null +++ b/dependencies/account-abstraction/scripts/docker-gascalc @@ -0,0 +1,7 @@ +# run "yarn gas-calc" using geth with docker. +# (if you have geth running on localhost:8545, its faster with "HARDHAT_NETWORK=dev yarn gas-calc") +docker-compose -f `dirname $0`/docker-gascalc.yml up --abort-on-container-exit +exit=$? +docker-compose -f `dirname $0`/docker-gascalc.yml down +exit $exit + diff --git a/dependencies/account-abstraction/scripts/docker-gascalc.yml b/dependencies/account-abstraction/scripts/docker-gascalc.yml new file mode 100644 index 00000000..9dd3901f --- /dev/null +++ b/dependencies/account-abstraction/scripts/docker-gascalc.yml @@ -0,0 +1,20 @@ +version: '2' + +services: + test: + image: node:18 + container_name: gascalc + depends_on: + - localgeth + volumes: + - ..:/app + working_dir: /app + restart: "no" + environment: + - HARDHAT_NETWORK=localgeth + command: "yarn mocha-gascalc" + + #configuration is a copy of github/.workflows/build.xml + localgeth: + image: dtr22/geth-dev + container_name: localgeth diff --git a/dependencies/account-abstraction/scripts/gascalc b/dependencies/account-abstraction/scripts/gascalc new file mode 100755 index 00000000..b82f5327 --- /dev/null +++ b/dependencies/account-abstraction/scripts/gascalc @@ -0,0 +1,15 @@ +#!/bin/bash + +# run gascalc, assuming "geth" is running on localhost, port 8545 +cd `dirname $0`/.. +function getClientVersion() { + curl -m 1 -s -d '{"method":"web3_clientVersion","params":[],"id":1234,"jsonrpc":"2.0"}' -H content-type:application/json localhost:8545 +} + +if [[ `getClientVersion` =~ "Geth" ]]; then + echo Using GETH on localhost:8545 + HARDHAT_NETWORK=dev yarn mocha-gascalc +else + echo No GETH running on localhost:8545. Using docker.. + ./scripts/docker-gascalc +fi diff --git a/dependencies/account-abstraction/scripts/hh-wrapper b/dependencies/account-abstraction/scripts/hh-wrapper new file mode 100755 index 00000000..ada7d62d --- /dev/null +++ b/dependencies/account-abstraction/scripts/hh-wrapper @@ -0,0 +1,5 @@ +#!/bin/bash + +set -euo pipefail +export FORCE_COLOR=1 +hardhat "$@" 2>&1 | `dirname $0`/solcErrors diff --git a/dependencies/account-abstraction/scripts/postpack-contracts-package.sh b/dependencies/account-abstraction/scripts/postpack-contracts-package.sh new file mode 100755 index 00000000..6e1b2398 --- /dev/null +++ b/dependencies/account-abstraction/scripts/postpack-contracts-package.sh @@ -0,0 +1,6 @@ +#!/bin/bash -xe +#echo postpack for "contracts" package +cd `dirname $0`/.. +pwd +rm -rf contracts/artifacts + diff --git a/dependencies/account-abstraction/scripts/prepack-contracts-package.sh b/dependencies/account-abstraction/scripts/prepack-contracts-package.sh new file mode 100755 index 00000000..eac8c94b --- /dev/null +++ b/dependencies/account-abstraction/scripts/prepack-contracts-package.sh @@ -0,0 +1,17 @@ +#!/bin/bash -xe +#echo prepack for "contracts" package + +cd `dirname $0`/.. +pwd +if git status contracts | grep -v 'nothing to commit'|tee /dev/stderr |grep -q Untracked; then + exit 1 +fi + +yarn clean +yarn compile +cd contracts + +rm -rf artifacts + +mkdir -p artifacts +cp `find ../artifacts/contracts -type f | grep -v -E 'test|Test|dbg|bls|IOracle'` artifacts/ diff --git a/dependencies/account-abstraction/scripts/sample-script.js b/dependencies/account-abstraction/scripts/sample-script.js new file mode 100644 index 00000000..a2885d53 --- /dev/null +++ b/dependencies/account-abstraction/scripts/sample-script.js @@ -0,0 +1,32 @@ +// We require the Hardhat Runtime Environment explicitly here. This is optional +// but useful for running the script in a standalone fashion through `node