waku-rlnv1-contract/deployments/sepolia/solcInputs/bf11e211dd7ba18a896878fe0745e254.json

{
  "language": "Solidity",
  "sources": {
    "contracts/WakuRln.sol": {
      "content": "// SPDX-License-Identifier: MIT\npragma solidity 0.8.15;\n\nimport {IPoseidonHasher} from \"rln-contract/PoseidonHasher.sol\";\nimport {RlnBase, DuplicateIdCommitment, FullTree, InvalidIdCommitment} from \"rln-contract/RlnBase.sol\";\nimport {Ownable} from \"openzeppelin-contracts/contracts/access/Ownable.sol\";\n\nerror NotImplemented();\n\ncontract WakuRln is Ownable, RlnBase {\n    uint16 public immutable contractIndex;\n\n    constructor(address _poseidonHasher, uint16 _contractIndex) Ownable() RlnBase(0, 20, _poseidonHasher, address(0)) {\n        contractIndex = _contractIndex;\n    }\n\n    /// Registers a member\n    /// @param idCommitment The idCommitment of the member\n    function _register(uint256 idCommitment) internal {\n        _validateRegistration(idCommitment);\n\n        members[idCommitment] = 1;\n\n        emit MemberRegistered(idCommitment, idCommitmentIndex);\n        idCommitmentIndex += 1;\n    }\n\n    function register(uint256[] calldata idCommitments) external onlyOwner {\n        uint256 len = idCommitments.length;\n        for (uint256 i = 0; i < len;) {\n            _register(idCommitments[i]);\n            unchecked {\n                ++i;\n            }\n        }\n    }\n\n    function register(uint256 idCommitment) external payable override {\n        revert NotImplemented();\n    }\n\n    function slash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof) external pure override {\n        revert NotImplemented();\n    }\n\n    function _validateRegistration(uint256 idCommitment) internal view override {\n        if (!isValidCommitment(idCommitment)) revert InvalidIdCommitment(idCommitment);\n        if (members[idCommitment] != 0) revert DuplicateIdCommitment();\n        if (idCommitmentIndex >= SET_SIZE) revert FullTree();\n    }\n\n    function _validateSlash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof)\n        internal\n        pure\n        override\n    {\n        revert NotImplemented();\n    }\n\n    function withdraw() external pure override {\n        revert NotImplemented();\n    }\n}\n"
    },
    "contracts/WakuRlnRegistry.sol": {
      "content": "// SPDX-License-Identifier: MIT\npragma solidity 0.8.15;\n\nimport {WakuRln} from \"./WakuRln.sol\";\nimport {IPoseidonHasher} from \"rln-contract/PoseidonHasher.sol\";\nimport {UUPSUpgradeable} from \"openzeppelin-contracts/contracts/proxy/utils/UUPSUpgradeable.sol\";\nimport {OwnableUpgradeable} from \"openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol\";\nimport {ERC1967Proxy} from \"openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol\";\n\nerror StorageAlreadyExists(address storageAddress);\nerror NoStorageContractAvailable();\nerror IncompatibleStorage();\nerror IncompatibleStorageIndex();\n\ncontract WakuRlnRegistry is OwnableUpgradeable, UUPSUpgradeable {\n    uint16 public nextStorageIndex;\n    mapping(uint16 => address) public storages;\n\n    uint16 public usingStorageIndex = 0;\n\n    IPoseidonHasher public poseidonHasher;\n\n    event NewStorageContract(uint16 index, address storageAddress);\n\n    modifier onlyUsableStorage() {\n        if (usingStorageIndex >= nextStorageIndex) revert NoStorageContractAvailable();\n        _;\n    }\n\n    function initialize(address _poseidonHasher) external initializer {\n        poseidonHasher = IPoseidonHasher(_poseidonHasher);\n        __Ownable_init();\n    }\n\n    function _authorizeUpgrade(address newImplementation) internal override onlyOwner {}\n\n    function _insertIntoStorageMap(address storageAddress) internal {\n        storages[nextStorageIndex] = storageAddress;\n        emit NewStorageContract(nextStorageIndex, storageAddress);\n        nextStorageIndex += 1;\n    }\n\n    function registerStorage(address storageAddress) external onlyOwner {\n        if (storages[nextStorageIndex] != address(0)) revert StorageAlreadyExists(storageAddress);\n        WakuRln wakuRln = WakuRln(storageAddress);\n        if (wakuRln.poseidonHasher() != poseidonHasher) revert IncompatibleStorage();\n        if (wakuRln.contractIndex() != nextStorageIndex) revert IncompatibleStorageIndex();\n        _insertIntoStorageMap(storageAddress);\n    }\n\n    function newStorage() external onlyOwner {\n        WakuRln newStorageContract = new WakuRln(address(poseidonHasher), nextStorageIndex);\n        _insertIntoStorageMap(address(newStorageContract));\n    }\n\n    function register(uint256[] calldata commitments) external onlyUsableStorage {\n        // iteratively check if the storage contract is full, and increment the usingStorageIndex if it is\n        while (true) {\n            try WakuRln(storages[usingStorageIndex]).register(commitments) {\n                break;\n            } catch (bytes memory err) {\n                if (keccak256(err) != keccak256(abi.encodeWithSignature(\"FullTree()\"))) {\n                    assembly {\n                        revert(add(32, err), mload(err))\n                    }\n                    // when there are no further storage contracts available, revert\n                } else if (usingStorageIndex + 1 >= nextStorageIndex) {\n                    revert NoStorageContractAvailable();\n                }\n                usingStorageIndex += 1;\n            }\n        }\n    }\n\n    function register(uint16 storageIndex, uint256[] calldata commitments) external {\n        if (storageIndex >= nextStorageIndex) revert NoStorageContractAvailable();\n        WakuRln(storages[storageIndex]).register(commitments);\n    }\n\n    function register(uint16 storageIndex, uint256 commitment) external {\n        if (storageIndex >= nextStorageIndex) revert NoStorageContractAvailable();\n        // optimize the gas used below\n        uint256[] memory commitments = new uint256[](1);\n        commitments[0] = commitment;\n        WakuRln(storages[storageIndex]).register(commitments);\n    }\n\n    function forceProgress() external onlyOwner onlyUsableStorage {\n        if (storages[usingStorageIndex + 1] == address(0)) revert NoStorageContractAvailable();\n        usingStorageIndex += 1;\n    }\n}\n"
    },
    "lib/openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n    address private _owner;\n\n    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n    /**\n     * @dev Initializes the contract setting the deployer as the initial owner.\n     */\n    function __Ownable_init() internal onlyInitializing {\n        __Ownable_init_unchained();\n    }\n\n    function __Ownable_init_unchained() internal onlyInitializing {\n        _transferOwnership(_msgSender());\n    }\n\n    /**\n     * @dev Throws if called by any account other than the owner.\n     */\n    modifier onlyOwner() {\n        _checkOwner();\n        _;\n    }\n\n    /**\n     * @dev Returns the address of the current owner.\n     */\n    function owner() public view virtual returns (address) {\n        return _owner;\n    }\n\n    /**\n     * @dev Throws if the sender is not the owner.\n     */\n    function _checkOwner() internal view virtual {\n        require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n    }\n\n    /**\n     * @dev Leaves the contract without owner. It will not be possible to call\n     * `onlyOwner` functions. Can only be called by the current owner.\n     *\n     * NOTE: Renouncing ownership will leave the contract without an owner,\n     * thereby disabling any functionality that is only available to the owner.\n     */\n    function renounceOwnership() public virtual onlyOwner {\n        _transferOwnership(address(0));\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Can only be called by the current owner.\n     */\n    function transferOwnership(address newOwner) public virtual onlyOwner {\n        require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n        _transferOwnership(newOwner);\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Internal function without access restriction.\n     */\n    function _transferOwnership(address newOwner) internal virtual {\n        address oldOwner = _owner;\n        _owner = newOwner;\n        emit OwnershipTransferred(oldOwner, newOwner);\n    }\n\n    /**\n     * @dev This empty reserved space is put in place to allow future versions to add new\n     * variables without shifting down storage in the inheritance chain.\n     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n     */\n    uint256[49] private __gap;\n}\n"
    },
    "lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n *     function initialize() initializer public {\n *         __ERC20_init(\"MyToken\", \"MTK\");\n *     }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n *     function initializeV2() reinitializer(2) public {\n *         __ERC20Permit_init(\"MyToken\");\n *     }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n *     _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n    /**\n     * @dev Indicates that the contract has been initialized.\n     * @custom:oz-retyped-from bool\n     */\n    uint8 private _initialized;\n\n    /**\n     * @dev Indicates that the contract is in the process of being initialized.\n     */\n    bool private _initializing;\n\n    /**\n     * @dev Triggered when the contract has been initialized or reinitialized.\n     */\n    event Initialized(uint8 version);\n\n    /**\n     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n     * `onlyInitializing` functions can be used to initialize parent contracts.\n     *\n     * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n     * constructor.\n     *\n     * Emits an {Initialized} event.\n     */\n    modifier initializer() {\n        bool isTopLevelCall = !_initializing;\n        require(\n            (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n            \"Initializable: contract is already initialized\"\n        );\n        _initialized = 1;\n        if (isTopLevelCall) {\n            _initializing = true;\n        }\n        _;\n        if (isTopLevelCall) {\n            _initializing = false;\n            emit Initialized(1);\n        }\n    }\n\n    /**\n     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n     * used to initialize parent contracts.\n     *\n     * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n     * are added through upgrades and that require initialization.\n     *\n     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n     * cannot be nested. If one is invoked in the context of another, execution will revert.\n     *\n     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n     * a contract, executing them in the right order is up to the developer or operator.\n     *\n     * WARNING: setting the version to 255 will prevent any future reinitialization.\n     *\n     * Emits an {Initialized} event.\n     */\n    modifier reinitializer(uint8 version) {\n        require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n        _initialized = version;\n        _initializing = true;\n        _;\n        _initializing = false;\n        emit Initialized(version);\n    }\n\n    /**\n     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n     * {initializer} and {reinitializer} modifiers, directly or indirectly.\n     */\n    modifier onlyInitializing() {\n        require(_initializing, \"Initializable: contract is not initializing\");\n        _;\n    }\n\n    /**\n     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n     * through proxies.\n     *\n     * Emits an {Initialized} event the first time it is successfully executed.\n     */\n    function _disableInitializers() internal virtual {\n        require(!_initializing, \"Initializable: contract is initializing\");\n        if (_initialized != type(uint8).max) {\n            _initialized = type(uint8).max;\n            emit Initialized(type(uint8).max);\n        }\n    }\n\n    /**\n     * @dev Returns the highest version that has been initialized. See {reinitializer}.\n     */\n    function _getInitializedVersion() internal view returns (uint8) {\n        return _initialized;\n    }\n\n    /**\n     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n     */\n    function _isInitializing() internal view returns (bool) {\n        return _initializing;\n    }\n}\n"
    },
    "lib/openzeppelin-contracts-upgradeable/contracts/utils/AddressUpgradeable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n    /**\n     * @dev Returns true if `account` is a contract.\n     *\n     * [IMPORTANT]\n     * ====\n     * It is unsafe to assume that an address for which this function returns\n     * false is an externally-owned account (EOA) and not a contract.\n     *\n     * Among others, `isContract` will return false for the following\n     * types of addresses:\n     *\n     *  - an externally-owned account\n     *  - a contract in construction\n     *  - an address where a contract will be created\n     *  - an address where a contract lived, but was destroyed\n     *\n     * Furthermore, `isContract` will also return true if the target contract within\n     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n     * which only has an effect at the end of a transaction.\n     * ====\n     *\n     * [IMPORTANT]\n     * ====\n     * You shouldn't rely on `isContract` to protect against flash loan attacks!\n     *\n     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n     * constructor.\n     * ====\n     */\n    function isContract(address account) internal view returns (bool) {\n        // This method relies on extcodesize/address.code.length, which returns 0\n        // for contracts in construction, since the code is only stored at the end\n        // of the constructor execution.\n\n        return account.code.length > 0;\n    }\n\n    /**\n     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n     * `recipient`, forwarding all available gas and reverting on errors.\n     *\n     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n     * of certain opcodes, possibly making contracts go over the 2300 gas limit\n     * imposed by `transfer`, making them unable to receive funds via\n     * `transfer`. {sendValue} removes this limitation.\n     *\n     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n     *\n     * IMPORTANT: because control is transferred to `recipient`, care must be\n     * taken to not create reentrancy vulnerabilities. Consider using\n     * {ReentrancyGuard} or the\n     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n     */\n    function sendValue(address payable recipient, uint256 amount) internal {\n        require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n        (bool success, ) = recipient.call{value: amount}(\"\");\n        require(success, \"Address: unable to send value, recipient may have reverted\");\n    }\n\n    /**\n     * @dev Performs a Solidity function call using a low level `call`. A\n     * plain `call` is an unsafe replacement for a function call: use this\n     * function instead.\n     *\n     * If `target` reverts with a revert reason, it is bubbled up by this\n     * function (like regular Solidity function calls).\n     *\n     * Returns the raw returned data. To convert to the expected return value,\n     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n     *\n     * Requirements:\n     *\n     * - `target` must be a contract.\n     * - calling `target` with `data` must not revert.\n     *\n     * _Available since v3.1._\n     */\n    function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n     * `errorMessage` as a fallback revert reason when `target` reverts.\n     *\n     * _Available since v3.1._\n     */\n    function functionCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, 0, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but also transferring `value` wei to `target`.\n     *\n     * Requirements:\n     *\n     * - the calling contract must have an ETH balance of at least `value`.\n     * - the called Solidity function must be `payable`.\n     *\n     * _Available since v3.1._\n     */\n    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n     * with `errorMessage` as a fallback revert reason when `target` reverts.\n     *\n     * _Available since v3.1._\n     */\n    function functionCallWithValue(\n        address target,\n        bytes memory data,\n        uint256 value,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        require(address(this).balance >= value, \"Address: insufficient balance for call\");\n        (bool success, bytes memory returndata) = target.call{value: value}(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a static call.\n     *\n     * _Available since v3.3._\n     */\n    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n        return functionStaticCall(target, data, \"Address: low-level static call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n     * but performing a static call.\n     *\n     * _Available since v3.3._\n     */\n    function functionStaticCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal view returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.staticcall(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a delegate call.\n     *\n     * _Available since v3.4._\n     */\n    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n        return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n     * but performing a delegate call.\n     *\n     * _Available since v3.4._\n     */\n    function functionDelegateCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.delegatecall(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n     *\n     * _Available since v4.8._\n     */\n    function verifyCallResultFromTarget(\n        address target,\n        bool success,\n        bytes memory returndata,\n        string memory errorMessage\n    ) internal view returns (bytes memory) {\n        if (success) {\n            if (returndata.length == 0) {\n                // only check isContract if the call was successful and the return data is empty\n                // otherwise we already know that it was a contract\n                require(isContract(target), \"Address: call to non-contract\");\n            }\n            return returndata;\n        } else {\n            _revert(returndata, errorMessage);\n        }\n    }\n\n    /**\n     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n     * revert reason or using the provided one.\n     *\n     * _Available since v4.3._\n     */\n    function verifyCallResult(\n        bool success,\n        bytes memory returndata,\n        string memory errorMessage\n    ) internal pure returns (bytes memory) {\n        if (success) {\n            return returndata;\n        } else {\n            _revert(returndata, errorMessage);\n        }\n    }\n\n    function _revert(bytes memory returndata, string memory errorMessage) private pure {\n        // Look for revert reason and bubble it up if present\n        if (returndata.length > 0) {\n            // The easiest way to bubble the revert reason is using memory via assembly\n            /// @solidity memory-safe-assembly\n            assembly {\n                let returndata_size := mload(returndata)\n                revert(add(32, returndata), returndata_size)\n            }\n        } else {\n            revert(errorMessage);\n        }\n    }\n}\n"
    },
    "lib/openzeppelin-contracts-upgradeable/contracts/utils/ContextUpgradeable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n    function __Context_init() internal onlyInitializing {\n    }\n\n    function __Context_init_unchained() internal onlyInitializing {\n    }\n    function _msgSender() internal view virtual returns (address) {\n        return msg.sender;\n    }\n\n    function _msgData() internal view virtual returns (bytes calldata) {\n        return msg.data;\n    }\n\n    /**\n     * @dev This empty reserved space is put in place to allow future versions to add new\n     * variables without shifting down storage in the inheritance chain.\n     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n     */\n    uint256[50] private __gap;\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/access/Ownable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n    address private _owner;\n\n    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n    /**\n     * @dev Initializes the contract setting the deployer as the initial owner.\n     */\n    constructor() {\n        _transferOwnership(_msgSender());\n    }\n\n    /**\n     * @dev Throws if called by any account other than the owner.\n     */\n    modifier onlyOwner() {\n        _checkOwner();\n        _;\n    }\n\n    /**\n     * @dev Returns the address of the current owner.\n     */\n    function owner() public view virtual returns (address) {\n        return _owner;\n    }\n\n    /**\n     * @dev Throws if the sender is not the owner.\n     */\n    function _checkOwner() internal view virtual {\n        require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n    }\n\n    /**\n     * @dev Leaves the contract without owner. It will not be possible to call\n     * `onlyOwner` functions. Can only be called by the current owner.\n     *\n     * NOTE: Renouncing ownership will leave the contract without an owner,\n     * thereby disabling any functionality that is only available to the owner.\n     */\n    function renounceOwnership() public virtual onlyOwner {\n        _transferOwnership(address(0));\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Can only be called by the current owner.\n     */\n    function transferOwnership(address newOwner) public virtual onlyOwner {\n        require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n        _transferOwnership(newOwner);\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Internal function without access restriction.\n     */\n    function _transferOwnership(address newOwner) internal virtual {\n        address oldOwner = _owner;\n        _owner = newOwner;\n        emit OwnershipTransferred(oldOwner, newOwner);\n    }\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/interfaces/draft-IERC1822.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822Proxiable {\n    /**\n     * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n     * address.\n     *\n     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n     * function revert if invoked through a proxy.\n     */\n    function proxiableUUID() external view returns (bytes32);\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/interfaces/IERC1967.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967 {\n    /**\n     * @dev Emitted when the implementation is upgraded.\n     */\n    event Upgraded(address indexed implementation);\n\n    /**\n     * @dev Emitted when the admin account has changed.\n     */\n    event AdminChanged(address previousAdmin, address newAdmin);\n\n    /**\n     * @dev Emitted when the beacon is changed.\n     */\n    event BeaconUpgraded(address indexed beacon);\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/proxy/beacon/IBeacon.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeacon {\n    /**\n     * @dev Must return an address that can be used as a delegate call target.\n     *\n     * {BeaconProxy} will check that this address is a contract.\n     */\n    function implementation() external view returns (address);\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Proxy.sol\";\nimport \"./ERC1967Upgrade.sol\";\n\n/**\n * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an\n * implementation address that can be changed. This address is stored in storage in the location specified by\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the\n * implementation behind the proxy.\n */\ncontract ERC1967Proxy is Proxy, ERC1967Upgrade {\n    /**\n     * @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.\n     *\n     * If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded\n     * function call, and allows initializing the storage of the proxy like a Solidity constructor.\n     */\n    constructor(address _logic, bytes memory _data) payable {\n        _upgradeToAndCall(_logic, _data, false);\n    }\n\n    /**\n     * @dev Returns the current implementation address.\n     */\n    function _implementation() internal view virtual override returns (address impl) {\n        return ERC1967Upgrade._getImplementation();\n    }\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Upgrade.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeacon.sol\";\nimport \"../../interfaces/IERC1967.sol\";\nimport \"../../interfaces/draft-IERC1822.sol\";\nimport \"../../utils/Address.sol\";\nimport \"../../utils/StorageSlot.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967Upgrade is IERC1967 {\n    // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n    bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n    /**\n     * @dev Storage slot with the address of the current implementation.\n     * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n     * validated in the constructor.\n     */\n    bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n    /**\n     * @dev Returns the current implementation address.\n     */\n    function _getImplementation() internal view returns (address) {\n        return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new address in the EIP1967 implementation slot.\n     */\n    function _setImplementation(address newImplementation) private {\n        require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n        StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n    }\n\n    /**\n     * @dev Perform implementation upgrade\n     *\n     * Emits an {Upgraded} event.\n     */\n    function _upgradeTo(address newImplementation) internal {\n        _setImplementation(newImplementation);\n        emit Upgraded(newImplementation);\n    }\n\n    /**\n     * @dev Perform implementation upgrade with additional setup call.\n     *\n     * Emits an {Upgraded} event.\n     */\n    function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n        _upgradeTo(newImplementation);\n        if (data.length > 0 || forceCall) {\n            Address.functionDelegateCall(newImplementation, data);\n        }\n    }\n\n    /**\n     * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n     *\n     * Emits an {Upgraded} event.\n     */\n    function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n        // Upgrades from old implementations will perform a rollback test. This test requires the new\n        // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n        // this special case will break upgrade paths from old UUPS implementation to new ones.\n        if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {\n            _setImplementation(newImplementation);\n        } else {\n            try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n                require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n            } catch {\n                revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n            }\n            _upgradeToAndCall(newImplementation, data, forceCall);\n        }\n    }\n\n    /**\n     * @dev Storage slot with the admin of the contract.\n     * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n     * validated in the constructor.\n     */\n    bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n    /**\n     * @dev Returns the current admin.\n     */\n    function _getAdmin() internal view returns (address) {\n        return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new address in the EIP1967 admin slot.\n     */\n    function _setAdmin(address newAdmin) private {\n        require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n        StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n    }\n\n    /**\n     * @dev Changes the admin of the proxy.\n     *\n     * Emits an {AdminChanged} event.\n     */\n    function _changeAdmin(address newAdmin) internal {\n        emit AdminChanged(_getAdmin(), newAdmin);\n        _setAdmin(newAdmin);\n    }\n\n    /**\n     * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n     * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n     */\n    bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n    /**\n     * @dev Returns the current beacon.\n     */\n    function _getBeacon() internal view returns (address) {\n        return StorageSlot.getAddressSlot(_BEACON_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new beacon in the EIP1967 beacon slot.\n     */\n    function _setBeacon(address newBeacon) private {\n        require(Address.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n        require(\n            Address.isContract(IBeacon(newBeacon).implementation()),\n            \"ERC1967: beacon implementation is not a contract\"\n        );\n        StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n    }\n\n    /**\n     * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n     * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n     *\n     * Emits a {BeaconUpgraded} event.\n     */\n    function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n        _setBeacon(newBeacon);\n        emit BeaconUpgraded(newBeacon);\n        if (data.length > 0 || forceCall) {\n            Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);\n        }\n    }\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/proxy/Proxy.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM\n * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to\n * be specified by overriding the virtual {_implementation} function.\n *\n * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a\n * different contract through the {_delegate} function.\n *\n * The success and return data of the delegated call will be returned back to the caller of the proxy.\n */\nabstract contract Proxy {\n    /**\n     * @dev Delegates the current call to `implementation`.\n     *\n     * This function does not return to its internal call site, it will return directly to the external caller.\n     */\n    function _delegate(address implementation) internal virtual {\n        assembly {\n            // Copy msg.data. We take full control of memory in this inline assembly\n            // block because it will not return to Solidity code. We overwrite the\n            // Solidity scratch pad at memory position 0.\n            calldatacopy(0, 0, calldatasize())\n\n            // Call the implementation.\n            // out and outsize are 0 because we don't know the size yet.\n            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)\n\n            // Copy the returned data.\n            returndatacopy(0, 0, returndatasize())\n\n            switch result\n            // delegatecall returns 0 on error.\n            case 0 {\n                revert(0, returndatasize())\n            }\n            default {\n                return(0, returndatasize())\n            }\n        }\n    }\n\n    /**\n     * @dev This is a virtual function that should be overridden so it returns the address to which the fallback function\n     * and {_fallback} should delegate.\n     */\n    function _implementation() internal view virtual returns (address);\n\n    /**\n     * @dev Delegates the current call to the address returned by `_implementation()`.\n     *\n     * This function does not return to its internal call site, it will return directly to the external caller.\n     */\n    function _fallback() internal virtual {\n        _beforeFallback();\n        _delegate(_implementation());\n    }\n\n    /**\n     * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other\n     * function in the contract matches the call data.\n     */\n    fallback() external payable virtual {\n        _fallback();\n    }\n\n    /**\n     * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data\n     * is empty.\n     */\n    receive() external payable virtual {\n        _fallback();\n    }\n\n    /**\n     * @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`\n     * call, or as part of the Solidity `fallback` or `receive` functions.\n     *\n     * If overridden should call `super._beforeFallback()`.\n     */\n    function _beforeFallback() internal virtual {}\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/proxy/utils/UUPSUpgradeable.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822.sol\";\nimport \"../ERC1967/ERC1967Upgrade.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is IERC1822Proxiable, ERC1967Upgrade {\n    /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n    address private immutable __self = address(this);\n\n    /**\n     * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n     * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n     * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n     * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n     * fail.\n     */\n    modifier onlyProxy() {\n        require(address(this) != __self, \"Function must be called through delegatecall\");\n        require(_getImplementation() == __self, \"Function must be called through active proxy\");\n        _;\n    }\n\n    /**\n     * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n     * callable on the implementing contract but not through proxies.\n     */\n    modifier notDelegated() {\n        require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n        _;\n    }\n\n    /**\n     * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n     * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n     *\n     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n     * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n     */\n    function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n        return _IMPLEMENTATION_SLOT;\n    }\n\n    /**\n     * @dev Upgrade the implementation of the proxy to `newImplementation`.\n     *\n     * Calls {_authorizeUpgrade}.\n     *\n     * Emits an {Upgraded} event.\n     *\n     * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n     */\n    function upgradeTo(address newImplementation) public virtual onlyProxy {\n        _authorizeUpgrade(newImplementation);\n        _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n    }\n\n    /**\n     * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n     * encoded in `data`.\n     *\n     * Calls {_authorizeUpgrade}.\n     *\n     * Emits an {Upgraded} event.\n     *\n     * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n     */\n    function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n        _authorizeUpgrade(newImplementation);\n        _upgradeToAndCallUUPS(newImplementation, data, true);\n    }\n\n    /**\n     * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n     * {upgradeTo} and {upgradeToAndCall}.\n     *\n     * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n     *\n     * ```solidity\n     * function _authorizeUpgrade(address) internal override onlyOwner {}\n     * ```\n     */\n    function _authorizeUpgrade(address newImplementation) internal virtual;\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/utils/Address.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n    /**\n     * @dev Returns true if `account` is a contract.\n     *\n     * [IMPORTANT]\n     * ====\n     * It is unsafe to assume that an address for which this function returns\n     * false is an externally-owned account (EOA) and not a contract.\n     *\n     * Among others, `isContract` will return false for the following\n     * types of addresses:\n     *\n     *  - an externally-owned account\n     *  - a contract in construction\n     *  - an address where a contract will be created\n     *  - an address where a contract lived, but was destroyed\n     *\n     * Furthermore, `isContract` will also return true if the target contract within\n     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n     * which only has an effect at the end of a transaction.\n     * ====\n     *\n     * [IMPORTANT]\n     * ====\n     * You shouldn't rely on `isContract` to protect against flash loan attacks!\n     *\n     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n     * constructor.\n     * ====\n     */\n    function isContract(address account) internal view returns (bool) {\n        // This method relies on extcodesize/address.code.length, which returns 0\n        // for contracts in construction, since the code is only stored at the end\n        // of the constructor execution.\n\n        return account.code.length > 0;\n    }\n\n    /**\n     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n     * `recipient`, forwarding all available gas and reverting on errors.\n     *\n     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n     * of certain opcodes, possibly making contracts go over the 2300 gas limit\n     * imposed by `transfer`, making them unable to receive funds via\n     * `transfer`. {sendValue} removes this limitation.\n     *\n     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n     *\n     * IMPORTANT: because control is transferred to `recipient`, care must be\n     * taken to not create reentrancy vulnerabilities. Consider using\n     * {ReentrancyGuard} or the\n     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n     */\n    function sendValue(address payable recipient, uint256 amount) internal {\n        require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n        (bool success, ) = recipient.call{value: amount}(\"\");\n        require(success, \"Address: unable to send value, recipient may have reverted\");\n    }\n\n    /**\n     * @dev Performs a Solidity function call using a low level `call`. A\n     * plain `call` is an unsafe replacement for a function call: use this\n     * function instead.\n     *\n     * If `target` reverts with a revert reason, it is bubbled up by this\n     * function (like regular Solidity function calls).\n     *\n     * Returns the raw returned data. To convert to the expected return value,\n     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n     *\n     * Requirements:\n     *\n     * - `target` must be a contract.\n     * - calling `target` with `data` must not revert.\n     *\n     * _Available since v3.1._\n     */\n    function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n     * `errorMessage` as a fallback revert reason when `target` reverts.\n     *\n     * _Available since v3.1._\n     */\n    function functionCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, 0, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but also transferring `value` wei to `target`.\n     *\n     * Requirements:\n     *\n     * - the calling contract must have an ETH balance of at least `value`.\n     * - the called Solidity function must be `payable`.\n     *\n     * _Available since v3.1._\n     */\n    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n     * with `errorMessage` as a fallback revert reason when `target` reverts.\n     *\n     * _Available since v3.1._\n     */\n    function functionCallWithValue(\n        address target,\n        bytes memory data,\n        uint256 value,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        require(address(this).balance >= value, \"Address: insufficient balance for call\");\n        (bool success, bytes memory returndata) = target.call{value: value}(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a static call.\n     *\n     * _Available since v3.3._\n     */\n    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n        return functionStaticCall(target, data, \"Address: low-level static call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n     * but performing a static call.\n     *\n     * _Available since v3.3._\n     */\n    function functionStaticCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal view returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.staticcall(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a delegate call.\n     *\n     * _Available since v3.4._\n     */\n    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n        return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n     * but performing a delegate call.\n     *\n     * _Available since v3.4._\n     */\n    function functionDelegateCall(\n        address target,\n        bytes memory data,\n        string memory errorMessage\n    ) internal returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.delegatecall(data);\n        return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n    }\n\n    /**\n     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n     *\n     * _Available since v4.8._\n     */\n    function verifyCallResultFromTarget(\n        address target,\n        bool success,\n        bytes memory returndata,\n        string memory errorMessage\n    ) internal view returns (bytes memory) {\n        if (success) {\n            if (returndata.length == 0) {\n                // only check isContract if the call was successful and the return data is empty\n                // otherwise we already know that it was a contract\n                require(isContract(target), \"Address: call to non-contract\");\n            }\n            return returndata;\n        } else {\n            _revert(returndata, errorMessage);\n        }\n    }\n\n    /**\n     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n     * revert reason or using the provided one.\n     *\n     * _Available since v4.3._\n     */\n    function verifyCallResult(\n        bool success,\n        bytes memory returndata,\n        string memory errorMessage\n    ) internal pure returns (bytes memory) {\n        if (success) {\n            return returndata;\n        } else {\n            _revert(returndata, errorMessage);\n        }\n    }\n\n    function _revert(bytes memory returndata, string memory errorMessage) private pure {\n        // Look for revert reason and bubble it up if present\n        if (returndata.length > 0) {\n            // The easiest way to bubble the revert reason is using memory via assembly\n            /// @solidity memory-safe-assembly\n            assembly {\n                let returndata_size := mload(returndata)\n                revert(add(32, returndata), returndata_size)\n            }\n        } else {\n            revert(errorMessage);\n        }\n    }\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/utils/Context.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n    function _msgSender() internal view virtual returns (address) {\n        return msg.sender;\n    }\n\n    function _msgData() internal view virtual returns (bytes calldata) {\n        return msg.data;\n    }\n}\n"
    },
    "lib/openzeppelin-contracts/contracts/utils/StorageSlot.sol": {
      "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n *     function _getImplementation() internal view returns (address) {\n *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n *     }\n *\n *     function _setImplementation(address newImplementation) internal {\n *         require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n *     }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlot {\n    struct AddressSlot {\n        address value;\n    }\n\n    struct BooleanSlot {\n        bool value;\n    }\n\n    struct Bytes32Slot {\n        bytes32 value;\n    }\n\n    struct Uint256Slot {\n        uint256 value;\n    }\n\n    struct StringSlot {\n        string value;\n    }\n\n    struct BytesSlot {\n        bytes value;\n    }\n\n    /**\n     * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n     */\n    function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n     */\n    function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n     */\n    function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n     */\n    function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `StringSlot` with member `value` located at `slot`.\n     */\n    function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n     */\n    function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := store.slot\n        }\n    }\n\n    /**\n     * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n     */\n    function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n     */\n    function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n        /// @solidity memory-safe-assembly\n        assembly {\n            r.slot := store.slot\n        }\n    }\n}\n"
    },
    "lib/rln-contract/contracts/IVerifier.sol": {
      "content": "// SPDX-License-Identifier: Apache-2.0 OR MIT\npragma solidity 0.8.15;\n\ninterface IVerifier {\n    function verifyProof(uint256[2] memory a, uint256[2][2] memory b, uint256[2] memory c, uint256[2] memory input)\n        external\n        view\n        returns (bool);\n}\n"
    },
    "lib/rln-contract/contracts/PoseidonHasher.sol": {
      "content": "// SPDX-License-Identifier: MIT\n\n// Forked from https://github.com/kilic/rlnapp/\n\npragma solidity 0.8.15;\n\ninterface IPoseidonHasher {\n    /// @notice Hashes the input using the Poseidon hash function, n = 2, second input is the constant 0\n    /// @param input The input to hash\n    function hash(uint256 input) external pure returns (uint256 result);\n}\n\ncontract PoseidonHasher is IPoseidonHasher {\n    uint256 public constant Q = 21888242871839275222246405745257275088548364400416034343698204186575808495617;\n    uint256 constant C0 = 4417881134626180770308697923359573201005643519861877412381846989312604493735;\n    uint256 constant C1 = 5433650512959517612316327474713065966758808864213826738576266661723522780033;\n    uint256 constant C2 = 13641176377184356099764086973022553863760045607496549923679278773208775739952;\n    uint256 constant C3 = 17949713444224994136330421782109149544629237834775211751417461773584374506783;\n    uint256 constant C4 = 13765628375339178273710281891027109699578766420463125835325926111705201856003;\n    uint256 constant C5 = 19179513468172002314585757290678967643352171735526887944518845346318719730387;\n    uint256 constant C6 = 5157412437176756884543472904098424903141745259452875378101256928559722612176;\n    uint256 constant C7 = 535160875740282236955320458485730000677124519901643397458212725410971557409;\n    uint256 constant C8 = 1050793453380762984940163090920066886770841063557081906093018330633089036729;\n    uint256 constant C9 = 10665495010329663932664894101216428400933984666065399374198502106997623173873;\n    uint256 constant C10 = 19965634623406616956648724894636666805991993496469370618546874926025059150737;\n    uint256 constant C11 = 13007250030070838431593222885902415182312449212965120303174723305710127422213;\n    uint256 constant C12 = 16877538715074991604507979123743768693428157847423939051086744213162455276374;\n    uint256 constant C13 = 18211747749504876135588847560312685184956239426147543810126553367063157141465;\n    uint256 constant C14 = 18151553319826126919739798892854572062191241985315767086020821632812331245635;\n    uint256 constant C15 = 19957033149976712666746140949846950406660099037474791840946955175819555930825;\n    uint256 constant C16 = 3469514863538261843186854830917934449567467100548474599735384052339577040841;\n    uint256 constant C17 = 989698510043911779243192466312362856042600749099921773896924315611668507708;\n    uint256 constant C18 = 12568377015646290945235387813564567111330046038050864455358059568128000172201;\n    uint256 constant C19 = 20856104135605479600325529349246932565148587186338606236677138505306779314172;\n    uint256 constant C20 = 8206918720503535523121349917159924938835810381723474192155637697065780938424;\n    uint256 constant C21 = 1309058477013932989380617265069188723120054926187607548493110334522527703566;\n    uint256 constant C22 = 14076116939332667074621703729512195584105250395163383769419390236426287710606;\n    uint256 constant C23 = 10153498892749751942204288991871286290442690932856658983589258153608012428674;\n    uint256 constant C24 = 18202499207234128286137597834010475797175973146805180988367589376893530181575;\n    uint256 constant C25 = 12739388830157083522877690211447248168864006284243907142044329113461613743052;\n    uint256 constant C26 = 15123358710467780770838026754240340042441262572309759635224051333176022613949;\n    uint256 constant C27 = 19925004701844594370904593774447343836015483888496504201331110250494635362184;\n    uint256 constant C28 = 10352416606816998476681131583320899030072315953910679608943150613208329645891;\n    uint256 constant C29 = 10567371822366244361703342347428230537114808440249611395507235283708966113221;\n    uint256 constant C30 = 5635498582763880627392290206431559361272660937399944184533035305989295959602;\n    uint256 constant C31 = 11866432933224219174041051738704352719163271639958083608224676028593315904909;\n    uint256 constant C32 = 5795020705294401441272215064554385591292330721703923167136157291459784140431;\n    uint256 constant C33 = 9482202378699252817564375087302794636287866584767523335624368774856230692758;\n    uint256 constant C34 = 4245237636894546151746468406560945873445548423466753843402086544922216329298;\n    uint256 constant C35 = 12000500941313982757584712677991730019124834399479314697467598397927435905133;\n    uint256 constant C36 = 7596790274058425558167520209857956363736666939016807569082239187494363541787;\n    uint256 constant C37 = 2484867918246116343205467273440098378820186751202461278013576281097918148877;\n    uint256 constant C38 = 18312645949449997391810445935615409295369169383463185688973803378104013950190;\n    uint256 constant C39 = 15320686572748723004980855263301182130424010735782762814513954166519592552733;\n    uint256 constant C40 = 12618438900597948888520621062416758747872180395546164387827245287017031303859;\n    uint256 constant C41 = 17438141672027706116733201008397064011774368832458707512367404736905021019585;\n    uint256 constant C42 = 6374197807230665998865688675365359100400438034755781666913068586172586548950;\n    uint256 constant C43 = 2189398913433273865510950346186699930188746169476472274335177556702504595264;\n    uint256 constant C44 = 6268495580028970231803791523870131137294646402347399003576649137450213034606;\n    uint256 constant C45 = 17896250365994900261202920044129628104272791547990619503076839618914047059275;\n    uint256 constant C46 = 13692156312448722528008862371944543449350293305158722920787736248435893008873;\n    uint256 constant C47 = 15234446864368744483209945022439268713300180233589581910497691316744177619376;\n    uint256 constant C48 = 1572426502623310766593681563281600503979671244997798691029595521622402217227;\n    uint256 constant C49 = 80103447810215150918585162168214870083573048458555897999822831203653996617;\n    uint256 constant C50 = 8228820324013669567851850635126713973797711779951230446503353812192849106342;\n    uint256 constant C51 = 5375851433746509614045812476958526065449377558695752132494533666370449415873;\n    uint256 constant C52 = 12115998939203497346386774317892338270561208357481805380546938146796257365018;\n    uint256 constant C53 = 9764067909645821279940531410531154041386008396840887338272986634350423466622;\n    uint256 constant C54 = 8538708244538850542384936174629541085495830544298260335345008245230827876882;\n    uint256 constant C55 = 7140127896620013355910287215441004676619168261422440177712039790284719613114;\n    uint256 constant C56 = 14297402962228458726038826185823085337698917275385741292940049024977027409762;\n    uint256 constant C57 = 6667115556431351074165934212337261254608231545257434281887966406956835140819;\n    uint256 constant C58 = 20226761165244293291042617464655196752671169026542832236139342122602741090001;\n    uint256 constant C59 = 12038289506489256655759141386763477208196694421666339040483042079632134429119;\n    uint256 constant C60 = 19027757334170818571203982241812412991528769934917288000224335655934473717551;\n    uint256 constant C61 = 16272152964456553579565580463468069884359929612321610357528838696790370074720;\n    uint256 constant C62 = 2500392889689246014710135696485946334448570271481948765283016105301740284071;\n    uint256 constant C63 = 8595254970528530312401637448610398388203855633951264114100575485022581946023;\n    uint256 constant C64 = 11635945688914011450976408058407206367914559009113158286982919675551688078198;\n    uint256 constant C65 = 614739068603482619581328040478536306925147663946742687395148680260956671871;\n    uint256 constant C66 = 18692271780377861570175282183255720350972693125537599213951106550953176268753;\n    uint256 constant C67 = 4987059230784976306647166378298632695585915319042844495357753339378260807164;\n    uint256 constant C68 = 21851403978498723616722415377430107676258664746210815234490134600998983955497;\n    uint256 constant C69 = 9830635451186415300891533983087800047564037813328875992115573428596207326204;\n    uint256 constant C70 = 4842706106434537116860242620706030229206345167233200482994958847436425185478;\n    uint256 constant C71 = 6422235064906823218421386871122109085799298052314922856340127798647926126490;\n    uint256 constant C72 = 4564364104986856861943331689105797031330091877115997069096365671501473357846;\n    uint256 constant C73 = 1944043894089780613038197112872830569538541856657037469098448708685350671343;\n    uint256 constant C74 = 21179865974855950600518216085229498748425990426231530451599322283119880194955;\n    uint256 constant C75 = 14296697761894107574369608843560006996183955751502547883167824879840894933162;\n    uint256 constant C76 = 12274619649702218570450581712439138337725246879938860735460378251639845671898;\n    uint256 constant C77 = 16371396450276899401411886674029075408418848209575273031725505038938314070356;\n    uint256 constant C78 = 3702561221750983937578095019779188631407216522704543451228773892695044653565;\n    uint256 constant C79 = 19721616877735564664624984774636557499099875603996426215495516594530838681980;\n    uint256 constant C80 = 6383350109027696789969911008057747025018308755462287526819231672217685282429;\n    uint256 constant C81 = 20860583956177367265984596617324237471765572961978977333122281041544719622905;\n    uint256 constant C82 = 5766390934595026947545001478457407504285452477687752470140790011329357286275;\n    uint256 constant C83 = 4043175758319898049344746138515323336207420888499903387536875603879441092484;\n    uint256 constant C84 = 15579382179133608217098622223834161692266188678101563820988612253342538956534;\n    uint256 constant C85 = 1864640783252634743892105383926602930909039567065240010338908865509831749824;\n    uint256 constant C86 = 15943719865023133586707144161652035291705809358178262514871056013754142625673;\n    uint256 constant C87 = 2326415993032390211558498780803238091925402878871059708106213703504162832999;\n    uint256 constant C88 = 19995326402773833553207196590622808505547443523750970375738981396588337910289;\n    uint256 constant C89 = 5143583711361588952673350526320181330406047695593201009385718506918735286622;\n    uint256 constant C90 = 15436006486881920976813738625999473183944244531070780793506388892313517319583;\n    uint256 constant C91 = 16660446760173633166698660166238066533278664023818938868110282615200613695857;\n    uint256 constant C92 = 4966065365695755376133119391352131079892396024584848298231004326013366253934;\n    uint256 constant C93 = 20683781957411705574951987677641476019618457561419278856689645563561076926702;\n    uint256 constant C94 = 17280836839165902792086432296371645107551519324565649849400948918605456875699;\n    uint256 constant C95 = 17045635513701208892073056357048619435743564064921155892004135325530808465371;\n    uint256 constant C96 = 17055032967194400710390142791334572297458033582458169295920670679093585707295;\n    uint256 constant C97 = 15727174639569115300068198908071514334002742825679221638729902577962862163505;\n    uint256 constant C98 = 1001755657610446661315902885492677747789366510875120894840818704741370398633;\n    uint256 constant C99 = 18638547332826171619311285502376343504539399518545103511265465604926625041234;\n    uint256 constant C100 = 6751954224763196429755298529194402870632445298969935050224267844020826420799;\n    uint256 constant C101 = 3526747115904224771452549517614107688674036840088422555827581348280834879405;\n    uint256 constant C102 = 15705897908180497062880001271426561999724005008972544196300715293701537574122;\n    uint256 constant C103 = 574386695213920937259007343820417029802510752426579750428758189312416867750;\n    uint256 constant C104 = 15973040855000600860816974646787367136127946402908768408978806375685439868553;\n    uint256 constant C105 = 20934130413948796333037139460875996342810005558806621330680156931816867321122;\n    uint256 constant C106 = 6918585327145564636398173845411579411526758237572034236476079610890705810764;\n    uint256 constant C107 = 14158163500813182062258176233162498241310167509137716527054939926126453647182;\n    uint256 constant C108 = 4164602626597695668474100217150111342272610479949122406544277384862187287433;\n    uint256 constant C109 = 12146526846507496913615390662823936206892812880963914267275606265272996025304;\n    uint256 constant C110 = 10153527926900017763244212043512822363696541810586522108597162891799345289938;\n    uint256 constant C111 = 13564663485965299104296214940873270349072051793008946663855767889066202733588;\n    uint256 constant C112 = 5612449256997576125867742696783020582952387615430650198777254717398552960096;\n    uint256 constant C113 = 12151885480032032868507892738683067544172874895736290365318623681886999930120;\n    uint256 constant C114 = 380452237704664384810613424095477896605414037288009963200982915188629772177;\n    uint256 constant C115 = 9067557551252570188533509616805287919563636482030947363841198066124642069518;\n    uint256 constant C116 = 21280306817619711661335268484199763923870315733198162896599997188206277056900;\n    uint256 constant C117 = 5567165819557297006750252582140767993422097822227408837378089569369734876257;\n    uint256 constant C118 = 10411936321072105429908396649383171465939606386380071222095155850987201580137;\n    uint256 constant C119 = 21338390051413922944780864872652000187403217966653363270851298678606449622266;\n    uint256 constant C120 = 12156296560457833712186127325312904760045212412680904475497938949653569234473;\n    uint256 constant C121 = 4271647814574748734312113971565139132510281260328947438246615707172526380757;\n    uint256 constant C122 = 9061738206062369647211128232833114177054715885442782773131292534862178874950;\n    uint256 constant C123 = 10134551893627587797380445583959894183158393780166496661696555422178052339133;\n    uint256 constant C124 = 8932270237664043612366044102088319242789325050842783721780970129656616386103;\n    uint256 constant C125 = 3339412934966886386194449782756711637636784424032779155216609410591712750636;\n    uint256 constant C126 = 9704903972004596791086522314847373103670545861209569267884026709445485704400;\n    uint256 constant C127 = 17467570179597572575614276429760169990940929887711661192333523245667228809456;\n    uint256 constant M00 = 2910766817845651019878574839501801340070030115151021261302834310722729507541;\n    uint256 constant M01 = 19727366863391167538122140361473584127147630672623100827934084310230022599144;\n    uint256 constant M10 = 5776684794125549462448597414050232243778680302179439492664047328281728356345;\n    uint256 constant M11 = 8348174920934122550483593999453880006756108121341067172388445916328941978568;\n\n    function hash(uint256 input) external pure override returns (uint256 result) {\n        return _hash(input);\n    }\n\n    function _hash(uint256 input) internal pure returns (uint256 result) {\n        assembly {\n            // Poseidon parameters should be t = 2, RF = 8, RP = 56\n\n            // We load the characteristic\n            let q := Q\n\n            // In zerokit implementation, if we pass inp = [a0,a1,..,an] to Poseidon what is effectively hashed is [0,a0,a1,..,an]\n            // Note that a sequence of MIX-ARK involves 3 Bn254 field additions before the mulmod happens. Worst case we have a value corresponding to 2*(p-1) which is less than 2^256 and hence doesn't overflow\n            //ROUND 0 - FULL\n            let s0 := C0\n            let s1 := add(input, C1)\n            // SBOX\n            let t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 1 - FULL\n            s0 := add(s0, C2)\n            s1 := add(s1, C3)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 2 - FULL\n            s0 := add(s0, C4)\n            s1 := add(s1, C5)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 3 - FULL\n            s0 := add(s0, C6)\n            s1 := add(s1, C7)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 4 - PARTIAL\n            s0 := add(s0, C8)\n            s1 := add(s1, C9)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 5 - PARTIAL\n            s0 := add(s0, C10)\n            s1 := add(s1, C11)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 6 - PARTIAL\n            s0 := add(s0, C12)\n            s1 := add(s1, C13)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 7 - PARTIAL\n            s0 := add(s0, C14)\n            s1 := add(s1, C15)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 8 - PARTIAL\n            s0 := add(s0, C16)\n            s1 := add(s1, C17)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 9 - PARTIAL\n            s0 := add(s0, C18)\n            s1 := add(s1, C19)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 10 - PARTIAL\n            s0 := add(s0, C20)\n            s1 := add(s1, C21)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 11 - PARTIAL\n            s0 := add(s0, C22)\n            s1 := add(s1, C23)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 12 - PARTIAL\n            s0 := add(s0, C24)\n            s1 := add(s1, C25)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 13 - PARTIAL\n            s0 := add(s0, C26)\n            s1 := add(s1, C27)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 14 - PARTIAL\n            s0 := add(s0, C28)\n            s1 := add(s1, C29)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 15 - PARTIAL\n            s0 := add(s0, C30)\n            s1 := add(s1, C31)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 16 - PARTIAL\n            s0 := add(s0, C32)\n            s1 := add(s1, C33)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 17 - PARTIAL\n            s0 := add(s0, C34)\n            s1 := add(s1, C35)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 18 - PARTIAL\n            s0 := add(s0, C36)\n            s1 := add(s1, C37)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 19 - PARTIAL\n            s0 := add(s0, C38)\n            s1 := add(s1, C39)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 20 - PARTIAL\n            s0 := add(s0, C40)\n            s1 := add(s1, C41)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 21 - PARTIAL\n            s0 := add(s0, C42)\n            s1 := add(s1, C43)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 22 - PARTIAL\n            s0 := add(s0, C44)\n            s1 := add(s1, C45)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 23 - PARTIAL\n            s0 := add(s0, C46)\n            s1 := add(s1, C47)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 24 - PARTIAL\n            s0 := add(s0, C48)\n            s1 := add(s1, C49)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 25 - PARTIAL\n            s0 := add(s0, C50)\n            s1 := add(s1, C51)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 26 - PARTIAL\n            s0 := add(s0, C52)\n            s1 := add(s1, C53)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 27 - PARTIAL\n            s0 := add(s0, C54)\n            s1 := add(s1, C55)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 28 - PARTIAL\n            s0 := add(s0, C56)\n            s1 := add(s1, C57)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 29 - PARTIAL\n            s0 := add(s0, C58)\n            s1 := add(s1, C59)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 30 - PARTIAL\n            s0 := add(s0, C60)\n            s1 := add(s1, C61)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 31 - PARTIAL\n            s0 := add(s0, C62)\n            s1 := add(s1, C63)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 32 - PARTIAL\n            s0 := add(s0, C64)\n            s1 := add(s1, C65)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 33 - PARTIAL\n            s0 := add(s0, C66)\n            s1 := add(s1, C67)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 34 - PARTIAL\n            s0 := add(s0, C68)\n            s1 := add(s1, C69)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 35 - PARTIAL\n            s0 := add(s0, C70)\n            s1 := add(s1, C71)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 36 - PARTIAL\n            s0 := add(s0, C72)\n            s1 := add(s1, C73)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 37 - PARTIAL\n            s0 := add(s0, C74)\n            s1 := add(s1, C75)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 38 - PARTIAL\n            s0 := add(s0, C76)\n            s1 := add(s1, C77)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 39 - PARTIAL\n            s0 := add(s0, C78)\n            s1 := add(s1, C79)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 40 - PARTIAL\n            s0 := add(s0, C80)\n            s1 := add(s1, C81)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 41 - PARTIAL\n            s0 := add(s0, C82)\n            s1 := add(s1, C83)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 42 - PARTIAL\n            s0 := add(s0, C84)\n            s1 := add(s1, C85)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 43 - PARTIAL\n            s0 := add(s0, C86)\n            s1 := add(s1, C87)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 44 - PARTIAL\n            s0 := add(s0, C88)\n            s1 := add(s1, C89)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 45 - PARTIAL\n            s0 := add(s0, C90)\n            s1 := add(s1, C91)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 46 - PARTIAL\n            s0 := add(s0, C92)\n            s1 := add(s1, C93)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 47 - PARTIAL\n            s0 := add(s0, C94)\n            s1 := add(s1, C95)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 48 - PARTIAL\n            s0 := add(s0, C96)\n            s1 := add(s1, C97)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 49 - PARTIAL\n            s0 := add(s0, C98)\n            s1 := add(s1, C99)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 50 - PARTIAL\n            s0 := add(s0, C100)\n            s1 := add(s1, C101)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 51 - PARTIAL\n            s0 := add(s0, C102)\n            s1 := add(s1, C103)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 52 - PARTIAL\n            s0 := add(s0, C104)\n            s1 := add(s1, C105)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 53 - PARTIAL\n            s0 := add(s0, C106)\n            s1 := add(s1, C107)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 54 - PARTIAL\n            s0 := add(s0, C108)\n            s1 := add(s1, C109)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 55 - PARTIAL\n            s0 := add(s0, C110)\n            s1 := add(s1, C111)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 56 - PARTIAL\n            s0 := add(s0, C112)\n            s1 := add(s1, C113)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 57 - PARTIAL\n            s0 := add(s0, C114)\n            s1 := add(s1, C115)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 58 - PARTIAL\n            s0 := add(s0, C116)\n            s1 := add(s1, C117)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 59 - PARTIAL\n            s0 := add(s0, C118)\n            s1 := add(s1, C119)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 60 - FULL\n            s0 := add(s0, C120)\n            s1 := add(s1, C121)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 61 - FULL\n            s0 := add(s0, C122)\n            s1 := add(s1, C123)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 62 - FULL\n            s0 := add(s0, C124)\n            s1 := add(s1, C125)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            t := add(mulmod(s0, M00, q), mulmod(s1, M01, q))\n            s1 := add(mulmod(s0, M10, q), mulmod(s1, M11, q))\n            s0 := t\n\n            //ROUND 63 - FULL\n            s0 := add(s0, C126)\n            s1 := add(s1, C127)\n            // SBOX\n            t := mulmod(s0, s0, q)\n            s0 := mulmod(mulmod(t, t, q), s0, q)\n            t := mulmod(s1, s1, q)\n            s1 := mulmod(mulmod(t, t, q), s1, q)\n            // MIX\n            s0 := mod(add(mulmod(s0, M00, q), mulmod(s1, M01, q)), q)\n\n            result := s0\n        }\n    }\n}\n"
    },
    "lib/rln-contract/contracts/RlnBase.sol": {
      "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.15;\n\nimport {PoseidonHasher} from \"./PoseidonHasher.sol\";\nimport {IVerifier} from \"./IVerifier.sol\";\n\n/// The tree is full\nerror FullTree();\n\n/// Invalid deposit amount\n/// @param required The required deposit amount\n/// @param provided The provided deposit amount\nerror InsufficientDeposit(uint256 required, uint256 provided);\n\n/// Member is already registered\nerror DuplicateIdCommitment();\n\n/// Failed validation on registration/slashing\nerror FailedValidation();\n\n/// Invalid idCommitment\nerror InvalidIdCommitment(uint256 idCommitment);\n\n/// Invalid receiver address, when the receiver is the contract itself or 0x0\nerror InvalidReceiverAddress(address to);\n\n/// Member is not registered\nerror MemberNotRegistered(uint256 idCommitment);\n\n/// Member has no stake\nerror MemberHasNoStake(uint256 idCommitment);\n\n/// User has insufficient balance to withdraw\nerror InsufficientWithdrawalBalance();\n\n/// Contract has insufficient balance to return\nerror InsufficientContractBalance();\n\n/// Invalid proof\nerror InvalidProof();\n\nabstract contract RlnBase {\n    /// @notice The deposit amount required to register as a member\n    uint256 public immutable MEMBERSHIP_DEPOSIT;\n\n    /// @notice The depth of the merkle tree\n    uint256 public immutable DEPTH;\n\n    /// @notice The size of the merkle tree, i.e 2^depth\n    uint256 public immutable SET_SIZE;\n\n    /// @notice The index of the next member to be registered\n    uint256 public idCommitmentIndex = 0;\n\n    /// @notice The amount of eth staked by each member\n    /// maps from idCommitment to the amount staked\n    mapping(uint256 => uint256) public stakedAmounts;\n\n    /// @notice The membership status of each member\n    /// maps from idCommitment to their index in the set\n    mapping(uint256 => uint256) public members;\n\n    mapping(uint256 => bool) public memberExists;\n\n    /// @notice The balance of each user that can be withdrawn\n    mapping(address => uint256) public withdrawalBalance;\n\n    /// @notice The Poseidon hasher contract\n    PoseidonHasher public immutable poseidonHasher;\n\n    /// @notice The groth16 verifier contract\n    IVerifier public immutable verifier;\n\n    /// @notice the deployed block number\n    uint32 public immutable deployedBlockNumber;\n\n    /// Emitted when a new member is added to the set\n    /// @param idCommitment The idCommitment of the member\n    /// @param index The index of the member in the set\n    event MemberRegistered(uint256 idCommitment, uint256 index);\n\n    /// Emitted when a member is removed from the set\n    /// @param idCommitment The idCommitment of the member\n    /// @param index The index of the member in the set\n    event MemberWithdrawn(uint256 idCommitment, uint256 index);\n\n    modifier onlyValidIdCommitment(uint256 idCommitment) {\n        if (!isValidCommitment(idCommitment)) revert InvalidIdCommitment(idCommitment);\n        _;\n    }\n\n    constructor(uint256 membershipDeposit, uint256 depth, address _poseidonHasher, address _verifier) {\n        MEMBERSHIP_DEPOSIT = membershipDeposit;\n        DEPTH = depth;\n        SET_SIZE = 1 << depth;\n        poseidonHasher = PoseidonHasher(_poseidonHasher);\n        verifier = IVerifier(_verifier);\n        deployedBlockNumber = uint32(block.number);\n    }\n\n    /// Allows a user to register as a member\n    /// @param idCommitment The idCommitment of the member\n    function register(uint256 idCommitment) external payable virtual onlyValidIdCommitment(idCommitment) {\n        if (msg.value != MEMBERSHIP_DEPOSIT) {\n            revert InsufficientDeposit(MEMBERSHIP_DEPOSIT, msg.value);\n        }\n        _validateRegistration(idCommitment);\n        _register(idCommitment, msg.value);\n    }\n\n    /// Registers a member\n    /// @param idCommitment The idCommitment of the member\n    /// @param stake The amount of eth staked by the member\n    function _register(uint256 idCommitment, uint256 stake) internal virtual {\n        if (memberExists[idCommitment]) revert DuplicateIdCommitment();\n        if (idCommitmentIndex >= SET_SIZE) revert FullTree();\n\n        members[idCommitment] = idCommitmentIndex;\n        memberExists[idCommitment] = true;\n        stakedAmounts[idCommitment] = stake;\n\n        emit MemberRegistered(idCommitment, idCommitmentIndex);\n        idCommitmentIndex += 1;\n    }\n\n    /// @dev Inheriting contracts MUST override this function\n    function _validateRegistration(uint256 idCommitment) internal view virtual;\n\n    /// @dev Allows a user to slash a member\n    /// @param idCommitment The idCommitment of the member\n    function slash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof)\n        external\n        virtual\n        onlyValidIdCommitment(idCommitment)\n    {\n        _validateSlash(idCommitment, receiver, proof);\n        _slash(idCommitment, receiver, proof);\n    }\n\n    /// @dev Slashes a member by removing them from the set, and adding their\n    /// stake to the receiver's available withdrawal balance\n    /// @param idCommitment The idCommitment of the member\n    /// @param receiver The address to receive the funds\n    function _slash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof) internal virtual {\n        if (receiver == address(this) || receiver == address(0)) {\n            revert InvalidReceiverAddress(receiver);\n        }\n\n        if (memberExists[idCommitment] == false) revert MemberNotRegistered(idCommitment);\n        // check if member is registered\n        if (stakedAmounts[idCommitment] == 0) {\n            revert MemberHasNoStake(idCommitment);\n        }\n\n        if (!_verifyProof(idCommitment, receiver, proof)) {\n            revert InvalidProof();\n        }\n\n        uint256 amountToTransfer = stakedAmounts[idCommitment];\n\n        // delete member\n        uint256 index = members[idCommitment];\n        members[idCommitment] = 0;\n        memberExists[idCommitment] = false;\n        stakedAmounts[idCommitment] = 0;\n\n        // refund deposit\n        withdrawalBalance[receiver] += amountToTransfer;\n\n        emit MemberWithdrawn(idCommitment, index);\n    }\n\n    function _validateSlash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof)\n        internal\n        view\n        virtual;\n\n    /// Allows a user to withdraw funds allocated to them upon slashing a member\n    function withdraw() external virtual {\n        uint256 amount = withdrawalBalance[msg.sender];\n\n        if (amount == 0) revert InsufficientWithdrawalBalance();\n        if (amount > address(this).balance) {\n            revert InsufficientContractBalance();\n        }\n\n        withdrawalBalance[msg.sender] = 0;\n\n        payable(msg.sender).transfer(amount);\n    }\n\n    /// Hashes a value using the Poseidon hasher\n    /// NOTE: The variant of Poseidon we use accepts only 1 input, assume n=2, and the second input is 0\n    /// @param input The value to hash\n    function hash(uint256 input) internal view returns (uint256) {\n        return poseidonHasher.hash(input);\n    }\n\n    function isValidCommitment(uint256 idCommitment) public view returns (bool) {\n        return idCommitment != 0 && idCommitment < poseidonHasher.Q();\n    }\n\n    /// @dev Groth16 proof verification\n    function _verifyProof(uint256 idCommitment, address receiver, uint256[8] calldata proof)\n        internal\n        view\n        virtual\n        returns (bool)\n    {\n        return verifier.verifyProof(\n            [proof[0], proof[1]],\n            [[proof[2], proof[3]], [proof[4], proof[5]]],\n            [proof[6], proof[7]],\n            [idCommitment, uint256(uint160(receiver))]\n        );\n    }\n}\n"
    }
  },
  "settings": {
    "optimizer": {
      "enabled": false,
      "runs": 200
    },
    "outputSelection": {
      "*": {
        "*": [
          "abi",
          "evm.bytecode",
          "evm.deployedBytecode",
          "evm.methodIdentifiers",
          "metadata",
          "devdoc",
          "userdoc",
          "storageLayout",
          "evm.gasEstimates"
        ],
        "": ["ast"]
      }
    },
    "metadata": {
      "useLiteralContent": true
    },
    "remappings": [
      "ds-test/=lib/forge-std/lib/ds-test/src/",
      "erc4626-tests/=lib/openzeppelin-contracts-upgradeable/lib/erc4626-tests/",
      "forge-std/=lib/forge-std/src/",
      "openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/",
      "openzeppelin-contracts/=lib/openzeppelin-contracts/",
      "openzeppelin/=lib/openzeppelin-contracts-upgradeable/contracts/",
      "rln-contract/=lib/rln-contract/contracts/"
    ]
  }
}