From 72839fb84fd05aef108a0278057d47f300225aad Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 1 Nov 2024 15:23:08 -0300
Subject: [PATCH 01/61] merge with add-ars-offramp-support

---
 .prettierignore                               |   3 +-
 .../src/api/services/pendulum.service.js      |   4 ++
 .../src/api/services/stellar.service.js       |   6 +-
 signer-service/src/constants/tokenConfig.js   |  16 +++++
 src/assets/coins/ARS.png                      | Bin 0 -> 57760 bytes
 src/constants/tokenConfig.ts                  |  25 +++++++-
 src/hooks/useGetIcon.tsx                      |   2 +
 src/hooks/useMainProcess.ts                   |   4 +-
 src/services/anchor/index.ts                  |  58 ++++++++++++++----
 src/services/stellar/index.tsx                |   7 ++-
 10 files changed, 106 insertions(+), 19 deletions(-)
 create mode 100644 src/assets/coins/ARS.png

diff --git a/.prettierignore b/.prettierignore
index b3f98d67..7814de00 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -7,13 +7,14 @@ preact/
 internals/
 docs/
 .lighthouseci/
-
+**/coins/*
 *.yml
 
 package-lock.json
 package.json
 yarn.lock
 favicon.png
+.prettierignore 
 
 CHANGELOG.md
 **/*.svg
diff --git a/signer-service/src/api/services/pendulum.service.js b/signer-service/src/api/services/pendulum.service.js
index c333af1a..33260db5 100644
--- a/signer-service/src/api/services/pendulum.service.js
+++ b/signer-service/src/api/services/pendulum.service.js
@@ -93,10 +93,14 @@ exports.sendStatusWithPk = async () => {
   await Promise.all(
     Object.entries(TOKEN_CONFIG).map(async ([token, tokenConfig]) => {
       console.log(`Checking token ${token} balance...`);
+      if (!tokenConfig.pendulumCurrencyId) {
+        throw new Error(`Token ${token} does not have a currency id.`);
+      }
       const tokenBalanceResponse = await apiData.api.query.tokens.accounts(
         fundingAccountKeypair.address,
         tokenConfig.pendulumCurrencyId,
       );
+      console.log(tokenBalanceResponse?.free?.toString());
 
       const tokenBalance = Big(tokenBalanceResponse?.free?.toString() ?? '0');
       const maximumSubsidyAmountRaw = Big(tokenConfig.maximumSubsidyAmountRaw);
diff --git a/signer-service/src/api/services/stellar.service.js b/signer-service/src/api/services/stellar.service.js
index c4ff461b..7368fad3 100644
--- a/signer-service/src/api/services/stellar.service.js
+++ b/signer-service/src/api/services/stellar.service.js
@@ -49,7 +49,7 @@ async function buildCreationStellarTx(fundingSecret, ephemeralAccountId, maxTime
     .addOperation(
       Operation.changeTrust({
         source: ephemeralAccountId,
-        asset: new Asset(tokenConfig.assetCode, tokenConfig.assetIssuer),
+        asset: new Asset(tokenConfig.assetCode.replace('\0', ''), tokenConfig.assetIssuer),
       }),
     )
     .setTimebounds(0, maxTime)
@@ -99,7 +99,7 @@ async function buildPaymentAndMergeTx(
     .addOperation(
       Operation.payment({
         amount,
-        asset: new Asset(tokenConfig.assetCode, tokenConfig.assetIssuer),
+        asset: new Asset(tokenConfig.assetCode.replace('\0', ''), tokenConfig.assetIssuer),
         destination: offrampingAccount,
       }),
     )
@@ -113,7 +113,7 @@ async function buildPaymentAndMergeTx(
   })
     .addOperation(
       Operation.changeTrust({
-        asset: new Asset(tokenConfig.assetCode, tokenConfig.assetIssuer),
+        asset: new Asset(tokenConfig.assetCode.replace('\0', ''), tokenConfig.assetIssuer),
         limit: '0',
       }),
     )
diff --git a/signer-service/src/constants/tokenConfig.js b/signer-service/src/constants/tokenConfig.js
index 85e1c494..4af69866 100644
--- a/signer-service/src/constants/tokenConfig.js
+++ b/signer-service/src/constants/tokenConfig.js
@@ -20,6 +20,22 @@ const TOKEN_CONFIG = {
     decimals: 6,
     maximumSubsidyAmountRaw: '1000000', // 1 unit
   },
+  ars: {
+    tomlFileUrl: 'https://api.anclap.com/.well-known/stellar.toml',
+    assetCode: 'ARS\0',
+    assetIssuer: 'GCYE7C77EB5AWAA25R5XMWNI2EDOKTTFTTPZKM2SR5DI4B4WFD52DARS',
+    vaultAccountId: '6bE2vjpLRkRNoVDqDtzokxE34QdSJC2fz7c87R9yCVFFDNWs',
+    minWithdrawalAmount: '10000000000000',
+    maximumSubsidyAmountRaw: '100000000000000', // 100 unit ~ 0.1 USD @ Oct/2024
+    pendulumCurrencyId: {
+      Stellar: {
+        AlphaNum4: {
+          code: '0x41525300',
+          issuer: '0xb04f8bff207a0b001aec7b7659a8d106e54e659cdf9533528f468e079628fba1',
+        },
+      },
+    },
+  },
 };
 
 function getTokenConfigByAssetCode(cofig, assetCode) {
diff --git a/src/assets/coins/ARS.png b/src/assets/coins/ARS.png
new file mode 100644
index 0000000000000000000000000000000000000000..bfa721022d7dae47f0663ef4a3f1c3fbcfe08847
GIT binary patch
literal 57760
zcmX_HbzD?mu-~P-Tco>@R$972kZ$ReZWg4ZrAtykK)QPgMWnl7X%OkI<z0U7^B(^!
zd%0)M^n7Q|;j@OCJT?Xe1_%VgR#cGD0)Y^KUlBlPD8R>s&-5Mef#fc&sEr2v1fYG0
z0=}F2Y3q4tnS0Z?y17`}Ia<+p__|urNNH&Bf<S1Qn@Z{<%A9{x-m|d$Q6Cys+|~ji
zS`u;*DibOf$si&kVj`mP@bmBpA|=U5Hi>AnOn{IxGO~-o1+DsZnXFM`$RPDLV%ry-
z^RXZh4M<T&O4}#r-->U5v99ml<J#i=uzb<BZ?5H=Po=_Y8%P8My++ckM7EgABz_@U
zwjt7(R*vgwlUG-qoKAMfftW-T`LT+>B`KMEyeOG-Z4A$7e5V8AM+2@_58$=&Il^gH
z3#&GX7XcDz3#Z}^+zXSwxt$R<tYLUM#f|SF*m}hYJ*JTm6f=ZzEdJD>HKhKKw#j45
z;xWN-y*obCs5BFQPCp1G9%xb$!8L>-ku^{)75=09;yx%JcMll_A__}2*~Nw%uohR>
zx=2Sk<d?62X@4PBUYfa5W1Zle(eYqsAgBx=9SlOXRiJrM=vSItDtIUo(?da~imS@v
z7ehhE<^+kNOy+yN42U)%qm$L@h`SIzNg<{|;XE3a;tq@;PU%?XBoNwqQ9AP7YZb{n
z%wg6?KO7#y3~&R;e0a(eM7VW0Sv^39O1QN$S&f<;Mg=1p2RB$Ig%LteC#&BnSkQzW
zGl20n*g6^J<$1w@tUS1cFj9nbUiHg@N%{PXg(|sVc`zzVnmDNvbthCapI8{367kAX
z4(}Bt?VDs&1wA?hk6s(&1{+Fef_0^=+?^Mzh}7Fbb`l<pLKrHV_%jxZvWEe2AOx{^
zjhT@a&*H=Lb_5Nxn#0KtaZn4GpGwWM?D)e7qM9!$lCidw^4fV7p(Ze%8dTeNN>&xK
zZ)xo_7(mh~ww2kuJwc2+gK(x{y3W@s`RQg7ufOr4OJUUib``P?GefO0WSuen*@dpj
z2W+yLHtUB_LqT|wjyS~QeubTpFY%sqGfoJHiCn>Amgpa<mjyxSp;Fl@+m&im`4=R~
z*cS!|WHsd%wG=HOq|J*0+O-aaXDA269+o8-O}IfU#jj@mW#FaKp+m@~8fIg7dV-wx
z&tXCLJN8$~(>Xo8vZWzTP!g3_uHVW#2?}EY7A%$Q)>kQDX_LE*8Kn=3k~PuBghlfB
z?>fG}5JnTl6-Di!!NmBf_e}A!VKxrx1bvwSl|X%GTwR;>NMI?4@b2dcQVsDunxm!?
zWBDRGZPgbBkcIZ7f%^8({BDAba8@W`nRR!6MtUC+!(S)|-7=cvd!?@x_SIo67)hWg
z&7ua?<I%|his59qBbzCzDH_lA=Oy0oC=*Z+@`DoVjP8gUI<FS+X4ZRy)@~fai#Y^L
z9!9Tif8A+<I9C1T2z~AotQy5xtSAE}m%>6OyGoZHtm8FwqsTHS^ZnURTaEr4V^=&r
zwi-p&#>O^df(?sjVg-%4m>mQyFY9%K(MxC&@QP+Yu4wNp&G=3lwEp_&_%q0SW&jnI
zH_Xxwzk|OlPIv(+(>YAR+x|%M&cl|_`V>~3q80wvOEK04pjJL^Fot^6D|%YpOW8ob
zmXKZ`KxCxabII~LtMEY6RUjU-s&w$p4vpx*6cHshM5}l%1^!Pfc(ColW*s66eQ$g2
zCJmN_zN)5psLywT8;-w6LX1vy!mlG%f+NdIBi{40qvfIqvJ}U^Z&tPtO`_J-)HFEg
z(Rru_IinbqFBL6*;q>|NGQp^ae%I$i4ApI+{OZI9464jf<*x68B2*&s$?R=gF;uOE
ziU<vYA=J=we%Ud{gz-NQtEU&YG!i+G;u?<dN$X7iafFH#5E4gt9SuPZ+5*XXJ{>{B
zXC$I8klR4f4}{qIVTjSL<8%}aQAiwx1*8%&=YG855xKu&(Hwuc1@{XBZo=}W@{&OX
zY8vUgVcH|S+*TT*y~>#Ct_)s5x(w-%e|3=fr}f(z7ou;v<Ai9>n=1K<bC%akEx6*T
z{t&K5Ifs*mUv*G6u~0)u9Z~tkZqq9%BV4Z!XiAw5#!g2?DXrT66xAMar2@Gqn6mr9
zEXAWwmTXo@VP>GvG+Ag98ZyyDej%+RA@0(&tRqDs_-`M{X^kqsEk33`@ZhiXmCsAr
z6CP9|vG7bfA34?;;~A>Yye<Lo@1LVtX4Zp=t-n9vs1)S#synDia{Dml?-~*4N6O3=
zb8n7kdy%pD5Jgk@4$zxU7w0>KI_%R@EomVU6+@lP(+htTtBecuq@U+;|BX~P9n)|j
zFi21Obe?y48`Mtav)FeIJyntBoge7wT2jJCXYDQi64qApGt39FqX+r*UDc9bGO)jd
z%kdp)lWi2zuXh&XA^P+u{52-5GX~r6C|>)A2Zhhk69&~NM?r(~4Q*m<c^wB|hFd;F
zQ+<wAHZ4(bSuAGP`NnL_@Kq={joY45ceC(RDPan%jL$Msyfho5KFOqz<-mou;TQGv
z{_V7Ex6f&MTgp6EyirRo`Gl)cV9;W39rQiMl9o(pwBC3uUPJ#Um2%8iw9ZqMn3H6U
zpTnK93I(P7Rl38ic<2$-EoRXjtDU|3_4rDH{baUnE1gvAR@+17%p&dwh$?Bncq;Co
z<n6@ds1b=|v%E_5R@|o4@*P7Gs5}*ob7Bnz$0Qby;!YU8w{wOE^pOTooSWpbu&7wT
ze66E<F7x;7qT?eE>^PM1HJJ3vF%74~5&31DN(3S@7V$(S?8otV^9J@5dgNf5D$*xE
zwEnz+yU}vFIKsb2MYB3>8b*@;4W_pa3RYne&XSp>&E$J~ZIdLcc1g0QMoRu$<lA{}
zW+}H=PXt1=1{7;1n^}Kq6xMO?gMKonlnQq_85!hMrEj4kqCEGm3dyfTTZs0VFBB&*
zvoKD~9ARR$rN~i=LPA6SHNCWq1EU@O4z*s8W2yR?aW{yUTGUw8m($^mdvcIbC{|=J
zF>_(_@{SM37!lZ>ROIXLscbieEu%WwbPK!2Kn7d<2F}p5%nE8F9_Em)0Fx{-pG8N1
z4^fsjYvwS7P_Qh&?G#?ET^a7HBHsRsUo^>oRkg;6uwzs0J|RNYA(v2hr81AydwRJ7
z-qU0nHhBkQ++~ao5+A-2!Kd#ZA}(Iu)#I#`(H(XozrH*3z$Q}sU|a_%_U~j)gJ;lj
zJ7Z6mwNWBb$}BOFm}-@62`)mDzU@3weWo_)hxhIo3xv`tKQJeWu*b<TW3PmI-otD%
z_Ct14v=DWU63ArbZm+w(r%V=zR`5za36U4G-?__<{pcSP_P8JsUQOOKs*`m2#hC2P
z>X()1l#0+r{zu4vpJ6_M<dY(pg3>9P!77GIc8=bbb;CS+Cu1Zf0`HtjE@OexLVEb0
zWE7J8;n8$5^qO}NDp;&t^5+r12m;g=J%a<58Ui206E8D!Pk)bX6eahYU6g3bgFhdC
zFstj9|CSsjnna(s{^>j3RC72P!vISl-z7wVdXA(>mDrLv$c2``q2JnQ&JB8p^N7sd
zI`#GRsB0q~n%*~paY49<Z?^fRc_|e^{fSC3_s&Q`*gniV{9T&#Up)7QS{kl*><<29
z7CdTy@mPK9pyJt<Pd-V_0ig#62ax?x<k1u1)tv@1u#%MVyoH5bxmnLQw0gr{m8h&<
z*`i^5m_KwZq_a*>151_w^buUyh>!+$L0An}M6l2OCAxoYLmBV6E4-Xq)XA*wU9Qly
zhu^?aC?(5cYpx6><>t-6YoWl9O>oqFcOhCRm5eoPhhA^173NDw&;JvFKep;i$O<$V
zjEiues&(eXJ(`RpnN!+m0$J#LdXo_zB*2~Oy$^`sX=Qgf{INqwU7d9=(lN$I0Uu3o
zS9t^DqsXT>uPF!Ujd@VHWj~Q{dP?myh3Sj3_I4<0W?2Ycu4^V^iDCwz`WUg!ygwX`
zTBJdTNIHlS*C#xQK?8M;My;^9w%)8J?~b=}$hW(Bltgb~PyzLg-w~hk$0yUn(P&Ml
z6aVjfc6Gk*+C&KIG5{X~)T3M?lgY=c;_flcK@)&=Lvr#>>#tGc8~So(0?5Z74e7xm
zCqcvSf=9YOiBvIVx{D;U)I6!AeX`-pQ6*9&HR=V&=*_<l{!odxz2%do!b%<$=~yC&
ztpAGf*X2}^iXGYnSuOgsS0xyikK#nttXYdq2S}%EW&6iknp6e{AZvlAcAlPKd%%_K
z_B%4?*4$tB!THD+{V^HbahhH&wf<7jB;{2iHd19e-mq7F%MbmrgD0dG^RaK3Eba^F
zbTOAs81dnSb(~~{)}J!BV43j2_Fdtk#@x^P3r|7z4UWgKDR^xzrN3H<$Z}?pLw-~#
zElC|3Y9*$_KBlJZCmZsun4Kt_p-|RKDH64Kx6N3xa|1g5>8tNhwP9Q6SgKZO`3kwF
zh`{|z)(4$(m^bFhK!(_(fQ_qj@Z2DlzgnrtL^AVN@6RctG0ngBSh+16KZ?~?^5|Yf
zMLO*?gtdP3%h~4J<RAEFV8VVvb8-zm*V1$iNc5iOt@2P>3m7JRItCL07y{D{dp~q&
zAC9oJH1$vH>yBex6v|&|>nPKWF0!}=!CmEV7+e?`vv?bK`@HW*KJ#_*%7|(wGm~Cf
z$RWaUT~%1O-?vH>#@Zh*so%&sh@sc#J>izst_RKW^*uz6S}jcEZn)aS!(-nv<VS@&
zo;Pr>eYM~i-^tii>0#Wp&9VfOsK?h?c;y_F$k;{A&o?$hJW)>)GVDT*?7ihu<VOPM
zK0D}^Z!{y_V4b|rw|-AYY-~)iqh4PmHgcLP3P2tYS7*~M`k!PwcJ=RR3{TKdIiLMk
z<jrVw=Ep1x0dK7W%m=g^Wmuv%A*H|l-*#1__Q_oM8iKe2_Sb1$4*}ycx-n{MGk^Jr
zsYm4TET4IC(|FyeQ;Qm`kFSqIwNzX%YVF_08t%;U)pF@Me3pE1f(`RmDyyG4iak+R
z4NU)Bq3ie86gz;Vg%s_5v%Fl-43KXZmeW4?%V&*-&`BxdW3xFfY40V6idl4!Kjh9q
z4*WhuQw&V0l;PIdd*v+c2=SDOD}47N2%$SshH*m<Us3P~P7iyhxA++xutJ|e;z+~g
zZr-5t{@}K5=&vS*_Sdg2zQrIp#n>vCr<Y$S!bmq)kUv982T4Sut4fNwexGIX9_fuk
zFG@5x<Ip_J07C_rF$mwy411@xxD|(rH-qvJj}Urw4)Lt@&b3WL;wlxryuR&^3d=ak
z@_+b>`#^9J-ZBn*QA>``;zaKuKxhemKU}pLk9;|7i!-CtI3!vF=A)?5!9a^M5jb68
zsLGl3du8pgc8pkGvHa3VeQF}zX7dZf8+GeF#WymcJ4oW_57M#Au(3b4ehBd;j3j11
ze~@`|Iht9!x4ielZa{p(cxcxuuV4I%uUo~`71RGaHU7XDIRM`sqTZ18c*>vicdWkE
z39_sHZBMb2<Ahx#Ts^9S_om*G0IXWI_o|lb_lWy}o=|u0zUsQcyg)MYEMgw2*YA&g
zMaq}mf&Ec-l`kOPh{2GB9bKJLLS(^a?33P8BIEtg%uQT9Bu9X|8><tW!H)tW14TgJ
z7agg`*Brk@I?Y$ft9{6YK-oWyebc0kPbtO#CSz=vRpxPjbOBM6FQgx(^tlh9&QA(L
zGi5>`l~G8<QcFotZkbFhxFfMKkg_-1vg}l8oxhrnRk|P8m0@bP$0(|ZtaocDy)5^#
z>EBjF;K8u1T*G)^wchKt5AUDyO>jD74VuZ?@=?brrlDv+TPT4f%)T1qmJunNe6qtv
zo})Ls7^m22l4)@_N35`!!^hRV`~k+DM|nuq`a3Z5FRDdU5oE7tSFjdYcJ`$+H)4f(
zO4L($aNS)$x=J2E9yo08>U0sh@rVU7(0mM%xwC$T(k@w?rm%Q(I&YO^*4kI&l8M^i
zP^W4c>l}V=VF0M5%=!sf|9&!|d0!bsc|3aR;gEEANIogD8vvs=3g_s1l-3?ILsp%e
z+KSE!n4qUZud(-v)#b7`b5{PAwKAl^M)fUa@%>1ARDmLb#;1naZtMUoJ^f1Yi*GM;
zos{ctZIj#)aezp{)ZZQBPY3jONTz~BshiB|LnJnmatCVWwuLp_VmI_xw27O&Iq_C1
zJAPkJ_}tP><5gbDz!E~%ik05N<4b+vGSN0T%)*PQ@(!vTj`$oS=l%pY;otQ?NfZH^
zOTMm2v4DR=t2SDOW{G&t{GfIvaqmA_8`=+Td`keKC}=dnc@VKq4c583qCOlwy;x^h
zdZYE>oa#&B!mN!xK#5Ehg)qc%f2&7t-eTs*>m!3@Xvb%rY?9xgZV+6HwXwqBD;{?e
zQa%b`RIC7umP(3i^&KO@X2yki`=(1|#Au)2bY`sj3*7xI#VNj@yhT;pV45EMQxtEP
zTfgTn?Fwm7mo2icXY;lrQT=$28b*sQNt~*7a-RpK2A@|<M6Q%hItr(3K{K)9OFu_)
z_JS*>yX`L&(AJrU9H(iIeZHMjft71L3}V}>9bhHor}mx|*f;*LY_~eIO9ccCMuUU>
zjLyeyWR>q1kL~Yd1)FecYB{A`78wb&``<PVpJVdMVZ$9uF}Yd`OBkK&oz3aJxxSYc
zSFx2wUL!nxCdU?j7l#w;odnXBvWr<O4G}^lrjA^i$hCg#3Bvh0RFDGnGK39QEv8Ym
zYUU*<(N)$o$D!|ygamrU<^*cpymaIcDPcBH-4v~*iiwa@6#@vxl)+l0{y%S<;^URC
zY-bg-V8JG)y%FL5w}Q2aSl5`mt60u2hPT8fk<-ynLEc>UTR<LC`7vq><%6cDY9;7y
z?rf$qfQY{}1_@c$uGJ~6`5XF2V@D=Yie}5Qss{Em*|L%!ky=pJb5USNos}O@=n1q}
zQLHSW2I#O}ezji?5C!ao&@jsjD}u^@KY_znWBW<~E+~&mxexJh({t|tanO2Vtit(_
z6FgRnMW|p$KUIGi>Wziz{lrB33WkGkPywVmDManU0A}H<yyPDacskZvPwKiK`*6D*
z5_FaO2b2}@T~#voE*$S|P0GTnjNvxOMg%#pNoT`nt0^{<GzRPkQ{Y*BYS*m~9l9iW
z=N8(U_xrQ1g~EYfvkV8gjKWK%`G9J14eNfZqw)UekqzDNkY_u7Rms{9XtvJT9C5<z
zr#krq)d{1BK}!I@2w~-=fyzm6Amj1UgsvH2pC-ze`7nE+o1-;cSK1<#j!motz7y!D
zCsww228msB*jZS+f1fn=B}+zfth|UDKvV?%k#q>eJ&`pt-gd?q%OiuGB0f^?594DS
z?6L<AVg%Fnr&27l@+7(s5{r?jes*0;vUbijJVg$D5yH(<Jga;6%knD&NSr<O@{z#x
zUGb4fqWkU47o={{jC`QACTc`S<rJ;f62p^@)k#AJih1yCu?PulMmej+UGt|h`Z0ny
z`}U_tMs!F*!|X8vJQO4C@^EkD{00sP^For<HWo!g=~=08@&NVyvDf+Qv%Z(h-hqVm
zS$(Ph<X$kL-&8BDdT=BoK~W7HUfhTcCqJe9Ste|1#y$Bh&bMVsD)<(j%Z&LLh6jI_
zF#!q5QD!@?wRH=dTN&^Fvv8^H>I>5!UMzpANO5ELUaD0jfH-I`Zazuyy2CG1TWs3Q
z-rq{JH75Wb19bE?92bPr+K@_`V|%};oz7iPA%6FP(1>##S#}!q04n#y#A%Eclq8T5
zVx_0p$>&LV*{d6G93o%GV2LqG#e4ykC{&H#U~%cFKjfn3HA07GtUf;r<xJ{-d{(?9
zW~a{qccDDQ0YJ7aJ6-^w!dU5vSn}hzl-+Y|wu%z>=*ZGW9!M{RwDy~Jna8Bk+PPXx
z_zEA4Cy^6$>i_yosg7`D5S3|@@}CgHs#CQFl~z1Bz97NaY%7@&@{r))2(H~lN1CpP
za1W0*Wz=(bd>{&vY<K9i<zw#?J^2IeB1JgOS3TbGRanpA*RYY8z$tFBw94DHgech=
zz%9}S2W1(zrMTJ~L79^QPksJ(3Ljn?{0&9oAU`9Op2m46N9Ly`OHl+~b+zOJYCnxZ
zt0(vgD?pRgvkD-A36MZ2hCMOD9#dOPO@FPQK0f}C7{`@-#{sJQsg9=kDFvaycTEf0
zIh57nVwdc@RvsISEY7V6{SA~*X<(%+?3(>!_ta+uiIs)E*-ci9;_@I0bhvcXVsQ#O
z8=^?M%7o?Nvfq&@Z-`wSF+1%8cSd<g5>hPCT+(Y`z)hi!*X-?pA|)1A`?{vcDJ%s~
z6T{hc0M{sjnsq`vdg#A=Yz^{@ZLYF6H{T{f{i6UyQ$%nj2QXTO`BR<5ZF{aYfXpQp
zCq@QW5ePTH(qK$=s{3%fqS#_0<bfjQLmq$WC{t6BFWY>U^QrojEc9S{8gwX6!z>|$
z`&|ffFtTp__8v%LW#+AE8B`9MlnO9EF~orrP-{E>IAr)7qf+g31-mbxdF;h^Y#-|<
z6bK;7;|6o!yq^H`6*-%yTRlj)$NP-O&%m04k^K?aJ+Bygp3i-Nhr_b!Glg_yvaG<M
z_vIx*Fmix?G%~g-0fg4JauaF;kzl{>tV2$SyuLb{??U=B$uEmoES_>dDvhQ|{z)Da
zXi`Oqs@uCh&zY_nl{tl)qQKL&*o;4C$1x>=I$~#EhnAgOhr6w@r(WL-jymUxX3!8c
zd{0=UNd+`$nWzN`{V-b$^Xd58CbwE=L3ipZn*<rNWJB3`mP48Vl0I$_2}uA2qo-Wv
z48dcEaGN~O|4lH|CaN0GC(#0lCc}pH{3MyRWm&vCq`5j%!Lpz0+UY!_?(pe*3R}v(
zbx}A22q<r$6LHuv#8%{ZMnq$)yUDA*h+Y<`0VGK<?l3Y54y*E<k~1!Lo4M1`Z07eH
zGzC~dUsV+L)osm@KM@HuZm<M>1N4P%BFCPBny_}m_IY<Up!<{LXX!CT<Av*C)X65u
z%&wP^e+=?JWGLZJ=`<S`fmuQkmC8Pv8e1(hgA5#ymvJAkdAf71?T-h~^9<iSH-M}Z
zG#sdRXtck0m8DiE80v6hnB{LP8<R7{3VzgAgPbzxmxD`EDCUl##Ba(9B35GbX|!fx
z!G+9Y!2sGAZ|#9`s{`(EIx>ZaqsI>vQPK2miQL028JDi*W@Cu&Sa<2NP`T&kYw)<i
z8cG0;p2_GvC9r)Z=U2+ZKNFOgco-~YN6cY(kWzsHNFk79ZFS>aoXQjkY7lO6X76U*
z*1o63Eg?xdbYj)d1sjVTyLSkUH8*>>{kZ=L<E}MDqc!;^u$v6AOjSlW0*Mzjniw3t
zm?{652};4azU4nL_|t;3A>)$kBC#|$;mr4s8_*YRgkS~|zpOGncsmbA19|{aPq*l8
z;X5J#ReIvR+uJ>qToBC51@d{N%^Q)~)FP4B!v9RG+R<tI_ja-4kz}41sv|hUghJHQ
zEc#kr0SjT98GV6&t`Y(}h#nHWc5S1TPe`SszEG$jWLXfuKu1HM?svqc)cvJ{klz@@
zZGA7lfKwtq@y_pzI_JEZ@dgtpSSKcJO!;pHn)437b#^F9BHe_|-mPqRC{~gSp+jcx
zE;EuJ4gPp0xFgDT-3O4$w=22B2_C}nHp+dt^$EupQ#S#x*rQ}gJ5M7FQMao!H5|>J
zPWt!-WLxQi0w-cwvL6H5zNgmWWcuAY?uEa){|PjIJ^2OFw_6urqfBbNtqKf)g3B9C
zjDe-mym`RVQgf2WRHt^+;Mr~eG4J|&?JT*n6Tn<uygx&U;wC`t>czgWaAyLM=A7mZ
zLOueX9dDG_eZX8!=Alp3nkCf&sou9em@EJODNN8jt3E&oP`!*(Q*-GJ@c7%g75lae
z*yYzhEV3zHH<jRzP-+Xc8}=b|LXm;Z(l`F|0sM-A^Gr;r_h_^-`aTpEQZYXB*6$pW
z^8Wp!Jx<|7M+0}`K1j7XYheCz1a#X)?S5g|L3z0Qa-^^QUN4wOO7z1}SrCvctUoDA
zayZt*%_M+KR0K;q1P-<Wj2s>vw%eo{;|8BS455A_SWRTnTXZDiEjrc8oH~P<CTUaR
zJa-sgswQ<4aLPcnFgFJLE$2)uaHQu4s-9-m3+<^4We|`nd8~rw(uxAr`_hUKMO)fQ
zt)$*gr!fc9hJDA2V|}rV*QkjR)K!tb8;_lG9_YhqZ6oQvaHPR#$pwZI-TCra-7R|M
zDV=YA?c9o{Qq?rf1x#Dm>#<+NYM;#R_uwPX4a`=CJm0)%p(Zr^mBO0}7-#J>>$zc?
zY_QXc2;AQvH*lYhaKmdqce^DSPdaKHtLs`VY6<AbA6yM_<=fr2+l<L>@@MZ}0s;%f
zW+LTlx2%sr>aeDAlu2&Zo19<!odcD=CMD+|VBeW<0(wdl1i0g?*}L7%o>Q3|h6VZ7
zzx2N3^FDi&Aw&YznMMA7@W)Vs_eI^YM+AB;2&{Z{he<2LdBTsxA*;**&3#86)KMQ9
zaz>2NhJT}CSGn+Ah=~9+?A0w~HtKz)(*!&H-6h^cNu5a04H)Q?iNULz1xrNHy5<DO
zS`GmO4wWCbMQ;2ic17Y~mc#2O8Y|(|xl{gZgJjW<`FTF$NzxL)vLaFJ+C*7V+tVS$
zM@M_rGzWh(w3~6g@3=hWgrLex3s}9ReuO13NAPu3r)B{%e@gXg7@!}AZToYRxX?(i
z>)L}4B}UEmU~ynNsR0<Y_q!@!P+FL~q&@~e<-zFbxp60u8Aoa%95;m0QJRttw(-b&
zL$4nKY;Xts&$ioUFjNR&_j~Tev5QEc8)MjE%DTgz>YE1-UG4#YH(+E9s#{S<qm}#A
zbNyG*6C8iJb+bQe;>V{Z;%tR@4DBz}w9{q+860GXNEBn8!!tt%=>6~KCvr<fsGv<B
z+VcPy%4G1#i8X5z48+Z!Ru-OqmQ@PjzXT91kzd?e5wD-BN*9&|p?vZL(~jQ$V*hs+
zAe@t~Ztr<xM)kK0wxjmGcdnr$PKYhrzHjpo12i30^x}UF*-bNoGL(X^Q;XI+OJ9lB
zRpaV9P|yjQEU0A>0qS+mMa9N{q3b}kur#nbwcxfaXKpcxIyB)U5?2nyOdz}USTOXs
zNu3!(w4pS;Dg<HVl!gF67Zw-i5cE@;uZTNhaFs%h_$8!}1iQ*1H#Fnc*et;J4v&?g
zGTlpRyJF8VRp72~umR@yF!3xavO%`w909KDo@0dk)n)Q%da)Kv2But8rUd)02!dRL
zt9y6tgX1fn#j#mR;+JvkeRT}PsAY61EoFmk)V!m!^4aj05H})ptqihD@$MH~>6%|a
zDG~4|r24~N-F9^=pA9n!kf-?z-CuBk)!~m~=Tx{SfCK##(Mh9|0>jkhhO{L|fTDSz
zn4$B;8PpsosJ}Jw_;~S+GOGye3n0fR-r=cnO6>7uwzIvipwYD5E$HVAV{n(c?tSGB
zAqZv+?F<si;`9@3>P~oT!?)vOipc;6()@fecqkOT_!5*ry+^N`dk4C<u+UYlcutv}
zls63G*Hcq9t(=2tMT!=*F|HbF&mMOQ{eh|>BTX{a#0U)VI0o*4Ifar#VDd5N{da3Z
zh*nSD7-;Iz`Ch>$jTx7TMYve3@IQrYMjS|4_Lsn*cc0J=-VA9`o4r0Euk?H;LUH|8
z6>vBQ<PMx0Y`_TH##C!->hh+!B^jK3aA`DN9J_p0YhYZqdx~haL~$di!cn0pkO>0C
zKqLlsIfJW8eb3B7jhUyW<sCztrf&gtoGLh=Ek@r(jf}?gt5YeZ6=~NXz>OR_$B!c(
zHQa#$_8OssTJNv-lE1o*?~VdNB4;qL&+6ATitp>0eTr9KS%<WtuVB{=v+HjBL7et%
zU>5AhHH3$dH7Djet^?ewsbsE6qQ>n(poSnBWS2pzJVGu}?-i|wUJ;*YnyIq>nu*O)
z0zvGcrI7D=aefp4(ldL?#PT$cffRo@dR|3=rWXyIaRMMZS2TrXpbEmWgLYrm)f|9r
z&je<%lB))r90UBRS<O$U$$)DU<Jc#FWip>DXsPNnp(RZW{zLB=Pq3kZjr<rIeCQzS
z(Wm4fp~XCR-$MS2HI}ze(g3o^7vPt3YI`S}D?G1Gr<+y=Q3uZfp;e(t_^bnz4n(~T
zm-dtC0wh$Ww@*!2kC?P!WT7aI%J{g3l)~BTWp4-FM0vQ7SM{TPb#w{QK>!SjT8lf9
zNH%wOAkgTSZqmLdlt%lgm@7EdZ~L=k772AU&58{e5uCa42Naj*KG$pnY7oVvqmbdn
zyeo^8_n!h<i^1e>Am!ngCFpq+QwmZlrEUIz$iWbS9wA8Rzg3`Si-@Pd##4o)z*0V$
z&@`e4e84<(pO8c8q<*eW*#WbUp^w?#2s#q4TFL=Q{J=omkB@mR`JaorGe}L$^!KIx
zuQ0so*$7g|^5?_rNG}6@yIt^+#J@G>?t1s>7B13*s*#Sa>ZRhW`wEas31m0$U+D0?
z-~!TdEJ<3ZPydc~;qQpIpWRgG*J3`0=)7xu&M=5O`)gPAD^ARljt=Vh4aDn^|2ArI
z%Z*Tw#IKpYZQ0;^aZ@vU=hyv$s;ry=2wECf>Y6`eUWEGT%(#pSyJ8!~cR;^D+pjZ$
zm!Jn6_rJhlQoJ*LVJ2|$S4-tbi+vo3W8lZb^$cL+%3U{^w<J=^8_x=>C=JOkjzS@p
zAKjjxf1idNLXG6iCf}F-?i66`CF*LF$l09G%T8ZlT$LYUJDyYklzY566^Ez@NB%6;
zO2nLtU@4ddEUtK7PjiM0tOxEGJC+loRC9IC2e61atM45tV9P^(Ybi4h$B%;gW_{~2
zBF^VQ<vbV~6TlY6xE(kd>o)DrJ~^AqWF{q?|6vJ8k!Wi^i~VVkP*SyT3;v7O7$JO+
zxpa#UKehdk%!p4U9vpd&Z3QX+0_QLzc52TcQTj$DRSipJ*ZBGA@r?=XNvC#;jO$MT
z@m?aqg3Q|T4xL@7VbBGR0tlTgd%zR(v-yvFC3*6JI}E6!Tl1^ASN9}*A@_~5BY?}W
zrc#3SupiR$u$kOTR)Z&IWInk~R|6V5o1iF^$_}mY{p(stxrDG5_c@hV^9xe`#l;hf
zSrV{|NZOX3dalBFZ<-U30BHaGrX<JulD}c=ox2-<YeH#DV9hBhD+gv1K&V0R$<D*}
z!Y1<FaV1Ehqa%I-{6rhVrGtj#vlAuqan{DARN4XjCl{1*CAb<h=Khquh$5WKf`_R$
z5BM*jSxxe$;wWT}(F@XfkLl|TNj{z#@Q?{<J^?*QX!HDIw+#U@Fs`AoWtDDne2ywj
zk=zIkNpr(!n<W(CY?hnA7;mkRMv&Dr8~`qdbyv$%IorR;cgR;@_)t(Dm|Fk{{83)N
z<geqL<QG*Z#2_IF+?G<Jw?ie%>+ZxSBoZ$~Cz5voNQ0!j1m9YJPA0{6!qkzuVuF(G
zPmH0#FYAM<9RH*NG0O>~f;Jc72mn)0MVE2~e%k_~x{K!p+jbg%Vi7LBMLUWnUA&=O
z0WBLw7h7qL;zM5W8a@R~O=R2n`)ApXGtprFryqUjdznzdr6oR(i#u_Q6Tg6fsGwFi
zCZNoafbOIn&M(%|z0gpJm1qtBdp(XT4gt7evFh<9uCgluVLA3QKs*g_Ju%d&eTb=(
z*Twci5S^;9Eq-G7v%TzPprNkg7KZX!IKguWVLVeH_XkH0jaKP>2guT+{qR&xt$?D-
zA}vLoh7!gT8i0Pq`7rXMkT~xqaRA^J<f3Yd+OarCq8y+OD3udxEcwaQDOZtbe!@H#
z?xcSMK+nRoy-5~Hs0ARFJA4+|7U_uX=X=vsOC%T<j5tVO$Ij<y9@J?UsUS&v`m7<&
z2}o}W+L7WLM-g$@HOr;(4Vf<LZ5E(Zdg#{-t%$BYC1T%ondtn=8mDdpVnB!ot0lZT
zVs1+HsZ_SRg$pd$s8;M{+!{Tof+sVYTNHaq?VE5m2LZOep29jc5YdhDh$PXr;~Oe<
z(59<~wbQ@OX2p5fcV9uvpBA2uW4aoExlVCu@WK@ULJEH^q?KXUH1c~M7QG13y<Nz6
zc}|xk*4y3OPWIS9^%GvmW+u@FzEfiZ$sf-upZ5*IhLo(lOKxW=Ur-ftO^By~!&=Gw
zBPG~}Q=9~@xI>xyMiBHTr-cC#^lXB!y_BS}p_KzDWWQU31cUjkvpcy1{0!zaVK`=m
z5{FWTy787`z8jzJ;g7a@fC*TN&Wk{_F-0rBi*0p5@dzrt13w`_aiC?KAE#xUz~G>A
zU~21S0whlKziK2vWc^Zd^>p5k4miWQU3j2?2})3$v4eexYo-$-_)AX43hMPO&Mp99
zEmFuSk)y&naJ~+@{aWjl9O8L{P_-by3@S!O?;3d|H6Foa)&ee^^n#Uh0iY!v`x*lc
zmFQ7F5;#kWu5wAJ!_eCtu#l9H1DRlRTo=3q`Ay-ptJ|QV>gXr10qB$V&!99u7K>Nj
zpPNobS7h-VTvt`z_YO{$IBXeil`p~XZfw@}v25;R`a@scKJ!EL4i9r7N0DeDnCa8*
zniixC>Qqb?FjI9&>o3AYcq;qqpr(Qz*_QQz9(Z{glV#ihn8T<}u5pI2hh$e3hd8K$
zOyUw^p42XYixs2qNYhH6GrA=t)MtK2&pST8t0OOFG2Np4*rc&S4Wx9B=YqH~HyI+e
z5IO+hp8Zf|4XUSSIq_)?c@y0iR=+Umo;XqE<Fx2Fylh!Ssj@;cd+E9&&;dty)K91X
zDnciP$@uKV{bU710Klu<t-G)Z{EDLYOMsFvfD;|s2`zN+dGyVV_+;}cN0lThd~4YB
znIUD45AK5cFxUcCZtyuMrZvJ2QlSI{)MW-TT9?d$%&hr!8Go)E$rCyNFWeoGt0Dlf
z#!%Pggx(O6TAUH^v&stzmYOl#N4g8#LrVDzAX9*<rs#){h0N+Ub$d4TF+4V>Mzs~j
zqOROLyKJWZAvv41*B%jFv2T@)HU7Xc0J_Q2;Fw(PFJd;YhBL{S2u`*Oys4O&B;1O*
zJ2sv(2!8$bczW)22_?|9u(V`#Y#xN512&aWWo^kiWY$_1uLjOVX(h56LWm6xJ}Z?S
zvHPyi#DbQ=!`;zy*!v!Zl1+QOMZ5|uW<zKYAl33Jf+rw!h8MzLS#DB6kk5k$kUZnT
zm?|c43ucBdadmrCslYk2+|6D^31QRrw8XPW*$8J<CA1csc5&NdUDx^<jlSE@-MVVV
zS$EeDcyo${v?w&}MrV!}D5|u-fbLq+VI@CBDgHuM_jN)yNk(9JHBbp@Wqe1Foja3A
zjqDIyNyV|Bp4HVW#Mjze4xv{A=xM^Nq0Ks&z?)$wvScl-9%^GzMuTWjjDW>^z%PM<
zJpy*7-2bVY1X@N{Y27#iUc@UTDEWx21Fi-}%)~9_etplYS=v!l#31<On!qe0H-?p;
zM*i~o)kZ}yX2UFfRu%O=8nhC+RdJN`%rKkzEBa*|;YlQzm)VAnxBT;~sXXX}_1p(_
zK-Ou)(L+b7u6_3(;cA*4*ZiApE=qtcZ0LmpK%p?gc9d$hr<LBnd<CC2?8(~9;<`pI
z3G@S*$;jOsNKK_;-ZFDvMQUQGA135)*9XLV7e2KQEwj_ggg5^8t{cYK$nPr&T6+W9
zWLWEQV9eA#PW@5mvDwa<vJ0};%k-;5!~NBB_7vp9r98{C!h_m>LwTn&{&inB$DB%h
zclfO<_1@A@o}Ui^5T%HUusu@Xd5YtVlD09m57e6{-`t@P?1U4Tjl^5pREwRs`Uq8!
z=p22X8lO!WIcT_)uO;4l0SR_<wL5=P9XwQpD)h=`hH~|;v6|0m-)hYg(1#78a^tM3
zQW;#?*rSydGV{Ous>{D=4?fH5KO~Bo8!7s@Q)ga1w^)=hwy`CkCiQOEM)JVi)cxv2
zit7IFu5j~qWTMDho>c|m)veuhz{YbQ%w}9kjkv%q<hECpZ=|D!++uvy4p(K>{qLiy
zjzv~~K|hZScjK3=)Ib(0jwrAE#?F7+@P+keX^@>Qa4eoj?5lq%?Y`~)s3tbpU*@`*
z{r>c?dQb>@J*i2T3-h8#tG|#luS8+BEZTZD6Bi%0Yb%nO2u*T;w6@05PULO11e`_U
z@qu~&P}pbTfG^MneIc-)q9<Cd#C&5rcbNDO2401(%mHY~x@GsNsdDV2^FYzCJ}gn^
zk|XGGAfx&2%u~*95%*+jEHD%menU^W@(?p*!X0*^^O7mTbdnL6oOp`4uDH$t#nRhi
z$=&0nPZoVbKwe-19BHog;!hCvhkJi?c^b+Pk7H2yvQ=)A7%p?Vlz&Nx1ydZAHHO)B
zk%Xm^GBXKYUSpbmg>$>3s%z<9-Sro0_pMs$$<8Occqjj>R{&zX8AhmL|9Pft;>ybY
z<!`XGw$W5hDo1-Diu;b_!BjWwq6e|B8yb&~^>&D1PvT>S<x&&2f9r1BhvY{Yi!250
zWc90}m4f70BQ{x=B}|pPR7A`y>lFp#^KEbBJaG?5QMX^pg1h-(8#({jOD{GpG)<~x
zGHW838@lAD;}v{qEQcN^Z~V-*q&D<Kkz2~j7jvd(2FPIt%$lyD!x@O!SLh};r??SL
zrVim(M4oXPb7%$&wqh52!2KV>y?^9P>WFVZxtk#rK|M5*2fvtq=PoK46UvlUTdX^I
zn_dY3kuShAEDc>JfV_YVr4bNG-#GMMl<^ODBGZ{u(8;Pf1?RXAaCOq~%q~l_@x^qY
z4mppxKj`AR2kaKhgBxajs$#4{v|z7C8B0N0Vk@?#3LRh$Os$m_BKJ)5`{1KJbTt?M
zoCsGiKyG(M`n-Xa{(d7IFQ^=`s(YFmCli1{eb85O?^zVkco8}eo&E)0L|){H1}!+)
zRQfTh+0tUGChpJo!!Hwz&lXuRcL+1xF#WxIlNxDD_$e(PB?4bI>rtNh9kzZz_0#-=
zbZJy~okWbZ5)f}OD!YW|66RQ#ZDfCgWVUuU0LZTLmat|0=di);pP`^m>8Lt1(2x@E
zBV9TLSTC%Mkt6IR<bY`YMBQ{FFL+aE0ls;>F4D(6o!xCsylz)PgEVrA^wKa`G1z7-
zajt1NXY}EX=}7G(c=_7^r%Pz^m{?CwoVszLXPoR8S28-yno7Dmf_o4h_6SlDZ3D8W
zD(r(l>xcUEf8N11LN5)eOIx`@aHKpI*>)<a79O55>E(s59;$^qcSYRF`lC$f!&-i1
zLKFSHxKlyP5XUFNULi5&csIXYzffC0^<0{CC2aq|A6@Z-$}aSoWtNLrzw=gquQF40
zZ(YVXcfa)Sr4STbuW@zC5Sdb|y<K_|zhHrAAxR5*;r#&VNxdkJFhRsalSdD8OhKIx
zwq*`6{B2xE?H_bYcFUKY@rsyWpDa18it)X~gNnsd=9J^ZZ1?F<^#iTM!*9de9sjk_
zT=_2CK4&!|=~#_eWlAiMG9;Ma@Nx)VFKTD0nx^S--3JljR)(Lw#hAxf2ChRdw<@zW
z1RMBs*Y`>;w@@O~C`&kupq|%{Op#4?|5Aqj-V+)7=WWh6k#e=YZ>PG|CeXRtA7i{b
z<*LP$bil<O=aQkzUj{Gtju(+Ggb>LKRoQ55>Zf4)`ZHqAnzS+SLdzcSZ*NJTQb^(3
z*Q`|ju_`vCkLZy`b;0wMpMl{*MW4#P>6R8clz_&d=?IN?v_G4<Ae7di<n7%0?!JWk
zU0rpi`xN%{h_S49g2kwjLX)%EaRhT@haetS-Cn#W5#ss$c}L%{fVlz1>xENT0$1DY
zxlztCs0S~s7e=g=UWN2sU~$G4wbvXig0g|?Zn0Cn$|nDib!Yg~5tVFT$INio{x9XA
zz*3x-JEeK|42b?+eR1pswy2qbORrbY8>?%szEaDuvP#i~;TC3O1bvAK>TQ_ygoe6Z
zD@2`s*jPpup2ecbqBU~dyrm9`^su<G0}Z_&Ht<B<^(z4af65@<&9=`k`nDhsYG^%b
zepc5m(lAmi@<Y$hGL6q)=!+r)cZ-@OKE_g5FCK;z4}py7hCa>8+FRPMku+xd*6lF7
zdgPx0xqa%DHjDk1{V!lf*F@G;dXb)=$#VZ5Y=3?_cJN`Q-Z{E2XcUnCcXxfBRvna=
z>f(!AkU=TQ7N$;Aqu~%ZVYI9vkvm6^3PNA6uno-FL9WiP;QL+a-7_)JHOk!$Pxy8p
zY5K3p_RyfCZN|g9r?7au^<FVvwB72r!vVAEhpWE=4E{a)o|*MBn*YQGCn~eKTSncZ
zg}KRpd7p`h4v^Q4<X#bew}>{2Q7!rYdzXW3WANd38mGtM0(8S_JP^lLZ=|r%A;NLW
z-PlX~0&~>y*4yNsOZa0ylW8#b@y$VZv2Vl=F_J<oCUA@?oH|koL_*v5Bz@yNW4J0c
z(7K=}<#X6><Rx)J9&{GYJt;6;Ad$Q~V)Yl>K{#mI`j3ij{IS*XX2LoSuZ_!6^dM&X
zM!Dapmv6r{@@M4ahU3-19?x)<EXTq~Ni+oW-;Dk&-=^NKJ}s|5PS0TD<q^<)nYI-O
zk=*NTMji89c-*5`i8{7A!x9b}w*IT?kSQ9xn&{+3B{7<t7aX}Q^fsXGXAfes-hKQv
zUbGC?xe!ZOixRJj-4mu!BFOd~jw3Db?_#`k&a~>~rKqJEE&m$bb*s!y16{T!sM(k}
z&`#pjk%i$mPdn|@aI}G@!<Masoyyj@+<t^R0@p|TJ)fXQS*bvchFUQDtFNmj3AQnX
zt&DG<_R|^34DhjB;SUf=ya+ZVz278zb}OS7<i39`q}tT&|Lqa=dXiS*ir4y+mgWX0
zSydENQ~RNiygJ@l;<~+TI9`@Ly6|&uefRMwF>;1K+p4;4cQW`R_a+g>H$T6vFezF&
zE)<R#ZuZ;TGkg#-2QmXO>Bg&Ni!@_gaVR47Ez4NY?%HoA?r!f#f#4hTfBV-b=hZuQ
zS;Sk9!K8AY@SNkIJ;Z<hXRHy6cY?tqBhw?T;YIi6r>|mKn&VcweQbYURZ5aM2_-4o
zhf2jnSfdIp{Tw2lHf-u`Ql+J_VvWd}m*}`9*D5v0Y?m=dTzQ!lk%?)WF@LrpOW`H<
zfcLR8E?k*2o(gg&(#&(bQ*aG0y(4IF3WzS7GTxYS#5t_bXt8Cy<fMP&DVqJy=DfLk
z@R{p&>IZS>(@6pJFuYw^9(qt869|784Z4kUPhhb;#6;-$G=cc<9`3zx7MF0ow+3e{
z>w=q`z7zUL(0$qs&kFKnm$>nua9RTH2U-kgoQSSH?M2St#+Vv4&~*p(B3Z8lurn_r
znDtDia>)xh!<HwCNE@lqBGBbtu<k&ch}L<wQ2ki9On#syDqdx|brrXm4qN}eG&TBQ
zJJ%;s!0MHzI4A$xi+EogbIQd?w(pzbZncPaLu%2Bybt?IxI{U&m^=qNhGls?7a>xm
zxKvvg@dNrDlZ8UaHe+fZuA-F_NIJC3n-k=pcDQ|yUgVjrU3U*%QA<dA(fHnyV$c#<
ze|$p5z2;U2?SQlz45RST<^<}ua)n-5`bI6(pHup8QTyx-<uOkPc>L^=s(02K^zXXm
z{%~O0<1LX|aGx{a-}QbhDIE3YIN=GuojUkmVWrpk`!(rRlfjTcsu&kc3&y6p&4N7R
z>83g&FB&9+BFFIAM0H#kk!emLi}hswOKJ1^#<4;LTK{zl$Y{}k@NKVOm8t$WU#~>O
zrI&R_{MJU@8=<L>Z>S!~z0Q!U+QojuAF0BjY&%tLR==y4&W#N6R-%lB`{ODQE+}1H
zKfTlQ8Co2A)Jfj^x6{KNoLkg=^SXX_E3-><*t6P?e*NaR98MUX3bJ+gg+zxaST7dq
z36qzu$2CL8<=%;;^R~#tBdo<vCuDTwX*dD?Z}TEgMChM`4Ts@qd-th}PxA3j$k^`Q
zKUbdtQ~nxTXLj7c)AI(g?#s}F-73AF>1^lCJ)DeJ_#|Aa?ptN1N&o(~!CseY(Bvta
zArmi7*kYfeC!@=ma3DJ`fu+sEuk!W6%;tMBkhpDaro7>}n$=%rn<K}`M{-Mzm{x8m
zm`40Rnw!?u$MmU7^b}gzF{y`HzA^u!+RW?yGn%%0XY-AB?eQ*d&4)PY#(B#5s*IWw
zzY=5biN$Z27hlDPf`jiiJ;d(EI85K=Z)#`!ybey80mKYlAFrt<md+tvw|WB}eZI+o
znSqPtYYV~Ku&9lYJGwo|<2^XSt#Q$X2zZkWHp7|M?&l--M11Y%=hXCTGQ6LrBsTfi
z20xh&B~hLDEZJD}$Bfm(57zRZ{$-xep-4+vuLZF0zRtFjDARXShdd1Ka#J9WSAEj5
zvoMz}c$cgq$zveTbFtBC@-qNs?4v>{Z8~DJ#<vV|;iugd=6H9XM_m1Yz_d1>F#7I4
zZfA}VtLj^UtkN!F$(F~SJT2i%QRO4_@zsKT(YgMAGY;rsT;gwsIbS>8Pb6r3cIwy|
z(Nv@2np_qC67Jpci&D`CedQ&yFKm;#Wc<!}c6q-hSQoP39Srdof3T4`*luv6t&$|m
zc$y4{aK8lC@bn=jX<>du{>#LFz9@0aaVhjb@}_xy`B9Ga{-65IXyod^!tAWM=^Lva
z&yGuW({+z0Y|(QUR*R|74)|Nz*Udo*oNK|b&`Xf}`zj`3Uu@K7;bBt(i_s2e9MMy>
z*5Me;^#)y;cGhLlEkA)O%&N_=riOd1K>fiTV}<#`+At1D2AS^1xFrIPBA;YG1xAyf
zhhBUQ-3{L7@!ZbNXusPz?|Gd*>T34Lo$;nS(swRg_~gf1*E55iA9`Y2bFG*166RyL
z@Q^oa&V<>{?l5%J3Om{%)AKuJ_)3n5Ti9{HUZ9>$@bHR@$3pAR5_rVgPGjB;hv$eY
z{Y^T)bcYNX;pW)DV>&YkGZ9HLihWktm(JyOQdg7jc(*K)s5-E{WWhJ($>-^Kyvt^+
zrrNm0>t%D-b?3i;t}loQ-}D~J$%f`y|J_YA+pXMLOyupyki5E2^Q2tE40ld1Ze~rA
z&$GFv$Ia{h<&FXS#zI8%b+-R66lZ>yx=tWJRhHk`3*-~eL=oBZ`O)ZgUu~R()vp}>
zb=#<rF08Me(b=mPTuh@`zHsq&D&MH-Q&K&zY`VF9w*czlR;QO!q^1FT^Q+84C-b`9
zzp;nj{kV-2mN)%f=P#ebSRF)<og7&uGTY@Z^mGbeD_HQ4o$E3_pMHxWusO2)RNP%?
zt~Hbh3}~>}!^pR(UxCpO-|8OWNgKTf+MtfZieUAsb#Xz_-%pmuqJ0N#e`Fr3jMXIm
zc9I$<#c(XRCHNCWGJM0+LhFNmARr^KW@;D&z5Ph`S2Du9#Tz98(;GshFu=;tM0jno
zMK_qlp}+F?a_^$^x=kYf--RDJf=_qQg{b_Q$-$4#t1n$HfvIu9Wl0Bbpw;5OFDm`L
zyZ7g@sk>vol?zY?{bG1!QS+BcD1IEBqFF4sfHhu&DB3<951%n-mAdGAzp8;2x2j=o
zf1Syn^LIKtoKZ5!&O&4ptg$z-j8X_`pYibGLhW+ZQ4;k~au(V#t=bSxF%)#nzYp}M
z>b&*Ze!zT*$f-QpvaR?^>yCxXeX4<5O)pI&Cw}Sw?*g=#p>OCk1~1{h+-f$xr)Y)C
zRXqg|$U!%teJBQ3((eQRUCph;q=~iP%zSPBvMceMm|An8i@b19*LBJ}_y&VCEG};3
z%?`0MJpHMO1k_~jWO;7?ZA;+ug^Q%06qp*`{PcmRE|wEFtK--uCxw)98{Y0*bo!HY
z)ivkHt9CB}_oFj^UeimdNw%-rvr27OE~UFxBw>YF;oo$B<d>OP=xgw*znTe(Dj{tG
z=YMA-U_NE(x5VHgl^O8Qpn3_0)?xK-(vz7ha+H|sQOIc%psSeoZ#EpR$tq0}tumlW
zEBL)(%p@K%{c<<g;=~?u)u%n2-ftPYvq_Sv!_HD(<@-~t@kk6xf4%%RqAk)8KKO}V
zetrBcIBSfk_R2+ER%^#0+_$f(Qq*<MDTS13GceD!ZaXNsVBSsq!R1NuZioX<P*CtV
z+5;xtd6>=)`Z*7V2ntry5M;o{U4llB@*c^CV!JOvG!;Km41;gp`3>05!z)<Q*LDg^
zO1`c=JUUSZo_!Xg)b&2R{H8rU5ujm#jJ;De#WR32;rmd`7E;!_K*VA2^Ea6a7DdXa
z=eo|4-FzK6sNnSkFiB+4Vi8_8Ly;$UbWl{GK`t?exrX2&Oo5tTgq72ACZCS_X-yTe
zw1p;WO5^{oGJtSj7JIb68<S8>I_LPA$`#><B_~&4J7}+U?#5*_RpZ2tyBbJpXF=K=
z&?Eatlv!0BY5p$kQ&zUb{{Z$t3BSUkYi@YW{U3eeaUTBkZ7f)LmdpOi#f!g+(mPqp
ztv~!JnWZIfYwvArY~B<nP;&ko1ukR&<O8n_-?g#1h#Bo@;F<4!fyci49U6Z3o3}l#
zsJfb)@B1-Lr)RU{{wSB;>0!~z9v-{r6YRbJm&n(t<?r%(C|$mua|6lr)<-EScaoA6
zrSHTMqM-<o5ZbwO7ve~%q5V`0)#)H7&tjx$4?T@d=pH|sJDqq$Vp=M?L&L33(s}eS
zGZUbw8ct^-AkZ*CcL;Qs7b9k21-nQ}O}HCk5rep;ky22CrYFt{ZHEpq(y)j8A`8{!
zprbK{BfW;4ISVhi2=@Q_K_315oy^Lq=jPA2NvUwr_Utr||JbBx{a<kP=l>B^e<{>R
zS|)oR_!W=c^EcG3?BlXedf4$ml+(=>+;ZQKDV#t5E%#eW2u@DXb>cY9J6~X^tr^RB
zdkUM4%|(O`<j=_b3l;!{gbP4_qfs_C7bCHVf!7@))#~QRZ+^=3*!bHXJA3(ZZvD}J
zapHI$JAW2t!yP`>UOB>3U;ZpF{NyJXuT#suYV`)Rv`Wq#h!dYuD653g=3SgUa`eJA
z#Wgi#&tF4lI|Ks;xup)gG*G|!VUn^k@#mB?IhGLcC>nW%)AXL&n;0xDqSI5vBa%o&
z!88?OQHX~lObia85k_}{KoF0D;z-4t_L8Z-{;5Yu(od69>?AO5(9<EwtyxFWf<*5B
zzK0%Q>$gA0{EBwgT<^u@ba3kNX&(H3oZQtP<(BV!57*1m_l$Uy7k>O>p82QGu=c7E
z*5Bb{=g-2NJYK-9|Leb)wd}2n1hpMJ#G_yS0uSDKB|E=!9S48(5q@*$`*`9@cQD$0
z=50SO8=H#&orJ7^jRIh&0NU8R3Qt-AxpP-iPzc7rKAzb0C4ysPZ+rZlwd=U<TR-C9
z&KwThA7ahzelELllo!AMWuE)N4~Pb*UvYiGym_QoE}*9y`p(8FTi`?lnrM3A`3u*$
z{T^}_tRQN7nH-AZN_LQzZZLFmH>N2lTD*?wAUL!L!JtZ3t|ZWPoWb_9ScXX?Fo_~0
zmQ*oKfu<%}0+09ip$P+_fF%WykVJK*<8UW>gY~zzGEl#hoLmFl>tL)uO2l%LQ@tFw
z&&AQrPqFidUuAB^0CSgnQFM)lJwYD(FG2CfPjT~i?!%Y<QkYRRG|h8A_&2tH|0`^`
zX_Pg$`#Erbh(o)wx&E8~&YU%C-*j&$`+Irhi}&#8-5(~}^g{}L`|uduMEVCfySs}W
z|M5%uPoH?(&&tN;B0vWUc^w5HA5h<;McLT=QIcL<Oxfxin2JJqg+aLa=luNk53~1y
z2N>@kcw2MSU3)#(eEoZDe>#P|zYMba<4Iig(Q)?vuW$3zckUw`c&Ukys;OjEE+J~9
z)7=_Hak`j2$DnKXZ)kYor69uGxeIXTET*sB#F7eW*(%QHF-|=FI2q+t7>W<fIB`P(
zMZ>QR(Xj0~Ow&SfIB|Id0*PsW$D^P*U4$nla3}^+Dv8Vh3A!iwLY2TnkNpN8r%1`x
ziADu|?I!-Bm6X)2pr_#kJAU+CiZahqw$P2{)EMiXX3K9CW?yqRAN=}1<Il*ru>SDW
zB%8nWefIw7+g$n4aaP~qXYVh9Y~P&1`|tf8i>|%yP4~3><WYWp$H(Y+{zqK>fp)6v
zBJ_5^xv4Ue>TYG_r|#eb-})v6^B2E^r)^{NXOBk00wB(R1Bt+Zy!UEFHa35(Xu8h)
z_gzc-f!#FM|BCfD#OQ2)o`XL=&fy0ONiVOZc+pBq7S&O-V8I*AB3O3IhX_wj@xs4+
z370p(%D?cV>r*`Q^M558nB>|oe-VF1BGSHU&84(&oyTzRE|RiMDi?bgI@ik1pZ<)3
zd2>j~$)ljEg6!(`^l#ruaU_cBa*~=nLC4O=C|<Y>U(tF7d!NFUCJ0Pxl#~bQ*!K*}
zZuuCRrV&>pkqB6pK&X<)^dy8$oNg1-R8UCx)s2{iln|Z{(!GBxmH81A-9s!CWn>7d
zZoQW5@?w5@*Y`;>_ffUfiRN-3<6-t}HOX1|ajyIFmtIl0XKHwe&HwyuTAukCANXW|
zx|{s$zdyu_Pb6{q7r)7}n{VaK`jPcEo#a<{-9@T6#EqLAjGa;0@|a4|x;we_LmwkK
zCl{w%!|nH>Xm(|D8=F^=M?&UDRe(*KHWdMX3;5n_l#R{Bh|A|AqkIm{M>=WSe}*L+
zV9|y!S?)e2&K{#}_kJ3-{EpMRb`cmE!=IUnC;63?>V!}zT(E$csj}@S2S|2>SoRl5
zq<8}C|MhYDI>#wpT!+i&$Cs8$SK}Eb+V<j4lBg~>`Gp2&4z@Ei;$Yr}wJ55_^kkUc
zV=t2AnZ(jOs3J;aDhkO9aVMuSc>H;aDm40g6>{@qbT(V$FTR?wjwY;;T?kD<T8SC}
zVSPT~Km>1mAG#w-+|-DNV@$*<sl4<inqGXK$rHbzpd?P*aub;dF&QtV_Lh5S+rN*q
zPk)_7D`F@fFCLdc)4>R1Vk5VF?*}Ajy_7;Y(SMG|zp{z0Z9nG&cZR6DC7Hty1ljyE
z53B$FOKkY$ov7LyhawHMweY~--9=JtA2)r|Ltwz-(I1)2yZKvO_IIBpXI3e0zYmAo
zgHY_4W*eK=!2%w>_uhNQ&MN@bz+V9F_jFk{Hh-ifWoD4SppJ7ragIFG01<=A1yHkI
zr*v_Mf|Ma9I~!?w@c_qvw}sKZAu>ygaVNc`2q>yXacwQ3Fzov8!=(7aEL`g+JtfSM
zr%uvwYJif(b$C-!@T6tZ@Zu4CN)M`A#o>06mp{#c-=4(MGbmlO2-WGP=VT+%!6s6&
zb;2Qm-#bB9yCiS^GDcc=l9N5f(13%~G>cdW#-{U;W(c3LAI$-=C^&QosWn8yankf7
z#A61gsUgf5BI7cOmtD!8pMIC(jC!Q%M9~C;9WgQ%-9}E$I(GlZeUxS$C%w>%q6sF?
zg*e$*&gxHng;`5pDh)i`)y*Sc_!7g1@8^cw464`qIr2=9r+?<5?zYc!#oc$~aCzSF
z8T7X{bN{D4i8{KATfXUmh{=C{ImYa(KgTs+x(8p1-5bEh=4}uMp1Jqld%M+{#sEuz
z>##ck+St4yNf{ZGEnS8)a{(>KLLA%GLr-fAha#w|)tGa+o5IRz8118B%OUEw?MBhv
z6js0F8qgdLO6nFeJP=_2Lr2L>i!!U$M|ygcmVGB_KHNoN?IH^1&S9u`jE;kQDW4r>
za@s+1x<+>T6x$y<f;+2>$`#8P>mQ@<=riOMS&UCON%ln;AB;gt4Z@7!jGV?44njdF
zD2a3ONQ8JKOjhz~q*RDT1ezw9w&r7m#>n(FGBqi2xKv~;hLX8~iE)d`Qx8&HJjUpR
z8?Q6W;E<D9SKUKjLnD#a|6tZ!gJ8^!#}TICut8Go?OghaJ5aU6Dg0b(E06r+KM-wy
zl&d}j<uyK<_6GUw&owHq`y|(X@gH&d-dKP)@7l$$KYuss_-<~!*G*cQ!hhcr#xv^!
z-0+RB<4?0|nAzC8O=7@{n>KAat!~=1Nd?ve8?mzhY;4{Xr`Jo-f@<;?E+eIUEhEEe
zH13<^*p4BlMoi``ax(u44|!!#rdqq%|L8$R2SzDhT8HLL=-0Z_MQPna&UH?3_^Eob
zvSJieddbX=({ZSghCS^RELg~#wQFeH+d`nTk;)o{&a)c%B^pWk7`q-jMOIY}d2?$y
zduSIP&LJFbA|Zo}j0hc_Uc9Lpm}B+$QWW~S1r^nTrh^0Yo#|zEl|dw;q6l!hEIK>9
z#3s8bEg9xquOK;9!7^iv1&io7cAPn7CkTfv4AY4j3M11u;4fRtndg2*Md3+sdJqDp
z1|sx~FJ#SKUm&wM(R#e=#0ehz!atx4J;lbGH1f*5w4V&}^n-%pOK<1;uY4JA>gx;e
z>9G;E{pWx1{CB@Wmgg8Zf5k&?k;eUBoMzNq#!cV*KDo1I|G}QWjm@6{CU5{as&3k}
zNe8Y1R$~_evaxwv_|wzKpHoH2lI7&pt^rpmjk`xV{7f&ZFsZ)W$Ly6VUUQWFj~t?_
zrI*<&FTv^Y0^sy`DXv?@*@hvScb_09&%l@NB|9HR&NOp$+ev1xx}15JUCHi;58yUC
zDXG$EJg!nvtDwjFIq+-`CCk^KyZnqbZy_yPp|3}ytRg~B%LIX-53gsG^z;y&?JDyY
zYDA{Pw4Rz~=^7WIV4`P0dX`H4u2FpMF{&2{ni~Z9MFNDv;T@ysMmu#YBAjl}NJ}@F
z8aMD)-paZ5bGQQ!lV22NY|@S26QT8#Ny@@cu;P}RQB;-IefxR*i=QUNc#+lbcj8TR
zGu$2I#V0M2Yd*pU|M^~$vvOXuztf|m9DMX)e)rvfrt`%ISiGc{tNy`DM!L#FUk-4l
zdk#1M>%TE;>08$cu(7du1r~4u*mGV1_#m*DSC$60v9WmzoL&zZMFo^EUrFAAr353%
z?0dM8;ZqY-E_G72-c4?Dl*5nL)73n{>`PW%Py*b3KgEj{(tNm!vj-a~ECbEsCL;#|
zy=OVL<v4S%xSpaVYuNeVE($USNX>Q7P_I(E9L&i!PVSq)m7a?gJVQpxD1(DeJYI#g
zv}um-n<6>IAipq9*GyO9xS`V1si5l$=XxZAeUea6q4#W%)C>#VsnORZnYU0dKB{tJ
z-zcjtjiabKeO(IKnIXbrHc?j{Bd4}fUDd+aqze!j(-FEy=CJIqK1+6K38%Jh<LP@p
zPp<nQOD=PvINb!t!t8u1j-%uQ-1yD!kX}%DVJ{_c_RtXyKJsgJ{^Vad^W3k<a-U%1
zttKmO^J7k$JoMEdEu9tIc;641f9a)v@aJt~^JhW}utnXpX_Eu^OJMGMydWE!_XIN*
zrET}`IQIAhjPwrRPD;m<?0-jdD2hT_ejc+|uEdvL$$_U^Y1`RD`CLKaIxmHp7P}v+
z=Ui8S%603|9SLunHzkFFnuRp(X=Avhh5Qmp*l>|otP&e;=it*vSa8kFB$w2(|B;<k
z%^AnULGvk<Wos>hLoFQG(ub6i;-V=WZk_J4f?0E*y>XJ^a|Xjh3jMusw$)-}7+fyF
z_^8B)gJHnvu!ZhW2?Yi1rzI0(lF+o^Y^%iWQCP7~<J2)hb`H3mCc~jxx?0DXoqv$z
zRD-S#7y0=y+8Yg$=KnQo{`#+}fBIRT+4NZ|@=vf}m4`sciHt@#x;;uP^(t=s_V>vy
zF9V?G)M<|X_6ZI>^kYsv_A`d-A0^k{$R+O!v-)FRa%$W(Zx8awH=+zhmvF;(@1y35
zjqm9BjP{+Q;rXX&dj1j2Sdf(bVieUjc-mZ)2%raeQb;L%z%#&__jXM-Ht!96rw;P#
z&-@)DO^2ymUVt-u0V(Ax$g5t->=jG#B)#+O*ruJkdGae?C7m7I{6!b3m2R3IpXTA8
zNM>F0X+C)GS8@AaQZjlP8u|5SK1q&a4|SKi7#MWoamE-t6Q)0M3Cr*L7Ck3UGO~LU
zm#m-Q@F5SH3LCDBvH77Gr|Mm7yjCTzSn%v)CQc^=CQJ-Nkea5Dl`ru5AvsNuktr}O
ziN_-lKqw>;LNGZl86A>LPr=ZDWNZW+4oFFd;51zJe!=Ll;K0FLQj^EI_Qpw$?A7rm
zX=JBN(b&0!^<R2`@!lSu{_367RJKwy*Tcw|PI6L=le@!=i#2@c-+oG7RRw4EAL7I_
zn;C1~g*DxXTOXsK7-lWgDXMiMJQ|}d5%xYB;rL!b=Av7<{O-SJ*7CP!_76=>b7ucR
zdQa{naCSeDp$3}w_mDYnDYyRMN94_4`i`Hgjm@74JAiA1lrjz2jcoz2xkwr5XyM7P
zeSx;EPf}6>zEqG-mAEzsXLdE2RV$gb{1QrPYf!Ye?<G5X^cW9+?$e~Po0~r4#^ZL<
zuy>j*Pby@uxSjWX`fl>7Dlc5$cIXI?-SY{`v+Aj+bJN-7AU8YCNN0%7iDk_Bz-Q^L
zKR`<0C(N2>@a%6L%&QeFUSaa!f0+!PQ%TE&u_5pz!Ms|9;&MpK6(pq#yiU+{68iu7
zuk&4wC163^fKU|1hb3eElAg2Bc-$g51?gE33@VsLoa=A3n4Z=-vQOpmt0VMwI53L8
zN^0pm4*ujG=9M;)Q{koatVVWbjE+-b&V`qA(|tcDyS#*F|K&b9_iV;150jP#8F_;I
z3K#ihI<6#(j`k?cJL0q)hp4lLnh$=IWw+cyT7Ld(_W9+QhDF!$6SN=N&rs7|qJt;V
zjnfb@2~I#~C(Pb>1J~dCZPH6B-qGj8#^%q6lfYUbr7QvV0lDw(dTeaoJBHdCY1;N%
z+IK!rbYL$@Zj<CxuymN1@)A>O@D<fiuy8fAS1cuGR{7hSx9#8|?*G)C%+5Z>>JKF9
z<B#<P*}K&s?B2kNkKW0O58Zg-`o^6*c=DdRSWtPIl4=i)Cv^%6<5-~(XU^3ia;_lK
ze~`L4dr=(@_HP%IR|?u%BrOdVvnmA(S1OcM3$n5WE*GGHv;;CPu?(=RM3uh_!e4+8
zpd_jWBlJXdKum~464rpT4U+o(lC!NAIk^@~*Qhj~5-eD%QjkB*i`z??RxiOBIYez`
zGp<w*EvI$LXUFJk3ez=t2{+#NQ_Q%@@4owW;@wYBUS;4*)$ye}$;elTN27F}jMCi-
zV-rr)w51d;S;f37uBKw;C2zXV183SfbKo$&^}CqvK7m7?BE=g(F(5Dn<I@VR+)J3X
z_DbelejQom_IbzVqNWd6C8U&fz*ZpjEe6=w{Mplfq@Iq0JLx;Th3Mce(vpK@W`j^+
zd>jUcaxpzM<Ww)Gc+oP-mn<SVJL^s7Y}&D%M?Uij=9ITFZ>1O2rC~)Qv>c1l-cdyE
zvJX@9{;Qe4eiZ<xw(Vf^mp@M3+%~didpUkcV^(Dxj~?P!Lm^##ITU5LvUFvXUC%3=
zJZw?3M5TI#plXpICr2Q3u%cju!8B$B{!DdU0k5sJD__zFkRTLLRnXj^I6=l?U_f&E
zh@|O=<n$?voC3jzKCaSy!er~yJ_?Jcx#ImHqHzx=>ouz87)<tu=$c&3RhxdwME@XL
zzWsR$QV&yErx7<CxRZ5UUW4}ILC!XV>8K{HVg-eDD=Dt2p`@lJp`E-AlS9L_A3jRg
z(E|*eJb)59Np@yGsp)_P!{=Zu;KP}-n*6%UDP6vf^2H0^-3P<Q=Ff{U;0ht7ybO30
zNPdqOWMlJ3LvK?nt-E*7b>MkoLp#Yx8>P4el9FI#1UlMbXruyfK`kXK)=;vjj^dhH
zoSxUOrFHm;$9VQ@f5*Jae##cQQJhYkju?~YLbNr(czhw*i>{$+?K&1*zMjVIyLj#!
zpJQ3g5nQPr_H5Uvsf&}BA7#fDoz4yinqr{qg3?OCsw)*rD+CCL2f>IWgueLy%<GX>
zLjGzl(7k|!j#kNzr!0EfB_1zKO)6w%$GGZ)7DK}h4(!mVTNXz~!ZdcTX60SqATT(|
z{{Q_s>T1tWILE`e0iBEt3t@&ivddsNP)X5>YnXHC)s!z?jNAYEaTn20gwEsjbR9cN
z=b=4>`s&F{ZKb3PGBRLt5_-B|bRq*s<{FBYUqQv{brj6C&HXkuFJl6@Nk}Pg1bz;@
zv#@6yn~Q+qu3nmVZl`_kHUb^H$jj_x_8iE}hlxq(JPn;~Dp6$-8FT9>S+a_fg$pT|
z_gWM4f!{pD_8)we;><QGm+DB(ji!S`L>TRj(bWNyv3X=xU(J#aeUyRr4(k8=Yphyv
zlCa_6z)ppQOCTCC*!(bfy$V;{q_FaRDo&3iKAAZ2OaA`_|Eo##3`kf6^kj$x;lLJ)
zXC5>Oh2X}&Qt|o}_HDPQU1H*OggMc=gjv^oo<RRF?N5D!)$0fFW_jpt*C{Brm>vtT
ze=Df@H?#VV+gY&jGKBK_3-4`gqO<-uoriZb(sTreSx@O~lae`*ngT;T(0UsBM@mR4
zT|?Qb%bBxwJsCxB9y4HLbCEIy+%BY)w*x-}yzlXXY;68$2~JGW_~MJ4*|meAh8Ico
zoMP@`sGOr96lgqc(RmyO&LyK|ETL%G3JPkLQ#ikxtdf^<-RqxymTlkv7D;k1H7mfA
z<|7zXQH6z5ix3!z)6)r2*Ag-pTu0mSv&4Fy<c3?P7#nl*?Bgck5ai|yF27zdce#QU
z6U3$@mi7A={I5n@iC6(=l0fK^hW(NkHd~AgNpv07y-y)4JIv0VrRc>s;#7hd9rv?z
z^*Di;kKT5{yc&z4jv(8&rBQL^$JzMzfA_k<eZyV7^qe|L&xr$cAKZ^Ie1zP*35plO
z+&KzZl9ndP>0>Z9T}|fv^;E1|&-@LSzT-4b8=H%aAaJ*kQho;bCUzqr8=JR8T9Sqx
zJ80VWB0UGT;^ipw>kMYC(8$eD=<2g*-fz&+2tlKmjPfNEFJDh~RSgC6=HX9Ip{KEl
zZU6owrdu9kcG)mFWePDo1g2Dkv`9*dV?-m2Pq^qC$m7Jp02LKeR4>xm_N;{f{`zw&
zrL}_i1jMHS<qciszyCd$$r#Xmpr=4bz2yJiXA(DH!<828tqQ%P)#Mjz6s8=eV!lCF
zkB5;#LESQg&J$tw9V%k=r~Zizcl`A$y7mReCg?fUz+m%9x)1MQwCx~nwVSeeP`O;A
zBwwL_)S~TxLE}-4AaxWiznrQK8<@9#9g6Y?+5{V$KW)OmKM5)2SAc&a(I42x#^!C(
zcJK(NwmeV!&gaoW$EcVeq+-3stV##r5tEh!ahi`=42*yyt%i(>r4%e&NAcpN<jk7I
z;m4ok<l_(Gj%}s5Yyw}p%Gj8bk$w%AS5jOW!RIw-X>@UDx5~(%N!5IXYyMK9bb%l?
zo-p|f^}V@&X(n6(jube1Lh{u87VRx2-V_I=v!S*&NK&fGk%JCEuySpThW$}aoSw(V
zFMOS4AG`s8c+8-;v59j{r|3Jro6(ki#3xRXodJ~#6)KlGaHp%Zor%%%Vw~1fUQAyd
z<!i5?dgDfBEnWQHY=Di;pDq#LTS7|tJ>YKOjhk@W*x0-wy^T$reExaP?D!qg{$rGu
zk1}_KLSdN;Bc?Fe8>721MsFvC4L81m6_l;Imh5@UP+iG%9NI_U;osr0c2iV5gznU6
zJMEyqSD|*fAiofve86P*oaAG7Ys_1t5F3>kk^gy<|63ugM1Y_pUC_A8;ursJ;`B&v
z_)CcqQ`xgskXHgLRz<1b6{od-J=cBX+f=Mr#<|wB^tYU*|I~hl8ut+DKZwT>p|BiE
z<~zv9a-b*{z1<O-_FHtcrQyu0qhkHlEVyDL`E%#Iw>NKN^QTJ;_;(?t{7>Kx>_$K~
z7ZFAz#87)1E`Ks<Ma93DIY+yDIq}@Hw7jsHK-Y27()*~G3&oW#beDtaNrUnJDBW!)
z<D;N>3(2Z}Ke;t)!I447;X{lxJx@_~169=lhR$i!9}tX<NTh^y?^jrJjY51{5D&@s
zT=<_yTA=#`x<~TjV-|b1SR|ziR23?#VbKzkJ=+}g1+QfN-+mUC*G12<eRS=Aj?mx%
zG-HsAOeiQ<@n^blC#e|G7~M?~+L~Z&q5yw!4HX-%q4uh)NiQsT*K4&T*j@q~8w}w8
z2r1<+fRA7|0<yV?=s2*2r@sErIQ=<X_PM($U%Kk|Hg|A*oKst#<Mg)8Otv4z?>a+%
z5#*KVINVOcF@<O-N_aHN$N)^oG<*e@l2p8uVAM&+q2s92J6U`A1fxR^p19v)=^BMw
z{$9nQLS*c{GyA_0(gIg1#0+@&f1B)h*5t<9G?uM4`R%V_w4GbTid%2S>x$B`=Mm)8
z3DQy^vq0cUcc436Xo^L6D$KbKgZ@4Un-wIN)lqrrH7wY81>V%Ocf79Qt{#TFx|kjw
zBtAU?#Bh3(@TBLFQCv<|S=sM@Gi+@B_%VS8gp~4e;CfzL8pOut&zAZp{x1*x?On)F
zgt_lq$m}ccrm%J?{;Vt%0kKG!XfQ-99L9`AFk(@pWz7`PQP5p(oIW4E^i)!Fa$Yw8
z&xplneBlKeU-%uvr*@L0H<3B|(~JNBAOJ~3K~$S(kd~z)br;c?23SZdOmxg36awk5
zAY>NMdaMT`J?NT6N}A3!A5|!xBZv$qPO)zm@F(SKfA&rT1mEc#a^__1%7m^)$&<gZ
z5E=-}<m?%hvIY6%7la|$Lvk8;(si(07^XlK2391(*s#Uuuuf3UBXj;bsy1A~ybT-B
zW*R5GU5vOvUsDTh`}WYee>;)k!}#6ZI5dNJ6rvG`%1nIuE2+8uCaN}EiOc`al?xl2
zKVc*@&44xo*Sy!Ov9b9>GTPO_bKm(A1N(nXRxX4rC$7Aeq!i4-vJ|FAMu-N+iHFC)
znn1Av=(>qzLNux(MJlQ*8-HFYdDV5~&95b^w3M{`yw`odwu6VLf9kgk)NjR0Bl!g(
z{ON*l+(jUup$G+^Cx$}{BNdpM_EEo2FnBJ`4IkB5f1N@+4Drw#`~Bri8lb8rzRs)k
z(o9qXw9J_r0dFA4&kKD;0ZjvO-YF;(W6#fVzI5>Gy}#}O-3{9}TRi%6lhibY<(CR_
z@*)Vsn7Lmkv51MwY2Z*Igaa@#o=R9<Ku+zYEdIbv<j<{on@=)<X-Xys2N~_|re)_2
zT3^_VnA%I}e3-icoC=)lhSA}K0uY*nj*~Erm-lb_4r^||>%9-Cu(A2WA%UlblyWC_
zCqSEvkj`TVc>cRz!|2;e$t;N?K+crFRTc0igD(Z#UT}L7o$(}su%R#+kc{<7hC3xg
zLlBJRkWqCRbFR3GvL!3XE-QK6_v~#v&7sF1qxawzJl1InibqJvfT^I);5nUmR3*DW
zl9pkyZyRW;;MPwmWECicMqc0Ve?B)~bAjd%U`gU}FwBHZb10zb0D@RVV#Z#p2uKSw
z9W=K<Q6$oUXnf{muYgkrG%({34<{6XH(HA)LonED@xZ^ENCfMz7L1Mx`Z@q%l93T7
zH7QOc0)xY|h`Hubyy^z#Uw$QSzniJy5#pf$mKnt|OhBUQ4us-B(KJ-uiDj9X@fcP-
zN@#qX!848Y)YmiAv=f&+%k0I1OEzebq|tULOygdKNu!+P!g73RX~@_h0}bu8935rl
zUw)LEzW)P+V#h(-TvY55Qp%&iqW5|wHa71C{jF!%{vZFs=&2oKrgf8B7$ZA3(M=DH
zL}ZMaI7LeX(7}<e;>p%Y@~J3NAv7GP`FNa$?Iu0_3fa|HGxv%Ql3%@;r0gtwX=&(=
zS32!OlL3xA`6Op{Jb@Z$rg&B_xy2?^6DsWul8zRO;51xugTk6C72?r^;C;2wl@@3Y
zaCii9Lo#>{`p-&61|_j*!V=(5hRj?+c8MT8Epac=86gfYR~}$;3WmESgME_m5ipE|
zVvv?5$SHyBVu9B!h=(Qd2(PgQNDCZp(44U2X^U-}ExdlnFH$I)ZIPTBWo*bpUvB}X
zznY?@*HW^u7NJBKX=|eQ*dC_NwPQp_Fd`EOD~f3egyuu2KBV;G@FZgzG2)R)FeZ@U
zbEwKRDH$-UR%PL0jfhXB<4}l$n_*yLHYKYrXVJAEq-4o5Jbo_|gQN5u-^)~Q3q^~T
zQMk}P1KC`391~K?gMi%_+vcLhjK?^$e=iMNo@KQC2t<aEMie7zqPZQY4i#j=%p4C!
zQH&s7_XN55F-qn_=3EzP#ZCwb+V%uF^kSUh5ztc?kWsOWtg33#3d`^$XW;O9QFRBP
zpgCMvQlVw{UK*bJ4Y8r!%&nfJxJ>8yCne!&$wxk|Qdq7K9+9t%(wS-Aqq`C&_r4xD
zvCE|8RO0mS@d?~Bwfmz{h(#p+WWl^T!Mx=PelJ8O6DNF^58^^_rrx4{ugS=uKzB-<
zPJvJ%9)rMyL`p%)Y*@5TrL+Qs0ny;=xD_P0GX&jj77zT;#Oa31uM-URo3x$DMonK!
ze$5J!(>+WNb}@S95Yv4-amWB(HzcJb6dEZ6x+7tcap(!9A{dpJ@x)f>Ztx}v($WQ)
znHr9Cm9em-_i&h_TcE4Ih=L{SSbO^&%wD<r5BQ0)vH6qWkdRUy2WsBymDt$)F%S*}
z8R_aGI5vV2i{MU5Lvy-7T1d+xI5Em-cMtt7rx<HLNuaNpRQCW?iwr83J4x|78SaO`
zc!bfOIDH+G=?EB>hN34U9BDYbDHsMQx}W6SV%$l|ObzvOdiOrY`})bs*NGVli<SsB
z-mKuz1(Coj&Hqw@)0Jpf+<M$%_p_3y3A1aUYOX?71~}aUp+G1i=<c#;JSaKSU{X-3
zaP`d!894&Wf=~#yZ#Fq~M3Pq`n7>@1tXz<sln}Jhh-7RO+RjSO9G64_lEteOYE~<_
z^n?<?%eoCp3tUNpXiW0_uPu%rHgM<$)6pCXs_V!t%f}225bocD!yF<f4>AiBq@oiu
z9B7(A6&6BRXbuaPQ{wUnyy*fxOQ5I%X-Z5>5|2s3;})Tw7#&T}e9FPdWFA@bSFrS!
z4^w^l#u<gn#>VDVoDfpV9^l<4*4o%yq(r8JH1FC$!<OghJGKR<)y=GV5%NoQoE`_N
zq9k(8Wt4ctARduKA`+~G0FOoh3oHwy5IDR}A~Bu%0~X_BlAAuJvT&6kHk~lVzx<S~
zY9Li;JuW$ML{c~#7Oz%N(!iX6*jOTHPjgEgsRD1B01Hm-w0QKtObSW`w|!Pc^9r8%
zrOA%pnOyxLjdj-x@ChOl5@QUa(}}DDXELbi;Eckl!;+H+Ey~ITi&iN(om_ASK;qss
z9UNY$-z|Ccmj<d174wtuCs{b;Fv%&9oT(x-7n73;u?XmziN|AsWnjb%qM?NKA{>J0
zAZRKiB`5Yl0I?WMj%$pMdI-h*=;_5|&s{<F#;d7VwF*tQefl;wZ$j_OVufvNY~Bej
zpO@OJuBP^?tLbfO;^0HSq;cnCbhY-AR}>^U6}-t#R80Zl0tBjS=GRRDLrwVN6*Xbz
z)?JX5C+TiWq|~M5B(5`GCHxfy5OD6SWMWLR=0=5#Lg+nY(Rw;DR#6i|*fc;|7PIFm
z6x9l<-=}~DPd{kV-vt@DaHh%P@@rMreptbZ!%)3N(=kabo|sFLIMv6ZlEM-}*(!zN
zc`7aYEIL~(X3bGhXWk1EYc=D53TgR}k|yx_1+|L;M8gK5u!o6&%DF~xIxUjY41E4L
zs%bFP1Lt~@2*v#<zD(Sy`KYcWOx;4&6awLCf@7mNy<VLDG}NLDidU3SICm~(OIP4c
zOZ|g>25fBpgb}s{z{ckH$Uti|N1u3<&I8ZFbUUg3DN@oSB&Q?<ybvH!u`GclAsQBh
z!w?84Ob1j#0YP84#k^XD>uys?N*091UuphVl!Qef7?8Nq1c8v`_%@5dK7nN^I9vkD
zFi~}hKUtk=-eZziDwuPL0=nS2|6@>CBFHZi?A~f|)h#M|4)h$cXgVU9no`jnU>YU}
zf!jM1#3)TvRZ_D`p|C_@YQ)0j6gXXAnlG(UTHr|)OiW0g`i04v(~_KgfuexNC&|pQ
z$jvbj!eFQ$y4w9r$1?C2E+oI^5{heT$f=l%FEi^x0Hp-tQ4=E)Mb&k5m(Ck>54N$f
zd24!Y1;EDUe}KsJG%dS!aQ4ta#ygK<g?rHmqKP=VV&HU|`1~eLw~6kE<Mf#L(>1!=
z6VdYvmn*#g!wRYbk>IN$?a!y?CBZ<KWbYP>>3~9BiAq|g<j8K5hGQm97tC3pQoBs&
zY>OloGx4Wb%w3`~JtPTEOOjIr!D&fJmBNWbCR1YqORD7N3mT3YoNYCUgkaGMm6exi
zoa+(vo;4AeELo#aQ6n%Ti9o?uuhHdAC<RYFU~zQ6#rkU$DytRZVUw{Di_T^*gQLl~
zGUrjU{4(aOznr|Pcb5NeV`KBK>9y<s+t~b`krJF<AM-c9pQ`m6k(MMDvzQtjV4}Z|
z>9H|_W1~zB3@|c1PHglXQzsgbu?`d&#o<)Q$Oc^nBmUa?#Z2m5Y#NYIHb<eoNkclI
zYNbVUeWId|!zoBgmN*=ebA2jvsv$X9LPV094$=~6I;5m0;scVB1V&6H7FU_S$fUQ+
znrW|Vk(^?YlP}r3T|rYc>Xu8K4oPS-ar%EfKcZ!T?tr8;aC;J24aaszXm54l%v?#~
z;w#y>ZVkDW6$n*DRTbjV8GnaNWIZT~nn*PS6xH@t+SvR)u@wNDixSH;Fb#>EiSCzD
zBwm||;x$rA<awL60Lw73EDIqL=JjZ38Yw|ql1N~JcsPin>BNImgaeZ(ssd6Ho}NTe
zbQ~@((QpVO8b#G~6l)qy1dw_Z>2iUV%viThXflj1MUb2-K$$7H^Ez_ROw`9AyHMcI
zg0Vr9;XXn00f8@BB`4p)<pwEKMn<4?mcjV2NlreL)GC}iZ6TC|CBc%AHcJqV37U?X
zxO~vtCGdDv(lbm_QWa1%j_eWmy(ZbYlA=lluU`_KhIsU~YZT(8s)3o=0*PSv^Co7@
zz?0^tyeb`)aoToorhSis88@&@1D8Jur`L~Vnkc%CHzh3*&>$u5<WzL02h%jrJziY?
z6aZ9J#o_TF6cv!Dnu<`AnbL*=p{fYP%>61L6oilnML`IGswpU{{io38;=}&b+gwyw
zhQVO#DZ1+q5e<bgA|WE75JITLBOxMz2|&d#;zR@ED8fM16~dDfSg{}uw}ugo5Sbc9
z(<DMbJQ_j4Kz9nvXbda^mp35<jflkMPMpSL;Y4LWw@;ud63roT>xtq%`LiVcB|1$f
zoOGVCkTOy5|8+|812Y0wfDs0l3JaD>P9C;6wmb1&mGf16NeQVuHe_JLE&Qp1++r2Q
zf=D#cP)L%9v{&Mi%q&6GLP=Yr!GZ09^lXLd#VWC=WNK0p3>XxbOUfz)nxbGvU$&Mv
zLL}-Z2my5~HRjYhn4SnA&Buuk3Z^G5jA)|UVJHNXQlPs8(MTf7Uw0*9B_csUOH=}k
zM<r5d=uQ`w1(v1aN=ir5b)r!d&6R}9@5hLmNU7sYN<~#QP$cf8R5YgxX_+{^9yEs=
zm(NS_qGe>wnv0^@nFBT#54Hkeb5SvLwuwhR_ZdbSc2hhDj99{y?ePgLBu*FjlM;tc
z+=&vvstTll!wI?*5DC+^)AdqBzSEg7*M}ou8UoXlm?oHpj$z2e_m+Zbsu*!=<{ClF
z5LgBnQV<LYh6g0N1KghTIdyM-KZXH{m8kT0$wonbvBglog=Gk$QHf<)B&9&{ES0jV
zgvsBCNv6gV>-TtIct8>l2s~a`ez{8NY>Va-7U7VIstNoq@TFL!rwhufRD7vmypG@h
z)yy2gak&M$E*Kw^44so$mV(o%f+lfzRXl0TxDf<GF>yH)mKFe~D~`h<u`Ge2MDflj
zR<RftdK84iU>RMBqDQfrltc;fcp}wO#K8>1)D#56pa?-|S`vv1G+oeh8q%v*bMp^=
zNKU0)62<1?!BzllE-Iw7X3EzJUQxXU0D*j&#1$l>*-=1>M7};V1^Fy9@qcn=xHZ#=
z=e*F<9Y9oIAW^l1`PqyL6d}-^Gjkc>@g~~n#bXMZB5=7S(P*MT&)Z4RJ?}1$gh1Dz
zs#an4LV+2Q35$ahRIfml5^JUhKr9R+0~T{?6w<N<4aY4;2Oz%~tXLviKdVH$Fo&)u
z=1_!0#vm4&x!<?rl9%V#D2avz@wi06A~5+<(;>@}#G{GV3X)h%qN#~m2c{v3S)l5P
z{WfPx6HCd3YKZ6e014t{KNB;`nPt7=5zjm`G4n6+T2T~)-3-X)BEwbyY%VIY%ja|R
zzy6T!`a?vfgBY<y+h3um#G?_yljDq`V40FgU=$(|bcaqPFhx8(h0~>C#^XdLM^RK0
zMTK}If{<}^r-Eg~!HDDXCUWTG5s71_tZpnKQG|iVlMqgtE^ufHy4ync3cP-e;Q_(u
zkVQBoL5jEE#@9-mcufn0kf;iHd<ns5MI~`FVb!oSIMW~rOeW$797zHp1gB40q!+7b
zLK2H4Tmq^B9&bXRT2YB1XOy0|Dg4i06A4L-IArDsa`GgBaRW^Vq?L#thy@f(6T(3-
zOcjSa;dY3GL33&#62*W(Lv=ccM=dOLbe9V$!7v0ae>$4WMLcAnIK8-%QZWq^OKQ0M
zX=s{;OfvEKQ*gLEBuNve$Aji{Q|(W<05Z$xyt@yTjm@7ZwgO;tQK4uWIaM`e&7O~G
zB&3;TB~JZPN-Wa^nXm*T0s<vM2&8FYnu&-!X_~}BAxz7Hmj?l=8u4g|$mBS3CJHVz
zF@_nBqo^veV1RHSfTC(>4kt*HpkXk4wuQF+I|z;qqd6QTrznZ&`?oOvzk>6Yh?(F(
zQ@nICmR7=bq4{92TXJBhN#z0+SCT*=DV?pb?J1MOa*N7^0yUB-P-KuerJp}tUwEH)
z5{xes(fgKVar{7>*3(I(m(`I`Qi;Rk!Qt}Y%gn>!@nITqbf*)C+e17O#Ig)rzU0J-
z-7<0eQqjGBEW<!|dvGPCfJj(X93C&KrXr<8Q4|zSeN7M`LZYbZ1^0rYB+LYfAVBp^
zZ^Ops&k<Vzu(>EvRP}%CkG^Fkg4%!?B?5#{kkZ053{1nqGED|rT4~z8li=tWX=!1W
zF4qv6%83IOqeBubfug>)4Deg>vXZ=zFr~+1FwrZS9)ptEf||twD=d*FlvTpqZb5Jg
zhI<on0S;}ZM6rD3oNpH?XW}R<7#~Y0Q6-fMmM{?J6!B;f;YdcohoyK>-DxDJrIM1H
zPf~Uc4yS@p6g1s|qP?pn*x1;-1-1fUWAl3^kvl)bE7HpphT2+b+P;;pLtBXspC%`L
zlI06Sq-H4SE*H(GEW#nd<T%95nc>lQw+<;2C;zw!Ck|QYURba}CBIzY)Mm{2GSR+w
z<rONpq34uE(^1L76$(B-#NOq511K8A3>X^(BQB__)hQ}935+xojkFRsbRt74fi{(q
zs7l<@h)W#<530L>l+wkNFI`T>>UFsNzIVS68ylO~#Z~}pY~CdjkftOSjbp{)Xf79;
zQ@wCfjYr~4j}0@>(nQzs<Mf`~OR(oSUgs#KvjSvQfnn(k_Nz1=mxQLxL~xx7fq*0!
zhLr!u-hGG1Ron|7|DJQUuX^v@l2u(K+j7Hl!8Vv?stF|tsW*88A-N%i6q7<iNNy66
z3n4(rO+q)l+87tyizLgkWHqbzUbgSqGw&a348{eU<c1qKpXcFuc(gOKqdC^j?3CX`
zyc-nf!;p;-K%%t~gbWdhf~w6L3CS>jxr}0#sH@bdIiN9XfkgK)!Lg%)g4u%bC<)2;
zo>_qNY#iAX3}ft=((rl(bq55k^@5O4L1?HStIdx+L=YMdiX@N-pb1dDFg{ktSnYOp
z?h0kcpR&l9zlO54SCf#duhZ*v|16Raq8mv5s4Jq={X1}sjB;$>Zn}@uG2YjX<{823
z7{lvuVvmZ#XbmBt24nZD?g_jTeQ2&>?8YgQQm2SZf`Dvf%3)w)M8@k4e$x&ORk7Iu
zn5_o3ZIW<11lN2?Aw5UJJ<5k000=OcKsG`3PQhy%0w97L`yyi{;*-H>ks0dI7#;w}
zguv?)ELtX0ahZZ52Tu%~*Yd-A-rE`t?TvzG9}W;1Be7_?#Mo%?XkH)?{Lf+qiw)4;
z%_tGvxS*;6*Mygeap>)^Go>byQ*jmL>ux5wu;4>fN~hDkM~{9NfKK-TRG*)w9dC1Z
z<4X)2-AiD+8=Gm0$QU<a5h|wlTsJ>C5nOM#hk?}^j1OS8fMPO$V!-8;QB?)A6~e*-
zXsU<FVZp?>z%R!#IU&(>cnU25SAW*P%=r>N=ZDw_@E%450zgx3@b<vGSrU>WG1RFc
zkcdqT9`kFe)IfvcG6{=K!vBvfJs81ggM-@z&;30(0GKsb#%%KAcX^RSaF8U)yc<eb
z4#o^HS-@a1f@DS$5YRNdZa=+kKAP(+cu6IxbQL8lSChB60!yg<!&OwL`(*2ugb;@S
zJ^F=C_dcr6NA1Qp*#FGq4At!+HlmOG5<ltrU{5t;iIOoIK#_wTs-_A20|M8G!0i%v
zyb`KkCJ>O(giIhHFd2NH`5Efc=<flaAs$=GA`JE<dYilGu02SYr5~@~z|6S@R$VJ&
zGD&zQPrecGe24&;Y+#6zP$yxySHozMh>i`uHasX$HHo-n2_+QNF@fKGJoASbbO;SB
zVG<s%VB-@3YO26&(irIW6PcXE^u-GZk4wZoInG312b$l3!65LtCeXa22>&>Wq!MC*
zlq`v;6a!&VR^k$2+~K2XuZQ|70~4+U>`8e<Wz8UQdJ!>csn{Z;gXj4r8P)5?GdYH0
zvJes#Lv%(4Hhr+5)4iic5<=_)=6=*Q(dqs#Y23M;9gjRr&%te^r*u=c5|YYnM47=m
z9AIEbWo$&?niTjw!TkWT0qkZ7_$0i(;1sv&KOWr1C72isMxyh}Vc1hDh?zE*khnC)
z1|9Sr*^4%^ot)eO;u8&Qd|t!nfg5jANX?OP4}Zvg03x^qV6Z~hF*sVO;dTa(JcdRD
z&*D3$1hOn)34y{=ndJ0fh~a>r5B;9j7>UkijlcgcfIUoN<rNYgt$ylj!!gA!rs$&U
zn7()+lB5yvdqHRf{64%+C+>+6M!SwNaI}`8rhWLwYKV)5xyy{?EVhA7Fxu&3sLn(C
zQRwY4;c|te8SI$s=HR745(In!RF@BfMFGW(WQij>r;MVNYnV2FA&SxT!M}@6_wlt~
z5<*l0vp?#Z=yd-|oz*+&s@y|ZN*<}R7ZDa0jc3w9>w$e#zqEmlU7JaYYGK}GkWpsC
z><Cb`U!|owz{Du1A`ID@2*wDEmT(k<39oAk87CqziRO2p$O05I21_IcYYd_BnWUC3
zCU#mO0nJQDRW<E<pGTRhBQ33)$aoLqqb53=WcoTa91ghfa+xJ-WK{3*_4xCd1rWhO
ziNOT@y@I2a0;^4sk*A=kg0YccjQ)sd2}zb{YYO0=k|>%Zk&rCm4_<3<UV{Lk1y2<i
z%&`3xjZH6V*h3*>noLfyL|9~i{x*fSmK3zmJaU&^Md@XiV~YqqsT{vAfMax&$-yCd
zjvS=!^$iTxzDi1xMoEQ2-b^F57$cgjG3gB88c^{MtDu5p02Dw5Ndp4loP@z%=<PBw
zIGRdq@luw4<qi^Zr=3TG>U19~Rgw^5J8;2AT@#(|Uqxtsp83z)+5OkQk~=$!#G-64
z$Ke<mWwNW4NJ}e)i!`!Jt!NV}JKs`it`zu{Y~l)+kTR>3glPrXA|jBDW)!0dSyoW}
zenh~B(EJ2^J^&O$@Y|=!7D{MzG_FY(N8Wsmj$O}T_SO?0dkl*e#wLsm4H=P8NX>+(
zXu+0O1hOpn)YlZ^Q)FDj=dlcMyz^HSXl)i$@79P(kjO2Rm>7rQzT<1~1ZOIu6C@%c
zC63l;OpFLh7s;gONCedL8w3aqY%vl8-5O8)UPD8$a5)SQ%k+0i7|j6^ll_E-_!%FD
zp7vNAQXZ-ERx<aht4S$5{VxB3wszVN?xTLwYYf%BiQUjgY&^tfNJJ+~goR4jjKOn_
zUN3mu;Btav3|x~C5XXNHEjU}#c1*^Yw1QRNxr>Zh<>%O_I^D<0+Xi6bqppQc_pc;L
z3W)`In5-H@^&N!D9oQlu$^z4hAu$cyDs23Vn~nwvDSQ#RS6oisk_(7VOCvlsJ{aWY
zJaiqYXY(Ka!a&UyY}#SsBge7DgEwGdc+7~&DwCV<#cFh+$p*SREsPGs_^9A$l^{M@
zV6=hXb&j(D$FDlj0${aD#3V=z^#()o=FX5%eG)xw!Fv%>vt>de;7Fy$#Hb)4Rl;nM
zPDB+vpU&TC1BBqn0YOVsfP`ct!$X3wFbCmz625>1r`v|p9U#Q6l0S18$LJ6}`>J?u
z&r2lCUcszOuV7mFypzg~&&(h`GlOXhFJP$c%k&(nrnk0|hGXpnj`SmmG0f%wvJ5`I
zjF7{Q&(1_)35_BoHX2D5Omx-Z?%hpTsF%TpP3(R+n$Yhg5S^NF9#2!J`?n{62}ua?
z9B>7Cpe@}eh-Ye)hAppC^Wp}aJ$o=o1DMTVw18JNGv!Lb8as!~h0DlUu#n{GxhTf-
z3!9;OebjD#lZGv?Gg7|;yHZbVtV%?TjAXW;VK{!Jum{J8pUDvrA!+n>S!k{8AuBfk
zC};t=;?pweg%X}2(8T$j2#^gBFhW<0VD}pu5z(+{rGhOY__|{hcE1^5at!9LmPyT)
zkbTF)3ZEkpyweCvEVS1PUjD1b#JC^TFC#2z<d&vlle=K533~{bBMcy0k&rQ)RV2TM
z(SZQ{y#^+H`NS11p>Wk23YV`yF`U}&nt+M^0j5UB@H!m$y>8G%FjBE1p%~35CJQE;
z6|>cf(P~3zg2|yFx~lil^!o2O`g%2TsGaNo`+jC#cJsOavO3+rKLNa8046!FalTIX
z@6Qq%#mviZAgN>lqg`#dM*8qNr$9Dgv_)Z$jw3cbjhM9aKOyTF8RhVsuhY2sB_`Uc
zup3&)NQI<yBi67`{F;p4=fOGTrmsgZG7fUsOtLPxjwz>szWq;8GOLx#ZZxuYyTr5q
zqY@nl@tF#yaPW+A?%&D<pn+L|ykZHnQKtTYVEgMDzCiHmJfkEL8YWS;L?SguBH$%>
z@z41TGz6F;f*1O1c~PUGR^!T>j6}!!*!Jca{e2~5&RIr?#luAVejN3iv74rdO#)%E
zU<$L75u=fm<)yE^mhOgHw$yB*>e*8AmR&;0s@2#dqfWe?EJ0*qJdug<=k;tN6QW5k
zo=(#AY*cX{K1V+h35n-bhEDe}paGMT5aI#g^XO3lb)Rtm=qPx&vx`HozD(2BS8#S8
zCMvv#X+;hrF;4&hAOJ~3K~#{MXF)NWa8IaA4SVT27GQV?0!kvbq;fLKSCcw>0j?=0
zTYvv+Qp4Y1{&JP7y)sQlf-(6gM+J*k%PhN6#_yEyJI`-Fz=_RyG0?PI@aoeVj)~yO
zg7655i>{HGHebR&1b$C28sWJT8W=+)j5fix=QZAbT|+iNWR%3rc@UrMr~XJN-F-#G
z6s{t3&Rit_2tC!?89eebnxl)TSV+rOh)l2$8mZv(_~>Z#&|C*2BgurM&tUqp%b9WU
z#YCt6bHbL4c6Q)(OcI-&jlpdDr<AGF{hLsMhb1Azy})gN@guH~PWNxAv$mGnO>fe?
z?R9*8m1O6RQBW?Em})_2GD8DC+K>3?ItFgP6<bm{@r8>>EM7oj-gFYDWze{54=?`U
zyG&2n&WuGy_Utgz-vtXV6ex0l=l?F@^GMwMHHE?pWPBq6)pL&f0p8gVXoRkILGAwF
zI)8iyAj42A^mYk~=SrkzNCf=nzVT0J!6SyID2du_8h^b{B_UPfiW?NVI-q)wAR$E~
zx6p^`Rq1Gt!znEyWzI!p&Ra;pGs(cweYC#)B2(SFu^Bw1WI$ShiTG3#29rj2n}@nR
z8g0$dm=b3(t>R*4tX@Tm9t}{Z`>=e#eUcF32f&?x`6I57PWNx6dG7&gH@!j2wvCwF
z)#R19$X#Y6JJ*D3AV9-DA5AqH10!IJm_gk11tiV9fW-VFQVOPHGzBN!_C2$KO~3ph
zvkH$=FxSkk?IsKc!R)zS#zr)1s_k^NfMdc(PM*RgH^^kol<<uO&+DJdw{@c_crj1)
zPJz(^voDY^m;otRM%CK_zYk_DlrS1V^?h)eB5=I(kA&80!ApPBXl~Gmj#rqoC_rAJ
z2dBe8N1FwYTOuZ2B`U^?b0k39u?XCz70kTqM#`?doPp+JbX4u9r)oQcjeGHp)DRyF
z(`U;}FE?V1G0@WFqj8I$=2|<deKy$@7g2oS3UcPn`NtllPWQ><0q&NB5Vr$A1FRo$
zg><_A^R$3Q-IlG?G+lFiolVm|v28cD?KDYaCv9xoHXGY)jK)qHr?Hc!v29!5-RJwg
z|L!@vd+*?yncbP)&Zf}ww=B4XpEPu;BN^tONM%ZzWC6EUMq9A839+Dbg538UeY-R*
zUQ0t<O6~ENsioh#*Cm?U$CVv+vU`G_$=;?Pgd<!~qX~74q};9CWd5%;MJqW*%{h*B
zFF{=2%T#+hlgY%(xZsV?m*X#*U3Ft@t%5AP@Db&`4cC6^mz;%2AtcZ3qyq2^shjov
z866EZJ-Fb5uohM50@o*-$gg|Wm{usy7FNiG9(J(hSDoS#UaT4na`N~y6dCcgAhVG#
z`adOPtqDozs!axL^~sxR1IiN|+fPn#Ed=C-&Z`hfR^sH3KK(>3VP=WXWtihGaI~ob
z^6n%Ejj(BNzA3dDL4A>>k2mq9Pf~D4UhT;Nq{q4E0wgF=qTmi4TL*XCY?E)ff*p3!
zf=;9*=|{UOpN3X1uB#hxFE+h_6H410-FW>}G|50+T$aArsCu!Ce|Ekf^KxFe7xP`S
z%PBgYgWr{tt$YrWYpM4=M>*ZeZm?AA(p{)OG1Be%rP5}lDF68r)i<N1J+=V^iV*!i
ze$pUrxLi|d5ex&quIYn^Zhiv~YB%A4DUwwKcPdc?WGXpB^m=6nlej@`X87l4NG<{$
zmts-1<nIT>2)*fEP;+JnEG~~wa@7z;rlJ<nX!bp#B1u5t+d4@2=R6S35{$m<NzklH
z(|NlyZ28w=1;42K1W=}MHYn^75K`ngYc8rB7)=E!F9~%AV=(?z&c+a`O*U1f(TBJB
zvi8RJH{Tj{1V*box~LA)D<14y03y&ZsU(SWr_D9j?#(_qsY@~F60Z%a8)4ytKD(P<
zFWBTxMORgl*k2ten#lev(|ZK5Y>_#*#m!Z>vn4tG%w20x93n^-a*mvFODLS=%j9M!
zOW}ToQadE!c)F+0YW)1UWc8a>1tvCAlB0r!z*`!~jlZ%@&+wfNuYu?lqxZ<C_Xr03
z0`i@AuEkqZ$Zz1vQV*v$9t^kA01>7J!>yyF?g$SlPI9N-y4QqNsgq=%dA^oL&+R;;
z_jGFYi;o*NOztziSW^vp2_Y#tL4m5=V<;uhrqUV*@#P$AeE;mqMS;&+se<Rn`Ey~T
zI!VD!4|3Qsve9hC@HkvND-ju)K`TsVtmuXkG$~%xu$Buclx!MCQiZ-t#azxH#U-ya
zY#sO_D8yd`I_Dgt@J5P!g1>pT&Yt`||LnI!TtX^XJ}C<a<k^sc2^os^s14gbBbl)q
zttBNp%L+p&<CGxpm$CO?Lf@0G?e`sWIvyCNQAm)O^o8VX5m$bEC%S6$yY-iUKl-qV
z`f^_`ig=uH`Yei_x)Y#ezZMkwcC>#s^H>!32nlmWS81T2V@ewtPZ2?8f-B2?Al!L@
zF&hZQX6QG7DkPfz(WG2^!x_^|^;ra~EHmL2kr|8r?e;#ioY%r+h7Ic?J<6A}xbpek
zU%B-b9NB(dVyD>_QLR%hBtJ4+6jrf*`z~XqLofDg8}D-R@W6?`;!=uwPP33++V|K@
zF&8!U8Q_xN$!a<ya)OcJpmd(}%#cYpT>Pj(%<hmzUiuMTozFld_uU>c=X}SUuoVcE
zlfkkAhT~dA`PL+>_e8L4y_;vX@2I*0bHu~=Bjh1Tdlz95k*P^f*`;V`seRpemrNVr
zqM~?hHAP{UfBrlw;}uumBbLZ|FuElnr6;L3TfUORb5ML@r4hnMDZ5n|H{Q$XCgWhr
z<o3ITVk>k*OEf4f?-dzgz$)A}+WAT9;;NzPn~}6?6iWSpY48K41V?r^O=dSunu1D3
zN@BXBH&CR<-)HUpQA8w26$Yv|9z^}FpBQWyg7htZV(0<(77m{t>iYw{6*6=>ucFxq
zU5qdPgbU(sLhkBNWgnA{AHh&2(l{Lg%k*|ph0u3d|7Vr~`c#mE$qAE{o@YweTU<iU
zjP$t;0(1l3e4$GBiu7BZrOr(j3~iZ)*I#o^Rvx*NUYTY3hgp9Q=E$F6t&2irg&?Fb
z7z2~lSXw*Q5$A7-U-dq_EmfjCpoo>ec;G>OlNJp}G{A|!o%t(S`f`ZaOql;Zfn&LJ
z553;2E4~CpYKY3x6T*&|rzUDKh^S)5Xr}c<xZTh&sin6wN%Y6oC#4$V7p&YVHC>;i
z7Ly64HcR?A;sdlpv`0F=GVfoL-^q?xIQ}m$Qs_31`#2-f>+&kqF~*D%B{<KHajj)`
z<3q-oU(y#RuJ>|WTo%h~uy?T#?rpx}ohFTpreyHyll{~n6VmH5f-(Ve{4Nnf;K5=H
zzWa9!`J1N#J4IO#l!YNhu&|KE$0&%fTGqi2aE)B>*D@ycHxyd<Pzb5;;KU?fk)l|r
zC&f;@gFF7<Q$(dyE0BL-|GI3g^M?b=VZIY3-oN+PLhPyMG4K7`8QA#b1Vihzh)X2V
zmip3tcGBO#rB#m)2$LznmMEDQZ7s{CUwPGH{OQMKy+uT1v*+U944nw6bl^)upmrHF
zzif>*{Wd$1gmulc5bPl{eS5wGEr1>1sK}PSq~qFIZw}mT7=IL^pi;S_<AY~v8p_a#
zM(Ih<c4*V+K77Gmzr~w1$HYK)-5;q>IA>~pKO$}3cyP{^pGx5FOhTwm(sT-q`K^YK
zM2?>$nSIOka%lG*xG~9u;e%~q%^4*&ftAbW23tk+K2gQM)S*Y*u1m%rxQ1_HAldI8
zM<d#=U_gR_D?)b#bD!Z4Y@AYgO#*BbhXDutF&z}re9)DlgM8#B-!Jsj%@_%#@gM0y
zEs*%*y^o+s(sYThhNEB*YeCIkpZAb^Q*k&mt)RZ~TZocTaP$nQ%Xs+0!?;UhPW@G)
zeo<m<7}0PNlzebCylY9yrkq=|B_mgtaJ#EJNa?4*Oh!*3e63E<N>=pJ<UO0fpSM>_
zir*w}Sd@{75LY+FNy*BRV#<{^nT3%&Mu>={s45EY+rvRi5hR!w$hjJUrK0|vD#<bi
z*724@=wpaL-U(4OkqNx<^_+L7C{_C6K8O6Oj4m1issYIgEk7T+ki_IJ`wDozR3R>0
zP}}?Ar#>3>HS8w|7=!WdIoE~eu7G8f2zoER{(8Z!@=Vl>`teGKFf+$sp#Yo}5NAGA
zxVQ%mk;I_uNxAf@$S`#!XSWsK654K#)c6PDx~cdCrbN(U%%J)49qatzQaq^76OytJ
z6<E3G3Va=x@%r9(>7_P`{pfLZ1WQ#ymZ82b>C$L$Ll5q4;V{y75n84ZE(`K56IaU?
zH%SgDfwOUg%MV;(jK_+|_v_tF?_q@s?hLw8Mk>S;?KAON-$ed6NABHEgGe5~c38Tj
zTK8HL{{%91);(Rummc3HNzhUmUl;bvgS=7LcCPeL!+@(3Lbh>Z-_#y%-w=|rQr?Pi
zb5@kUT8%p|c-q@=oJga9UkGFQySsgq=Z%*iMDKTP44=v%ba8N;=`vk!E-WbN#=g{y
z<F1b+>F$c5E)aL(|KgnpfA<L1u2^Z?Q=Ev}2mMN<@$w&fSU~#d#hxw6ncso+sosn*
z>5Hm4^?9Z^9^P?#JV|a)XUly1_#Uxp>b4pzq}AMJvB-RQhBAQ4nv;Ii5I)9eyc{%8
zgsA}YqclIz{QQy6usUX3$EcT@A!NCeaP6d|{AYNSp9eELv)07i#*<>>pnj6JSxNDT
z+~>fg$w`)Duhhgumd|FlT!YkAa?!oxZ9xa`*gZC1!z056$?>V8LS|@!B%cs_1B4SX
z1<=c&3c+{WpkN>(%F!VN!5fx_Oc%1sRvD8rDbdi*4Ht3|pS`Nav*w2@onl&AG^C^g
zcRgST^rOuu)k!`TTktXayf{;6xUpCL3DajsH@d2QKw?(Ck7~VN--u6sI3E;<GmfP0
zc7-9z`WT*YPap0Wo?JxZR(u;5%PS0--{?wOO4Ey8BEHVgy|PdgX7p}mTlY+kp7k_g
z)(ABEW1M#+lmL0jaB2AuLf~t0)1k7hT^w`Hjm5qpikt8LgK?+NXn$*OPE0EFeM1kr
z9O;+JT~{Af3E-fp@b#SQk4TwQV9=+HQsW!0Z^nNe{bYC^#~EQ@6s&V}sI7`I?|xw{
z3IuXxMx!amBc+|39iqP54e2mxeps7Tw#PrWY?Qn&=_h3IM~<0Oa&QEIk+|C4NYU$t
zkF*i}G)#`=Vjn1;Uf3)3s>zFtn!ub4>h+7bhKE{69#zs0c*T?GAPy9iBcuIV(#b30
z87ik&7d^$OQ4imt1uH0MNI}&e9*fo3BK3Q~6HY4MM9nAnd{RkAP%^y}RSO?c{CB#P
zEWYWB>i1zC7c|p_)!}vZiu6Ms38T!A5j#p=vBJXogs@R!wuAA0VziFLX#=(-U7@(@
z62E%^UHJ}qO4Iz5Z6|VLB;8Z5eMX6A>e>)VbYhY?hP(~Q6i$Ya-5{g-17=D-avaT>
z8lf3qBdCCuz?jkJyA#tNnCWqTr11*wddDqxdl@VC#WdZaif;^<r6}vqIl)!T-$l1W
z$6s!3E1#cRXf@iC%Zh#{ac#ui-Pdk;Zw#$82bx-A^=;dD5E0+oUb7W2?nmam;ymFn
zNZh?FT@91d^fSk2TKDa7V&Lp;Ysey|t`fktcwf4A1sFAKJ0jFybGX?dNpeXhvfILU
z>zf&2noWe36jHr{At0ocr&pmnMxY-pp?~#WHQ9xg8I|K8M*B@&;o<wODBLp|SuP=s
zTf)CaRHFz@@&gsE?I%s!Hr0LCY7p0q+!bNQzE|iU9SE*xkC!DaGd(|~C;Gn*4#r5v
zwpG8W;rezei%cLbR+mJ^5|n{t0YfCDuurTjr*hh@@%JT$Zi2esXO1W=OA_#KR_gFe
zd0t1Ej$4QfY%DMX(F&J>D8=LSOXhN@Now&H-zTYhL=Er^o?+>W=iam}YpVCl?N=qt
zj2O9J1(LfaK~wL)zo<&0ISYI9Tl;(9EIE&{YAVLm3-WUGAh@p$Y<6|m9a}{t>+l<Q
zGOc?}erMiBuWmb7FiA}XpZ58YxNPnxrZ)*nx7A<-%O=-*?!aMv>uW+(6Ot~Qjiff9
z<{J%m9v!c354!E+U|7cwvFSTNFhH3(Jj@AW<coo|h6xOaW{`%JFKnPkkJC2N>XOlS
zcjy-B+54T^44#G`$2lD|a@bp{3D@Ld`IDr`U}B<Zg2{Aj#~Uu;CH-5$^k1t_^!jEM
zKXdxM+cTUeTmg-hnTU03uON_;gNsi#rsn#*H$6yx+pL(ND+JTP$a7-UyfmV()%yr}
z>Q|kz)sA+G1{Rs7Nt;o#nRS|P`htz$d|LFY3n@<h3l}bIOe|k<j4R)orDq^c;M)Zv
zXf{ALU`~>C=E#K_@95m9zok27pe=N2)wr~Vy=O<*VW*jSKhxV!?5SzNurd4H3+dqx
z5A*w@xl6|ri@J}N@v<C0k*fliEh;X1&32~#Yvk^$0mbLMp@}S@7H@y%V1$l!>n4j;
zmMNAPiQM(cR-=k-ZN*>Shptr+x}Z;xgVQ|G|LKe-kTp3%5H=W2T9q{ei6;gJ6+bCp
zUO#w>*{}h@ghPCMpezIf=Wj$v&jC9s+Oc6@mYj<nl&`C#lnkz!)2NhOkc7P|vx)_&
zsr7<UgpA3_4!=}5F*)g4&t`mJvRX=W1=k=^{<!9^)Z2Pb4z>H)#$SPD7Q&tlXTJx$
zmu^lC!(e>nv^8RTF<&29GZ`_Nw8J>La@*fJ|8(*8iDw1Ji>E6a7B?c=koHHn5Frw;
zt*!(tP@^Se2P~CL!2)hT50U`#AA0vSSDcfDnm9@iOr>sAz+V8_eNRgBdu9(qenrXa
z9E$Fzyn4*B+YK>YeeDT08PE0|?9e;FtXY2{IL>>5Nb?<;il%hKzvuHfVue6sx7!3L
z|5?XuFya<Q-z%kXYGY`834?}<z${5du`rGGiEV%Fk}}rT7o4><Djt_#A~@1m&a_XX
zw{OZP<!=tN@z<Yd^>BrszhGeN>{F&QvYEM4f>9ts2ks}al<I%>uww0Z^_H5rWLdQT
z#H(A}U>MSP{S)t$sGkWx0SP>5KKl5QmCuYc--Fci<^WBp&*LS6$iz$z4c~NdkJTU{
zyOAj8Q@#f=E!30ABx7l@S$d}Y-S6LCG<tT_0)s=<L&)rV9PxrJm;;aJ6ed>6a8F}Q
zzki0#Y3ytsx}kKs?$Fdr*mTJqfs=c->8<uN5_-I2wP#62j7?H<?B51vxbP8ym^RU*
z6ZzJcq~~NEv_wkhat0nZY3yJ39~$kRiB7tVMLB6~9upAIQ=R7CP~zi#_v0HXrpB^9
z-e8c0o~{3`ZX5nhajS5byIw7%N@Q*gJ@ND8W-TwLo<(tYtGn3}j?Y<^QL9f0pxYvJ
zo1G<|JUy}deLz^!{rtr!kun}@99noyHvzM<1AXGasPY$<CUgT7!?(bxDg(Hf-v&)v
z55Y4aAriS5Yg{?1NG6?$9x00Y-60F?VQ2*C3(#b~o)cYlu|E$~(&<1A-S1)<o_4nx
zRd?I~)4cA`4%zO$Sa~j!`B1@C5sON&sE<!6Q-YzWL5sH>f7f0R5}6+vri85uj?ZY#
zbWINm6oD(3E<0`fHo??3Mo7ezX^(WC*ZAA^rlyqc2lBRHf5pn%V_%>8f4SKX7V_f%
z;Q?fx<=wM7UMdRsA8;R8T0CxeJ_3hI!8nJ(?(T0W;9?}2uE73WA;)~MvrG6)uAUak
zx9ewS|KD|K{=>^t^ths%NBp`x6E|&FUBakoDc<`|;B+e_ej#iA9p7bz4oYsV2)s$M
zHrrmrM%s3TTc4?gsmQk00=QKRjXN%r@(i3izkDvoi`#(p<L2}>>5CE)1CAYMzTR;K
zM!1O@$)(HtQAvWg#sF`bI73w|1S=7xR~ghneN5{jhhB!5h#DsW=S`8H4LE|1abO`?
zk1W%TZg9_&!Xpt`c=O|vp?xLS$(mYm^E{y^rQ<{MYBeyR{YiXXVU&FRC^QZC7P^8+
z?^NhEzQHwk!^JeC5|iRuuTF@_5`fSmB6RMONRk@%$2u-WXkLi(3?`ennA!#gCSNYh
zUh+Por@>1b_0_EKvGQKP^SmFWtKZHr#@qLB9?`pd?tPs-p1XG}1>xzd!MyZM$9&z{
zS$Qs}-b;VX`RX8|o!%${?@FL&L(#mK0k=24>9hY`lbH`2!aK8(yyM5UT8@*qHr_K0
zz{!2AgHjz0U46XqmKqmyw$LPn^v?Cj=Jxlb#?jmPVUv@y7AJpwT(~v<bjscKsNG_S
z<oocv3{+z2Jszzgo_!#sRjT%we9pO4>0bEW-<TfN?Ss(Cc-DB~6_L)vqCL?%w03*1
zC8ghiE*p+S5!m}U>D&Ej3|}uUaJSXNM-?bXQ^G_lR2H2RxqAkJg32eHx%+K585~c%
zJT~++x|v2_`o0Sa>!YuY!rd{oG}QGY5^~vTz5OePmK~Y5+u&pvN#&2TI373WbeTUh
zX*EzMe+T?toY9Ky>dXkS)Q9}U!Iety|4Ochgme%J;~%`i-Me}scEwY&_&Rn096uYs
zw<|i9Xh*9=MM*O<g-!XSUUm5$H{0b~^=}*sHHRKG_!3q>6SxxKu)D9BvvfF5)hU#E
zOQH;!ziwoJO~-x!Z@jiBJiyKCddDAhe?Z*7UZGLZ<&n{L#3ak{_)L%fWZsYO+&@{p
z9?p}d<$Hl*Phl3CvUc~4+EbUS-=rc~`QR8Ki2LH$yKu2Pd*QcJH0keT5stL+!BkbV
zHdN6RbeN2)RwE;ul65{qn7V#%s{$`;AzX_fxuBO=k2P-AyBI)H$`Q<~t_KrP@_fZR
z^jXO7t)?g+9^&t%gIWzv%grO`bK+$yWadUx0S%^JYbGrxF$Y$mve>Xhv{7Wjy@XkH
z8+wf+)s7flWMx8f`Q|CVh`!ia#4`?~zQS_fi3Ok4r_H<gT<gKgXqG=7@c|XNQszhq
z2lW?z!J+zZ$Te@Ai7g}<Mq8z}YC3F_W5Tc4Uzs}{6sBm%SOY`zo-tblu6h0*wM@^N
zd>RL@0^SE}ZMYH0ZB}@Q_<??U0+lTQI;8LrQYxJTlZIl~e4fu5(aDaWrG+a^RETp%
zOWj^++wY=oeJ&NI7GT<|H2q`0GAg^#o#H9`J>9)C#ui1s?ye0t)&Ioq+nN^v)yc14
ze@nx@dmhKG9IaoYs{1MzIOOL9RH(EJNsBq7W9fgeHvFyZ<vc3*xFlwX%qkOS7b=Z=
z7lMFmNR4M<gaLK0Kpf*@{|upks(HS#gzm#Y2dr^frie0!32i_;#d!YKaHOb@8&|$1
zJMM8(?F#rKIJT(Gw5I`o<YzLweW++eyi2*~@NjP9RKi=L<rwc#*X@U4{kq5i#=O*i
z;Qq0gqM}}h9mDpMxZFQnRN6E@?YnbKH=b#;@*>P$$W@a!42;hc{q!E!s|eS+&a(4T
z1lbasPW)q8{lIi{rqx>r9yF$S4;GGuNMA*8dWAlIqX$5{koYSL!~K{8n>lK$d|T>A
zY-wRzUI=C+3rla5v)KZ2`no-*h;tv8aWcLxk3r=%UH=tBMm`VUtN-OM`{a5Ozm736
zDahNay73Gx=1sg4#xG~W*uehn#PEdOZu!Mo^DUT!{o#1C<z;di|M|o%K8F?!+wR9%
zZ4_-&2m({*v$$vM3>bJ9YqS|$x8&wcKx9hzqsMa<ww#%g2~r_kv>9H5;H|iCVieBI
z&0jO4q%|5UcEg0}m9^pD)1Mlc^@pPP^$WT?!+y&lWVB8DnDFOtejm|RLl#lcr2SsP
zTvAn?N|`sC&b1-(CWge((HVN1n52$}M8!VV^-5W}McU!D;J@vNr0f`lG{4r5q5ne0
z{c%*Yo1B)X>iu2(i;~+K4o^o7k&hh%_Fne&kxSkup&;K*=pl0ug|wGBoQR;aP|kUh
zBo}VP*og7-wrLSoTDJ4ShT|iPqVLTZCRVdU@0}Uf+C_nvKEC?fwc>d9yDGKoJ6LyI
zn!h8r?n<7?SsIc_6|!Mv@5EfU+Z><T=+|zqP4NTfkRRP$@E?bU_3-j##3X__Y;^-s
z!?_q8s}gtC(e5pVp8{qI0;bamVU}{kdTDkZc&<F5>cLDj`wpNOQAI59L3j;g4$u9U
zFKQ;d0W<JmQ#2K0z_u~i3>3oANvg7-P<^BvkcD(;T_!=;t-ol}kjQ3?ypv?c7w0LR
zVM@ws7}VUUebu^J+FVyzdl{D1cD)W$zM9mh?eC)OSeOy?YL@%FpLQgm<1LfRPTTH5
zr0#q0tMchyP}~&L&jHxLPx=Do75nf+J@9@ZA`D+P_tp;`+jPBatN)2{p9PCM-ScLO
z_!#-1_Pk3n!}kfRw5Z0%5yEv!c=Fi#ZMO!=u;cH9YWF2uiJC+I#YL&ZQay&Hr1$e7
zUv2QBMYufc^!ldZXrBDlvHQifQ*;d5v_{k#yeJ#SrFC>ndc=5kOwn+-2q+E)F>EuS
z?<9pqgF$LY7-_q7uOLKx`zC;a1Cp)6oe&MyPXM#3ov<|Xi+AVuVIGKowen3#bzQv}
zu2Olt1e8w5cPna`zXD%9(Rbuw%Ds-B*qgPN_N+DCH}rXQawhgA1sOVL<YY{c6xZJ=
z!<MIP1@*rnGIZ_9j<?-6q>GVF(#8QezfI|Z#o}-c`ayvEq`n|g`oe>Ee!3g6@(~QV
z;>V;zee+Dx*?5=gxC0TVQtPrrdqfTMvUI=cpOm*CzvP<l@e4xWik;h725Mpbg}wxE
zwrG71w!{#*&nUaq1`W_T=A}bSr-}`huHDB7agAC%nQ1f7MWuMCedOfA*lpjTa1kZO
zNw;vv(IqqoOun&d0kW?w<>W9bz(Iv<t;VN^f-8?t#V*wsg$+B2ipkU+Kb_4B3`+9_
zn)UsExd3c(d9<vnwOQ56#{hBYX{oAwXk+Hl3uA~&zAj2fALk!0m0o%ZnA>#snU1w>
z1xi|;(eB;BbXLA5i*|UT#I4<%O8ojYbw(;xDlGV8?g*EPX9Wd-@k{WkkLzO~62UO`
zeG_mVvehVEFERo$^W<0#b$jIfeUdE^uyeSkV!H*Raru6CSVz;iWgPf(4g~y6AM<a_
zt*oC-nuV7y{J9U}Di02FA}1PJjg~7?YCVQG;axm}BR#aQ9ANiIUsQuo5izzRY@B9r
z!e)^8#^czoz#1^(@|p~qjljVSjy8htKLd}_{4tCQD@C}$6U`utS*bI&s0Oc_LwtRZ
zRU7WcheE_t7yU^Z{R>WYpE;x912oD$F2v1W8aWOd^AoX$ye1-N9H#ve7~<j$&B?)T
zn6g$#h8+UW=M{bPO8?7BPauBPY`V(Lcz-|!aRfnt-Y5bT+;gd*!#vJmHp1T1H0mWT
zmsQy?N}?Xe`~9h#$_^1dp)D3);VBz*O;WX%KB9x4+gZN(KS*M#={U$d=MGZw-Jg?n
z;>xkY-~EEh*L0@Q?A#a6%%4=S()Y}M#Qm%hf>kpnYhRjE`9<BJj%Z_pVEVFEgbUIb
z)Cz<^q(m2+p&)srO_zW*CPTI$6WGswis|ckKbd=TS+kzk@KZHHZ$%GRTcXzYQ!y-o
zvvTwOd2VNmG|?MuoH=G>!~JZy`?o!2j*Au7zxQ&CO#5>vZ!wPjR_h*G1>5LIRWDGv
zAH76!$VhoN&i^9yN7(zTWqx6g56}+?U(k=aoV4;8WxbC*uk5=x_68l}u`zg+<FBi?
z-@k{C4GS1|iPdyQr(2Nvr+}HajIK;sjJKY1?dy0xS<bl=R)`a=EBdu1{DmeVI%C~s
z?miSBVhZ`uc@27-uVFC{O$etrv{TLaGn?){aVO&7wu(+17%xXtFOnKeKvcDrFdXSZ
z7Go68LSqn-8ZQq%f(m{8>$59^8~t3GuAH_trmehRNgBZ=65)>>rTGYsL<ZF^J0e!o
zg`49yAst`8R3FlikV|rbm(B}ThsvwUv&{6Qe)$LC=+xHKs+!SpIuw?#54bfS*VH_N
zgOg`lhc4~z9&q<prO2Sz3wQxbuYW;dj<r(|qyHnXpuMp8=ZMkwmKY6Zd!x0QcM&zG
z*$j60&tugwMWr!`*`_8h2zI-}yvcf=l#xa}lx-Uar43FbS8y0bB_jRWbg9X0<L$R=
zy?q+~!jc;v8OggK-l!@$1y75LmV{s1_yu#b3PtS8qRQhE4Bu*3f+0Y`OZT}CDpzep
zA)&#v3VlaVwS_d)8`yeYPg)GL&X$X()Pi5hnCy}#gS{_b)&=D-iSvF(*7!nwcSI)e
z+wa3Bb6#qx#2s?GT&VF04K$WFx7|2QHu?Lu@RnY>_B${~0^YpL#nv~z<^9rmH3`Ff
z;^*9v!Zy@0g*5ubtB9X|5LJ*m)UiuD%I1StxzDpbN2deH2(2G75eG*1CB2U8LrsKK
zIKTD!dRSp}3khYn94apSv<59r`?lAtS#ma)ueU2F#P^3pP7LU<AA4mvmRLCG*cjeq
z6Vr9y!j8FARPsM*{_t!;sY#sd%d+DwXORDT<qd%w{b^+L#>yhlo!_>b+T$aTBDhG(
z0*pmVOlckG8#e=2>S`o{WpxWX529v+;pQbVAM)3{WG3%(0j9StuS|X?kK^x2zl&)r
ze~krkG=_Hj?M2;k5%OAVf1w(5zFX_2^6T|iQnjSwoR^(LcyM&+-?;L=yP)S=<8^|d
zmjBi151Q`1k_C6+TU+uZGUl-JP08&S;^SvDscB1*?P|%bT`WTxU#a&OhTixzGlxW2
z{%wZg$s~<gJayxP8t;#uE2!by#4UKn;F@3KCBX9CdW;%t{M)}oeI<zT!gD<q-}9cu
zBvkepsF}#$is})u5x@+44xsXI;-hhGFC-|`qDu@6KEa8Ld_s%<`oj|cg8L+K3@#*P
zrg1^huPa)*s-&>}x`-o@LbcwCQ+*BC-pMMtS+M5~k4<a4A}07-e)f7NtN-Ig>W<d5
zTV2D3BhANMP!q>DW>Nv6^Lr<Uy)ROY^DBgwR_PoOw+IXTCfvnG;}vM4qhU=QkoN>m
zhV0p&)ukS5G2<V{HJWb|7Z~WCcIH$3KOf@bc|?nd@PBe9n%7X!Ufj08DIlZFwb|p~
zEzwy_D^<ledEhx}YEsVvZ&A!@Yk!dg*D#7focBz3pk~|IR^35f>@Q^1wCU}30+aZO
zWUX-<u^^9)u|F*(Kn!aEUI_J?D-Hgx+HE^zYMulPCHd2o0_;eWE(gYqos-Q=g-<#a
z$Qi@``}Xb!Tx)y1S;a)b+0*2{0;l?LJ??(d!|HU8AbqBsQ2D<9K>IP;iCOb2VfLqe
z4?e!%Uje=xWZ3tn7Sz)nMF87GP_xN+Za(YgD8K|5HL5rrx$3xY*k}0f9Mpw{`Z`b<
zSb0Pz7=PWxw&L-EK)lBr)>8`<+`i4xJPDK`)P)(Q3)uHUN>h;-`C`4Uz7Lz!Sp_8F
zLQ+`RqlT0ykh^bft0D;anJCSPAc%-yQ7eE%9DtI87-Or|0R8#e@6u9%a2$8HFTv(I
zKD5Z?(ItiWnounBU3q^;D^zEt6UDdci&q^!Ai`V6JPxz;27kTkczw?hnbNj-eyb6x
zJ*za_8t*=e(s}u{q2h8iPa`n~vkzdm2Q1T7-tFFd5m?XF1ekmPLXN^iAZB4ke3=Cz
z)f^19P_^9{Rbzw#x|8Ys1*%4pdOVl$Al_Vy`Z+mOK}<MH89(fZb6SF))3qL0jd5gv
zcR)I31Z`>Fx*q!sZv#uFqCRuCe%}dL905oEr;!Wjsf2*=B91|cN)HK0Wo7itUkA}y
z=d-dhQW*`=VRYe<A&0ft%P6NpI~Pfsd{G1+4kUQ=_6HH(YJ;)mIxaCk9Cw^u2>D!6
zQxVwG<wC^26yi>GPPn!!^58h!b`pTL{@{UNkwLe3pqz96z@a0f4U9MyHI8U!rNR>Q
z$ePxS#oNZY5)upB!jDTmwgzxSm)_Q2>Dym%Na?BdT?(HChK-_YmEg?tBIocV`Wl1g
zQZ4J3YD2#4Jc#z7q}I~NT`WO>;<eZyN|_PW)AAlQ@V>~gPWxaoIvgMWsHDNH(is?5
zBZXLt&&B)kF$@O1vNE-Z%xY;_srx~0rt`qgB}7_S5s$y|dCytVPXyr~Q1%YIaDn=c
zU_g>H+~CJ9A1;M!YXWa)_6E-Ol#JRtO+%kNdvVeouZ~suZrwR9*1n%skWnE688<p3
zY$X#}?lOG&aO0_<Z-qU==pyW4s5z;AndosOFZ@Erq>wbw<g+j9!q(?L(FwGT+_2Fz
z(0v6z8m>V}{iP^<N&NmotOH{}70seYd?_7p+W%2`W*7&1(5L-Dl0k28y5SZcal`Ir
z19MJ$pm}rT(tg7wemV9gt$+uTO56p-zR?3aO1|hGIZ0}QFEmpdj*RDn!bv$hI}=C-
zQr*c2_MO4;;lp$La~z)^@^ya?A+m9Ty%lQieq|8uZ|o9D6q)6qz>*_1vq76FmBxvF
zK6og5jLQSR^a7X4?&#kjMpH1FA&Vt$X4%Kuok+#2T<McqIAY#o&76?aZx8B9kjqX&
zC74%Kznh$!#Ld1H+9FNXbtcyn<BDZvi6jnNxeMRrTN6$IX;Db?nVR@MvrG1Bf&__y
zvLh7q%)zc9l1=~f)}-?{Z<Y!_D`c6FiB}Hw*GFP>XXnZEmco+Mk!HGrLddf!)YOLP
zK2ur6tZ#`XJ{3U=Ft{QK#q4^K<RfhLw2*l?uR<(Z{R-Z%4u6Z)Sq0D(r@)v8oMUj`
z&KggbV~%g~npX=<$6zP)WF+~2OCXdiR~%MWz4UNJO39INwM1{}O}`51?3fE90S@$J
z6oCcL8iF}K=nq)zM-$*e=b<K27)FIt(9MQ33LzW+{WAVGDyGx?en25VC2YNJ?CoxV
z^&OQiT8<*I$$>XDK7Ov`tDIQ~X5<i5BKqk|F*_m%^Gh%O`?=#6S&KzlSr910)buyj
z#Li|GDy;G_eej^XBHOgrGn}Zb1*|4Q8oNM3z;sXLyu&Gk(K`gLJR7tsPYmZ~IvZ+6
z@^zpmVB~n6L8URxu2$nSKlpBwKmdsq5^35G`4Vr;x9=Wn#VHcwlimWCbX1YU@bA&>
zK0eOYJhOAuJvW~=Zh%t2mh&q4;@NLnGCwJ`Q+IXiui&}T0}N;7Vfc30r4^|%a^+?l
zcIVdMI4Dp*dAmzV^%YUCaRdT|jHC<^y#_nJDeeS}sg%}fGEM7ux|6Stb}6R6WK^Ut
zbSsXZ{DcZjPS%}c<>q~J9~h=+9ba*aQa6V8+*et5PK+Zk(NBtWLd20pnSVc&2sfKY
zlU_pf^$<hdRtODtI9II447F{U`v=;;9*dp&ze4ic$6bx?DAryiNNP4a?lju!I}UmC
zT=sDDy4@1E6jAd$jTR;k3Q17q<=o$aj$)D9p}%cM)Vi$L-d1Kmy+aoNsl*DzDR~Lb
zFazC#<9IwZs~qd7w1LYu>-1OrbkkM3gz>)b_VVFYGxR9v>EU!&(%^W@6cQoJ8I*Tr
zWd%nUtx_vy<C+WQ6*bsSmQ`YeP)IE2585!>iQ#TIU0(6rCh1}1sa!q0Sq|PXKOCO1
z)Ym^eF&yA@XVGEUd{pAS=YYxe@>*U{a59p1^LZ?Mo#lQ{)%JVBXsvtX)vrm;OzB_L
z25lHFLyCx3^o#`vujSDf<DX2Q!#G&K;1Y$6N9x+NpRFDE_|m13>K>XJLBf7Ybuky9
zW{#DmTZn->qYY4#M2Tg8qlM%qKDgI^$BK=qGMY-_Y_<vBzM|&w+`PjZsy}MxA7S_v
zScm5D)7x{W4QA@);Y_DFapK~MMVJ2eNWUERY4PS`P61|;0|MlRCo;7|GjC!ZOK5u9
zMEyg>v?JAEDb~HgWB%3^oN7Q-lh4Z=PK+iN?24x?cimE-o~+ewoCyqavz2Yf4=mv8
zid*gT;KTK7zjPv#i%FakF)#bh2~G{M!N|QkyH>1N+vs8-HJ*^$cF_B|Ou3Z2f$>x0
zWC}<CBKnIEVeuc{Gv8fFwOGOa-z+BIbjFr-TXG%*^U<=?#Ws6K$Ty49YAp=HiasMs
z^*qu<#|4JheVhZk!qdX$f3!zt#Ns2rUPg+scYO<R<z81Xd*YOf7I`|HJM}(&zj-H0
zR!Jb}AH25Ap$GH8PVYMYu2Nwrfg&_UA4j;e`5Cw4iYc`+&#!-NDYCy5kM|YaX!CFj
zbIrP%jJH1mY{*sG6|?Ny4=ps6r%5~nG<hxG`LCGYs*MjZ|Hz<v9judg*z{9D+j}v8
zNA4R#Au-$Ce3E^oD<*S?Cm1W`oTCMao2=sA(AB0mQ^U)Y!&Y@YLq9jK${mOZYoB*~
z*LYp+T>{w)+|U$r6H^}s&lyLx-S|F?KYBS5ZXd0xy?uDFIZsl80>s&*tLY_OVJmXu
zCl&QOED{OamwXNcPknDa!!~$&kIybD^~#d1%1|GrJ6ksz&E!DGxe({jd<BFlDpqE|
zQ*$IFPyL@~LxDHRD|s$XP=FUVy}Mq%7fnFI=ttFgEO_H}JZCz0^c%>DSgsm~)1+^9
z_(tdAQ!(WI;DG0xlWq6D^4yqXuZ{2)x`P@mB)_#^by#1ZFDBy*jM-x6(+9ugU<slE
z$#BLHDAt}{(@%bg8XRuwoxiOq)_=VGI?@LY{_GA0^&jUg5nkk+2)~=~iB-{U!jI@+
z4+%a{Y~-60?=D8wI9^j~crUo#BI+#Ky`2YwZLSjFrl=sXf(y7-<76{~dBF34Wq+`W
z)6TmzZNuudg(qoCd?0bxo#6P#yf>XpJrSdQ_n?z!Al(eelA6%q@|Zo`N_!e1hmm&M
zUGkb5I@GKtfs<)!OUgEe_>@fzhMIt8JWk)kwYiFrAX8qV&EbLP?!WCEO~~JS{L}u2
z^HKdx*H8p61sg4L7k*Grs>^c+JLqTi^1!73U5#eDDLH{%8%9RHU4TjjBV>;(8Jklz
zPL4e^=#-&nt*6cXjixx0DRsR5IWx=bj(EWpZ_$l0s(C$n2mYs<PLy}9Drl_be7n^D
z!VBqDW&)|Or|n|LtmHY*oOMtK=9Sw(9x_-(rYQo$TVDk7`LEvkaXw9PK@-U%9vZJX
zx&tXYh#6dR8d9X()AWk(-w3LbwR^8qM;!+*C+4tuP$k`vI<&>fDrbEVZh0rKA4Ld^
zmp8ClSV};nm3wJ`B=c@4P9{hoQc&ebvWiUky=xE+1_+Hed`->aoIng{qMfIM_K+7x
z)*X&ASKaw=G<YotEBg0W2?7}6U(+~KRA3&cJVGa1G{7_!c(LFpI)_o_Ngx3Po$1CP
zpnq}ZIqKzWXxC#9Ffgt0Pw>A?MoK_)vQ;+zWpcP0^DR<C1{mlO?Q)P|qwwFzgI*A=
z{#^Fyw&0hz4i2do%D}(Xj5{Y80EaC!1w5CG%y=;UAkZDH_becvH98r5kPZw^{Wdxu
z=<6vTpk**zs>8?5H0fEr-6aBcnH@fUT(n+^9?<?0hywnTX}i;YEBtc#2wvZF8<RCq
z+@=`=9hl+Is`8DP4+P0CGc@(8@h|hIq-J$5{<8xVAQT9g@K0bMjpd9_815dvWipCf
zB@G~;%RVJoSftQTuOx;uIq{`iFq@Hg%?wxYPh_Q2TF|Y#lK1B}(Pt36v9W)oeiIgC
zApKj&aujR4LnzSN-hgxSDp-Ze|0aC$;>F|!DGXXygj9ztH9}5fp18d1Vzu&<qN^VJ
zZ=$>klG&69$ALt|^25{)6wrh2I03U8Bnrrz>ALe`IxViDo?5yNTVlTGAIH8$HpQn1
zN@MTsD097FY!2bv3`WU-j`@+?jopd$>P7hmvBv6ozys~T0Y-36K|&J-(x;l!7LjMY
zqXeuqti1^zsqB9`hq%}4d)Xii=_#Sad%gjbM#>5PACqm9E5KxL;JEJ09ST-XnqeNd
z2D+Y9&;v*yYIJ}O1@Ug08)*gGp}09v|HfCug)n6{@%7J~yroQ==3N=n*}WCk5e3LZ
zd`ZLNSZABfnB%a>7f+exaOFZI0&qfrRrAsOB$DAs+$8IRDqu+bclRPRlPkpo+6+Sg
zi2he1B9jc8GSYO=f3y*R7_jO&UdN>8OHytI-aBXmxK>OBnwt0jLY5cnxED$IsT~gx
z_&?bP1gL1uRl|vKZqNSQ4Xw}ad}+y`aH)VQM2~Hi<qZ7j9#dI1hNEcJTNmtq-$7{h
zLk&SgE4;x|x+v=-79#GC@#U8&Bi3y_vTUfs$-!15%dkxI>5Bh8qXISffPhIqHJ`qH
z)E_hjzR~?hf{7Qvm%<*5wB^a75c*S%j6!yz!sG9JaDcK|O|pv2bGwunpW+Uqxs!Xp
za`z<NEqY5AEXO{QpE`y}G0;*hF6Nb}A+QeqSbzZ3E0Z3QWl*Ui)J7-KOqz5y%3p7A
za8(xjEBGbsrJA^HLM*>dC!H+Y{^rRy5WpwraIlV^_-J08PBwx&B5p;axJ~_fDG5q4
zEF0D!)tN?^;3$>KqoxOlLxuoAbJ{jfOFw$oDT1SBmDioT(H|WJ_x0*&<`VtM`ZNQ4
z=mt4|@`1!q@&9A${5>LS2$zv=Lwj(nT9M>OZl7I8oVW>GKse!`f~<JGr#>W;ex~6U
z^~A)||5RmpWp~bh20?Qs$K+;KE?Myd?EY{gp$tFT#Sr`v>{3)M#?{PNr-AM}&LLyq
zKQ+-u6-Di7`pI_~3;gj$r*A-bE`krt1G-hXVvsP9h~D}3U?<s{l#~wvpk>7y?ER|$
z2*MFF#Ug8b44>XwTufa;1P4HUIyZI$6IIM8C&y~Nlzs%nz;(<@po2VA;M$x2T?IpD
zn@6%d2{du#(BiPTAOwg@w(al)ZbM;rqC7d$o*Ux$KjOF<=Dp`{6L>kZR_o5A?JW!U
zK-}pkL<#^CurHE96)HC^=}Xo6eo3vsS?&a7f&tvJ!ZBKS|LHf}jHQWvK+gEe4!^1&
zSCwG(8xgc<3?C;xpH5!uY?})}#I=boNFE$OzNYl>wI}^6(e?&bx9SN=&m)u`F>#OE
z3mYV9kofMW`&=X83NCdQ%B3zg$$5mUyVOqrn{E40@{dCSA*w5&$1|Pd+=L->q8XK-
z=ClHgko*@#iTQNcQ~XA6u!`JX-2dcSZEUgBzsw`-+$LMs`bN1%NjSnc-7Z{$3NR)c
z5%s-+=M*c@^~s$e;Xi%<L|bbN1rdwc;AIqX>=&8t3(O<&rOKZe1uG3eg-N-bJy}QH
z>~*qAfma4kLvhzo%K-9X9V>pAG8a)V#Fu{H)XjY$Y2VuIB7%DCHnWtuc&2l9+c}9m
zx_S{BS>gfF+s8<c6kDh{GWfLI<R9<>CP3g?Xl`u*uEeZ$39%`Xe0Hui*IN+l<tp<3
zqmRg0<h|p#{$6S;AwS+nG01xd=zHT9lM4p&z<<<AM!LsA*J&w%5a##;j&YZO08q(F
zf=mes$q(rFf{;-2=ARNi_O4L61qdu=9W^)^Jqlv2b8T>O4&107kLz8*KNPk2Y(cXi
zn(9uu$eSM5{v_7ZdAGQvG?5Ml`W1WCqRiDwgL6>g>e-`o)%4#g1~CFF>>u*hTB}9u
znPv$-dIm=i3hZ3?<N@ZH;65@ru#LLa=;oNqD<($bpoe&U0w6|h2ex_Fet^C5T;6G-
zVtC<Q5%fVrmXI<loMtuw3Rpw9OraqdFD0~FSNa6pR>C~3`A@Tv$iYpSKOMny*D%K`
zejyh9!1tg#mN1`fg#6)`(92!7fG=V8A_9~3%>L(ih&3}~1`tOrT*A|@-Cvnab`m*O
zV4RfQ9bq56(eNVLw=y{R^@O4(9LSQQ;acoy;^o^ht-&PB!2p5$G7gLR6O5=F_g{PT
z7h;=td=JuNiK*gpfN*jK58&c_2(_k~VLzdr?nR-6{}}&MU9z3<7)C!>^_tN-PfMy}
zCS-^WjD)K)0->~T<LSaMKD@^g_Ii2dj*>wt^Qid$arAf=4i%r~E7Dsi<b@W_Q=M=?
zH)O88c>lrdEwH5KtCgO0niX9DI~JB>pQ&P$xFP9^liN+mlq#UYVSoK~s}*=o1ge(1
z)}oz1>=!Boou?r5Bim<ktZyn$WR)vIJ-itH830Pu9t0$;soE~)`S1c^17kzgg?H*E
z3NTbOlt*eZCRYuqw$=805vC)hO6dP|xZMMMKt_t`$Z2d);3=8F6-5zjqh{!LiS<%B
zFPbOZBgUuj`n5Cq20;6^ptMN;%`xBzN!L~N&~0qmj5hS{v#EGoS4*koYx6$TgHmXt
zgle~>WS~i^P>ybJoB5BI4Vd^e-@sE{2ir`=^3gCxg?k2jQY|e3)p`kJ25+KSAv#oW
zn&Z<Zt<{+SkGxFT<SfcaQolp8{$gpMy$yEbUzU<NeL4;^FPvuwf#NW(Tzf&k{_ZVx
zFo+ExT!HJt14h`@kF0rHe}LUaGt+coIn3tug<vy6f<u6SQ4v5Ep34J~qBN4C9pskE
z7H-a%ucB)xfEFJIMSm5=-ZNUQCsm{)_Dm;)de;$G5MR5rX%YY{^TvMMDI@5#kq#sH
zyG$P()g+Sk55p#gGx%=o7u%Y9O5TU*-@#td<lE05e3r=os6@YX-JG{r3DxGpYz6um
zaZ<p>OhN*}=>_9GUz4wa)K)1x#z=4-qrv9~^{6Gd-=w2W0dlPY<-w4xwde!f=_*gk
zwaK2T*TVxq{5VJ4ppkGoOV;6KP?UV~m0;6(an#>7-xeK&#@f@lI2J_KWNH}(U|jn1
zZR}6!e^!o9J-uDtZDARii`jbk&xd>M7yspb2d@=inxWbTP=Z1n4>%y~wQa)v;+(%1
zivO`_vD{ynLrzVsnPJ3X>{*ojJ}RYF@neYG{t3PDE4b2BbS~)K_>b+u98-&JqbwMC
zJ0@U~;Q8-_Rp2#}<sDWA6|RqlOW%9#oct?ta^LeO&_N)ya&UjB4no(JthAESYNzZn
z=vLc@7Igr27^)#Ku(V^|bx&?|nkm-8?exIkD~MN?WqyVA`1aUC7$(QG$2y!0f@`Ol
z<JCZFeUhRr#-`D}q&6wQuJ`>kR7G&zIy3e5y~jRkxT}mHR#ck`bZ41(0k#p|er7Yf
zCz$41UqC-1MLX*q{*Paz{lx)TYtrYfl}U2-q^ckOQ8A{r<%}4>H{yW_ArQv2pEdbf
z+O7PNCZmd0ccBGP3mbhQu+B+@ZQo%fOaSmAVh;CVFE!C38b@uDm-%iZhMgBx!4jCD
zc)+<Uk2V3QPwt4XFmIIkp(4WwiWQk>SL=vBf#GlUlkY;y`vAN2MDrB7P9^{I7fxhN
zJ@7(u&4TXyGIy+fv6ZJkqd*b2KoSCoVTmz5A#Tadm>c_tJ=h#uiC6gt$7t%uv~QI)
z`Tp~{0~Nu=lv~#F;+zlm6}+4r!^XNM!D#?*avv5k%@=4`ZzxV0c=8}`#{(ClB}*8p
z{MQlmi7XC6zenMx`0;fy-ua>$=+*-G&I$EuV_~3(8KBBo8duSB9*WOraV@|3i_mo0
zt@E)SUvVFGk#Q_LE%nW?UIF8jfC`*rIY7WB$lcb2O)AlAomr*;C5-s;@!7tX^>|E~
zdzHqS>YuyNLme=uJpVlQ`G2_pEjjXht8HybNN<)vG(l?N3&>n1jQA<jb^devM@|<1
z2n9a+vjSKiYQmNT$2u%9Oh9>YfN+mOgSeF?Y44hL`_YLMi_Wc!*uM{l0MDlNx^<;!
zeTlS7#YB%e9E5l`sFr(E%v1%)n-<`2CEl-{YTD{7i&G7|vj;L~dS3tn6R3cl9uM9g
ztgTM%_Qln7m2PN)q^>{Vg9Mh7p{-tlKNP`X3hh>0LkRx5ILtkRV>HD_p2H}~l=F_D
z(RerixtKUX&=Fpo30LU`)fl_Kwb=INWsJ8$f<(k~q5WXWzO1=XZ8<FLGd0(Yv+3Nz
ziFPsrg0zp01}oYxHDf+BO6YETL`L-H>0irw=uCDkM~-jb$eRKB^M-Y~Vc9d&1NccO
zIx`c;xtOI?r*07c{H2OFdB1OYnU|VtS=$iWzm7(K<Ij8ry&_%a5zKh7k1qk6YXX}s
z0p<iV??8AU+|-mc=@Pw_SOfQuPhey$I@ds#$DY5$-|i>~=I8A;TaN226fzs&Kmp;W
zU_waQmf|nk>L#8aSZlEN+py|M0AsAQs~4xNz}Ef0aH})eOVyFo&c6#WlD!bje`X&)
z`nTLJs8?E~MHE!$5M68jR$pUkzz-_Q0#5<<2YA5;GT*Yhj8$>?VfgWtPho5-p9;cX
z#elVz@a6$)CA}mf>*7Q`E&l9oceLF;PlTA}W7V}z2!Qd~Z?v+fu!O`ZB<pKHS{l&O
zUISuSH=y5J(PFq)I;23yU%`bTIu^t4Z)np{beASl0lO?C<X83&_L?9hdr*+XDD%eB
z%-aq|?f6ve3fsNG9_0l0$31Vzzyewbk!+;!2D^NM^48aZ8~bKc5xBer0DGn-4Jm4j
zOZQxPDt#?%dy!vLNXq>hxMqFN?|e7B;j%CPPl5Cy-Vw{V3f?$7Y5lysnFW`4%p*T{
zPD$JX8wJNYRKng<m=J*e{rk<@OEu=W8vZpS+^18SsIjjDh)exY9=-9ENI;v{rg-N|
zf5qs|SyVP`D*y(27QI^+VaCVu`y7rEH*@TJ>DSinX7yZfR|J2{aEB9lqbivKM`}y%
zMQgQljeW2`8^pzBglQ)ML@QGq!05s~5X9@Blr^1Sd<(-<TSEY|_Qx6haje!UK_Ieg
z!b?wl2Yt}uPGCzlGa#G_6@J6woPRR@@j3CzN@^a(^CDHjPEX(BkE3v{>$|Xi9PQ0y
zha3p7nHP1cTmuq~dEsyuzdE8;xUp&ef>)sdz>l;K3&5QU=jMG(PKUcJPQ>6>i!6|z
zy-@Z;-bjZ$=(r2^l@f^t9TEu5d@e_c-Ks}aE3MFho-u5AuTk>>x+mAG&Za0M8vUXg
zSdR!c32mO%dek5?ba4G1JNW1hDO3@zqwA@fW7C&NLSxgsNNjk(uu1WPV{Nc}Lk8lX
zoxHO{$|M_&NBBC{9rrK4IVzIeSZe+OI&at-%B51_^Khx|`@npsjV^HO|EcOc1wb#d
zEm$?*ev2jZlWPW&wu&^L9r!npK)CLM@cOXAa&Lzs$e==M`XC^UU|!N*GCNLpWhiXG
zlJTD%1}=2I;@7!e`jfYByl_9W(kdzpVrHF+e9ImSlKMw0@5Q}<xtQa^8uCfWnj_;{
z<^hMLQf!NVYsN9Adrb5FdtdyNVf}n~63$sarn*S|;csO^eP+^2@sCRji=v<RB<@(J
zb2fJt?&{2xM<*fw>)YUTpY)OWg;vOKjqLwQI`2TL-|vCn<s$RiWQ6RDOJox=6Pb~5
zt?aTgv-e7oG75dnTec`!7r9a&tN6Ggu06A|*Zn?zzyII&ywCf2&N<I{UgzBBu?P_0
z7<XZBnIm<`)n^4Z6an0$25CnGr>|mMf-(zRsxvyLnD}q~X1sW*hhKkW$-K-b;hsU;
zv0n9{`scQx1csf+A@HfgF$NH=FWnMkPu?K2sgP{TcXqbdPVTh{_vl(3fMjLl=(g?J
z{c5!%`{^wr55&HE<M80}_+2GyA4-UNc+iq-^d^)>X%U@^s9Xt`p&a@idy%QkR}$60
z>v|u#1#jKJ1w{`^#Bq^+T0OgnHLb8G2}o`_L<{HE#hZTT=P7a(UAS$V-c<WyWH=Ap
zmWJjWlW`KRt!3vOp!3J0Q}AM7*tXn><J$W&xd`h0(g8)j3M=p%1wPZx$l4nB&d3{E
z?x>K~VXnpoGM@M}H0%i^Oc7K2Je-T8dV5sp&Q8{x%gzcLHiv#-P0<u^nuZ%<r$=7v
zA9c<+S|@lgJX?{_>AcPC^8wdRAqWJ|Mt(>U$hthMz5m#;5^q@`-}5)ofa!<C%BNzW
zt4F6V;+x%9HwDbv4)p~?3qMLAC(YqHpzU^&%pFDUFk{!WWT;w(Axt`beQiFjcdS6M
ze<PN0K2st$P7tb(jqgSYk7@|MgHBj39)2}%yY@}?Ll+Mr-yxFbPz>cxpsa1yVvK5F
zbDG7~U~Z7h1)w}CIk)!8jsAW;M@v(_0=JSvN=HtYC_tvB-x&2KHssuD&hsR;?f2$1
zEYd{nQuPpm$d!iHBaTHI$$qYJl%3BXELdzWOv_AB2q>|Y!dyog>-Wp>MG+DU^LYFw
z5?}{5<3sn)2KFh5RD34h+OGcbf{>q5c;~1{^3xOT1M_{2_LEum^X;CyTGVfH?}byR
zZ&-oI<FqsMQ@5}8$|Ru7ElmN>!Fkq)B)R>VLK7Lqe1q%IoM^Nl`6)6`uIMcYICS7X
zEhWj<fG&KNMswbLg#hHHfS*1=%4T1$C$6PtdGRF;S!P`sf;8P(uqP>3+|aDe809a8
z4{&Pewf6|Hx5EUl<K!a`*6CeSRDX}Np>;ASMN1bYK*;YOas5SJvpxe>k}to@;tC{T
z9lU(}{mWhwKM+LaG;}!O3_|iOKDne3e6IWak+RH}85wgx9~jVy#$#}xNSgQ-qqNyB
z`?B87jJJwS-L=$-*E{}^$WwBZ!uX4+MPWmTL=^e~dW#1ft_!IpnZ;iSG0-t!l9m{c
z)2t;LRRUFDP)>4yB!^9KFJ0JGTiX&lr_34>iaJR!cbHG~svfR9%HB&mvR7N>e53iN
zvM(kkVDc^hg5ywsG(ge<j<Mf@1&Y?=ZCXCZ(mnk1wqs~Z<~-~A;UFkCGz_g@#gxqZ
zZ+_>WJorYzJCvOqeGwcy)cB&JXEHP3lMz-zL0+q`6~{*q_Apg!C#lOFCS|a9m6&zi
z!Rd;6Gs_OK9S!DDieI3xz~*&Mu@IPnKiv=aW8YF{Xb9p#dPQiIn67k+fJ9z;q903I
zcZ2z$($H-<63wYv|MDOm%^;`f4&7kk4AD5d+AA&KHpO*HV*qo+jQ44}ZxxyYHwNj#
zgr&3Zo3i*<gU}8kKF$7BpLSr6eC$p;1O#z<xP<id<c|5_{@-rpzjy=~I^I7F9t-NF
zW>iTa91feP4^xfT@%8?`-;&onK8X3=6nRq%pFg_t<R40$0I&rJN$A3!SSbt@WjB1m
zXeigZzMuz;l0HCBU1U`GDPcLRY<cd|<cIdGphu#$6~*rPXDPT%ScfDZWB+PE`!IsY
zF!~)yk|gv;A3fN$dKa(U`Y3I){kpO_hJR%>6Vx}hZK6FesVBS6PLqwLsldUclgp|O
zG8{ZlNbyN8E|e*uR7a$tCAQSyg~;RlpF-;qPBEKp^8XfOG5hI-nMqN5Kd63TayL(T
zTFs6!ry`-!{`G8izpdBhud*`FILRXz4+ld_H%osau4v$MGB5_@baL+pZzQ~bLRz@X
z9qvty5-xE{;$}9}zvZ?g<5IF78@)C*-#k|j6Z^~&>Ulizr~BppS*VQCo5AbQq#X2O
zd94iee*WlEumJIGTk+({s&KbJ;lKw2=?!|1J#_#C{5UIud5c{Nt8c#!dbA4gf-;xL
z$K38<mP13-Q6Lbsc^&Eoar(E4paN~l8xv7}>=qMd&+agoykoYfu2fK#t^ok|ZMzvI
zJ4zsFjkUbl$y5l`4`joH=^WpmoYjtV4F=^wt|y@vIo7qa4`dsrySrsK!XC%<+T|B<
z#08YuGJL*iEFw!)tu8K=_5z++-M#0j`024}^un9u2XqS)xbj=`eGh_K>D^#M>i8TQ
z0*x4t_k#`>$@!VHxygf7;a=@`&RG)8C9&xL6C~5AdSqm#Dd=&*=pRmx^wGp}^;fRm
zSm|(xB^3Zc#y}7TpA$ixhN;mx=Z_zJ@BMa497WlIt1YOHJ{U|6kApy})C{w81IZLc
z7qgi3Wc%AJLxUgv-1?|P=`976!qoZzD}x~<ugFe}7)gFkhtZQc;g&c8Ci9wSgWciN
za+cvI=S<pVuPBq0P<nb{bIp{-D3HS6|1YTC-#f7_s<QbhG!k(tq%t=h42I`9deI)%
zLF@G}aQecTidBkRLo2BrmvzU-Ayro@M!FU#f}<T;IUrs5^XnJ;bMITGLSjN~6i@85
z+JB@Bu<`+A{$=wg-@1%5?B6)qjqBAs=?!t)6b4DJSF7sfr~)Qq58m9#8MUL4>8w=W
zxnFkzX&0CKWvgCqj&nm)`T3?F-CCl`7KDgn(#D^*X)VX9o6`M+tw$7JMCh5(Ic9oI
z33sDQ%Yrvc7eDqHMl|98hN0*8S~l`s!w*=f?497Ip@q!Pe^;^LG|DK|Q`wweVqU?|
z1%`gFpC_iM(*5C@dpoAhp0}lk=klW@*9ovv#~yt}QKUQk!(y_h5$cByq+ua6${86o
zt$3b6G;x--KhJxu(NXbt7^7IE@mFhEDbGM<ljlj(QU+6V<RF_QkN8Ytf>#$W`<M%~
zbTPFr|Ky#WZXF9lP`sgm^klv2;KFz7oe{dG%1s_<qzGT51&!m|pNJxwk?-UrMITME
zW1ja2<<F66<Ok{gUX|LDsCvD`oZ{~={eE-4efSg|4dW=i+VyMVS3miBlaJN7hl)%$
zsKkY@j@7q|gHOzt!h4aOt2Fsx%9x$xeLi==!+L{{hY$-Mx}r1Bo+`-Ge!f;T!s%Fk
z;(fQ)PyA|r073QH+~Qt{#a@ZEY$Zce{j{sr{E-EXMw=dEl$>MQ3N(TytkK7GjqLU%
zjqWURp~LNhyZeRJjvAVZE6;r1VCk4k&BF3d*{jHSOFfeKyNLfVZCV#Dy~|dxDR<#H
z>aFbwKfkAyU@c3rXORc_!0Ys{PIM&P>(MCN08=>kZ?%E$nsh(ENufoG+&ImDvya*C
z%SxAyOc-*n{e^2{S!UxCdXCtX#+U$_Apc!8J`esdNj$hU|HxW_V($(Rh&{gBIgQvT
z>Jx|?+&?zX=Go+0$kh}O6y5)zE-GPa#E?fJJgS%#twsSjqw$`GAC_%`Tp9#j+`A2D
zu|!M623f>?tpfK2^^si=SwJ207LJslA~KXI0IfAm8RU`J!A+qf{912|Q|R?_W%_oa
z3=uCpn)+}&9GastFWR2Pt<}C&>+fH?WYey!x%S`$s<c32#T6!fU3vLbt6!HfN&(0A
zmv>zx`h8THeV;7$9#zOO5kdFo@*K{X4EiJa#sT?qGPIP#v;JWRw&w3EPhRA`-&u|z
z@+ny?eigLdM?vW!Mh-zokqz1KyG!MiI8KK&EAl6>U^Qd6g?oTdWbm*p4Ugd!<gEDx
zHAH#8*!HUCy73j6l}vFTipgqX*6Z5W03`Um`m*LPJPkJ8WjE7OGaCE<vK-U;plVd7
zo*2{A#O}Ibj*NAlC2TC?>(>>ipg(n;IbvV{nWG!v9XxE`B9d6+b{7~x{i=7*Q|Vr&
z(TC6+aO4V!^00<adU&<7f~pv3=ah!RT;38P$`!4=dff3?*~hu$TQ~6i)geTAZ@9@`
zdJMW(5cXM39Xp<XI=)>lcSyDy_@&vy<>{MPE@0Z_`>+qj?4SmvN3=o>7w#*R>`kk#
z{xfoe;vBY>iu=YwmpH^W#a6vdoI)2U**I1#KTlIASrbAEb`0<Syot?ybLP(w7wB(4
zdSlml&Ze2KJKgi|wN3ro-tFFXvA9CGJ<D^`D(<wrwx&Y~6V_ffMtC)TgXR;vn^kg+
zUWA*xw9VYxa3|%kPhVI5G5W^*!<T$)R7)MZ^7_nwhCCsK)r69|ZJf=r`fHtMZLEte
zrK9-NFMCU91mX!tu)fwQONNeZNz>s&lUI1Q2DU>5;;ZQB|DNJ^;N8!MIp{VUWMJh&
z%Cq2LMtM^i*q%2`U;JK{8r;<Aw2@v?YIkuKYyus?>>E%eV_`PlMEb2;L=xlkETHk{
z>)wBDOC{3Lg0$;67P`+|ZmDl>+F|5nH?~2_T@X_IHQ9I2f;o+<dJW7!OUXyX`IVA+
z_S2!E!i)w`3j=Gj)d)&xN;SFz`Gn_CoXC#awpQk5j&3^IFd42GL_T3U6u@|=Cd%|s
zQ3E9lg2Q8eKVnjlHi0{>exz0WQ=6-YEkomxr;f4+)XT?$geJc4jqm+-=YNTA#kPGu
zFp928`I>A&r+urus{K3YH$_uo;QN7{bZ~LCE6ROT)ZH$HOLVUY;chYT^7m$K&jMzv
zvdOaZGRi~`Ml~{h6Gz+hnrP+;pOrOT75{q}Jx$&YeS#$L^EHA&y;WJ&K4JFZBGLPe
ztASYl&?ZHazjXj;Z%HfOl{UTMz&U;<(@0v-nL%P>-epn0|1lEgBs>NaZGWr8=wxf3
z=M7i*Px8)lqvopC(npF&Lb}Qr$y<CuDY9`i=uJui8c${cSED->D=Kf~4;6!hs=AJj
zhw_>BbJh$d1@s~c)*NT>q`u-ANW;;Ac+Y=Wh>)`*1Yma{in_S--V|JEnj_z$Z%QDM
zs9GiXZl?AYb5ziDkj(f;-c#76w>>!AV4-uhW|nj=ng2WaoI#RP#LuS!<kDBNeZF4h
zR1zyP%g<Ntu*b#+l-OA8UmdT%_WeH>E6_TD4L0!H17}M{slf_HJR+!KBmR+)!soc)
zj2v9yO^w0wKX){{?<o+8xuQU5{ef0I<D6^^y)<Q_^JM2uBif4nE9w+ryiLTvJjVFy
zyaoWd`d)#Hc~Iul4-*ouhvf~IPew@MD1~3Zix=G|Hg!kk_h1^axIqkK^h;aWC#pTx
zI3WLsU%*b$dOm%Iqu7PV5}dLj!2R=)!>FR{G^qR_@W#5m_lC2HJEc}l*S<e9YH?<K
z_&zaMLMOTdagHR^kcG2wpY7V<($H2IF*(XZE9>CVt)trmmpFOeZ|@9C*KkVuKdIEN
z;{YVaIrEN^ngcfE3mr}A1^DR`v^}PxloP+>KmOx781<w5h+pJN4%=e{BB?cr>Ao`e
zD4+M4?Yq2UJ0&8E7lV&wYNEg0#ZYr@9UI3Na!NLU%}^F2ceb_eKLylZ)<%(!bJcBA
z`ZjrMxOY84XUELYt5g}nE62In>tbOh0c8`R-XyPSvU4h*j)E1-JV=EIK4%mcR-265
z6XzZv%dJ3yPM7^ci3_`nb$$1m`#?C1mvW3Zi+&bOKKwp;l#BsK5geh5eNaKhyYfjB
zKpM~k@}H!BUD*voSG>S0uQieL29+3^(}R?+(ZFdM$qgYR_eW|jPsOQ-Y~3ZM{P%RZ
zE8QHX{Y|x|u)2Q9IX70*JRya9!8&P8-g#DoZ-e+>jn!zJdh{7RQ#4M!zriIWc8H~X
zwXer&^o=txc(Bt^{E6PdDlqOs3*hZ3DuX1y_vFRDQUxI%)_Wc?`E^3b2;{x#U#R|p
zdjgnG^MCQVq9;b?!DqL#!DcJjBMA*yU&*Y-zjcq18vRHXrt))A2t9{rfl8AQthq$<
zk;K5a4bY)rQn`HRM|Q6NO&$!L+*Tx2u-^Ma?1~$#XrPZR3;&Sm3C|Yl*K$NOmF(Td
zK3p=o5MB=c%lFRDW74UT0W8ao)z6ZZzSxon?fBcdQY_Ns9`jJZwql-Tvd)qxm|g5W
ze~h7A&5bfg+uT{eJ$f#V{_de9udwJE_%yVD@wp#xwO=`ckkuGACuzcGC=cYEthTk0
z|FgWg<oxY%*Ag}#w@=^J%Ef@Cp=~Y+Tfkd~p80T@pm`U6vB&hi!Q|2ZOJfS1j(S8L
zfe{WvN>U^%X~?bo$o5?s6uLl7DFat+tzK0Jq|HwfzTS9qBdP`(nbB5d1n*Fk1hZDj
z=A;<q8Ko3WCr$2(5M;-En3plxXBR!@R5V@K@<}(H;|3d@dL9M@atvkSn;5LZ>r+xd
z?PfCMm(^((CG|mPw{^&PTO($O{=JaDZ7y4?;w)IQq=w#<2wlGDQF)f!zem^EMkpd>
z;O4A5jr#GNq$$fPlNw$h8lTHsyzBT*g?=h(uyY#r!(k~4i}__~GYD<);)SSsR^m|t
zy>1UDfCxG8YC$r??UxvP`;G(6iX&cTwJ*?FG%r_>NQo^V!Y`Q_uKm#mj$o?W!t`qs
z-<G;3y`>g)Qd=6fcda9@F=RWd$hy4UYAcjzK|K559x{{a8>j)my@KkZuk$Co@vu|n
ztjt|XEZM$Y5cO3@4ZcO9A~A*dpKF#ZI_FITTt%J!*Tim2Xl>0A65;q1bY9tf<1I`X
z&Ps2n6uTLzddE^woA*zqQLpa58BuEPH@4_-bkRCmUp%*iM>yqbBBagM*qk`M_<Urx
z9%5L%ZLGE&*)BdZ*#qY`zI3~9=}S&;avg`OK9rHU&{6ga6?Hp0?rkSCFL#ixe9T-F
z|6a}OZ2Fv!PjV0Dy*qL%OL-FL|AV)&awtn)l|uHS9QnT3^5zG8Ep-fVwP9Ieyf)Cg
zGVn#X<WE_f#;-RSA9WINvA8ze8P181p(#Mi!!9RMP4wMD8rsrPjB3h)l;{2@iKCZ_
z+9|uQ<jMsHDO>gjMqaUex039I2QTyBLv5-$C@nQwC#kt9u5OLMqph><*X2wfW?(Y3
znA|l1KN;_k#ow7o#A9lW_9EO!`G<QlIS*BC`f>4cv4Vi^)pch<@>|c!0DierZG0(H
z;^>8vec4}ElP=Yj>BOqZ125nUi@70ZKZ~uuvo)}^T;Gx)YGZDB>WpyW35tlGcZSsX
zH5p{F!2JrhPs=hEG!@6Z=F`T1*R2CF)c7219^$EPcm`B{mUvr$Qtl>w$$7SWVQ8^F
zQ`yP0oNFb{9eG&Dqnsz1bZa-Kkl|%`antYo*iX-rny=dO7WyqKis4v)pcOOahFsS=
zBe+$^2j}Ux==a@8I(+ptjoo+uj&>bAHxYMATj>#mDAgGtCURWA!&$o^Js#?H947Au
zsX?~`<LI-xdP61vADvt}BE0&!Z5ujjWhfT=Mf^=8^UBVh|4_*98Mq0$G75T*rxL;`
zms+p9J$IEuh5RkeGWr8?aO)+GOw{)!-WGS4hoLQ#TIhqgW}li)=LpRYURvE3nc~gz
z(Hkq=ZO}{f`e9qaqt6={PKqEp5O1Ose*ZvWLmow+S7I&D`1LM9_zg!R)b58stv|)H
ziDn*6x`v}v*kE4fX>RxT!E)}xVfb?;wGtDmieqF=JJl3h{?#a&*@*CL!baZ5pMRF}
znd!YCL0V;Ym)}3~C^>iK+h@{JUVN5DiH$Q5eULFRjtvV#-w}OCvK8HUmZk)X{wr~s
zqD@4<4u1t2WlCj;@>M>%kHN|w&|!pnqt@B%+n~|NKai%P>5L^8>XB6$xa@R6$N^mG
zK7Cw5-Xkf(<GpwGg`vHI2<AaSN||#@xxlh3%t1c4awc6~ri~g1@?UifOjq5|KhvAu
z_>$2=n;hy_H1Hkt8W}mkN$}8{86IS3zUJcQYTBRPpL+`VDAbme#+tlCKZQzS$`5(E
zRJT3TBSxjcir55pB9xPHhKMHk<>;p`Y4x!NGPJFilw$#iV|gB1#g%FDQV{Y^oZYD!
zF9^Hg$QZq+UI}Eab_Ej{+G-pJH`T8388rp!>bGTq=c+~@@xQ)}sP3FnkxGi#e7Da4
zJBb>L>aB|=q1s;PG|HUOoBJoA%NScMiP}UD40CNJS#XJQV?4b)MJugx^zWgAilnp;
ze#ZK?fP;>_c22WO6IW?vyl;tt+;<Zm{pO1esiEe?v#gD$+m1zQY29fGFw?h1Ts-TV
z*7x^;w2y3{1%`5H{NhO`Hu-^kqvH(B+IB|cg-lWKT&rW69?a6=fXar-3&H{oS8t8i
zH1$s;e~q}~aAQa1Db1--s%~R8+*DK_j88~a1WzZemvk-HJ!HUGq=@Xw?Xxk|`t!El
zDAy0P9eIF?8B=MWX?4<K!~$Ou{fbyy%#7V;hRpt^!}tm1r>wQ+M+H5|@ZZffEEihF
zxTLM%2QGp3cCuFvuE<O3v{gz{_J=rx+%g@s1`~Vs5c4tVwfhX=g$KJK<i$G~e1OB|
zRRYqhYk>Y*k06}=%Eaektd%fKz-ve?CA=$=?DCfVkW;9>RUSlG7VdQW(*59NKQDo<
z{=G=MI75m|ut4b}FE5Mj)s)xu1lu9@F>q1@3j4t;PQMWi-tbu+&j#JWDXvp@imump
zDo*7wU0t;|4|u0ub>0|f+cF&+ULRR?{+LHff^Vs1@16(%_WHITLN$mG_w|*SbX?x?
zrjP+kkP~AJVxP^C^Y?uzaAOE!up4>85$Jjz;pL;&mEU<T+$3yN0ky}b7K2hTN*XUu
zC=?@a2`b9CVZd^*{h+7IMV$^9xdmyVVDIGUYYpkrz;QTp3wo1c3)$2)r8jl0E{vh&
zB@awntE()-8XKa|2r11YR(`?t2$GAeqrM2>9M>OoKlI8Rq6^p#hbCho5J--m)=jfT
zRL`!}rvGZktA=x{f#Y8<I%xNzY)FbnC&bD~+FGOKZbIV`%1gE_i%@=CjH4vpI~x>p
zZ8L(mnHUxUWyLM*^@GErf@;4bL%bY^;ti2Ipi6z7T9dow;EH{uJqTK=a=xENVstbK
zM9%JwYMvhC3VPl8lx?4~Es17_zcmDZe*0|j{q3wP%Oh<jReL0O7iQ=M#Q+zm<Ut^M
Mx9(_FYhYsj2akNY6aWAK

literal 0
HcmV?d00001

diff --git a/src/constants/tokenConfig.ts b/src/constants/tokenConfig.ts
index 2959a9a0..f3f6c230 100644
--- a/src/constants/tokenConfig.ts
+++ b/src/constants/tokenConfig.ts
@@ -65,7 +65,7 @@ export const INPUT_TOKEN_CONFIG: Record<InputTokenType, InputTokenDetails> = {
   },
 };
 
-export type OutputTokenType = 'eurc';
+export type OutputTokenType = 'eurc' | 'ars';
 export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> = {
   eurc: {
     tomlFileUrl: 'https://circle.anchor.mykobo.co/.well-known/stellar.toml',
@@ -91,6 +91,29 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     maxWithdrawalAmountRaw: '10000000000000000',
     offrampFeesBasisPoints: 125,
   },
+  ars: {
+    tomlFileUrl: 'https://api.anclap.com/.well-known/stellar.toml',
+    decimals: 12,
+    fiat: {
+      assetIcon: 'ars',
+      symbol: 'ARS',
+    },
+    stellarAsset: {
+      code: {
+        hex: '0x41525300',
+        string: 'ARS\0',
+      },
+      issuer: {
+        hex: '0xb04f8bff207a0b001aec7b7659a8d106e54e659cdf9533528f468e079628fba1',
+        stellarEncoding: 'GCYE7C77EB5AWAA25R5XMWNI2EDOKTTFTTPZKM2SR5DI4B4WFD52DARS',
+      },
+    },
+    vaultAccountId: '6bE2vjpLRkRNoVDqDtzokxE34QdSJC2fz7c87R9yCVFFDNWs',
+    erc20WrapperAddress: '6cNENXUqHUeEGSm4psQCeykZiLXJL9VzMQnvSoouyeEEoJpe',
+    minWithdrawalAmountRaw: '100000000000000', // 100 ARS?
+    maxWithdrawalAmountRaw: '500000000000000000', // 500000 ARS
+    offrampFeesBasisPoints: 200, // 2%
+  },
 };
 
 export function getPendulumCurrencyId(outputTokenType: OutputTokenType) {
diff --git a/src/hooks/useGetIcon.tsx b/src/hooks/useGetIcon.tsx
index 43dd0ecc..512a3ca7 100644
--- a/src/hooks/useGetIcon.tsx
+++ b/src/hooks/useGetIcon.tsx
@@ -2,12 +2,14 @@ import EURC from '../assets/coins/EURC.png';
 import EUR from '../assets/coins/EUR.svg';
 import USDC from '../assets/coins/USDC.png';
 import USDC_POLYGON from '../assets/coins/USDC_POLYGON.svg';
+import ARS from '../assets/coins/ARS.png';
 
 const ICONS = {
   eurc: EURC,
   eur: EUR,
   usdc: USDC,
   polygonUSDC: USDC_POLYGON,
+  ars: ARS,
 };
 
 export type AssetIconType = keyof typeof ICONS;
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index d75e8416..59b20b42 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -21,6 +21,7 @@ import Big from 'big.js';
 import { createTransactionEvent, useEventsContext } from '../contexts/events';
 import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
+import { Keypair } from 'stellar-sdk';
 
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
@@ -125,6 +126,7 @@ export const useMainProcess = () => {
 
         try {
           const stellarEphemeralSecret = createStellarEphemeralSecret();
+          const stellarEphemeralPublic = Keypair.fromSecret(stellarEphemeralSecret).publicKey();
 
           const outputToken = OUTPUT_TOKEN_CONFIG[outputTokenType];
           const tomlValues = await fetchTomlValues(outputToken.tomlFileUrl!);
@@ -151,7 +153,7 @@ export const useMainProcess = () => {
           setAnchorSessionParams(anchorSessionParams);
 
           const fetchAndUpdateSep24Url = async () => {
-            const firstSep24Response = await sep24First(anchorSessionParams);
+            const firstSep24Response = await sep24First(anchorSessionParams, stellarEphemeralPublic);
             const url = new URL(firstSep24Response.url);
             url.searchParams.append('callback', 'postMessage');
             firstSep24Response.url = url.toString();
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index e733233b..60243395 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -1,8 +1,9 @@
 import { Transaction, Keypair, Networks } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
-import { OutputTokenDetails } from '../../constants/tokenConfig';
+import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSigningServiceAccountId } from '../signingService';
 import { config } from '../../config';
+import { fetchClientDomainSep10 } from '../signingService';
 
 interface TomlValues {
   signingKey?: string;
@@ -67,6 +68,8 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise<TomlValues
 export const sep10 = async (
   tomlValues: TomlValues,
   stellarEphemeralSecret: string,
+  requiresClientDomain: boolean,
+  outTokenCode: OutputTokenType,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<string> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -75,11 +78,19 @@ export const sep10 = async (
     throw new Error('Missing values in TOML file');
   }
   const NETWORK_PASSPHRASE = Networks.PUBLIC;
-  const ephemeralKeys = Keypair.fromSecret(stellarEphemeralSecret);
+  const ephemeralKeys = Keypair.fromSecret('///');
   const accountId = ephemeralKeys.publicKey();
-  const urlParams = new URLSearchParams({
-    account: accountId,
-  });
+  let urlParams;
+  if (requiresClientDomain) {
+    urlParams = new URLSearchParams({
+      account: accountId,
+      client_domain: config.applicationClientDomain,
+    });
+  } else {
+    urlParams = new URLSearchParams({
+      account: accountId,
+    });
+  }
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
   if (challenge.status !== 200) {
@@ -99,6 +110,17 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
+  // let signer-service sign the challenge to authenticate our
+  // client domain definition.
+  if (requiresClientDomain) {
+    const { clientSignature, clientPublic } = await fetchClientDomainSep10(
+      transactionSigned.toXDR(),
+      outTokenCode,
+      ephemeralKeys.publicKey(),
+    );
+    transactionSigned.addSignature(clientPublic, clientSignature);
+  }
+
   // More tests required, ignore for prototype
 
   transactionSigned.sign(ephemeralKeys);
@@ -117,7 +139,7 @@ export const sep10 = async (
 
   // print the ephemeral secret, for testing
   renderEvent(
-    `Unique recovery code (Please keep safe in case something fails): ${ephemeralKeys.secret()}`,
+    `Unique recovery code (Please keep safe in case something fails): ${'testing master account'}`,
     EventStatus.Waiting,
   );
   return token;
@@ -185,7 +207,10 @@ export async function sep12First(sessionParams: IAnchorSessionParams): Promise<v
   //>????
 }*/
 
-export async function sep24First(sessionParams: IAnchorSessionParams): Promise<ISep24Intermediate> {
+export async function sep24First(
+  sessionParams: IAnchorSessionParams,
+  stellarPublic: string,
+): Promise<ISep24Intermediate> {
   if (config.test.mockSep24) {
     return { url: 'https://www.example.com', id: '1234' };
   }
@@ -194,10 +219,21 @@ export async function sep24First(sessionParams: IAnchorSessionParams): Promise<I
   const { sep24Url } = tomlValues;
 
   // at this stage, assetCode should be defined, if the config is consistent.
-  const sep24Params = new URLSearchParams({
-    asset_code: sessionParams.tokenConfig.stellarAsset.code.string,
-    amount: sessionParams.offrampAmount,
-  });
+  let sep24Params;
+
+  // TODO change
+  if (sessionParams.tokenConfig.stellarAsset.code.string === 'ARS\0') {
+    sep24Params = new URLSearchParams({
+      asset_code: sessionParams.tokenConfig.stellarAsset.code.string.replace('\0', ''),
+      amount: sessionParams.offrampAmount,
+      account: stellarPublic,
+    });
+  } else {
+    sep24Params = new URLSearchParams({
+      asset_code: sessionParams.tokenConfig.stellarAsset.code.string.replace('\0', ''),
+      amount: sessionParams.offrampAmount,
+    });
+  }
 
   const fetchUrl = `${sep24Url}/transactions/withdraw/interactive`;
   const sep24Response = await fetch(fetchUrl, {
diff --git a/src/services/stellar/index.tsx b/src/services/stellar/index.tsx
index 842abf4c..546c64ad 100644
--- a/src/services/stellar/index.tsx
+++ b/src/services/stellar/index.tsx
@@ -138,7 +138,10 @@ async function setupStellarAccount(
       .addOperation(
         Operation.changeTrust({
           source: ephemeralAccountId,
-          asset: new Asset(outputToken.stellarAsset.code.string, outputToken.stellarAsset.issuer.stellarEncoding),
+          asset: new Asset(
+            outputToken.stellarAsset.code.string.replace('\0', ''),
+            outputToken.stellarAsset.issuer.stellarEncoding,
+          ),
         }),
       )
       .setTimebounds(0, maxTime)
@@ -188,7 +191,7 @@ async function createOfframpAndMergeTransaction(
       throw new Error(`Unexpected offramp memo type: ${memoType}`);
   }
 
-  const stellarAsset = new Asset(code.string, issuer.stellarEncoding);
+  const stellarAsset = new Asset(code.string.replace('\0', ''), issuer.stellarEncoding);
 
   // this operation would run completely in the browser
   // that is where the signature of the ephemeral account is added

From 3c3ac6a3621339e5089efa614dd7875cd4c5444d Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Mon, 4 Nov 2024 08:22:24 -0300
Subject: [PATCH 02/61] WIP

---
 .../src/api/controllers/stellar.controller.js |  1 +
 signer-service/src/api/helpers/anchors.js     | 92 ++++++++++++++++-
 .../src/api/services/stellar.service.js       | 99 +++++--------------
 signer-service/src/index.js                   | 28 +++---
 src/constants/constants.ts                    |  4 +-
 src/hooks/useMainProcess.ts                   |  6 ++
 src/services/anchor/index.ts                  | 40 +++++---
 src/services/signingService.tsx               |  3 +-
 8 files changed, 168 insertions(+), 105 deletions(-)

diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index 5b0cd6a7..2a538300 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -63,6 +63,7 @@ exports.signSep10Challenge = async (req, res, next) => {
       req.body.outToken,
       req.body.clientPublicKey,
       req.body.memo,
+      req.body.userChallengeSignature,
     );
     return res.json({ clientSignature, clientPublic });
   } catch (error) {
diff --git a/signer-service/src/api/helpers/anchors.js b/signer-service/src/api/helpers/anchors.js
index 846a2986..32b35422 100644
--- a/signer-service/src/api/helpers/anchors.js
+++ b/signer-service/src/api/helpers/anchors.js
@@ -24,4 +24,94 @@ const fetchTomlValues = async (tomlFileUrl) => {
   };
 };
 
-module.exports = { fetchTomlValues };
+const verifyClientDomainChallengeOps = async (
+  challengeXDR,
+  networkPassphrase,
+  signingKey,
+  clientPublicKey,
+  memo,
+  expectedKey,
+) => {
+  const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, networkPassphrase);
+  if (transactionSigned.source !== signingKey) {
+    throw new Error(`Invalid source account: ${transactionSigned.source}`);
+  }
+  if (transactionSigned.sequence !== '0') {
+    throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
+  }
+
+  // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
+  // memo field should match and not be empty.
+  if (transactionSigned.memo.value !== memo) {
+    throw new Error('Memo does not match');
+  }
+
+  // Verify manage_data operations
+  const operations = transactionSigned.operations;
+  // Verify the first manage_data operation
+  const firstOp = operations[0];
+  if (firstOp.type !== 'manageData') {
+    throw new Error('The first operation should be manageData');
+  }
+  // We don't want to accept a challenge that would authorize as Application client account!
+  // We DO accept a challenge where the source is the master account + memo
+  if (firstOp.source !== clientPublicKey || firstOp.source == signingKey) {
+    throw new Error('First manageData operation must have the client account as the source');
+  }
+
+  if (firstOp.name !== expectedKey) {
+    throw new Error(`First manageData operation should have key '${expectedKey}'`);
+  }
+  if (!firstOp.value || firstOp.value.length !== 64) {
+    throw new Error('First manageData operation should have a 64-byte random nonce as value');
+  }
+
+  // Flags to check presence of required operations
+  let hasWebAuthDomain = false;
+  let hasClientDomain = false;
+
+  // Verify extra manage_data operations
+  for (let i = 1; i < operations.length; i++) {
+    const op = operations[i];
+
+    if (op.type !== 'manageData') {
+      throw new Error('All operations should be manage_data operations');
+    }
+
+    // Verify web_auth_domain operation
+    if (op.name === 'web_auth_domain') {
+      hasWebAuthDomain = true;
+      if (op.source !== signingKey) {
+        throw new Error('web_auth_domain manage_data operation must have the server account as the source');
+      }
+
+      // value web_auth_domain but in bytes
+      // if (op.value !== 'web_auth_domain') {
+      //   throw new Error(`web_auth_domain manageData operation should have value 'web_auth_domain'`);
+      // }
+    }
+
+    // Verify client_domain operation (if applicable)
+    if (op.name === 'client_domain') {
+      hasClientDomain = true;
+      // Replace 'CLIENT_DOMAIN_ACCOUNT' with the actual client domain account public key
+      if (op.source !== keypair.publicKey()) {
+        throw new Error('client_domain manage_data operation must have the client domain account as the source');
+      }
+      // Also in bytes first
+      // if (op.value !== 'client_domain') {
+      //   throw new Error(`client_domain manageData operation should have value 'client_domain'`);
+      // }
+    }
+  }
+
+  //  the web_auth_domain and client_domain operation must be present
+  if (!hasWebAuthDomain) {
+    throw new Error('Transaction must contain a web_auth_domain manageData operation');
+  }
+  if (!hasClientDomain) {
+    throw new Error('Transaction must contain a client_domain manageData operation');
+  }
+};
+
+module.exports = { fetchTomlValues, verifyClientDomainChallengeOps };
diff --git a/signer-service/src/api/services/stellar.service.js b/signer-service/src/api/services/stellar.service.js
index 7368fad3..d12349bc 100644
--- a/signer-service/src/api/services/stellar.service.js
+++ b/signer-service/src/api/services/stellar.service.js
@@ -8,7 +8,7 @@ const {
   CLIENT_SECRET,
 } = require('../../constants/constants');
 const { TOKEN_CONFIG, getTokenConfigByAssetCode } = require('../../constants/tokenConfig');
-const { fetchTomlValues } = require('../helpers/anchors');
+const { fetchTomlValues, verifyClientDomainChallengeOps } = require('../helpers/anchors');
 // Derive funding pk
 const FUNDING_PUBLIC_KEY = Keypair.fromSecret(FUNDING_SECRET).publicKey();
 const horizonServer = new Horizon.Server(HORIZON_URL);
@@ -152,92 +152,37 @@ async function sendStatusWithPk() {
   }
 }
 
-async function signSep10Challenge(challengeXDR, outToken, clientPublicKey, memo) {
+async function signSep10Challenge(challengeXDR, outToken, clientPublicKey, memo, userChallengeSignature) {
   const keypair = Keypair.fromSecret(CLIENT_SECRET);
 
   const { signingKey } = await fetchTomlValues(TOKEN_CONFIG[outToken].tomlFileUrl);
 
-  const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
-  if (transactionSigned.source !== signingKey) {
-    throw new Error(`Invalid source account: ${transactionSigned.source}`);
-  }
-  if (transactionSigned.sequence !== '0') {
-    throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
-  }
-
-  // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
-  // memo field should match and not be empty.
-  if (transactionSigned.memo.value !== memo && memo !== '') {
-    throw new Error('Memo does not match');
-  }
-
-  // Verify manage_data operations
-  const operations = transactionSigned.operations;
-  // Verify the first manage_data operation
-  const firstOp = operations[0];
-  if (firstOp.type !== 'manageData') {
-    throw new Error('The first operation should be manageData');
-  }
-  // We don't want to accept a challenge that would authorize as Application client account!
-  if (firstOp.source !== clientPublicKey || firstOp.source == signingKey) {
-    throw new Error('First manageData operation must have the client account as the source');
-  }
+  //TODO verify userChallengeSignature if outToken requires so.....
+  //  const fields = await siweMessage.verify({signature}) must return the pk, we
+  // need to verify that the memo is the corresponding one to the pk.
 
   // TODO how to make the expected key based on outToken? with a simple manual map?
   const expectedKey = `mykobo.co auth`;
-  if (firstOp.name !== expectedKey) {
-    throw new Error(`First manageData operation should have key '${expectedKey}'`);
-  }
-  if (!firstOp.value || firstOp.value.length !== 64) {
-    throw new Error('First manageData operation should have a 64-byte random nonce as value');
-  }
 
-  // Flags to check presence of required operations
-  let hasWebAuthDomain = false;
-  let hasClientDomain = false;
-
-  // Verify extra manage_data operations
-  for (let i = 1; i < operations.length; i++) {
-    const op = operations[i];
-
-    if (op.type !== 'manageData') {
-      throw new Error('All operations should be manage_data operations');
-    }
-
-    // Verify web_auth_domain operation
-    if (op.name === 'web_auth_domain') {
-      hasWebAuthDomain = true;
-      if (op.source !== signingKey) {
-        throw new Error('web_auth_domain manage_data operation must have the server account as the source');
-      }
-
-      // value web_auth_domain but in bytes
-      // if (op.value !== 'web_auth_domain') {
-      //   throw new Error(`web_auth_domain manageData operation should have value 'web_auth_domain'`);
-      // }
-    }
-
-    // Verify client_domain operation (if applicable)
-    if (op.name === 'client_domain') {
-      hasClientDomain = true;
-      // Replace 'CLIENT_DOMAIN_ACCOUNT' with the actual client domain account public key
-      if (op.source !== keypair.publicKey()) {
-        throw new Error('client_domain manage_data operation must have the client domain account as the source');
-      }
-      // Also in bytes first
-      // if (op.value !== 'client_domain') {
-      //   throw new Error(`client_domain manageData operation should have value 'client_domain'`);
-      // }
-    }
+  let expectedMemoInOps;
+  if (!memo) {
+    expectedMemoInOps = '';
+  } else {
+    expectedMemoInOps = memo;
   }
 
-  //  the web_auth_domain and client_domain operation must be present
-  if (!hasWebAuthDomain) {
-    throw new Error('Transaction must contain a web_auth_domain manageData operation');
-  }
-  if (!hasClientDomain) {
-    throw new Error('Transaction must contain a client_domain manageData operation');
-  }
+  // TODO clientPublicKey must be either ephemeral for non memo case, or
+  // the master for the memo case
+
+  // incorrect verification leads to failure
+  verifyClientDomainChallengeOps(
+    challengeXDR,
+    NETWORK_PASSPHRASE,
+    signingKey,
+    clientPublicKey,
+    expectedMemoInOps,
+    expectedKey,
+  );
 
   const signature = transactionSigned.getKeypairSignature(keypair);
   return { clientSignature: signature, clientPublic: keypair.publicKey() };
diff --git a/signer-service/src/index.js b/signer-service/src/index.js
index ee0283b1..1797a889 100755
--- a/signer-service/src/index.js
+++ b/signer-service/src/index.js
@@ -7,22 +7,22 @@ require('dotenv').config();
 const { FUNDING_SECRET, PENDULUM_FUNDING_SEED, MOONBEAM_EXECUTOR_PRIVATE_KEY } = require('./constants/constants');
 
 // stop the application if the funding secret key is not set
-if (!FUNDING_SECRET) {
-  logger.error('FUNDING_SECRET not set in the environment variables');
-  process.exit(1);
-}
+// if (!FUNDING_SECRET) {
+//   logger.error('FUNDING_SECRET not set in the environment variables');
+//   process.exit(1);
+// }
 
-// stop the application if the Pendulum funding seed is not set
-if (!PENDULUM_FUNDING_SEED) {
-  logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
-  process.exit(1);
-}
+// // stop the application if the Pendulum funding seed is not set
+// if (!PENDULUM_FUNDING_SEED) {
+//   logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
+//   process.exit(1);
+// }
 
-// stop the application if the Moonbeam executor private key is not set
-if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
-  logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
-  process.exit(1);
-}
+// // stop the application if the Moonbeam executor private key is not set
+// if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
+//   logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
+//   process.exit(1);
+// }
 
 // listen to requests
 app.listen(port, () => logger.info(`server started on port ${port} (${env})`));
diff --git a/src/constants/constants.ts b/src/constants/constants.ts
index 85325639..c0a9c8a3 100644
--- a/src/constants/constants.ts
+++ b/src/constants/constants.ts
@@ -14,4 +14,6 @@ export const AMM_MINIMUM_OUTPUT_HARD_MARGIN = 0.05;
 export const TRANSFER_WAITING_TIME_SECONDS = 6000;
 export const SIGNING_SERVICE_URL =
   config.maybeSignerServiceUrl ||
-  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3000');
+  (config.isProd
+    ? 'https://prototype-signer-service-polygon.pendulumchain.tech'
+    : 'https://prototype-signer-service-polygon.pendulumchain.tech'); // TODO rollbcak after testing
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 59b20b42..7f13ff69 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -132,11 +132,17 @@ export const useMainProcess = () => {
           const tomlValues = await fetchTomlValues(outputToken.tomlFileUrl!);
 
           const requiresClientDomain = outputToken.requiresClientDomain;
+
+          // get or derive memo:
+          // for mykobo memo should be ''
+          const memo = ''; // derived from user's start chain account or empty.
+
           const sep10Token = await sep10(
             tomlValues,
             stellarEphemeralSecret,
             requiresClientDomain,
             outputTokenType,
+            memo,
             addEvent,
           );
 
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 60243395..2e2c6730 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -2,8 +2,8 @@ import { Transaction, Keypair, Networks } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSigningServiceAccountId } from '../signingService';
-import { config } from '../../config';
 import { fetchClientDomainSep10 } from '../signingService';
+import { config } from '../../config';
 
 interface TomlValues {
   signingKey?: string;
@@ -70,6 +70,7 @@ export const sep10 = async (
   stellarEphemeralSecret: string,
   requiresClientDomain: boolean,
   outTokenCode: OutputTokenType,
+  memo: string,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<string> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -78,18 +79,28 @@ export const sep10 = async (
     throw new Error('Missing values in TOML file');
   }
   const NETWORK_PASSPHRASE = Networks.PUBLIC;
-  const ephemeralKeys = Keypair.fromSecret('///');
+  const ephemeralKeys = Keypair.fromSecret(stellarEphemeralSecret);
   const accountId = ephemeralKeys.publicKey();
+
   let urlParams;
+  //TODO requires testing, unclear what the anchors expect on each case.
   if (requiresClientDomain) {
     urlParams = new URLSearchParams({
-      account: accountId,
+      account: `G.....`, // TODO master account we use to sign along with memo
+      memo: memo,
       client_domain: config.applicationClientDomain,
     });
   } else {
-    urlParams = new URLSearchParams({
-      account: accountId,
-    });
+    if (memo !== '') {
+      urlParams = new URLSearchParams({
+        account: accountId,
+        memo: memo,
+      });
+    } else {
+      urlParams = new URLSearchParams({
+        account: accountId,
+      });
+    }
   }
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
@@ -111,19 +122,26 @@ export const sep10 = async (
   }
 
   // let signer-service sign the challenge to authenticate our
-  // client domain definition.
-  if (requiresClientDomain) {
+  // client domain definition AND/OR sign the transaction with master identifying memo
+  if (requiresClientDomain || memo !== '') {
     const { clientSignature, clientPublic } = await fetchClientDomainSep10(
       transactionSigned.toXDR(),
       outTokenCode,
       ephemeralKeys.publicKey(),
+      memo,
+      undefined,
     );
     transactionSigned.addSignature(clientPublic, clientSignature);
+
+    // TODO we are missing the signature from the master account
   }
 
   // More tests required, ignore for prototype
 
-  transactionSigned.sign(ephemeralKeys);
+  // Ephemeral only signs if NOT identified by memo
+  if (memo === '') {
+    transactionSigned.sign(ephemeralKeys);
+  }
 
   const jwt = await fetch(webAuthEndpoint, {
     method: 'POST',
@@ -136,7 +154,6 @@ export const sep10 = async (
   }
 
   const { token } = await jwt.json();
-
   // print the ephemeral secret, for testing
   renderEvent(
     `Unique recovery code (Please keep safe in case something fails): ${'testing master account'}`,
@@ -224,9 +241,10 @@ export async function sep24First(
   // TODO change
   if (sessionParams.tokenConfig.stellarAsset.code.string === 'ARS\0') {
     sep24Params = new URLSearchParams({
-      asset_code: sessionParams.tokenConfig.stellarAsset.code.string.replace('\0', ''),
+      asset_code: 'ARS',
       amount: sessionParams.offrampAmount,
       account: stellarPublic,
+      // TODO do we also need memo here? we shouldn't even need account, in theory, so we probably need it also.
     });
   } else {
     sep24Params = new URLSearchParams({
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index 664702d4..4778e9b6 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -42,12 +42,13 @@ export const fetchClientDomainSep10 = async (
   outToken: OutputTokenType,
   clientPublicKey: string,
   memo: string,
+  maybeChallengeSignature: any,
 ): Promise<ClientDomainSep10Response> => {
   // TODO remove after testing.
   const response = await fetch(`http://localhost:3000/v1/stellar/sep10`, {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, memo }),
+    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, memo, maybeChallengeSignature }),
   });
   if (response.status !== 200) {
     throw new Error(`Failed to fetch SEP10 challenge from server: ${response.statusText}`);

From db71c336e32f3a1d90f8667c589d892d5875062c Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 5 Nov 2024 12:42:28 -0300
Subject: [PATCH 03/61] add message creation endpoint for testing

---
 signer-service/package.json                   |   2 +
 .../src/api/controllers/siwe.controller.js    |  14 ++
 signer-service/src/api/routes/v1/index.js     |   7 +-
 .../src/api/routes/v1/siwe.route.js           |   8 ++
 .../src/api/services/siwe.service.js          |  42 ++++++
 .../src/api/services/stellar.service.js       |   8 ++
 signer-service/yarn.lock                      | 135 +++++++++++++++++-
 7 files changed, 212 insertions(+), 4 deletions(-)
 create mode 100644 signer-service/src/api/controllers/siwe.controller.js
 create mode 100644 signer-service/src/api/routes/v1/siwe.route.js
 create mode 100644 signer-service/src/api/services/siwe.service.js

diff --git a/signer-service/package.json b/signer-service/package.json
index 6dc0e309..2b6a4ddd 100644
--- a/signer-service/package.json
+++ b/signer-service/package.json
@@ -29,6 +29,7 @@
     "cors": "^2.8.3",
     "cross-env": "^7.0.3",
     "dotenv": "^16.4.5",
+    "ethers": "^6.13.4",
     "express": "^5.0.1",
     "express-rate-limit": "^6.7.0",
     "express-validation": "^1.0.2",
@@ -40,6 +41,7 @@
     "method-override": "^3.0.0",
     "mongoose": "^5.2.17",
     "morgan": "^1.8.1",
+    "siwe": "^2.3.2",
     "stellar-sdk": "^11.3.0",
     "viem": "^2.21.3",
     "winston": "^3.1.0"
diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
new file mode 100644
index 00000000..3d4353fb
--- /dev/null
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -0,0 +1,14 @@
+const { createAndSendSiweMessage } = require('../services/siwe.service');
+
+exports.sendSiweMessage = async (req, res) => {
+  const { walletAddress } = req.body;
+  try {
+    const siweMessage = await createAndSendSiweMessage(walletAddress);
+    return res.json({
+      siweMessage,
+    });
+  } catch (e) {
+    console.error(e);
+    return res.status(500).json({ error: 'Error while creating siwe message' });
+  }
+};
diff --git a/signer-service/src/api/routes/v1/index.js b/signer-service/src/api/routes/v1/index.js
index 08a8dbc3..710bb64d 100644
--- a/signer-service/src/api/routes/v1/index.js
+++ b/signer-service/src/api/routes/v1/index.js
@@ -7,7 +7,7 @@ const storageRoutes = require('./storage.route');
 const emailRoutes = require('./email.route');
 const ratingRoutes = require('./rating.route');
 const subsidizeRoutes = require('./subsidize.route');
-
+const siweRoutes = require('./siwe.route');
 const router = express.Router({ mergeParams: true });
 const { sendStatusWithPk: sendStellarStatusWithPk } = require('../../services/stellar.service');
 const { sendStatusWithPk: sendPendulumStatusWithPk } = require('../../services/pendulum.service');
@@ -70,4 +70,9 @@ router.use('/subsidize', subsidizeRoutes);
  */
 router.use('/rating', ratingRoutes);
 
+/**
+ * POST v1/siwe
+ */
+router.use('/siwe', siweRoutes);
+
 module.exports = router;
diff --git a/signer-service/src/api/routes/v1/siwe.route.js b/signer-service/src/api/routes/v1/siwe.route.js
new file mode 100644
index 00000000..bd79fe72
--- /dev/null
+++ b/signer-service/src/api/routes/v1/siwe.route.js
@@ -0,0 +1,8 @@
+const express = require('express');
+const controller = require('../../controllers/siwe.controller');
+
+const router = express.Router({ mergeParams: true });
+
+router.route('/create').post(controller.sendSiweMessage);
+
+module.exports = router;
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
new file mode 100644
index 00000000..3b892d61
--- /dev/null
+++ b/signer-service/src/api/services/siwe.service.js
@@ -0,0 +1,42 @@
+const siwe = require('siwe');
+
+// Make constants on config
+const scheme = 'https';
+const domain = 'localhost';
+const origin = 'https://localhost/login';
+const statement = 'Please sign the message to login and give me your money';
+
+// Set that will hold the siwe messages sent + nonce we defined
+const siweMessageSet = new Set();
+
+exports.createAndSendSiweMessage = async (address) => {
+  const nonce = siwe.generateNonce();
+  const siweMessage = new siwe.SiweMessage({
+    scheme,
+    domain,
+    address,
+    statement,
+    uri: origin,
+    version: '1',
+    chainId: '1',
+    nonce,
+    expirationTime: new Date().toISOString(),
+  });
+  const preparedMessage = siweMessage.prepareMessage();
+  siweMessageSet.add({ nonce, preparedMessage });
+
+  return preparedMessage;
+};
+
+exports.verifySiweMessage = async (messageFromUser, signature) => {
+  const fields = await messageFromUser.verify({ signature });
+  const expectedSentMessage = { nonce: fields.data.nonce, messageFromUser };
+
+  const isSiweMessage = siweMessageSet.has(expectedSentMessage);
+  if (!isSiweMessage) {
+    throw new Error('Message not found, we have not send this message or nonce is incorrect.');
+  }
+  siweMessageSet.delete(expectedSentMessage);
+
+  return fields;
+};
diff --git a/signer-service/src/api/services/stellar.service.js b/signer-service/src/api/services/stellar.service.js
index d12349bc..9734338f 100644
--- a/signer-service/src/api/services/stellar.service.js
+++ b/signer-service/src/api/services/stellar.service.js
@@ -152,6 +152,14 @@ async function sendStatusWithPk() {
   }
 }
 
+// This function will receive the challenge in xdr format from the UI (relayed from the anchor), and will
+// also receive the signature of our challenge message. From it we can derive the public key of the client
+// and from the public key we can derive the memo. We will then verify that the memo (if exists) is the expected one
+// given a particular derivation method.
+
+// Security assurances: we therefore assure that the client is in possession of the private key corresponding to the
+// public from which the memo is derived. This signature(s) we provide are ONLY useful for getting a JWT from the anchor
+// corresponding to the "virtual" account represented by master:memo.
 async function signSep10Challenge(challengeXDR, outToken, clientPublicKey, memo, userChallengeSignature) {
   const keypair = Keypair.fromSecret(CLIENT_SECRET);
 
diff --git a/signer-service/yarn.lock b/signer-service/yarn.lock
index 68f64572..6dcf088c 100644
--- a/signer-service/yarn.lock
+++ b/signer-service/yarn.lock
@@ -12,6 +12,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@adraffy/ens-normalize@npm:1.10.1":
+  version: 1.10.1
+  resolution: "@adraffy/ens-normalize@npm:1.10.1"
+  checksum: 10/4cb938c4abb88a346d50cb0ea44243ab3574330c81d4f5aaaf9dfee584b96189d0faa404de0fcbef5a1b73909ea4ebc3e63d84bd23f9949e5c8d4085207a5091
+  languageName: node
+  linkType: hard
+
 "@babel/code-frame@npm:7.12.11":
   version: 7.12.11
   resolution: "@babel/code-frame@npm:7.12.11"
@@ -133,6 +140,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/curves@npm:1.2.0":
+  version: 1.2.0
+  resolution: "@noble/curves@npm:1.2.0"
+  dependencies:
+    "@noble/hashes": "npm:1.3.2"
+  checksum: 10/94e02e9571a9fd42a3263362451849d2f54405cb3ce9fa7c45bc6b9b36dcd7d1d20e2e1e14cfded24937a13d82f1e60eefc4d7a14982ce0bc219a9fc0f51d1f9
+  languageName: node
+  linkType: hard
+
 "@noble/curves@npm:1.4.0":
   version: 1.4.0
   resolution: "@noble/curves@npm:1.4.0"
@@ -160,6 +176,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/hashes@npm:1.3.2":
+  version: 1.3.2
+  resolution: "@noble/hashes@npm:1.3.2"
+  checksum: 10/685f59d2d44d88e738114b71011d343a9f7dce9dfb0a121f1489132f9247baa60bc985e5ec6f3213d114fbd1e1168e7294644e46cbd0ce2eba37994f28eeb51b
+  languageName: node
+  linkType: hard
+
 "@noble/hashes@npm:1.4.0, @noble/hashes@npm:~1.4.0":
   version: 1.4.0
   resolution: "@noble/hashes@npm:1.4.0"
@@ -167,7 +190,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:~1.5.0":
+"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.1.2, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:~1.5.0":
   version: 1.5.0
   resolution: "@noble/hashes@npm:1.5.0"
   checksum: 10/da7fc7af52af7afcf59810a7eea6155075464ff462ffda2572dc6d57d53e2669b1ea2ec774e814f6273f1697e567f28d36823776c9bf7068cba2a2855140f26e
@@ -211,6 +234,7 @@ __metadata:
     eslint-config-airbnb-base: "npm:^14.2.0"
     eslint-config-prettier: "npm:^8.8.0"
     eslint-plugin-import: "npm:^2.2.0"
+    ethers: "npm:^6.13.4"
     express: "npm:^5.0.1"
     express-rate-limit: "npm:^6.7.0"
     express-validation: "npm:^1.0.2"
@@ -226,6 +250,7 @@ __metadata:
     morgan: "npm:^1.8.1"
     nodemon: "npm:^2.0.1"
     prettier: "npm:^2.8.7"
+    siwe: "npm:^2.3.2"
     stellar-sdk: "npm:^11.3.0"
     viem: "npm:^2.21.3"
     winston: "npm:^3.1.0"
@@ -781,6 +806,51 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@spruceid/siwe-parser@npm:^2.1.2":
+  version: 2.1.2
+  resolution: "@spruceid/siwe-parser@npm:2.1.2"
+  dependencies:
+    "@noble/hashes": "npm:^1.1.2"
+    apg-js: "npm:^4.3.0"
+    uri-js: "npm:^4.4.1"
+    valid-url: "npm:^1.0.9"
+  checksum: 10/48459fe3b4d4b3091375ee87af700864c9023d4a1271d34850c6d27475e5d93a45d1efe8a71da367ad838b6921ced60c387d54737edd0a7a0d8e4e0a3cc2b8b7
+  languageName: node
+  linkType: hard
+
+"@stablelib/binary@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "@stablelib/binary@npm:1.0.1"
+  dependencies:
+    "@stablelib/int": "npm:^1.0.1"
+  checksum: 10/c5ed769e2b5d607a5cdb72d325fcf98db437627862fade839daad934bd9ccf02a6f6e34f9de8cb3b18d72fce2ba6cc019a5d22398187d7d69d2607165f27f8bf
+  languageName: node
+  linkType: hard
+
+"@stablelib/int@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "@stablelib/int@npm:1.0.1"
+  checksum: 10/65bfbf50a382eea70c68e05366bf379cfceff8fbc076f1c267ef2f2411d7aed64fd140c415cb6c29f19a3910d3b8b7805d4b32ad5721a5007a8e744a808c7ae3
+  languageName: node
+  linkType: hard
+
+"@stablelib/random@npm:^1.0.1":
+  version: 1.0.2
+  resolution: "@stablelib/random@npm:1.0.2"
+  dependencies:
+    "@stablelib/binary": "npm:^1.0.1"
+    "@stablelib/wipe": "npm:^1.0.1"
+  checksum: 10/f5ace0a588dc4c21f01cb85837892d4c872e994ae77a58a8eb7dd61aa0b26fb1e9b46b0445e71af57d963ef7d9f5965c64258fc0d04df7b2947bc48f2d3560c5
+  languageName: node
+  linkType: hard
+
+"@stablelib/wipe@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "@stablelib/wipe@npm:1.0.1"
+  checksum: 10/287802eb146810a46ba72af70b82022caf83a8aeebde23605f5ee0decf64fe2b97a60c856e43b6617b5801287c30cfa863cfb0469e7fcde6f02d143cf0c6cbf4
+  languageName: node
+  linkType: hard
+
 "@stellar/js-xdr@npm:^3.1.1":
   version: 3.1.2
   resolution: "@stellar/js-xdr@npm:3.1.2"
@@ -907,6 +977,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/node@npm:22.7.5":
+  version: 22.7.5
+  resolution: "@types/node@npm:22.7.5"
+  dependencies:
+    undici-types: "npm:~6.19.2"
+  checksum: 10/e8ba102f8c1aa7623787d625389be68d64e54fcbb76d41f6c2c64e8cf4c9f4a2370e7ef5e5f1732f3c57529d3d26afdcb2edc0101c5e413a79081449825c57ac
+  languageName: node
+  linkType: hard
+
 "@types/normalize-package-data@npm:^2.4.0":
   version: 2.4.4
   resolution: "@types/normalize-package-data@npm:2.4.4"
@@ -981,6 +1060,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"aes-js@npm:4.0.0-beta.5":
+  version: 4.0.0-beta.5
+  resolution: "aes-js@npm:4.0.0-beta.5"
+  checksum: 10/8f745da2e8fb38e91297a8ec13c2febe3219f8383303cd4ed4660ca67190242ccfd5fdc2f0d1642fd1ea934818fb871cd4cc28d3f28e812e3dc6c3d0f1f97c24
+  languageName: node
+  linkType: hard
+
 "agent-base@npm:^7.0.2, agent-base@npm:^7.1.0, agent-base@npm:^7.1.1":
   version: 7.1.1
   resolution: "agent-base@npm:7.1.1"
@@ -1101,6 +1187,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"apg-js@npm:^4.3.0":
+  version: 4.4.0
+  resolution: "apg-js@npm:4.4.0"
+  checksum: 10/425f19096026742f5f156f26542b68f55602aa60f0c4ae2d72a0a888cf15fe9622223191202262dd8979d76a6125de9d8fd164d56c95fb113f49099f405eb08c
+  languageName: node
+  linkType: hard
+
 "argparse@npm:^1.0.7":
   version: 1.0.10
   resolution: "argparse@npm:1.0.10"
@@ -2461,6 +2554,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ethers@npm:^6.13.4":
+  version: 6.13.4
+  resolution: "ethers@npm:6.13.4"
+  dependencies:
+    "@adraffy/ens-normalize": "npm:1.10.1"
+    "@noble/curves": "npm:1.2.0"
+    "@noble/hashes": "npm:1.3.2"
+    "@types/node": "npm:22.7.5"
+    aes-js: "npm:4.0.0-beta.5"
+    tslib: "npm:2.7.0"
+    ws: "npm:8.17.1"
+  checksum: 10/221192fed93f6b0553f3e5e72bfd667d676220577d34ff854f677e955d6f608e60636a9c08b5d54039c532a9b9b7056384f0d7019eb6e111d53175806f896ac6
+  languageName: node
+  linkType: hard
+
 "eventemitter3@npm:^5.0.1":
   version: 5.0.1
   resolution: "eventemitter3@npm:5.0.1"
@@ -5431,6 +5539,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"siwe@npm:^2.3.2":
+  version: 2.3.2
+  resolution: "siwe@npm:2.3.2"
+  dependencies:
+    "@spruceid/siwe-parser": "npm:^2.1.2"
+    "@stablelib/random": "npm:^1.0.1"
+    uri-js: "npm:^4.4.1"
+    valid-url: "npm:^1.0.9"
+  peerDependencies:
+    ethers: ^5.6.8 || ^6.0.8
+  checksum: 10/6ea5ad9a9046fa916f85bf9d3092bc898f7e339d9c552714ea53ecc17daa4f78300c3cf7cc9c70fe57baf77dcee5cb38c6e1d692400b874cd84d297b1261918c
+  languageName: node
+  linkType: hard
+
 "slash@npm:^3.0.0":
   version: 3.0.0
   resolution: "slash@npm:3.0.0"
@@ -5890,7 +6012,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tslib@npm:^2.1.0":
+"tslib@npm:2.7.0, tslib@npm:^2.1.0":
   version: 2.7.0
   resolution: "tslib@npm:2.7.0"
   checksum: 10/9a5b47ddac65874fa011c20ff76db69f97cf90c78cff5934799ab8894a5342db2d17b4e7613a087046bc1d133d21547ddff87ac558abeec31ffa929c88b7fce6
@@ -6058,7 +6180,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"uri-js@npm:^4.2.2":
+"uri-js@npm:^4.2.2, uri-js@npm:^4.4.1":
   version: 4.4.1
   resolution: "uri-js@npm:4.4.1"
   dependencies:
@@ -6104,6 +6226,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"valid-url@npm:^1.0.9":
+  version: 1.0.9
+  resolution: "valid-url@npm:1.0.9"
+  checksum: 10/343dfaf85eb3691dc8eb93f7bc007be1ee6091e6c6d1a68bf633cb85e4bf2930e34ca9214fb2c3330de5b652510b257a8ee1ff0a0a37df0925e9dabf93ee512d
+  languageName: node
+  linkType: hard
+
 "validate-npm-package-license@npm:^3.0.1":
   version: 3.0.4
   resolution: "validate-npm-package-license@npm:3.0.4"

From d8f2b2cab5bf8600922997d203ecc82a804d6193 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 5 Nov 2024 16:08:44 -0300
Subject: [PATCH 04/61] add simple solution for message signin

---
 src/components/SignIn/index.tsx | 37 ++++++++++++++++++++++++++
 src/contexts/events.tsx         |  1 +
 src/hooks/useSignChallenge.ts   | 46 +++++++++++++++++++++++++++++++++
 src/pages/swap/index.tsx        |  3 +++
 4 files changed, 87 insertions(+)
 create mode 100644 src/components/SignIn/index.tsx
 create mode 100644 src/hooks/useSignChallenge.ts

diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
new file mode 100644
index 00000000..f61d6e6c
--- /dev/null
+++ b/src/components/SignIn/index.tsx
@@ -0,0 +1,37 @@
+import React from 'react';
+import { useAccount } from 'wagmi';
+import { useSignChallenge } from '../../hooks/useSignChallenge';
+import { Modal } from 'react-daisyui';
+
+export function SignInModal() {
+  const { address } = useAccount();
+  console.log('address:', address);
+
+  const { isModalOpen, handleSiweSignIn, closeModal } = useSignChallenge(address);
+
+  if (!isModalOpen) {
+    return null;
+  }
+
+  return (
+    <Modal open={isModalOpen} onClickBackdrop={closeModal}>
+      <Modal.Header className="font-bold text-xl flex justify-between">
+        Sign In
+        <button onClick={closeModal} className="btn btn-sm btn-circle">
+          ✕
+        </button>
+      </Modal.Header>
+      <Modal.Body>
+        <p>Please sign the message to log-in</p>
+      </Modal.Body>
+      <Modal.Actions className="justify-end">
+        <button className="btn btn-primary" onClick={handleSiweSignIn}>
+          Sign Message
+        </button>
+        <button className="btn" onClick={closeModal}>
+          Cancel
+        </button>
+      </Modal.Actions>
+    </Modal>
+  );
+}
diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index c429e115..ff80726c 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -108,6 +108,7 @@ type EventType = TrackableEvent['event'];
 type UseEventsContext = ReturnType<typeof useEvents>;
 const useEvents = () => {
   const { address } = useAccount();
+
   const previousAddress = useRef<`0x${string}` | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
new file mode 100644
index 00000000..500b5391
--- /dev/null
+++ b/src/hooks/useSignChallenge.ts
@@ -0,0 +1,46 @@
+import { useEffect, useState, useCallback } from 'react';
+import { useSignMessage } from 'wagmi';
+
+export function useSignChallenge(address: `0x${string}` | undefined) {
+  const { signMessageAsync } = useSignMessage();
+
+  const [isModalOpen, setIsModalOpen] = useState(false);
+
+  const handleSiweSignIn = useCallback(async () => {
+    try {
+      // const response = await fetch('/api/siwe-challenge');
+      // const { message } = await response.json();
+      const message = 'Please sign the message to log in';
+      const signature = await signMessageAsync({ message });
+
+      console.log('SIWE signature:', signature);
+
+      localStorage.setItem(`siwe-signature-${address}`, signature);
+
+      setIsModalOpen(false);
+    } catch (error) {
+      console.error('Error during SIWE sign-in:', error);
+    }
+  }, [address, signMessageAsync]);
+
+  useEffect(() => {
+    if (!address) {
+      return;
+    }
+
+    const storedSignature = localStorage.getItem(`siwe-signature-${address}`);
+    console.log('Stored SIWE signature:', storedSignature);
+    if (!storedSignature) {
+      setIsModalOpen(true);
+      console.log('Opening SIWE sign-in modal');
+    } else {
+      setIsModalOpen(false);
+    }
+  }, [address]);
+
+  return {
+    isModalOpen,
+    handleSiweSignIn,
+    closeModal: () => setIsModalOpen(false),
+  };
+}
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index e65d95ce..54ed5564 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -34,6 +34,8 @@ import { initialChecks } from '../../services/initialChecks';
 import { getVaultsForCurrency } from '../../services/polkadot/spacewalk';
 import { SPACEWALK_REDEEM_SAFETY_MARGIN } from '../../constants/constants';
 
+import { SignInModal } from '../../components/SignIn';
+
 const Arrow = () => (
   <div className="flex justify-center w-full my-5">
     <ArrowDownIcon className="text-blue-700 w-7" />
@@ -335,6 +337,7 @@ export const SwapPage = () => {
 
   const main = (
     <main ref={formRef}>
+      <SignInModal />
       <SigningBox step={signingPhase} />
       <form
         className="max-w-2xl px-4 py-8 mx-4 mt-12 mb-12 rounded-lg shadow-custom md:mx-auto md:w-2/3 lg:w-3/5 xl:w-1/2"

From d0202f2d07e39d57e63034d07b64c000f25195c1 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 6 Nov 2024 16:53:36 -0300
Subject: [PATCH 05/61] work in progress memo solution

---
 .../src/api/controllers/siwe.controller.js    |  3 +-
 .../src/api/controllers/stellar.controller.js |  3 +-
 .../src/api/services/sep10.service.js         | 32 +++++++++++++--
 .../src/api/services/siwe.service.js          | 38 +++++++++++-------
 src/constants/tokenConfig.ts                  |  3 ++
 src/hooks/useMainProcess.ts                   |  8 ++--
 src/hooks/useSignChallenge.ts                 | 18 ++++++---
 src/services/anchor/index.ts                  | 39 ++++++++++++++++---
 src/services/signingService.tsx               |  5 ++-
 9 files changed, 114 insertions(+), 35 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 3d4353fb..588073a5 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -3,9 +3,10 @@ const { createAndSendSiweMessage } = require('../services/siwe.service');
 exports.sendSiweMessage = async (req, res) => {
   const { walletAddress } = req.body;
   try {
-    const siweMessage = await createAndSendSiweMessage(walletAddress);
+    const { siweMessage, nonce } = await createAndSendSiweMessage(walletAddress);
     return res.json({
       siweMessage,
+      nonce,
     });
   } catch (e) {
     console.error(e);
diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index 4dd8ab30..5ae9c714 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -58,7 +58,8 @@ exports.signSep10Challenge = async (req, res, next) => {
       req.body.challengeXDR,
       req.body.outToken,
       req.body.clientPublicKey,
-      req.body.userChallengeSignature,
+      req.body.maybeChallengeSignature,
+      req.body.maybeNonce,
     );
     return res.json({ masterSignature, masterPublic, clientSignature, clientPublic });
   } catch (error) {
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index 7eea25eb..8b00c50f 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -1,16 +1,42 @@
 const { Keypair } = require('stellar-sdk');
 const { TransactionBuilder, Networks } = require('stellar-sdk');
 const { fetchTomlValues } = require('../helpers/anchors');
+const { verifySiweMessage } = require('./siwe.service');
 
 const { TOKEN_CONFIG } = require('../../constants/tokenConfig');
 const { SEP10_MASTER_SECRET, CLIENT_SECRET } = require('../../constants/constants');
 
 const NETWORK_PASSPHRASE = Networks.PUBLIC;
 
-exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) => {
+const getAndValidateMemo = async (nonce, userChallengeSignature) => {
+  if (!userChallengeSignature || !nonce) {
+    return '';
+  }
+  const siweData = await verifySiweMessage(nonce, userChallengeSignature);
+
+  const memo = deriveMemoFromAddress(siweData.address);
+  return memo;
+};
+
+const deriveMemoFromAddress = (address) => {
+  return address.slice(5, 15).replace(/\D/g, '');
+};
+
+exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, userChallengeSignature, nonce) => {
   const masterStellarKeypair = Keypair.fromSecret(SEP10_MASTER_SECRET);
   const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_SECRET);
 
+  // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
+  // we can then ensure that the memo is the same as the one we expect from the anchor challenge
+
+  let memo = ''; // Default memo value when single stellar account is used
+  try {
+    memo = getAndValidateMemo(nonce, userChallengeSignature);
+  } catch (e) {
+    console.log(e);
+    throw new Error(`Invalid evm account verification`);
+  }
+
   const { signingKey: anchorSigningKey } = await fetchTomlValues(TOKEN_CONFIG[outToken].tomlFileUrl);
 
   const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
@@ -24,8 +50,8 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey) =>
   // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
   // memo field should be empty as we assume (in this implementation) that we use the ephemeral (or master, in case of ARS)
   // to authenticate. But no memo sub account derivation.
-  if (transactionSigned.memo.value === '') {
-    throw new Error('Memo does not match');
+  if (transactionSigned.memo.value === memo) {
+    throw new Error('Memo does not match with specified user signature or address. Could not validate.');
   }
 
   const { operations } = transactionSigned;
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 3b892d61..2e13995d 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -4,10 +4,10 @@ const siwe = require('siwe');
 const scheme = 'https';
 const domain = 'localhost';
 const origin = 'https://localhost/login';
-const statement = 'Please sign the message to login and give me your money';
+const statement = 'Please sign the message to login!';
 
 // Set that will hold the siwe messages sent + nonce we defined
-const siweMessageSet = new Set();
+const siweMessagesMap = new Map();
 
 exports.createAndSendSiweMessage = async (address) => {
   const nonce = siwe.generateNonce();
@@ -20,23 +20,35 @@ exports.createAndSendSiweMessage = async (address) => {
     version: '1',
     chainId: '1',
     nonce,
-    expirationTime: new Date().toISOString(),
+    expirationTime: new Date(Date.now() + 360 * 60 * 1000).toISOString(),
   });
   const preparedMessage = siweMessage.prepareMessage();
-  siweMessageSet.add({ nonce, preparedMessage });
+  siweMessagesMap.set(nonce, siweMessage);
 
-  return preparedMessage;
+  return { siweMessage: preparedMessage, nonce };
 };
 
-exports.verifySiweMessage = async (messageFromUser, signature) => {
-  const fields = await messageFromUser.verify({ signature });
-  const expectedSentMessage = { nonce: fields.data.nonce, messageFromUser };
-
-  const isSiweMessage = siweMessageSet.has(expectedSentMessage);
-  if (!isSiweMessage) {
+exports.verifySiweMessage = async (nonce, signature) => {
+  const maybeSiweMessage = siweMessagesMap.get(nonce);
+  if (!maybeSiweMessage) {
     throw new Error('Message not found, we have not send this message or nonce is incorrect.');
   }
-  siweMessageSet.delete(expectedSentMessage);
+  // TODO DEFINE at some point we need to delete them (?)
+  //siweMessagesMap.delete(nonce);
+
+  // Verify the signature and other message fields
+  const { data } = await maybeSiweMessage.verify({ signature });
+
+  // Perform additional checks to ensure message integrity
+  if (data.nonce !== nonce) {
+    throw new Error('Nonce mismatch.');
+  }
 
-  return fields;
+  if (data.expirationTime && new Date(data.expirationTime) < new Date()) {
+    throw new Error('Message has expired.');
+  }
+
+  return data;
 };
+
+// TODO we need some sort of session log-out.
diff --git a/src/constants/tokenConfig.ts b/src/constants/tokenConfig.ts
index c909d5a9..6884b904 100644
--- a/src/constants/tokenConfig.ts
+++ b/src/constants/tokenConfig.ts
@@ -40,6 +40,7 @@ export interface OutputTokenDetails {
   offrampFeesBasisPoints: number;
   offrampFeesFixedComponent?: number;
   requiresClientMasterOverride: boolean;
+  usesMemo: boolean;
 }
 export const INPUT_TOKEN_CONFIG: Record<InputTokenType, InputTokenDetails> = {
   usdc: {
@@ -91,6 +92,7 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     maxWithdrawalAmountRaw: '10000000000000000',
     offrampFeesBasisPoints: 125,
     requiresClientMasterOverride: false,
+    usesMemo: false,
   },
   ars: {
     tomlFileUrl: 'https://api.anclap.com/.well-known/stellar.toml',
@@ -116,6 +118,7 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     offrampFeesBasisPoints: 200, // 2%
     offrampFeesFixedComponent: 10, // 10 ARS
     requiresClientMasterOverride: true,
+    usesMemo: true,
   },
 };
 
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 417a6360..35437d71 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -6,7 +6,7 @@ import { INPUT_TOKEN_CONFIG, InputTokenType, OUTPUT_TOKEN_CONFIG, OutputTokenTyp
 
 import { fetchTomlValues, sep10, sep24Second } from '../services/anchor';
 // Utils
-import { useConfig, useSwitchChain } from 'wagmi';
+import { useAccount, useConfig, useSwitchChain } from 'wagmi';
 import { polygon } from 'wagmi/chains';
 import {
   OfframpingState,
@@ -59,6 +59,7 @@ export const useMainProcess = () => {
   const [signingPhase, setSigningPhase] = useState<SigningPhase | undefined>(undefined);
 
   const wagmiConfig = useConfig();
+  const { address } = useAccount();
   const { switchChain } = useSwitchChain();
   const { trackEvent, resetUniqueEvents } = useEventsContext();
 
@@ -141,6 +142,7 @@ export const useMainProcess = () => {
             tomlValues,
             stellarEphemeralSecret,
             outputTokenType,
+            address,
             addEvent,
           );
 
@@ -157,7 +159,7 @@ export const useMainProcess = () => {
           setAnchorSessionParams(anchorSessionParams);
 
           const fetchAndUpdateSep24Url = async () => {
-            const firstSep24Response = await sep24First(anchorSessionParams, sep10Account, outputTokenType);
+            const firstSep24Response = await sep24First(anchorSessionParams, sep10Account, outputTokenType, address);
             const url = new URL(firstSep24Response.url);
             url.searchParams.append('callback', 'postMessage');
             firstSep24Response.url = url.toString();
@@ -185,7 +187,7 @@ export const useMainProcess = () => {
         }
       })();
     },
-    [offrampingStarted, offrampingState, switchChain, trackEvent],
+    [offrampingStarted, offrampingState, switchChain, trackEvent, address],
   );
 
   const handleOnAnchorWindowOpen = useCallback(async () => {
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 500b5391..bd04c2dd 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -1,5 +1,6 @@
 import { useEffect, useState, useCallback } from 'react';
 import { useSignMessage } from 'wagmi';
+import { SIGNING_SERVICE_URL } from '../constants/constants';
 
 export function useSignChallenge(address: `0x${string}` | undefined) {
   const { signMessageAsync } = useSignMessage();
@@ -8,14 +9,19 @@ export function useSignChallenge(address: `0x${string}` | undefined) {
 
   const handleSiweSignIn = useCallback(async () => {
     try {
-      // const response = await fetch('/api/siwe-challenge');
-      // const { message } = await response.json();
-      const message = 'Please sign the message to log in';
-      const signature = await signMessageAsync({ message });
+      const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({ walletAddress: address }),
+      });
+      const { siweMessage, nonce } = await response.json();
+      console.log('SIWE message:', siweMessage, 'nonce:', nonce);
+      const signature = await signMessageAsync({ message: siweMessage });
 
       console.log('SIWE signature:', signature);
-
-      localStorage.setItem(`siwe-signature-${address}`, signature);
+      localStorage.setItem(`siwe-signature-${address}`, JSON.stringify({ nonce, signature }));
 
       setIsModalOpen(false);
     } catch (error) {
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index cc8f036a..474e6fee 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -65,6 +65,8 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise<TomlValues
 async function getUrlParams(
   ephemeralAccount: string,
   requiresClientMasterOverride: boolean,
+  usesMemo: boolean,
+  address: `0x${string}`,
 ): Promise<{ urlParams: URLSearchParams; sep10Account: string }> {
   let sep10Account;
   if (requiresClientMasterOverride) {
@@ -85,16 +87,31 @@ async function getUrlParams(
     sep10Account = ephemeralAccount;
   }
 
+  if (usesMemo) {
+    return {
+      urlParams: new URLSearchParams({
+        account: sep10Account,
+        client_domain: config.applicationClientDomain,
+        memo: deriveMemoFromAddress(address),
+      }),
+      sep10Account,
+    };
+  }
   return {
     urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }),
     sep10Account,
   };
 }
 
+const deriveMemoFromAddress = (address: `0x${string}`) => {
+  return address.slice(5, 15).replace(/\D/g, '');
+};
+
 export const sep10 = async (
   tomlValues: TomlValues,
   stellarEphemeralSecret: string,
   outputToken: OutputTokenType,
+  address: `0x${string}` | undefined,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ sep10Account: string; token: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -106,10 +123,10 @@ export const sep10 = async (
   const ephemeralKeys = Keypair.fromSecret(stellarEphemeralSecret);
   const accountId = ephemeralKeys.publicKey();
 
-  const { requiresClientMasterOverride } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { requiresClientMasterOverride, usesMemo } = OUTPUT_TOKEN_CONFIG[outputToken];
 
   // will select either clientMaster or the ephemeral account
-  const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride);
+  const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride, usesMemo, address!);
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
   if (challenge.status !== 200) {
@@ -129,16 +146,23 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  // More tests required, ignore for prototype
+  const maybeStoredSignatureString = localStorage.getItem(`siwe-signature-${address}`);
+  let nonce;
+  let signature;
 
-  // TODO fetch and check signing signature from localstore,
-  const maybeChallengeSignature = undefined;
+  // TODO actually, if usesMemo and not maybeStored.. we need to ask for it again.
+  if (maybeStoredSignatureString && usesMemo) {
+    const storedSignatureObject = JSON.parse(maybeStoredSignatureString);
+    nonce = storedSignatureObject.nonce;
+    signature = storedSignatureObject.signature;
+  }
   // sign both for client_domain + an extra signature for Anclap workaround
   const { masterSignature, clientSignature, clientPublic } = await fetchSep10Signatures(
     transactionSigned.toXDR(),
     outputToken,
     sep10Account,
-    maybeChallengeSignature,
+    signature,
+    nonce,
   );
   transactionSigned.addSignature(clientPublic, clientSignature);
 
@@ -233,6 +257,7 @@ export async function sep24First(
   sessionParams: IAnchorSessionParams,
   sep10Account: string,
   outputToken: OutputTokenType,
+  address: `0x${string}` | undefined,
 ): Promise<ISep24Intermediate> {
   if (config.test.mockSep24) {
     return { url: 'https://www.example.com', id: '1234' };
@@ -253,6 +278,8 @@ export async function sep24First(
       amount: sessionParams.offrampAmount,
       account: sep10Account, // THIS is a particularity of Anclap. Should be able to work just with the epmhemeral account
       // Since we signed with the master from the service, we need to specify the corresponding public here
+      // memo: deriveMemoFromAddress(address!),
+      // memo_type: 'id',
     });
   } else {
     sep24Params = new URLSearchParams({
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index be2f94aa..b2606aa6 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -43,12 +43,13 @@ export const fetchSep10Signatures = async (
   challengeXDR: string,
   outToken: OutputTokenType,
   clientPublicKey: string,
-  maybeChallengeSignature: any,
+  maybeChallengeSignature: string,
+  maybeNonce: string,
 ): Promise<SignerServiceSep10Response> => {
   const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`, {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, maybeChallengeSignature }),
+    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, maybeChallengeSignature, maybeNonce }),
   });
   if (response.status !== 200) {
     throw new Error(`Failed to fetch SEP10 challenge from server: ${response.statusText}`);

From 780b17b847dfe176a6ddc72a558cd30f0c518a7f Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 6 Nov 2024 17:05:33 -0300
Subject: [PATCH 06/61] remove comments

---
 signer-service/src/api/helpers/anchors.js | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/signer-service/src/api/helpers/anchors.js b/signer-service/src/api/helpers/anchors.js
index 961d90cd..0c99e2f1 100644
--- a/signer-service/src/api/helpers/anchors.js
+++ b/signer-service/src/api/helpers/anchors.js
@@ -61,7 +61,6 @@ const verifyClientDomainChallengeOps = async (
     throw new Error('First manageData operation should have a 64-byte random nonce as value');
   }
 
-  // Flags to check presence of required operations
   let hasWebAuthDomain = false;
   let hasClientDomain = false;
 
@@ -79,11 +78,6 @@ const verifyClientDomainChallengeOps = async (
       if (op.source !== signingKey) {
         throw new Error('web_auth_domain manage_data operation must have the server account as the source');
       }
-
-      // value web_auth_domain but in bytes
-      // if (op.value !== 'web_auth_domain') {
-      //   throw new Error(`web_auth_domain manageData operation should have value 'web_auth_domain'`);
-      // }
     }
 
     // Verify client_domain operation (if applicable)
@@ -93,10 +87,6 @@ const verifyClientDomainChallengeOps = async (
       if (op.source !== keypair.publicKey()) {
         throw new Error('client_domain manage_data operation must have the client domain account as the source');
       }
-      // Also in bytes first
-      // if (op.value !== 'client_domain') {
-      //   throw new Error(`client_domain manageData operation should have value 'client_domain'`);
-      // }
     }
   }
 

From 1996e64467ca834f219d1806262e102258ad0581 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 6 Nov 2024 17:14:21 -0300
Subject: [PATCH 07/61] remove and improve comments

---
 signer-service/src/api/helpers/anchors.js     | 82 +------------------
 .../src/api/services/sep10.service.js         |  9 +-
 .../src/api/services/siwe.service.js          |  2 +-
 .../src/api/services/stellar.service.js       |  2 +-
 signer-service/src/index.js                   | 42 ++++++----
 5 files changed, 34 insertions(+), 103 deletions(-)

diff --git a/signer-service/src/api/helpers/anchors.js b/signer-service/src/api/helpers/anchors.js
index 0c99e2f1..ba599ef9 100644
--- a/signer-service/src/api/helpers/anchors.js
+++ b/signer-service/src/api/helpers/anchors.js
@@ -19,84 +19,4 @@ const fetchTomlValues = async (tomlFileUrl) => {
   };
 };
 
-const verifyClientDomainChallengeOps = async (
-  challengeXDR,
-  networkPassphrase,
-  signingKey,
-  clientPublicKey,
-  memo,
-  expectedKey,
-) => {
-  const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, networkPassphrase);
-  if (transactionSigned.source !== signingKey) {
-    throw new Error(`Invalid source account: ${transactionSigned.source}`);
-  }
-  if (transactionSigned.sequence !== '0') {
-    throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
-  }
-
-  // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
-  // memo field should match and not be empty.
-  if (transactionSigned.memo.value !== memo) {
-    throw new Error('Memo does not match');
-  }
-
-  // Verify manage_data operations
-  const operations = transactionSigned.operations;
-  // Verify the first manage_data operation
-  const firstOp = operations[0];
-  if (firstOp.type !== 'manageData') {
-    throw new Error('The first operation should be manageData');
-  }
-  // We don't want to accept a challenge that would authorize as Application client account!
-  // We DO accept a challenge where the source is the master account + memo
-  if (firstOp.source !== clientPublicKey || firstOp.source == signingKey) {
-    throw new Error('First manageData operation must have the client account as the source');
-  }
-
-  if (firstOp.name !== expectedKey) {
-    throw new Error(`First manageData operation should have key '${expectedKey}'`);
-  }
-  if (!firstOp.value || firstOp.value.length !== 64) {
-    throw new Error('First manageData operation should have a 64-byte random nonce as value');
-  }
-
-  let hasWebAuthDomain = false;
-  let hasClientDomain = false;
-
-  // Verify extra manage_data operations
-  for (let i = 1; i < operations.length; i++) {
-    const op = operations[i];
-
-    if (op.type !== 'manageData') {
-      throw new Error('All operations should be manage_data operations');
-    }
-
-    // Verify web_auth_domain operation
-    if (op.name === 'web_auth_domain') {
-      hasWebAuthDomain = true;
-      if (op.source !== signingKey) {
-        throw new Error('web_auth_domain manage_data operation must have the server account as the source');
-      }
-    }
-
-    // Verify client_domain operation (if applicable)
-    if (op.name === 'client_domain') {
-      hasClientDomain = true;
-      // Replace 'CLIENT_DOMAIN_ACCOUNT' with the actual client domain account public key
-      if (op.source !== keypair.publicKey()) {
-        throw new Error('client_domain manage_data operation must have the client domain account as the source');
-      }
-    }
-  }
-
-  //  the web_auth_domain and client_domain operation must be present
-  if (!hasWebAuthDomain) {
-    throw new Error('Transaction must contain a web_auth_domain manageData operation');
-  }
-  if (!hasClientDomain) {
-    throw new Error('Transaction must contain a client_domain manageData operation');
-  }
-};
-
-module.exports = { fetchTomlValues, verifyClientDomainChallengeOps };
+module.exports = { fetchTomlValues };
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index 8b00c50f..2e60c434 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -8,6 +8,8 @@ const { SEP10_MASTER_SECRET, CLIENT_SECRET } = require('../../constants/constant
 
 const NETWORK_PASSPHRASE = Networks.PUBLIC;
 
+// we validate a challenge for a given nonce. From it we obtain the address and derive the memo
+// we can then ensure that the memo is the same as the one we expect from the anchor challenge
 const getAndValidateMemo = async (nonce, userChallengeSignature) => {
   if (!userChallengeSignature || !nonce) {
     return '';
@@ -62,14 +64,15 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   }
 
   // Temporary. This check will be removed when we have the memo solution.
-  if (outToken === 'ars') {
+  if (memo !== '') {
     // We only want to accept a challenge that would authorize the master key.
     if (firstOp.source !== masterStellarKeypair.publicKey()) {
       throw new Error('First manageData operation must have the master signing key as the source');
     }
   } else {
     // Only authorize a session that corresponds with the ephemeral client account
-    if (firstOp.source !== clientPublicKey) {
+    // if no memo, we should not authorize a session for our client domain master
+    if (firstOp.source !== clientPublicKey || firstOp.source == masterStellarKeypair.publicKey()) {
       throw new Error('First manageData operation must have the client account as the source');
     }
   }
@@ -82,11 +85,9 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
     throw new Error('First manageData operation should have a 64-byte random nonce as value');
   }
 
-  // Flags to check presence of required operations
   let hasWebAuthDomain = false;
   let hasClientDomain = false;
 
-  // Verify extra manage_data operations, web_auth and proper client domain.
   for (let i = 1; i < operations.length; i++) {
     const op = operations[i];
 
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 2e13995d..3f83af7a 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -6,7 +6,7 @@ const domain = 'localhost';
 const origin = 'https://localhost/login';
 const statement = 'Please sign the message to login!';
 
-// Set that will hold the siwe messages sent + nonce we defined
+// Map that will hold the siwe messages sent + nonce we defined
 const siweMessagesMap = new Map();
 
 exports.createAndSendSiweMessage = async (address) => {
diff --git a/signer-service/src/api/services/stellar.service.js b/signer-service/src/api/services/stellar.service.js
index 559ec2c5..f6d39372 100644
--- a/signer-service/src/api/services/stellar.service.js
+++ b/signer-service/src/api/services/stellar.service.js
@@ -7,7 +7,7 @@ const {
   STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS,
 } = require('../../constants/constants');
 const { TOKEN_CONFIG, getTokenConfigByAssetCode } = require('../../constants/tokenConfig');
-const { fetchTomlValues, verifyClientDomainChallengeOps } = require('../helpers/anchors');
+
 // Derive funding pk
 const FUNDING_PUBLIC_KEY = Keypair.fromSecret(FUNDING_SECRET).publicKey();
 const horizonServer = new Horizon.Server(HORIZON_URL);
diff --git a/signer-service/src/index.js b/signer-service/src/index.js
index 1797a889..a3fe7ebd 100755
--- a/signer-service/src/index.js
+++ b/signer-service/src/index.js
@@ -4,25 +4,35 @@ const logger = require('./config/logger');
 const app = require('./config/express');
 require('dotenv').config();
 
-const { FUNDING_SECRET, PENDULUM_FUNDING_SEED, MOONBEAM_EXECUTOR_PRIVATE_KEY } = require('./constants/constants');
+const {
+  FUNDING_SECRET,
+  PENDULUM_FUNDING_SEED,
+  MOONBEAM_EXECUTOR_PRIVATE_KEY,
+  CLIENT_SECRET,
+} = require('./constants/constants');
 
-// stop the application if the funding secret key is not set
-// if (!FUNDING_SECRET) {
-//   logger.error('FUNDING_SECRET not set in the environment variables');
-//   process.exit(1);
-// }
+//stop the application if the funding secret key is not set
+if (!FUNDING_SECRET) {
+  logger.error('FUNDING_SECRET not set in the environment variables');
+  process.exit(1);
+}
 
-// // stop the application if the Pendulum funding seed is not set
-// if (!PENDULUM_FUNDING_SEED) {
-//   logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
-//   process.exit(1);
-// }
+// stop the application if the Pendulum funding seed is not set
+if (!PENDULUM_FUNDING_SEED) {
+  logger.error('PENDULUM_FUNDING_SEED not set in the environment variables');
+  process.exit(1);
+}
 
-// // stop the application if the Moonbeam executor private key is not set
-// if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
-//   logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
-//   process.exit(1);
-// }
+// stop the application if the Moonbeam executor private key is not set
+if (!MOONBEAM_EXECUTOR_PRIVATE_KEY) {
+  logger.error('MOONBEAM_EXECUTOR_PRIVATE_KEY not set in the environment variables');
+  process.exit(1);
+}
+
+if (!CLIENT_SECRET) {
+  logger.error('CLIENT_SECRET not set in the environment variables');
+  process.exit(1);
+}
 
 // listen to requests
 app.listen(port, () => logger.info(`server started on port ${port} (${env})`));

From b4eaddf5bc8fa5965db85ed4584e55168a71896d Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 8 Nov 2024 17:40:52 -0300
Subject: [PATCH 08/61] remove master account, either use memo or not

---
 src/constants/tokenConfig.ts |  3 ---
 src/services/anchor/index.ts | 36 +++++++++++++++---------------------
 2 files changed, 15 insertions(+), 24 deletions(-)

diff --git a/src/constants/tokenConfig.ts b/src/constants/tokenConfig.ts
index 6884b904..7db36768 100644
--- a/src/constants/tokenConfig.ts
+++ b/src/constants/tokenConfig.ts
@@ -39,7 +39,6 @@ export interface OutputTokenDetails {
   erc20WrapperAddress: string;
   offrampFeesBasisPoints: number;
   offrampFeesFixedComponent?: number;
-  requiresClientMasterOverride: boolean;
   usesMemo: boolean;
 }
 export const INPUT_TOKEN_CONFIG: Record<InputTokenType, InputTokenDetails> = {
@@ -91,7 +90,6 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     minWithdrawalAmountRaw: '10000000000000',
     maxWithdrawalAmountRaw: '10000000000000000',
     offrampFeesBasisPoints: 125,
-    requiresClientMasterOverride: false,
     usesMemo: false,
   },
   ars: {
@@ -117,7 +115,6 @@ export const OUTPUT_TOKEN_CONFIG: Record<OutputTokenType, OutputTokenDetails> =
     maxWithdrawalAmountRaw: '500000000000000000', // 500000 ARS
     offrampFeesBasisPoints: 200, // 2%
     offrampFeesFixedComponent: 10, // 10 ARS
-    requiresClientMasterOverride: true,
     usesMemo: true,
   },
 };
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 474e6fee..5480fde5 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -62,32 +62,25 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise<TomlValues
   };
 };
 
+// Return the URLSearchParams and the account (master/omnibus or ephemeral) that was used for SEP-10
 async function getUrlParams(
   ephemeralAccount: string,
-  requiresClientMasterOverride: boolean,
   usesMemo: boolean,
   address: `0x${string}`,
 ): Promise<{ urlParams: URLSearchParams; sep10Account: string }> {
-  let sep10Account;
-  if (requiresClientMasterOverride) {
+  if (usesMemo) {
     const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`);
 
     if (!response.ok) {
       throw new Error('Failed to fetch client master SEP-10 public account.');
     }
-
     const { masterSep10Public } = await response.json();
-
     if (!masterSep10Public) {
       throw new Error('masterSep10Public not found in response.');
     }
 
-    sep10Account = masterSep10Public;
-  } else {
-    sep10Account = ephemeralAccount;
-  }
+    const sep10Account = masterSep10Public;
 
-  if (usesMemo) {
     return {
       urlParams: new URLSearchParams({
         account: sep10Account,
@@ -98,11 +91,12 @@ async function getUrlParams(
     };
   }
   return {
-    urlParams: new URLSearchParams({ account: sep10Account, client_domain: config.applicationClientDomain }),
-    sep10Account,
+    urlParams: new URLSearchParams({ account: ephemeralAccount, client_domain: config.applicationClientDomain }),
+    sep10Account: ephemeralAccount,
   };
 }
 
+//TODO A very naive memo derivation for testing. NOT SECURE
 const deriveMemoFromAddress = (address: `0x${string}`) => {
   return address.slice(5, 15).replace(/\D/g, '');
 };
@@ -123,10 +117,10 @@ export const sep10 = async (
   const ephemeralKeys = Keypair.fromSecret(stellarEphemeralSecret);
   const accountId = ephemeralKeys.publicKey();
 
-  const { requiresClientMasterOverride, usesMemo } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { usesMemo } = OUTPUT_TOKEN_CONFIG[outputToken];
 
   // will select either clientMaster or the ephemeral account
-  const { urlParams, sep10Account } = await getUrlParams(accountId, requiresClientMasterOverride, usesMemo, address!);
+  const { urlParams, sep10Account } = await getUrlParams(accountId, usesMemo, address!);
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
   if (challenge.status !== 200) {
@@ -146,6 +140,8 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
+  // TODO change to add a fx that will either try to get the signature from storage,
+  // check if it's still valid, and if not ask for another one.
   const maybeStoredSignatureString = localStorage.getItem(`siwe-signature-${address}`);
   let nonce;
   let signature;
@@ -166,7 +162,7 @@ export const sep10 = async (
   );
   transactionSigned.addSignature(clientPublic, clientSignature);
 
-  if (!requiresClientMasterOverride) {
+  if (!usesMemo) {
     transactionSigned.sign(ephemeralKeys);
   } else {
     transactionSigned.addSignature(sep10Account, masterSignature);
@@ -266,18 +262,16 @@ export async function sep24First(
   const { token, tomlValues } = sessionParams;
   const { sep24Url } = tomlValues;
 
-  const { requiresClientMasterOverride } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { usesMemo } = OUTPUT_TOKEN_CONFIG[outputToken];
 
   let sep24Params;
-  if (requiresClientMasterOverride) {
-    if (!sep10Account) {
-      throw new Error('Master must be defined at this point.');
-    }
+  if (usesMemo) {
     sep24Params = new URLSearchParams({
       asset_code: sessionParams.tokenConfig.stellarAsset.code.string.replace('\0', ''),
       amount: sessionParams.offrampAmount,
       account: sep10Account, // THIS is a particularity of Anclap. Should be able to work just with the epmhemeral account
-      // Since we signed with the master from the service, we need to specify the corresponding public here
+      // or at least the anchor should be able to get it from the JWT.
+      // Since we signed with the master/omnibus from the service, we need to specify the corresponding public here
       // memo: deriveMemoFromAddress(address!),
       // memo_type: 'id',
     });

From 79beb7752c983003b56177c68a4e26692b3a4e0c Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 8 Nov 2024 19:22:53 -0300
Subject: [PATCH 09/61] improve signature hook

---
 package.json                  |   2 +
 src/constants/localStorage.ts |   1 +
 src/hooks/useMainProcess.ts   |   4 +-
 src/hooks/useSignChallenge.ts |  74 +++++++++++++++++++-----
 src/services/anchor/index.ts  |   8 ++-
 yarn.lock                     | 105 +++++++++++++++++++++++++++++++---
 6 files changed, 168 insertions(+), 26 deletions(-)

diff --git a/package.json b/package.json
index 47283bfa..10f1565b 100644
--- a/package.json
+++ b/package.json
@@ -47,6 +47,7 @@
     "bn.js": "^5.2.1",
     "buffer": "^6.0.3",
     "daisyui": "^4.11.1",
+    "ethers": "^6.13.4",
     "framer-motion": "^11.2.14",
     "postcss": "^8.4.38",
     "preact": "^10.12.1",
@@ -56,6 +57,7 @@
     "react-hook-form": "^7.51.5",
     "react-router-dom": "^6.8.1",
     "react-toastify": "^10.0.5",
+    "siwe": "^2.3.2",
     "stellar-base": "^11.0.1",
     "stellar-sdk": "^11.3.0",
     "tailwind": "^4.0.0",
diff --git a/src/constants/localStorage.ts b/src/constants/localStorage.ts
index 6c22744b..df293d32 100644
--- a/src/constants/localStorage.ts
+++ b/src/constants/localStorage.ts
@@ -10,6 +10,7 @@ export const storageKeys = {
   ANCHOR_SESSION_PARAMS: 'ANCHOR_SESSION_PARAMS',
   STELLAR_OPERATIONS: 'STELLAR_OPERATIONS',
   TOKEN_BRIDGED_AMOUNT: 'TOKEN_BRIDGED_AMOUNT',
+  SIWE_SIGNATURE_KEY_PREFIX: 'siwe-signature-',
 
   // Internal squidrouter recovery states
   SQUIDROUTER_RECOVERY_STATE: 'SQUIDROUTER_TRANSACTION_STATE',
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 35437d71..e2492186 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -22,7 +22,7 @@ import { createTransactionEvent, useEventsContext } from '../contexts/events';
 import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
 import { OFFRAMPING_PHASE_SECONDS } from '../pages/progress';
-
+import { useGetOrRefreshSiweSignature } from './useSignChallenge';
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
 export interface ExecutionInput {
@@ -64,6 +64,7 @@ export const useMainProcess = () => {
   const { trackEvent, resetUniqueEvents } = useEventsContext();
 
   const [, setEvents] = useState<GenericEvent[]>([]);
+  const { getOrRefreshSiweSignature } = useGetOrRefreshSiweSignature(address);
 
   const updateHookStateFromState = useCallback(
     (state: OfframpingState | undefined) => {
@@ -143,6 +144,7 @@ export const useMainProcess = () => {
             stellarEphemeralSecret,
             outputTokenType,
             address,
+            getOrRefreshSiweSignature,
             addEvent,
           );
 
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index bd04c2dd..8fbd060b 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -1,13 +1,42 @@
 import { useEffect, useState, useCallback } from 'react';
 import { useSignMessage } from 'wagmi';
 import { SIGNING_SERVICE_URL } from '../constants/constants';
+import { storageKeys } from '../constants/localStorage';
+import { SiweMessage } from 'siwe';
 
-export function useSignChallenge(address: `0x${string}` | undefined) {
+type SiweSignatureData = {
+  nonce: string;
+  signature: string;
+  expirationDate: string;
+};
+
+export function useGetOrRefreshSiweSignature(address: `0x${string}` | undefined) {
   const { signMessageAsync } = useSignMessage();
+  const [signatureData, setSignatureData] = useState<SiweSignatureData | null>(null);
 
-  const [isModalOpen, setIsModalOpen] = useState(false);
+  const getOrRefreshSiweSignature = useCallback(async (): Promise<SiweSignatureData | undefined> => {
+    if (!address) {
+      return;
+    }
 
-  const handleSiweSignIn = useCallback(async () => {
+    const storageKey = `${storageKeys.SIWE_SIGNATURE_KEY_PREFIX}${address}`;
+    const maybeStoredSignatureData = localStorage.getItem(storageKey);
+
+    if (maybeStoredSignatureData) {
+      const storedSignatureData: SiweSignatureData = JSON.parse(maybeStoredSignatureData);
+      const expirationDate = new Date(storedSignatureData.expirationDate);
+
+      if (expirationDate > new Date()) {
+        // Signature is still valid
+        setSignatureData(storedSignatureData);
+        return storedSignatureData;
+      } else {
+        // Signature expired, remove it
+        localStorage.removeItem(storageKey);
+      }
+    }
+
+    // Signature not found or expired, fetch a new one
     try {
       const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
         method: 'POST',
@@ -16,37 +45,56 @@ export function useSignChallenge(address: `0x${string}` | undefined) {
         },
         body: JSON.stringify({ walletAddress: address }),
       });
+
       const { siweMessage, nonce } = await response.json();
-      console.log('SIWE message:', siweMessage, 'nonce:', nonce);
+
+      // Parse the SIWE message to extract the expiration date
+      const message = new SiweMessage(siweMessage);
+      const expirationDate = message.expirationTime!;
+
       const signature = await signMessageAsync({ message: siweMessage });
 
-      console.log('SIWE signature:', signature);
-      localStorage.setItem(`siwe-signature-${address}`, JSON.stringify({ nonce, signature }));
+      const newSignatureData: SiweSignatureData = {
+        nonce,
+        signature,
+        expirationDate,
+      };
 
-      setIsModalOpen(false);
+      localStorage.setItem(storageKey, JSON.stringify(newSignatureData));
+      setSignatureData(newSignatureData);
+      return newSignatureData;
     } catch (error) {
       console.error('Error during SIWE sign-in:', error);
     }
   }, [address, signMessageAsync]);
 
+  return { signatureData, getOrRefreshSiweSignature };
+}
+
+export function useSignChallenge(address: `0x${string}` | undefined) {
+  const { signatureData, getOrRefreshSiweSignature } = useGetOrRefreshSiweSignature(address);
+  const [isModalOpen, setIsModalOpen] = useState(false);
+
+  useEffect(() => {
+    getOrRefreshSiweSignature();
+  }, [address]);
+
   useEffect(() => {
     if (!address) {
+      setIsModalOpen(false);
       return;
     }
 
-    const storedSignature = localStorage.getItem(`siwe-signature-${address}`);
-    console.log('Stored SIWE signature:', storedSignature);
-    if (!storedSignature) {
+    if (!signatureData) {
       setIsModalOpen(true);
-      console.log('Opening SIWE sign-in modal');
     } else {
       setIsModalOpen(false);
     }
-  }, [address]);
+  }, [address, signatureData]);
 
   return {
     isModalOpen,
-    handleSiweSignIn,
+    handleSiweSignIn: getOrRefreshSiweSignature,
     closeModal: () => setIsModalOpen(false),
   };
 }
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 5480fde5..423badc3 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -106,6 +106,7 @@ export const sep10 = async (
   stellarEphemeralSecret: string,
   outputToken: OutputTokenType,
   address: `0x${string}` | undefined,
+  getOrRefreshSiweSignature: any,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ sep10Account: string; token: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -142,13 +143,14 @@ export const sep10 = async (
 
   // TODO change to add a fx that will either try to get the signature from storage,
   // check if it's still valid, and if not ask for another one.
-  const maybeStoredSignatureString = localStorage.getItem(`siwe-signature-${address}`);
+  const signatureData = await getOrRefreshSiweSignature();
+  console.log('fetched: ', signatureData);
   let nonce;
   let signature;
 
   // TODO actually, if usesMemo and not maybeStored.. we need to ask for it again.
-  if (maybeStoredSignatureString && usesMemo) {
-    const storedSignatureObject = JSON.parse(maybeStoredSignatureString);
+  if (signatureData && usesMemo) {
+    const storedSignatureObject = signatureData.signature;
     nonce = storedSignatureObject.nonce;
     signature = storedSignatureObject.signature;
   }
diff --git a/yarn.lock b/yarn.lock
index 98bf645b..cea380f7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12,7 +12,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@adraffy/ens-normalize@npm:^1.8.8":
+"@adraffy/ens-normalize@npm:1.10.1, @adraffy/ens-normalize@npm:^1.8.8":
   version: 1.10.1
   resolution: "@adraffy/ens-normalize@npm:1.10.1"
   checksum: 10/4cb938c4abb88a346d50cb0ea44243ab3574330c81d4f5aaaf9dfee584b96189d0faa404de0fcbef5a1b73909ea4ebc3e63d84bd23f9949e5c8d4085207a5091
@@ -2621,6 +2621,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/hashes@npm:^1.1.2":
+  version: 1.5.0
+  resolution: "@noble/hashes@npm:1.5.0"
+  checksum: 10/da7fc7af52af7afcf59810a7eea6155075464ff462ffda2572dc6d57d53e2669b1ea2ec774e814f6273f1697e567f28d36823776c9bf7068cba2a2855140f26e
+  languageName: node
+  linkType: hard
+
 "@noble/hashes@npm:~1.3.0, @noble/hashes@npm:~1.3.2":
   version: 1.3.3
   resolution: "@noble/hashes@npm:1.3.3"
@@ -4455,6 +4462,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@spruceid/siwe-parser@npm:^2.1.2":
+  version: 2.1.2
+  resolution: "@spruceid/siwe-parser@npm:2.1.2"
+  dependencies:
+    "@noble/hashes": "npm:^1.1.2"
+    apg-js: "npm:^4.3.0"
+    uri-js: "npm:^4.4.1"
+    valid-url: "npm:^1.0.9"
+  checksum: 10/48459fe3b4d4b3091375ee87af700864c9023d4a1271d34850c6d27475e5d93a45d1efe8a71da367ad838b6921ced60c387d54737edd0a7a0d8e4e0a3cc2b8b7
+  languageName: node
+  linkType: hard
+
 "@stablelib/aead@npm:^1.0.1":
   version: 1.0.1
   resolution: "@stablelib/aead@npm:1.0.1"
@@ -5013,6 +5032,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/node@npm:22.7.5":
+  version: 22.7.5
+  resolution: "@types/node@npm:22.7.5"
+  dependencies:
+    undici-types: "npm:~6.19.2"
+  checksum: 10/e8ba102f8c1aa7623787d625389be68d64e54fcbb76d41f6c2c64e8cf4c9f4a2370e7ef5e5f1732f3c57529d3d26afdcb2edc0101c5e413a79081449825c57ac
+  languageName: node
+  linkType: hard
+
 "@types/parse-json@npm:^4.0.0":
   version: 4.0.0
   resolution: "@types/parse-json@npm:4.0.0"
@@ -5953,6 +5981,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"aes-js@npm:4.0.0-beta.5":
+  version: 4.0.0-beta.5
+  resolution: "aes-js@npm:4.0.0-beta.5"
+  checksum: 10/8f745da2e8fb38e91297a8ec13c2febe3219f8383303cd4ed4660ca67190242ccfd5fdc2f0d1642fd1ea934818fb871cd4cc28d3f28e812e3dc6c3d0f1f97c24
+  languageName: node
+  linkType: hard
+
 "agent-base@npm:6, agent-base@npm:^6.0.2":
   version: 6.0.2
   resolution: "agent-base@npm:6.0.2"
@@ -6090,6 +6125,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"apg-js@npm:^4.3.0":
+  version: 4.4.0
+  resolution: "apg-js@npm:4.4.0"
+  checksum: 10/425f19096026742f5f156f26542b68f55602aa60f0c4ae2d72a0a888cf15fe9622223191202262dd8979d76a6125de9d8fd164d56c95fb113f49099f405eb08c
+  languageName: node
+  linkType: hard
+
 "app-root-path@npm:2.1.0":
   version: 2.1.0
   resolution: "app-root-path@npm:2.1.0"
@@ -9060,6 +9102,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ethers@npm:^6.13.4":
+  version: 6.13.4
+  resolution: "ethers@npm:6.13.4"
+  dependencies:
+    "@adraffy/ens-normalize": "npm:1.10.1"
+    "@noble/curves": "npm:1.2.0"
+    "@noble/hashes": "npm:1.3.2"
+    "@types/node": "npm:22.7.5"
+    aes-js: "npm:4.0.0-beta.5"
+    tslib: "npm:2.7.0"
+    ws: "npm:8.17.1"
+  checksum: 10/221192fed93f6b0553f3e5e72bfd667d676220577d34ff854f677e955d6f608e60636a9c08b5d54039c532a9b9b7056384f0d7019eb6e111d53175806f896ac6
+  languageName: node
+  linkType: hard
+
 "event-emitter@npm:^0.3.5":
   version: 0.3.5
   resolution: "event-emitter@npm:0.3.5"
@@ -14821,6 +14878,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"siwe@npm:^2.3.2":
+  version: 2.3.2
+  resolution: "siwe@npm:2.3.2"
+  dependencies:
+    "@spruceid/siwe-parser": "npm:^2.1.2"
+    "@stablelib/random": "npm:^1.0.1"
+    uri-js: "npm:^4.4.1"
+    valid-url: "npm:^1.0.9"
+  peerDependencies:
+    ethers: ^5.6.8 || ^6.0.8
+  checksum: 10/6ea5ad9a9046fa916f85bf9d3092bc898f7e339d9c552714ea53ecc17daa4f78300c3cf7cc9c70fe57baf77dcee5cb38c6e1d692400b874cd84d297b1261918c
+  languageName: node
+  linkType: hard
+
 "slash@npm:^3.0.0":
   version: 3.0.0
   resolution: "slash@npm:3.0.0"
@@ -15672,6 +15743,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"tslib@npm:2.7.0, tslib@npm:^2.7.0":
+  version: 2.7.0
+  resolution: "tslib@npm:2.7.0"
+  checksum: 10/9a5b47ddac65874fa011c20ff76db69f97cf90c78cff5934799ab8894a5342db2d17b4e7613a087046bc1d133d21547ddff87ac558abeec31ffa929c88b7fce6
+  languageName: node
+  linkType: hard
+
 "tslib@npm:^2.0.0, tslib@npm:^2.4.0":
   version: 2.6.3
   resolution: "tslib@npm:2.6.3"
@@ -15693,13 +15771,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tslib@npm:^2.7.0":
-  version: 2.7.0
-  resolution: "tslib@npm:2.7.0"
-  checksum: 10/9a5b47ddac65874fa011c20ff76db69f97cf90c78cff5934799ab8894a5342db2d17b4e7613a087046bc1d133d21547ddff87ac558abeec31ffa929c88b7fce6
-  languageName: node
-  linkType: hard
-
 "tsscmp@npm:^1.0.5":
   version: 1.0.6
   resolution: "tsscmp@npm:1.0.6"
@@ -15942,6 +16013,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"undici-types@npm:~6.19.2":
+  version: 6.19.8
+  resolution: "undici-types@npm:6.19.8"
+  checksum: 10/cf0b48ed4fc99baf56584afa91aaffa5010c268b8842f62e02f752df209e3dea138b372a60a963b3b2576ed932f32329ce7ddb9cb5f27a6c83040d8cd74b7a70
+  languageName: node
+  linkType: hard
+
 "unenv@npm:^1.9.0":
   version: 1.9.0
   resolution: "unenv@npm:1.9.0"
@@ -16179,7 +16257,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"uri-js@npm:^4.2.2":
+"uri-js@npm:^4.2.2, uri-js@npm:^4.4.1":
   version: 4.4.1
   resolution: "uri-js@npm:4.4.1"
   dependencies:
@@ -16355,6 +16433,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"valid-url@npm:^1.0.9":
+  version: 1.0.9
+  resolution: "valid-url@npm:1.0.9"
+  checksum: 10/343dfaf85eb3691dc8eb93f7bc007be1ee6091e6c6d1a68bf633cb85e4bf2930e34ca9214fb2c3330de5b652510b257a8ee1ff0a0a37df0925e9dabf93ee512d
+  languageName: node
+  linkType: hard
+
 "valtio@npm:1.11.2":
   version: 1.11.2
   resolution: "valtio@npm:1.11.2"
@@ -16606,6 +16691,7 @@ __metadata:
     eslint: "npm:^8.34.0"
     eslint-plugin-react: "npm:^7.32.2"
     eslint-plugin-react-hooks: "npm:^4.6.0"
+    ethers: "npm:^6.13.4"
     framer-motion: "npm:^11.2.14"
     happy-dom: "npm:^14.12.3"
     husky: "npm:>=6"
@@ -16619,6 +16705,7 @@ __metadata:
     react-hook-form: "npm:^7.51.5"
     react-router-dom: "npm:^6.8.1"
     react-toastify: "npm:^10.0.5"
+    siwe: "npm:^2.3.2"
     stellar-base: "npm:^11.0.1"
     stellar-sdk: "npm:^11.3.0"
     tailwind: "npm:^4.0.0"

From ec8e798931afd1656facfac31c67281700cfe941 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Mon, 11 Nov 2024 11:55:33 -0300
Subject: [PATCH 10/61] use viem to validate message on backend, error handling

---
 .../src/api/services/sep10.service.js         | 16 ++++++---
 .../src/api/services/siwe.service.js          | 34 +++++++++++++------
 src/hooks/useSignChallenge.ts                 |  2 +-
 src/services/anchor/index.ts                  | 12 +++----
 src/services/signingService.tsx               |  4 +--
 5 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index af2feff0..540c3f3f 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -14,9 +14,15 @@ const getAndValidateMemo = async (nonce, userChallengeSignature) => {
   if (!userChallengeSignature || !nonce) {
     return null; // Default memo value when single stellar account is used
   }
-  const siweData = await verifySiweMessage(nonce, userChallengeSignature);
 
-  const memo = deriveMemoFromAddress(siweData.address);
+  let message;
+  try {
+    message = await verifySiweMessage(nonce, userChallengeSignature);
+  } catch (e) {
+    throw new Error(`Could not verify signature: ${e.message}`);
+  }
+
+  const memo = deriveMemoFromAddress(message.address);
   return memo;
 };
 
@@ -33,10 +39,10 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
 
   let memo;
   try {
-    memo = getAndValidateMemo(nonce, userChallengeSignature);
+    memo = await getAndValidateMemo(nonce, userChallengeSignature);
   } catch (e) {
     console.log(e);
-    throw new Error(`Invalid evm account verification`);
+    throw new Error(`Could not verify signature or derive memo: ${e.message}`);
   }
 
   const { signingKey: anchorSigningKey } = await fetchTomlValues(TOKEN_CONFIG[outToken].tomlFileUrl);
@@ -53,7 +59,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
   // memo field should be empty as we assume for the ephemeral case, or the corresponding evm address
   // derivation.
-  if (transactionSigned.memo.value === memo) {
+  if (transactionSigned.memo.value !== memo) {
     throw new Error('Memo does not match with specified user signature or address. Could not validate.');
   }
 
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 3f83af7a..94622006 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -1,4 +1,6 @@
 const siwe = require('siwe');
+const { createPublicClient, http } = require('viem');
+const { polygon } = require('viem/chains');
 
 // Make constants on config
 const scheme = 'https';
@@ -22,33 +24,43 @@ exports.createAndSendSiweMessage = async (address) => {
     nonce,
     expirationTime: new Date(Date.now() + 360 * 60 * 1000).toISOString(),
   });
-  const preparedMessage = siweMessage.prepareMessage();
-  siweMessagesMap.set(nonce, siweMessage);
+  const preparedMessage = siweMessage.toMessage();
+  siweMessagesMap.set(nonce, { siweMessage, address });
 
   return { siweMessage: preparedMessage, nonce };
 };
 
 exports.verifySiweMessage = async (nonce, signature) => {
-  const maybeSiweMessage = siweMessagesMap.get(nonce);
-  if (!maybeSiweMessage) {
+  const maybeSiweData = siweMessagesMap.get(nonce);
+  if (!maybeSiweData) {
     throw new Error('Message not found, we have not send this message or nonce is incorrect.');
   }
-  // TODO DEFINE at some point we need to delete them (?)
-  //siweMessagesMap.delete(nonce);
 
-  // Verify the signature and other message fields
-  const { data } = await maybeSiweMessage.verify({ signature });
+  const publicClient = createPublicClient({
+    chain: polygon,
+    transport: http(),
+  });
+
+  const valid = await publicClient.verifyMessage({
+    address: maybeSiweData.address,
+    message: maybeSiweData.siweMessage.toMessage(),
+    signature,
+  });
+
+  if (!valid) {
+    throw new Error('Invalid signature.');
+  }
 
   // Perform additional checks to ensure message integrity
-  if (data.nonce !== nonce) {
+  if (maybeSiweData.siweMessage.nonce !== nonce) {
     throw new Error('Nonce mismatch.');
   }
 
-  if (data.expirationTime && new Date(data.expirationTime) < new Date()) {
+  if (maybeSiweData.expirationTime && new Date(maybeSiweData.expirationTime) < new Date()) {
     throw new Error('Message has expired.');
   }
 
-  return data;
+  return maybeSiweData.siweMessage;
 };
 
 // TODO we need some sort of session log-out.
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 8fbd060b..5625cf9e 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -4,7 +4,7 @@ import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
 import { SiweMessage } from 'siwe';
 
-type SiweSignatureData = {
+export type SiweSignatureData = {
   nonce: string;
   signature: string;
   expirationDate: string;
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 7c8423d5..667630b9 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -2,6 +2,7 @@ import { Transaction, Keypair, Networks } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSep10Signatures, fetchSigningServiceAccountId } from '../signingService';
+import { SiweSignatureData } from '../../hooks/useSignChallenge';
 
 import { config } from '../../config';
 import { OUTPUT_TOKEN_CONFIG } from '../../constants/tokenConfig';
@@ -144,15 +145,14 @@ export const sep10 = async (
 
   // TODO change to add a fx that will either try to get the signature from storage,
   // check if it's still valid, and if not ask for another one.
-  const signatureData = await getOrRefreshSiweSignature();
-  console.log('fetched: ', signatureData);
+  const signatureData: SiweSignatureData = await getOrRefreshSiweSignature();
+
+  // undefined if not using memo
   let nonce;
   let signature;
-
-  // TODO actually, if usesMemo and not maybeStored.. we need to ask for it again.
   if (signatureData && usesMemo) {
-    nonce = signatureData.signature.nonce;
-    signature = signatureData.signature.signature;
+    nonce = signatureData.nonce;
+    signature = signatureData.signature;
   }
   // sign both for client_domain + an extra signature for Anclap workaround
   const { masterClientSignature, clientSignature, clientPublic } = await fetchSep10Signatures(
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index 557e78c6..0099ba36 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -43,8 +43,8 @@ export const fetchSep10Signatures = async (
   challengeXDR: string,
   outToken: OutputTokenType,
   clientPublicKey: string,
-  maybeChallengeSignature: string,
-  maybeNonce: string,
+  maybeChallengeSignature: string | undefined,
+  maybeNonce: string | undefined,
 ): Promise<SignerServiceSep10Response> => {
   const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`, {
     method: 'POST',

From 2b14bbebe708ad72a35daa313f0a0eb84d6f79c3 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Mon, 11 Nov 2024 13:55:40 -0300
Subject: [PATCH 11/61] improve sign in hooks

---
 .../src/api/controllers/stellar.controller.js | 13 ++++
 src/components/SignIn/index.tsx               | 21 +++---
 src/hooks/useMainProcess.ts                   | 13 ++--
 src/hooks/useSignChallenge.ts                 | 71 ++++++++++---------
 src/pages/swap/index.tsx                      |  7 +-
 src/services/anchor/index.ts                  | 18 +++--
 src/services/signingService.tsx               |  3 +
 7 files changed, 90 insertions(+), 56 deletions(-)

diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index 6cad8ee7..ea7b7e91 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -63,6 +63,19 @@ exports.signSep10Challenge = async (req, res, next) => {
     );
     return res.json({ masterClientSignature, masterClientPublic, clientSignature, clientPublic });
   } catch (error) {
+    if (error.message.includes('Could not verify signature')) {
+      // Distinguish between failed signature check and other errors.
+      try {
+        return res.status(401).json({
+          error: 'Signature validation failed.',
+          details: error.message,
+        });
+      } catch (error) {
+        console.error('Error in signSep10Challenge:', error);
+        return res.status(500).json({ error: 'Failed to sign challenge', details: error.message });
+      }
+    }
+
     console.error('Error in signSep10Challenge:', error);
     return res.status(500).json({ error: 'Failed to sign challenge', details: error.message });
   }
diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
index f61d6e6c..68726b94 100644
--- a/src/components/SignIn/index.tsx
+++ b/src/components/SignIn/index.tsx
@@ -1,20 +1,23 @@
-import React from 'react';
+import { FC } from 'react';
 import { useAccount } from 'wagmi';
-import { useSignChallenge } from '../../hooks/useSignChallenge';
 import { Modal } from 'react-daisyui';
 
-export function SignInModal() {
+interface SignInModalProps {
+  requiresSign: boolean;
+  closeModal: any;
+  handleSignIn: any;
+}
+
+export const SignInModal: FC<SignInModalProps> = ({ requiresSign, closeModal, handleSignIn }) => {
   const { address } = useAccount();
   console.log('address:', address);
 
-  const { isModalOpen, handleSiweSignIn, closeModal } = useSignChallenge(address);
-
-  if (!isModalOpen) {
+  if (!requiresSign) {
     return null;
   }
 
   return (
-    <Modal open={isModalOpen} onClickBackdrop={closeModal}>
+    <Modal open={requiresSign} onClickBackdrop={closeModal}>
       <Modal.Header className="font-bold text-xl flex justify-between">
         Sign In
         <button onClick={closeModal} className="btn btn-sm btn-circle">
@@ -25,7 +28,7 @@ export function SignInModal() {
         <p>Please sign the message to log-in</p>
       </Modal.Body>
       <Modal.Actions className="justify-end">
-        <button className="btn btn-primary" onClick={handleSiweSignIn}>
+        <button className="btn btn-primary" onClick={handleSignIn}>
           Sign Message
         </button>
         <button className="btn" onClick={closeModal}>
@@ -34,4 +37,4 @@ export function SignInModal() {
       </Modal.Actions>
     </Modal>
   );
-}
+};
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 1a863c19..0e311d64 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -22,7 +22,7 @@ import { createTransactionEvent, useEventsContext } from '../contexts/events';
 import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
 import { OFFRAMPING_PHASE_SECONDS } from '../pages/progress';
-import { useGetOrRefreshSiweSignature } from './useSignChallenge';
+import { SiweSignatureData } from './useSignChallenge';
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
 export interface ExecutionInput {
@@ -32,9 +32,14 @@ export interface ExecutionInput {
   offrampAmount: Big;
 }
 
+interface UseMainProcessProps {
+  checkSiweSignatureValidity: () => SiweSignatureData | undefined;
+  forceRefreshSiweSignature: () => void;
+}
+
 type ExtendedExecutionInput = ExecutionInput & { stellarEphemeralSecret: string };
 
-export const useMainProcess = () => {
+export const useMainProcess = ({ checkSiweSignatureValidity, forceRefreshSiweSignature }: UseMainProcessProps) => {
   // EXAMPLE mocking states
 
   // Approval already performed (scenario: service shut down after sending approval but before getting it's confirmation)
@@ -64,7 +69,6 @@ export const useMainProcess = () => {
   const { trackEvent, resetUniqueEvents } = useEventsContext();
 
   const [, setEvents] = useState<GenericEvent[]>([]);
-  const { getOrRefreshSiweSignature } = useGetOrRefreshSiweSignature(address);
 
   const updateHookStateFromState = useCallback(
     (state: OfframpingState | undefined) => {
@@ -145,7 +149,8 @@ export const useMainProcess = () => {
             stellarEphemeralSecret,
             outputTokenType,
             address,
-            getOrRefreshSiweSignature,
+            checkSiweSignatureValidity,
+            forceRefreshSiweSignature,
             addEvent,
           );
 
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 5625cf9e..9344304c 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -10,16 +10,18 @@ export type SiweSignatureData = {
   expirationDate: string;
 };
 
-export function useGetOrRefreshSiweSignature(address: `0x${string}` | undefined) {
+export function useSiweSignature(address: `0x${string}` | undefined) {
   const { signMessageAsync } = useSignMessage();
-  const [signatureData, setSignatureData] = useState<SiweSignatureData | null>(null);
+  const [requiresSign, setRequiresSign] = useState<boolean>(false);
 
-  const getOrRefreshSiweSignature = useCallback(async (): Promise<SiweSignatureData | undefined> => {
+  const storageKey = `${storageKeys.SIWE_SIGNATURE_KEY_PREFIX}${address}`;
+
+  const checkSiweSignatureValidity = useCallback((): SiweSignatureData | undefined => {
     if (!address) {
-      return;
+      setRequiresSign(false);
+      return undefined;
     }
 
-    const storageKey = `${storageKeys.SIWE_SIGNATURE_KEY_PREFIX}${address}`;
     const maybeStoredSignatureData = localStorage.getItem(storageKey);
 
     if (maybeStoredSignatureData) {
@@ -27,16 +29,24 @@ export function useGetOrRefreshSiweSignature(address: `0x${string}` | undefined)
       const expirationDate = new Date(storedSignatureData.expirationDate);
 
       if (expirationDate > new Date()) {
-        // Signature is still valid
-        setSignatureData(storedSignatureData);
+        setRequiresSign(false);
         return storedSignatureData;
       } else {
-        // Signature expired, remove it
         localStorage.removeItem(storageKey);
+        setRequiresSign(true);
+        return undefined;
       }
+    } else {
+      setRequiresSign(true);
+      return undefined;
+    }
+  }, [address, storageKey]);
+
+  const signSiweMessage = useCallback(async () => {
+    if (!address) {
+      return;
     }
 
-    // Signature not found or expired, fetch a new one
     try {
       const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
         method: 'POST',
@@ -48,7 +58,6 @@ export function useGetOrRefreshSiweSignature(address: `0x${string}` | undefined)
 
       const { siweMessage, nonce } = await response.json();
 
-      // Parse the SIWE message to extract the expiration date
       const message = new SiweMessage(siweMessage);
       const expirationDate = message.expirationTime!;
 
@@ -61,40 +70,32 @@ export function useGetOrRefreshSiweSignature(address: `0x${string}` | undefined)
       };
 
       localStorage.setItem(storageKey, JSON.stringify(newSignatureData));
-      setSignatureData(newSignatureData);
-      return newSignatureData;
+      setRequiresSign(false);
     } catch (error) {
       console.error('Error during SIWE sign-in:', error);
     }
-  }, [address, signMessageAsync]);
-
-  return { signatureData, getOrRefreshSiweSignature };
-}
+  }, [address, signMessageAsync, storageKey]);
 
-export function useSignChallenge(address: `0x${string}` | undefined) {
-  const { signatureData, getOrRefreshSiweSignature } = useGetOrRefreshSiweSignature(address);
-  const [isModalOpen, setIsModalOpen] = useState(false);
-
-  useEffect(() => {
-    getOrRefreshSiweSignature();
-  }, [address]);
-
-  useEffect(() => {
+  // Function to force a signature refresh
+  const forceRefreshSiweSignature = useCallback(() => {
     if (!address) {
-      setIsModalOpen(false);
       return;
     }
 
-    if (!signatureData) {
-      setIsModalOpen(true);
-    } else {
-      setIsModalOpen(false);
-    }
-  }, [address, signatureData]);
+    localStorage.removeItem(storageKey);
+    setRequiresSign(true);
+  }, [address, storageKey]);
+
+  // Refresh on address change
+  useEffect(() => {
+    checkSiweSignatureValidity();
+  }, [address, checkSiweSignatureValidity]);
 
   return {
-    isModalOpen,
-    handleSiweSignIn: getOrRefreshSiweSignature,
-    closeModal: () => setIsModalOpen(false),
+    requiresSign,
+    checkSiweSignatureValidity,
+    signSiweMessage,
+    forceRefreshSiweSignature,
+    closeModal: () => setRequiresSign(false),
   };
 }
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 54ed5564..958762fc 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -35,6 +35,7 @@ import { getVaultsForCurrency } from '../../services/polkadot/spacewalk';
 import { SPACEWALK_REDEEM_SAFETY_MARGIN } from '../../constants/constants';
 
 import { SignInModal } from '../../components/SignIn';
+import { useSiweSignature } from '../../hooks/useSignChallenge';
 
 const Arrow = () => (
   <div className="flex justify-center w-full my-5">
@@ -50,6 +51,8 @@ export const SwapPage = () => {
   const [isReady, setIsReady] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
+  const { requiresSign, signSiweMessage, closeModal, forceRefreshSiweSignature, checkSiweSignatureValidity } =
+    useSiweSignature(address);
 
   // Hook used for services on initialization and pre-offramp check
   // That is why no dependencies are used
@@ -82,7 +85,7 @@ export const SwapPage = () => {
     isInitiating,
     signingPhase,
     setIsInitiating,
-  } = useMainProcess();
+  } = useMainProcess({ checkSiweSignatureValidity, forceRefreshSiweSignature });
 
   // Store the id as it is cleared after the user opens the anchor window
   useEffect(() => {
@@ -337,7 +340,7 @@ export const SwapPage = () => {
 
   const main = (
     <main ref={formRef}>
-      <SignInModal />
+      <SignInModal requiresSign={requiresSign} closeModal={closeModal} handleSignIn={signSiweMessage} />
       <SigningBox step={signingPhase} />
       <form
         className="max-w-2xl px-4 py-8 mx-4 mt-12 mb-12 rounded-lg shadow-custom md:mx-auto md:w-2/3 lg:w-3/5 xl:w-1/2"
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 667630b9..c0e4b7f3 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -107,7 +107,8 @@ export const sep10 = async (
   stellarEphemeralSecret: string,
   outputToken: OutputTokenType,
   address: `0x${string}` | undefined,
-  getOrRefreshSiweSignature: any,
+  checkSiweSignatureValidity: () => SiweSignatureData | undefined,
+  forceRefreshSiweSignature: () => void,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ token: string; sep10Account: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -143,10 +144,10 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  // TODO change to add a fx that will either try to get the signature from storage,
-  // check if it's still valid, and if not ask for another one.
-  const signatureData: SiweSignatureData = await getOrRefreshSiweSignature();
-
+  const signatureData = checkSiweSignatureValidity();
+  if (!signatureData) {
+    throw new Error('Invalid stored challenge signature');
+  }
   // undefined if not using memo
   let nonce;
   let signature;
@@ -161,7 +162,12 @@ export const sep10 = async (
     sep10Account,
     signature,
     nonce,
-  );
+  ).catch((error) => {
+    if (error.message === 'Invalid signature') {
+      forceRefreshSiweSignature();
+    }
+    throw new Error('Invalid stored challenge signature');
+  });
 
   if (supportsClientDomain) {
     transactionSigned.addSignature(clientPublic, clientSignature);
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index 0099ba36..4d3e1e32 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -52,6 +52,9 @@ export const fetchSep10Signatures = async (
     body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, maybeChallengeSignature, maybeNonce }),
   });
   if (response.status !== 200) {
+    if (response.status === 401) {
+      throw new Error('Invalid signature');
+    }
     throw new Error(`Failed to fetch SEP10 challenge from server: ${response.statusText}`);
   }
 

From c3bcbd1bc2743651c98051e4c0c65906dfedc832 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Mon, 11 Nov 2024 16:31:52 -0300
Subject: [PATCH 12/61] invalidate older sessions after log in

---
 .../src/api/controllers/siwe.controller.js    |  13 +-
 .../src/api/routes/v1/siwe.route.js           |   2 +
 .../src/api/services/siwe.service.js          |  14 +-
 src/components/SignIn/index.tsx               |   1 -
 src/hooks/useMainProcess.ts                   |   8 +-
 src/hooks/useSignChallenge.ts                 |  66 +++++++++-
 src/pages/swap/index.tsx                      |   4 +-
 src/services/anchor/index.ts                  | 122 ++++++------------
 src/services/signingService.tsx               |  22 +++-
 9 files changed, 148 insertions(+), 104 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 588073a5..57236fa4 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -1,4 +1,4 @@
-const { createAndSendSiweMessage } = require('../services/siwe.service');
+const { createAndSendSiweMessage, verifySiweMessage } = require('../services/siwe.service');
 
 exports.sendSiweMessage = async (req, res) => {
   const { walletAddress } = req.body;
@@ -13,3 +13,14 @@ exports.sendSiweMessage = async (req, res) => {
     return res.status(500).json({ error: 'Error while creating siwe message' });
   }
 };
+
+exports.validateSiweSignature = async (req, res) => {
+  const { nonce, signature } = req.body;
+  try {
+    await verifySiweMessage(nonce, signature);
+    return res.status(200).json({ message: 'Signature is valid' });
+  } catch (e) {
+    console.error(e);
+    return res.status(500).json({ error: 'Could not validate signature' });
+  }
+};
diff --git a/signer-service/src/api/routes/v1/siwe.route.js b/signer-service/src/api/routes/v1/siwe.route.js
index bd79fe72..5faeac87 100644
--- a/signer-service/src/api/routes/v1/siwe.route.js
+++ b/signer-service/src/api/routes/v1/siwe.route.js
@@ -5,4 +5,6 @@ const router = express.Router({ mergeParams: true });
 
 router.route('/create').post(controller.sendSiweMessage);
 
+router.route('/validate').post(controller.validateSiweSignature);
+
 module.exports = router;
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 94622006..bdedaccf 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -4,8 +4,8 @@ const { polygon } = require('viem/chains');
 
 // Make constants on config
 const scheme = 'https';
-const domain = 'localhost';
-const origin = 'https://localhost/login';
+const domain = 'satoshipay.io';
+const origin = 'https://vortex.com';
 const statement = 'Please sign the message to login!';
 
 // Map that will hold the siwe messages sent + nonce we defined
@@ -20,7 +20,7 @@ exports.createAndSendSiweMessage = async (address) => {
     statement,
     uri: origin,
     version: '1',
-    chainId: '1',
+    chainId: polygon.id,
     nonce,
     expirationTime: new Date(Date.now() + 360 * 60 * 1000).toISOString(),
   });
@@ -60,6 +60,14 @@ exports.verifySiweMessage = async (nonce, signature) => {
     throw new Error('Message has expired.');
   }
 
+  // Successful verification, remove messages with same address
+  // from map except for the one we just verified.
+  siweMessagesMap.forEach((data, nonce) => {
+    if (data.address === maybeSiweData.address && nonce !== maybeSiweData.siweMessage.nonce) {
+      siweMessagesMap.delete(nonce);
+    }
+  });
+
   return maybeSiweData.siweMessage;
 };
 
diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
index 68726b94..9eb4987c 100644
--- a/src/components/SignIn/index.tsx
+++ b/src/components/SignIn/index.tsx
@@ -10,7 +10,6 @@ interface SignInModalProps {
 
 export const SignInModal: FC<SignInModalProps> = ({ requiresSign, closeModal, handleSignIn }) => {
   const { address } = useAccount();
-  console.log('address:', address);
 
   if (!requiresSign) {
     return null;
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 0e311d64..a72e8386 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -33,13 +33,13 @@ export interface ExecutionInput {
 }
 
 interface UseMainProcessProps {
-  checkSiweSignatureValidity: () => SiweSignatureData | undefined;
-  forceRefreshSiweSignature: () => void;
+  checkAndWaitForSignature: () => Promise<SiweSignatureData>;
+  forceRefreshSiweSignature: () => Promise<SiweSignatureData>;
 }
 
 type ExtendedExecutionInput = ExecutionInput & { stellarEphemeralSecret: string };
 
-export const useMainProcess = ({ checkSiweSignatureValidity, forceRefreshSiweSignature }: UseMainProcessProps) => {
+export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshSiweSignature }: UseMainProcessProps) => {
   // EXAMPLE mocking states
 
   // Approval already performed (scenario: service shut down after sending approval but before getting it's confirmation)
@@ -149,7 +149,7 @@ export const useMainProcess = ({ checkSiweSignatureValidity, forceRefreshSiweSig
             stellarEphemeralSecret,
             outputTokenType,
             address,
-            checkSiweSignatureValidity,
+            checkAndWaitForSignature,
             forceRefreshSiweSignature,
             addEvent,
           );
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 9344304c..a209bf6d 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -1,4 +1,4 @@
-import { useEffect, useState, useCallback } from 'react';
+import { useEffect, useState, useCallback, useRef } from 'react';
 import { useSignMessage } from 'wagmi';
 import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
@@ -13,6 +13,15 @@ export type SiweSignatureData = {
 export function useSiweSignature(address: `0x${string}` | undefined) {
   const { signMessageAsync } = useSignMessage();
   const [requiresSign, setRequiresSign] = useState<boolean>(false);
+  const [signatureData, setSignatureData] = useState<SiweSignatureData | undefined>(undefined);
+
+  const requiresSignRef = useRef(requiresSign);
+  const signatureDataRef = useRef(signatureData);
+
+  useEffect(() => {
+    requiresSignRef.current = requiresSign;
+    signatureDataRef.current = signatureData;
+  }, [requiresSign, signatureData]);
 
   const storageKey = `${storageKeys.SIWE_SIGNATURE_KEY_PREFIX}${address}`;
 
@@ -30,13 +39,16 @@ export function useSiweSignature(address: `0x${string}` | undefined) {
 
       if (expirationDate > new Date()) {
         setRequiresSign(false);
+        setSignatureData(storedSignatureData);
         return storedSignatureData;
       } else {
+        setSignatureData(undefined);
         localStorage.removeItem(storageKey);
         setRequiresSign(true);
         return undefined;
       }
     } else {
+      setSignatureData(undefined);
       setRequiresSign(true);
       return undefined;
     }
@@ -69,7 +81,16 @@ export function useSiweSignature(address: `0x${string}` | undefined) {
         expirationDate,
       };
 
+      const validation_response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/validate`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({ nonce, signature }),
+      });
+
       localStorage.setItem(storageKey, JSON.stringify(newSignatureData));
+      setSignatureData(newSignatureData);
       setRequiresSign(false);
     } catch (error) {
       console.error('Error during SIWE sign-in:', error);
@@ -82,6 +103,7 @@ export function useSiweSignature(address: `0x${string}` | undefined) {
       return;
     }
 
+    setSignatureData(undefined);
     localStorage.removeItem(storageKey);
     setRequiresSign(true);
   }, [address, storageKey]);
@@ -91,11 +113,49 @@ export function useSiweSignature(address: `0x${string}` | undefined) {
     checkSiweSignatureValidity();
   }, [address, checkSiweSignatureValidity]);
 
+  const checkAndWaitForSignature = useCallback((): Promise<SiweSignatureData> => {
+    checkSiweSignatureValidity();
+
+    return new Promise((resolve, reject) => {
+      const interval = setInterval(() => {
+        // Access the latest values via refs
+        if (!requiresSignRef.current && signatureDataRef.current) {
+          clearInterval(interval);
+          resolve(signatureDataRef.current);
+        }
+
+        if (!requiresSignRef.current && !signatureDataRef.current) {
+          clearInterval(interval);
+          reject('User cancelled login request');
+        }
+      }, 100);
+    });
+  }, [checkSiweSignatureValidity]);
+
+  const forceAndWaitForSignature = useCallback((): Promise<SiweSignatureData> => {
+    forceRefreshSiweSignature();
+
+    return new Promise((resolve, reject) => {
+      const interval = setInterval(() => {
+        // Access the latest values via refs
+        if (!requiresSignRef.current && signatureDataRef.current) {
+          clearInterval(interval);
+          resolve(signatureDataRef.current);
+        }
+
+        if (!requiresSignRef.current && !signatureDataRef.current) {
+          clearInterval(interval);
+          reject('User cancelled the login request');
+        }
+      }, 100);
+    });
+  }, [forceRefreshSiweSignature]);
+
   return {
     requiresSign,
-    checkSiweSignatureValidity,
+    checkAndWaitForSignature,
     signSiweMessage,
-    forceRefreshSiweSignature,
+    forceRefreshSiweSignature: forceAndWaitForSignature,
     closeModal: () => setRequiresSign(false),
   };
 }
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 958762fc..9f1278ea 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -51,7 +51,7 @@ export const SwapPage = () => {
   const [isReady, setIsReady] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
-  const { requiresSign, signSiweMessage, closeModal, forceRefreshSiweSignature, checkSiweSignatureValidity } =
+  const { requiresSign, signSiweMessage, closeModal, forceRefreshSiweSignature, checkAndWaitForSignature } =
     useSiweSignature(address);
 
   // Hook used for services on initialization and pre-offramp check
@@ -85,7 +85,7 @@ export const SwapPage = () => {
     isInitiating,
     signingPhase,
     setIsInitiating,
-  } = useMainProcess({ checkSiweSignatureValidity, forceRefreshSiweSignature });
+  } = useMainProcess({ checkAndWaitForSignature, forceRefreshSiweSignature });
 
   // Store the id as it is cleared after the user opens the anchor window
   useEffect(() => {
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index c0e4b7f3..1aacf5fd 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -1,7 +1,7 @@
-import { Transaction, Keypair, Networks } from 'stellar-sdk';
+import { Transaction, Keypair, Networks, Signer } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
-import { fetchSep10Signatures, fetchSigningServiceAccountId } from '../signingService';
+import { fetchSep10Signatures, fetchSigningServiceAccountId, SignerServiceSep10Request } from '../signingService';
 import { SiweSignatureData } from '../../hooks/useSignChallenge';
 
 import { config } from '../../config';
@@ -97,6 +97,26 @@ async function getUrlParams(
   };
 }
 
+const sep10SignaturesWithLoginRefresh = async (
+  refreshFunction: () => Promise<SiweSignatureData>,
+  args: SignerServiceSep10Request,
+) => {
+  try {
+    console.log(args);
+    return await fetchSep10Signatures(args);
+  } catch (error: any) {
+    console.log(error.message);
+    if (error.message === 'Invalid signature') {
+      let { nonce, signature } = await refreshFunction();
+      console.log('new signature', signature);
+      console.log('ne nonce ', nonce);
+      let regreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce };
+      return await fetchSep10Signatures(regreshedArgs);
+    }
+    throw new Error('Could not fetch sep 10 signatures from backend');
+  }
+};
+
 //TODO A very naive memo derivation for testing. NOT SECURE
 const deriveMemoFromAddress = (address: `0x${string}`) => {
   return address.slice(5, 15).replace(/\D/g, '');
@@ -107,8 +127,8 @@ export const sep10 = async (
   stellarEphemeralSecret: string,
   outputToken: OutputTokenType,
   address: `0x${string}` | undefined,
-  checkSiweSignatureValidity: () => SiweSignatureData | undefined,
-  forceRefreshSiweSignature: () => void,
+  checkAndWaitForSignature: () => Promise<SiweSignatureData>,
+  forceRefreshSiweSignature: () => Promise<SiweSignatureData>,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ token: string; sep10Account: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -144,30 +164,28 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  const signatureData = checkSiweSignatureValidity();
+  let signatureData = await checkAndWaitForSignature();
   if (!signatureData) {
     throw new Error('Invalid stored challenge signature');
   }
   // undefined if not using memo
-  let nonce;
-  let signature;
+  let maybeNonce;
+  let maybeChallengeSignature;
   if (signatureData && usesMemo) {
-    nonce = signatureData.nonce;
-    signature = signatureData.signature;
+    maybeNonce = signatureData.nonce;
+    maybeChallengeSignature = signatureData.signature;
   }
   // sign both for client_domain + an extra signature for Anclap workaround
-  const { masterClientSignature, clientSignature, clientPublic } = await fetchSep10Signatures(
-    transactionSigned.toXDR(),
-    outputToken,
-    sep10Account,
-    signature,
-    nonce,
-  ).catch((error) => {
-    if (error.message === 'Invalid signature') {
-      forceRefreshSiweSignature();
-    }
-    throw new Error('Invalid stored challenge signature');
-  });
+  const { masterClientSignature, clientSignature, clientPublic } = await sep10SignaturesWithLoginRefresh(
+    forceRefreshSiweSignature,
+    {
+      challengeXDR: transactionSigned.toXDR(),
+      outToken: outputToken,
+      clientPublicKey: sep10Account,
+      maybeNonce,
+      maybeChallengeSignature,
+    },
+  );
 
   if (supportsClientDomain) {
     transactionSigned.addSignature(clientPublic, clientSignature);
@@ -199,68 +217,6 @@ export const sep10 = async (
   return { token, sep10Account };
 };
 
-// TODO modify according to the anchor's requirements and implementation
-// we should be able to do the whole flow on this function since we have all the
-// information we need
-/*
-export async function sep6First(sessionParams: IAnchorSessionParams): Promise<SepResult> {
-  const { token, tomlValues } = sessionParams;
-  const { sep6Url } = tomlValues;
-
-  return {
-    amount: '10.4',
-    memo: 'a memo',
-    memoType: 'text',
-    offrampingAccount: 'GCUHGQ6LY3L2NAB7FX2LJGUJFCG6LKAQHVIMJLZNNBMCZUQNBPJTXE6O',
-  };
-
-  const sep6Params = new URLSearchParams({
-    asset_code: sessionParams.tokenConfig.assetCode!,
-    type: 'bank_account',
-    dest: '3eE4729a-123B-45c6-8d7e-F9aD567b9c1e', // Ntokens crashes when sending destination, complains of not having it??
-  });
-
-  const fetchUrl = `${sep6Url}/withdraw?`;
-  const sep6Response = await fetch(fetchUrl + sep6Params, {
-    method: 'GET',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded', Authorization: `Bearer ${token}` },
-  });
-  console.log(sep6Response);
-  if (sep6Response.status !== 200) {
-    console.log(await sep6Response.json(), sep6Response.toString());
-    throw new Error(`Failed to initiate SEP-6: ${sep6Response.statusText}`);
-  }
-
-  const { type, id } = await sep6Response.json();
-  if (type !== 'interactive_customer_info_needed') {
-    throw new Error(`Unexpected SEP-6 type: ${type}`);
-  }
-  //return { transactionId: id };
-}*/
-
-/*
-export async function sep12First(sessionParams: IAnchorSessionParams): Promise<void> {
-  const { token, tomlValues } = sessionParams;
-  const { sep6Url } = tomlValues;
-
-  const sep12Params = new URLSearchParams({
-    account: '3eE4729a-123B-45c6-8d7e-F9aD567b9c1e',
-  });
-
-  const fetchUrl = `${sep6Url}/customer`;
-  const sep12Response = await fetch(fetchUrl, {
-    method: 'PUT',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded', Authorization: `Bearer ${token}` },
-    body: sep12Params.toString(),
-  });
-  console.log(sep12Response);
-  if (sep12Response.status !== 200) {
-    console.log(await sep12Response.json(), sep12Response.toString());
-    throw new Error(`Failed to initiate SEP-6: ${sep12Response.statusText}`);
-  }
-  //>????
-}*/
-
 export async function sep24First(
   sessionParams: IAnchorSessionParams,
   sep10Account: string,
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index 4d3e1e32..c6d4be90 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -18,6 +18,14 @@ interface SignerServiceSep10Response {
   masterClientPublic: string;
 }
 
+export interface SignerServiceSep10Request {
+  challengeXDR: string;
+  outToken: OutputTokenType;
+  clientPublicKey: string;
+  maybeChallengeSignature?: string;
+  maybeNonce?: string;
+}
+
 export const fetchSigningServiceAccountId = async (): Promise<SigningServiceStatus> => {
   try {
     const serviceResponse: SigningServiceStatus = await (await fetch(`${SIGNING_SERVICE_URL}/v1/status`)).json();
@@ -39,13 +47,13 @@ export const fetchSigningServiceAccountId = async (): Promise<SigningServiceStat
   }
 };
 
-export const fetchSep10Signatures = async (
-  challengeXDR: string,
-  outToken: OutputTokenType,
-  clientPublicKey: string,
-  maybeChallengeSignature: string | undefined,
-  maybeNonce: string | undefined,
-): Promise<SignerServiceSep10Response> => {
+export const fetchSep10Signatures = async ({
+  challengeXDR,
+  outToken,
+  clientPublicKey,
+  maybeChallengeSignature,
+  maybeNonce,
+}: SignerServiceSep10Request): Promise<SignerServiceSep10Response> => {
   const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`, {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },

From bf5d521744c8c36faa327012b31dd8eeb4e07968 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 12 Nov 2024 10:34:00 -0300
Subject: [PATCH 13/61] remove poll from sign in hooks

---
 src/hooks/useMainProcess.ts   |   6 +-
 src/hooks/useSignChallenge.ts | 186 ++++++++++++++--------------------
 src/pages/swap/index.tsx      |   6 +-
 src/services/anchor/index.ts  |   6 +-
 4 files changed, 83 insertions(+), 121 deletions(-)

diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index a72e8386..6bfcf281 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -34,12 +34,12 @@ export interface ExecutionInput {
 
 interface UseMainProcessProps {
   checkAndWaitForSignature: () => Promise<SiweSignatureData>;
-  forceRefreshSiweSignature: () => Promise<SiweSignatureData>;
+  forceRefreshAndWaitForSignature: () => Promise<SiweSignatureData>;
 }
 
 type ExtendedExecutionInput = ExecutionInput & { stellarEphemeralSecret: string };
 
-export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshSiweSignature }: UseMainProcessProps) => {
+export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitForSignature }: UseMainProcessProps) => {
   // EXAMPLE mocking states
 
   // Approval already performed (scenario: service shut down after sending approval but before getting it's confirmation)
@@ -150,7 +150,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshSiweSigna
             outputTokenType,
             address,
             checkAndWaitForSignature,
-            forceRefreshSiweSignature,
+            forceRefreshAndWaitForSignature,
             addEvent,
           );
 
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index a209bf6d..1b6ca609 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -4,158 +4,120 @@ import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
 import { SiweMessage } from 'siwe';
 
-export type SiweSignatureData = {
+export interface SiweSignatureData {
   nonce: string;
   signature: string;
   expirationDate: string;
-};
+}
 
-export function useSiweSignature(address: `0x${string}` | undefined) {
+export function useSiweSignature(address?: `0x${string}`) {
   const { signMessageAsync } = useSignMessage();
-  const [requiresSign, setRequiresSign] = useState<boolean>(false);
-  const [signatureData, setSignatureData] = useState<SiweSignatureData | undefined>(undefined);
-
-  const requiresSignRef = useRef(requiresSign);
-  const signatureDataRef = useRef(signatureData);
+  const [requiresSign, setRequiresSign] = useState(false);
 
-  useEffect(() => {
-    requiresSignRef.current = requiresSign;
-    signatureDataRef.current = signatureData;
-  }, [requiresSign, signatureData]);
+  // Used to wait for the modal interaction and/or return of the
+  // signing promise.
+  const signPromiseRef = useRef<{
+    resolve: (data: SiweSignatureData) => void;
+    reject: (reason: Error) => void;
+  } | null>(null);
 
   const storageKey = `${storageKeys.SIWE_SIGNATURE_KEY_PREFIX}${address}`;
 
-  const checkSiweSignatureValidity = useCallback((): SiweSignatureData | undefined => {
-    if (!address) {
-      setRequiresSign(false);
-      return undefined;
-    }
+  const checkStoredSignature = useCallback((): SiweSignatureData | null => {
+    if (!address) return null;
 
-    const maybeStoredSignatureData = localStorage.getItem(storageKey);
-
-    if (maybeStoredSignatureData) {
-      const storedSignatureData: SiweSignatureData = JSON.parse(maybeStoredSignatureData);
-      const expirationDate = new Date(storedSignatureData.expirationDate);
-
-      if (expirationDate > new Date()) {
-        setRequiresSign(false);
-        setSignatureData(storedSignatureData);
-        return storedSignatureData;
-      } else {
-        setSignatureData(undefined);
-        localStorage.removeItem(storageKey);
-        setRequiresSign(true);
-        return undefined;
-      }
-    } else {
-      setSignatureData(undefined);
-      setRequiresSign(true);
-      return undefined;
+    try {
+      const stored = localStorage.getItem(storageKey);
+      if (!stored) return null;
+
+      const data: SiweSignatureData = JSON.parse(stored);
+      return new Date(data.expirationDate) > new Date() ? data : null;
+    } catch {
+      localStorage.removeItem(storageKey);
+      return null;
     }
   }, [address, storageKey]);
 
-  const signSiweMessage = useCallback(async () => {
-    if (!address) {
-      return;
-    }
+  const signMessage = useCallback((): Promise<SiweSignatureData> => {
+    return new Promise((resolve, reject) => {
+      signPromiseRef.current = { resolve, reject };
+      setRequiresSign(true);
+    });
+  }, [setRequiresSign]);
+
+  const handleSign = useCallback(async () => {
+    if (!address || !signPromiseRef.current) return;
 
     try {
       const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
         method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
+        headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ walletAddress: address }),
       });
 
+      if (!response.ok) throw new Error('Failed to create message');
       const { siweMessage, nonce } = await response.json();
 
       const message = new SiweMessage(siweMessage);
-      const expirationDate = message.expirationTime!;
-
       const signature = await signMessageAsync({ message: siweMessage });
 
-      const newSignatureData: SiweSignatureData = {
-        nonce,
-        signature,
-        expirationDate,
-      };
-
-      const validation_response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/validate`, {
+      const validationResponse = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/validate`, {
         method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
+        headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ nonce, signature }),
       });
 
-      localStorage.setItem(storageKey, JSON.stringify(newSignatureData));
-      setSignatureData(newSignatureData);
-      setRequiresSign(false);
+      if (!validationResponse.ok) throw new Error('Failed to validate signature');
+
+      const signatureData: SiweSignatureData = {
+        nonce,
+        signature,
+        expirationDate: message.expirationTime!,
+      };
+
+      localStorage.setItem(storageKey, JSON.stringify(signatureData));
+      signPromiseRef.current.resolve(signatureData);
     } catch (error) {
-      console.error('Error during SIWE sign-in:', error);
+      signPromiseRef.current.reject(new Error('Signing failed'));
+    } finally {
+      setRequiresSign(false);
+      signPromiseRef.current = null;
     }
   }, [address, signMessageAsync, storageKey]);
 
-  // Function to force a signature refresh
-  const forceRefreshSiweSignature = useCallback(() => {
-    if (!address) {
-      return;
+  // Handler for modal cancellation
+  const handleCancel = useCallback(() => {
+    if (signPromiseRef.current) {
+      signPromiseRef.current.reject(new Error('User cancelled'));
+      signPromiseRef.current = null;
     }
+    setRequiresSign(false);
+  }, []);
 
-    setSignatureData(undefined);
-    localStorage.removeItem(storageKey);
-    setRequiresSign(true);
-  }, [address, storageKey]);
-
-  // Refresh on address change
-  useEffect(() => {
-    checkSiweSignatureValidity();
-  }, [address, checkSiweSignatureValidity]);
-
-  const checkAndWaitForSignature = useCallback((): Promise<SiweSignatureData> => {
-    checkSiweSignatureValidity();
-
-    return new Promise((resolve, reject) => {
-      const interval = setInterval(() => {
-        // Access the latest values via refs
-        if (!requiresSignRef.current && signatureDataRef.current) {
-          clearInterval(interval);
-          resolve(signatureDataRef.current);
-        }
-
-        if (!requiresSignRef.current && !signatureDataRef.current) {
-          clearInterval(interval);
-          reject('User cancelled login request');
-        }
-      }, 100);
-    });
-  }, [checkSiweSignatureValidity]);
+  const checkAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
+    const stored = checkStoredSignature();
+    if (stored) return stored;
+    return signMessage();
+  }, [checkStoredSignature, signMessage]);
 
-  const forceAndWaitForSignature = useCallback((): Promise<SiweSignatureData> => {
-    forceRefreshSiweSignature();
+  const forceRefreshAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
+    localStorage.removeItem(storageKey);
+    return signMessage();
+  }, [storageKey, signMessage]);
 
-    return new Promise((resolve, reject) => {
-      const interval = setInterval(() => {
-        // Access the latest values via refs
-        if (!requiresSignRef.current && signatureDataRef.current) {
-          clearInterval(interval);
-          resolve(signatureDataRef.current);
-        }
-
-        if (!requiresSignRef.current && !signatureDataRef.current) {
-          clearInterval(interval);
-          reject('User cancelled the login request');
-        }
-      }, 100);
-    });
-  }, [forceRefreshSiweSignature]);
+  // ask for signature on address change and on init
+  // useEffect(() => {
+  //   if (address) {
+  //     const stored = checkStoredSignature();
+  //     if (!stored) signMessage();
+  //   }
+  // }, [address, checkStoredSignature, signMessage]);
 
   return {
     requiresSign,
+    handleSign,
+    handleCancel,
     checkAndWaitForSignature,
-    signSiweMessage,
-    forceRefreshSiweSignature: forceAndWaitForSignature,
-    closeModal: () => setRequiresSign(false),
+    forceRefreshAndWaitForSignature,
   };
 }
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 9f1278ea..ae6de216 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -51,7 +51,7 @@ export const SwapPage = () => {
   const [isReady, setIsReady] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
-  const { requiresSign, signSiweMessage, closeModal, forceRefreshSiweSignature, checkAndWaitForSignature } =
+  const { requiresSign, handleSign, handleCancel, checkAndWaitForSignature, forceRefreshAndWaitForSignature } =
     useSiweSignature(address);
 
   // Hook used for services on initialization and pre-offramp check
@@ -85,7 +85,7 @@ export const SwapPage = () => {
     isInitiating,
     signingPhase,
     setIsInitiating,
-  } = useMainProcess({ checkAndWaitForSignature, forceRefreshSiweSignature });
+  } = useMainProcess({ checkAndWaitForSignature, forceRefreshAndWaitForSignature });
 
   // Store the id as it is cleared after the user opens the anchor window
   useEffect(() => {
@@ -340,7 +340,7 @@ export const SwapPage = () => {
 
   const main = (
     <main ref={formRef}>
-      <SignInModal requiresSign={requiresSign} closeModal={closeModal} handleSignIn={signSiweMessage} />
+      <SignInModal requiresSign={requiresSign} closeModal={handleCancel} handleSignIn={handleSign} />
       <SigningBox step={signingPhase} />
       <form
         className="max-w-2xl px-4 py-8 mx-4 mt-12 mb-12 rounded-lg shadow-custom md:mx-auto md:w-2/3 lg:w-3/5 xl:w-1/2"
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 1aacf5fd..92bca79c 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -128,7 +128,7 @@ export const sep10 = async (
   outputToken: OutputTokenType,
   address: `0x${string}` | undefined,
   checkAndWaitForSignature: () => Promise<SiweSignatureData>,
-  forceRefreshSiweSignature: () => Promise<SiweSignatureData>,
+  forceRefreshAndWaitForSignature: () => Promise<SiweSignatureData>,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ token: string; sep10Account: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -175,9 +175,9 @@ export const sep10 = async (
     maybeNonce = signatureData.nonce;
     maybeChallengeSignature = signatureData.signature;
   }
-  // sign both for client_domain + an extra signature for Anclap workaround
+  // sign for client_domain + an signature for memo
   const { masterClientSignature, clientSignature, clientPublic } = await sep10SignaturesWithLoginRefresh(
-    forceRefreshSiweSignature,
+    forceRefreshAndWaitForSignature,
     {
       challengeXDR: transactionSigned.toXDR(),
       outToken: outputToken,

From a6be1ed412d35817b620618a01bf289d9ea9f337 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 12 Nov 2024 16:28:09 -0300
Subject: [PATCH 14/61] better memo derivation, cleaning

---
 .../src/api/services/sep10.service.js         | 17 ++---
 src/services/anchor/index.ts                  | 19 +++---
 yarn.lock                                     | 62 ++++++++++++-------
 3 files changed, 56 insertions(+), 42 deletions(-)

diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index 540c3f3f..fa18e706 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -2,12 +2,18 @@ const { Keypair } = require('stellar-sdk');
 const { TransactionBuilder, Networks } = require('stellar-sdk');
 const { fetchTomlValues } = require('../helpers/anchors');
 const { verifySiweMessage } = require('./siwe.service');
+const { keccak256 } = require('viem/utils');
 
 const { TOKEN_CONFIG } = require('../../constants/tokenConfig');
-const { SEP10_MASTER_SECRET, CLIENT_SECRET } = require('../../constants/constants');
+const { SEP10_MASTER_SECRET, CLIENT_DOMAIN_SECRET } = require('../../constants/constants');
 
 const NETWORK_PASSPHRASE = Networks.PUBLIC;
 
+async function deriveMemoFromAddress(address) {
+  const hash = keccak256(address);
+  return BigInt(hash).toString().slice(0, 15);
+}
+
 // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
 // we can then ensure that the memo is the same as the one we expect from the anchor challenge
 const getAndValidateMemo = async (nonce, userChallengeSignature) => {
@@ -22,17 +28,13 @@ const getAndValidateMemo = async (nonce, userChallengeSignature) => {
     throw new Error(`Could not verify signature: ${e.message}`);
   }
 
-  const memo = deriveMemoFromAddress(message.address);
+  const memo = await deriveMemoFromAddress(message.address);
   return memo;
 };
 
-const deriveMemoFromAddress = (address) => {
-  return address.slice(5, 15).replace(/\D/g, '');
-};
-
 exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, userChallengeSignature, nonce) => {
   const masterStellarKeypair = Keypair.fromSecret(SEP10_MASTER_SECRET);
-  const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_SECRET);
+  const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_DOMAIN_SECRET);
 
   // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
   // we can then ensure that the memo is the same as the one we expect from the anchor challenge
@@ -41,7 +43,6 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   try {
     memo = await getAndValidateMemo(nonce, userChallengeSignature);
   } catch (e) {
-    console.log(e);
     throw new Error(`Could not verify signature or derive memo: ${e.message}`);
   }
 
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 92bca79c..f5d14fb5 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -3,6 +3,7 @@ import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSep10Signatures, fetchSigningServiceAccountId, SignerServiceSep10Request } from '../signingService';
 import { SiweSignatureData } from '../../hooks/useSignChallenge';
+import { keccak256 } from 'viem/utils';
 
 import { config } from '../../config';
 import { OUTPUT_TOKEN_CONFIG } from '../../constants/tokenConfig';
@@ -63,6 +64,12 @@ export const fetchTomlValues = async (TOML_FILE_URL: string): Promise<TomlValues
   };
 };
 
+//A memo derivation. TODO: Secure? how to check for collisions?
+async function deriveMemoFromAddress(address: `0x${string}`) {
+  const hash = keccak256(address);
+  return BigInt(hash).toString().slice(0, 15);
+}
+
 // Return the URLSearchParams and the account (master/omnibus or ephemeral) that was used for SEP-10
 async function getUrlParams(
   ephemeralAccount: string,
@@ -86,7 +93,7 @@ async function getUrlParams(
       urlParams: new URLSearchParams({
         account: sep10Account,
         client_domain: config.applicationClientDomain,
-        memo: deriveMemoFromAddress(address),
+        memo: await deriveMemoFromAddress(address),
       }),
       sep10Account,
     };
@@ -102,14 +109,10 @@ const sep10SignaturesWithLoginRefresh = async (
   args: SignerServiceSep10Request,
 ) => {
   try {
-    console.log(args);
     return await fetchSep10Signatures(args);
   } catch (error: any) {
-    console.log(error.message);
     if (error.message === 'Invalid signature') {
       let { nonce, signature } = await refreshFunction();
-      console.log('new signature', signature);
-      console.log('ne nonce ', nonce);
       let regreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce };
       return await fetchSep10Signatures(regreshedArgs);
     }
@@ -117,11 +120,6 @@ const sep10SignaturesWithLoginRefresh = async (
   }
 };
 
-//TODO A very naive memo derivation for testing. NOT SECURE
-const deriveMemoFromAddress = (address: `0x${string}`) => {
-  return address.slice(5, 15).replace(/\D/g, '');
-};
-
 export const sep10 = async (
   tomlValues: TomlValues,
   stellarEphemeralSecret: string,
@@ -194,7 +192,6 @@ export const sep10 = async (
   if (!usesMemo) {
     transactionSigned.sign(ephemeralKeys);
   } else {
-    console.log(sep10Account);
     transactionSigned.addSignature(sep10Account, masterClientSignature);
   }
 
diff --git a/yarn.lock b/yarn.lock
index 88cefb6b..f9506a42 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5,13 +5,6 @@ __metadata:
   version: 8
   cacheKey: 10
 
-"@adraffy/ens-normalize@npm:^1.10.1":
-  version: 1.11.0
-  resolution: "@adraffy/ens-normalize@npm:1.11.0"
-  checksum: 10/abef75f21470ea43dd6071168e092d2d13e38067e349e76186c78838ae174a46c3e18ca50921d05bea6ec3203074147c9e271f8cb6531d1c2c0e146f3199ddcb
-  languageName: node
-  linkType: hard
-
 "@adraffy/ens-normalize@npm:1.10.1, @adraffy/ens-normalize@npm:^1.8.8":
   version: 1.10.1
   resolution: "@adraffy/ens-normalize@npm:1.10.1"
@@ -19,6 +12,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@adraffy/ens-normalize@npm:^1.10.1":
+  version: 1.11.0
+  resolution: "@adraffy/ens-normalize@npm:1.11.0"
+  checksum: 10/abef75f21470ea43dd6071168e092d2d13e38067e349e76186c78838ae174a46c3e18ca50921d05bea6ec3203074147c9e271f8cb6531d1c2c0e146f3199ddcb
+  languageName: node
+  linkType: hard
+
 "@alloc/quick-lru@npm:^5.2.0":
   version: 5.2.0
   resolution: "@alloc/quick-lru@npm:5.2.0"
@@ -2621,6 +2621,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/curves@npm:1.2.0":
+  version: 1.2.0
+  resolution: "@noble/curves@npm:1.2.0"
+  dependencies:
+    "@noble/hashes": "npm:1.3.2"
+  checksum: 10/94e02e9571a9fd42a3263362451849d2f54405cb3ce9fa7c45bc6b9b36dcd7d1d20e2e1e14cfded24937a13d82f1e60eefc4d7a14982ce0bc219a9fc0f51d1f9
+  languageName: node
+  linkType: hard
+
 "@noble/curves@npm:1.4.0, @noble/curves@npm:^1.3.0, @noble/curves@npm:~1.4.0":
   version: 1.4.0
   resolution: "@noble/curves@npm:1.4.0"
@@ -2646,6 +2655,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@noble/hashes@npm:1.3.2":
+  version: 1.3.2
+  resolution: "@noble/hashes@npm:1.3.2"
+  checksum: 10/685f59d2d44d88e738114b71011d343a9f7dce9dfb0a121f1489132f9247baa60bc985e5ec6f3213d114fbd1e1168e7294644e46cbd0ce2eba37994f28eeb51b
+  languageName: node
+  linkType: hard
+
 "@noble/hashes@npm:1.4.0, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:~1.4.0":
   version: 1.4.0
   resolution: "@noble/hashes@npm:1.4.0"
@@ -2653,7 +2669,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:^1.5.0, @noble/hashes@npm:~1.5.0":
+"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.1.2, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:^1.5.0, @noble/hashes@npm:~1.5.0":
   version: 1.5.0
   resolution: "@noble/hashes@npm:1.5.0"
   checksum: 10/da7fc7af52af7afcf59810a7eea6155075464ff462ffda2572dc6d57d53e2669b1ea2ec774e814f6273f1697e567f28d36823776c9bf7068cba2a2855140f26e
@@ -17401,6 +17417,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ws@npm:8.17.1, ws@npm:~8.17.1":
+  version: 8.17.1
+  resolution: "ws@npm:8.17.1"
+  peerDependencies:
+    bufferutil: ^4.0.1
+    utf-8-validate: ">=5.0.2"
+  peerDependenciesMeta:
+    bufferutil:
+      optional: true
+    utf-8-validate:
+      optional: true
+  checksum: 10/4264ae92c0b3e59c7e309001e93079b26937aab181835fb7af79f906b22cd33b6196d96556dafb4e985742dd401e99139572242e9847661fdbc96556b9e6902d
+  languageName: node
+  linkType: hard
+
 "ws@npm:8.18.0, ws@npm:^8.16.0":
   version: 8.18.0
   resolution: "ws@npm:8.18.0"
@@ -17446,21 +17477,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ws@npm:~8.17.1":
-  version: 8.17.1
-  resolution: "ws@npm:8.17.1"
-  peerDependencies:
-    bufferutil: ^4.0.1
-    utf-8-validate: ">=5.0.2"
-  peerDependenciesMeta:
-    bufferutil:
-      optional: true
-    utf-8-validate:
-      optional: true
-  checksum: 10/4264ae92c0b3e59c7e309001e93079b26937aab181835fb7af79f906b22cd33b6196d96556dafb4e985742dd401e99139572242e9847661fdbc96556b9e6902d
-  languageName: node
-  linkType: hard
-
 "xmlhttprequest-ssl@npm:~2.0.0":
   version: 2.0.0
   resolution: "xmlhttprequest-ssl@npm:2.0.0"

From 9f671b5253535b9b719433065a6ef0b65f5c199f Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 12 Nov 2024 16:34:27 -0300
Subject: [PATCH 15/61] add validators

---
 .../src/api/middlewares/validators.js         | 23 +++++++++++++++++++
 .../src/api/routes/v1/siwe.route.js           |  5 ++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/api/middlewares/validators.js b/signer-service/src/api/middlewares/validators.js
index 70a2c43b..96acfa12 100644
--- a/signer-service/src/api/middlewares/validators.js
+++ b/signer-service/src/api/middlewares/validators.js
@@ -155,6 +155,27 @@ const validateSep10Input = (req, res, next) => {
   next();
 };
 
+const validateSiweCreate = (req, res, next) => {
+  const { walletAddress } = req.body;
+  if (!walletAddress) {
+    return res.status(400).json({ error: 'Missing address: walletAddress' });
+  }
+  next();
+};
+
+const validateSiweValidate = (req, res, next) => {
+  const { nonce, signature } = req.body;
+  if (!signature) {
+    return res.status(400).json({ error: 'Missing signature: signature' });
+  }
+
+  if (!nonce) {
+    return res.status(400).json({ error: 'Missing initial nonce: nonce' });
+  }
+
+  next();
+};
+
 module.exports = {
   validateChangeOpInput,
   validateQuoteInput,
@@ -166,4 +187,6 @@ module.exports = {
   validateRatingInput,
   validateExecuteXCM,
   validateSep10Input,
+  validateSiweCreate,
+  validateSiweValidate,
 };
diff --git a/signer-service/src/api/routes/v1/siwe.route.js b/signer-service/src/api/routes/v1/siwe.route.js
index 5faeac87..ef02ed87 100644
--- a/signer-service/src/api/routes/v1/siwe.route.js
+++ b/signer-service/src/api/routes/v1/siwe.route.js
@@ -1,10 +1,11 @@
 const express = require('express');
 const controller = require('../../controllers/siwe.controller');
+const { validateSiweCreate, validateSiweValidate } = require('../../middlewares/validators');
 
 const router = express.Router({ mergeParams: true });
 
-router.route('/create').post(controller.sendSiweMessage);
+router.route('/create').post(validateSiweCreate, controller.sendSiweMessage);
 
-router.route('/validate').post(controller.validateSiweSignature);
+router.route('/validate').post(validateSiweValidate, controller.validateSiweSignature);
 
 module.exports = router;

From 9f064b999d8f42baedd47904c8a031cf2f574915 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 12 Nov 2024 16:47:27 -0300
Subject: [PATCH 16/61] more cleanup, comments

---
 .../src/api/controllers/stellar.controller.js  | 13 ++++---------
 .../src/api/services/pendulum.service.js       |  1 -
 .../src/api/services/sep10.service.js          | 18 +++++-------------
 3 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index ea7b7e91..bea2f4e3 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -65,15 +65,10 @@ exports.signSep10Challenge = async (req, res, next) => {
   } catch (error) {
     if (error.message.includes('Could not verify signature')) {
       // Distinguish between failed signature check and other errors.
-      try {
-        return res.status(401).json({
-          error: 'Signature validation failed.',
-          details: error.message,
-        });
-      } catch (error) {
-        console.error('Error in signSep10Challenge:', error);
-        return res.status(500).json({ error: 'Failed to sign challenge', details: error.message });
-      }
+      return res.status(401).json({
+        error: 'Signature validation failed.',
+        details: error.message,
+      });
     }
 
     console.error('Error in signSep10Challenge:', error);
diff --git a/signer-service/src/api/services/pendulum.service.js b/signer-service/src/api/services/pendulum.service.js
index 33260db5..f981e0ba 100644
--- a/signer-service/src/api/services/pendulum.service.js
+++ b/signer-service/src/api/services/pendulum.service.js
@@ -100,7 +100,6 @@ exports.sendStatusWithPk = async () => {
         fundingAccountKeypair.address,
         tokenConfig.pendulumCurrencyId,
       );
-      console.log(tokenBalanceResponse?.free?.toString());
 
       const tokenBalance = Big(tokenBalanceResponse?.free?.toString() ?? '0');
       const maximumSubsidyAmountRaw = Big(tokenConfig.maximumSubsidyAmountRaw);
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index fa18e706..94643cd8 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -36,19 +36,12 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   const masterStellarKeypair = Keypair.fromSecret(SEP10_MASTER_SECRET);
   const clientDomainStellarKeypair = Keypair.fromSecret(CLIENT_DOMAIN_SECRET);
 
-  // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
-  // we can then ensure that the memo is the same as the one we expect from the anchor challenge
-
-  let memo;
-  try {
-    memo = await getAndValidateMemo(nonce, userChallengeSignature);
-  } catch (e) {
-    throw new Error(`Could not verify signature or derive memo: ${e.message}`);
-  }
-
   const { signingKey: anchorSigningKey } = await fetchTomlValues(TOKEN_CONFIG[outToken].tomlFileUrl);
   const { homeDomain, clientDomainEnabled, memoEnabled } = TOKEN_CONFIG[outToken];
 
+  // Expected memo based on user's signature and nonce.
+  memo = await getAndValidateMemo(nonce, userChallengeSignature);
+
   const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
   if (transactionSigned.source !== anchorSigningKey) {
     throw new Error(`Invalid source account: ${transactionSigned.source}`);
@@ -58,7 +51,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   }
 
   // See https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#success
-  // memo field should be empty as we assume for the ephemeral case, or the corresponding evm address
+  // memo field should be empty for the ephemeral case, or the corresponding one based on evm address
   // derivation.
   if (transactionSigned.memo.value !== memo) {
     throw new Error('Memo does not match with specified user signature or address. Could not validate.');
@@ -71,8 +64,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
     throw new Error('The first operation should be manageData');
   }
 
-  // Only authorize a session that corresponds with the ephemeral client account
-  // TODO is this really an edge case? Obviously incorrenct, but security concern?
+  // clientPublicKey is either: the ephemeral, or the master account
   if (firstOp.source !== clientPublicKey) {
     throw new Error('First manageData operation must have the client account as the source');
   }

From 4db9ef8801a9495051a64dbf38eaa36be5876c48 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 12 Nov 2024 17:12:54 -0300
Subject: [PATCH 17/61] yet more cleanup

---
 src/components/SignIn/index.tsx | 2 --
 src/hooks/useSignChallenge.ts   | 2 +-
 src/services/anchor/index.ts    | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
index 9eb4987c..a2944ceb 100644
--- a/src/components/SignIn/index.tsx
+++ b/src/components/SignIn/index.tsx
@@ -9,8 +9,6 @@ interface SignInModalProps {
 }
 
 export const SignInModal: FC<SignInModalProps> = ({ requiresSign, closeModal, handleSignIn }) => {
-  const { address } = useAccount();
-
   if (!requiresSign) {
     return null;
   }
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 1b6ca609..f3d15ea6 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -92,7 +92,7 @@ export function useSiweSignature(address?: `0x${string}`) {
       signPromiseRef.current = null;
     }
     setRequiresSign(false);
-  }, []);
+  }, [setRequiresSign]);
 
   const checkAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
     const stored = checkStoredSignature();
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index f5d14fb5..6f118a7f 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -208,7 +208,7 @@ export const sep10 = async (
   const { token } = await jwt.json();
   // print the ephemeral secret, for testing
   renderEvent(
-    `Unique recovery code (Please keep safe in case something fails): ${'testing master account'}`,
+    `Unique recovery code (Please keep safe in case something fails): ${ephemeralKeys.secret()}`,
     EventStatus.Waiting,
   );
   return { token, sep10Account };

From cd844f1ca8d958175324805e8c8267a02d51f5fe Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 13 Nov 2024 15:26:29 -0300
Subject: [PATCH 18/61] lint errors, remove useRef

---
 .../src/api/services/siwe.service.js          |  3 +-
 signer-service/src/constants/constants.js     |  2 +
 src/components/SignIn/index.tsx               |  5 +--
 src/constants/localStorage.ts                 |  2 +-
 src/hooks/useMainProcess.ts                   | 12 +++++-
 src/hooks/useSignChallenge.ts                 | 38 +++++++++----------
 src/pages/swap/index.tsx                      |  2 +-
 src/services/anchor/index.ts                  | 15 ++++----
 8 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index bdedaccf..a8a5990e 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -1,6 +1,7 @@
 const siwe = require('siwe');
 const { createPublicClient, http } = require('viem');
 const { polygon } = require('viem/chains');
+const { DEFAULT_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
 
 // Make constants on config
 const scheme = 'https';
@@ -22,7 +23,7 @@ exports.createAndSendSiweMessage = async (address) => {
     version: '1',
     chainId: polygon.id,
     nonce,
-    expirationTime: new Date(Date.now() + 360 * 60 * 1000).toISOString(),
+    expirationTime: new Date(Date.now() + DEFAULT_EXPIRATION_TIME_HOURS * 60 * 60 * 1000).toISOString(), // Constructor in ms.
   });
   const preparedMessage = siweMessage.toMessage();
   siweMessagesMap.set(nonce, { siweMessage, address });
diff --git a/signer-service/src/constants/constants.js b/signer-service/src/constants/constants.js
index fa44ac84..778df192 100644
--- a/signer-service/src/constants/constants.js
+++ b/signer-service/src/constants/constants.js
@@ -9,6 +9,7 @@ const SUBSIDY_MINIMUM_RATIO_FUND_UNITS = '10'; // 10 Subsidies considering maxim
 const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x0004446021fe650c15fb0b2e046b39130e3bfe36';
 const STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS = '2.5'; // Amount to send to the new stellar ephemeral account created
 const PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS = '0.1'; // Amount to send to the new pendulum ephemeral account created
+const DEFAULT_EXPIRATION_TIME_HOURS = 24;
 
 require('dotenv').config();
 
@@ -35,4 +36,5 @@ module.exports = {
   PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS,
   SEP10_MASTER_SECRET,
   CLIENT_DOMAIN_SECRET,
+  DEFAULT_EXPIRATION_TIME_HOURS,
 };
diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
index a2944ceb..e4ac28aa 100644
--- a/src/components/SignIn/index.tsx
+++ b/src/components/SignIn/index.tsx
@@ -1,11 +1,10 @@
 import { FC } from 'react';
-import { useAccount } from 'wagmi';
 import { Modal } from 'react-daisyui';
 
 interface SignInModalProps {
   requiresSign: boolean;
-  closeModal: any;
-  handleSignIn: any;
+  closeModal: () => void;
+  handleSignIn: () => void;
 }
 
 export const SignInModal: FC<SignInModalProps> = ({ requiresSign, closeModal, handleSignIn }) => {
diff --git a/src/constants/localStorage.ts b/src/constants/localStorage.ts
index df293d32..a3326ca4 100644
--- a/src/constants/localStorage.ts
+++ b/src/constants/localStorage.ts
@@ -10,7 +10,7 @@ export const storageKeys = {
   ANCHOR_SESSION_PARAMS: 'ANCHOR_SESSION_PARAMS',
   STELLAR_OPERATIONS: 'STELLAR_OPERATIONS',
   TOKEN_BRIDGED_AMOUNT: 'TOKEN_BRIDGED_AMOUNT',
-  SIWE_SIGNATURE_KEY_PREFIX: 'siwe-signature-',
+  SIWE_SIGNATURE_KEY_PREFIX: 'SIWE_SIGNATURE_',
 
   // Internal squidrouter recovery states
   SQUIDROUTER_RECOVERY_STATE: 'SQUIDROUTER_TRANSACTION_STATE',
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 992e1e10..80452cc1 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -167,7 +167,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
           setAnchorSessionParams(anchorSessionParams);
 
           const fetchAndUpdateSep24Url = async () => {
-            const firstSep24Response = await sep24First(anchorSessionParams, sep10Account, outputTokenType, address);
+            const firstSep24Response = await sep24First(anchorSessionParams, sep10Account, outputTokenType);
             const url = new URL(firstSep24Response.url);
             url.searchParams.append('callback', 'postMessage');
             firstSep24Response.url = url.toString();
@@ -195,7 +195,15 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
         }
       })();
     },
-    [offrampingStarted, offrampingState, switchChain, trackEvent, address],
+    [
+      offrampingStarted,
+      offrampingState,
+      switchChain,
+      trackEvent,
+      address,
+      checkAndWaitForSignature,
+      forceRefreshAndWaitForSignature,
+    ],
   );
 
   const handleOnAnchorWindowOpen = useCallback(async () => {
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index f3d15ea6..88d5d2e6 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -1,4 +1,4 @@
-import { useEffect, useState, useCallback, useRef } from 'react';
+import { useEffect, useState, useCallback } from 'react';
 import { useSignMessage } from 'wagmi';
 import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
@@ -16,7 +16,7 @@ export function useSiweSignature(address?: `0x${string}`) {
 
   // Used to wait for the modal interaction and/or return of the
   // signing promise.
-  const signPromiseRef = useRef<{
+  const [signPromise, setSignPromise] = useState<{
     resolve: (data: SiweSignatureData) => void;
     reject: (reason: Error) => void;
   } | null>(null);
@@ -40,13 +40,13 @@ export function useSiweSignature(address?: `0x${string}`) {
 
   const signMessage = useCallback((): Promise<SiweSignatureData> => {
     return new Promise((resolve, reject) => {
-      signPromiseRef.current = { resolve, reject };
+      setSignPromise({ resolve, reject });
       setRequiresSign(true);
     });
-  }, [setRequiresSign]);
+  }, [setRequiresSign, setSignPromise]);
 
   const handleSign = useCallback(async () => {
-    if (!address || !signPromiseRef.current) return;
+    if (!address || !signPromise) return;
 
     try {
       const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
@@ -76,23 +76,23 @@ export function useSiweSignature(address?: `0x${string}`) {
       };
 
       localStorage.setItem(storageKey, JSON.stringify(signatureData));
-      signPromiseRef.current.resolve(signatureData);
+      signPromise.resolve(signatureData);
     } catch (error) {
-      signPromiseRef.current.reject(new Error('Signing failed'));
+      signPromise.reject(new Error('Signing failed'));
     } finally {
       setRequiresSign(false);
-      signPromiseRef.current = null;
+      setSignPromise(null);
     }
-  }, [address, signMessageAsync, storageKey]);
+  }, [address, storageKey, signMessageAsync, signPromise, setRequiresSign, setSignPromise]);
 
   // Handler for modal cancellation
   const handleCancel = useCallback(() => {
-    if (signPromiseRef.current) {
-      signPromiseRef.current.reject(new Error('User cancelled'));
-      signPromiseRef.current = null;
+    if (signPromise) {
+      signPromise.reject(new Error('User cancelled'));
+      setSignPromise(null);
     }
     setRequiresSign(false);
-  }, [setRequiresSign]);
+  }, [signPromise, setRequiresSign, setSignPromise]);
 
   const checkAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
     const stored = checkStoredSignature();
@@ -106,12 +106,12 @@ export function useSiweSignature(address?: `0x${string}`) {
   }, [storageKey, signMessage]);
 
   // ask for signature on address change and on init
-  // useEffect(() => {
-  //   if (address) {
-  //     const stored = checkStoredSignature();
-  //     if (!stored) signMessage();
-  //   }
-  // }, [address, checkStoredSignature, signMessage]);
+  useEffect(() => {
+    if (address) {
+      const stored = checkStoredSignature();
+      if (!stored) signMessage();
+    }
+  }, [address, checkStoredSignature, signMessage]);
 
   return {
     requiresSign,
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 31c6e78e..5ce272d3 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -50,7 +50,7 @@ export const SwapPage = () => {
   const [api, setApi] = useState<ApiPromise | null>(null);
   const { isDisconnected, address } = useAccount();
   const [initializeFailed, setInitializeFailed] = useState(false);
-  const [isReady, setIsReady] = useState(false);
+  const [, setIsReady] = useState(false);
   const [showCompareFees, setShowCompareFees] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 6f118a7f..2f481ad5 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -1,4 +1,4 @@
-import { Transaction, Keypair, Networks, Signer } from 'stellar-sdk';
+import { Transaction, Keypair, Networks } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSep10Signatures, fetchSigningServiceAccountId, SignerServiceSep10Request } from '../signingService';
@@ -110,11 +110,11 @@ const sep10SignaturesWithLoginRefresh = async (
 ) => {
   try {
     return await fetchSep10Signatures(args);
-  } catch (error: any) {
-    if (error.message === 'Invalid signature') {
-      let { nonce, signature } = await refreshFunction();
-      let regreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce };
-      return await fetchSep10Signatures(regreshedArgs);
+  } catch (error: unknown) {
+    if (error instanceof Error && error.message === 'Invalid signature') {
+      const { nonce, signature } = await refreshFunction();
+      const refreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce };
+      return await fetchSep10Signatures(refreshedArgs);
     }
     throw new Error('Could not fetch sep 10 signatures from backend');
   }
@@ -162,7 +162,7 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  let signatureData = await checkAndWaitForSignature();
+  const signatureData = await checkAndWaitForSignature();
   if (!signatureData) {
     throw new Error('Invalid stored challenge signature');
   }
@@ -218,7 +218,6 @@ export async function sep24First(
   sessionParams: IAnchorSessionParams,
   sep10Account: string,
   outputToken: OutputTokenType,
-  address: `0x${string}` | undefined,
 ): Promise<ISep24Intermediate> {
   if (config.test.mockSep24) {
     return { url: 'https://www.example.com', id: '1234' };

From 2b18ed0e98f49a67b5da535b9951007540f24cc3 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Thu, 14 Nov 2024 08:39:41 -0300
Subject: [PATCH 19/61] initialization failed state on handleOnSumbit fail

---
 signer-service/src/api/services/sep10.service.js | 4 ++--
 src/hooks/useMainProcess.ts                      | 7 +++++--
 src/pages/swap/index.tsx                         | 1 +
 src/services/anchor/index.ts                     | 7 ++-----
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index 94643cd8..42c9a42f 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -16,7 +16,7 @@ async function deriveMemoFromAddress(address) {
 
 // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
 // we can then ensure that the memo is the same as the one we expect from the anchor challenge
-const getAndValidateMemo = async (nonce, userChallengeSignature) => {
+const validateSignatureAndGetMemo = async (nonce, userChallengeSignature) => {
   if (!userChallengeSignature || !nonce) {
     return null; // Default memo value when single stellar account is used
   }
@@ -40,7 +40,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   const { homeDomain, clientDomainEnabled, memoEnabled } = TOKEN_CONFIG[outToken];
 
   // Expected memo based on user's signature and nonce.
-  memo = await getAndValidateMemo(nonce, userChallengeSignature);
+  memo = await validateSignatureAndGetMemo(nonce, userChallengeSignature);
 
   const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
   if (transactionSigned.source !== anchorSigningKey) {
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 80452cc1..d0d33246 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -1,4 +1,4 @@
-import { useState, useEffect, useCallback, useRef } from 'preact/compat';
+import { useState, useEffect, useCallback, useRef, StateUpdater } from 'preact/compat';
 
 // Configs, Types, constants
 import { createStellarEphemeralSecret, sep24First } from '../services/anchor';
@@ -30,6 +30,7 @@ export interface ExecutionInput {
   outputTokenType: OutputTokenType;
   amountInUnits: string;
   offrampAmount: Big;
+  setInitializeFailed: StateUpdater<boolean>;
 }
 
 interface UseMainProcessProps {
@@ -118,7 +119,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
   // Main submit handler. Offramp button.
   const handleOnSubmit = useCallback(
     (executionInput: ExecutionInput) => {
-      const { inputTokenType, amountInUnits, outputTokenType, offrampAmount } = executionInput;
+      const { inputTokenType, amountInUnits, outputTokenType, offrampAmount, setInitializeFailed } = executionInput;
 
       if (offrampingStarted || offrampingState !== undefined) {
         setIsInitiating(false);
@@ -181,6 +182,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
               await fetchAndUpdateSep24Url();
             } catch (error) {
               console.error('Some error occurred finalizing the initial state of the offramping process', error);
+              setInitializeFailed(true);
               setOfframpingStarted(false);
               cleanSep24FirstVariables();
             }
@@ -190,6 +192,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
           executeFinishInitialState().finally(() => setIsInitiating(false));
         } catch (error) {
           console.error('Some error occurred initializing the offramping process', error);
+          setInitializeFailed(true);
           setOfframpingStarted(false);
           setIsInitiating(false);
         }
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 5ce272d3..76d9d2ea 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -182,6 +182,7 @@ export const SwapPage = () => {
           outputTokenType: to as OutputTokenType,
           amountInUnits: fromAmountString,
           offrampAmount: tokenOutAmountData.roundedDownQuotedAmountOut,
+          setInitializeFailed,
         });
       })
       .catch((_error) => {
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 2f481ad5..898d0d75 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -162,14 +162,11 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  const signatureData = await checkAndWaitForSignature();
-  if (!signatureData) {
-    throw new Error('Invalid stored challenge signature');
-  }
   // undefined if not using memo
   let maybeNonce;
   let maybeChallengeSignature;
-  if (signatureData && usesMemo) {
+  if (usesMemo) {
+    const signatureData = await checkAndWaitForSignature();
     maybeNonce = signatureData.nonce;
     maybeChallengeSignature = signatureData.signature;
   }

From 22f23390e28bbcb3393dc5eacec4fa8ad5f68486 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 15 Nov 2024 11:47:47 -0300
Subject: [PATCH 20/61] move siwe to context

---
 src/contexts/siwe.tsx       | 23 +++++++++++++++++++++++
 src/hooks/useMainProcess.ts |  9 +++------
 src/main.tsx                | 25 +++++++++++++------------
 src/pages/swap/index.tsx    |  7 +++----
 4 files changed, 42 insertions(+), 22 deletions(-)
 create mode 100644 src/contexts/siwe.tsx

diff --git a/src/contexts/siwe.tsx b/src/contexts/siwe.tsx
new file mode 100644
index 00000000..d65c38a4
--- /dev/null
+++ b/src/contexts/siwe.tsx
@@ -0,0 +1,23 @@
+import { useAccount } from 'wagmi';
+import { useSiweSignature } from '../hooks/useSignChallenge';
+import { createContext } from 'preact';
+import { PropsWithChildren, useContext } from 'preact/compat';
+
+type UseSiweContext = ReturnType<typeof useSiweSignature>;
+const SiweContext = createContext<UseSiweContext | undefined>(undefined);
+
+export const useSiweContext = () => {
+  const contextValue = useContext(SiweContext);
+  if (contextValue === undefined) {
+    throw new Error('Context must be inside a Provider');
+  }
+
+  return contextValue;
+};
+
+export const SiweProvider = ({ children }: PropsWithChildren) => {
+  const { address } = useAccount();
+  const siweSignature = useSiweSignature(address);
+
+  return <SiweContext.Provider value={siweSignature}>{children}</SiweContext.Provider>;
+};
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index d0d33246..061acbbd 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -23,6 +23,7 @@ import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
 import { OFFRAMPING_PHASE_SECONDS } from '../pages/progress';
 import { SiweSignatureData } from './useSignChallenge';
+import { useSiweContext } from '../contexts/siwe';
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
 export interface ExecutionInput {
@@ -33,14 +34,9 @@ export interface ExecutionInput {
   setInitializeFailed: StateUpdater<boolean>;
 }
 
-interface UseMainProcessProps {
-  checkAndWaitForSignature: () => Promise<SiweSignatureData>;
-  forceRefreshAndWaitForSignature: () => Promise<SiweSignatureData>;
-}
-
 type ExtendedExecutionInput = ExecutionInput & { stellarEphemeralSecret: string };
 
-export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitForSignature }: UseMainProcessProps) => {
+export const useMainProcess = () => {
   // EXAMPLE mocking states
 
   // Approval already performed (scenario: service shut down after sending approval but before getting it's confirmation)
@@ -68,6 +64,7 @@ export const useMainProcess = ({ checkAndWaitForSignature, forceRefreshAndWaitFo
   const { address } = useAccount();
   const { switchChain } = useSwitchChain();
   const { trackEvent, resetUniqueEvents } = useEventsContext();
+  const { checkAndWaitForSignature, forceRefreshAndWaitForSignature } = useSiweContext();
 
   const [, setEvents] = useState<GenericEvent[]>([]);
 
diff --git a/src/main.tsx b/src/main.tsx
index 766debaa..991ebc50 100644
--- a/src/main.tsx
+++ b/src/main.tsx
@@ -13,6 +13,7 @@ import { App } from './app';
 import { GlobalStateContext, GlobalStateProvider } from './GlobalStateProvider';
 import { wagmiConfig } from './wagmiConfig';
 import { EventsProvider } from './contexts/events';
+import { SiweProvider } from './contexts/siwe';
 import * as Sentry from '@sentry/react';
 import { config } from './config';
 
@@ -35,12 +36,12 @@ Sentry.init({
 });
 
 render(
-  <QueryClientProvider client={queryClient}>
-    <BrowserRouter>
-      <WagmiProvider config={wagmiConfig}>
-        <QueryClientProvider client={queryClient}>
-          <RainbowKitProvider>
-            <EventsProvider>
+  <BrowserRouter>
+    <WagmiProvider config={wagmiConfig}>
+      <QueryClientProvider client={queryClient}>
+        <RainbowKitProvider>
+          <EventsProvider>
+            <SiweProvider>
               <GlobalStateProvider>
                 <GlobalStateContext.Consumer>
                   {() => {
@@ -48,11 +49,11 @@ render(
                   }}
                 </GlobalStateContext.Consumer>
               </GlobalStateProvider>
-            </EventsProvider>
-          </RainbowKitProvider>
-        </QueryClientProvider>
-      </WagmiProvider>
-    </BrowserRouter>
-  </QueryClientProvider>,
+            </SiweProvider>
+          </EventsProvider>
+        </RainbowKitProvider>
+      </QueryClientProvider>
+    </WagmiProvider>
+  </BrowserRouter>,
   document.getElementById('app') as HTMLElement,
 );
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 76d9d2ea..7c17208d 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -37,7 +37,7 @@ import { SPACEWALK_REDEEM_SAFETY_MARGIN } from '../../constants/constants';
 import { FeeComparison } from '../../components/FeeComparison';
 
 import { SignInModal } from '../../components/SignIn';
-import { useSiweSignature } from '../../hooks/useSignChallenge';
+import { useSiweContext } from '../../contexts/siwe';
 
 const Arrow = () => (
   <div className="flex justify-center w-full my-5">
@@ -54,8 +54,7 @@ export const SwapPage = () => {
   const [showCompareFees, setShowCompareFees] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
-  const { requiresSign, handleSign, handleCancel, checkAndWaitForSignature, forceRefreshAndWaitForSignature } =
-    useSiweSignature(address);
+  const { requiresSign, handleSign, handleCancel } = useSiweContext();
 
   // Hook used for services on initialization and pre-offramp check
   // That is why no dependencies are used
@@ -88,7 +87,7 @@ export const SwapPage = () => {
     isInitiating,
     signingPhase,
     setIsInitiating,
-  } = useMainProcess({ checkAndWaitForSignature, forceRefreshAndWaitForSignature });
+  } = useMainProcess();
 
   // Store the id as it is cleared after the user opens the anchor window
   useEffect(() => {

From c6d74f2be9c113219c2a0ef5b91ee084bcc0ad39 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 15 Nov 2024 12:42:57 -0300
Subject: [PATCH 21/61] cancel sep24 first on token selection change

---
 signer-service/src/api/services/siwe.service.js |  2 +-
 src/hooks/useMainProcess.ts                     | 10 ++++++++++
 src/pages/swap/index.tsx                        |  6 +++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index a8a5990e..11d7a02a 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -6,7 +6,7 @@ const { DEFAULT_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
 // Make constants on config
 const scheme = 'https';
 const domain = 'satoshipay.io';
-const origin = 'https://vortex.com';
+const origin = 'https://app.vortexfinance.co';
 const statement = 'Please sign the message to login!';
 
 // Map that will hold the siwe messages sent + nonce we defined
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 061acbbd..921120d4 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -299,6 +299,15 @@ export const useMainProcess = () => {
     wagmiConfig.state.status, // wagmiConfig is a mutable object so we need to list wagmiConfig.state.status here
   ]);
 
+  const maybeCancelSep24First = useCallback(() => {
+    // Check if the SEP-24 second process is in the waiting state (user has not opened window yet)
+    // only then we allow cancelling.
+    if (sep24FirstIntervalRef.current !== undefined) {
+      setOfframpingStarted(false);
+      cleanSep24FirstVariables();
+    }
+  }, [setOfframpingStarted, cleanSep24FirstVariables]);
+
   return {
     handleOnSubmit,
     firstSep24ResponseState,
@@ -310,5 +319,6 @@ export const useMainProcess = () => {
     continueFailedFlow,
     handleOnAnchorWindowOpen,
     signingPhase,
+    maybeCancelSep24First,
   };
 };
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 7c17208d..155bf06c 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -87,6 +87,7 @@ export const SwapPage = () => {
     isInitiating,
     signingPhase,
     setIsInitiating,
+    maybeCancelSep24First,
   } = useMainProcess();
 
   // Store the id as it is cleared after the user opens the anchor window
@@ -315,7 +316,10 @@ export const SwapPage = () => {
       <TermsAndConditions />
       <PoolSelectorModal
         open={!!modalType}
-        onSelect={modalType === 'from' ? onFromChange : onToChange}
+        onSelect={(token) => {
+          modalType === 'from' ? onFromChange(token) : onToChange(token);
+          maybeCancelSep24First();
+        }}
         definitions={definitions}
         selected={modalType === 'from' ? from : to}
         onClose={() => setModalType(undefined)}

From e12b1fe126ae3e4fede2b7648c0f6b8421827cce Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 15 Nov 2024 20:46:53 -0300
Subject: [PATCH 22/61] wip store signature as auth cookie

---
 signer-service/package.json                   |   1 +
 .../src/api/controllers/siwe.controller.js    |  14 +
 .../src/api/controllers/stellar.controller.js |  17 +-
 signer-service/src/config/express.js          |  74 +--
 signer-service/yarn.lock                      | 539 +++++++++---------
 src/constants/constants.ts                    |   2 +-
 src/hooks/useSignChallenge.ts                 |  33 +-
 src/services/anchor/index.ts                  |  23 +-
 src/services/signingService.tsx               |   9 +-
 9 files changed, 367 insertions(+), 345 deletions(-)

diff --git a/signer-service/package.json b/signer-service/package.json
index 2b6a4ddd..73694f6c 100644
--- a/signer-service/package.json
+++ b/signer-service/package.json
@@ -26,6 +26,7 @@
     "big.js": "^6.2.1",
     "body-parser": "^1.17.0",
     "compression": "^1.6.2",
+    "cookie-parser": "^1.4.7",
     "cors": "^2.8.3",
     "cross-env": "^7.0.3",
     "dotenv": "^16.4.5",
diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 57236fa4..7695e3f8 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -1,4 +1,5 @@
 const { createAndSendSiweMessage, verifySiweMessage } = require('../services/siwe.service');
+const { DEFAULT_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
 
 exports.sendSiweMessage = async (req, res) => {
   const { walletAddress } = req.body;
@@ -18,6 +19,19 @@ exports.validateSiweSignature = async (req, res) => {
   const { nonce, signature } = req.body;
   try {
     await verifySiweMessage(nonce, signature);
+
+    const token = {
+      nonce,
+      signature,
+    };
+
+    res.cookie('authTokenSignature', token, {
+      httpOnly: true,
+      secure: false,
+      sameSite: 'Strict',
+      maxAge: DEFAULT_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
+    });
+
     return res.status(200).json({ message: 'Signature is valid' });
   } catch (e) {
     console.error(e);
diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index bea2f4e3..b179dc3a 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -54,12 +54,25 @@ exports.changeOpTransaction = async (req, res, next) => {
 
 exports.signSep10Challenge = async (req, res, next) => {
   try {
+    let maybeChallengeSignature;
+    let maybeNonce;
+    if (req.cookies?.authTokenSignature) {
+      maybeChallengeSignature = req.cookies.authTokenSignature.signature;
+      maybeNonce = req.cookies.authTokenSignature.nonce;
+    }
+
+    if (Boolean(req.body.memo) && (!maybeChallengeSignature || !maybeNonce)) {
+      return res.status(401).json({
+        error: 'Missing signature or nonce',
+      });
+    }
+
     let { masterClientSignature, masterClientPublic, clientSignature, clientPublic } = await signSep10Challenge(
       req.body.challengeXDR,
       req.body.outToken,
       req.body.clientPublicKey,
-      req.body.maybeChallengeSignature,
-      req.body.maybeNonce,
+      maybeChallengeSignature,
+      maybeNonce,
     );
     return res.json({ masterClientSignature, masterClientPublic, clientSignature, clientPublic });
   } catch (error) {
diff --git a/signer-service/src/config/express.js b/signer-service/src/config/express.js
index af0d00e9..b5530e23 100644
--- a/signer-service/src/config/express.js
+++ b/signer-service/src/config/express.js
@@ -9,6 +9,7 @@ const rateLimit = require('express-rate-limit');
 const routes = require('../api/routes/v1');
 const { logs, rateLimitMaxRequests, rateLimitNumberOfProxies, rateLimitWindowMinutes } = require('./vars');
 const error = require('../api/middlewares/error');
+const cookieParser = require('cookie-parser');
 
 /**
  * Express instance
@@ -16,56 +17,59 @@ const error = require('../api/middlewares/error');
  */
 const app = express();
 
-// enable rate limiting
-// Set number of expected proxies
-app.set('trust proxy', rateLimitNumberOfProxies);
-// Define rate limiter
-const limiter = rateLimit({
-  windowMs: rateLimitWindowMinutes * 60 * 1000,
-  max: rateLimitMaxRequests, // Limit each IP to <amount> requests per `window`
-  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
-  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
-});
-app.use(limiter);
+app.use(
+  cors({
+    origin: 'http://localhost:5173',
+    credentials: true,
+  }),
+);
+
+app.use(express.json());
+app.use(cookieParser());
+
+// // enable rate limiting
+// // Set number of expected proxies
+// app.set('trust proxy', rateLimitNumberOfProxies);
+// // Define rate limiter
+// const limiter = rateLimit({
+//   windowMs: rateLimitWindowMinutes * 60 * 1000,
+//   max: rateLimitMaxRequests, // Limit each IP to <amount> requests per `window`
+//   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+//   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+// });
+// app.use(limiter);
 
 // request logging. dev: console | production: file
-app.use(morgan(logs));
+// app.use(morgan(logs));
 
-// parse body params and attach them to req.body
-app.use(bodyParser.json());
-app.use(bodyParser.urlencoded({ extended: true }));
+// // parse body params and attach them to req.body
+// app.use(bodyParser.json());
+// app.use(bodyParser.urlencoded({ extended: true }));
 
-// gzip compression
-app.use(compress());
+// // gzip compression
+// app.use(compress());
 
 // lets you use HTTP verbs such as PUT or DELETE
 // in places where the client doesn't support it
-app.use(methodOverride());
+//app.use(methodOverride());
 
 // secure apps by setting various HTTP headers
-app.use(helmet());
+// app.use(helmet({
+//   contentSecurityPolicy: false, // Disable CSP if it's causing issues
+// }));
 
-// enable CORS - Cross Origin Resource Sharing
-app.use(cors());
-
-app.use(
-  cors({
-    origin: '*',
-    methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-    allowedHeaders: 'Content-Type,Authorization',
-  }),
-);
+//app.options('/v1', cors()); // Handle OPTIONS requests
 
 // mount api token routes
 app.use('/v1', routes);
 
-// if error is not an instanceOf APIError, convert it.
-app.use(error.converter);
+// // if error is not an instanceOf APIError, convert it.
+// app.use(error.converter);
 
-// catch 404 and forward to error handler
-app.use(error.notFound);
+// // catch 404 and forward to error handler
+// app.use(error.notFound);
 
-// error handler, send stacktrace only during development
-app.use(error.handler);
+// // error handler, send stacktrace only during development
+// app.use(error.handler);
 
 module.exports = app;
diff --git a/signer-service/yarn.lock b/signer-service/yarn.lock
index 6dcf088c..cb59178a 100644
--- a/signer-service/yarn.lock
+++ b/signer-service/yarn.lock
@@ -5,13 +5,6 @@ __metadata:
   version: 8
   cacheKey: 10
 
-"@adraffy/ens-normalize@npm:1.10.0":
-  version: 1.10.0
-  resolution: "@adraffy/ens-normalize@npm:1.10.0"
-  checksum: 10/5cdb5d2a9c9f8c0a71a7bb830967da0069cae1f1235cd41ae11147e4000f368f6958386e622cd4d52bf45c1ed3f8275056b387cba28902b83354e40ff323ecde
-  languageName: node
-  linkType: hard
-
 "@adraffy/ens-normalize@npm:1.10.1":
   version: 1.10.1
   resolution: "@adraffy/ens-normalize@npm:1.10.1"
@@ -19,6 +12,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@adraffy/ens-normalize@npm:^1.10.1":
+  version: 1.11.0
+  resolution: "@adraffy/ens-normalize@npm:1.11.0"
+  checksum: 10/abef75f21470ea43dd6071168e092d2d13e38067e349e76186c78838ae174a46c3e18ca50921d05bea6ec3203074147c9e271f8cb6531d1c2c0e146f3199ddcb
+  languageName: node
+  linkType: hard
+
 "@babel/code-frame@npm:7.12.11":
   version: 7.12.11
   resolution: "@babel/code-frame@npm:7.12.11"
@@ -29,31 +29,32 @@ __metadata:
   linkType: hard
 
 "@babel/code-frame@npm:^7.0.0":
-  version: 7.24.7
-  resolution: "@babel/code-frame@npm:7.24.7"
+  version: 7.26.2
+  resolution: "@babel/code-frame@npm:7.26.2"
   dependencies:
-    "@babel/highlight": "npm:^7.24.7"
+    "@babel/helper-validator-identifier": "npm:^7.25.9"
+    js-tokens: "npm:^4.0.0"
     picocolors: "npm:^1.0.0"
-  checksum: 10/4812e94885ba7e3213d49583a155fdffb05292330f0a9b2c41b49288da70cf3c746a3fda0bf1074041a6d741c33f8d7be24be5e96f41ef77395eeddc5c9ff624
+  checksum: 10/db2c2122af79d31ca916755331bb4bac96feb2b334cdaca5097a6b467fdd41963b89b14b6836a14f083de7ff887fc78fa1b3c10b14e743d33e12dbfe5ee3d223
   languageName: node
   linkType: hard
 
-"@babel/helper-validator-identifier@npm:^7.24.7":
-  version: 7.24.7
-  resolution: "@babel/helper-validator-identifier@npm:7.24.7"
-  checksum: 10/86875063f57361471b531dbc2ea10bbf5406e12b06d249b03827d361db4cad2388c6f00936bcd9dc86479f7e2c69ea21412c2228d4b3672588b754b70a449d4b
+"@babel/helper-validator-identifier@npm:^7.25.9":
+  version: 7.25.9
+  resolution: "@babel/helper-validator-identifier@npm:7.25.9"
+  checksum: 10/3f9b649be0c2fd457fa1957b694b4e69532a668866b8a0d81eabfa34ba16dbf3107b39e0e7144c55c3c652bf773ec816af8df4a61273a2bb4eb3145ca9cf478e
   languageName: node
   linkType: hard
 
-"@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.24.7":
-  version: 7.24.7
-  resolution: "@babel/highlight@npm:7.24.7"
+"@babel/highlight@npm:^7.10.4":
+  version: 7.25.9
+  resolution: "@babel/highlight@npm:7.25.9"
   dependencies:
-    "@babel/helper-validator-identifier": "npm:^7.24.7"
+    "@babel/helper-validator-identifier": "npm:^7.25.9"
     chalk: "npm:^2.4.2"
     js-tokens: "npm:^4.0.0"
     picocolors: "npm:^1.0.0"
-  checksum: 10/69b73f38cdd4f881b09b939a711e76646da34f4834f4ce141d7a49a6bb1926eab1c594148970a8aa9360398dff800f63aade4e81fafdd7c8d8a8489ea93bfec1
+  checksum: 10/0d165283dd4eb312292cea8fec3ae0d376874b1885f476014f0136784ed5b564b2c2ba2d270587ed546ee92505056dab56493f7960c01c4e6394d71d1b2e7db6
   languageName: node
   linkType: hard
 
@@ -149,16 +150,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/curves@npm:1.4.0":
-  version: 1.4.0
-  resolution: "@noble/curves@npm:1.4.0"
-  dependencies:
-    "@noble/hashes": "npm:1.4.0"
-  checksum: 10/b21b30a36ff02bfcc0f5e6163d245cdbaf7f640511fff97ccf83fc207ee79cfd91584b4d97977374de04cb118a55eb63a7964c82596a64162bbc42bc685ae6d9
-  languageName: node
-  linkType: hard
-
-"@noble/curves@npm:^1.3.0, @noble/curves@npm:^1.4.0":
+"@noble/curves@npm:1.6.0, @noble/curves@npm:^1.3.0, @noble/curves@npm:^1.4.0, @noble/curves@npm:^1.6.0, @noble/curves@npm:~1.6.0":
   version: 1.6.0
   resolution: "@noble/curves@npm:1.6.0"
   dependencies:
@@ -167,15 +159,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/curves@npm:~1.4.0":
-  version: 1.4.2
-  resolution: "@noble/curves@npm:1.4.2"
-  dependencies:
-    "@noble/hashes": "npm:1.4.0"
-  checksum: 10/f433a2e8811ae345109388eadfa18ef2b0004c1f79417553241db4f0ad0d59550be6298a4f43d989c627e9f7551ffae6e402a4edf0173981e6da95fc7cab5123
-  languageName: node
-  linkType: hard
-
 "@noble/hashes@npm:1.3.2":
   version: 1.3.2
   resolution: "@noble/hashes@npm:1.3.2"
@@ -183,14 +166,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@noble/hashes@npm:1.4.0, @noble/hashes@npm:~1.4.0":
-  version: 1.4.0
-  resolution: "@noble/hashes@npm:1.4.0"
-  checksum: 10/e156e65794c473794c52fa9d06baf1eb20903d0d96719530f523cc4450f6c721a957c544796e6efd0197b2296e7cd70efeb312f861465e17940a3e3c7e0febc6
-  languageName: node
-  linkType: hard
-
-"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.1.2, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:~1.5.0":
+"@noble/hashes@npm:1.5.0, @noble/hashes@npm:^1.1.2, @noble/hashes@npm:^1.3.1, @noble/hashes@npm:^1.3.3, @noble/hashes@npm:^1.4.0, @noble/hashes@npm:^1.5.0, @noble/hashes@npm:~1.5.0":
   version: 1.5.0
   resolution: "@noble/hashes@npm:1.5.0"
   checksum: 10/da7fc7af52af7afcf59810a7eea6155075464ff462ffda2572dc6d57d53e2669b1ea2ec774e814f6273f1697e567f28d36823776c9bf7068cba2a2855140f26e
@@ -227,6 +203,7 @@ __metadata:
     big.js: "npm:^6.2.1"
     body-parser: "npm:^1.17.0"
     compression: "npm:^1.6.2"
+    cookie-parser: "npm:^1.4.7"
     cors: "npm:^2.8.3"
     cross-env: "npm:^7.0.3"
     dotenv: "npm:^16.4.5"
@@ -403,27 +380,27 @@ __metadata:
   linkType: hard
 
 "@polkadot/keyring@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/keyring@npm:13.2.2"
+  version: 13.2.3
+  resolution: "@polkadot/keyring@npm:13.2.3"
   dependencies:
-    "@polkadot/util": "npm:13.2.2"
-    "@polkadot/util-crypto": "npm:13.2.2"
+    "@polkadot/util": "npm:13.2.3"
+    "@polkadot/util-crypto": "npm:13.2.3"
     tslib: "npm:^2.8.0"
   peerDependencies:
-    "@polkadot/util": 13.2.2
-    "@polkadot/util-crypto": 13.2.2
-  checksum: 10/552972c5e4c26f8a95dbb18552cbcfb04c87e085022153a705025987bb77655dc6c32709ea4b8300ebe74945a32b7f8a88ab50460d1962b847335daeae19bda1
+    "@polkadot/util": 13.2.3
+    "@polkadot/util-crypto": 13.2.3
+  checksum: 10/c89cbdd3830f54cabcfde01527b7597a215b39dd7f26a374b1f0f43051fb0443385607548528c0b11eb42ca05d90569f38b13aeeed25858ccfa7ecf1d7345a21
   languageName: node
   linkType: hard
 
-"@polkadot/networks@npm:13.2.2, @polkadot/networks@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/networks@npm:13.2.2"
+"@polkadot/networks@npm:13.2.3, @polkadot/networks@npm:^13.1.1":
+  version: 13.2.3
+  resolution: "@polkadot/networks@npm:13.2.3"
   dependencies:
-    "@polkadot/util": "npm:13.2.2"
+    "@polkadot/util": "npm:13.2.3"
     "@substrate/ss58-registry": "npm:^1.51.0"
     tslib: "npm:^2.8.0"
-  checksum: 10/a1282e7104ed0c3ca0c8b42db115fa95ae99e03ea878e1837db92b04fada55c0ed7a55a63c2d36d248ec467e471e72c49026f75233eddd7dbd7037e3a1c81bb2
+  checksum: 10/83c4d6321b67c8a5eaf55189dba2180e49600d12ebd55fe861780241fbe8969c972a8b184c91b64a03880c74502889f35ec2eef124f7288e27f2e77ecc4f5e39
   languageName: node
   linkType: hard
 
@@ -552,38 +529,38 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@polkadot/util-crypto@npm:13.2.2, @polkadot/util-crypto@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/util-crypto@npm:13.2.2"
+"@polkadot/util-crypto@npm:13.2.3, @polkadot/util-crypto@npm:^13.1.1":
+  version: 13.2.3
+  resolution: "@polkadot/util-crypto@npm:13.2.3"
   dependencies:
     "@noble/curves": "npm:^1.3.0"
     "@noble/hashes": "npm:^1.3.3"
-    "@polkadot/networks": "npm:13.2.2"
-    "@polkadot/util": "npm:13.2.2"
+    "@polkadot/networks": "npm:13.2.3"
+    "@polkadot/util": "npm:13.2.3"
     "@polkadot/wasm-crypto": "npm:^7.4.1"
     "@polkadot/wasm-util": "npm:^7.4.1"
-    "@polkadot/x-bigint": "npm:13.2.2"
-    "@polkadot/x-randomvalues": "npm:13.2.2"
+    "@polkadot/x-bigint": "npm:13.2.3"
+    "@polkadot/x-randomvalues": "npm:13.2.3"
     "@scure/base": "npm:^1.1.7"
     tslib: "npm:^2.8.0"
   peerDependencies:
-    "@polkadot/util": 13.2.2
-  checksum: 10/7f00b4a89be841cfa67c2a25717c21ead158ed52b3f166b5140dae6b2b20e011823b2c06b7df7df95216d964265db151d8785e3db8823ab62ffcc8986d769cd7
+    "@polkadot/util": 13.2.3
+  checksum: 10/47baf5cab1bd2ca20633ef324a35d7b8a4ecb6bff41eb9e0dac8229495d3a7e74f7bc685d652dd465c9339598fa4e885abce8f539329e77b32a1aa0920169825
   languageName: node
   linkType: hard
 
-"@polkadot/util@npm:13.2.2, @polkadot/util@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/util@npm:13.2.2"
+"@polkadot/util@npm:13.2.3, @polkadot/util@npm:^13.1.1":
+  version: 13.2.3
+  resolution: "@polkadot/util@npm:13.2.3"
   dependencies:
-    "@polkadot/x-bigint": "npm:13.2.2"
-    "@polkadot/x-global": "npm:13.2.2"
-    "@polkadot/x-textdecoder": "npm:13.2.2"
-    "@polkadot/x-textencoder": "npm:13.2.2"
+    "@polkadot/x-bigint": "npm:13.2.3"
+    "@polkadot/x-global": "npm:13.2.3"
+    "@polkadot/x-textdecoder": "npm:13.2.3"
+    "@polkadot/x-textencoder": "npm:13.2.3"
     "@types/bn.js": "npm:^5.1.6"
     bn.js: "npm:^5.2.1"
     tslib: "npm:^2.8.0"
-  checksum: 10/acf145fdf49ad7e39a8df2c24eba510956281196902684fa42ce3b4f2152863478a5410b9f64b9a73ab689f37b64f8e01af15027a29812417b1333f143d14c21
+  checksum: 10/45c493224599a003cb52c98d0be502088e3e05dc74e1c505d579aae77341bf1769fbe1ca6c13df8b581235690f78c3b36f8525d378af9df5663a1c21becc4766
   languageName: node
   linkType: hard
 
@@ -667,77 +644,77 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@polkadot/x-bigint@npm:13.2.2, @polkadot/x-bigint@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/x-bigint@npm:13.2.2"
+"@polkadot/x-bigint@npm:13.2.3, @polkadot/x-bigint@npm:^13.1.1":
+  version: 13.2.3
+  resolution: "@polkadot/x-bigint@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     tslib: "npm:^2.8.0"
-  checksum: 10/00cdd6298a82971c700b1cb9d9dda26423a46fe86044fe74c5c14cb15d70ca912f044a1c935416fb363b58f84544e7f7a5a79eedefccdfbc56e5185637781c90
+  checksum: 10/1ede67d15b2e66eb8546e6f7ea9bd3599969eda2a75339a5e7077d1db67e1cebd61b5b4522c344ee3210e3117e9c8c36fe623fc691e0d4a8c0f9b0dc39b768a5
   languageName: node
   linkType: hard
 
 "@polkadot/x-fetch@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/x-fetch@npm:13.2.2"
+  version: 13.2.3
+  resolution: "@polkadot/x-fetch@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     node-fetch: "npm:^3.3.2"
     tslib: "npm:^2.8.0"
-  checksum: 10/19110cbe80ec105eb4f86f162f6f86a930e18bd189d422dbb724a5a0cf7ad83167ed86671835fd43948f5f92295b570ec7bb997f308359bf9ddb6cea335b4438
+  checksum: 10/55104a2f6ca60acc25e15becf67988f19e702afa985283451436ca42a417e04d87f91332a1afba78537691c370f7a053ec6e07ba111464d25ccbecc99864eac7
   languageName: node
   linkType: hard
 
-"@polkadot/x-global@npm:13.2.2, @polkadot/x-global@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/x-global@npm:13.2.2"
+"@polkadot/x-global@npm:13.2.3, @polkadot/x-global@npm:^13.1.1":
+  version: 13.2.3
+  resolution: "@polkadot/x-global@npm:13.2.3"
   dependencies:
     tslib: "npm:^2.8.0"
-  checksum: 10/9b2747c6b581943c82d6228e886fd491ea41068e07d1da3654c9acc27ace5e1b8682c6e9f8ceaffe68aa88fb386758ebe70f595fde8a5a2544361999e39e74f1
+  checksum: 10/163b11c938c4496a94fd476b909b8358007c17e9a251d627c4114d14419c8cd462d8246a580a28e859c91d71c384fc3acfeb27d2e0559c4a443226cbb25df560
   languageName: node
   linkType: hard
 
-"@polkadot/x-randomvalues@npm:13.2.2":
-  version: 13.2.2
-  resolution: "@polkadot/x-randomvalues@npm:13.2.2"
+"@polkadot/x-randomvalues@npm:13.2.3":
+  version: 13.2.3
+  resolution: "@polkadot/x-randomvalues@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     tslib: "npm:^2.8.0"
   peerDependencies:
-    "@polkadot/util": 13.2.2
+    "@polkadot/util": 13.2.3
     "@polkadot/wasm-util": "*"
-  checksum: 10/d30e37bc659f4fe045b421e80fc37849e92351ff64244c90651f35ef1fb8722ad1d8d421fc459d039a5f53b9072635f4f531a5a0fd029269025a86178b44b327
+  checksum: 10/864b94a2f031582095afc4e0b2ecbb315cb76122b35f359f236704d8e753b0225c7a6f78a68c990bfbb7b2ea8287d05f0fcb9c27a3c2bd785408de3074fa9636
   languageName: node
   linkType: hard
 
-"@polkadot/x-textdecoder@npm:13.2.2":
-  version: 13.2.2
-  resolution: "@polkadot/x-textdecoder@npm:13.2.2"
+"@polkadot/x-textdecoder@npm:13.2.3":
+  version: 13.2.3
+  resolution: "@polkadot/x-textdecoder@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     tslib: "npm:^2.8.0"
-  checksum: 10/8fcf79d362141f011123230f7f82f9145cd7c0c7f2ac8caa89f0b8a59e457aad6ffb6e05dee98bd7e254dbd87cce6660dea50e7a41b09830f81e1e350f49a276
+  checksum: 10/e67cfb4677cd8a43ed7678421562280947bf22b13d8d4b0ac49e20a34939bbd7de02b8e51a1f5f138c0884847d7c782fb6bbb13d2d7556d1bb7a4e39508c949d
   languageName: node
   linkType: hard
 
-"@polkadot/x-textencoder@npm:13.2.2":
-  version: 13.2.2
-  resolution: "@polkadot/x-textencoder@npm:13.2.2"
+"@polkadot/x-textencoder@npm:13.2.3":
+  version: 13.2.3
+  resolution: "@polkadot/x-textencoder@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     tslib: "npm:^2.8.0"
-  checksum: 10/e382f7b1601b11b91fa17242af0357ecd7db4bd7f6db2cea88eef9a5bb3f64271089569b34e28685d62f8e89e870876f2872ec2f34a8aee44515f47e79cd4f0f
+  checksum: 10/54630e2ca156cda7d5f8eb3d5283f43d2729c579d032d9d2b088c2a599d3be905c237d9ebcca3fd432e1fca9d1d0349585e4bf8e27000946a2d6f3c8fef1009d
   languageName: node
   linkType: hard
 
 "@polkadot/x-ws@npm:^13.1.1":
-  version: 13.2.2
-  resolution: "@polkadot/x-ws@npm:13.2.2"
+  version: 13.2.3
+  resolution: "@polkadot/x-ws@npm:13.2.3"
   dependencies:
-    "@polkadot/x-global": "npm:13.2.2"
+    "@polkadot/x-global": "npm:13.2.3"
     tslib: "npm:^2.8.0"
     ws: "npm:^8.18.0"
-  checksum: 10/f98fcf8350c691c78e2a06487dd57071e13d64014c8192fae2b4fd75435edd946bc4847142933f58046c93709160c912d7d8fa990b8f02b4db929f610b34c77b
+  checksum: 10/35c66899e1bdfeaf2956d663124fc4c33fb1f0b47f3e14f9f9aa8f1e291a7a14cae264aa15baadf7ba85f5c314fbfce61b1fc4bfad3b1d3fc51c1f1dfa60659d
   languageName: node
   linkType: hard
 
@@ -748,32 +725,25 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@scure/base@npm:^1.1.1, @scure/base@npm:~1.1.6, @scure/base@npm:~1.1.8":
-  version: 1.1.8
-  resolution: "@scure/base@npm:1.1.8"
-  checksum: 10/5b764c0e98610bc4993479965db718457d91b68d3c6f1339e3cc74e53fc6b0ae0428d1d64d29a0de0cee9d966034674d4464fdbd2d1dbef27013927b2fe05c45
-  languageName: node
-  linkType: hard
-
-"@scure/base@npm:^1.1.7":
+"@scure/base@npm:^1.1.1, @scure/base@npm:^1.1.7, @scure/base@npm:~1.1.7, @scure/base@npm:~1.1.8":
   version: 1.1.9
   resolution: "@scure/base@npm:1.1.9"
   checksum: 10/f0ab7f687bbcdee2a01377fe3cd808bf63977999672751295b6a92625d5322f4754a96d40f6bd579bc367aad48ecf8a4e6d0390e70296e6ded1076f52adb16bb
   languageName: node
   linkType: hard
 
-"@scure/bip32@npm:1.4.0":
-  version: 1.4.0
-  resolution: "@scure/bip32@npm:1.4.0"
+"@scure/bip32@npm:1.5.0, @scure/bip32@npm:^1.5.0":
+  version: 1.5.0
+  resolution: "@scure/bip32@npm:1.5.0"
   dependencies:
-    "@noble/curves": "npm:~1.4.0"
-    "@noble/hashes": "npm:~1.4.0"
-    "@scure/base": "npm:~1.1.6"
-  checksum: 10/6cd5062d902564d9e970597ec8b1adacb415b2eadfbb95aee1a1a0480a52eb0de4d294d3753aa8b48548064c9795ed108d348a31a8ce3fc88785377bb12c63b9
+    "@noble/curves": "npm:~1.6.0"
+    "@noble/hashes": "npm:~1.5.0"
+    "@scure/base": "npm:~1.1.7"
+  checksum: 10/17e296a782e09aec18ed27e2e8bb6a76072604c40997ec49a6840f223296421612dbe6b44275f04db9acd6da6cefb0322141110f5ac9dc686eb0c44d5bd868fa
   languageName: node
   linkType: hard
 
-"@scure/bip39@npm:1.4.0":
+"@scure/bip39@npm:1.4.0, @scure/bip39@npm:^1.4.0":
   version: 1.4.0
   resolution: "@scure/bip39@npm:1.4.0"
   dependencies:
@@ -877,16 +847,16 @@ __metadata:
   linkType: hard
 
 "@substrate/connect-extension-protocol@npm:^2.0.0":
-  version: 2.1.0
-  resolution: "@substrate/connect-extension-protocol@npm:2.1.0"
-  checksum: 10/670d006c3120b25a048b235246ca798a84a2b67a13109f9a1f38605cdf3985464045f468ac4257d9c03531cd0052f829f3bfb9a002cacd4d5016e4dfc9cb728c
+  version: 2.2.1
+  resolution: "@substrate/connect-extension-protocol@npm:2.2.1"
+  checksum: 10/6c57248640c1e3a02d972bc7f63984a7b1241b83e0692dc9cc1b77ac61723eb319e4c3974d919ee2397b1e113c6160560f19ce186dd7df2e81349faf6fa451d7
   languageName: node
   linkType: hard
 
 "@substrate/connect-known-chains@npm:^1.1.5":
-  version: 1.6.0
-  resolution: "@substrate/connect-known-chains@npm:1.6.0"
-  checksum: 10/2be6443c9920d1e1fe1dfaa8650d46b1ecc40b85d6652c9e1109f2a2e85d6549eb38117eaaeeeaf1372c3163c6474ca655b72979490bc83451baa32b27ccec98
+  version: 1.7.0
+  resolution: "@substrate/connect-known-chains@npm:1.7.0"
+  checksum: 10/db793dd7cd9eaba70a8945f5ff09a372bc8a51f60e8bcf90076c2e85fdd659017a8d28538207541adddee3429672f07b794fd9c7b7da4736eec58d07f65f7ded
   languageName: node
   linkType: hard
 
@@ -969,11 +939,11 @@ __metadata:
   linkType: hard
 
 "@types/node@npm:*":
-  version: 22.5.4
-  resolution: "@types/node@npm:22.5.4"
+  version: 22.9.0
+  resolution: "@types/node@npm:22.9.0"
   dependencies:
-    undici-types: "npm:~6.19.2"
-  checksum: 10/d46e0abf437b36bdf89011287aa43873d68ea6f2521a11b5c9a033056fd0d07af36daf51439010e8d41c62c55d0b00e9b5e09ed00bb2617723f73f28a873903a
+    undici-types: "npm:~6.19.8"
+  checksum: 10/a7df3426891868b0f5fb03e46aeddd8446178233521c624a44531c92a040cf08a82d8235f7e1e02af731fd16984665d4d71f3418caf9c2788313b10f040d615d
   languageName: node
   linkType: hard
 
@@ -1007,9 +977,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"abitype@npm:1.0.5":
-  version: 1.0.5
-  resolution: "abitype@npm:1.0.5"
+"abitype@npm:1.0.6, abitype@npm:^1.0.6":
+  version: 1.0.6
+  resolution: "abitype@npm:1.0.6"
   peerDependencies:
     typescript: ">=5.0.4"
     zod: ^3 >=3.22.0
@@ -1018,7 +988,7 @@ __metadata:
       optional: true
     zod:
       optional: true
-  checksum: 10/1acd0d9687945dd78442b71bd84ff3b9dceae27d15f0d8b14b16554a0c8c9518eeb971ff8e94d507f4d9f05a8a8b91eb8fafd735eaecebac37d5c5a4aac06d8e
+  checksum: 10/d04d58f90405c29a3c68353508502d7e870feb27418a6281ba9a13e6aaee42c26b2c5f08f648f058b8eaffac32927194b33f396d2451d18afeccfb654c7285c2
   languageName: node
   linkType: hard
 
@@ -1032,16 +1002,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"accepts@npm:~1.3.5":
-  version: 1.3.8
-  resolution: "accepts@npm:1.3.8"
-  dependencies:
-    mime-types: "npm:~2.1.34"
-    negotiator: "npm:0.6.3"
-  checksum: 10/67eaaa90e2917c58418e7a9b89392002d2b1ccd69bcca4799135d0c632f3b082f23f4ae4ddeedbced5aa59bcc7bdf4699c69ebed4593696c922462b7bc5744d6
-  languageName: node
-  linkType: hard
-
 "acorn-jsx@npm:^5.3.1":
   version: 5.3.2
   resolution: "acorn-jsx@npm:5.3.2"
@@ -1516,13 +1476,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"bytes@npm:3.0.0":
-  version: 3.0.0
-  resolution: "bytes@npm:3.0.0"
-  checksum: 10/a2b386dd8188849a5325f58eef69c3b73c51801c08ffc6963eddc9be244089ba32d19347caf6d145c86f315ae1b1fc7061a32b0c1aa6379e6a719090287ed101
-  languageName: node
-  linkType: hard
-
 "bytes@npm:3.1.2":
   version: 3.1.2
   resolution: "bytes@npm:3.1.2"
@@ -1745,7 +1698,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"compressible@npm:~2.0.16":
+"compressible@npm:~2.0.18":
   version: 2.0.18
   resolution: "compressible@npm:2.0.18"
   dependencies:
@@ -1755,17 +1708,17 @@ __metadata:
   linkType: hard
 
 "compression@npm:^1.6.2":
-  version: 1.7.4
-  resolution: "compression@npm:1.7.4"
+  version: 1.7.5
+  resolution: "compression@npm:1.7.5"
   dependencies:
-    accepts: "npm:~1.3.5"
-    bytes: "npm:3.0.0"
-    compressible: "npm:~2.0.16"
+    bytes: "npm:3.1.2"
+    compressible: "npm:~2.0.18"
     debug: "npm:2.6.9"
+    negotiator: "npm:~0.6.4"
     on-headers: "npm:~1.0.2"
-    safe-buffer: "npm:5.1.2"
+    safe-buffer: "npm:5.2.1"
     vary: "npm:~1.1.2"
-  checksum: 10/469cd097908fe1d3ff146596d4c24216ad25eabb565c5456660bdcb3a14c82ebc45c23ce56e19fc642746cf407093b55ab9aa1ac30b06883b27c6c736e6383c2
+  checksum: 10/c69cf6da151db6f9db2e242b6a0039ad41975ee886c385cff2920c5f8f7050678e0ee9a021437af033536c451791de529de376851b8d31fee42ca2d6adca03f0
   languageName: node
   linkType: hard
 
@@ -1799,6 +1752,23 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cookie-parser@npm:^1.4.7":
+  version: 1.4.7
+  resolution: "cookie-parser@npm:1.4.7"
+  dependencies:
+    cookie: "npm:0.7.2"
+    cookie-signature: "npm:1.0.6"
+  checksum: 10/243fa13f217e793d20a57675e6552beea08c5989fcc68495d543997a31646875335e0e82d687b42dcfd466df57891d22bae7f5ba6ab33b7705ed2dd6eb989105
+  languageName: node
+  linkType: hard
+
+"cookie-signature@npm:1.0.6":
+  version: 1.0.6
+  resolution: "cookie-signature@npm:1.0.6"
+  checksum: 10/f4e1b0a98a27a0e6e66fd7ea4e4e9d8e038f624058371bf4499cfcd8f3980be9a121486995202ba3fca74fbed93a407d6d54d43a43f96fd28d0bd7a06761591a
+  languageName: node
+  linkType: hard
+
 "cookie-signature@npm:^1.2.1":
   version: 1.2.2
   resolution: "cookie-signature@npm:1.2.2"
@@ -1813,6 +1783,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cookie@npm:0.7.2":
+  version: 0.7.2
+  resolution: "cookie@npm:0.7.2"
+  checksum: 10/24b286c556420d4ba4e9bc09120c9d3db7d28ace2bd0f8ccee82422ce42322f73c8312441271e5eefafbead725980e5996cc02766dbb89a90ac7f5636ede608f
+  languageName: node
+  linkType: hard
+
 "core-util-is@npm:~1.0.0":
   version: 1.0.3
   resolution: "core-util-is@npm:1.0.3"
@@ -1868,13 +1845,13 @@ __metadata:
   linkType: hard
 
 "cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.1, cross-spawn@npm:^7.0.2":
-  version: 7.0.3
-  resolution: "cross-spawn@npm:7.0.3"
+  version: 7.0.5
+  resolution: "cross-spawn@npm:7.0.5"
   dependencies:
     path-key: "npm:^3.1.0"
     shebang-command: "npm:^2.0.0"
     which: "npm:^2.0.1"
-  checksum: 10/e1a13869d2f57d974de0d9ef7acbf69dc6937db20b918525a01dacb5032129bd552d290d886d981e99f1b624cb03657084cc87bd40f115c07ecf376821c729ce
+  checksum: 10/c95062469d4bdbc1f099454d01c0e77177a3733012d41bf907a71eb8d22d2add43b5adf6a0a14ef4e7feaf804082714d6c262ef4557a1c480b86786c120d18e2
   languageName: node
   linkType: hard
 
@@ -2191,8 +2168,8 @@ __metadata:
   linkType: hard
 
 "es-abstract@npm:^1.22.1, es-abstract@npm:^1.22.3, es-abstract@npm:^1.23.0, es-abstract@npm:^1.23.2":
-  version: 1.23.3
-  resolution: "es-abstract@npm:1.23.3"
+  version: 1.23.5
+  resolution: "es-abstract@npm:1.23.5"
   dependencies:
     array-buffer-byte-length: "npm:^1.0.1"
     arraybuffer.prototype.slice: "npm:^1.0.3"
@@ -2209,7 +2186,7 @@ __metadata:
     function.prototype.name: "npm:^1.1.6"
     get-intrinsic: "npm:^1.2.4"
     get-symbol-description: "npm:^1.0.2"
-    globalthis: "npm:^1.0.3"
+    globalthis: "npm:^1.0.4"
     gopd: "npm:^1.0.1"
     has-property-descriptors: "npm:^1.0.2"
     has-proto: "npm:^1.0.3"
@@ -2225,10 +2202,10 @@ __metadata:
     is-string: "npm:^1.0.7"
     is-typed-array: "npm:^1.1.13"
     is-weakref: "npm:^1.0.2"
-    object-inspect: "npm:^1.13.1"
+    object-inspect: "npm:^1.13.3"
     object-keys: "npm:^1.1.1"
     object.assign: "npm:^4.1.5"
-    regexp.prototype.flags: "npm:^1.5.2"
+    regexp.prototype.flags: "npm:^1.5.3"
     safe-array-concat: "npm:^1.1.2"
     safe-regex-test: "npm:^1.0.3"
     string.prototype.trim: "npm:^1.2.9"
@@ -2240,7 +2217,7 @@ __metadata:
     typed-array-length: "npm:^1.0.6"
     unbox-primitive: "npm:^1.0.2"
     which-typed-array: "npm:^1.1.15"
-  checksum: 10/2da795a6a1ac5fc2c452799a409acc2e3692e06dc6440440b076908617188899caa562154d77263e3053bcd9389a07baa978ab10ac3b46acc399bd0c77be04cb
+  checksum: 10/2170afde7e1d2497586ad74176c2e12196db947fb1b3287fc097781a871b75ebe3aef5247e951e3bb3972a830b8d0eaa82a509518836a6d9f9fb4934b9294467
   languageName: node
   linkType: hard
 
@@ -2364,21 +2341,21 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eslint-module-utils@npm:^2.9.0":
-  version: 2.11.0
-  resolution: "eslint-module-utils@npm:2.11.0"
+"eslint-module-utils@npm:^2.12.0":
+  version: 2.12.0
+  resolution: "eslint-module-utils@npm:2.12.0"
   dependencies:
     debug: "npm:^3.2.7"
   peerDependenciesMeta:
     eslint:
       optional: true
-  checksum: 10/1ba42cf48c5f9ec3b76dfa42c16f1c24c10508313689425c05ccb1d0eaa34bdc5c5b9c0c033cd402e9c429666bd3eb8c6d0c66565b0c00949fae743ad3643c95
+  checksum: 10/dd27791147eca17366afcb83f47d6825b6ce164abb256681e5de4ec1d7e87d8605641eb869298a0dbc70665e2446dbcc2f40d3e1631a9475dd64dd23d4ca5dee
   languageName: node
   linkType: hard
 
 "eslint-plugin-import@npm:^2.2.0":
-  version: 2.30.0
-  resolution: "eslint-plugin-import@npm:2.30.0"
+  version: 2.31.0
+  resolution: "eslint-plugin-import@npm:2.31.0"
   dependencies:
     "@rtsao/scc": "npm:^1.1.0"
     array-includes: "npm:^3.1.8"
@@ -2388,7 +2365,7 @@ __metadata:
     debug: "npm:^3.2.7"
     doctrine: "npm:^2.1.0"
     eslint-import-resolver-node: "npm:^0.3.9"
-    eslint-module-utils: "npm:^2.9.0"
+    eslint-module-utils: "npm:^2.12.0"
     hasown: "npm:^2.0.2"
     is-core-module: "npm:^2.15.1"
     is-glob: "npm:^4.0.3"
@@ -2397,10 +2374,11 @@ __metadata:
     object.groupby: "npm:^1.0.3"
     object.values: "npm:^1.2.0"
     semver: "npm:^6.3.1"
+    string.prototype.trimend: "npm:^1.0.8"
     tsconfig-paths: "npm:^3.15.0"
   peerDependencies:
-    eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8
-  checksum: 10/a5f85dfe76e27286c28a01d137769726ce3f758bcc03aa6b6f9e18700a40a08f57239f82e07efcab763c4b03a02d425edcc29fbecf40aad0124286978c6bc63c
+    eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 || ^9
+  checksum: 10/6b76bd009ac2db0615d9019699d18e2a51a86cb8c1d0855a35fb1b418be23b40239e6debdc6e8c92c59f1468ed0ea8d7b85c817117a113d5cc225be8a02ad31c
   languageName: node
   linkType: hard
 
@@ -2569,7 +2547,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eventemitter3@npm:^5.0.1":
+"eventemitter3@npm:5.0.1, eventemitter3@npm:^5.0.1":
   version: 5.0.1
   resolution: "eventemitter3@npm:5.0.1"
   checksum: 10/ac6423ec31124629c84c7077eed1e6987f6d66c31cf43c6fcbf6c87791d56317ce808d9ead483652436df171b526fc7220eccdc9f3225df334e81582c3cf7dd5
@@ -2695,9 +2673,9 @@ __metadata:
   linkType: hard
 
 "fast-uri@npm:^3.0.1":
-  version: 3.0.1
-  resolution: "fast-uri@npm:3.0.1"
-  checksum: 10/e8ee4712270de0d29eb0fbf41ffad0ac80952e8797be760e8bb62c4707f08f50a86fe2d7829681ca133c07d6eb4b4a75389a5fc36674c5b254a3ac0891a68fc7
+  version: 3.0.3
+  resolution: "fast-uri@npm:3.0.3"
+  checksum: 10/92487c75848b03edc45517fca0148287d342c30818ce43d556391db774d8e01644fb6964315a3336eec5a90f301b218b21f71fb9b2528ba25757435a20392c95
   languageName: node
   linkType: hard
 
@@ -2836,13 +2814,13 @@ __metadata:
   linkType: hard
 
 "form-data@npm:^4.0.0":
-  version: 4.0.0
-  resolution: "form-data@npm:4.0.0"
+  version: 4.0.1
+  resolution: "form-data@npm:4.0.1"
   dependencies:
     asynckit: "npm:^0.4.0"
     combined-stream: "npm:^1.0.8"
     mime-types: "npm:^2.1.12"
-  checksum: 10/7264aa760a8cf09482816d8300f1b6e2423de1b02bba612a136857413fdc96d7178298ced106817655facc6b89036c6e12ae31c9eb5bdc16aabf502ae8a5d805
+  checksum: 10/6adb1cff557328bc6eb8a68da205f9ae44ab0e88d4d9237aaf91eed591ffc64f77411efb9016af7d87f23d0a038c45a788aa1c6634e51175c4efa36c2bc53774
   languageName: node
   linkType: hard
 
@@ -3085,7 +3063,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"globalthis@npm:^1.0.3":
+"globalthis@npm:^1.0.4":
   version: 1.0.4
   resolution: "globalthis@npm:1.0.4"
   dependencies:
@@ -3096,8 +3074,8 @@ __metadata:
   linkType: hard
 
 "google-auth-library@npm:^9.11.0":
-  version: 9.14.1
-  resolution: "google-auth-library@npm:9.14.1"
+  version: 9.15.0
+  resolution: "google-auth-library@npm:9.15.0"
   dependencies:
     base64-js: "npm:^1.3.0"
     ecdsa-sig-formatter: "npm:^1.0.11"
@@ -3105,7 +3083,7 @@ __metadata:
     gcp-metadata: "npm:^6.1.0"
     gtoken: "npm:^7.0.0"
     jws: "npm:^4.0.0"
-  checksum: 10/528e6bebadbd9e599c5a3149ed8053ff4cc99f2776b2b56087af8ed28f47a6df153a742d4c07074ef6245e6b4de5e9ab20655a040535400b464683ee09bd1001
+  checksum: 10/fba2db9732bbf1b3a3a2e2b45131ba8e8aba297377f1c104d0b2ab3386bbc1e02047f20b8a7afca1c6308492da1540104618f1c7b5cd539703552e10399c560e
   languageName: node
   linkType: hard
 
@@ -3273,9 +3251,9 @@ __metadata:
   linkType: hard
 
 "http-status@npm:^1.0.1":
-  version: 1.7.4
-  resolution: "http-status@npm:1.7.4"
-  checksum: 10/6b510d25326ca3f183f64ecb797fe0a2ede4ca895e8243d92ce4abb35d9bfcd9ab468b2a565ebf4a718c3a986aa8754a23512fb6182a953d20f8f21c9a8f555e
+  version: 1.8.1
+  resolution: "http-status@npm:1.8.1"
+  checksum: 10/a150d4cad98e0a8c9c2a9d2051fa124a99cefad8b3f5d1393a0efb4f74c268c53efecb259519139b453fef951e825f4be17c5d2b5c15811799ad8c6afb0c0096
   languageName: node
   linkType: hard
 
@@ -3702,12 +3680,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"isows@npm:1.0.4":
-  version: 1.0.4
-  resolution: "isows@npm:1.0.4"
+"isows@npm:1.0.6":
+  version: 1.0.6
+  resolution: "isows@npm:1.0.6"
   peerDependencies:
     ws: "*"
-  checksum: 10/a3ee62e3d6216abb3adeeb2a551fe2e7835eac87b05a6ecc3e7739259bf5f8e83290501f49e26137390c8093f207fc3378d4a7653aab76ad7bbab4b2dba9c5b9
+  checksum: 10/ab9e85b50bcc3d70aa5ec875aa2746c5daf9321cb376ed4e5434d3c2643c5d62b1f466d93a05cd2ad0ead5297224922748c31707cb4fbd68f5d05d0479dce99c
   languageName: node
   linkType: hard
 
@@ -3954,9 +3932,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"logform@npm:^2.6.0, logform@npm:^2.6.1":
-  version: 2.6.1
-  resolution: "logform@npm:2.6.1"
+"logform@npm:^2.7.0":
+  version: 2.7.0
+  resolution: "logform@npm:2.7.0"
   dependencies:
     "@colors/colors": "npm:1.6.0"
     "@types/triple-beam": "npm:^1.3.2"
@@ -3964,7 +3942,7 @@ __metadata:
     ms: "npm:^2.1.1"
     safe-stable-stringify: "npm:^2.3.1"
     triple-beam: "npm:^1.3.0"
-  checksum: 10/e67f414787fbfe1e6a997f4c84300c7e06bee3d0bd579778af667e24b36db3ea200ed195d41b61311ff738dab7faabc615a07b174b22fe69e0b2f39e985be64b
+  checksum: 10/4b861bfd67efe599ab41113ae3ffe92b1873bf86793fb442f58971852430d8f416f9904da69e5043071fb3725690e2499a13acbfe92a57ba7d21690004f9edc0
   languageName: node
   linkType: hard
 
@@ -4056,7 +4034,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"mime-types@npm:^2.1.12, mime-types@npm:^2.1.35, mime-types@npm:~2.1.24, mime-types@npm:~2.1.34":
+"mime-types@npm:^2.1.12, mime-types@npm:^2.1.35, mime-types@npm:~2.1.24":
   version: 2.1.35
   resolution: "mime-types@npm:2.1.35"
   dependencies:
@@ -4382,10 +4360,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"negotiator@npm:0.6.3, negotiator@npm:^0.6.3":
-  version: 0.6.3
-  resolution: "negotiator@npm:0.6.3"
-  checksum: 10/2723fb822a17ad55c93a588a4bc44d53b22855bf4be5499916ca0cab1e7165409d0b288ba2577d7b029f10ce18cf2ed8e703e5af31c984e1e2304277ef979837
+"negotiator@npm:^0.6.3, negotiator@npm:~0.6.4":
+  version: 0.6.4
+  resolution: "negotiator@npm:0.6.4"
+  checksum: 10/d98c04a136583afd055746168f1067d58ce4bfe6e4c73ca1d339567f81ea1f7e665b5bd1e81f4771c67b6c2ea89b21cb2adaea2b16058c7dc31317778f931dab
   languageName: node
   linkType: hard
 
@@ -4404,13 +4382,13 @@ __metadata:
   linkType: hard
 
 "nock@npm:^13.5.4":
-  version: 13.5.5
-  resolution: "nock@npm:13.5.5"
+  version: 13.5.6
+  resolution: "nock@npm:13.5.6"
   dependencies:
     debug: "npm:^4.1.0"
     json-stringify-safe: "npm:^5.0.1"
     propagate: "npm:^2.0.0"
-  checksum: 10/c19d7bf9654db056357a22b00127bb5606c1bbdff188a5b6c469825e580e31cd0cb0701bce8dd8b4876dbbd36a145fdb681fd69fd59308d6db4923ce8ab2439e
+  checksum: 10/a57c265b75e5f7767e2f8baf058773cdbf357c31c5fea2761386ec03a008a657f9df921899fe2a9502773b47145b708863b32345aef529b3c45cba4019120f88
   languageName: node
   linkType: hard
 
@@ -4457,13 +4435,13 @@ __metadata:
   linkType: hard
 
 "node-gyp-build@npm:^4.8.0":
-  version: 4.8.2
-  resolution: "node-gyp-build@npm:4.8.2"
+  version: 4.8.3
+  resolution: "node-gyp-build@npm:4.8.3"
   bin:
     node-gyp-build: bin.js
     node-gyp-build-optional: optional.js
     node-gyp-build-test: build-test.js
-  checksum: 10/e3a365eed7a2d950864a1daa34527588c16fe43ae189d0aeb8fd1dfec91ba42a0e1b499322bff86c2832029fec4f5901bf26e32005e1e17a781dcd5177b6a657
+  checksum: 10/4cdc07c940bc1ae484d4d62b0627c80bfb5018e597f2c68c0a7a80b17e9b9cef9d566ec52150ff6f867dd42788eff97a3bcf5cb5b4679ef74954b2df2ac57c02
   languageName: node
   linkType: hard
 
@@ -4553,10 +4531,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"object-inspect@npm:^1.13.1":
-  version: 1.13.2
-  resolution: "object-inspect@npm:1.13.2"
-  checksum: 10/7ef65583b6397570a17c56f0c1841e0920e83900f2c94638927abb7b81ac08a19c7aae135bd9dcca96208cac0c7332b4650fb927f027b0cf92d71df2990d0561
+"object-inspect@npm:^1.13.1, object-inspect@npm:^1.13.3":
+  version: 1.13.3
+  resolution: "object-inspect@npm:1.13.3"
+  checksum: 10/14cb973d8381c69e14d7f1c8c75044eb4caf04c6dabcf40ca5c2ce42dc2073ae0bb2a9939eeca142b0c05215afaa1cd5534adb7c8879c32cba2576e045ed8368
   languageName: node
   linkType: hard
 
@@ -4733,6 +4711,26 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ox@npm:0.1.2":
+  version: 0.1.2
+  resolution: "ox@npm:0.1.2"
+  dependencies:
+    "@adraffy/ens-normalize": "npm:^1.10.1"
+    "@noble/curves": "npm:^1.6.0"
+    "@noble/hashes": "npm:^1.5.0"
+    "@scure/bip32": "npm:^1.5.0"
+    "@scure/bip39": "npm:^1.4.0"
+    abitype: "npm:^1.0.6"
+    eventemitter3: "npm:5.0.1"
+  peerDependencies:
+    typescript: ">=5.4.0"
+  peerDependenciesMeta:
+    typescript:
+      optional: true
+  checksum: 10/cba00f13289599ff03cee3dbc19167c1d0f01829379d119f962b4e951ee2bf0d14491c7a45974e6a2a745117b13b22e9e4131d285e1f5247ea4e1cbc43c5c3d8
+  languageName: node
+  linkType: hard
+
 "p-finally@npm:^1.0.0":
   version: 1.0.0
   resolution: "p-finally@npm:1.0.0"
@@ -4784,9 +4782,9 @@ __metadata:
   linkType: hard
 
 "package-json-from-dist@npm:^1.0.0":
-  version: 1.0.0
-  resolution: "package-json-from-dist@npm:1.0.0"
-  checksum: 10/ac706ec856a5a03f5261e4e48fa974f24feb044d51f84f8332e2af0af04fbdbdd5bbbfb9cbbe354190409bc8307c83a9e38c6672c3c8855f709afb0006a009ea
+  version: 1.0.1
+  resolution: "package-json-from-dist@npm:1.0.1"
+  checksum: 10/58ee9538f2f762988433da00e26acc788036914d57c71c246bf0be1b60cdbd77dd60b6a3e1a30465f0b248aeb80079e0b34cb6050b1dfa18c06953bb1cbc7602
   languageName: node
   linkType: hard
 
@@ -4888,9 +4886,9 @@ __metadata:
   linkType: hard
 
 "picocolors@npm:^1.0.0":
-  version: 1.1.0
-  resolution: "picocolors@npm:1.1.0"
-  checksum: 10/a2ad60d94d185c30f2a140b19c512547713fb89b920d32cc6cf658fa786d63a37ba7b8451872c3d9fc34883971fb6e5878e07a20b60506e0bb2554dce9169ccb
+  version: 1.1.1
+  resolution: "picocolors@npm:1.1.1"
+  checksum: 10/e1cf46bf84886c79055fdfa9dcb3e4711ad259949e3565154b004b260cd356c5d54b31a1437ce9782624bf766272fe6b0154f5f0c744fb7af5d454d2b60db045
   languageName: node
   linkType: hard
 
@@ -5124,15 +5122,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"regexp.prototype.flags@npm:^1.5.2":
-  version: 1.5.2
-  resolution: "regexp.prototype.flags@npm:1.5.2"
+"regexp.prototype.flags@npm:^1.5.3":
+  version: 1.5.3
+  resolution: "regexp.prototype.flags@npm:1.5.3"
   dependencies:
-    call-bind: "npm:^1.0.6"
+    call-bind: "npm:^1.0.7"
     define-properties: "npm:^1.2.1"
     es-errors: "npm:^1.3.0"
-    set-function-name: "npm:^2.0.1"
-  checksum: 10/9fffc01da9c4e12670ff95bc5204364615fcc12d86fc30642765af908675678ebb0780883c874b2dbd184505fb52fa603d80073ecf69f461ce7f56b15d10be9c
+    set-function-name: "npm:^2.0.2"
+  checksum: 10/fe17bc4eebbc72945aaf9dd059eb7784a5ca453a67cc4b5b3e399ab08452c9a05befd92063e2c52e7b24d9238c60031656af32dd57c555d1ba6330dbf8c23b43
   languageName: node
   linkType: hard
 
@@ -5323,9 +5321,9 @@ __metadata:
   linkType: hard
 
 "scale-ts@npm:^1.6.0":
-  version: 1.6.0
-  resolution: "scale-ts@npm:1.6.0"
-  checksum: 10/63d966d48196ede40148f50c182f9d8397600e18ca005b994d3bd85f3e1931ae3fe7ec5d7b0cc072df557450e05676fd5acaa8b196963100a74251ca2e9d089f
+  version: 1.6.1
+  resolution: "scale-ts@npm:1.6.1"
+  checksum: 10/f1f9bf1d9abfcfcaf8ae2ae326270beca5c2456cc72f6b6b8230aa175a30bdcd6387678746a4d873c834efbba9c8e015698d42ee67bd71b70f7adfe2e0ba1d39
   languageName: node
   linkType: hard
 
@@ -5425,7 +5423,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"set-function-name@npm:^2.0.1":
+"set-function-name@npm:^2.0.2":
   version: 2.0.2
   resolution: "set-function-name@npm:2.0.2"
   dependencies:
@@ -5616,12 +5614,11 @@ __metadata:
   linkType: hard
 
 "sodium-native@npm:^4.0.10":
-  version: 4.1.1
-  resolution: "sodium-native@npm:4.1.1"
+  version: 4.3.1
+  resolution: "sodium-native@npm:4.3.1"
   dependencies:
-    node-gyp: "npm:latest"
     node-gyp-build: "npm:^4.8.0"
-  checksum: 10/cb30564f07c55b2a7f8016b4df16fd2b0ede10981c6d0b4dfe20ef884f702d55884d2128f22da1ffe9a378aec43a4f0c5539aadf23c4fd3fabc5d05ead1301d2
+  checksum: 10/d08c7a68b458fa0dfd63a14dca1a114e855f4b857c3999e3e19e975434b3843335929d0539b03ca7f9796007f0560b629b33186e9b1fd6e7781199b32c48d23c
   languageName: node
   linkType: hard
 
@@ -6012,17 +6009,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tslib@npm:2.7.0, tslib@npm:^2.1.0":
+"tslib@npm:2.7.0":
   version: 2.7.0
   resolution: "tslib@npm:2.7.0"
   checksum: 10/9a5b47ddac65874fa011c20ff76db69f97cf90c78cff5934799ab8894a5342db2d17b4e7613a087046bc1d133d21547ddff87ac558abeec31ffa929c88b7fce6
   languageName: node
   linkType: hard
 
-"tslib@npm:^2.7.0, tslib@npm:^2.8.0":
-  version: 2.8.0
-  resolution: "tslib@npm:2.8.0"
-  checksum: 10/1bc7c43937477059b4d26f2dbde7e49ef0fb4f38f3014e0603eaea76d6a885742c8b1762af45949145e5e7408a736d20ded949da99dabc8ccba1fc5531d2d927
+"tslib@npm:^2.1.0, tslib@npm:^2.7.0, tslib@npm:^2.8.0":
+  version: 2.8.1
+  resolution: "tslib@npm:2.8.1"
+  checksum: 10/3e2e043d5c2316461cb54e5c7fe02c30ef6dccb3384717ca22ae5c6b5bc95232a6241df19c622d9c73b809bea33b187f6dbc73030963e29950c2141bc32a79f7
   languageName: node
   linkType: hard
 
@@ -6148,7 +6145,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"undici-types@npm:~6.19.2":
+"undici-types@npm:~6.19.2, undici-types@npm:~6.19.8":
   version: 6.19.8
   resolution: "undici-types@npm:6.19.8"
   checksum: 10/cf0b48ed4fc99baf56584afa91aaffa5010c268b8842f62e02f752df209e3dea138b372a60a963b3b2576ed932f32329ce7ddb9cb5f27a6c83040d8cd74b7a70
@@ -6251,24 +6248,24 @@ __metadata:
   linkType: hard
 
 "viem@npm:^2.21.3":
-  version: 2.21.6
-  resolution: "viem@npm:2.21.6"
+  version: 2.21.45
+  resolution: "viem@npm:2.21.45"
   dependencies:
-    "@adraffy/ens-normalize": "npm:1.10.0"
-    "@noble/curves": "npm:1.4.0"
-    "@noble/hashes": "npm:1.4.0"
-    "@scure/bip32": "npm:1.4.0"
+    "@noble/curves": "npm:1.6.0"
+    "@noble/hashes": "npm:1.5.0"
+    "@scure/bip32": "npm:1.5.0"
     "@scure/bip39": "npm:1.4.0"
-    abitype: "npm:1.0.5"
-    isows: "npm:1.0.4"
-    webauthn-p256: "npm:0.0.5"
-    ws: "npm:8.17.1"
+    abitype: "npm:1.0.6"
+    isows: "npm:1.0.6"
+    ox: "npm:0.1.2"
+    webauthn-p256: "npm:0.0.10"
+    ws: "npm:8.18.0"
   peerDependencies:
     typescript: ">=5.0.4"
   peerDependenciesMeta:
     typescript:
       optional: true
-  checksum: 10/f515b27beacaf9642052c85c5f8ef17819359618ed1d43bf9b8d9da6d8a0d32f8621e4be704981fcaefcc94580ac8f39c52b0ed8ee929441998521a06dc77486
+  checksum: 10/93428588882620de5ed442a5a568367762d39660bdb4ff9c430d5409da1dca085a3648bf0afedb6631bb219b410e58ccabf600ed26228ab9ae73a77a1031c576
   languageName: node
   linkType: hard
 
@@ -6279,13 +6276,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"webauthn-p256@npm:0.0.5":
-  version: 0.0.5
-  resolution: "webauthn-p256@npm:0.0.5"
+"webauthn-p256@npm:0.0.10":
+  version: 0.0.10
+  resolution: "webauthn-p256@npm:0.0.10"
   dependencies:
     "@noble/curves": "npm:^1.4.0"
     "@noble/hashes": "npm:^1.4.0"
-  checksum: 10/6bf5d1857dfb99ecb3b318af06eddea874c10135e6ebb9f046270f5cbb162933bc6caf77aedb033e14c09971dda544a5fb367ac545e4ec8001b309ba517555cf
+  checksum: 10/dde2b6313b6a0f20996f7ee90181258fc7685bfff401df7d904578da75b374f25d5b9c1189cd2fcec30625b1f276b393188d156d49783f0611623cd713bb5b09
   languageName: node
   linkType: hard
 
@@ -6381,33 +6378,33 @@ __metadata:
   languageName: node
   linkType: hard
 
-"winston-transport@npm:^4.7.0":
-  version: 4.7.1
-  resolution: "winston-transport@npm:4.7.1"
+"winston-transport@npm:^4.9.0":
+  version: 4.9.0
+  resolution: "winston-transport@npm:4.9.0"
   dependencies:
-    logform: "npm:^2.6.1"
+    logform: "npm:^2.7.0"
     readable-stream: "npm:^3.6.2"
     triple-beam: "npm:^1.3.0"
-  checksum: 10/bc48c921ec9b4a71c1445bf274aa6b00c01089a6c26fc0b19534f8a32fa2710c6766c9e6db53a23492c20772934025d312dd9fb08df157ccb6579ad6b9dae9a7
+  checksum: 10/5946918720baadd7447823929e94cf0935f92c4cff6d9451c6fcb009bd9d20a3b3df9ad606109e79d1e9f4d2ff678477bf09f81cfefce2025baaf27a617129bb
   languageName: node
   linkType: hard
 
 "winston@npm:^3.1.0":
-  version: 3.14.2
-  resolution: "winston@npm:3.14.2"
+  version: 3.17.0
+  resolution: "winston@npm:3.17.0"
   dependencies:
     "@colors/colors": "npm:^1.6.0"
     "@dabh/diagnostics": "npm:^2.0.2"
     async: "npm:^3.2.3"
     is-stream: "npm:^2.0.0"
-    logform: "npm:^2.6.0"
+    logform: "npm:^2.7.0"
     one-time: "npm:^1.0.0"
     readable-stream: "npm:^3.4.0"
     safe-stable-stringify: "npm:^2.3.1"
     stack-trace: "npm:0.0.x"
     triple-beam: "npm:^1.3.0"
-    winston-transport: "npm:^4.7.0"
-  checksum: 10/ba818714606175f27c38c42b22913e65f17987a0c8c41bcc73d55f3be8d70d629313f45e312ec02eea7bf074f9abee3f228746140245eb5258487c4161f3a798
+    winston-transport: "npm:^4.9.0"
+  checksum: 10/220309a0ead36c1171158ab28cb9133f8597fba19c8c1c190df9329555530565b58f3af0037c1b80e0c49f7f9b6b3b01791d0c56536eb0be38678d36e316c2a3
   languageName: node
   linkType: hard
 
@@ -6473,7 +6470,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ws@npm:^8.18.0, ws@npm:^8.8.1":
+"ws@npm:8.18.0, ws@npm:^8.18.0, ws@npm:^8.8.1":
   version: 8.18.0
   resolution: "ws@npm:8.18.0"
   peerDependencies:
diff --git a/src/constants/constants.ts b/src/constants/constants.ts
index 85325639..58e703a4 100644
--- a/src/constants/constants.ts
+++ b/src/constants/constants.ts
@@ -14,4 +14,4 @@ export const AMM_MINIMUM_OUTPUT_HARD_MARGIN = 0.05;
 export const TRANSFER_WAITING_TIME_SECONDS = 6000;
 export const SIGNING_SERVICE_URL =
   config.maybeSignerServiceUrl ||
-  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3000');
+  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3001');
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 88d5d2e6..761bbed8 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -5,8 +5,7 @@ import { storageKeys } from '../constants/localStorage';
 import { SiweMessage } from 'siwe';
 
 export interface SiweSignatureData {
-  nonce: string;
-  signature: string;
+  signatureSet: boolean;
   expirationDate: string;
 }
 
@@ -17,7 +16,7 @@ export function useSiweSignature(address?: `0x${string}`) {
   // Used to wait for the modal interaction and/or return of the
   // signing promise.
   const [signPromise, setSignPromise] = useState<{
-    resolve: (data: SiweSignatureData) => void;
+    resolve: () => void;
     reject: (reason: Error) => void;
   } | null>(null);
 
@@ -38,7 +37,7 @@ export function useSiweSignature(address?: `0x${string}`) {
     }
   }, [address, storageKey]);
 
-  const signMessage = useCallback((): Promise<SiweSignatureData> => {
+  const signMessage = useCallback((): Promise<void> => {
     return new Promise((resolve, reject) => {
       setSignPromise({ resolve, reject });
       setRequiresSign(true);
@@ -52,6 +51,7 @@ export function useSiweSignature(address?: `0x${string}`) {
       const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
+        credentials: 'include',
         body: JSON.stringify({ walletAddress: address }),
       });
 
@@ -64,19 +64,19 @@ export function useSiweSignature(address?: `0x${string}`) {
       const validationResponse = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/validate`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
+        credentials: 'include',
         body: JSON.stringify({ nonce, signature }),
       });
 
       if (!validationResponse.ok) throw new Error('Failed to validate signature');
 
       const signatureData: SiweSignatureData = {
-        nonce,
-        signature,
+        signatureSet: true,
         expirationDate: message.expirationTime!,
       };
 
       localStorage.setItem(storageKey, JSON.stringify(signatureData));
-      signPromise.resolve(signatureData);
+      signPromise.resolve();
     } catch (error) {
       signPromise.reject(new Error('Signing failed'));
     } finally {
@@ -94,24 +94,25 @@ export function useSiweSignature(address?: `0x${string}`) {
     setRequiresSign(false);
   }, [signPromise, setRequiresSign, setSignPromise]);
 
-  const checkAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
+  const checkAndWaitForSignature = useCallback(async (): Promise<void> => {
     const stored = checkStoredSignature();
-    if (stored) return stored;
+    console.log('stored', stored);
+    if (stored) return;
     return signMessage();
   }, [checkStoredSignature, signMessage]);
 
-  const forceRefreshAndWaitForSignature = useCallback(async (): Promise<SiweSignatureData> => {
+  const forceRefreshAndWaitForSignature = useCallback(async (): Promise<void> => {
     localStorage.removeItem(storageKey);
     return signMessage();
   }, [storageKey, signMessage]);
 
   // ask for signature on address change and on init
-  useEffect(() => {
-    if (address) {
-      const stored = checkStoredSignature();
-      if (!stored) signMessage();
-    }
-  }, [address, checkStoredSignature, signMessage]);
+  // useEffect(() => {
+  //   if (address) {
+  //     const stored = checkStoredSignature();
+  //     if (!stored) signMessage();
+  //   }
+  // }, [address, checkStoredSignature, signMessage]);
 
   return {
     requiresSign,
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 898d0d75..7d4642bf 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -105,16 +105,15 @@ async function getUrlParams(
 }
 
 const sep10SignaturesWithLoginRefresh = async (
-  refreshFunction: () => Promise<SiweSignatureData>,
+  refreshFunction: () => Promise<void>,
   args: SignerServiceSep10Request,
 ) => {
   try {
     return await fetchSep10Signatures(args);
   } catch (error: unknown) {
     if (error instanceof Error && error.message === 'Invalid signature') {
-      const { nonce, signature } = await refreshFunction();
-      const refreshedArgs = { ...args, maybeChallengeSignature: signature, maybeNonce: nonce };
-      return await fetchSep10Signatures(refreshedArgs);
+      await refreshFunction();
+      return await fetchSep10Signatures(args);
     }
     throw new Error('Could not fetch sep 10 signatures from backend');
   }
@@ -125,8 +124,8 @@ export const sep10 = async (
   stellarEphemeralSecret: string,
   outputToken: OutputTokenType,
   address: `0x${string}` | undefined,
-  checkAndWaitForSignature: () => Promise<SiweSignatureData>,
-  forceRefreshAndWaitForSignature: () => Promise<SiweSignatureData>,
+  checkAndWaitForSignature: () => Promise<void>,
+  forceRefreshAndWaitForSignature: () => Promise<void>,
   renderEvent: (event: string, status: EventStatus) => void,
 ): Promise<{ token: string; sep10Account: string }> => {
   const { signingKey, webAuthEndpoint } = tomlValues;
@@ -162,23 +161,17 @@ export const sep10 = async (
     throw new Error(`Invalid sequence number: ${transactionSigned.sequence}`);
   }
 
-  // undefined if not using memo
-  let maybeNonce;
-  let maybeChallengeSignature;
   if (usesMemo) {
-    const signatureData = await checkAndWaitForSignature();
-    maybeNonce = signatureData.nonce;
-    maybeChallengeSignature = signatureData.signature;
+    await checkAndWaitForSignature();
   }
-  // sign for client_domain + an signature for memo
+
   const { masterClientSignature, clientSignature, clientPublic } = await sep10SignaturesWithLoginRefresh(
     forceRefreshAndWaitForSignature,
     {
       challengeXDR: transactionSigned.toXDR(),
       outToken: outputToken,
       clientPublicKey: sep10Account,
-      maybeNonce,
-      maybeChallengeSignature,
+      memo: usesMemo,
     },
   );
 
diff --git a/src/services/signingService.tsx b/src/services/signingService.tsx
index c6d4be90..1fac7ea9 100644
--- a/src/services/signingService.tsx
+++ b/src/services/signingService.tsx
@@ -22,8 +22,7 @@ export interface SignerServiceSep10Request {
   challengeXDR: string;
   outToken: OutputTokenType;
   clientPublicKey: string;
-  maybeChallengeSignature?: string;
-  maybeNonce?: string;
+  memo?: boolean;
 }
 
 export const fetchSigningServiceAccountId = async (): Promise<SigningServiceStatus> => {
@@ -51,13 +50,13 @@ export const fetchSep10Signatures = async ({
   challengeXDR,
   outToken,
   clientPublicKey,
-  maybeChallengeSignature,
-  maybeNonce,
+  memo,
 }: SignerServiceSep10Request): Promise<SignerServiceSep10Response> => {
   const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`, {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, maybeChallengeSignature, maybeNonce }),
+    credentials: 'include',
+    body: JSON.stringify({ challengeXDR, outToken, clientPublicKey, memo }),
   });
   if (response.status !== 200) {
     if (response.status === 401) {

From 20a1cda73b2d7024a2e5e3f1022609025989e29e Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 19 Nov 2024 07:04:59 -0300
Subject: [PATCH 23/61] remove ask signature on wallet connection

---
 src/hooks/useMainProcess.ts   | 15 +++++++++++----
 src/hooks/useSignChallenge.ts | 10 +---------
 src/services/anchor/index.ts  |  1 -
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 921120d4..b718e653 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -22,7 +22,6 @@ import { createTransactionEvent, useEventsContext } from '../contexts/events';
 import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
 import { OFFRAMPING_PHASE_SECONDS } from '../pages/progress';
-import { SiweSignatureData } from './useSignChallenge';
 import { useSiweContext } from '../contexts/siwe';
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
@@ -102,7 +101,7 @@ export const useMainProcess = () => {
     setEvents((prevEvents) => [...prevEvents, { value: message, status }]);
   };
 
-  const cleanSep24FirstVariables = () => {
+  const cleanSep24FirstVariables = useCallback(() => {
     if (sep24FirstIntervalRef.current !== undefined) {
       // stop executing the function, and reset the ref variable.
       clearInterval(sep24FirstIntervalRef.current);
@@ -111,7 +110,7 @@ export const useMainProcess = () => {
       setExecutionInputState(undefined);
       setAnchorSessionParams(undefined);
     }
-  };
+  }, [setFirstSep24Response, setExecutionInputState, setAnchorSessionParams]);
 
   // Main submit handler. Offramp button.
   const handleOnSubmit = useCallback(
@@ -203,6 +202,7 @@ export const useMainProcess = () => {
       address,
       checkAndWaitForSignature,
       forceRefreshAndWaitForSignature,
+      cleanSep24FirstVariables,
     ],
   );
 
@@ -262,7 +262,14 @@ export const useMainProcess = () => {
       console.error('Some error occurred constructing initial state', error);
       setOfframpingStarted(false);
     }
-  }, [firstSep24ResponseState, anchorSessionParamsState, executionInputState, updateHookStateFromState, trackEvent]);
+  }, [
+    firstSep24ResponseState,
+    anchorSessionParamsState,
+    executionInputState,
+    updateHookStateFromState,
+    trackEvent,
+    cleanSep24FirstVariables,
+  ]);
 
   const finishOfframping = useCallback(() => {
     (async () => {
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 761bbed8..68e8f1d6 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -1,4 +1,4 @@
-import { useEffect, useState, useCallback } from 'react';
+import { useState, useCallback } from 'react';
 import { useSignMessage } from 'wagmi';
 import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
@@ -106,14 +106,6 @@ export function useSiweSignature(address?: `0x${string}`) {
     return signMessage();
   }, [storageKey, signMessage]);
 
-  // ask for signature on address change and on init
-  // useEffect(() => {
-  //   if (address) {
-  //     const stored = checkStoredSignature();
-  //     if (!stored) signMessage();
-  //   }
-  // }, [address, checkStoredSignature, signMessage]);
-
   return {
     requiresSign,
     handleSign,
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 7d4642bf..8f3310ef 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -2,7 +2,6 @@ import { Transaction, Keypair, Networks } from 'stellar-sdk';
 import { EventStatus } from '../../components/GenericEvent';
 import { OutputTokenDetails, OutputTokenType } from '../../constants/tokenConfig';
 import { fetchSep10Signatures, fetchSigningServiceAccountId, SignerServiceSep10Request } from '../signingService';
-import { SiweSignatureData } from '../../hooks/useSignChallenge';
 import { keccak256 } from 'viem/utils';
 
 import { config } from '../../config';

From 5d089b8bf41efc1f6aeada213d81fc952feb030c Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 19 Nov 2024 07:40:36 -0300
Subject: [PATCH 24/61] cleanup express config to allow credentials

---
 signer-service/src/config/express.js | 67 +++++++++++++++-------------
 1 file changed, 35 insertions(+), 32 deletions(-)

diff --git a/signer-service/src/config/express.js b/signer-service/src/config/express.js
index b5530e23..82f9160f 100644
--- a/signer-service/src/config/express.js
+++ b/signer-service/src/config/express.js
@@ -17,59 +17,62 @@ const cookieParser = require('cookie-parser');
  */
 const app = express();
 
+// enable CORS - Cross Origin Resource Sharing
 app.use(
   cors({
-    origin: 'http://localhost:5173',
+    origin: [
+      'http://localhost:5173',
+      'https://polygon-prototype-staging--pendulum-pay.netlify.app/',
+      'https://app.vortexfinance.co/',
+    ],
+    methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
     credentials: true,
+    allowedHeaders: 'Content-Type,Authorization',
   }),
 );
 
-app.use(express.json());
-app.use(cookieParser());
+// enable rate limiting
+// Set number of expected proxies
+app.set('trust proxy', rateLimitNumberOfProxies);
+// Define rate limiter
+const limiter = rateLimit({
+  windowMs: rateLimitWindowMinutes * 60 * 1000,
+  max: rateLimitMaxRequests, // Limit each IP to <amount> requests per `window`
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+});
+app.use(limiter);
 
-// // enable rate limiting
-// // Set number of expected proxies
-// app.set('trust proxy', rateLimitNumberOfProxies);
-// // Define rate limiter
-// const limiter = rateLimit({
-//   windowMs: rateLimitWindowMinutes * 60 * 1000,
-//   max: rateLimitMaxRequests, // Limit each IP to <amount> requests per `window`
-//   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
-//   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
-// });
-// app.use(limiter);
+// parse cookies
+app.use(cookieParser());
 
 // request logging. dev: console | production: file
-// app.use(morgan(logs));
+app.use(morgan(logs));
 
-// // parse body params and attach them to req.body
-// app.use(bodyParser.json());
-// app.use(bodyParser.urlencoded({ extended: true }));
+// parse body params and attach them to req.body
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: true }));
 
-// // gzip compression
-// app.use(compress());
+// gzip compression
+app.use(compress());
 
 // lets you use HTTP verbs such as PUT or DELETE
 // in places where the client doesn't support it
-//app.use(methodOverride());
+app.use(methodOverride());
 
 // secure apps by setting various HTTP headers
-// app.use(helmet({
-//   contentSecurityPolicy: false, // Disable CSP if it's causing issues
-// }));
-
-//app.options('/v1', cors()); // Handle OPTIONS requests
+app.use(helmet());
 
 // mount api token routes
 app.use('/v1', routes);
 
-// // if error is not an instanceOf APIError, convert it.
-// app.use(error.converter);
+// if error is not an instanceOf APIError, convert it.
+app.use(error.converter);
 
-// // catch 404 and forward to error handler
-// app.use(error.notFound);
+// catch 404 and forward to error handler
+app.use(error.notFound);
 
-// // error handler, send stacktrace only during development
-// app.use(error.handler);
+// error handler, send stacktrace only during development
+app.use(error.handler);
 
 module.exports = app;

From 885c6fedc1569380a67ac55e3038148d0fede740 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Tue, 19 Nov 2024 07:47:38 -0300
Subject: [PATCH 25/61] change port back to 3000

---
 src/constants/constants.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/constants/constants.ts b/src/constants/constants.ts
index 58e703a4..85325639 100644
--- a/src/constants/constants.ts
+++ b/src/constants/constants.ts
@@ -14,4 +14,4 @@ export const AMM_MINIMUM_OUTPUT_HARD_MARGIN = 0.05;
 export const TRANSFER_WAITING_TIME_SECONDS = 6000;
 export const SIGNING_SERVICE_URL =
   config.maybeSignerServiceUrl ||
-  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3001');
+  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3000');

From 37db686a297d70dbff06e077ed86c93a3a0b92f0 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Wed, 20 Nov 2024 09:56:02 +0100
Subject: [PATCH 26/61] Add onChange prop to numeric input

---
 src/components/AssetNumericInput/index.tsx | 1 +
 src/components/NumericInput/index.tsx      | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/components/AssetNumericInput/index.tsx b/src/components/AssetNumericInput/index.tsx
index 31493619..7164361e 100644
--- a/src/components/AssetNumericInput/index.tsx
+++ b/src/components/AssetNumericInput/index.tsx
@@ -9,6 +9,7 @@ interface AssetNumericInputProps {
   assetIcon: AssetIconType;
   tokenSymbol: string;
   onClick: () => void;
+  onChange?: (e: KeyboardEvent) => void;
   disabled?: boolean;
   readOnly?: boolean;
   registerInput: UseFormRegisterReturn<keyof SwapFormValues>;
diff --git a/src/components/NumericInput/index.tsx b/src/components/NumericInput/index.tsx
index 4f73ea6f..4018c170 100644
--- a/src/components/NumericInput/index.tsx
+++ b/src/components/NumericInput/index.tsx
@@ -10,6 +10,7 @@ interface NumericInputProps {
   defaultValue?: string;
   autoFocus?: boolean;
   disableStyles?: boolean;
+  onChange?: (e: KeyboardEvent) => void;
 }
 
 export const NumericInput = ({
@@ -20,9 +21,11 @@ export const NumericInput = ({
   defaultValue,
   autoFocus,
   disableStyles = false,
+  onChange,
 }: NumericInputProps) => {
   function handleOnChange(e: KeyboardEvent): void {
     handleOnChangeNumericInput(e, maxDecimals);
+    if (onChange) onChange(e);
     register.onChange(e);
   }
 

From 754e843d5256e2a6d329735e8e408edeb34bdcc0 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Wed, 20 Nov 2024 09:56:16 +0100
Subject: [PATCH 27/61] Track `amount_type` event

---
 src/pages/swap/index.tsx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 6dc61297..8baf5a92 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -249,6 +249,10 @@ export const SwapPage = () => {
           tokenSymbol={fromToken.assetSymbol}
           assetIcon={fromToken.polygonAssetIcon}
           onClick={() => setModalType('from')}
+          onChange={(e) => {
+            // User interacted with the input field
+            trackEvent({ event: 'amount_type' });
+          }}
           id="fromAmount"
         />
         <UserBalance token={fromToken} onClick={(amount: string) => form.setValue('fromAmount', amount)} />

From df0903277f027565cd5a603ce45267fa37d0d7a1 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 20 Nov 2024 09:15:26 -0300
Subject: [PATCH 28/61] variable renaming

---
 .../src/api/controllers/siwe.controller.js    |  4 +--
 .../src/api/controllers/stellar.controller.js |  6 ++---
 .../src/api/middlewares/validators.js         |  6 ++---
 .../src/api/services/sep10.service.js         |  2 +-
 .../src/api/services/siwe.service.js          |  2 --
 signer-service/src/constants/constants.js     |  2 +-
 src/components/SignIn/index.tsx               |  8 +++---
 src/hooks/useSignChallenge.ts                 | 26 +++++++++----------
 src/pages/swap/index.tsx                      |  4 +--
 9 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 7695e3f8..75f39afc 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -25,9 +25,9 @@ exports.validateSiweSignature = async (req, res) => {
       signature,
     };
 
-    res.cookie('authTokenSignature', token, {
+    res.cookie('authToken', token, {
       httpOnly: true,
-      secure: false,
+      secure: false, // TODO TODO TODO: Change to true in production
       sameSite: 'Strict',
       maxAge: DEFAULT_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
     });
diff --git a/signer-service/src/api/controllers/stellar.controller.js b/signer-service/src/api/controllers/stellar.controller.js
index b179dc3a..fe6b3f07 100644
--- a/signer-service/src/api/controllers/stellar.controller.js
+++ b/signer-service/src/api/controllers/stellar.controller.js
@@ -56,9 +56,9 @@ exports.signSep10Challenge = async (req, res, next) => {
   try {
     let maybeChallengeSignature;
     let maybeNonce;
-    if (req.cookies?.authTokenSignature) {
-      maybeChallengeSignature = req.cookies.authTokenSignature.signature;
-      maybeNonce = req.cookies.authTokenSignature.nonce;
+    if (req.cookies?.authToken) {
+      maybeChallengeSignature = req.cookies.authToken.signature;
+      maybeNonce = req.cookies.authToken.nonce;
     }
 
     if (Boolean(req.body.memo) && (!maybeChallengeSignature || !maybeNonce)) {
diff --git a/signer-service/src/api/middlewares/validators.js b/signer-service/src/api/middlewares/validators.js
index 96acfa12..2e29b5b3 100644
--- a/signer-service/src/api/middlewares/validators.js
+++ b/signer-service/src/api/middlewares/validators.js
@@ -158,7 +158,7 @@ const validateSep10Input = (req, res, next) => {
 const validateSiweCreate = (req, res, next) => {
   const { walletAddress } = req.body;
   if (!walletAddress) {
-    return res.status(400).json({ error: 'Missing address: walletAddress' });
+    return res.status(400).json({ error: 'Missing param: walletAddress' });
   }
   next();
 };
@@ -166,11 +166,11 @@ const validateSiweCreate = (req, res, next) => {
 const validateSiweValidate = (req, res, next) => {
   const { nonce, signature } = req.body;
   if (!signature) {
-    return res.status(400).json({ error: 'Missing signature: signature' });
+    return res.status(400).json({ error: 'Missing param: signature' });
   }
 
   if (!nonce) {
-    return res.status(400).json({ error: 'Missing initial nonce: nonce' });
+    return res.status(400).json({ error: 'Missing param: nonce' });
   }
 
   next();
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index 42c9a42f..ac57395a 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -40,7 +40,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   const { homeDomain, clientDomainEnabled, memoEnabled } = TOKEN_CONFIG[outToken];
 
   // Expected memo based on user's signature and nonce.
-  memo = await validateSignatureAndGetMemo(nonce, userChallengeSignature);
+  const memo = await validateSignatureAndGetMemo(nonce, userChallengeSignature);
 
   const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
   if (transactionSigned.source !== anchorSigningKey) {
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 11d7a02a..095c64cb 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -71,5 +71,3 @@ exports.verifySiweMessage = async (nonce, signature) => {
 
   return maybeSiweData.siweMessage;
 };
-
-// TODO we need some sort of session log-out.
diff --git a/signer-service/src/constants/constants.js b/signer-service/src/constants/constants.js
index 778df192..2ca4e961 100644
--- a/signer-service/src/constants/constants.js
+++ b/signer-service/src/constants/constants.js
@@ -9,7 +9,7 @@ const SUBSIDY_MINIMUM_RATIO_FUND_UNITS = '10'; // 10 Subsidies considering maxim
 const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x0004446021fe650c15fb0b2e046b39130e3bfe36';
 const STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS = '2.5'; // Amount to send to the new stellar ephemeral account created
 const PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS = '0.1'; // Amount to send to the new pendulum ephemeral account created
-const DEFAULT_EXPIRATION_TIME_HOURS = 24;
+const DEFAULT_EXPIRATION_TIME_HOURS = 7 * 24;
 
 require('dotenv').config();
 
diff --git a/src/components/SignIn/index.tsx b/src/components/SignIn/index.tsx
index e4ac28aa..b14cbd8e 100644
--- a/src/components/SignIn/index.tsx
+++ b/src/components/SignIn/index.tsx
@@ -2,18 +2,18 @@ import { FC } from 'react';
 import { Modal } from 'react-daisyui';
 
 interface SignInModalProps {
-  requiresSign: boolean;
+  signingPending: boolean;
   closeModal: () => void;
   handleSignIn: () => void;
 }
 
-export const SignInModal: FC<SignInModalProps> = ({ requiresSign, closeModal, handleSignIn }) => {
-  if (!requiresSign) {
+export const SignInModal: FC<SignInModalProps> = ({ signingPending, closeModal, handleSignIn }) => {
+  if (!signingPending) {
     return null;
   }
 
   return (
-    <Modal open={requiresSign} onClickBackdrop={closeModal}>
+    <Modal open={signingPending} onClickBackdrop={closeModal}>
       <Modal.Header className="font-bold text-xl flex justify-between">
         Sign In
         <button onClick={closeModal} className="btn btn-sm btn-circle">
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 68e8f1d6..63a45da5 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -11,7 +11,7 @@ export interface SiweSignatureData {
 
 export function useSiweSignature(address?: `0x${string}`) {
   const { signMessageAsync } = useSignMessage();
-  const [requiresSign, setRequiresSign] = useState(false);
+  const [signingPending, setSigningPending] = useState(false);
 
   // Used to wait for the modal interaction and/or return of the
   // signing promise.
@@ -40,23 +40,23 @@ export function useSiweSignature(address?: `0x${string}`) {
   const signMessage = useCallback((): Promise<void> => {
     return new Promise((resolve, reject) => {
       setSignPromise({ resolve, reject });
-      setRequiresSign(true);
+      setSigningPending(true);
     });
-  }, [setRequiresSign, setSignPromise]);
+  }, [setSigningPending, setSignPromise]);
 
   const handleSign = useCallback(async () => {
     if (!address || !signPromise) return;
 
     try {
-      const response = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
+      const messageResponse = await fetch(`${SIGNING_SERVICE_URL}/v1/siwe/create`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         credentials: 'include',
         body: JSON.stringify({ walletAddress: address }),
       });
 
-      if (!response.ok) throw new Error('Failed to create message');
-      const { siweMessage, nonce } = await response.json();
+      if (!messageResponse.ok) throw new Error('Failed to create message');
+      const { siweMessage, nonce } = await messageResponse.json();
 
       const message = new SiweMessage(siweMessage);
       const signature = await signMessageAsync({ message: siweMessage });
@@ -78,12 +78,13 @@ export function useSiweSignature(address?: `0x${string}`) {
       localStorage.setItem(storageKey, JSON.stringify(signatureData));
       signPromise.resolve();
     } catch (error) {
-      signPromise.reject(new Error('Signing failed'));
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      signPromise.reject(new Error('Signing failed: ' + errorMessage));
     } finally {
-      setRequiresSign(false);
+      setSigningPending(false);
       setSignPromise(null);
     }
-  }, [address, storageKey, signMessageAsync, signPromise, setRequiresSign, setSignPromise]);
+  }, [address, storageKey, signMessageAsync, signPromise, setSigningPending, setSignPromise]);
 
   // Handler for modal cancellation
   const handleCancel = useCallback(() => {
@@ -91,12 +92,11 @@ export function useSiweSignature(address?: `0x${string}`) {
       signPromise.reject(new Error('User cancelled'));
       setSignPromise(null);
     }
-    setRequiresSign(false);
-  }, [signPromise, setRequiresSign, setSignPromise]);
+    setSigningPending(false);
+  }, [signPromise, setSigningPending, setSignPromise]);
 
   const checkAndWaitForSignature = useCallback(async (): Promise<void> => {
     const stored = checkStoredSignature();
-    console.log('stored', stored);
     if (stored) return;
     return signMessage();
   }, [checkStoredSignature, signMessage]);
@@ -107,7 +107,7 @@ export function useSiweSignature(address?: `0x${string}`) {
   }, [storageKey, signMessage]);
 
   return {
-    requiresSign,
+    signingPending,
     handleSign,
     handleCancel,
     checkAndWaitForSignature,
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index a86b1e8c..4f48002e 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -54,7 +54,7 @@ export const SwapPage = () => {
   const [showCompareFees, setShowCompareFees] = useState(false);
   const [cachedId, setCachedId] = useState<string | undefined>(undefined);
   const { trackEvent } = useEventsContext();
-  const { requiresSign, handleSign, handleCancel } = useSiweContext();
+  const { signingPending, handleSign, handleCancel } = useSiweContext();
 
   // Hook used for services on initialization and pre-offramp check
   // That is why no dependencies are used
@@ -353,7 +353,7 @@ export const SwapPage = () => {
 
   const main = (
     <main ref={formRef}>
-      <SignInModal requiresSign={requiresSign} closeModal={handleCancel} handleSignIn={handleSign} />
+      <SignInModal signingPending={signingPending} closeModal={handleCancel} handleSignIn={handleSign} />
       <SigningBox step={signingPhase} />
       <form
         className="max-w-2xl px-4 py-8 mx-4 mt-12 mb-4 rounded-lg shadow-custom md:mx-auto md:w-2/3 lg:w-3/5 xl:w-1/2"

From c82b049a092c431d5f543f5430bfd51c9694c30e Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 20 Nov 2024 13:51:24 -0300
Subject: [PATCH 29/61] send message from UI, validate in backend

---
 .../src/api/controllers/siwe.controller.js    |  22 +--
 .../src/api/middlewares/validators.js         |   6 +-
 .../src/api/services/sep10.service.js         |   4 +-
 .../src/api/services/siwe.service.js          | 133 +++++++++++++-----
 signer-service/src/constants/constants.js     |  18 ++-
 src/constants/constants.ts                    |   1 +
 src/hooks/useSignChallenge.ts                 |  24 +++-
 7 files changed, 157 insertions(+), 51 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 75f39afc..59febe98 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -1,24 +1,23 @@
-const { createAndSendSiweMessage, verifySiweMessage } = require('../services/siwe.service');
-const { DEFAULT_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
+const { createAndSendNonce, initialVerifySiweMessage } = require('../services/siwe.service');
+const { DEFAULT_LOGIN_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
 
 exports.sendSiweMessage = async (req, res) => {
   const { walletAddress } = req.body;
   try {
-    const { siweMessage, nonce } = await createAndSendSiweMessage(walletAddress);
+    const { nonce } = await createAndSendNonce(walletAddress);
     return res.json({
-      siweMessage,
       nonce,
     });
   } catch (e) {
     console.error(e);
-    return res.status(500).json({ error: 'Error while creating siwe message' });
+    return res.status(500).json({ error: 'Error while generating nonce' });
   }
 };
 
 exports.validateSiweSignature = async (req, res) => {
-  const { nonce, signature } = req.body;
+  const { nonce, signature, siweMessage } = req.body;
   try {
-    await verifySiweMessage(nonce, signature);
+    await initialVerifySiweMessage(nonce, signature, siweMessage);
 
     const token = {
       nonce,
@@ -29,12 +28,17 @@ exports.validateSiweSignature = async (req, res) => {
       httpOnly: true,
       secure: false, // TODO TODO TODO: Change to true in production
       sameSite: 'Strict',
-      maxAge: DEFAULT_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
+      maxAge: DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
     });
 
     return res.status(200).json({ message: 'Signature is valid' });
   } catch (e) {
     console.error(e);
-    return res.status(500).json({ error: 'Could not validate signature' });
+
+    if (e.name === 'SiweValidationError') {
+      return res.status(401).json({ error: `Siwe validation error: ${e.message}` });
+    }
+
+    return res.status(500).json({ error: `Could not validate signature: ${e.message}` });
   }
 };
diff --git a/signer-service/src/api/middlewares/validators.js b/signer-service/src/api/middlewares/validators.js
index 2e29b5b3..674b508f 100644
--- a/signer-service/src/api/middlewares/validators.js
+++ b/signer-service/src/api/middlewares/validators.js
@@ -164,7 +164,7 @@ const validateSiweCreate = (req, res, next) => {
 };
 
 const validateSiweValidate = (req, res, next) => {
-  const { nonce, signature } = req.body;
+  const { nonce, signature, siweMessage } = req.body;
   if (!signature) {
     return res.status(400).json({ error: 'Missing param: signature' });
   }
@@ -173,6 +173,10 @@ const validateSiweValidate = (req, res, next) => {
     return res.status(400).json({ error: 'Missing param: nonce' });
   }
 
+  if (!siweMessage) {
+    return res.status(400).json({ error: 'Missing param: siweMessage' });
+  }
+
   next();
 };
 
diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index ac57395a..c904e89a 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -23,7 +23,9 @@ const validateSignatureAndGetMemo = async (nonce, userChallengeSignature) => {
 
   let message;
   try {
-    message = await verifySiweMessage(nonce, userChallengeSignature);
+    // initialSiweMessage must be undefined after an initial check,
+    // message must exist on the map.
+    message = await verifySiweMessage(nonce, userChallengeSignature, undefined);
   } catch (e) {
     throw new Error(`Could not verify signature: ${e.message}`);
   }
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 095c64cb..52a03c00 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -1,73 +1,134 @@
 const siwe = require('siwe');
 const { createPublicClient, http } = require('viem');
 const { polygon } = require('viem/chains');
-const { DEFAULT_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
+const {
+  DEFAULT_LOGIN_EXPIRATION_TIME_HOURS,
+  VALID_SIWE_DOMAINS,
+  VALID_SIWE_CHAINS,
+  VALID_SIWE_LOGIN_ORIGINS,
+} = require('../../constants/constants');
 
-// Make constants on config
-const scheme = 'https';
-const domain = 'satoshipay.io';
-const origin = 'https://app.vortexfinance.co';
-const statement = 'Please sign the message to login!';
+class ValidationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = 'SiweValidationError';
+  }
+}
 
 // Map that will hold the siwe messages sent + nonce we defined
 const siweMessagesMap = new Map();
 
-exports.createAndSendSiweMessage = async (address) => {
+const createAndSendNonce = async (address) => {
   const nonce = siwe.generateNonce();
-  const siweMessage = new siwe.SiweMessage({
-    scheme,
-    domain,
-    address,
-    statement,
-    uri: origin,
-    version: '1',
-    chainId: polygon.id,
-    nonce,
-    expirationTime: new Date(Date.now() + DEFAULT_EXPIRATION_TIME_HOURS * 60 * 60 * 1000).toISOString(), // Constructor in ms.
-  });
-  const preparedMessage = siweMessage.toMessage();
+  const siweMessage = undefined; // Initial message is undefined since it will be created in UI.
   siweMessagesMap.set(nonce, { siweMessage, address });
-
-  return { siweMessage: preparedMessage, nonce };
+  return { nonce };
 };
 
-exports.verifySiweMessage = async (nonce, signature) => {
+// Used to verify the integrity and validity of the signature
+// For the initial verification, the siweMessage must be provided as parameter
+const verifySiweMessage = async (nonce, signature, initialSiweMessage) => {
   const maybeSiweData = siweMessagesMap.get(nonce);
   if (!maybeSiweData) {
-    throw new Error('Message not found, we have not send this message or nonce is incorrect.');
+    throw new ValidationError('Message not found, we have not sent this nonce or nonce is incorrect');
+  }
+
+  const siweMessage = maybeSiweData.siweMessage ? maybeSiweData.siweMessage : new siwe.SiweMessage(initialSiweMessage);
+  const address = maybeSiweData.address;
+
+  if (!siweMessage) {
+    throw new Error('Message must be provided as a parameter if it has not been initially validated.');
   }
 
+  // Verify the integrity of the message
   const publicClient = createPublicClient({
     chain: polygon,
     transport: http(),
   });
 
   const valid = await publicClient.verifyMessage({
-    address: maybeSiweData.address,
-    message: maybeSiweData.siweMessage.toMessage(),
+    address: address,
+    message: siweMessage.toMessage(), // Validation must be done on the message as string
     signature,
   });
 
   if (!valid) {
-    throw new Error('Invalid signature.');
+    throw new ValidationError('Invalid signature');
+  }
+
+  // Perform additional checks to ensure message fields
+  if (siweMessage.nonce !== nonce) {
+    throw new ValidationError('Nonce mismatch');
+  }
+
+  if (siweMessage.expirationTime && new Date(siweMessage.expirationTime) < new Date()) {
+    throw new ValidationError('Message has expired');
+  }
+
+  return siweMessage;
+};
+
+// Since the message is created in the UI, we need to verify the fields of the message
+const verifyMessageFields = (siweMessage) => {
+  // Fields we validate on initial
+  const domain = siweMessage.domain;
+  const uri = siweMessage.uri;
+  const scheme = siweMessage.scheme; // must be https
+  const chainId = siweMessage.chainId;
+  const expirationTime = siweMessage.expirationTime;
+
+  if (!VALID_SIWE_LOGIN_ORIGINS.includes(uri)) {
+    throw new ValidationError('Origin not in the list of allowed origins');
   }
 
-  // Perform additional checks to ensure message integrity
-  if (maybeSiweData.siweMessage.nonce !== nonce) {
-    throw new Error('Nonce mismatch.');
+  if (!VALID_SIWE_DOMAINS.includes(domain)) {
+    throw new ValidationError('Incorrect domain');
   }
 
-  if (maybeSiweData.expirationTime && new Date(maybeSiweData.expirationTime) < new Date()) {
-    throw new Error('Message has expired.');
+  if (!VALID_SIWE_CHAINS.includes(chainId)) {
+    throw new ValidationError('Incorrect chain ID');
   }
 
-  // Successful verification, remove messages with same address
-  // from map except for the one we just verified.
+  if (scheme !== 'https') {
+    throw new ValidationError('Scheme must be https');
+  }
+
+  // Check if expiration is within a reasonable range from current time
+  const currentTime = new Date().getTime();
+  const expirationTimestamp = new Date(expirationTime).getTime();
+
+  const expirationGracePeriod = 1000 * 60; // 1 minute
+  const expirationPeriod = new Date(Date.now() + DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000).toISOString();
+  const expectedMinExpirationTimestamp = currentTime + expirationPeriod - expirationGracePeriod;
+  const expectedMaxExpirationTimestamp = currentTime + expirationPeriod;
+
+  if (expirationTimestamp < expectedMinExpirationTimestamp) {
+    throw new ValidationError('Expiration time is too low');
+  }
+
+  if (expirationTimestamp > expectedMaxExpirationTimestamp) {
+    throw new ValidationError('Expiration time is too high');
+  }
+};
+
+const initialVerifySiweMessage = async (nonce, signature, siweMessage) => {
+  const validatedMessage = await verifySiweMessage(nonce, signature, siweMessage);
+
+  // Perform additional checks to ensure message fields are valid
+  verifyMessageFields(validatedMessage);
+
+  // Verification complete. Update the map and append the message.
+  const siweData = siweMessagesMap.get(nonce);
+  siweData.siweMessage = validatedMessage;
+  siweMessagesMap.set(nonce, siweData);
+
+  // Remove messages with same address from map except for the one we just verified.
+  // This will keep one valid session per address.
   siweMessagesMap.forEach((data, nonce) => {
-    if (data.address === maybeSiweData.address && nonce !== maybeSiweData.siweMessage.nonce) {
+    if (data.address === siweData.address && nonce !== siweData.siweMessage.nonce) {
       siweMessagesMap.delete(nonce);
     }
   });
-
-  return maybeSiweData.siweMessage;
 };
+
+module.exports = { verifySiweMessage, initialVerifySiweMessage, createAndSendNonce };
diff --git a/signer-service/src/constants/constants.js b/signer-service/src/constants/constants.js
index 2ca4e961..47c4b798 100644
--- a/signer-service/src/constants/constants.js
+++ b/signer-service/src/constants/constants.js
@@ -9,7 +9,18 @@ const SUBSIDY_MINIMUM_RATIO_FUND_UNITS = '10'; // 10 Subsidies considering maxim
 const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x0004446021fe650c15fb0b2e046b39130e3bfe36';
 const STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS = '2.5'; // Amount to send to the new stellar ephemeral account created
 const PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS = '0.1'; // Amount to send to the new pendulum ephemeral account created
-const DEFAULT_EXPIRATION_TIME_HOURS = 7 * 24;
+const DEFAULT_LOGIN_EXPIRATION_TIME_HOURS = 7 * 24;
+const VALID_SIWE_DOMAINS = [
+  'localhost:5173',
+  'polygon-prototype-staging--pendulum-pay.netlify.app',
+  'app.vortexfinance.co',
+];
+const VALID_SIWE_CHAINS = [137]; // 137: Polygon
+const VALID_SIWE_LOGIN_ORIGINS = [
+  'http://localhost:5173',
+  'https://polygon-prototype-staging--pendulum-pay.netlify.app',
+  'https://app.vortexfinance.co',
+];
 
 require('dotenv').config();
 
@@ -36,5 +47,8 @@ module.exports = {
   PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS,
   SEP10_MASTER_SECRET,
   CLIENT_DOMAIN_SECRET,
-  DEFAULT_EXPIRATION_TIME_HOURS,
+  DEFAULT_LOGIN_EXPIRATION_TIME_HOURS,
+  VALID_SIWE_DOMAINS,
+  VALID_SIWE_CHAINS,
+  VALID_SIWE_LOGIN_ORIGINS,
 };
diff --git a/src/constants/constants.ts b/src/constants/constants.ts
index 85325639..46c861a6 100644
--- a/src/constants/constants.ts
+++ b/src/constants/constants.ts
@@ -12,6 +12,7 @@ export const AMM_MINIMUM_OUTPUT_SOFT_MARGIN = 0.02;
 export const AMM_MINIMUM_OUTPUT_HARD_MARGIN = 0.05;
 
 export const TRANSFER_WAITING_TIME_SECONDS = 6000;
+export const DEFAULT_LOGIN_EXPIRATION_TIME_HOURS = 7 * 24;
 export const SIGNING_SERVICE_URL =
   config.maybeSignerServiceUrl ||
   (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3000');
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 63a45da5..5a1a4a26 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -3,12 +3,30 @@ import { useSignMessage } from 'wagmi';
 import { SIGNING_SERVICE_URL } from '../constants/constants';
 import { storageKeys } from '../constants/localStorage';
 import { SiweMessage } from 'siwe';
+import { DEFAULT_LOGIN_EXPIRATION_TIME_HOURS } from '../constants/constants';
+import { polygon } from 'wagmi/chains';
 
 export interface SiweSignatureData {
   signatureSet: boolean;
   expirationDate: string;
 }
 
+function createSiweMessage(address: `0x${string}`, nonce: string) {
+  // Make constants on config
+  const siweMessage = new SiweMessage({
+    scheme: 'https',
+    domain: window.location.host,
+    address,
+    statement: 'Please sign the message to login!',
+    uri: window.location.origin,
+    version: '1',
+    chainId: polygon.id,
+    nonce,
+    expirationTime: new Date(Date.now() + DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000).toISOString(), // Constructor in ms.
+  });
+  return siweMessage.toMessage();
+}
+
 export function useSiweSignature(address?: `0x${string}`) {
   const { signMessageAsync } = useSignMessage();
   const [signingPending, setSigningPending] = useState(false);
@@ -56,7 +74,9 @@ export function useSiweSignature(address?: `0x${string}`) {
       });
 
       if (!messageResponse.ok) throw new Error('Failed to create message');
-      const { siweMessage, nonce } = await messageResponse.json();
+      const { nonce } = await messageResponse.json();
+
+      const siweMessage = createSiweMessage(address, nonce);
 
       const message = new SiweMessage(siweMessage);
       const signature = await signMessageAsync({ message: siweMessage });
@@ -65,7 +85,7 @@ export function useSiweSignature(address?: `0x${string}`) {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         credentials: 'include',
-        body: JSON.stringify({ nonce, signature }),
+        body: JSON.stringify({ nonce, signature, siweMessage }),
       });
 
       if (!validationResponse.ok) throw new Error('Failed to validate signature');

From 660fd97e50e4cdad6bbf06f8efffa058a8c66772 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 20 Nov 2024 14:04:51 -0300
Subject: [PATCH 30/61] fix expiration check

---
 signer-service/src/api/services/siwe.service.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 52a03c00..e96e002e 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -98,9 +98,9 @@ const verifyMessageFields = (siweMessage) => {
   const expirationTimestamp = new Date(expirationTime).getTime();
 
   const expirationGracePeriod = 1000 * 60; // 1 minute
-  const expirationPeriod = new Date(Date.now() + DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000).toISOString();
-  const expectedMinExpirationTimestamp = currentTime + expirationPeriod - expirationGracePeriod;
-  const expectedMaxExpirationTimestamp = currentTime + expirationPeriod;
+  const expirationPeriodMs = DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000;
+  const expectedMinExpirationTimestamp = currentTime + expirationPeriodMs - expirationGracePeriod;
+  const expectedMaxExpirationTimestamp = currentTime + expirationPeriodMs;
 
   if (expirationTimestamp < expectedMinExpirationTimestamp) {
     throw new ValidationError('Expiration time is too low');

From f147da54b465b07070b20b2bf35f4f477e769b5e Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Wed, 20 Nov 2024 14:11:07 -0300
Subject: [PATCH 31/61] validate undefined expiration times

---
 signer-service/src/api/services/siwe.service.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index e96e002e..f3f7f4e2 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -93,9 +93,14 @@ const verifyMessageFields = (siweMessage) => {
     throw new ValidationError('Scheme must be https');
   }
 
+  if (expirationTime === NaN || expirationTime === undefined) {
+    throw new ValidationError('Must defined valid expiration time');
+  }
+
   // Check if expiration is within a reasonable range from current time
   const currentTime = new Date().getTime();
   const expirationTimestamp = new Date(expirationTime).getTime();
+  console.log('expirationTimestamp', expirationTimestamp);
 
   const expirationGracePeriod = 1000 * 60; // 1 minute
   const expirationPeriodMs = DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000;

From 1613c17ae792cf1045605eb95a2338ee085389c8 Mon Sep 17 00:00:00 2001
From: gianfra-t <96739519+gianfra-t@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:01:37 -0300
Subject: [PATCH 32/61] Update signer-service/src/api/services/siwe.service.js

Co-authored-by: Marcel Ebert <mail@marcel-ebert.de>
---
 signer-service/src/api/services/siwe.service.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index f3f7f4e2..14e2f425 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -116,7 +116,7 @@ const verifyMessageFields = (siweMessage) => {
   }
 };
 
-const initialVerifySiweMessage = async (nonce, signature, siweMessage) => {
+const verifyAndStoreSiweMessage = async (nonce, signature, siweMessage) => {
   const validatedMessage = await verifySiweMessage(nonce, signature, siweMessage);
 
   // Perform additional checks to ensure message fields are valid

From 371407fbd1da46d5a3f00024b739558570068001 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 21 Nov 2024 12:04:56 +0100
Subject: [PATCH 33/61] Fix previousAddress sometimes undefined

---
 src/contexts/events.tsx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index f718a783..1625966a 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -115,9 +115,10 @@ export type TrackableEvent =
 type EventType = TrackableEvent['event'];
 
 type UseEventsContext = ReturnType<typeof useEvents>;
+
 const useEvents = () => {
   const { address, chainId } = useAccount();
-  const previousAddress = useRef<`0x${string}` | undefined>(undefined);
+  const previousAddress = useRef<`0x${string}` | undefined>(address);
   const previousChainId = useRef<number | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
@@ -153,6 +154,14 @@ const useEvents = () => {
     trackedEventTypes.current = new Set();
   }, []);
 
+  useEffect(() => {
+    if (!previousAddress.current && address) {
+      // We make sure that `previousAddress` is populated once `address` becomes available.
+      // `address` is not available on first render, so we need to set the value of `previousAddress` once `address` is available.
+      previousAddress.current = address;
+    }
+  }, [address]);
+
   useEffect(() => {
     if (!chainId) return;
 

From cac7509b35fea58bfdf90e0d0e8c7d7bc6bb3562 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Thu, 21 Nov 2024 08:49:46 -0300
Subject: [PATCH 34/61] renaming variables, improve expiration time check
 condition

---
 .../src/api/controllers/siwe.controller.js      |  4 ++--
 signer-service/src/api/services/siwe.service.js | 17 +++++++++--------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index 59febe98..af28810d 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -1,4 +1,4 @@
-const { createAndSendNonce, initialVerifySiweMessage } = require('../services/siwe.service');
+const { createAndSendNonce, verifyAndStoreSiweMessage } = require('../services/siwe.service');
 const { DEFAULT_LOGIN_EXPIRATION_TIME_HOURS } = require('../../constants/constants');
 
 exports.sendSiweMessage = async (req, res) => {
@@ -17,7 +17,7 @@ exports.sendSiweMessage = async (req, res) => {
 exports.validateSiweSignature = async (req, res) => {
   const { nonce, signature, siweMessage } = req.body;
   try {
-    await initialVerifySiweMessage(nonce, signature, siweMessage);
+    await verifyAndStoreSiweMessage(nonce, signature, siweMessage);
 
     const token = {
       nonce,
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 14e2f425..edfde929 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -28,13 +28,15 @@ const createAndSendNonce = async (address) => {
 // Used to verify the integrity and validity of the signature
 // For the initial verification, the siweMessage must be provided as parameter
 const verifySiweMessage = async (nonce, signature, initialSiweMessage) => {
-  const maybeSiweData = siweMessagesMap.get(nonce);
-  if (!maybeSiweData) {
+  const existingSiweDataForNonce = siweMessagesMap.get(nonce);
+  if (!existingSiweDataForNonce) {
     throw new ValidationError('Message not found, we have not sent this nonce or nonce is incorrect');
   }
 
-  const siweMessage = maybeSiweData.siweMessage ? maybeSiweData.siweMessage : new siwe.SiweMessage(initialSiweMessage);
-  const address = maybeSiweData.address;
+  const siweMessage = existingSiweDataForNonce.siweMessage
+    ? existingSiweDataForNonce.siweMessage
+    : new siwe.SiweMessage(initialSiweMessage);
+  const address = existingSiweDataForNonce.address;
 
   if (!siweMessage) {
     throw new Error('Message must be provided as a parameter if it has not been initially validated.');
@@ -93,14 +95,13 @@ const verifyMessageFields = (siweMessage) => {
     throw new ValidationError('Scheme must be https');
   }
 
-  if (expirationTime === NaN || expirationTime === undefined) {
-    throw new ValidationError('Must defined valid expiration time');
+  if (!expirationTime || isNaN(new Date(expirationTime).getTime())) {
+    throw new ValidationError('Must define a valid expiration time');
   }
 
   // Check if expiration is within a reasonable range from current time
   const currentTime = new Date().getTime();
   const expirationTimestamp = new Date(expirationTime).getTime();
-  console.log('expirationTimestamp', expirationTimestamp);
 
   const expirationGracePeriod = 1000 * 60; // 1 minute
   const expirationPeriodMs = DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000;
@@ -136,4 +137,4 @@ const verifyAndStoreSiweMessage = async (nonce, signature, siweMessage) => {
   });
 };
 
-module.exports = { verifySiweMessage, initialVerifySiweMessage, createAndSendNonce };
+module.exports = { verifySiweMessage, verifyAndStoreSiweMessage, createAndSendNonce };

From 1a26c1d6bc79d5081cd9ee4136e72e9d2ca37827 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 21 Nov 2024 15:23:01 +0100
Subject: [PATCH 35/61] Refactor code

---
 src/contexts/events.tsx | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 1625966a..50c0379f 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -118,7 +118,7 @@ type UseEventsContext = ReturnType<typeof useEvents>;
 
 const useEvents = () => {
   const { address, chainId } = useAccount();
-  const previousAddress = useRef<`0x${string}` | undefined>(address);
+  const previousAddress = useRef<`0x${string}` | undefined>(undefined);
   const previousChainId = useRef<number | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
@@ -154,14 +154,6 @@ const useEvents = () => {
     trackedEventTypes.current = new Set();
   }, []);
 
-  useEffect(() => {
-    if (!previousAddress.current && address) {
-      // We make sure that `previousAddress` is populated once `address` becomes available.
-      // `address` is not available on first render, so we need to set the value of `previousAddress` once `address` is available.
-      previousAddress.current = address;
-    }
-  }, [address]);
-
   useEffect(() => {
     if (!chainId) return;
 
@@ -181,12 +173,14 @@ const useEvents = () => {
   }, [chainId, trackEvent]);
 
   useEffect(() => {
-    const wasConnected = previousAddress.current !== undefined;
+    const wasConnected = Boolean(previousAddress.current);
     const isConnected = address !== undefined;
 
     // set sentry user as wallet address
     if (address) {
       Sentry.setUser({ id: address });
+
+      previousAddress.current = address;
     }
 
     if (!userClickedState.current) {
@@ -194,11 +188,14 @@ const useEvents = () => {
     }
 
     if (!isConnected) {
-      trackEvent({
-        event: 'wallet_connect',
-        wallet_action: 'disconnect',
-        account_address: previousAddress.current || '',
-      });
+      // Just a failsafe so we never send a disconnect event without a previous address.
+      if (previousAddress.current) {
+        trackEvent({
+          event: 'wallet_connect',
+          wallet_action: 'disconnect',
+          account_address: previousAddress.current,
+        });
+      }
     } else {
       trackEvent({
         event: 'wallet_connect',

From dbc2bfee1e88b55882d7e698255995dcab34a4f6 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 21 Nov 2024 15:31:19 +0100
Subject: [PATCH 36/61] Amend

---
 src/contexts/events.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 50c0379f..78aa1032 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -173,7 +173,7 @@ const useEvents = () => {
   }, [chainId, trackEvent]);
 
   useEffect(() => {
-    const wasConnected = Boolean(previousAddress.current);
+    const wasConnected = previousAddress.current !== undefined;
     const isConnected = address !== undefined;
 
     // set sentry user as wallet address

From e1b350b5a5cae35bbc448c107c97a0ad0a0ffc0b Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Thu, 21 Nov 2024 11:58:58 -0300
Subject: [PATCH 37/61] renaming function verifyMessageFields

---
 signer-service/src/api/services/siwe.service.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index edfde929..9371fb39 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -71,7 +71,7 @@ const verifySiweMessage = async (nonce, signature, initialSiweMessage) => {
 };
 
 // Since the message is created in the UI, we need to verify the fields of the message
-const verifyMessageFields = (siweMessage) => {
+const verifyInitialMessageFields = (siweMessage) => {
   // Fields we validate on initial
   const domain = siweMessage.domain;
   const uri = siweMessage.uri;
@@ -121,7 +121,7 @@ const verifyAndStoreSiweMessage = async (nonce, signature, siweMessage) => {
   const validatedMessage = await verifySiweMessage(nonce, signature, siweMessage);
 
   // Perform additional checks to ensure message fields are valid
-  verifyMessageFields(validatedMessage);
+  verifyInitialMessageFields(validatedMessage);
 
   // Verification complete. Update the map and append the message.
   const siweData = siweMessagesMap.get(nonce);

From 1afb247318a86242446c513f3fb6ff4b07cd37f1 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 21 Nov 2024 16:46:27 +0100
Subject: [PATCH 38/61] Allow submission of undefined `account_address`
 parameter

---
 src/contexts/events.tsx | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 78aa1032..08a3faef 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -37,7 +37,7 @@ export interface ClickDetailsEvent {
 export interface WalletConnectEvent {
   event: 'wallet_connect';
   wallet_action: 'connect' | 'disconnect' | 'change';
-  account_address: string;
+  account_address?: string;
 }
 
 interface OfframpingParameters {
@@ -188,14 +188,11 @@ const useEvents = () => {
     }
 
     if (!isConnected) {
-      // Just a failsafe so we never send a disconnect event without a previous address.
-      if (previousAddress.current) {
-        trackEvent({
-          event: 'wallet_connect',
-          wallet_action: 'disconnect',
-          account_address: previousAddress.current,
-        });
-      }
+      trackEvent({
+        event: 'wallet_connect',
+        wallet_action: 'disconnect',
+        account_address: previousAddress.current,
+      });
     } else {
       trackEvent({
         event: 'wallet_connect',

From fcc6e7403e2e5bc086bbe34d1ea5c94249afce6d Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Thu, 21 Nov 2024 18:46:05 -0300
Subject: [PATCH 39/61] fixes for support client, memo

---
 .../src/api/services/sep10.service.js         |  6 ++--
 .../src/api/services/siwe.service.js          |  2 +-
 signer-service/src/constants/tokenConfig.js   |  2 +-
 src/hooks/useSignChallenge.ts                 |  5 +--
 src/services/anchor/index.ts                  | 34 +++++++++++--------
 5 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/signer-service/src/api/services/sep10.service.js b/signer-service/src/api/services/sep10.service.js
index c904e89a..667b9408 100644
--- a/signer-service/src/api/services/sep10.service.js
+++ b/signer-service/src/api/services/sep10.service.js
@@ -16,8 +16,8 @@ async function deriveMemoFromAddress(address) {
 
 // we validate a challenge for a given nonce. From it we obtain the address and derive the memo
 // we can then ensure that the memo is the same as the one we expect from the anchor challenge
-const validateSignatureAndGetMemo = async (nonce, userChallengeSignature) => {
-  if (!userChallengeSignature || !nonce) {
+const validateSignatureAndGetMemo = async (nonce, userChallengeSignature, memoEnabled) => {
+  if (!userChallengeSignature || !nonce || !memoEnabled) {
     return null; // Default memo value when single stellar account is used
   }
 
@@ -42,7 +42,7 @@ exports.signSep10Challenge = async (challengeXDR, outToken, clientPublicKey, use
   const { homeDomain, clientDomainEnabled, memoEnabled } = TOKEN_CONFIG[outToken];
 
   // Expected memo based on user's signature and nonce.
-  const memo = await validateSignatureAndGetMemo(nonce, userChallengeSignature);
+  const memo = await validateSignatureAndGetMemo(nonce, userChallengeSignature, memoEnabled);
 
   const transactionSigned = new TransactionBuilder.fromXDR(challengeXDR, NETWORK_PASSPHRASE);
   if (transactionSigned.source !== anchorSigningKey) {
diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 9371fb39..7217fd36 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -103,7 +103,7 @@ const verifyInitialMessageFields = (siweMessage) => {
   const currentTime = new Date().getTime();
   const expirationTimestamp = new Date(expirationTime).getTime();
 
-  const expirationGracePeriod = 1000 * 60; // 1 minute
+  const expirationGracePeriod = 1000 * 60 * 10; // 10 minutes
   const expirationPeriodMs = DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000;
   const expectedMinExpirationTimestamp = currentTime + expirationPeriodMs - expirationGracePeriod;
   const expectedMaxExpirationTimestamp = currentTime + expirationPeriodMs;
diff --git a/signer-service/src/constants/tokenConfig.js b/signer-service/src/constants/tokenConfig.js
index 43b5865f..3f6edbdc 100644
--- a/signer-service/src/constants/tokenConfig.js
+++ b/signer-service/src/constants/tokenConfig.js
@@ -6,7 +6,7 @@ const TOKEN_CONFIG = {
     vaultAccountId: '6bsD97dS8ZyomMmp1DLCnCtx25oABtf19dypQKdZe6FBQXSm',
     minWithdrawalAmount: '10000000000000',
     maximumSubsidyAmountRaw: '1000000000000', // 1 unit
-    homeDomain: 'mykobo.co',
+    homeDomain: 'circle.anchor.mykobo.co',
     clientDomainEnabled: true,
     memoEnabled: false,
     pendulumCurrencyId: {
diff --git a/src/hooks/useSignChallenge.ts b/src/hooks/useSignChallenge.ts
index 5a1a4a26..b02722a0 100644
--- a/src/hooks/useSignChallenge.ts
+++ b/src/hooks/useSignChallenge.ts
@@ -55,12 +55,13 @@ export function useSiweSignature(address?: `0x${string}`) {
     }
   }, [address, storageKey]);
 
-  const signMessage = useCallback((): Promise<void> => {
+  const signMessage = useCallback((): Promise<void> | undefined => {
+    if (signPromise) return;
     return new Promise((resolve, reject) => {
       setSignPromise({ resolve, reject });
       setSigningPending(true);
     });
-  }, [setSigningPending, setSignPromise]);
+  }, [setSigningPending, setSignPromise, signPromise]);
 
   const handleSign = useCallback(async () => {
     if (!address || !signPromise) return;
diff --git a/src/services/anchor/index.ts b/src/services/anchor/index.ts
index 5d881910..5f033542 100644
--- a/src/services/anchor/index.ts
+++ b/src/services/anchor/index.ts
@@ -73,33 +73,40 @@ async function deriveMemoFromAddress(address: `0x${string}`) {
 async function getUrlParams(
   ephemeralAccount: string,
   usesMemo: boolean,
+  supportsClientDomain: boolean,
   address: `0x${string}`,
 ): Promise<{ urlParams: URLSearchParams; sep10Account: string }> {
+  let sep10Account: string;
+  const params = new URLSearchParams();
+
   if (usesMemo) {
     const response = await fetch(`${SIGNING_SERVICE_URL}/v1/stellar/sep10`);
 
     if (!response.ok) {
       throw new Error('Failed to fetch client master SEP-10 public account.');
     }
+
     const { masterSep10Public } = await response.json();
+
     if (!masterSep10Public) {
       throw new Error('masterSep10Public not found in response.');
     }
 
-    const sep10Account = masterSep10Public;
+    sep10Account = masterSep10Public;
+    params.append('account', sep10Account);
+    params.append('memo', await deriveMemoFromAddress(address));
+  } else {
+    sep10Account = ephemeralAccount;
+    params.append('account', sep10Account);
+  }
 
-    return {
-      urlParams: new URLSearchParams({
-        account: sep10Account,
-        client_domain: config.applicationClientDomain,
-        memo: await deriveMemoFromAddress(address),
-      }),
-      sep10Account,
-    };
+  if (supportsClientDomain) {
+    params.append('client_domain', config.applicationClientDomain);
   }
+
   return {
-    urlParams: new URLSearchParams({ account: ephemeralAccount, client_domain: config.applicationClientDomain }),
-    sep10Account: ephemeralAccount,
+    urlParams: params,
+    sep10Account,
   };
 }
 
@@ -136,11 +143,10 @@ export const sep10 = async (
   const ephemeralKeys = Keypair.fromSecret(stellarEphemeralSecret);
   const accountId = ephemeralKeys.publicKey();
 
-  const { usesMemo } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { usesMemo, supportsClientDomain } = OUTPUT_TOKEN_CONFIG[outputToken];
 
   // will select either clientMaster or the ephemeral account
-  const { urlParams, sep10Account } = await getUrlParams(accountId, usesMemo, address!);
-  const { supportsClientDomain } = OUTPUT_TOKEN_CONFIG[outputToken];
+  const { urlParams, sep10Account } = await getUrlParams(accountId, usesMemo, supportsClientDomain, address!);
 
   const challenge = await fetch(`${webAuthEndpoint}?${urlParams.toString()}`);
   if (challenge.status !== 200) {

From 5df1f36463782b9fffe8a249c523a67bbe9747ff Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Thu, 21 Nov 2024 19:50:32 -0300
Subject: [PATCH 40/61] remove trailing / on allowed origins

---
 signer-service/src/config/express.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/config/express.js b/signer-service/src/config/express.js
index 82f9160f..43ea97b1 100644
--- a/signer-service/src/config/express.js
+++ b/signer-service/src/config/express.js
@@ -22,8 +22,8 @@ app.use(
   cors({
     origin: [
       'http://localhost:5173',
-      'https://polygon-prototype-staging--pendulum-pay.netlify.app/',
-      'https://app.vortexfinance.co/',
+      'https://polygon-prototype-staging--pendulum-pay.netlify.app',
+      'https://app.vortexfinance.co',
     ],
     methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
     credentials: true,

From ddfef882f1fc6ca5af6db3475a1817ba9e8a9239 Mon Sep 17 00:00:00 2001
From: Gianfranco <g.tasteri@gmail.com>
Date: Fri, 22 Nov 2024 09:20:59 -0300
Subject: [PATCH 41/61] set to samesite none policy

---
 signer-service/src/api/controllers/siwe.controller.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index af28810d..b9da9290 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -26,8 +26,8 @@ exports.validateSiweSignature = async (req, res) => {
 
     res.cookie('authToken', token, {
       httpOnly: true,
-      secure: false, // TODO TODO TODO: Change to true in production
-      sameSite: 'Strict',
+      secure: true,
+      sameSite: 'None',
       maxAge: DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
     });
 

From 397bebafd8722c28bda16baeddfc07ff584148c8 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Fri, 22 Nov 2024 16:03:14 +0100
Subject: [PATCH 42/61] Deduct fees from outputAmount for `to_amount` in events

---
 src/contexts/events.tsx     | 4 +++-
 src/hooks/useMainProcess.ts | 9 +++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 08a3faef..587a485e 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -1,9 +1,11 @@
 import { createContext } from 'preact';
 import { PropsWithChildren, useCallback, useContext, useEffect, useRef } from 'preact/compat';
+import Big from 'big.js';
 import * as Sentry from '@sentry/react';
 import { useAccount } from 'wagmi';
 import { INPUT_TOKEN_CONFIG, OUTPUT_TOKEN_CONFIG } from '../constants/tokenConfig';
 import { OfframpingState } from '../services/offrampingFlow';
+import { calculateTotalReceive } from '../components/FeeCollapse';
 
 declare global {
   interface Window {
@@ -240,6 +242,6 @@ export function createTransactionEvent(type: TransactionEvent['event'], state: O
     from_asset: INPUT_TOKEN_CONFIG[state.inputTokenType].assetSymbol,
     to_asset: OUTPUT_TOKEN_CONFIG[state.outputTokenType].stellarAsset.code.string,
     from_amount: state.inputAmount.units,
-    to_amount: state.outputAmount.units,
+    to_amount: calculateTotalReceive(Big(state.outputAmount.units), OUTPUT_TOKEN_CONFIG[state.outputTokenType]),
   };
 }
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 09bd1fe7..3ce71e74 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -23,6 +23,8 @@ import { showToast, ToastMessage } from '../helpers/notifications';
 import { IAnchorSessionParams, ISep24Intermediate } from '../services/anchor';
 import { OFFRAMPING_PHASE_SECONDS } from '../pages/progress';
 import { useSiweContext } from '../contexts/siwe';
+import { calculateTotalReceive } from '../components/FeeCollapse';
+
 export type SigningPhase = 'started' | 'approved' | 'signed' | 'finished';
 
 export interface ExecutionInput {
@@ -132,7 +134,7 @@ export const useMainProcess = () => {
           from_asset: INPUT_TOKEN_CONFIG[inputTokenType].assetSymbol,
           to_asset: OUTPUT_TOKEN_CONFIG[outputTokenType].stellarAsset.code.string,
           from_amount: amountInUnits,
-          to_amount: offrampAmount.toFixed(2, 0),
+          to_amount: calculateTotalReceive(offrampAmount, OUTPUT_TOKEN_CONFIG[outputTokenType]),
         });
 
         try {
@@ -219,7 +221,10 @@ export const useMainProcess = () => {
       from_asset: INPUT_TOKEN_CONFIG[executionInputState.inputTokenType].assetSymbol,
       to_asset: OUTPUT_TOKEN_CONFIG[executionInputState.outputTokenType].stellarAsset.code.string,
       from_amount: executionInputState.amountInUnits,
-      to_amount: executionInputState.offrampAmount.toFixed(2, 0),
+      to_amount: calculateTotalReceive(
+        executionInputState.offrampAmount,
+        OUTPUT_TOKEN_CONFIG[executionInputState.outputTokenType],
+      ),
     });
 
     // stop fetching new sep24 url's and clean session variables from the state to be safe.

From 5234c160316fc19426fda15c72fd22dc084394c9 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Fri, 22 Nov 2024 16:21:32 +0100
Subject: [PATCH 43/61] Add error message to transaction_failed events

---
 src/contexts/events.tsx             |  1 +
 src/hooks/useMainProcess.ts         |  1 +
 src/pages/failure/index.tsx         |  4 ++--
 src/services/nabla.ts               | 10 ++++++----
 src/services/offrampingFlow.ts      |  7 +++++--
 src/services/polkadot/index.tsx     |  5 +++--
 src/services/squidrouter/process.ts |  4 ++--
 7 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 587a485e..211ad013 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -57,6 +57,7 @@ export type TransactionFailedEvent = OfframpingParameters & {
   event: 'transaction_failure';
   phase_name: string;
   phase_index: number;
+  error_message: string;
 };
 
 export interface ProgressEvent {
diff --git a/src/hooks/useMainProcess.ts b/src/hooks/useMainProcess.ts
index 3ce71e74..678006ac 100644
--- a/src/hooks/useMainProcess.ts
+++ b/src/hooks/useMainProcess.ts
@@ -87,6 +87,7 @@ export const useMainProcess = () => {
           event: 'transaction_failure',
           phase_name: currentPhase,
           phase_index: currentPhaseIndex,
+          error_message: state.failure.message,
         });
       }
     },
diff --git a/src/pages/failure/index.tsx b/src/pages/failure/index.tsx
index 64007b57..ad293af6 100644
--- a/src/pages/failure/index.tsx
+++ b/src/pages/failure/index.tsx
@@ -27,7 +27,7 @@ export const FailurePage = ({ finishOfframping, continueFailedFlow, transactionI
         <Cross />
         <h1 className="mt-6 text-2xl font-bold text-center text-red-500">Oops! Something went wrong</h1>
         {transactionId && <TransactionInfo transactionId={transactionId} />}
-        {failure === 'recoverable' ? (
+        {failure.type === 'recoverable' ? (
           <>
             <p className="mt-6 text-center">
               Unfortunately, your withdrawal request could not be processed in time. This could be due to a temporary
@@ -36,7 +36,7 @@ export const FailurePage = ({ finishOfframping, continueFailedFlow, transactionI
             <p>Either try to continue or start over.</p>
           </>
         ) : undefined}
-        {failure === 'recoverable' && (
+        {failure.type === 'recoverable' && (
           <button className="w-full mt-5 btn-vortex-primary btn rounded-xl" onClick={continueFailedFlow}>
             Continue
           </button>
diff --git a/src/services/nabla.ts b/src/services/nabla.ts
index f37b1759..7fe28c72 100644
--- a/src/services/nabla.ts
+++ b/src/services/nabla.ts
@@ -137,8 +137,9 @@ export async function nablaApprove(
   const inputToken = INPUT_TOKEN_CONFIG[inputTokenType];
 
   if (!transactions) {
-    console.error('Missing transactions for nablaApprove');
-    return { ...state, failure: 'unrecoverable' };
+    const message = 'Missing transactions for nablaApprove';
+    console.error(message);
+    return { ...state, failure: { type: 'unrecoverable', message } };
   }
 
   const successorState = {
@@ -319,8 +320,9 @@ export async function nablaSwap(state: OfframpingState, { renderEvent }: Executi
   const outputToken = OUTPUT_TOKEN_CONFIG[outputTokenType];
 
   if (transactions === undefined) {
-    console.error('Missing transactions for nablaSwap');
-    return { ...state, failure: 'unrecoverable' };
+    const message = 'Missing transactions for nablaSwap';
+    console.error(message);
+    return { ...state, failure: { type: 'unrecoverable', message } };
   }
 
   const { api, ss58Format } = (await getApiManagerInstance()).apiData!;
diff --git a/src/services/offrampingFlow.ts b/src/services/offrampingFlow.ts
index 3e3ac297..04ad223e 100644
--- a/src/services/offrampingFlow.ts
+++ b/src/services/offrampingFlow.ts
@@ -30,7 +30,10 @@ import * as Sentry from '@sentry/react';
 
 const minutesInMs = (minutes: number) => minutes * 60 * 1000;
 
-export type FailureType = 'recoverable' | 'unrecoverable';
+export interface FailureType {
+  type: 'recoverable' | 'unrecoverable';
+  message?: string;
+}
 
 export type OfframpingPhase =
   | 'prepareTransactions'
@@ -281,7 +284,7 @@ export async function advanceOfframpingState(
     }
 
     console.error('Error advancing offramping state', error);
-    newState = { ...state, failure: 'recoverable' };
+    newState = { ...state, failure: { type: 'recoverable', message: error?.toString() } };
   }
 
   if (newState !== undefined) {
diff --git a/src/services/polkadot/index.tsx b/src/services/polkadot/index.tsx
index 6a11bd48..7666bc84 100644
--- a/src/services/polkadot/index.tsx
+++ b/src/services/polkadot/index.tsx
@@ -124,8 +124,9 @@ export async function executeSpacewalkRedeem(
   }
 
   if (!transactions) {
-    console.error('Transactions not prepared, cannot execute Spacewalk redeem');
-    return { ...state, failure: 'unrecoverable' };
+    const message = 'Transactions not prepared, cannot execute Spacewalk redeem';
+    console.error(message);
+    return { ...state, failure: { type: 'unrecoverable', message } };
   }
   let redeemRequestEvent;
 
diff --git a/src/services/squidrouter/process.ts b/src/services/squidrouter/process.ts
index d8ee81c0..12ec81b8 100644
--- a/src/services/squidrouter/process.ts
+++ b/src/services/squidrouter/process.ts
@@ -61,7 +61,7 @@ export async function squidRouter(
     });
 
     console.error('Error in squidRouter: ', e);
-    return { ...state, failure: 'unrecoverable' };
+    return { ...state, failure: { type: 'unrecoverable', message: e?.toString() } };
   }
 
   setSigningPhase?.('approved');
@@ -93,7 +93,7 @@ export async function squidRouter(
     });
 
     console.error('Error in squidRouter: ', e);
-    return { ...state, failure: 'unrecoverable' };
+    return { ...state, failure: { type: 'unrecoverable', message: e?.toString() } };
   }
 
   setSigningPhase?.('signed');

From 0b7bc3240d6552079d7ed62b4baad4311127c6c5 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Fri, 22 Nov 2024 17:43:31 +0100
Subject: [PATCH 44/61] Add function to schedule quotes

---
 src/contexts/events.tsx      | 44 ++++++++++++++++++++++++++++++++++--
 src/services/quotes/index.ts |  2 +-
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 211ad013..6864de80 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -1,11 +1,12 @@
 import { createContext } from 'preact';
-import { PropsWithChildren, useCallback, useContext, useEffect, useRef } from 'preact/compat';
+import { PropsWithChildren, useCallback, useContext, useEffect, useRef, useState } from 'preact/compat';
 import Big from 'big.js';
 import * as Sentry from '@sentry/react';
 import { useAccount } from 'wagmi';
 import { INPUT_TOKEN_CONFIG, OUTPUT_TOKEN_CONFIG } from '../constants/tokenConfig';
 import { OfframpingState } from '../services/offrampingFlow';
 import { calculateTotalReceive } from '../components/FeeCollapse';
+import { QuoteService } from '../services/quotes';
 
 declare global {
   interface Window {
@@ -50,7 +51,13 @@ interface OfframpingParameters {
 }
 
 export type TransactionEvent = OfframpingParameters & {
-  event: 'transaction_confirmation' | 'kyc_started' | 'kyc_completed' | 'transaction_success' | 'transaction_failure';
+  event:
+    | 'transaction_confirmation'
+    | 'kyc_started'
+    | 'kyc_completed'
+    | 'transaction_success'
+    | 'transaction_failure'
+    | 'compare_quote';
 };
 
 export type TransactionFailedEvent = OfframpingParameters & {
@@ -60,6 +67,13 @@ export type TransactionFailedEvent = OfframpingParameters & {
   error_message: string;
 };
 
+export type CompareQuoteEvent = OfframpingParameters & {
+  event: 'compare_quote';
+  moonpay_quote: string;
+  alchemypay_quote: string;
+  transak_quote: string;
+};
+
 export interface ProgressEvent {
   event: 'progress';
   phase_name: string;
@@ -107,6 +121,7 @@ export type TrackableEvent =
   | WalletConnectEvent
   | TransactionEvent
   | TransactionFailedEvent
+  | CompareQuoteEvent
   | ClickSupportEvent
   | FormErrorEvent
   | EmailSubmissionEvent
@@ -125,9 +140,33 @@ const useEvents = () => {
   const previousChainId = useRef<number | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
+  const [scheduledQuotes, setScheduledQuotes] = useState<Partial<Record<QuoteService, string>>>({});
+
   const trackedEventTypes = useRef<Set<EventType>>(new Set());
   const firedFormErrors = useRef<Set<FormErrorEvent['error_message']>>(new Set());
 
+  const scheduleQuote = useCallback((service: QuoteService, quote: string, state: OfframpingState) => {
+    setScheduledQuotes((prev) => {
+      const newQuotes = { ...prev, [service]: quote };
+      const sizeChanged = Object.keys(newQuotes).length !== Object.keys(prev).length;
+
+      // If all quotes are ready, emit the event
+      if (sizeChanged && Object.keys(scheduledQuotes).length === 3) {
+        trackEvent({
+          ...createTransactionEvent('compare_quote', state),
+          event: 'compare_quote',
+          transak_quote: newQuotes.transak,
+          moonpay_quote: newQuotes.moonpay,
+          alchemypay_quote: newQuotes.alchemypay,
+        });
+        // Reset the quotes
+        return {};
+      }
+
+      return newQuotes;
+    });
+  }, []);
+
   const trackEvent = useCallback((event: TrackableEvent) => {
     if (UNIQUE_EVENT_TYPES.includes(event.event)) {
       if (trackedEventTypes.current.has(event.event)) {
@@ -217,6 +256,7 @@ const useEvents = () => {
     trackEvent,
     resetUniqueEvents,
     handleUserClickWallet,
+    scheduleQuote,
   };
 };
 
diff --git a/src/services/quotes/index.ts b/src/services/quotes/index.ts
index 36577167..aed457f1 100644
--- a/src/services/quotes/index.ts
+++ b/src/services/quotes/index.ts
@@ -4,7 +4,7 @@ import { polygon } from 'wagmi/chains';
 
 const QUOTE_ENDPOINT = `${SIGNING_SERVICE_URL}/v1/quotes`;
 
-type QuoteService = 'moonpay' | 'transak' | 'alchemypay';
+export type QuoteService = 'moonpay' | 'transak' | 'alchemypay';
 
 type SupportedNetworks = typeof polygon.name;
 

From 98b751ca77951ae88611aef71f1bc30962e57a9c Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Fri, 22 Nov 2024 18:36:25 +0100
Subject: [PATCH 45/61] Refactor

---
 src/components/FeeComparison/index.tsx        | 24 ++++++-
 .../FeeComparison/quoteProviders.tsx          | 10 +--
 src/contexts/events.tsx                       | 71 ++++++++++++-------
 src/pages/swap/index.tsx                      |  2 +-
 4 files changed, 74 insertions(+), 33 deletions(-)

diff --git a/src/components/FeeComparison/index.tsx b/src/components/FeeComparison/index.tsx
index da1acb08..0fa0b693 100644
--- a/src/components/FeeComparison/index.tsx
+++ b/src/components/FeeComparison/index.tsx
@@ -1,11 +1,13 @@
 import Big from 'big.js';
 import { useMemo } from 'preact/hooks';
+import { useEffect } from 'preact/compat';
 import { useQuery } from '@tanstack/react-query';
 import { ChevronDownIcon } from '@heroicons/react/20/solid';
 import { Skeleton } from '../Skeleton';
 import vortexIcon from '../../assets/logo/blue.svg';
 import { QuoteProvider, quoteProviders } from './quoteProviders';
 import { NetworkType } from '../../constants/tokenConfig';
+import { OfframpingParameters, useEventsContext } from '../../contexts/events';
 
 type FeeProviderRowProps = FeeComparisonProps & { provider: QuoteProvider };
 
@@ -35,14 +37,18 @@ function FeeProviderRow({
   vortexPrice,
   network,
 }: FeeProviderRowProps) {
-  const { isLoading, error, data } = useQuery({
+  const { scheduleQuote } = useEventsContext();
+
+  const {
+    isLoading,
+    error,
+    data: providerPrice,
+  } = useQuery({
     queryKey: [sourceAssetSymbol, targetAssetSymbol, vortexPrice, provider.name, network],
     queryFn: () => provider.query(sourceAssetSymbol, targetAssetSymbol, amount, network),
     retry: false, // We don't want to retry the request to avoid spamming the server
   });
 
-  const providerPrice = data?.lt(0) ? undefined : data;
-
   const priceDiff = useMemo(() => {
     if (isLoading || error || !providerPrice) {
       return undefined;
@@ -51,6 +57,18 @@ function FeeProviderRow({
     return providerPrice.minus(vortexPrice);
   }, [isLoading, error, providerPrice, vortexPrice]);
 
+  useEffect(() => {
+    if (providerPrice || error) {
+      const parameters: OfframpingParameters = {
+        from_amount: amount.toFixed(2),
+        from_asset: sourceAssetSymbol,
+        to_amount: vortexPrice.toFixed(2),
+        to_asset: targetAssetSymbol,
+      };
+      scheduleQuote(provider.name, providerPrice ? providerPrice.toFixed(2, 0) : '-1', parameters);
+    }
+  }, [amount, provider.name, scheduleQuote, sourceAssetSymbol, targetAssetSymbol, providerPrice, error, vortexPrice]);
+
   return (
     <div className="flex items-center justify-between w-full">
       <a href={provider.href} target="_blank" className="flex items-center gap-4 w-full grow ml-4">
diff --git a/src/components/FeeComparison/quoteProviders.tsx b/src/components/FeeComparison/quoteProviders.tsx
index 0a3b2e63..7d239ca8 100644
--- a/src/components/FeeComparison/quoteProviders.tsx
+++ b/src/components/FeeComparison/quoteProviders.tsx
@@ -1,10 +1,10 @@
-import { getQueryFnForService, QuoteQuery } from '../../services/quotes';
+import { getQueryFnForService, QuoteQuery, QuoteService } from '../../services/quotes';
 import alchemyPayIcon from '../../assets/alchemypay.svg';
 import moonpayIcon from '../../assets/moonpay.svg';
 import transakIcon from '../../assets/transak.svg';
 
 export interface QuoteProvider {
-  name: string;
+  name: QuoteService;
   icon?: JSX.Element;
   query: QuoteQuery;
   href: string;
@@ -12,19 +12,19 @@ export interface QuoteProvider {
 
 export const quoteProviders: QuoteProvider[] = [
   {
-    name: 'AlchemyPay',
+    name: 'alchemypay',
     icon: <img src={alchemyPayIcon} className="w-40 ml-1" alt="AlchemyPay" />,
     query: getQueryFnForService('alchemypay'),
     href: 'https://alchemypay.org',
   },
   {
-    name: 'MoonPay',
+    name: 'moonpay',
     icon: <img src={moonpayIcon} className="w-40 ml-1" alt="Moonpay" />,
     query: getQueryFnForService('moonpay'),
     href: 'https://moonpay.com',
   },
   {
-    name: 'Transak',
+    name: 'transak',
     icon: <img src={transakIcon} className="w-30 h-10" alt="Transak" />,
     query: getQueryFnForService('transak'),
     href: 'https://transak.com',
diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 6864de80..fd140f0a 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -43,7 +43,7 @@ export interface WalletConnectEvent {
   account_address?: string;
 }
 
-interface OfframpingParameters {
+export interface OfframpingParameters {
   from_asset: string;
   to_asset: string;
   from_amount: string;
@@ -140,33 +140,18 @@ const useEvents = () => {
   const previousChainId = useRef<number | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
-  const [scheduledQuotes, setScheduledQuotes] = useState<Partial<Record<QuoteService, string>>>({});
+  const [_scheduledQuotes, setScheduledQuotes] = useState<
+    | {
+        from_asset: string;
+        to_asset: string;
+        quotes: Partial<Record<QuoteService, string>>;
+      }
+    | undefined
+  >(undefined);
 
   const trackedEventTypes = useRef<Set<EventType>>(new Set());
   const firedFormErrors = useRef<Set<FormErrorEvent['error_message']>>(new Set());
 
-  const scheduleQuote = useCallback((service: QuoteService, quote: string, state: OfframpingState) => {
-    setScheduledQuotes((prev) => {
-      const newQuotes = { ...prev, [service]: quote };
-      const sizeChanged = Object.keys(newQuotes).length !== Object.keys(prev).length;
-
-      // If all quotes are ready, emit the event
-      if (sizeChanged && Object.keys(scheduledQuotes).length === 3) {
-        trackEvent({
-          ...createTransactionEvent('compare_quote', state),
-          event: 'compare_quote',
-          transak_quote: newQuotes.transak,
-          moonpay_quote: newQuotes.moonpay,
-          alchemypay_quote: newQuotes.alchemypay,
-        });
-        // Reset the quotes
-        return {};
-      }
-
-      return newQuotes;
-    });
-  }, []);
-
   const trackEvent = useCallback((event: TrackableEvent) => {
     if (UNIQUE_EVENT_TYPES.includes(event.event)) {
       if (trackedEventTypes.current.has(event.event)) {
@@ -196,6 +181,44 @@ const useEvents = () => {
     trackedEventTypes.current = new Set();
   }, []);
 
+  /// This function is used to schedule a quote returned by a quote service. Once all quotes are ready, it emits a compare_quote event.
+  /// Calling this function with a quote of '-1' will make the function emit the quote as undefined.
+  const scheduleQuote = useCallback(
+    (service: QuoteService, quote: string, parameters: OfframpingParameters) => {
+      setScheduledQuotes((prev) => {
+        // Check if there is a mismatch in tokens used previously vs the ones passed n the latest state
+        const newQuotes =
+          prev && (prev.from_asset !== parameters.from_asset || prev.to_asset !== parameters.to_asset)
+            ? {
+                from_asset: parameters.from_asset,
+                to_asset: parameters.to_asset,
+                quotes: { [service]: quote },
+              }
+            : {
+                from_asset: parameters.from_asset,
+                to_asset: parameters.to_asset,
+                quotes: { ...prev?.quotes, [service]: quote },
+              };
+
+        // If all quotes are ready, emit the event
+        if (Object.keys(newQuotes.quotes).length === 3) {
+          trackEvent({
+            ...parameters,
+            event: 'compare_quote',
+            transak_quote: newQuotes.quotes.transak !== '-1' ? newQuotes.quotes.transak : undefined,
+            moonpay_quote: newQuotes.quotes.moonpay !== '-1' ? newQuotes.quotes.moonpay : undefined,
+            alchemypay_quote: newQuotes.quotes.alchemypay !== '-1' ? newQuotes.quotes.alchemypay : undefined,
+          });
+          // Reset the quotes
+          return undefined;
+        }
+
+        return newQuotes;
+      });
+    },
+    [trackEvent],
+  );
+
   useEffect(() => {
     if (!chainId) return;
 
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index c0e6cdb6..89ea8136 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -264,7 +264,7 @@ export const SwapPage = () => {
         <UserBalance token={fromToken} onClick={(amount: string) => form.setValue('fromAmount', amount)} />
       </>
     ),
-    [form, fromToken, setModalType],
+    [form, fromToken, setModalType, trackEvent],
   );
 
   function getCurrentErrorMessage() {

From 494bd7303fe402f2d325ba297fb72f23eeedb02c Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Mon, 25 Nov 2024 13:07:11 +0100
Subject: [PATCH 46/61] Memoize values in swap form

---
 src/components/Nabla/useSwapForm.tsx | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/components/Nabla/useSwapForm.tsx b/src/components/Nabla/useSwapForm.tsx
index 8d19fdc0..c26095f8 100644
--- a/src/components/Nabla/useSwapForm.tsx
+++ b/src/components/Nabla/useSwapForm.tsx
@@ -52,8 +52,8 @@ export const useSwapForm = () => {
   const from = useWatch({ control, name: 'from' });
   const to = useWatch({ control, name: 'to' });
 
-  const fromToken = from ? INPUT_TOKEN_CONFIG[from] : undefined;
-  const toToken = to ? OUTPUT_TOKEN_CONFIG[to] : undefined;
+  const fromToken = useMemo(() => (from ? INPUT_TOKEN_CONFIG[from] : undefined), [from]);
+  const toToken = useMemo(() => (to ? OUTPUT_TOKEN_CONFIG[to] : undefined), [to]);
 
   const onFromChange = useCallback(
     (tokenKey: string) => {
@@ -96,12 +96,13 @@ export const useSwapForm = () => {
     defaultValue: '0',
   });
 
-  let fromAmount: Big | undefined;
-  try {
-    fromAmount = new Big(fromAmountString);
-  } catch {
-    // no action required
-  }
+  const fromAmount: Big | undefined = useMemo(() => {
+    try {
+      return new Big(fromAmountString);
+    } catch {
+      return undefined;
+    }
+  }, [fromAmountString]);
 
   return {
     form,

From aff3402edb0dae36567158536f173a6045c427a6 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Mon, 25 Nov 2024 13:26:45 +0100
Subject: [PATCH 47/61] Fix rerenders

---
 src/components/FeeComparison/index.tsx | 2 +-
 src/pages/swap/index.tsx               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/FeeComparison/index.tsx b/src/components/FeeComparison/index.tsx
index 0fa0b693..244e9a3a 100644
--- a/src/components/FeeComparison/index.tsx
+++ b/src/components/FeeComparison/index.tsx
@@ -67,7 +67,7 @@ function FeeProviderRow({
       };
       scheduleQuote(provider.name, providerPrice ? providerPrice.toFixed(2, 0) : '-1', parameters);
     }
-  }, [amount, provider.name, scheduleQuote, sourceAssetSymbol, targetAssetSymbol, providerPrice, error, vortexPrice]);
+  }, [amount, provider.name, scheduleQuote, sourceAssetSymbol, targetAssetSymbol, providerPrice, vortexPrice, error]);
 
   return (
     <div className="flex items-center justify-between w-full">
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index 89ea8136..cfa1b9de 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -111,7 +111,7 @@ export const SwapPage = () => {
   const fromToken = INPUT_TOKEN_CONFIG[from];
   const toToken = OUTPUT_TOKEN_CONFIG[to];
   const formToAmount = form.watch('toAmount');
-  const vortexPrice = formToAmount ? Big(formToAmount) : Big(0);
+  const vortexPrice = useMemo(() => (formToAmount ? Big(formToAmount) : Big(0)), [formToAmount]);
 
   const userInputTokenBalance = useInputTokenBalance({ fromToken });
 

From 52cf5f01c0d726c09a8b52a782a9963ab35a97d2 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Mon, 25 Nov 2024 13:44:43 +0100
Subject: [PATCH 48/61] Fix compare_quote emitted too often

---
 src/contexts/events.tsx | 33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index fd140f0a..870f8037 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -142,8 +142,7 @@ const useEvents = () => {
 
   const [_scheduledQuotes, setScheduledQuotes] = useState<
     | {
-        from_asset: string;
-        to_asset: string;
+        parameters: OfframpingParameters;
         quotes: Partial<Record<QuoteService, string>>;
       }
     | undefined
@@ -186,34 +185,30 @@ const useEvents = () => {
   const scheduleQuote = useCallback(
     (service: QuoteService, quote: string, parameters: OfframpingParameters) => {
       setScheduledQuotes((prev) => {
-        // Check if there is a mismatch in tokens used previously vs the ones passed n the latest state
+        // Do a deep comparison of the parameters to check if they are the same.
+        // If they are not, reset the quotes.
         const newQuotes =
-          prev && (prev.from_asset !== parameters.from_asset || prev.to_asset !== parameters.to_asset)
-            ? {
-                from_asset: parameters.from_asset,
-                to_asset: parameters.to_asset,
-                quotes: { [service]: quote },
-              }
-            : {
-                from_asset: parameters.from_asset,
-                to_asset: parameters.to_asset,
-                quotes: { ...prev?.quotes, [service]: quote },
-              };
+          prev && JSON.stringify(prev.parameters) !== JSON.stringify(parameters)
+            ? { [service]: quote }
+            : { ...prev?.quotes, [service]: quote };
 
         // If all quotes are ready, emit the event
-        if (Object.keys(newQuotes.quotes).length === 3) {
+        if (Object.keys(newQuotes).length === 3) {
           trackEvent({
             ...parameters,
             event: 'compare_quote',
-            transak_quote: newQuotes.quotes.transak !== '-1' ? newQuotes.quotes.transak : undefined,
-            moonpay_quote: newQuotes.quotes.moonpay !== '-1' ? newQuotes.quotes.moonpay : undefined,
-            alchemypay_quote: newQuotes.quotes.alchemypay !== '-1' ? newQuotes.quotes.alchemypay : undefined,
+            transak_quote: newQuotes.transak !== '-1' ? newQuotes.transak : undefined,
+            moonpay_quote: newQuotes.moonpay !== '-1' ? newQuotes.moonpay : undefined,
+            alchemypay_quote: newQuotes.alchemypay !== '-1' ? newQuotes.alchemypay : undefined,
           });
           // Reset the quotes
           return undefined;
         }
 
-        return newQuotes;
+        return {
+          parameters,
+          quotes: newQuotes,
+        };
       });
     },
     [trackEvent],

From 4effa4d72cb26c2f09d281849cc5839961bd5d01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20Stu=CC=88ber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Mon, 25 Nov 2024 18:53:12 -0300
Subject: [PATCH 49/61] Use netlify as a proxy

---
 .prettierignore            |  3 ++-
 README.md                  | 11 ++++++++---
 _redirects                 |  3 +++
 package.json               |  2 +-
 src/config/index.ts        |  2 +-
 src/constants/constants.ts |  3 +--
 6 files changed, 16 insertions(+), 8 deletions(-)
 create mode 100644 _redirects

diff --git a/.prettierignore b/.prettierignore
index 712a9294..ff87240a 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -19,4 +19,5 @@ favicon.png
 CHANGELOG.md
 **/*.svg
 .prettierignore
-.gitignore
\ No newline at end of file
+.gitignore
+_redirects
diff --git a/README.md b/README.md
index a2d7e6e0..80c30326 100644
--- a/README.md
+++ b/README.md
@@ -37,10 +37,15 @@ matter what URL the browser requests.
 
 ## Env Variables
 
-- `VITE_SIGNING_SERVICE_URL`: Optional variable to point to a specific signing backend service URL. If undefined, it
+- `VITE_SIGNING_SERVICE_PATH`: Optional variable to point to a specific signing backend service URL. If undefined, it
   will default to either:
-  - http://localhost:3000 (if in development mode)
-  - https://prototype-signer-service-polygon.pendulumchain.tech (if in production mode)
+  - `http://localhost:3000` (if in development mode)
+  - `/api/production` (if in production mode)
+    - this will use the `_redirects` file to direct Netlify to proxy all requests to `/api/production` to
+      `https://prototype-signer-service-polygon.pendulumchain.tech`
+  - `/api/staging` (if in staging mode)
+    - this will use the `_redirects` file to direct Netlify to proxy all requests to `/api/staging` to
+      `https://prototype-signer-service-polygon-staging.pendulumchain.tech`
 - `VITE_ALCHEMY_API_KEY`: Optional variable to set the Alchemy API key for the custom RPC provider. If undefined, it
   will use dhe default endpoint.
 
diff --git a/_redirects b/_redirects
new file mode 100644
index 00000000..b8c597fe
--- /dev/null
+++ b/_redirects
@@ -0,0 +1,3 @@
+/api/production/*  https://prototype-signer-service-polygon.pendulumchain.tech/:splat  200
+/api/staging/*  https://prototype-signer-service-polygon-staging.pendulumchain.tech/:splat  200
+/* /index.html 200
diff --git a/package.json b/package.json
index 7ea6876e..7de31ae1 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,7 @@
   "packageManager": "yarn@4.5.0+sha512.837566d24eec14ec0f5f1411adb544e892b3454255e61fdef8fd05f3429480102806bac7446bc9daff3896b01ae4b62d00096c7e989f1596f2af10b927532f39",
   "scripts": {
     "dev": "vite --host",
-    "build": "tsc && vite build && cp -R src/assets/coins dist/assets/coins && echo '/* /index.html 200' | cat > dist/_redirects",
+    "build": "tsc && vite build && cp -R src/assets/coins dist/assets/coins && cp _redirects dist/_redirects",
     "preview": "vite preview",
     "lint": "eslint . --ext .ts,.tsx",
     "lint:fix": "eslint . --ext .ts,.tsx --fix",
diff --git a/src/config/index.ts b/src/config/index.ts
index 68ae70f8..ce738c8d 100644
--- a/src/config/index.ts
+++ b/src/config/index.ts
@@ -13,7 +13,7 @@ type TenantConfig = Record<
 
 type Environment = 'development' | 'staging' | 'production';
 const nodeEnv = process.env.NODE_ENV as Environment;
-const maybeSignerServiceUrl = import.meta.env.VITE_SIGNING_SERVICE_URL;
+const maybeSignerServiceUrl = import.meta.env.VITE_SIGNING_SERVICE_PATH;
 const alchemyApiKey = import.meta.env.VITE_ALCHEMY_API_KEY;
 const env = (import.meta.env.VITE_ENVIRONMENT || nodeEnv) as Environment;
 
diff --git a/src/constants/constants.ts b/src/constants/constants.ts
index 46c861a6..7ef85d10 100644
--- a/src/constants/constants.ts
+++ b/src/constants/constants.ts
@@ -14,5 +14,4 @@ export const AMM_MINIMUM_OUTPUT_HARD_MARGIN = 0.05;
 export const TRANSFER_WAITING_TIME_SECONDS = 6000;
 export const DEFAULT_LOGIN_EXPIRATION_TIME_HOURS = 7 * 24;
 export const SIGNING_SERVICE_URL =
-  config.maybeSignerServiceUrl ||
-  (config.isProd ? 'https://prototype-signer-service-polygon.pendulumchain.tech' : 'http://localhost:3000');
+  config.maybeSignerServiceUrl || (config.isProd ? '/api/production' : 'http://localhost:3000');

From b302f4ed594478705023ee6885156d3f1bf2db75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20Stu=CC=88ber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Mon, 25 Nov 2024 20:24:37 -0300
Subject: [PATCH 50/61] Make cookie strict

---
 signer-service/src/api/controllers/siwe.controller.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/signer-service/src/api/controllers/siwe.controller.js b/signer-service/src/api/controllers/siwe.controller.js
index b9da9290..b07ddd62 100644
--- a/signer-service/src/api/controllers/siwe.controller.js
+++ b/signer-service/src/api/controllers/siwe.controller.js
@@ -27,7 +27,7 @@ exports.validateSiweSignature = async (req, res) => {
     res.cookie('authToken', token, {
       httpOnly: true,
       secure: true,
-      sameSite: 'None',
+      sameSite: 'Strict',
       maxAge: DEFAULT_LOGIN_EXPIRATION_TIME_HOURS * 60 * 60 * 1000,
     });
 

From f7d3816838b2a6b81f54d1f328cc60edbe8f4bfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20Stu=CC=88ber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Tue, 26 Nov 2024 08:38:16 -0300
Subject: [PATCH 51/61] Remove siwe uri and hosts checks

---
 signer-service/src/api/services/siwe.service.js | 15 +--------------
 signer-service/src/constants/constants.js       | 12 ------------
 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/signer-service/src/api/services/siwe.service.js b/signer-service/src/api/services/siwe.service.js
index 7217fd36..a3dda7a6 100644
--- a/signer-service/src/api/services/siwe.service.js
+++ b/signer-service/src/api/services/siwe.service.js
@@ -1,12 +1,7 @@
 const siwe = require('siwe');
 const { createPublicClient, http } = require('viem');
 const { polygon } = require('viem/chains');
-const {
-  DEFAULT_LOGIN_EXPIRATION_TIME_HOURS,
-  VALID_SIWE_DOMAINS,
-  VALID_SIWE_CHAINS,
-  VALID_SIWE_LOGIN_ORIGINS,
-} = require('../../constants/constants');
+const { DEFAULT_LOGIN_EXPIRATION_TIME_HOURS, VALID_SIWE_CHAINS } = require('../../constants/constants');
 
 class ValidationError extends Error {
   constructor(message) {
@@ -79,14 +74,6 @@ const verifyInitialMessageFields = (siweMessage) => {
   const chainId = siweMessage.chainId;
   const expirationTime = siweMessage.expirationTime;
 
-  if (!VALID_SIWE_LOGIN_ORIGINS.includes(uri)) {
-    throw new ValidationError('Origin not in the list of allowed origins');
-  }
-
-  if (!VALID_SIWE_DOMAINS.includes(domain)) {
-    throw new ValidationError('Incorrect domain');
-  }
-
   if (!VALID_SIWE_CHAINS.includes(chainId)) {
     throw new ValidationError('Incorrect chain ID');
   }
diff --git a/signer-service/src/constants/constants.js b/signer-service/src/constants/constants.js
index 47c4b798..5d1c57d2 100644
--- a/signer-service/src/constants/constants.js
+++ b/signer-service/src/constants/constants.js
@@ -10,17 +10,7 @@ const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x0004446021fe650c15fb0b2e046b39130e
 const STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS = '2.5'; // Amount to send to the new stellar ephemeral account created
 const PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS = '0.1'; // Amount to send to the new pendulum ephemeral account created
 const DEFAULT_LOGIN_EXPIRATION_TIME_HOURS = 7 * 24;
-const VALID_SIWE_DOMAINS = [
-  'localhost:5173',
-  'polygon-prototype-staging--pendulum-pay.netlify.app',
-  'app.vortexfinance.co',
-];
 const VALID_SIWE_CHAINS = [137]; // 137: Polygon
-const VALID_SIWE_LOGIN_ORIGINS = [
-  'http://localhost:5173',
-  'https://polygon-prototype-staging--pendulum-pay.netlify.app',
-  'https://app.vortexfinance.co',
-];
 
 require('dotenv').config();
 
@@ -48,7 +38,5 @@ module.exports = {
   SEP10_MASTER_SECRET,
   CLIENT_DOMAIN_SECRET,
   DEFAULT_LOGIN_EXPIRATION_TIME_HOURS,
-  VALID_SIWE_DOMAINS,
   VALID_SIWE_CHAINS,
-  VALID_SIWE_LOGIN_ORIGINS,
 };

From f9c9732a89ef8adbdc9ce1c672d294788a1a2df0 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Tue, 26 Nov 2024 16:30:31 +0100
Subject: [PATCH 52/61] Add downward arrow to asset dropdown

---
 src/components/buttons/AssetButton/index.tsx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/components/buttons/AssetButton/index.tsx b/src/components/buttons/AssetButton/index.tsx
index 29bd703e..23cc0331 100644
--- a/src/components/buttons/AssetButton/index.tsx
+++ b/src/components/buttons/AssetButton/index.tsx
@@ -1,10 +1,12 @@
 import { AssetIconType, useGetIcon } from '../../../hooks/useGetIcon';
+import { ChevronDownIcon } from '@heroicons/react/20/solid';
 
 interface AssetButtonProps {
   assetIcon: AssetIconType;
   tokenSymbol: string;
   onClick: () => void;
 }
+
 export function AssetButton({ assetIcon, tokenSymbol, onClick }: AssetButtonProps) {
   const icon = useGetIcon(assetIcon);
 
@@ -18,6 +20,7 @@ export function AssetButton({ assetIcon, tokenSymbol, onClick }: AssetButtonProp
         <img src={icon} alt={assetIcon} className="w-auto h-full" />
       </span>
       <strong className="font-bold text-black">{tokenSymbol}</strong>
+      <ChevronDownIcon className="w-6" />
     </button>
   );
 }

From 9e1ce1f9a48c6931ca0fa4eb7fb15eccc4f09963 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20Stu=CC=88ber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Wed, 27 Nov 2024 08:34:26 -0300
Subject: [PATCH 53/61] Make main buttons 50% width

---
 src/components/buttons/SwapSubmitButton/index.tsx | 4 ++--
 src/pages/swap/index.tsx                          | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/components/buttons/SwapSubmitButton/index.tsx b/src/components/buttons/SwapSubmitButton/index.tsx
index 08ee51b3..56ceeb6f 100644
--- a/src/components/buttons/SwapSubmitButton/index.tsx
+++ b/src/components/buttons/SwapSubmitButton/index.tsx
@@ -17,7 +17,7 @@ export const SwapSubmitButton: FC<SwapSubmitButtonProps> = ({ text, disabled, pe
 
   if (!isConnected) {
     return (
-      <div className="grow">
+      <div style={{ flex: '1 1 calc(50% - 0.75rem/2)' }}>
         <button onClick={() => openWalletModal()} type="button" className="w-full btn-vortex-primary btn rounded-xl">
           Connect Wallet
         </button>
@@ -26,7 +26,7 @@ export const SwapSubmitButton: FC<SwapSubmitButtonProps> = ({ text, disabled, pe
   }
 
   return (
-    <div className="grow">
+    <div style={{ flex: '1 1 calc(50% - 0.75rem/2)' }}>
       <button className="w-full btn-vortex-primary btn" disabled={showInDisabledState}>
         {pending && <Spinner />}
         {text}
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index c0e6cdb6..8311ac1f 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -394,7 +394,8 @@ export const SwapPage = () => {
         </section>
         <div className="flex mt-5 gap-3">
           <button
-            className="grow btn-vortex-secondary btn"
+            className="btn-vortex-secondary btn"
+            style={{ flex: '1 1 calc(50% - 0.75rem/2)' }}
             disabled={!inputAmountIsStable}
             onClick={(e) => {
               e.preventDefault();
@@ -413,7 +414,8 @@ export const SwapPage = () => {
               href={firstSep24ResponseState.url}
               target="_blank"
               rel="opener" //noopener forbids the use of postMessages.
-              className="grow btn-vortex-primary btn rounded-xl"
+              className="btn-vortex-primary btn rounded-xl"
+              style={{ flex: '1 1 calc(50% - 0.75rem/2)' }}
               onClick={handleOnAnchorWindowOpen}
               // open in a tinier window
             >

From c72d5a70d2d5ba4d45a2e900e5bc1a6807bb8746 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20Stu=CC=88ber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Wed, 27 Nov 2024 09:38:17 -0300
Subject: [PATCH 54/61] Keep track of modal type and open states separately

---
 src/components/Nabla/useSwapForm.tsx | 26 +++++++++++++++++++-------
 src/pages/swap/index.tsx             | 23 +++++++++++++----------
 2 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/src/components/Nabla/useSwapForm.tsx b/src/components/Nabla/useSwapForm.tsx
index 8d19fdc0..b3ae7ddf 100644
--- a/src/components/Nabla/useSwapForm.tsx
+++ b/src/components/Nabla/useSwapForm.tsx
@@ -18,8 +18,8 @@ const storageSet = debounce(storageService.set, 1000);
 const setStorageForSwapSettings = storageSet.bind(null, storageKeys.SWAP_SETTINGS);
 
 export const useSwapForm = () => {
-  const tokensModal = useState<undefined | 'from' | 'to'>();
-  const setTokenModal = tokensModal[1];
+  const [isTokenSelectModalVisible, setIsTokenSelectModalVisible] = useState(false);
+  const [tokenSelectModalType, setTokenModalType] = useState<'from' | 'to'>('from');
 
   const initialState = useMemo(() => {
     const searchParams = new URLSearchParams(window.location.search);
@@ -67,9 +67,9 @@ export const useSwapForm = () => {
       setStorageForSwapSettings(updated);
       setValue('from', tokenKey as InputTokenType);
 
-      setTokenModal(undefined);
+      setIsTokenSelectModalVisible(false);
     },
-    [getValues, setValue, setTokenModal],
+    [getValues, setValue],
   );
 
   const onToChange = useCallback(
@@ -85,9 +85,9 @@ export const useSwapForm = () => {
       setStorageForSwapSettings(updated);
       setValue('to', tokenKey as OutputTokenType);
 
-      setTokenModal(undefined);
+      setIsTokenSelectModalVisible(false);
     },
-    [getValues, setTokenModal, setValue],
+    [getValues, setValue],
   );
 
   const fromAmountString = useWatch({
@@ -103,11 +103,23 @@ export const useSwapForm = () => {
     // no action required
   }
 
+  const openTokenSelectModal = useCallback((type: 'from' | 'to') => {
+    setTokenModalType(type);
+    setIsTokenSelectModalVisible(true);
+  }, []);
+
+  const closeTokenSelectModal = useCallback(() => {
+    setIsTokenSelectModalVisible(false);
+  }, []);
+
   return {
     form,
     from,
     to,
-    tokensModal,
+    isTokenSelectModalVisible,
+    tokenSelectModalType,
+    openTokenSelectModal,
+    closeTokenSelectModal,
     onFromChange,
     onToChange,
     fromAmount,
diff --git a/src/pages/swap/index.tsx b/src/pages/swap/index.tsx
index c0e6cdb6..1cb3061f 100644
--- a/src/pages/swap/index.tsx
+++ b/src/pages/swap/index.tsx
@@ -98,7 +98,10 @@ export const SwapPage = () => {
   }, [firstSep24ResponseState?.id]);
 
   const {
-    tokensModal: [modalType, setModalType],
+    isTokenSelectModalVisible,
+    tokenSelectModalType,
+    openTokenSelectModal,
+    closeTokenSelectModal,
     onFromChange,
     onToChange,
     form,
@@ -237,14 +240,14 @@ export const SwapPage = () => {
       <AssetNumericInput
         assetIcon={toToken.fiat.assetIcon}
         tokenSymbol={toToken.fiat.symbol}
-        onClick={() => setModalType('to')}
+        onClick={() => openTokenSelectModal('to')}
         registerInput={form.register('toAmount')}
         disabled={tokenOutAmount.isLoading}
         readOnly={true}
         id="toAmount"
       />
     ),
-    [toToken.fiat.symbol, toToken.fiat.assetIcon, form, tokenOutAmount.isLoading, setModalType],
+    [toToken.fiat.assetIcon, toToken.fiat.symbol, form, tokenOutAmount.isLoading, openTokenSelectModal],
   );
 
   const WithdrawNumericInput = useMemo(
@@ -254,7 +257,7 @@ export const SwapPage = () => {
           registerInput={form.register('fromAmount')}
           tokenSymbol={fromToken.assetSymbol}
           assetIcon={fromToken.polygonAssetIcon}
-          onClick={() => setModalType('from')}
+          onClick={() => openTokenSelectModal('from')}
           onChange={(e) => {
             // User interacted with the input field
             trackEvent({ event: 'amount_type' });
@@ -264,7 +267,7 @@ export const SwapPage = () => {
         <UserBalance token={fromToken} onClick={(amount: string) => form.setValue('fromAmount', amount)} />
       </>
     ),
-    [form, fromToken, setModalType],
+    [form, fromToken, openTokenSelectModal, trackEvent],
   );
 
   function getCurrentErrorMessage() {
@@ -303,7 +306,7 @@ export const SwapPage = () => {
   }
 
   const definitions =
-    modalType === 'from'
+    tokenSelectModalType === 'from'
       ? Object.entries(INPUT_TOKEN_CONFIG).map(([key, value]) => ({
           type: key as InputTokenType,
           assetSymbol: value.assetSymbol,
@@ -319,14 +322,14 @@ export const SwapPage = () => {
     <>
       <TermsAndConditions />
       <PoolSelectorModal
-        open={!!modalType}
+        open={isTokenSelectModalVisible}
         onSelect={(token) => {
-          modalType === 'from' ? onFromChange(token) : onToChange(token);
+          tokenSelectModalType === 'from' ? onFromChange(token) : onToChange(token);
           maybeCancelSep24First();
         }}
         definitions={definitions}
-        selected={modalType === 'from' ? from : to}
-        onClose={() => setModalType(undefined)}
+        selected={tokenSelectModalType === 'from' ? from : to}
+        onClose={() => closeTokenSelectModal()}
         isLoading={false}
       />
     </>

From 2b963d50a7311cff766416c7fef8f77ab9ee6048 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 28 Nov 2024 15:48:46 +0100
Subject: [PATCH 55/61] Refactor with useRef

---
 src/contexts/events.tsx | 63 ++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 35 deletions(-)

diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index 870f8037..ed7130ef 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -51,13 +51,7 @@ export interface OfframpingParameters {
 }
 
 export type TransactionEvent = OfframpingParameters & {
-  event:
-    | 'transaction_confirmation'
-    | 'kyc_started'
-    | 'kyc_completed'
-    | 'transaction_success'
-    | 'transaction_failure'
-    | 'compare_quote';
+  event: 'transaction_confirmation' | 'kyc_started' | 'kyc_completed' | 'transaction_success' | 'transaction_failure';
 };
 
 export type TransactionFailedEvent = OfframpingParameters & {
@@ -69,9 +63,9 @@ export type TransactionFailedEvent = OfframpingParameters & {
 
 export type CompareQuoteEvent = OfframpingParameters & {
   event: 'compare_quote';
-  moonpay_quote: string;
-  alchemypay_quote: string;
-  transak_quote: string;
+  moonpay_quote?: string;
+  alchemypay_quote?: string;
+  transak_quote?: string;
 };
 
 export interface ProgressEvent {
@@ -140,7 +134,7 @@ const useEvents = () => {
   const previousChainId = useRef<number | undefined>(undefined);
   const userClickedState = useRef<boolean>(false);
 
-  const [_scheduledQuotes, setScheduledQuotes] = useState<
+  const scheduledQuotes = useRef<
     | {
         parameters: OfframpingParameters;
         quotes: Partial<Record<QuoteService, string>>;
@@ -184,32 +178,32 @@ const useEvents = () => {
   /// Calling this function with a quote of '-1' will make the function emit the quote as undefined.
   const scheduleQuote = useCallback(
     (service: QuoteService, quote: string, parameters: OfframpingParameters) => {
-      setScheduledQuotes((prev) => {
-        // Do a deep comparison of the parameters to check if they are the same.
-        // If they are not, reset the quotes.
-        const newQuotes =
-          prev && JSON.stringify(prev.parameters) !== JSON.stringify(parameters)
-            ? { [service]: quote }
-            : { ...prev?.quotes, [service]: quote };
-
-        // If all quotes are ready, emit the event
-        if (Object.keys(newQuotes).length === 3) {
-          trackEvent({
-            ...parameters,
-            event: 'compare_quote',
-            transak_quote: newQuotes.transak !== '-1' ? newQuotes.transak : undefined,
-            moonpay_quote: newQuotes.moonpay !== '-1' ? newQuotes.moonpay : undefined,
-            alchemypay_quote: newQuotes.alchemypay !== '-1' ? newQuotes.alchemypay : undefined,
-          });
-          // Reset the quotes
-          return undefined;
-        }
-
-        return {
+      const prev = scheduledQuotes.current;
+
+      // Do a deep comparison of the parameters to check if they are the same.
+      // If they are not, reset the quotes.
+      const newQuotes =
+        prev && JSON.stringify(prev.parameters) !== JSON.stringify(parameters)
+          ? { [service]: quote }
+          : { ...prev?.quotes, [service]: quote };
+
+      // If all quotes are ready, emit the event
+      if (Object.keys(newQuotes).length === 3) {
+        trackEvent({
+          ...parameters,
+          event: 'compare_quote',
+          transak_quote: newQuotes.transak !== '-1' ? newQuotes.transak : undefined,
+          moonpay_quote: newQuotes.moonpay !== '-1' ? newQuotes.moonpay : undefined,
+          alchemypay_quote: newQuotes.alchemypay !== '-1' ? newQuotes.alchemypay : undefined,
+        });
+        // Reset the quotes
+        scheduledQuotes.current = undefined;
+      } else {
+        scheduledQuotes.current = {
           parameters,
           quotes: newQuotes,
         };
-      });
+      }
     },
     [trackEvent],
   );
@@ -277,7 +271,6 @@ const useEvents = () => {
     scheduleQuote,
   };
 };
-
 const Context = createContext<UseEventsContext | undefined>(undefined);
 
 export const useEventsContext = () => {

From 68a98805f1a2142a03beda3ceafb954739ed8144 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 28 Nov 2024 17:25:48 +0100
Subject: [PATCH 56/61] Fix wrong quotes pushed

---
 src/components/FeeComparison/index.tsx | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/components/FeeComparison/index.tsx b/src/components/FeeComparison/index.tsx
index 244e9a3a..9736689a 100644
--- a/src/components/FeeComparison/index.tsx
+++ b/src/components/FeeComparison/index.tsx
@@ -1,6 +1,6 @@
 import Big from 'big.js';
 import { useMemo } from 'preact/hooks';
-import { useEffect } from 'preact/compat';
+import { useEffect, useRef, useState } from 'preact/compat';
 import { useQuery } from '@tanstack/react-query';
 import { ChevronDownIcon } from '@heroicons/react/20/solid';
 import { Skeleton } from '../Skeleton';
@@ -44,10 +44,13 @@ function FeeProviderRow({
     error,
     data: providerPrice,
   } = useQuery({
-    queryKey: [sourceAssetSymbol, targetAssetSymbol, vortexPrice, provider.name, network],
+    queryKey: [amount, sourceAssetSymbol, targetAssetSymbol, vortexPrice, provider.name, network],
     queryFn: () => provider.query(sourceAssetSymbol, targetAssetSymbol, amount, network),
     retry: false, // We don't want to retry the request to avoid spamming the server
   });
+  // The vortex price is sometimes lagging behind the amount (as it first has to be calculated asynchronously)
+  // We keep a reference to the previous vortex price to avoid spamming the server with the same quote.
+  const prevVortexPrice = useRef<Big | undefined>(undefined);
 
   const priceDiff = useMemo(() => {
     if (isLoading || error || !providerPrice) {
@@ -58,16 +61,29 @@ function FeeProviderRow({
   }, [isLoading, error, providerPrice, vortexPrice]);
 
   useEffect(() => {
-    if (providerPrice || error) {
+    if (!isLoading && (providerPrice || error)) {
       const parameters: OfframpingParameters = {
         from_amount: amount.toFixed(2),
         from_asset: sourceAssetSymbol,
         to_amount: vortexPrice.toFixed(2),
         to_asset: targetAssetSymbol,
       };
-      scheduleQuote(provider.name, providerPrice ? providerPrice.toFixed(2, 0) : '-1', parameters);
+      if (!prevVortexPrice.current || vortexPrice !== prevVortexPrice.current) {
+        scheduleQuote(provider.name, providerPrice ? providerPrice.toFixed(2, 0) : '-1', parameters);
+        prevVortexPrice.current = vortexPrice;
+      }
     }
-  }, [amount, provider.name, scheduleQuote, sourceAssetSymbol, targetAssetSymbol, providerPrice, vortexPrice, error]);
+  }, [
+    amount,
+    provider.name,
+    isLoading,
+    scheduleQuote,
+    sourceAssetSymbol,
+    targetAssetSymbol,
+    providerPrice,
+    vortexPrice,
+    error,
+  ]);
 
   return (
     <div className="flex items-center justify-between w-full">

From a5fbbce28ccb83eaed946c4e8566709020bc7186 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Thu, 28 Nov 2024 17:30:43 +0100
Subject: [PATCH 57/61] Remove unused imports

---
 src/components/FeeComparison/index.tsx | 2 +-
 src/contexts/events.tsx                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/FeeComparison/index.tsx b/src/components/FeeComparison/index.tsx
index 9736689a..40662fc3 100644
--- a/src/components/FeeComparison/index.tsx
+++ b/src/components/FeeComparison/index.tsx
@@ -1,6 +1,6 @@
 import Big from 'big.js';
 import { useMemo } from 'preact/hooks';
-import { useEffect, useRef, useState } from 'preact/compat';
+import { useEffect, useRef } from 'preact/compat';
 import { useQuery } from '@tanstack/react-query';
 import { ChevronDownIcon } from '@heroicons/react/20/solid';
 import { Skeleton } from '../Skeleton';
diff --git a/src/contexts/events.tsx b/src/contexts/events.tsx
index ed7130ef..9214590d 100644
--- a/src/contexts/events.tsx
+++ b/src/contexts/events.tsx
@@ -1,5 +1,5 @@
 import { createContext } from 'preact';
-import { PropsWithChildren, useCallback, useContext, useEffect, useRef, useState } from 'preact/compat';
+import { PropsWithChildren, useCallback, useContext, useEffect, useRef } from 'preact/compat';
 import Big from 'big.js';
 import * as Sentry from '@sentry/react';
 import { useAccount } from 'wagmi';

From 1f0c87c47586833c8f94feeb8a2d497969624437 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20St=C3=BCber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Fri, 29 Nov 2024 14:53:24 +0100
Subject: [PATCH 58/61] Add MIT license

---
 LICENSE | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 LICENSE

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..173915fe
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Pendulum Chain
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

From d29314a17d3d86d9b2465837d809123d39197338 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torsten=20St=C3=BCber?=
 <15174476+TorstenStueber@users.noreply.github.com>
Date: Fri, 29 Nov 2024 14:55:58 +0100
Subject: [PATCH 59/61] Update LICENSE

---
 LICENSE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LICENSE b/LICENSE
index 173915fe..0eb0765f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Pendulum Chain
+Copyright (c) 2024 Pendulum Chain / SatoshiPay
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

From fbf6417621e194d04471f7ed5e16cbe194c75266 Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Mon, 2 Dec 2024 17:44:08 +0100
Subject: [PATCH 60/61] Change multi call contract address

---
 mooncontracts/baseline.sol      | 5 ++++-
 mooncontracts/splitReceiver.sol | 7 +++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/mooncontracts/baseline.sol b/mooncontracts/baseline.sol
index 6ee15a6e..8cf0cfb1 100644
--- a/mooncontracts/baseline.sol
+++ b/mooncontracts/baseline.sol
@@ -8,6 +8,9 @@ contract ReceiveCrossChainXToken {
 
     address constant public axlUSDCAddress = 0xCa01a1D0993565291051daFF390892518ACfAD3A;
     IERC20 constant axlUSDC = IERC20(axlUSDCAddress);
+
+    address constant public squidRouterMultiCallContract = 0xaD6Cea45f98444a922a2b4fE96b8C90F0862D2F4;
+
     Xtokens constant xt = Xtokens(0x0000000000000000000000000000000000000804);
     
     event ReceiveBalance(uint256 balance);
@@ -38,7 +41,7 @@ contract ReceiveCrossChainXToken {
 
     function transferApprovedTokensToSelf(uint256 amount) internal {
         IERC20 token = IERC20(axlUSDCAddress);
-        bool success = token.transferFrom(0xEa749Fd6bA492dbc14c24FE8A3d08769229b896c, address(this), amount);
+        bool success = token.transferFrom(squidRouterMultiCallContract, address(this), amount);
         require(success, "Transfer failed");
     }
 }
diff --git a/mooncontracts/splitReceiver.sol b/mooncontracts/splitReceiver.sol
index 66bc7de9..22eb7363 100644
--- a/mooncontracts/splitReceiver.sol
+++ b/mooncontracts/splitReceiver.sol
@@ -8,6 +8,9 @@ contract ReceiveCrossChainXToken {
 
     address constant public axlUSDCAddress = 0xCa01a1D0993565291051daFF390892518ACfAD3A;
     IERC20 constant axlUSDC = IERC20(axlUSDCAddress);
+
+    address constant public squidRouterMultiCallContract = 0xaD6Cea45f98444a922a2b4fE96b8C90F0862D2F4;
+
     Xtokens constant xt = Xtokens(0x0000000000000000000000000000000000000804);
 
     event ReceiveBalance(uint256 balance);
@@ -22,7 +25,7 @@ contract ReceiveCrossChainXToken {
     ) public {
         require(amount > 0, "Amount cannot be zero");
         require(xcmDataMapping[hash] == 0, "Hash already used");
-        
+
         xcmDataMapping[hash] = amount;
 
         transferApprovedTokensToSelf(amount);
@@ -52,7 +55,7 @@ contract ReceiveCrossChainXToken {
 
     function transferApprovedTokensToSelf(uint256 amount) internal {
         IERC20 token = IERC20(axlUSDCAddress);
-        bool success = token.transferFrom(0xEa749Fd6bA492dbc14c24FE8A3d08769229b896c, address(this), amount);
+        bool success = token.transferFrom(squidRouterMultiCallContract, address(this), amount);
         require(success, "Transfer failed");
     }
 }

From 4ed51ec9ff972ceb6cf3290dab05ba380398888b Mon Sep 17 00:00:00 2001
From: Marcel Ebert <mail@marcel-ebert.de>
Date: Mon, 2 Dec 2024 18:22:20 +0100
Subject: [PATCH 61/61] Update references to receiver contract

---
 signer-service/src/constants/constants.js | 2 +-
 src/services/squidrouter/config.ts        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/signer-service/src/constants/constants.js b/signer-service/src/constants/constants.js
index 5d1c57d2..f50243d8 100644
--- a/signer-service/src/constants/constants.js
+++ b/signer-service/src/constants/constants.js
@@ -6,7 +6,7 @@ const PENDULUM_FUNDING_AMOUNT_UNITS = '10'; // 10 PEN. Minimum balance of fundin
 const STELLAR_FUNDING_AMOUNT_UNITS = '10'; // 10 XLM.  Minimum balance of funding account
 const MOONBEAM_FUNDING_AMOUNT_UNITS = '10'; // 10 GLMR. Minimum balance of funding account
 const SUBSIDY_MINIMUM_RATIO_FUND_UNITS = '10'; // 10 Subsidies considering maximum subsidy amount use on each (worst case scenario)
-const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x0004446021fe650c15fb0b2e046b39130e3bfe36';
+const MOONBEAM_RECEIVER_CONTRACT_ADDRESS = '0x2AB52086e8edaB28193172209407FF9df1103CDc';
 const STELLAR_EPHEMERAL_STARTING_BALANCE_UNITS = '2.5'; // Amount to send to the new stellar ephemeral account created
 const PENDULUM_EPHEMERAL_STARTING_BALANCE_UNITS = '0.1'; // Amount to send to the new pendulum ephemeral account created
 const DEFAULT_LOGIN_EXPIRATION_TIME_HOURS = 7 * 24;
diff --git a/src/services/squidrouter/config.ts b/src/services/squidrouter/config.ts
index 812f02ea..dd6ca40c 100644
--- a/src/services/squidrouter/config.ts
+++ b/src/services/squidrouter/config.ts
@@ -11,5 +11,5 @@ export const squidRouterConfig: Config = {
   toChainId: '1284',
   axlUSDC_MOONBEAM: '0xca01a1d0993565291051daff390892518acfad3a',
   integratorId: 'pendulum-7cffebc5-f84f-4669-96b4-4f8c82640811',
-  receivingContractAddress: '0x0004446021fe650c15fb0b2e046b39130e3bfe36',
+  receivingContractAddress: '0x2AB52086e8edaB28193172209407FF9df1103CDc',
 };