From 019264e4fcf3c302add8a816d971651f5797cd77 Mon Sep 17 00:00:00 2001 From: Sebastian Stammler Date: Fri, 20 Dec 2024 18:40:25 +0100 Subject: [PATCH 01/10] base-003: Base Mainnet Holocene FP upgrade (#430) * Adapt nested validation doc to be more generic for Base tasks * base-003: Base Mainnet Holocene FP ugprade * Add base-003 to ci * complete base-003 after contract deployments * fix writing in NESTED-VALIDATION.md * add explicit nonces * fix chainid in input.json * improve nonce increment text --- .circleci/config.yml | 8 +++ NESTED-VALIDATION.md | 42 +++++++----- tasks/eth/base-003-holocene-fp-upgrade/.env | 15 +++++ .../NestedSignFromJson.s.sol | 57 ++++++++++++++++ .../base-003-holocene-fp-upgrade/README.md | 37 ++++++++++ .../VALIDATION.md | 48 +++++++++++++ .../base-003-holocene-fp-upgrade/input.json | 67 +++++++++++++++++++ 7 files changed, 257 insertions(+), 17 deletions(-) create mode 100644 tasks/eth/base-003-holocene-fp-upgrade/.env create mode 100644 tasks/eth/base-003-holocene-fp-upgrade/NestedSignFromJson.s.sol create mode 100644 tasks/eth/base-003-holocene-fp-upgrade/README.md create mode 100644 tasks/eth/base-003-holocene-fp-upgrade/VALIDATION.md create mode 100644 tasks/eth/base-003-holocene-fp-upgrade/input.json diff --git a/.circleci/config.yml b/.circleci/config.yml index 70c5c10fa..9135e5de1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -221,6 +221,13 @@ jobs: steps: - simulate: task: "eth/021-holocene-protocol-versions" + + simulate_base_003: + docker: + - image: << pipeline.parameters.ci_builder_image >> + steps: + - simulate_nested: + task: "eth/base-003-holocene-fp-upgrade" forge_build: docker: @@ -304,3 +311,4 @@ workflows: - just_simulate_sc_rehearsal_4 - simulate_eth_021 - simulate_eth_022 + - simulate_base_003 diff --git a/NESTED-VALIDATION.md b/NESTED-VALIDATION.md index c2dc7bad9..9f3dbfe95 100644 --- a/NESTED-VALIDATION.md +++ b/NESTED-VALIDATION.md @@ -1,7 +1,7 @@ # Validation - Nested Safe -This document describes the generic validation steps for running a Mainnet or Sepolia tasks for the -nested 2/2 Security Council/Foundation Safe. +This document describes the generic validation steps for running a Mainnet or Sepolia tasks for any +nested 2/2 Safe involving either the Security Council & Foundation Upgrade Safe or the Base and Foundation Operations Safe. ## State Overrides @@ -10,10 +10,12 @@ The following state overrides related to the nested Safe execution must be seen: ### `GnosisSafeProxy` - the 2/2 `ProxyAdminOwner` Safe The `ProxyAdminOwner` has the following address: -- Mainnet: [`0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A`](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A) -- Sepolia: [`0x1Eb2fFc903729a0F03966B917003800b145F56E2`](https://sepolia.etherscan.io/address/0x1Eb2fFc903729a0F03966B917003800b145F56E2) +- Mainnet: + - Superchain: [`0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A`](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A) + - Base/OP: [0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c](https://etherscan.io/address/0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c) +- Sepolia Superchain: [`0x1Eb2fFc903729a0F03966B917003800b145F56E2`](https://sepolia.etherscan.io/address/0x1Eb2fFc903729a0F03966B917003800b145F56E2) -These addresses are attested to in the [Optimism Docs](https://docs.optimism.io/chain/security/privileged-roles#addresses). +The Superchain addresses are attested to in the [Optimism Docs](https://docs.optimism.io/chain/security/privileged-roles#addresses). Enables the simulation by setting the threshold to 1: @@ -21,16 +23,18 @@ Enables the simulation by setting the threshold to 1: **Value:** `0x0000000000000000000000000000000000000000000000000000000000000001` **Meaning:** The threshold is set to 1. -### Security Council Safe or Foundation Safe +### Safe Signer -Depending on which role (Security Council or Foundation) the task was simulated for, +Depending on which role the task was simulated for, you must see the following overrides for the following address: - Mainnet - - Council Safe: [`0xc2819DC788505Aac350142A7A707BF9D03E3Bd03`](https://etherscan.io/address/0xc2819DC788505Aac350142A7A707BF9D03E3Bd03) - - Foundation Safe: [`0x847B5c174615B1B7fDF770882256e2D3E95b9D92`](https://etherscan.io/address/0x847B5c174615B1B7fDF770882256e2D3E95b9D92) + - Security Council Safe: [`0xc2819DC788505Aac350142A7A707BF9D03E3Bd03`](https://etherscan.io/address/0xc2819DC788505Aac350142A7A707BF9D03E3Bd03) + - Foundation Upgrade Safe: [`0x847B5c174615B1B7fDF770882256e2D3E95b9D92`](https://etherscan.io/address/0x847B5c174615B1B7fDF770882256e2D3E95b9D92) + - Foundation Operations Safe: [`0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A) + - Base Operations Safe: [`0x9855054731540A48b28990B63DcF4f33d8AE46A1`](https://etherscan.io/address/0x9855054731540A48b28990B63DcF4f33d8AE46A1) - Sepolia - - Council Safe: [`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`](https://sepolia.etherscan.io/address/0xf64bc17485f0B4Ea5F06A96514182FC4cB561977) - - Foundation Safe: [`0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B`](https://sepolia.etherscan.io/address/0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B) + - Fake Security Council Safe: [`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`](https://sepolia.etherscan.io/address/0xf64bc17485f0B4Ea5F06A96514182FC4cB561977) + - Fake Foundation Upgrade Safe: [`0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B`](https://sepolia.etherscan.io/address/0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B) The simulated role will also be called the **Safe Signer** in the remaining document. @@ -88,15 +92,19 @@ The GnosisSafe `approvedHashes` mapping is updated to indicate approval of this ``` The output of this command must match the key of the state change. -### Liveness Guard +### Liveness Guard (Security Council only) -When the Security Council executes a transaction, the liveness timestamp are updated for each owner that signed the tasks. -This is updating at the moment of the transaction is submitted (`block.timestamp`) into the [`lastLive`](https://github.com/ethereum-optimism/optimism/blob/e84868c27776fd04dc77e95176d55c8f6b1cc9a3/packages/contracts-bedrock/src/safe/LivenessGuard.sol#L41) mapping located at the slot `0`. +When the Security Council executes a transaction, the liveness timestamps are updated for each owner that signed the task. +This is updating at the moment when the transaction is submitted (`block.timestamp`) into the [`lastLive`](https://github.com/ethereum-optimism/optimism/blob/e84868c27776fd04dc77e95176d55c8f6b1cc9a3/packages/contracts-bedrock/src/safe/LivenessGuard.sol#L41) mapping located at the slot `0`. ### Nonce increments The only other state changes related to the nested execution are _three_ nonce increments: -- One on the `ProxyAdminOwner` 2/2. If this is not decoded, it corresponds to key `0x05` on a `GnosisSafeProxy`. -- One on the Council or Foundation Safe. If this is not decoded, it corresponds to key `0x05` on a `GnosisSafeProxy`. -- One of the EOA that is the first entry in the owner set of the simulated role. +- One increment of the `ProxyAdminOwner` Safe nonce, located as storage slot +`0x0000000000000000000000000000000000000000000000000000000000000005` on a +`GnosisSafeProxy`. +- One increment of the **Safe Signer** nonce, located as storage slot +`0x0000000000000000000000000000000000000000000000000000000000000005` on a +`GnosisSafeProxy`. +- One increment of the nonce of the EOA that is the first entry in the owner set of the Safe Signer. diff --git a/tasks/eth/base-003-holocene-fp-upgrade/.env b/tasks/eth/base-003-holocene-fp-upgrade/.env new file mode 100644 index 000000000..31152ab26 --- /dev/null +++ b/tasks/eth/base-003-holocene-fp-upgrade/.env @@ -0,0 +1,15 @@ +ETH_RPC_URL="https://ethereum.publicnode.com" + +# Base L1 PAO +OWNER_SAFE=0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c +# This is Base's safe but the Nested.just file uses council as a keyword and +# we want to minimize changes +COUNCIL_SAFE=0x9855054731540A48b28990B63DcF4f33d8AE46A1 +# Foundation Operations Safe +FOUNDATION_SAFE=0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A + +# No nonce overrides needed, this is the next task for B1PAO, BOS, FOS. +# But doing them anyways. +SAFE_NONCE=4 +SAFE_NONCE_0X9855054731540A48B28990B63DCF4F33D8AE46A1=16 +SAFE_NONCE_0X9BA6E03D8B90DE867373DB8CF1A58D2F7F006B3A=97 diff --git a/tasks/eth/base-003-holocene-fp-upgrade/NestedSignFromJson.s.sol b/tasks/eth/base-003-holocene-fp-upgrade/NestedSignFromJson.s.sol new file mode 100644 index 000000000..c698b2dad --- /dev/null +++ b/tasks/eth/base-003-holocene-fp-upgrade/NestedSignFromJson.s.sol @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.15; + +import {console2 as console} from "forge-std/console2.sol"; +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {NestedSignFromJson as OriginalNestedSignFromJson} from "script/NestedSignFromJson.s.sol"; +import {DisputeGameUpgrade} from "script/verification/DisputeGameUpgrade.s.sol"; +import {CouncilFoundationNestedSign} from "script/verification/CouncilFoundationNestedSign.s.sol"; +import {SuperchainRegistry} from "script/verification/Verification.s.sol"; + +contract NestedSignFromJson is OriginalNestedSignFromJson, CouncilFoundationNestedSign, DisputeGameUpgrade { + constructor() + SuperchainRegistry("mainnet", "base", "v1.8.0-rc.4") + DisputeGameUpgrade( + 0x03f89406817db1ed7fd8b31e13300444652cdb0b9c509a674de43483b2f83568, // absolutePrestate + 0xc5f3677c3C56DB4031ab005a3C9c98e1B79D438e, // faultDisputeGame + 0xF62c15e2F99d4869A925B8F57076cD85335832A2 // permissionedDisputeGame + ) + {} + + function setUp() public view { + checkInput(); + } + + function checkInput() public view { + string memory inputJson; + string memory path = "/tasks/eth/base-003-holocene-fp-upgrade/input.json"; + try vm.readFile(string.concat(vm.projectRoot(), path)) returns (string memory data) { + inputJson = data; + } catch { + revert(string.concat("Failed to read ", path)); + } + + address inputPermissionedDisputeGame = + stdJson.readAddress(inputJson, "$.transactions[0].contractInputsValues._impl"); + address inputFaultDisputeGame = stdJson.readAddress(inputJson, "$.transactions[1].contractInputsValues._impl"); + require(expPermissionedDisputeGame == inputPermissionedDisputeGame, "input-pdg"); + require(expFaultDisputeGame == inputFaultDisputeGame, "input-fdg"); + } + + function _postCheck(Vm.AccountAccess[] memory accesses, Simulation.Payload memory) internal view override { + console.log("Running post-deploy assertions"); + checkStateDiff(accesses); + checkDisputeGameUpgrade(); + console.log("All assertions passed!"); + } + + function getAllowedStorageAccess() internal view override returns (address[] memory) { + return allowedStorageAccess; + } + + function getCodeExceptions() internal view override returns (address[] memory) { + return codeExceptions; + } +} diff --git a/tasks/eth/base-003-holocene-fp-upgrade/README.md b/tasks/eth/base-003-holocene-fp-upgrade/README.md new file mode 100644 index 000000000..069db85e2 --- /dev/null +++ b/tasks/eth/base-003-holocene-fp-upgrade/README.md @@ -0,0 +1,37 @@ +# Holocene Hardfork Upgrade + +Status: READY TO SIGN + +## Objective + +Upgrades the Base Mainnet Fault Proof contracts for the Holocene hardfork. + +The related Optimism governance post of the upgrade can be found at https://gov.optimism.io/t/upgrade-proposal-11-holocene-network-upgrade/9313. + +This upgrades the Fault Proof contracts in the +[op-contracts/v1.8.0-rc.4](https://github.com/ethereum-optimism/optimism/tree/op-contracts/v1.8.0-rc.4) release. + +## Pre-deployments + +- `MIPS` - `0x5fE03a12C1236F9C22Cb6479778DDAa4bce6299C` +- `FaultDisputeGame` - `0xc5f3677c3C56DB4031ab005a3C9c98e1B79D438e` +- `PermissionedDisputeGame` - `0xF62c15e2F99d4869A925B8F57076cD85335832A2` + +## Simulation + +Please see the "Simulating and Verifying the Transaction" instructions in [NESTED.md](../../../NESTED.md). +When simulating, ensure the logs say `Using script /your/path/to/superchain-ops/tasks/eth/base-003-holocene-fp-upgrade/NestedSignFromJson.s.sol`. +This ensures all safety checks are run. If the default `NestedSignFromJson.s.sol` script is shown (without the full path), something is wrong and the safety checks will not run. + +## State Validation + +Please see the instructions for [validation](./VALIDATION.md). + +## Execution + +This upgrade +* Changes dispute game implementation of the `CANNON` and `PERMISSIONED_CANNON` game types to contain a `op-program` release for the Holocene hardfork, which contains + the Holocene fork implementation as well as a `ChainConfig` and `RollupConfig` for the L2 chain being upgraded. +* Upgrades `MIPS.sol` to support the `F_GETFD` syscall, required by the golang 1.22+ runtime. + +See the [overview](./OVERVIEW.md) and `input.json` bundle for more details. diff --git a/tasks/eth/base-003-holocene-fp-upgrade/VALIDATION.md b/tasks/eth/base-003-holocene-fp-upgrade/VALIDATION.md new file mode 100644 index 000000000..efcb7e918 --- /dev/null +++ b/tasks/eth/base-003-holocene-fp-upgrade/VALIDATION.md @@ -0,0 +1,48 @@ +# Validation + +This document can be used to validate the state diff resulting from the execution of the upgrade +transactions. + +For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff are missing from this document. Additionally, please verify that for each contract: + +- The following state changes (and none others) are made to that contract. This validates that no unexpected state changes occur. +- All addresses (in section headers and storage values) match the provided name, using the Etherscan and Superchain Registry links provided. This validates the bytecode deployed at the addresses contains the correct logic. +- All key values match the semantic meaning provided, which can be validated using the storage layout links provided. + +## Nested Safe State Overrides and Changes + +This task is executed by the nested 2/2 `ProxyAdminOwner` Safe. Refer to the +[generic nested Safe execution validation document](../../../NESTED-VALIDATION.md) +for the expected state overrides and changes. + +The `approvedHashes` mapping **key** of the `ProxyAdminOwner` that should change during the simulation is +- Council simulation: `0xca167e305357972ad4bb8d1353a317081afef9619b4f62f7173b0a2c18a5641b` +- Foundation simulation: `0xb6dd08d9ebb19e58638adf5c77f5bafb0340199b1b0e88b6cc82442a99461b73` + +calculated as explained in the nested validation doc: +```sh +SAFE_HASH=0xbf85fbc223d92f056c8a48975db99c6b2153fbcf78d6c48109ef9774c6e272a6 # "Nested hash:" +SAFE_ROLE=0x9855054731540A48b28990B63DcF4f33d8AE46A1 # "Council" - Base +cast index bytes32 $SAFE_HASH $(cast index address $SAFE_ROLE 8) +# 0xca167e305357972ad4bb8d1353a317081afef9619b4f62f7173b0a2c18a5641b + +SAFE_ROLE=0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A # Foundation Operations Safe +cast index bytes32 $SAFE_HASH $(cast index address $SAFE_ROLE 8) +# 0xb6dd08d9ebb19e58638adf5c77f5bafb0340199b1b0e88b6cc82442a99461b73 +``` + +## State Changes + +### `0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e` (`DisputeGameFactoryProxy`) + +- **Key**: `0xffdfc1249c027f9191656349feb0761381bb32c9f557e01f419fd08754bf5a1b`
+ **Before**: `0xCd3c0194db74C23807D4B90A5181e1B28cF7007C`
+ **After**: `0xc5f3677c3C56DB4031ab005a3C9c98e1B79D438e`
+ **Meaning**: Updates the CANNON game type implementation. You can verify which implementation is set using `cast call 0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e "gameImpls(uint32)(address)" 0`, where `0` is the [`CANNON` game type](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.4.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L28). + Before this task has been executed, you will see that the returned address is `0xCd3c0194db74C23807D4B90A5181e1B28cF7007C`, matching the "Before" value of this slot, demonstrating this slot is storing the address of the CANNON implementation. + +- **Key**: `0x4d5a9bd2e41301728d41c8e705190becb4e74abe869f75bdb405b63716a35f9e`
+ **Before**: `0x19009dEBF8954B610f207D5925EEDe827805986e`
+ **After**: `0xF62c15e2F99d4869A925B8F57076cD85335832A2`
+ **Meaning**: Updates the PERMISSIONED_CANNON game type implementation. You can verify which implementation is set using `cast call 0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e "gameImpls(uint32)(address)" 1`, where `1` is the [`PERMISSIONED_CANNON` game type](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.4.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L31). + Before this task has been executed, you will see that the returned address is `0x19009dEBF8954B610f207D5925EEDe827805986e`, matching the "Before" value of this slot, demonstrating this slot is storing the address of the PERMISSIONED_CANNON implementation. diff --git a/tasks/eth/base-003-holocene-fp-upgrade/input.json b/tasks/eth/base-003-holocene-fp-upgrade/input.json new file mode 100644 index 000000000..6f44bacc5 --- /dev/null +++ b/tasks/eth/base-003-holocene-fp-upgrade/input.json @@ -0,0 +1,67 @@ +{ + "chainId": 1, + "metadata": { + "name": "Base Mainnet Holocene - Proof Contract Upgrades", + "description": "Upgrades the `MIPS.sol`, `FaultDisputeGame.sol`, and `PermissionedDisputeGame.sol` contracts for Holocene." + }, + "transactions": [ + { + "metadata": { + "name": "Upgrade `PERMISSIONED_CANNON` game type in `DisputeGameFactory`", + "description": "Upgrades the `PERMISSIONED_CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash." + }, + "to": "0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e", + "value": "0x0", + "data": "0x14f6b1a30000000000000000000000000000000000000000000000000000000000000001000000000000000000000000f62c15e2f99d4869a925b8f57076cd85335832a2", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "1", + "_impl": "0xF62c15e2F99d4869A925B8F57076cD85335832A2" + } + }, + { + "metadata": { + "name": "Upgrade `CANNON` game type in `DisputeGameFactory`", + "description": "Upgrades the `CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash." + }, + "to": "0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e", + "value": "0x0", + "data": "0x14f6b1a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5f3677c3c56db4031ab005a3c9c98e1b79d438e", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "0", + "_impl": "0xc5f3677c3C56DB4031ab005a3C9c98e1B79D438e" + } + } + ] +} From 34445d0ab01f8154f5cbd747f18ba2e2518198c3 Mon Sep 17 00:00:00 2001 From: soyboy <85043086+sbvegan@users.noreply.github.com> Date: Fri, 20 Dec 2024 10:22:51 -0800 Subject: [PATCH 02/10] op-contracts/v1.6.0 set game implementations (#404) * testing * updating the storage setter contract to the mainnet one * updating input bundle and commenting out a post check * adding task to ci * fixing validation and readme * addressing review comments * updating readme and validation comment * adding predeployment address links * updating readme with more details * address PR comments * uncommenting the anchor state sanity test because the chain is >7days old now * updating input bundle * check initial bonds * adding note about the proposer needing to be bonded prior to execution * updating descriptions * fixing contract name * updating nonces * using seb's snippet * updating the validation file with storage slot info * fixing nonces * fixing whitespace --------- Co-authored-by: Matt Solomon Co-authored-by: inphi --- .circleci/config.yml | 10 +- tasks/eth/ink-001-permissionless-proofs/.env | 16 ++ .../NestedSignFromJson.s.sol | 204 ++++++++++++++++++ .../ink-001-permissionless-proofs/README.md | 33 +++ .../VALIDATION.md | 113 ++++++++++ .../ink-001-permissionless-proofs/input.json | 195 +++++++++++++++++ 6 files changed, 570 insertions(+), 1 deletion(-) create mode 100644 tasks/eth/ink-001-permissionless-proofs/.env create mode 100644 tasks/eth/ink-001-permissionless-proofs/NestedSignFromJson.s.sol create mode 100644 tasks/eth/ink-001-permissionless-proofs/README.md create mode 100644 tasks/eth/ink-001-permissionless-proofs/VALIDATION.md create mode 100644 tasks/eth/ink-001-permissionless-proofs/input.json diff --git a/.circleci/config.yml b/.circleci/config.yml index 9135e5de1..2c3913d5e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -214,7 +214,7 @@ jobs: just simulate-council just prepare-json just simulate-council # simulate again to make sure the json is still valid - + simulate_eth_021: docker: - image: << pipeline.parameters.ci_builder_image >> @@ -228,6 +228,13 @@ jobs: steps: - simulate_nested: task: "eth/base-003-holocene-fp-upgrade" + + just_simulate_permissionless_fp_upgrade: + docker: + - image: << pipeline.parameters.ci_builder_image >> + steps: + - simulate_nested: + task: "/eth/ink-001-permissionless-proofs" forge_build: docker: @@ -312,3 +319,4 @@ workflows: - simulate_eth_021 - simulate_eth_022 - simulate_base_003 + - just_simulate_permissionless_fp_upgrade diff --git a/tasks/eth/ink-001-permissionless-proofs/.env b/tasks/eth/ink-001-permissionless-proofs/.env new file mode 100644 index 000000000..00e3ff173 --- /dev/null +++ b/tasks/eth/ink-001-permissionless-proofs/.env @@ -0,0 +1,16 @@ +ETH_RPC_URL="https://ethereum.publicnode.com" +COUNCIL_SAFE=0xc2819DC788505Aac350142A7A707BF9D03E3Bd03 +FOUNDATION_SAFE=0x847B5c174615B1B7fDF770882256e2D3E95b9D92 +SAFE_NONCE=7 +SAFE_NONCE_0XC2819DC788505AAC350142A7A707BF9D03E3BD03=9 +SAFE_NONCE_0X847B5C174615B1B7FDF770882256E2D3E95B9D92=12 +L1_CHAIN_NAME="mainnet" +L2_CHAIN_NAME="ink" +SYSTEM_CONFIG="0x62c0a111929fa32cec2f76adba54c16afb6e8364" +OWNER_SAFE="0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A" +PROXY_ADMIN="0xd56045e68956fce2576e680c95a4750cf8241f79" +ANCHOR_STATE_REGISTRY="0xde744491BcF6b2DD2F32146364Ea1487D75E2509" +NEW_FAULT_DISPUTE_GAME_IMPL="0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD" +NEW_PERMISSIONED_DISPUTE_GAME_IMPL="0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963" +NEW_ANCHOR_STATE_ROOT="0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a" +NEW_ANCHOR_STATE_BLOCK_NUMBER=523052 \ No newline at end of file diff --git a/tasks/eth/ink-001-permissionless-proofs/NestedSignFromJson.s.sol b/tasks/eth/ink-001-permissionless-proofs/NestedSignFromJson.s.sol new file mode 100644 index 000000000..2ba012bff --- /dev/null +++ b/tasks/eth/ink-001-permissionless-proofs/NestedSignFromJson.s.sol @@ -0,0 +1,204 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.15; + +import {NestedSignFromJson as OriginalNestedSignFromJson} from "script/NestedSignFromJson.s.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {console2 as console} from "forge-std/console2.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {stdToml} from "forge-std/StdToml.sol"; +import {Vm, VmSafe} from "forge-std/Vm.sol"; +import {GnosisSafe} from "safe-contracts/GnosisSafe.sol"; +import {LibString} from "solady/utils/LibString.sol"; +import {Types} from "@eth-optimism-bedrock/scripts/Types.sol"; +import "@eth-optimism-bedrock/src/dispute/lib/Types.sol"; +import {AnchorStateRegistry} from "@eth-optimism-bedrock/src/dispute/AnchorStateRegistry.sol"; +import {DisputeGameFactory} from "@eth-optimism-bedrock/src/dispute/DisputeGameFactory.sol"; +import {FaultDisputeGame} from "@eth-optimism-bedrock/src/dispute/FaultDisputeGame.sol"; +import {PermissionedDisputeGame} from "@eth-optimism-bedrock/src/dispute/PermissionedDisputeGame.sol"; +import {SystemConfig} from "@eth-optimism-bedrock/src/L1/SystemConfig.sol"; + +contract NestedSignFromJson is OriginalNestedSignFromJson { + using LibString for string; + + // Chains for this task. + string l1ChainName = vm.envString("L1_CHAIN_NAME"); + string l2ChainName = vm.envString("L2_CHAIN_NAME"); + + // Safe contract for this task. + GnosisSafe ownerSafe = GnosisSafe(payable(vm.envAddress("OWNER_SAFE"))); + GnosisSafe councilSafe = GnosisSafe(payable(vm.envAddress("COUNCIL_SAFE"))); + GnosisSafe foundationSafe = GnosisSafe(payable(vm.envAddress("FOUNDATION_SAFE"))); + + // The slot used to store the livenessGuard address in GnosisSafe. + // See https://github.com/safe-global/safe-smart-account/blob/186a21a74b327f17fc41217a927dea7064f74604/contracts/base/GuardManager.sol#L30 + bytes32 livenessGuardSlot = 0x4a204f620c8c5ccdca3fd54d003badd85ba500436a431f0cbda4f558c93c34c8; + + SystemConfig systemConfig = SystemConfig(vm.envAddress("SYSTEM_CONFIG")); + AnchorStateRegistry anchorStateRegistryProxy = AnchorStateRegistry(vm.envAddress("ANCHOR_STATE_REGISTRY")); + address newFaultDisputeGameImpl = vm.envAddress("NEW_FAULT_DISPUTE_GAME_IMPL"); + address newPermissionedDisputeGameImpl = vm.envAddress("NEW_PERMISSIONED_DISPUTE_GAME_IMPL"); + bytes32 newAnchorStateRoot = vm.envBytes32("NEW_ANCHOR_STATE_ROOT"); + uint256 newAnchorStateBlockNumber = vm.envUint("NEW_ANCHOR_STATE_BLOCK_NUMBER"); + + uint256 initBond = 0.08 ether; + + // DisputeGameFactoryProxy address. + DisputeGameFactory dgfProxy; + + address[] extraStorageAccessAddresses; + + function setUp() public { + require(address(anchorStateRegistryProxy.disputeGameFactory()) == address(systemConfig.disputeGameFactory()), "setup-100"); + dgfProxy = DisputeGameFactory(systemConfig.disputeGameFactory()); + extraStorageAccessAddresses.push(address(anchorStateRegistryProxy)); + _precheckAnchorStateCopy(GameType.wrap(1), GameType.wrap(0)); + _precheckDisputeGameImplementation(GameType.wrap(0), newFaultDisputeGameImpl); + _precheckDisputeGameImplementation(GameType.wrap(1), newPermissionedDisputeGameImpl); + } + + function getCodeExceptions() internal view override returns (address[] memory) { + // Safe owners will appear in storage in the LivenessGuard when added, and they are allowed + // to have code AND to have no code. + address[] memory securityCouncilSafeOwners = councilSafe.getOwners(); + + // To make sure we probably handle all signers whether or not they have code, first we count + // the number of signers that have no code. + uint256 numberOfSafeSignersWithNoCode; + for (uint256 i = 0; i < securityCouncilSafeOwners.length; i++) { + if (securityCouncilSafeOwners[i].code.length == 0) { + numberOfSafeSignersWithNoCode++; + } + } + + // Then we extract those EOA addresses into a dedicated array. + uint256 trackedSignersWithNoCode; + address[] memory safeSignersWithNoCode = new address[](numberOfSafeSignersWithNoCode); + for (uint256 i = 0; i < securityCouncilSafeOwners.length; i++) { + if (securityCouncilSafeOwners[i].code.length == 0) { + safeSignersWithNoCode[trackedSignersWithNoCode] = securityCouncilSafeOwners[i]; + trackedSignersWithNoCode++; + } + } + + // Here we add the standard (non Safe signer) exceptions. + address[] memory shouldHaveCodeExceptions = new address[](numberOfSafeSignersWithNoCode); + // And finally, we append the Safe signer exceptions. + for (uint256 i = 0; i < safeSignersWithNoCode.length; i++) { + shouldHaveCodeExceptions[i] = safeSignersWithNoCode[i]; + } + + return shouldHaveCodeExceptions; + } + + // _precheckDisputeGameImplementation checks that the new game being set has the same configuration as the existing + // implementation with the exception of the absolutePrestate. This is the most common scenario where the game + // implementation is upgraded to provide an updated fault proof program that supports an upcoming hard fork. + function _precheckDisputeGameImplementation(GameType _targetGameType, address _newImpl) internal view { + console.log("pre-check new game implementations", _targetGameType.raw()); + + FaultDisputeGame currentImpl = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_targetGameType)))); + // No checks are performed if there is no prior implementation. + // When deploying the first implementation, it is recommended to implement custom checks. + if (address(currentImpl) == address(0)) { + return; + } + FaultDisputeGame faultDisputeGame = FaultDisputeGame(_newImpl); + require(address(currentImpl.vm()) == address(faultDisputeGame.vm()), "10"); + require(address(currentImpl.weth()) == address(faultDisputeGame.weth()), "20"); + require(address(currentImpl.anchorStateRegistry()) == address(faultDisputeGame.anchorStateRegistry()), "30"); + require(currentImpl.l2ChainId() == faultDisputeGame.l2ChainId(), "40"); + require(currentImpl.splitDepth() == faultDisputeGame.splitDepth(), "50"); + require(currentImpl.maxGameDepth() == faultDisputeGame.maxGameDepth(), "60"); + require(uint64(Duration.unwrap(currentImpl.maxClockDuration())) == uint64(Duration.unwrap(faultDisputeGame.maxClockDuration())), "70"); + require(uint64(Duration.unwrap(currentImpl.clockExtension())) == uint64(Duration.unwrap(faultDisputeGame.clockExtension())), "80"); + + if (_targetGameType.raw() == GameTypes.PERMISSIONED_CANNON.raw()) { + PermissionedDisputeGame currentPDG = PermissionedDisputeGame(address(currentImpl)); + PermissionedDisputeGame permissionedDisputeGame = PermissionedDisputeGame(address(faultDisputeGame)); + require(address(currentPDG.proposer()) == address(permissionedDisputeGame.proposer()), "90"); + require(address(currentPDG.challenger()) == address(permissionedDisputeGame.challenger()), "100"); + } + } + + function _precheckAnchorStateCopy(GameType _fromType, GameType _toType) internal view { + console.log("pre-check anchor state copy", _toType.raw()); + + FaultDisputeGame fromImpl = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_fromType)))); + // Must have existing game type implementation for the source + require(address(fromImpl) != address(0), "200"); + address fromRegistry = address(fromImpl.anchorStateRegistry()); + require(fromRegistry != address(0), "210"); + + FaultDisputeGame toImpl = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_toType)))); + if (address(toImpl) != address(0)) { + // If there is an existing implementation, it must use the same anchor state registry. + address toRegistry = address(toImpl.anchorStateRegistry()); + require(toRegistry == fromRegistry, "210"); + } + } + + function getAllowedStorageAccess() internal view override returns (address[] memory allowed) { + allowed = new address[](5 + extraStorageAccessAddresses.length); + allowed[0] = address(dgfProxy); + allowed[1] = address(ownerSafe); + allowed[2] = address(councilSafe); + allowed[3] = address(foundationSafe); + address livenessGuard = address(uint160(uint256(vm.load(address(councilSafe), livenessGuardSlot)))); + allowed[4] = livenessGuard; + + for (uint256 i = 0; i < extraStorageAccessAddresses.length; i++) { + allowed[5 + i] = extraStorageAccessAddresses[i]; + } + return allowed; + } + + /// @notice Checks the correctness of the deployment + function _postCheck(Vm.AccountAccess[] memory accesses, Simulation.Payload memory) internal view override { + console.log("Running post-deploy assertions"); + + checkStateDiff(accesses); + _postcheckAnchorStateCopy(GameType.wrap(0), newAnchorStateRoot, newAnchorStateBlockNumber); + _postcheckHasAnchorState(GameType.wrap(1)); + _checkDisputeGameImplementation(GameType.wrap(0), newFaultDisputeGameImpl); + _checkDisputeGameImplementation(GameType.wrap(1), newPermissionedDisputeGameImpl); + _checkInitBonds(); + + console.log("All assertions passed!"); + } + + function _checkDisputeGameImplementation(GameType _targetGameType, address _newImpl) internal view { + console.log("check dispute game implementations", _targetGameType.raw()); + + require(_newImpl == address(dgfProxy.gameImpls(_targetGameType)), "check-100"); + } + + function _checkInitBonds() internal view { + console.log("check the initial bonds"); + + require(dgfProxy.initBonds(GameType.wrap(0)) == initBond, "check-bond-100"); + require(dgfProxy.initBonds(GameType.wrap(1)) == initBond, "check-bond-200"); + } + + function _postcheckAnchorStateCopy(GameType _gameType, bytes32 _root, uint256 _l2BlockNumber) internal view { + console.log("check anchor state value", _gameType.raw()); + + FaultDisputeGame impl = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_gameType)))); + (Hash root, uint256 rootBlockNumber) = FaultDisputeGame(address(impl)).anchorStateRegistry().anchors(_gameType); + + require(root.raw() == _root, "check-200"); + require(rootBlockNumber == _l2BlockNumber, "check-210"); + } + + // @notice Checks the anchor state for the source game type still exists after re-initialization. + // The actual anchor state may have been updated since the task was defined so just assert it exists, not that + // it has a specific value. + function _postcheckHasAnchorState(GameType _gameType) internal view { + console.log("check anchor state exists", _gameType.raw()); + + FaultDisputeGame impl = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_gameType)))); + (Hash root, uint256 rootBlockNumber) = FaultDisputeGame(address(impl)).anchorStateRegistry().anchors(_gameType); + + require(root.raw() != bytes32(0), "check-300"); + require(rootBlockNumber != 0, "check-310"); + } +} diff --git a/tasks/eth/ink-001-permissionless-proofs/README.md b/tasks/eth/ink-001-permissionless-proofs/README.md new file mode 100644 index 000000000..33b2e1dfb --- /dev/null +++ b/tasks/eth/ink-001-permissionless-proofs/README.md @@ -0,0 +1,33 @@ +# ProxyAdminOwner - Set Dispute Game Implementation + +Status: READY TO SIGN + +## Objective + +This task updates the fault dispute system for ink-mainnet: + +* Re-initialize `AnchorStateRegistry` 0xde744491BcF6b2DD2F32146364Ea1487D75E2509 with the anchor state for game types 0 set to 0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a, 523052 +* Set implementation for game type 0 to 0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD in `DisputeGameFactory` 0x10d7B35078d3baabB96Dd45a9143B94be65b12CD: `setImplementation(0, 0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD)` +* Set implementation for game type 1 to 0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963 in `DisputeGameFactory` 0x10d7B35078d3baabB96Dd45a9143B94be65b12CD: `setImplementation(1, 0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963)` +* Sets the initial bonds in the `DisputeGameFactory` for game type 0 and 1 to 0.08 ETH. **Important: the proposer will now need to be bonded for the permissioned games.** + +## Pre-deployments + +- `FaultDisputeGame` - [0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD](https://etherscan.io/address/0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD) +- `PermissionedDisputeGame` - [0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963](https://etherscan.io/address/0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963) + +## Simulation + +Please see the "Simulating and Verifying the Transaction" instructions in [NESTED.md](../../../NESTED.md). + +When simulating, ensure the logs say `Using script /your/path/to/superchain-ops/tasks/ink-001-permissionless-proofs/NestedSignFromJson.s.sol`. This ensures all safety checks are run. If the default `SignFromJson.s.sol` script is shown (without the full path), something is wrong and the safety checks will not run. + +Do NOT yet proceed to the "Execute the Transaction" section. + +## Signing and execution + +Please see the signing and execution instructions in [NESTED.md](../../../NESTED.md). + +### State Validations + +Please see the instructions for [validation](./VALIDATION.md). diff --git a/tasks/eth/ink-001-permissionless-proofs/VALIDATION.md b/tasks/eth/ink-001-permissionless-proofs/VALIDATION.md new file mode 100644 index 000000000..eb1c7e746 --- /dev/null +++ b/tasks/eth/ink-001-permissionless-proofs/VALIDATION.md @@ -0,0 +1,113 @@ +# Validation + +This document can be used to validate the state diff resulting from the execution of the upgrade transaction. + +For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff +are missing from this document. Additionally, please verify that for each contract: + +- The following state changes (and none others) are made to that contract. This validates that no unexpected state + changes occur. +- All addresses (in section headers and storage values) match the provided name, using the Etherscan and Superchain + Registry links provided. This validates the bytecode deployed at the addresses contains the correct logic. +- All key values match the semantic meaning provided, which can be validated using the storage layout links provided. + +## State Overrides + +The following state overrides should be seen: + +### `0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A` (The 2/2 `ProxyAdmin` Owner) + +Links: +- [Etherscan](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A) + +Overrides: + +- **Key:** `0x0000000000000000000000000000000000000000000000000000000000000004`
+ **Value:** `0x0000000000000000000000000000000000000000000000000000000000000001`
+ **Meaning:** Enables the simulation by setting the threshold to 1. The key can be validated by the location of the `threshold` variable in the [Safe's Storage Layout](https://github.com/safe-global/safe-smart-account/blob/v1.3.0/contracts/examples/libraries/GnosisSafeStorage.sol#L14). + +### `0xc2819DC788505Aac350142A7A707BF9D03E3Bd03` (Council Safe) or `0x847B5c174615B1B7fDF770882256e2D3E95b9D92` (Foundation Safe) + +Links: +- [Etherscan (Council Safe)](https://etherscan.io/address/0xc2819DC788505Aac350142A7A707BF9D03E3Bd03). This address is attested to in the [Optimism docs](https://docs.optimism.io/chain/security/privileged-roles#l1-proxy-admin), as it's one of the signers of the L1 Proxy Admin owner. +- [Etherscan (Foundation Safe)](https://etherscan.io/address/0x847B5c174615B1B7fDF770882256e2D3E95b9D92). This address is attested to in the [Optimism docs](https://docs.optimism.io/chain/security/privileged-roles#l1-proxy-admin), as it's one of the signers of the L1 Proxy Admin owner. + +The Safe you are signing for will have the following overrides which will set the [Multicall](https://etherscan.io/address/0xca11bde05977b3631167028862be2a173976ca11#code) contract as the sole owner of the signing safe. This allows simulating both the approve hash and the final tx in a single Tenderly tx. + +- **Key:** 0x0000000000000000000000000000000000000000000000000000000000000003
+ **Value:** 0x0000000000000000000000000000000000000000000000000000000000000001
+ **Meaning:** The number of owners is set to 1. The key can be validated by the location of the `ownerCount` variable in the [Safe's Storage Layout](https://github.com/safe-global/safe-smart-account/blob/v1.3.0/contracts/examples/libraries/GnosisSafeStorage.sol#L13). + +- **Key:** 0x0000000000000000000000000000000000000000000000000000000000000004
+ **Value:** 0x0000000000000000000000000000000000000000000000000000000000000001
+ **Meaning:** The threshold is set to 1. The key can be validated by the location of the `threshold` variable in the [Safe's Storage Layout](https://github.com/safe-global/safe-smart-account/blob/v1.3.0/contracts/examples/libraries/GnosisSafeStorage.sol#L14). + +The following two overrides are modifications to the [`owners` mapping](https://github.com/safe-global/safe-contracts/blob/v1.3.0/contracts/examples/libraries/GnosisSafeStorage.sol#L12). For the purpose of calculating the storage, note that this mapping is in slot `2`. +This mapping implements a linked list for iterating through the list of owners. Since we'll only have one owner (Multicall), and the `0x01` address is used as the first and last entry in the linked list, we will see the following overrides: +- `owners[1] -> 0xca11bde05977b3631167028862be2a173976ca11` +- `owners[0xca11bde05977b3631167028862be2a173976ca11] -> 1` + +And we do indeed see these entries: + +- **Key:** 0x316a0aac0d94f5824f0b66f5bbe94a8c360a17699a1d3a233aafcf7146e9f11c
+ **Value:** 0x0000000000000000000000000000000000000000000000000000000000000001
+ **Meaning:** This is `owners[0xca11bde05977b3631167028862be2a173976ca11] -> 1`, so the key can be + derived from `cast index address 0xca11bde05977b3631167028862be2a173976ca11 2`. + +- **Key:** 0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0
+ **Value:** 0x000000000000000000000000ca11bde05977b3631167028862be2a173976ca11
+ **Meaning:** This is `owners[1] -> 0xca11bde05977b3631167028862be2a173976ca11`, so the key can be + derived from `cast index address 0x0000000000000000000000000000000000000001 2`. + +## State Changes + +Note: The changes listed below do not include safe nonce updates or liveness guard related changes. + +### `0x10d7B35078d3baabB96Dd45a9143B94be65b12CD` (`DisputeGameFactoryProxy`) + +- **Key**: `0x4d5a9bd2e41301728d41c8e705190becb4e74abe869f75bdb405b63716a35f9e`
+ **Before**: `0x000000000000000000000000a8e6a9bf1ba2df76c6787eaebe2273ae98498059`
+ **After**: `0x0000000000000000000000000A780bE3eB21117b1bBCD74cf5D7624A3a482963`
+ **Meaning**: Updates the implementation for game type 1. Verify that the slot is correct using `cast index uint 1 101` where 1 is the game type and 101 is the [storage slot](https://github.com/ethereum-optimism/optimism/blob/33f06d2d5e4034125df02264a5ffe84571bd0359/packages/contracts-bedrock/snapshots/storageLayout/DisputeGameFactory.json#L41) of the `gameImpls` mapping. + +- **Key**: `0x6f48904484b35701cf1f41ad9068b394adf7e2f8a59d2309a04d10a155eaa72b`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **After**: `0x000000000000000000000000000000000000000000000000011c37937e080000`
+ **Meanning**: Updates the `FaultDisputeGame` initial bond amount to 0.08 ETH. Verify that the slot is correct using `cast index uint 0 102`. Where `0` is the game type and 102 is the [storage slot](https://github.com/ethereum-optimism/optimism/blob/33f06d2d5e4034125df02264a5ffe84571bd0359/packages/contracts-bedrock/snapshots/storageLayout/DisputeGameFactory.json#L48). + +- **Key**: `0xe34b8b74e1cdcaa1b90aa77af7dd89e496ad9a4ae4a4d4759712101c7da2dce6`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **After**: `0x000000000000000000000000000000000000000000000000011c37937e080000`
+ **Meanning**: Updates the `PermissionedDisputeGame` initial bond amount to 0.08 ETH. Verify that the slot is correct using `cast index uint 1 102`. Where `1` is the game type and 102 is the [storage slot](https://github.com/ethereum-optimism/optimism/blob/33f06d2d5e4034125df02264a5ffe84571bd0359/packages/contracts-bedrock/snapshots/storageLayout/DisputeGameFactory.json#L48). + +- **Key**: `0xffdfc1249c027f9191656349feb0761381bb32c9f557e01f419fd08754bf5a1b`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **After**: `0x0000000000000000000000006A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD`
+ **Meaning**: Updates the implementation for game type 0. Verify that the slot is correct using `cast index uint 0 101` where 0 is the game type and 101 is the [storage slot](https://github.com/ethereum-optimism/optimism/blob/33f06d2d5e4034125df02264a5ffe84571bd0359/packages/contracts-bedrock/snapshots/storageLayout/DisputeGameFactory.json#L41) of the `gameImpls` mapping. + +### `0xde744491BcF6b2DD2F32146364Ea1487D75E2509` (`AnchorStateRegistryProxy`) + +- **Key**: `0xa6eef7e35abe7026729641147f7915573c7e97b47efa546f5f6e3230263bcb49`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000` (Note this may have changed if games of this type resolved)
+ **After**: `0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a`
+ **Meaning**: Set the anchor state output root for game type 0 to 0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a. This is the slot for the `anchors` mapping, which can be computed as `cast index uint 0 1`, where 0 is the game type and 1 is the slot of the `anchors` mapping. If you have access to the Ink Mainnet's op-node RPC endpoint and want to verify the new root, you can use the following command to verify: + ``` + cast rpc --rpc-url $OP_NODE_RPC "optimism_outputAtBlock" $(cast th 523052) + ``` + +- **Key**: `0xa6eef7e35abe7026729641147f7915573c7e97b47efa546f5f6e3230263bcb4a`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000` (Note this may have changed if games of this type resolved)
+ **After**: `0x000000000000000000000000000000000000000000000000000000000007fb2c`
+ **Meaning**: Set the anchor state L2 block number for game type 0 to 523052. The slot number can be calculated using the same approach as above, and incremented by 1, based on the contract storage layout + +### Safe Contract State Changes + +The only other state changes should be restricted to one of the following addresses: + +- L1 2/2 ProxyAdmin Owner Safe: `0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A` + - The nonce (slot 0x5) should be increased from 7 to 8. + - Another key is set from 0 to 1 reflecting an entry in the `approvedHashes` mapping. +- Security Council L1 Safe: `0xc2819DC788505Aac350142A7A707BF9D03E3Bd03` + - The nonce (slot 0x5) should be increased from 9 to 10. This only occurs for Council signers. +- Foundation Safe: `0x847B5c174615B1B7fDF770882256e2D3E95b9D92` + - The nonce (slot 0x5) should be increased from 12 to 13. This only occurs for Foundation signers. diff --git a/tasks/eth/ink-001-permissionless-proofs/input.json b/tasks/eth/ink-001-permissionless-proofs/input.json new file mode 100644 index 000000000..2885f7f41 --- /dev/null +++ b/tasks/eth/ink-001-permissionless-proofs/input.json @@ -0,0 +1,195 @@ +{ + "metadata": { + "name": "ProxyAdminOwner - Set Dispute Game Implementation", + "description": "Re-initialize with anchor states for game types 0 set to 0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a, 523052 Sets the implementation for game type 0 to 0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD in the `DisputeGameFactory`. Sets the implementation for game type 1 to 0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963 in the `DisputeGameFactory`. " + }, + "transactions": [ + { + "metadata": { + "name": "Upgrade AnchorStateRegistry to StorageSetter and clear legacy initialized slot", + "description": "By clearing the initialized slot, we can call initialize again to set an anchor state for the new game type" + }, + "to": "0xd56045e68956fce2576e680c95a4750cf8241f79", + "value": "0x0", + "data": "0x9623609d000000000000000000000000de744491bcf6b2dd2f32146364ea1487d75e2509000000000000000000000000d81f43edbcacb4c29a9ba38a13ee5d79278270cc000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000444e91db080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "contractMethod": { + "type": "function", + "name": "upgradeAndCall", + "inputs": [ + { + "name": "_proxy", + "type": "address" + }, + { + "name": "_implementation", + "type": "address" + }, + { + "name": "_data", + "type": "bytes" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_proxy": "0xde744491BcF6b2DD2F32146364Ea1487D75E2509", + "_implementation": "0xd81f43eDBCAcb4c29a9bA38a13Ee5d79278270cC", + "_data": "0x4e91db0800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } + }, + { + "metadata": { + "name": "Re-initialize the AnchorStateRegistryProxy", + "description": "Re-initialize with anchor states for game types 0 set to 0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a, 523052" + }, + "to": "0xd56045e68956fce2576e680c95a4750cf8241f79", + "value": "0x0", + "data": "0x9623609d000000000000000000000000de744491bcf6b2dd2f32146364ea1487d75e25090000000000000000000000007a78aa7d5dec2f8b368ca13f00df2fa4e5de3c3f000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000c45e05fbd0000000000000000000000000000000000000000000000000000000000000004000000000000000000000000095703e0982140d16f8eba6d158fccede42f04a4c000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000005220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a000000000000000000000000000000000000000000000000000000000007fb2c00000000000000000000000000000000000000000000000000000000", + "contractMethod": { + "type": "function", + "name": "upgradeAndCall", + "inputs": [ + { + "internalType": "address", + "name": "_proxy", + "type": "address" + }, + { + "internalType": "address", + "name": "_implementation", + "type": "address" + }, + { + "internalType": "bytes", + "name": "_data", + "type": "bytes" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_proxy": "0xde744491BcF6b2DD2F32146364Ea1487D75E2509", + "_implementation": "0x7A78aa7D5dec2F8B368ca13f00Df2fA4E5De3C3F", + "_data": "0x5e05fbd0000000000000000000000000000000000000000000000000000000000000004000000000000000000000000095703e0982140d16f8eba6d158fccede42f04a4c000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000005220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a000000000000000000000000000000000000000000000000000000000007fb2c" + } + }, + { + "metadata": { + "name": "Set implementation for game type", + "description": "Sets the implementation for game type 0 to 0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD in the `DisputeGameFactory`." + }, + "to": "0x10d7B35078d3baabB96Dd45a9143B94be65b12CD", + "value": "0x0", + "data": "0x14f6b1a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a8efcba5642eb15d743cbb29545bdc44d5ad8cd", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "0", + "_impl": "0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD" + } + }, + { + "metadata": { + "name": "Set implementation for game type", + "description": "Sets the implementation for game type 1 to 0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963 in the `DisputeGameFactory`." + }, + "to": "0x10d7B35078d3baabB96Dd45a9143B94be65b12CD", + "value": "0x0", + "data": "0x14f6b1a300000000000000000000000000000000000000000000000000000000000000010000000000000000000000000a780be3eb21117b1bbcd74cf5d7624a3a482963", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "1", + "_impl": "0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963" + } + }, + { + "metadata": { + "name": "Sets the bond value for permissioned game type", + "description": "This sets the initial bond to 0.08 ETH to deploy a PermissionedDisputeGame." + }, + "to": "0x10d7B35078d3baabB96Dd45a9143B94be65b12CD", + "value": "0x0", + "data": "0x1e3342400000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000011c37937e080000", + "contractMethod": { + "type": "function", + "name": "setInitBond", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_initBond", + "type": "uint256" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "1", + "_initBond": "80000000000000000" + } + }, + { + "metadata": { + "name": "Sets the bond value for permissionless", + "description": "This sets the initial bond to 0.08 ETH to deploy a FaultDisputeGame." + }, + "to": "0x10d7B35078d3baabB96Dd45a9143B94be65b12CD", + "value": "0x0", + "data": "0x1e3342400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011c37937e080000", + "contractMethod": { + "type": "function", + "name": "setInitBond", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_initBond", + "type": "uint256" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "0", + "_initBond": "80000000000000000" + } + } + ] +} From 6b75741fdb59f0b24a239c9e2d183e00db81af44 Mon Sep 17 00:00:00 2001 From: Brawn Date: Mon, 30 Dec 2024 19:41:59 +0300 Subject: [PATCH 03/10] docs: typo fix Update key-handover.md (#434) --- runbooks/key-handover.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runbooks/key-handover.md b/runbooks/key-handover.md index 281fade0a..035d74608 100644 --- a/runbooks/key-handover.md +++ b/runbooks/key-handover.md @@ -4,7 +4,7 @@ This document describes how to generate upgrade playbooks to upgrade chains to t ## Context -One of the requirement for getting to Stage, 1 as defined by [L2Beat](https://medium.com/l2beat/introducing-stages-a-framework-to-evaluate-rollups-maturity-d290bb22befe) is having a Security Council in place. The Security Council acts as a safeguard in the system, ready to step in in the event of bugs or issues with the proof system. It must function through a multisig setup consisting of at least 8 participants and require a 50% consensus threshold. Furthermore, at least half of the participants must be external to the organization running the rollup, with a minimum of two outsiders required for consensus. +One of the requirements for getting to Stage, 1 as defined by [L2Beat](https://medium.com/l2beat/introducing-stages-a-framework-to-evaluate-rollups-maturity-d290bb22befe) is having a Security Council in place. The Security Council acts as a safeguard in the system, ready to step in in the event of bugs or issues with the proof system. It must function through a multisig setup consisting of at least 8 participants and require a 50% consensus threshold. Furthermore, at least half of the participants must be external to the organization running the rollup, with a minimum of two outsiders required for consensus. This setup ensures a diversity of viewpoints and minimizes the risk of any single party exerting undue influence. For the sake of transparency and accountability, the identities (or the pseudonyms) of the council participants should also be publicly disclosed. From 8757997aad404a7cc8ac9a18c7ee06a8d64165ed Mon Sep 17 00:00:00 2001 From: Sebastian Stammler Date: Tue, 7 Jan 2025 21:07:00 +0100 Subject: [PATCH 04/10] Bump base-contracts lib to 4945865 (#450) Contains fix https://github.com/base-org/contracts/pull/110 --- lib/base-contracts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/base-contracts b/lib/base-contracts index ed36aac52..494586571 160000 --- a/lib/base-contracts +++ b/lib/base-contracts @@ -1 +1 @@ -Subproject commit ed36aac52a19bdad6dee09c59e7241fe3a194160 +Subproject commit 494586571e1a4d845ee6f381b65229d63c630986 From 13718c5b6c898c73177b9d0e55b389cd645d0c9d Mon Sep 17 00:00:00 2001 From: Michael de Hoog Date: Tue, 7 Jan 2025 13:52:21 -1000 Subject: [PATCH 05/10] Bump to latest eip712sign version (#453) --- justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/justfile b/justfile index c58f0222c..27aa765a4 100644 --- a/justfile +++ b/justfile @@ -12,7 +12,7 @@ install-eip712sign: PATH="$REPO_ROOT/bin:$PATH" cd $REPO_ROOT mkdir -p bin || true - GOBIN="$REPO_ROOT/bin" go install github.com/base-org/eip712sign@v0.0.8 + GOBIN="$REPO_ROOT/bin" go install github.com/base-org/eip712sign@v0.0.10 # Bundle path should be provided including the .json file extension. add-transaction bundlePath to sig *params: From 0d702f9e6715143620ecec55f1645bf45b1adccf Mon Sep 17 00:00:00 2001 From: Sebastian Stammler Date: Wed, 8 Jan 2025 16:28:12 +0100 Subject: [PATCH 06/10] Add additional pre-checks to the `DisputeGameUpgade` (#442) * Add additional checks to the DisputeGameUpgrade module * expect DelayedWETH change in eth/022 * use raw() * remove SIMULATE_WITHOUT_LEDGER from eth/022 .env --- script/verification/DisputeGameUpgrade.s.sol | 59 +++++++++++++++++++- tasks/eth/022-holocene-fp-upgrade/.env | 3 +- 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/script/verification/DisputeGameUpgrade.s.sol b/script/verification/DisputeGameUpgrade.s.sol index dffd4f4a7..371151bc8 100644 --- a/script/verification/DisputeGameUpgrade.s.sol +++ b/script/verification/DisputeGameUpgrade.s.sol @@ -18,26 +18,34 @@ interface IASR { function superchainConfig() external view returns (address superchainConfig_); } +interface IMIPS is ISemver { + function oracle() external view returns (address oracle_); +} + abstract contract DisputeGameUpgrade is VerificationBase, SuperchainRegistry { using LibString for string; bytes32 immutable expAbsolutePrestate; address immutable expFaultDisputeGame; address immutable expPermissionedDisputeGame; + DisputeGameFactory immutable dgfProxy; constructor(bytes32 _absolutePrestate, address _faultDisputeGame, address _permissionedDisputeGame) { expAbsolutePrestate = _absolutePrestate; expFaultDisputeGame = _faultDisputeGame; expPermissionedDisputeGame = _permissionedDisputeGame; + dgfProxy = DisputeGameFactory(proxies.DisputeGameFactory); + addAllowedStorageAccess(proxies.DisputeGameFactory); + + precheckDisputeGames(); } /// @notice Public function that must be called by the verification script. function checkDisputeGameUpgrade() public view { console.log("check dispute game implementations"); - DisputeGameFactory dgfProxy = DisputeGameFactory(proxies.DisputeGameFactory); FaultDisputeGame faultDisputeGame = FaultDisputeGame(address(dgfProxy.gameImpls(GameTypes.CANNON))); PermissionedDisputeGame permissionedDisputeGame = PermissionedDisputeGame(address(dgfProxy.gameImpls(GameTypes.PERMISSIONED_CANNON))); @@ -86,4 +94,53 @@ abstract contract DisputeGameUpgrade is VerificationBase, SuperchainRegistry { require(address(faultDisputeGame.weth()) != address(permissionedDisputeGame.weth()), "weth-200"); } + + function precheckDisputeGames() internal view { + _precheckDisputeGameImplementation(GameType.wrap(0), expFaultDisputeGame); + _precheckDisputeGameImplementation(GameType.wrap(1), expPermissionedDisputeGame); + } + + // _precheckDisputeGameImplementation checks that the new game being set has the same + // configuration as the existing implementation. + function _precheckDisputeGameImplementation(GameType _targetGameType, address _newImpl) internal view { + console.log("pre-check new game implementation", _targetGameType.raw()); + + FaultDisputeGame currentGame = FaultDisputeGame(address(dgfProxy.gameImpls(GameType(_targetGameType)))); + FaultDisputeGame newGame = FaultDisputeGame(_newImpl); + + if (vm.envOr("DISPUTE_GAME_CHANGE_WETH", false)) { + console.log("Expecting DelayedWETH to change"); + require(address(currentGame.weth()) != address(newGame.weth()), "pre-10"); + } else { + console.log("Expecting DelayedWETH to stay the same"); + require(address(currentGame.weth()) == address(newGame.weth()), "pre-10"); + } + + require(_targetGameType.raw() == newGame.gameType().raw(), "pre-20"); + require(address(currentGame.anchorStateRegistry()) == address(newGame.anchorStateRegistry()), "pre-30"); + require(currentGame.l2ChainId() == newGame.l2ChainId(), "pre-40"); + require(currentGame.splitDepth() == newGame.splitDepth(), "pre-50"); + require(currentGame.maxGameDepth() == newGame.maxGameDepth(), "pre-60"); + require(currentGame.maxClockDuration().raw() == newGame.maxClockDuration().raw(), "pre-70"); + require(currentGame.clockExtension().raw() == newGame.clockExtension().raw(), "pre-80"); + + if (_targetGameType.raw() == GameTypes.PERMISSIONED_CANNON.raw()) { + PermissionedDisputeGame currentPDG = PermissionedDisputeGame(address(currentGame)); + PermissionedDisputeGame newPDG = PermissionedDisputeGame(address(newGame)); + require(address(currentPDG.proposer()) == address(newPDG.proposer()), "pre-90"); + require(address(currentPDG.challenger()) == address(newPDG.challenger()), "pre-100"); + } + + _precheckVm(newGame, currentGame); + } + + // _precheckVm checks that the new VM has the same oracle as the old VM. + function _precheckVm(FaultDisputeGame _newGame, FaultDisputeGame _currentGame) internal view { + console.log("pre-check VM implementation", _newGame.gameType().raw()); + + IMIPS newVm = IMIPS(address(_newGame.vm())); + IMIPS currentVm = IMIPS(address(_currentGame.vm())); + + require(newVm.oracle() == currentVm.oracle(), "vm-10"); + } } diff --git a/tasks/eth/022-holocene-fp-upgrade/.env b/tasks/eth/022-holocene-fp-upgrade/.env index 71d189ccf..9036f46ef 100644 --- a/tasks/eth/022-holocene-fp-upgrade/.env +++ b/tasks/eth/022-holocene-fp-upgrade/.env @@ -7,4 +7,5 @@ SAFE_NONCE=6 # noop SAFE_NONCE_0XC2819DC788505AAC350142A7A707BF9D03E3BD03=8 # noop SAFE_NONCE_0X847B5C174615B1B7FDF770882256E2D3E95B9D92=11 # +1, task 021 -SIMULATE_WITHOUT_LEDGER=0 # 1 +# we change the WETH in this task, which is non-standard +DISPUTE_GAME_CHANGE_WETH=true From f7d6807f179e73b84c17d0820f050d71310ec633 Mon Sep 17 00:00:00 2001 From: Ethnical Date: Wed, 8 Jan 2025 19:59:07 +0100 Subject: [PATCH 07/10] Fix the correct nonces for the task 001. (#455) * chore: add the correct address * chore: update CI with the new tasks --- .circleci/config.yml | 27 +------------------- tasks/eth/ink-001-permissionless-proofs/.env | 4 +-- 2 files changed, 3 insertions(+), 28 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2c3913d5e..c77fdba90 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -59,7 +59,6 @@ commands: --justfile ../../../nested.just \ simulate council - jobs: check_sepolia_rpc_endpoints: circleci_ip_ranges: true @@ -215,27 +214,13 @@ jobs: just prepare-json just simulate-council # simulate again to make sure the json is still valid - simulate_eth_021: - docker: - - image: << pipeline.parameters.ci_builder_image >> - steps: - - simulate: - task: "eth/021-holocene-protocol-versions" - - simulate_base_003: - docker: - - image: << pipeline.parameters.ci_builder_image >> - steps: - - simulate_nested: - task: "eth/base-003-holocene-fp-upgrade" - just_simulate_permissionless_fp_upgrade: docker: - image: << pipeline.parameters.ci_builder_image >> steps: - simulate_nested: task: "/eth/ink-001-permissionless-proofs" - + forge_build: docker: - image: <> @@ -282,13 +267,6 @@ jobs: yq --version forge --version - simulate_eth_022: - docker: - - image: << pipeline.parameters.ci_builder_image >> - steps: - - simulate_nested: - task: "eth/022-holocene-fp-upgrade" - workflows: main: jobs: @@ -316,7 +294,4 @@ workflows: - just_simulate_sc_rehearsal_1 - just_simulate_sc_rehearsal_2 - just_simulate_sc_rehearsal_4 - - simulate_eth_021 - - simulate_eth_022 - - simulate_base_003 - just_simulate_permissionless_fp_upgrade diff --git a/tasks/eth/ink-001-permissionless-proofs/.env b/tasks/eth/ink-001-permissionless-proofs/.env index 00e3ff173..16ba0a21c 100644 --- a/tasks/eth/ink-001-permissionless-proofs/.env +++ b/tasks/eth/ink-001-permissionless-proofs/.env @@ -1,7 +1,7 @@ ETH_RPC_URL="https://ethereum.publicnode.com" COUNCIL_SAFE=0xc2819DC788505Aac350142A7A707BF9D03E3Bd03 FOUNDATION_SAFE=0x847B5c174615B1B7fDF770882256e2D3E95b9D92 -SAFE_NONCE=7 +SAFE_NONCE_0X5A0AAE59D09FCCBDDB6C6CCEB07B7279367C3D2A=7 SAFE_NONCE_0XC2819DC788505AAC350142A7A707BF9D03E3BD03=9 SAFE_NONCE_0X847B5C174615B1B7FDF770882256E2D3E95B9D92=12 L1_CHAIN_NAME="mainnet" @@ -13,4 +13,4 @@ ANCHOR_STATE_REGISTRY="0xde744491BcF6b2DD2F32146364Ea1487D75E2509" NEW_FAULT_DISPUTE_GAME_IMPL="0x6A8eFcba5642EB15D743CBB29545BdC44D5Ad8cD" NEW_PERMISSIONED_DISPUTE_GAME_IMPL="0x0A780bE3eB21117b1bBCD74cf5D7624A3a482963" NEW_ANCHOR_STATE_ROOT="0x5220f9c5ebf08e84847d542576a67a3077b6fa496235d93c557d5bd5286b431a" -NEW_ANCHOR_STATE_BLOCK_NUMBER=523052 \ No newline at end of file +NEW_ANCHOR_STATE_BLOCK_NUMBER=523052 From a49543ca208b8e39c1edea217612b2900c6b5ba4 Mon Sep 17 00:00:00 2001 From: Sebastian Stammler Date: Thu, 9 Jan 2025 20:47:52 +0100 Subject: [PATCH 08/10] sep/026: Add task to fix sepolia fp upgrade (#421) * add MIPS overrides to SuperchainRegistry module * sep/026: Add task to fix sepolia fp upgrade * switch to new FDG and PDG that use MIPS64 * expect DelayedWETH change in sep/026 * fix Before values, pin nonces --- .circleci/config.yml | 10 +++ script/verification/Verification.s.sol | 13 ++++ tasks/sep/026-fp-holocene-upgrade-fix/.env | 14 ++++ .../NestedSignFromJson.s.sol | 57 ++++++++++++++++ .../026-fp-holocene-upgrade-fix/OVERVIEW.md | 37 ++++++++++ .../sep/026-fp-holocene-upgrade-fix/README.md | 41 ++++++++++++ .../026-fp-holocene-upgrade-fix/VALIDATION.md | 49 ++++++++++++++ .../026-fp-holocene-upgrade-fix/input.json | 67 +++++++++++++++++++ 8 files changed, 288 insertions(+) create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/.env create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/NestedSignFromJson.s.sol create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/OVERVIEW.md create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/README.md create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/VALIDATION.md create mode 100644 tasks/sep/026-fp-holocene-upgrade-fix/input.json diff --git a/.circleci/config.yml b/.circleci/config.yml index c77fdba90..306ac5611 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -267,6 +267,13 @@ jobs: yq --version forge --version + simulate_sep_026: + docker: + - image: << pipeline.parameters.ci_builder_image >> + steps: + - simulate_nested: + task: "sep/026-fp-holocene-upgrade-fix" + workflows: main: jobs: @@ -295,3 +302,6 @@ workflows: - just_simulate_sc_rehearsal_2 - just_simulate_sc_rehearsal_4 - just_simulate_permissionless_fp_upgrade + + # sepolia + - simulate_sep_026 diff --git a/script/verification/Verification.s.sol b/script/verification/Verification.s.sol index 6a00f1bae..907efb0b1 100644 --- a/script/verification/Verification.s.sol +++ b/script/verification/Verification.s.sol @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.15; +import {console2 as console} from "forge-std/console2.sol"; import {LibString} from "solady/utils/LibString.sol"; import {Types} from "@eth-optimism-bedrock/scripts/Types.sol"; import {CommonBase} from "forge-std/Base.sol"; @@ -75,6 +76,7 @@ contract SuperchainRegistry is CommonBase { opContractsReleaseQ = string.concat("\"op-contracts/", _opContractsRelease, "\""); _readSuperchainConfig(); _readStandardVersions(); + _applyOverrides(); } /// @notice Reads the contract addresses from the superchain registry. @@ -162,4 +164,15 @@ contract SuperchainRegistry is CommonBase { { sv_.version = stdToml.readString(data, string.concat("$.RELEASE.", key, ".version")); } + + function _applyOverrides() internal { + try vm.envAddress("SCR_OVERRIDE_MIPS_ADDRESS") returns (address mips) { + console.log("SuperchainRegistry: overriding MIPS address to %s", mips); + standardVersions.MIPS.Address = mips; + } catch { /* Ignore, no override */ } + try vm.envString("SCR_OVERRIDE_MIPS_VERSION") returns (string memory ver) { + console.log("SuperchainRegistry: overriding MIPS version to %s", ver); + standardVersions.MIPS.version = ver; + } catch { /* Ignore, no override */ } + } } diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/.env b/tasks/sep/026-fp-holocene-upgrade-fix/.env new file mode 100644 index 000000000..af3abe0e7 --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/.env @@ -0,0 +1,14 @@ +ETH_RPC_URL="https://ethereum-sepolia.publicnode.com" +OWNER_SAFE=0x1Eb2fFc903729a0F03966B917003800b145F56E2 +COUNCIL_SAFE=0xf64bc17485f0B4Ea5F06A96514182FC4cB561977 +FOUNDATION_SAFE=0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B + +SAFE_NONCE_0X1EB2FFC903729A0F03966B917003800B145F56E2=15 # noop +SAFE_NONCE_0XF64BC17485F0B4EA5F06A96514182FC4CB561977=21 # noop +SAFE_NONCE_0XDEE57160AAFCF04C34C887B5962D0A69676D3C8B=29 # noop + +# override since we use MIPS64, which is not in the SCR yet +SCR_OVERRIDE_MIPS_ADDRESS=0xa1e470b6bd25e8eea9ffcda6a1518be5eb8ee7bb +SCR_OVERRIDE_MIPS_VERSION=1.0.0-beta.7 +# we change the WETH in this task, which is non-standard +DISPUTE_GAME_CHANGE_WETH=true diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/NestedSignFromJson.s.sol b/tasks/sep/026-fp-holocene-upgrade-fix/NestedSignFromJson.s.sol new file mode 100644 index 000000000..bd142d092 --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/NestedSignFromJson.s.sol @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.15; + +import {console2 as console} from "forge-std/console2.sol"; +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {NestedSignFromJson as OriginalNestedSignFromJson} from "script/NestedSignFromJson.s.sol"; +import {DisputeGameUpgrade} from "script/verification/DisputeGameUpgrade.s.sol"; +import {CouncilFoundationNestedSign} from "script/verification/CouncilFoundationNestedSign.s.sol"; +import {SuperchainRegistry} from "script/verification/Verification.s.sol"; + +contract NestedSignFromJson is OriginalNestedSignFromJson, CouncilFoundationNestedSign, DisputeGameUpgrade { + constructor() + SuperchainRegistry("sepolia", "op", "v1.8.0-rc.4") + DisputeGameUpgrade( + 0x03b7eaa4e3cbce90381921a4b48008f4769871d64f93d113fcadca08ecee503b, // absolutePrestate + 0x833a817eF459f4eCdB83Fc5A4Bf04d09A4e83f3F, // faultDisputeGame + 0xbBD576128f71186A0f9ae2F2AAb4afb4aF2dae17 // permissionedDisputeGame + ) + {} + + function setUp() public view { + checkInput(); + } + + function checkInput() public view { + string memory inputJson; + string memory path = "/tasks/sep/026-fp-holocene-upgrade-fix/input.json"; + try vm.readFile(string.concat(vm.projectRoot(), path)) returns (string memory data) { + inputJson = data; + } catch { + revert(string.concat("Failed to read ", path)); + } + + address inputPermissionedDisputeGame = + stdJson.readAddress(inputJson, "$.transactions[0].contractInputsValues._impl"); + address inputFaultDisputeGame = stdJson.readAddress(inputJson, "$.transactions[1].contractInputsValues._impl"); + require(expPermissionedDisputeGame == inputPermissionedDisputeGame, "input-pdg"); + require(expFaultDisputeGame == inputFaultDisputeGame, "input-fdg"); + } + + function _postCheck(Vm.AccountAccess[] memory accesses, Simulation.Payload memory) internal view override { + console.log("Running post-deploy assertions"); + checkStateDiff(accesses); + checkDisputeGameUpgrade(); + console.log("All assertions passed!"); + } + + function getAllowedStorageAccess() internal view override returns (address[] memory) { + return allowedStorageAccess; + } + + function getCodeExceptions() internal view override returns (address[] memory) { + return codeExceptions; + } +} diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/OVERVIEW.md b/tasks/sep/026-fp-holocene-upgrade-fix/OVERVIEW.md new file mode 100644 index 000000000..ea1d6fe90 --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/OVERVIEW.md @@ -0,0 +1,37 @@ +# Holocene Hardfork - Proof Contract Upgrades +Upgrades the `MIPS.sol`, `FaultDisputeGame.sol`, and `PermissionedDisputeGame.sol` contracts for Holocene. + +The batch will be executed on chain ID `11155111`, and contains `2` transactions. + +## Tx #1: Upgrade `PERMISSIONED_CANNON` game type in `DisputeGameFactory` +Upgrades the `PERMISSIONED_CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash. + +**Function Signature:** `setImplementation(uint32,address)` + +**To:** `0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1` + +**Value:** `0 WEI` + +**Raw Input Data:** `0x14f6b1a30000000000000000000000000000000000000000000000000000000000000001000000000000000000000000bbd576128f71186a0f9ae2f2aab4afb4af2dae17` + +### Inputs +**_gameType:** `1` + +**_impl:** `0xbBD576128f71186A0f9ae2F2AAb4afb4aF2dae17` + + +## Tx #2: Upgrade `CANNON` game type in `DisputeGameFactory` +Upgrades the `CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash. + +**Function Signature:** `setImplementation(uint32,address)` + +**To:** `0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1` + +**Value:** `0 WEI` + +**Raw Input Data:** `0x14f6b1a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000833a817ef459f4ecdb83fc5a4bf04d09a4e83f3f` + +### Inputs +**_gameType:** `0` + +**_impl:** `0x833a817eF459f4eCdB83Fc5A4Bf04d09A4e83f3F` diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/README.md b/tasks/sep/026-fp-holocene-upgrade-fix/README.md new file mode 100644 index 000000000..514fa16e8 --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/README.md @@ -0,0 +1,41 @@ +# Holocene Hardfork Upgrade + +Status: READY TO SIGN + +## Objective + +Upgrades the Fault Proof contracts of **OP Sepolia** for Holocene, fixing an upgrade with wrongly +newly deployed `DelayedWETH` from #374, and then subsequent faulty upgrade to MIPS64-MT in #410, +which again used the wrong `DelayedWETH`. + +Using a MIPS64 absolute prestate hash of `0x03b7eaa4e3cbce90381921a4b48008f4769871d64f93d113fcadca08ecee503b`. + +Governance post of the upgrade can be found at https://gov.optimism.io/t/upgrade-proposal-11-holocene-network-upgrade/9313. + +This upgrades the Fault Proof contracts in the +[op-contracts/v1.8.0-rc.4](https://github.com/ethereum-optimism/optimism/tree/op-contracts/v1.8.0-rc.4) release. + +## Pre-deployments + +- `MIPS64` - `0xa1e470b6bd25e8eea9ffcda6a1518be5eb8ee7bb` +- `FaultDisputeGame` - `0x833a817eF459f4eCdB83Fc5A4Bf04d09A4e83f3F` +- `PermissionedDisputeGame` - `0xbBD576128f71186A0f9ae2F2AAb4afb4aF2dae17` + +## Simulation + +Please see the "Simulating and Verifying the Transaction" instructions in [NESTED.md](../../../NESTED.md). +When simulating, ensure the logs say `Using script /your/path/to/superchain-ops/tasks/sep/025-fp-holocene-upgrade-fix/NestedSignFromJson.s.sol`. +This ensures all safety checks are run. If the default `NestedSignFromJson.s.sol` script is shown (without the full path), something is wrong and the safety checks will not run. + +## State Validation + +Please see the instructions for [validation](./VALIDATION.md). + +## Execution + +This upgrade +* Changes dispute game implementation of the `CANNON` and `PERMISSIONED_CANNON` game types to contain a `op-program` release for the Holocene hardfork, which contains + the Holocene fork implementation as well as a `ChainConfig` and `RollupConfig` for the L2 chain being upgraded. +* Upgrades `MIPS.sol` to support the `F_GETFD` syscall, required by the golang 1.22+ runtime. + +See the [overview](./OVERVIEW.md) and `input.json` bundle for more details. diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/VALIDATION.md b/tasks/sep/026-fp-holocene-upgrade-fix/VALIDATION.md new file mode 100644 index 000000000..fa7b9892d --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/VALIDATION.md @@ -0,0 +1,49 @@ +# Validation + +This document can be used to validate the state overrides and diffs resulting from the execution of the FP upgrade transaction. + +For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff are missing from this document. Additionally, please verify that for each contract: + +- The following state changes (and none others) are made to that contract. This validates that no unexpected state changes occur. +- All addresses (in section headers and storage values) match the provided name, using the Etherscan and Superchain Registry links provided. This validates the bytecode deployed at the addresses contains the correct logic. +- All key values match the semantic meaning provided, which can be validated using the storage layout links provided. + +## Nested Safe State Overrides and Changes + +This task is executed by the nested 2/2 `ProxyAdminOwner` Safe. Refer to the +[generic nested Safe execution validation document](../../../NESTED-VALIDATION.md) +for the expected state overrides and changes. + +The `approvedHashes` mapping **key** of the `ProxyAdminOwner` that should change during the simulation is +- Council simulation: `0x27f38a0f9fb806fdf71a205880cdcbd83a0bfb9ae1769b6a4aa6545c53fa4527` +- Foundation simulation: `0xf50bc38a52b16adccfd799639dd5bfabf655cb35d68c44864186a208b29b37fb` + +calculated as explained in the nested validation doc: +```sh +SAFE_HASH=0x63962452498b3b28f8813e99890a00437a292fea8dca8db1fbb97c417e082879 # "Nested hash:" +SAFE_ROLE=0xf64bc17485f0B4Ea5F06A96514182FC4cB561977 # Council +cast index bytes32 $SAFE_HASH $(cast index address $SAFE_ROLE 8) +# 0x27f38a0f9fb806fdf71a205880cdcbd83a0bfb9ae1769b6a4aa6545c53fa4527 + +SAFE_ROLE=0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B # Foundation +cast index bytes32 $SAFE_HASH $(cast index address $SAFE_ROLE 8) +# 0xf50bc38a52b16adccfd799639dd5bfabf655cb35d68c44864186a208b29b37fb +``` + +## State Changes + +This section describes the specific state changes of this upgrade, not related to the nested Safe state changes. + +### `0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1` (`DisputeGameFactoryProxy`) + +- **Key**: `0xffdfc1249c027f9191656349feb0761381bb32c9f557e01f419fd08754bf5a1b`
+ **Before**: `0x000000000000000000000000924d3d3b3b16e74bab577e50d23b2a38990dd52c`
+ **After**: `0x000000000000000000000000833a817ef459f4ecdb83fc5a4bf04d09a4e83f3f`
+ **Meaning**: Updates the CANNON game type implementation. You can verify which implementation is set using `cast call 0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1 "gameImpls(uint32)(address)" 0`, where `0` is the [`CANNON` game type](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.4.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L28). + Before this task has been executed, you will see that the returned address is `0x924D3d3B3b16E74bAb577e50d23b2a38990dD52C`, matching the "Before" value of this slot, demonstrating this slot is storing the address of the CANNON implementation. + +- **Key**: `0x4d5a9bd2e41301728d41c8e705190becb4e74abe869f75bdb405b63716a35f9e`
+ **Before**: `0x000000000000000000000000879e899523ba9a4ab212a2d70cf1af73b906cbe5`
+ **After**: `0x000000000000000000000000bbd576128f71186a0f9ae2f2aab4afb4af2dae17`
+ **Meaning**: Updates the PERMISSIONED_CANNON game type implementation. You can verify which implementation is set using `cast call 0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1 "gameImpls(uint32)(address)" 1`, where `1` is the [`PERMISSIONED_CANNON` game type](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.4.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L31). + Before this task has been executed, you will see that the returned address is `0x879e899523bA9a4Ab212a2d70cF1af73B906CbE5`, matching the "Before" value of this slot, demonstrating this slot is storing the address of the PERMISSIONED_CANNON implementation. diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/input.json b/tasks/sep/026-fp-holocene-upgrade-fix/input.json new file mode 100644 index 000000000..e86665fd6 --- /dev/null +++ b/tasks/sep/026-fp-holocene-upgrade-fix/input.json @@ -0,0 +1,67 @@ +{ + "chainId": 11155111, + "metadata": { + "name": "Holocene Hardfork - Proof Contract Upgrades", + "description": "Upgrades the `MIPS.sol`, `FaultDisputeGame.sol`, and `PermissionedDisputeGame.sol` contracts for Holocene." + }, + "transactions": [ + { + "metadata": { + "name": "Upgrade `PERMISSIONED_CANNON` game type in `DisputeGameFactory`", + "description": "Upgrades the `PERMISSIONED_CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash." + }, + "to": "0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1", + "value": "0x0", + "data": "0x14f6b1a30000000000000000000000000000000000000000000000000000000000000001000000000000000000000000bbd576128f71186a0f9ae2f2aab4afb4af2dae17", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "1", + "_impl": "0xbBD576128f71186A0f9ae2F2AAb4afb4aF2dae17" + } + }, + { + "metadata": { + "name": "Upgrade `CANNON` game type in `DisputeGameFactory`", + "description": "Upgrades the `CANNON` game type to the new Holocene deployment, with an updated version of `op-program` as the absolute prestate hash." + }, + "to": "0x05F9613aDB30026FFd634f38e5C4dFd30a197Fa1", + "value": "0x0", + "data": "0x14f6b1a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000833a817ef459f4ecdb83fc5a4bf04d09a4e83f3f", + "contractMethod": { + "type": "function", + "name": "setImplementation", + "inputs": [ + { + "name": "_gameType", + "type": "uint32" + }, + { + "name": "_impl", + "type": "address" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_gameType": "0", + "_impl": "0x833a817eF459f4eCdB83Fc5A4Bf04d09A4e83f3F" + } + } + ] +} From e766df1131d924f4a9ebb5bbab6d356523ecea0c Mon Sep 17 00:00:00 2001 From: soyboy <85043086+sbvegan@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:34:41 -0800 Subject: [PATCH 09/10] set the respected game type (#407) * runbooks: Enable permissionless standalone task * init * updated task * finalizing task * adding to CI * adding warning * fixing ci * updating nonce * Apply suggestions from code review Co-authored-by: Matt Solomon * removing the runbook to decouple it from the upgrade * removing the validation from the README and using the VALIDATION file instead * pulling for the sc registry * fixing ci * fixing ci * fixing ci * updating superchain-registry dep * removing unused variable * Apply suggestions from code review Co-authored-by: Matt Solomon * fixing formatting issue * Update tasks/eth/ink-002-set-respected-game-type/VALIDATION.md --------- Co-authored-by: inphi Co-authored-by: Matt Solomon --- .circleci/config.yml | 9 ++- lib/superchain-registry | 2 +- .../eth/ink-002-set-respected-game-type/.env | 5 ++ .../ink-002-set-respected-game-type/README.md | 12 +++ .../SignFromJson.s.sol | 72 ++++++++++++++++++ .../VALIDATION.md | 41 ++++++++++ .../images/state_diff.png | Bin 0 -> 153411 bytes .../input.json | 38 +++++++++ 8 files changed, 177 insertions(+), 2 deletions(-) create mode 100644 tasks/eth/ink-002-set-respected-game-type/.env create mode 100644 tasks/eth/ink-002-set-respected-game-type/README.md create mode 100644 tasks/eth/ink-002-set-respected-game-type/SignFromJson.s.sol create mode 100644 tasks/eth/ink-002-set-respected-game-type/VALIDATION.md create mode 100644 tasks/eth/ink-002-set-respected-game-type/images/state_diff.png create mode 100644 tasks/eth/ink-002-set-respected-game-type/input.json diff --git a/.circleci/config.yml b/.circleci/config.yml index 306ac5611..e1be1bd9a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -221,6 +221,13 @@ jobs: - simulate_nested: task: "/eth/ink-001-permissionless-proofs" + just_simulate_ink_respected_game_type: + docker: + - image: << pipeline.parameters.ci_builder_image >> + steps: + - simulate: + task: "/eth/ink-002-set-respected-game-type" + forge_build: docker: - image: <> @@ -302,6 +309,6 @@ workflows: - just_simulate_sc_rehearsal_2 - just_simulate_sc_rehearsal_4 - just_simulate_permissionless_fp_upgrade - + - just_simulate_ink_respected_game_type # sepolia - simulate_sep_026 diff --git a/lib/superchain-registry b/lib/superchain-registry index 2a82b7922..c08331ab4 160000 --- a/lib/superchain-registry +++ b/lib/superchain-registry @@ -1 +1 @@ -Subproject commit 2a82b7922a7d719e4243846c679e4a9946d04b8c +Subproject commit c08331ab44a3645608c08d8c94f78d9be46c13c9 diff --git a/tasks/eth/ink-002-set-respected-game-type/.env b/tasks/eth/ink-002-set-respected-game-type/.env new file mode 100644 index 000000000..a7ac99728 --- /dev/null +++ b/tasks/eth/ink-002-set-respected-game-type/.env @@ -0,0 +1,5 @@ +ETH_RPC_URL="https://ethereum.publicnode.com" +#`OWNER_SAFE` represents the address of the `deputyGuardian` gnosis safe attached to the `DeputyGuardianModule` +OWNER_SAFE=0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A # guardian multisig +SAFE_NONCE_0X9BA6E03D8B90DE867373DB8CF1A58D2F7F006B3A=98 +L2_CHAIN_NAME="ink" diff --git a/tasks/eth/ink-002-set-respected-game-type/README.md b/tasks/eth/ink-002-set-respected-game-type/README.md new file mode 100644 index 000000000..660f649c9 --- /dev/null +++ b/tasks/eth/ink-002-set-respected-game-type/README.md @@ -0,0 +1,12 @@ +# Deputy Guardian - Enable Permissioness Dispute Game + +Status: READY TO SIGN + +## Objective + +> [!WARNING] +> The first task, `ink-001-permissionless-proofs`, needs to be executed first to set the game implementations. +> This task should only be executed after the permissionless fault proofs have been tested in the cold path and the chain operator is ready to enable permissionless proofs. + +This task updates the `respectedGameType` in the `OptimismPortalProxy` to `CANNON`, enabling users to permissionlessly propose outputs as well as for anyone to participate in the dispute of these proposals. This action requires all in-progress withdrawals to be re-proven against a new `FaultDisputeGame` that was created after this update occurs. To execute, collect signatures and execute the action according to the instructions in [SINGLE.md](../../../../SINGLE.md). + diff --git a/tasks/eth/ink-002-set-respected-game-type/SignFromJson.s.sol b/tasks/eth/ink-002-set-respected-game-type/SignFromJson.s.sol new file mode 100644 index 000000000..490b23f43 --- /dev/null +++ b/tasks/eth/ink-002-set-respected-game-type/SignFromJson.s.sol @@ -0,0 +1,72 @@ + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.15; + +import {SignFromJson as OriginalSignFromJson} from "script/SignFromJson.s.sol"; +import {OptimismPortal2, IDisputeGame} from "@eth-optimism-bedrock/src/L1/OptimismPortal2.sol"; +import {Types} from "@eth-optimism-bedrock/scripts/Types.sol"; +import {Vm, VmSafe} from "forge-std/Vm.sol"; +import {console2 as console} from "forge-std/console2.sol"; +import {stdToml} from "forge-std/StdToml.sol"; +import {LibString} from "solady/utils/LibString.sol"; +import {GnosisSafe} from "safe-contracts/GnosisSafe.sol"; +import "@eth-optimism-bedrock/src/dispute/lib/Types.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; + +contract SignFromJson is OriginalSignFromJson { + using LibString for string; + + // Chains for this task. + string constant l1ChainName = "mainnet"; + string l2ChainName = vm.envString("L2_CHAIN_NAME"); + + Types.ContractSet proxies; + + /// @notice Sets up the contract + function setUp() public { + proxies = _getContractSet(); + } + + function checkRespectedGameType() internal view { + OptimismPortal2 portal = OptimismPortal2(payable(proxies.OptimismPortal)); + require(portal.respectedGameType().raw() == GameTypes.CANNON.raw()); + } + + function getAllowedStorageAccess() internal view override returns (address[] memory allowed) { + allowed = new address[](2); + allowed[0] = proxies.OptimismPortal; + allowed[1] = vm.envAddress("OWNER_SAFE"); + } + + /// @notice Checks the correctness of the deployment + function _postCheck(Vm.AccountAccess[] memory accesses, Simulation.Payload memory /* simPayload */ ) + internal + view + override + { + console.log("Running post-deploy assertions"); + + checkStateDiff(accesses); + checkRespectedGameType(); + + console.log("All assertions passed!"); + } + + /// @notice Reads the contract addresses from lib/superchain-registry/superchain/configs/${l1ChainName}/${l2ChainName}.toml + function _getContractSet() internal view returns (Types.ContractSet memory _proxies) { + string memory chainConfig; + + // Read chain-specific config toml file + string memory path = string.concat( + "/lib/superchain-registry/superchain/configs/", l1ChainName, "/", l2ChainName, ".toml" + ); + try vm.readFile(string.concat(vm.projectRoot(), path)) returns (string memory data) { + chainConfig = data; + } catch { + revert(string.concat("Failed to read ", path)); + } + + // Read the chain-specific OptimismPortalProxy address + _proxies.OptimismPortal = stdToml.readAddress(chainConfig, "$.addresses.OptimismPortalProxy"); + } +} diff --git a/tasks/eth/ink-002-set-respected-game-type/VALIDATION.md b/tasks/eth/ink-002-set-respected-game-type/VALIDATION.md new file mode 100644 index 000000000..b8a3b4080 --- /dev/null +++ b/tasks/eth/ink-002-set-respected-game-type/VALIDATION.md @@ -0,0 +1,41 @@ +# Validation + +This document can be used to validate the state diff resulting from the execution of the upgrade transaction. + +For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff +are missing from this document. Additionally, please verify that for each contract: + +- The following state changes (and none others) are made to that contract. This validates that no unexpected state + changes occur. +- All addresses (in section headers and storage values) match the provided name, using the Etherscan and Superchain + Registry links provided. This validates the bytecode deployed at the addresses contains the correct logic. +- All key values match the semantic meaning provided, which can be validated using the storage layout links provided. + +## State Overrides + +The following state overrides should be seen: + +### `0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A` (The 2/2 `ProxyAdmin` Owner) + +Links: +- [Etherscan](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A) + +Overrides: + +- **Key:** `0x0000000000000000000000000000000000000000000000000000000000000004`
+ **Value:** `0x0000000000000000000000000000000000000000000000000000000000000001`
+ **Meaning:** Enables the simulation by setting the threshold to 1. The key can be validated by the location of the `threshold` variable in the [Safe's Storage Layout](https://github.com/safe-global/safe-smart-account/blob/v1.3.0/contracts/examples/libraries/GnosisSafeStorage.sol#L14). + +## State Changes + + +### `0x5d66c1782664115999c47c9fa5cd031f495d3e4f` (`OptimismPortalProxy`) + +- **Key**: `0x000000000000000000000000000000000000000000000000000000000000003b`
+ **Before**: `0x0000000000000000000000000000000000000000000000006753162b00000001`
+ **After**: `0x00000000000000000000000000000000000000000000000TIMESTAMP00000000`
+ **Description**: Sets the `respectedGameType` to `0` (permissionless cannon game) and sets the `respectedGameTypeUpdatedAt` timestamp to the time when the upgrade transaction was executed (this will be a dynamic value). + +Additionally, the following nonce changes are present: +- The Foundation safe, `0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`, has a nonce increment from 98 to 99 +- The address of your account should show a nonce increment diff --git a/tasks/eth/ink-002-set-respected-game-type/images/state_diff.png b/tasks/eth/ink-002-set-respected-game-type/images/state_diff.png new file mode 100644 index 0000000000000000000000000000000000000000..6604fb6d7257ed444bd5fa4d03c148e3892441ed GIT binary patch literal 153411 zcmaI71ymf%);0_T*MZ>f5Zv7%SO^l_-Q5RwcM^gH4-#AgOz=TNaCaCWxVytQIrpCX z-u3_Mo?hLnYpScNyY{Xv_3S+{s>*U0sKlr+FfbSj@-iP_U=R#oVBjFgh|n4v_BK%% z7}RE4X=zmjX=zGTH)ktb2TK?j`IxkHBn@>1f`Og(OWAi45{kQId+^CPzA(kwYA6c9 z649Jg$k7R874vO-3D7M56qTDG5s`TlJ94rTsW0^uu9i+9I@AMe^9 zjvsecy{$%nzy=qB@nhg?;b8W<(Oon07)0s$5)(<_X!GGuyYTZDNMoXjaB$!O*_khP z6fLkkf@_T#)Aw^XFEhA5L{N}m7~$7ts>44fo)TI3L!x_$VDb~G0^9M33KcpMINrz8 zMxUO1{30@vM=$6aJMsHlMl=U|_#O;o(4k3y2&P_eqtx0h6`Snb0z*rR%{bbHt=nmD zZwQ3kOz9Bc8x6>vwx)enV7Oz?is5?CC#>5))u=?Yn$3=lGQaS$vva%lnJszr&@>v| zEp}cUJ+m>{c{aO=MYX@XHv-H(yrbNw;uXL?r8v0$WN#=ec-(AV&wI7Mywj7$EmB<~{*wrEf0V_5_@ivk+fmxQy_ zyS_;d-Di=4yq&|2j{3zZx}fs(vDB&&`Iyu6nbF*lJO+zVJ4G{#AFe*DVhx-r^+2`A zQU~@FN*VmI*SCX@slzS{i|D^4MyoMW0(vyOBz~fYxpW~JbiE?&LNt>=TK(Ao9~}(i zBb%s($j)qD&sbww=)fs1NEbFL<3y4)isQyIvd5>z=LMs*y0TYv#^$lFEX73D&~eoX z3t1H6WrdC3g863lR_^k`K#EYc6Vn&Jv8_ z0>jqz>NXe#fKDyJq7(W%4{kCARV&z_785s^x)$#c-qM6Z046bb6M}04!wR7Wp*n>w zLBxRY_g$1g1X(Z=2c{$dvrs}q9%C{Ros#<}bPi6*Sh(;Jl69(ZpU_dL-h4uqTAlnZmmv|cIxWvDQD>C6y3gb1E29gg4XSz_5!m>wxT;FoR{DS2i z`EFhDme2spINZ7WW?k$SPb3nK5l0cBIILcRQ`M-LfM6ww{B6*HDhDwkcRY7w zL=2eLT+0NNgDyilLueRpIAEA^`xSniCYacitnPVU$AQU<&g-=oRujG->{0|-SK_*h z0Ph!~Q9Ocp^Gz-n1keh|9Hg~OwoG~aIyZc-e+d$B<_e?|!!iyPj}=eq3=0aOU|KN04QFsrO4A7roMjjsh6RO zE-h6#xjN-uA#YI8LcN|qFqehSnVy2)m{Odwvq+UO5*JI6lrF43^TXR8GCqoTv~p<; zpUekcw`PB)4b2R#r1-I_B=aX*|6)%WOJPqDXAOE6C=-%zQU)pR($c9?tseh6Uc^x% zulZdIT}w%O`72Q4tYsq^M|n_nP%ft8Q;mnjUg{(a-rJcXUp2w$tLd<5=4nad&sH+# z6CZ5fe&77AyjWJBTA$^6V1*-F|KsJIZHNc zr}brZcM7{M;u2z0VrE`U8xNa!TRYo(+gKiNd!tFxi4PO!lL(g|?k(@j5+f5k6E&Lu34tG8G(A%8e zxLjBO3-;W7x}adgXR~FKGmP9O8QB>T7YORooJ%`uS!*0iIQ|T|ZqUzbO%z^gpM1)U z%0-&nOddchLE%pGiN9N%`lWuTyK^@&v|yh$hv59FInTSmyEG|P<*Q2On7Xmyn#G#k znwq#@XIdb^BjuzD7tQ zAZEd3b3jG}S3-`!DpK)MpQFBD^hHL7e~uEvYQP-Au*WKmWXBLEex~Z?Hhb4wB)=(d zYoY(iU&CKRb9%t$WOrk?Bg2QY!py0^eBj)iWYfh}%{6MHAODVJ@rMn^s#phQhhN>q zMrGezdKo)5i(s=x;2XcaJ$NN4kM4=^nnM#WIzN__G@TTIUuPSK8*LlDF5WItKGkhz zt8uh*UpKxMSj_!C8ti#<{D$rgjX!%J(aZbtp#6^NBwMg;)D%7ZMChW2zps?7Te)`s`nqFrgiSazKc(>Hi%qI#g^ff zHsCgd>yj;$ERZx9|GwRRtjB3jZK!9}X7Dz2dSTiwf2t^$iK$qc-K`ol<_66=AEkKq zdfFZYjx_vY9`)-K^9^wCuzFs6454@oEMrS%1`u32xGdD3$XzBqQV8=eIxV-K`B62W z%BESemWogWaLbhx=^a&va;ws%hFX5h|-;Yq9ZN!{^ETjyz@wzq}1vx>ipF?+N3ZU_XN z9hHeSKv5MC?_+Q)v#v0xo=}?Bnfa)-v@`Bqz1G^fse9WX_v%ZCcIUgm7om)oFXwH) zBd+7hsj>?`o35=du@khD`qTOHihVf6>I>3n;|mPf#!3p>SW1&el(*C=6Xe6$vB7+7zsLX4d1UQXr+BV>UIw79@9>)z zOa!{X8VT_g-G9!#}@Pxmi=+hLOO)2p-4&+PVh|>6QH2 z`1W#Z6BfAu2CxoqqOZS@u@_eA>jg9KkP=MMy{&gitQ8z&KK1mNcmDiB84dz{1|z91t)KwCtDC!7 zS~|JgID06$lV3wCP+a77-CHb`>3Lj`sq2tflYUp_AyjK!3cXnhmwQx4GWCJ?7 z{22#E1SkY8I$C;|QUV_xAQ?^X6uAcC%*Z6ciL>=ip-J;$nri zV0HI#@-PLmI=R#QYmmRkk+F0)ce8czuyuB#{4=hpnX{*dC^hw;7yak>*LPY1ZU660 zPVWDn7IcE_f1a>&vT?BgXKZL!kw3LUsy!u}toiJ@k)5lKV&NNOviq5-`_SJ|Hf_78U%|8<9!VMT@I=<+IHU?gA^WF$3! zu!lJ)UzBG^2J(pBeOCP(UawJql1lf0FNLi3t0OM_!+jBpr7`sf>URqAajf<@^RV@!r>acMy8FU`ln{7)s?UQ zY0AkGP(IQFGY|X$MpBVe^sHl_oqHFyA7eF{I)jx)tV|bn%BH zR5nLB!?6zce=moS>_~}1fWe8fYt1J`Lru5hU+fcaXwv41@w~vi8&Y;LAlx_D+SNZN zUao&OUD*FFeHZ1F72EZS?tc>!Ij75$z+inr?_$;}RoGH2CNW+fH`HFn{(pWI$QIea8{FuzzyE>Cv7HbyC{y^6c><5TdQej!%dP|a60Dg-X( z6LsE3o$oSb#wpa;8A3W9-}MNKKbR8RPYjNJONJ|z;fOF)pvQhG{uDigZAZdXHOf%G zez;SA^;n+4^QiJqOgsaCjzjIImV6bx@IFZBf5j1|p=x5vo=)|3E}a*iQKBR>&gvQ20Dq+kP!ES*B89>PjK}T!oa~Cmb2}H@q6} z&6VilRqKpsG_s<3?83{k`W&#E9AL5Uxn0Mlk*Omae7Ww>MFIM%e2` zK<=OD9{3mIwYO7pSK<=o3uIKc>WIIYHR_3IQ$@-e2^RN`XJk}#O!}a<2yLFZB!s3j zKeO%e&dX}l58DYV)@p7ulg%aw&k%e}u2LmO&&77|IR`e%Esbi4 z5|Kh0Q`+J35B2B!1NI<=ABlg_lM)&3&4;ha)Nf;dw%@Flx*x5!zq>wJ3sUF%vg)&w z;zcr%-^=kucCKyvV zjr5>i>$D8QYQkG4sXp}tBA9nqx7wWgIg@>&IfOiDXZo7*p*G=o98?GzKSSliaaCVA z*}5x7X`*bc6URe{8&o)7N>zg7jQoyxfA|YptyLWe1RWvE7?IVoGNIN5ee9?*eo6cN zGeugj(f0$N!#v;w_N|PJ{A{Ie3lH~PgZal zdZS+QDULu>o;cmB{i5i2y+zpXx^jp{zGXqmG%0dAbAc;9@ad$)ZrmbAmOe{=;@hTP4Tsu zol8VlEMawqUCID@YOxGE9;QUQmi^}mv8e?$a~D?h_~P@o-z4iQ?=)}W8tW>EzD${J zUEv$lVR2iJegcOfnSS<4KoPm$E&5QQ#rj6S>C5V5$$JvZzF55TvjGa@2G+HJo0W4Y zl@K%n&o=tt6s=V(;O9zn?dXgHuF?V;cf50iJikhYMZzWNgm(qsp7&sh|JuA>~*U(k`#8@C|7xePveYc(MY%yP3;I`3=QtFUvN%!t^s@Kt?LV*;* z)^V%59T=y3>+$Zw^7>F04z?$6eY3%G=<{TqIYawN8j~ij!&+Xz#R$G+hs5EJ9p9mH z&58}$zJY6X7182mv=cVM?l6Do`rU5}q=s@a@QcVS0ui^B2E`F8-pzd~w>29pXam&w zbge(~lx`eYNALXwD^2vez<#d!91>>P*o-d|Z$6N?*COt9NEk8~z=4=lb9W(*bErL- zO85KG2ajec$@14Hg%*!Jrjcy^^t_;F-Ti5wd6j)o#qw_oA&-pd3T<{L(Z{*b6YgT{;g`vMzIHg}2X}>D@Hs8(1U!>*>*7adi5qwLPZkYupN~spDcoP~dA=IV z;K~WYh-oznp+$1syFm zzB6PWO1mYXD}I;$`BxgVJ!h>--j2n3cZ3)gmGkODvGrK)WV;`Ko^2&FPT{KF(7Rn9 z8W5D7BRfCBw0Eaenm@a3{n~pN$rbgp*z8Z(H?)rI_3o4oQ%xcl#oa{u&cJ%SCYMN> zGE<>F)Eo2qvYkKKy!-BCS@P;arP z18uxQXTR$|oz%{kkbI-}y==NnO&Sf)imU|sp7+9NugJ)y)=DCGTC&!#KtKsb;0x!Udw7GH)rlU6Uq6 zn_V|$6Dg+VJL%t(Pf=rvc_gH)~$uj`zL5+V94)O)2; zw_&T}!K_6(JNb2_Xm9-XNH)S@6*`vw^bS;h4-ESTcoTaDDRI1Z$0ZlP+g7wQrywp> z7`11qp9>604LZYr6o^>FSIXd!L@R6Rb33SN{?+C~VFyM&aES*c^{5g+H7YZ}%wM9Wx8x)U#L}%LD1{4?3cG5FA(<}c(_g|cE3ww z{I*y3`6o>hW1V-Qk(lEm50RL^&KDj4aQ%)bdOb7B+E_}z>~Q#*#jr(*G8igJ8gao| zD(`s6Jq~6KW6rL=3s|1dmzsp!8o zAog*ok!0~>2#Xf=zqQZxV?Hl*W%RV0;Z`I%=eN5oTdNg3l?l9Fu=b=u$>rzZiEY1} zjPn&s4r;U)XL0VhD+!eAaz`ofjbAqs^SdV1{ce*Yr0tyD7g$=;AtaLv+(5}eOh~k! zt@Ki&P;B>n$PL*UdVWH>e9m|f_?+oYQ`z<8G@QY?uX`Q285qXBf9pOby5rNdF8GSw z)EyHbTcKW>n0QyS)h#hkA?7c05_)xi-KYXN-Om0PP_^y$x1Sr59S_~9cy>RbfaVlk zas*rpyWEEdDfQNi@T5}fwuaJ~v1&)R8A?%<@@=QA&hHOu4nD{w5EqMeZSN-;1KBVM zPwS1IA1}u2+2i3?zh5i+owVyNR#ZwyT?fYTn`NxYU@~vMHW2nYWMpp}Hx82MIO`{Y z8e)AtiS8%|=)&AO8_+L1E=aPiA@e)Ch2-!ZIeycs%EH$*4)h7eq5Qm8Ki(dAxy!lu zfC-npGKEc{&uuk4jZTRp`ryER6cSe*$w+_!sA<1$k(=I~t;$Y^pr3q&TIe?++)1mf z$gO~SlMv+UQ?|JHaDujmtNodGr>+5yx2{_#niKX*Kh;{j9Isq?-$ua%-_*wZhz~$& zw$3}MLUS6=4>`w8d}17s0%DJ4a%&s!oH81KTtcoV?=Qy0i_Q9CCo6T`zv(uVR7W-1 z&$(Udpht*aQ@#7lviKTr14-scEZ`n^{koeZ5rg7omy4`yy@*)qBd2kweXG|IFO9!P z&+rd44Hpbv@o*WSW>3*@9s>isi(h-he6X*6lY{PxXG_q_Gn@)5a8c~(a_au}%oTHD zWblG{`Z1aSW$c&mF-Y1k3S5CICEh!gZse=rw+e1;l}*@Bq$a;6p%%{NJY5ZXx|$QA zCJ6U3I4MITY{SODIGs%#Q%#3T(y=Y=86BuQo7gsh=$L4pf4&j46ZvcOkbfWQk@oj8 zR%un0Ki+O8S*2OWBEkaU?zs#)jRP7b>n(@qpB_5%!+-j8r22l2`rs@YVbDVq6v|9Y zi_dzmbG|*o?00jV2DP%f#uPu?cVC=$a4b5SmFi)Q|d4~ z2sc5k95FkO2Q^8_Pz6(QAtEVu3kd+bV_tRWHdy`Y5sq9(V{e0OMMFZ|60G1Xo#C~O z6RPKIZgg1whCjM6Bp@wl)uP<`GICcqr9CJ%wM^*2HR+mP)!AK=6*Vhic-4ZG@k4l! zRr2ZOH)}+`PHnfZoRylvf2?3OR5|1{ctWY3mtX4$@FdW0kVIBRK*K-vPzlq<=%qJ5 zwUE+w_5aBabraA~ZYd4wEn?339_DE;lu|IwFyR?`uj94+6DeNa2EkY9HBL5=sUY%( zCE-S+Xi*Wa+*0xg5Vh>+i&u6&91E|sw`o=B8J!&`Q*7OG0TnjhuGrm5bR)f&A`~O< zcyw#uhN&@cyVQ5w=;gmeieR4@$(kMUUup5&O5mrrMLb$+c2}2a^NEMtUrwnELaEh0 zDUCZ1a{YLXBXwf~v|qrGnxqJNG&Qaa%El7(r<5jyXQ(LXkbsZKw`+zvy>^l$Qs*C4 z#MXCHqI}!@?@(FUFvx_ahwRIshNs1zsYOkiu$ND(D)!qusAyh4)jjtII=v;kq`!z&t1<&0uI{AY zAEkPiIKin}z!~(6Jqlwq9fDe2uq~Gpdb&v)nH_M$8}N8G(0Cd)js@VQQqnt`(Kgm3 zw^zB3Hz%@tcHQjX8>avW9EM`G6^TE(bd>W)SVDJmzv4VUdCpyWCbl4{^g!1>6SiG& z5r>7y^ZK4qh1Ll0q}j&fn^Aj4hge-zWrp|}!HES3db=n;f z=aGI6hj1>;^}WP9E9z9#+ezssHqY#Ln=_C)SB+)Cw0=!!^+b{m*s~S&&3LapbBXEe zG1PEX$!0%uLL2+R)Z)d>iM;W|ekx%7B1XHqs`b%{B0ZT*XOg&4HY1xJ%6By;vJ$ZopVrMFESA|XV`eqg$XYHD8K_uH6`GZ|$#TP?rARHa zL_J77CU`q|?A1_V;fdSq4T=Cov*qk|IJThs;TY$HAoWatQ*RGv{fM|44lqohI$nIO z@|{OqRNce4X8@xKDJ=OFCnkj=RCC}1qY0&lo1)0eO#=Hfv#^31;0%o`G`^VyMvCxK zv;*1{)0l_`XizAC#{P95#x;qJvXoagq!&=oTVT(ADu|#I8`v8Kg;rn-EC(JcWpZf_ zw7)%+1ui1kK~M@vy2p~KYM3P5TE;2?Zcr^*-P?8-xEVu@xWCwF?&Z5PtvrF)TG>)+H9|=C)4Y0`C)MoWnLw7)T?|>MMR_TCpWR4! ze6YMY)ch=~?a$*NSt;`<*(xb-)O`G|9ptv9=nLSr&r-eUVaC~bJCemqO41g;yXE2R zIJ5ues*X`PUpY<)1^I-^;Ocu-|) zps*81ctk;MgA+bR6zG{!KCFmDx&}2m*=D?}0mta_8j;!W2Xx8$>CSC5e?vQ6Y(}ew z?$JW*bbQ9GSGt5TRvni`;#?^Dp9mxUn9a)jtpZoe7v zFiT_Ro+i^F#CCt&A?#>K>?R49MOk7&q8~!H4ZQhw4gjMDh=dk}(32Z#FEEPSEctI( zho3%#mI)-Q;1N5d=%Gpd?HKb=T3)k)hD}bs7mu!qo)e6>GC(P-i$P9B*oC}J3(6IJ zsKNOltkVF5stF;aB#{b&RBf{*EZ~u8KIOsBrPIi8Z`_t+qOf#oc>Ib?Earw`rv8E< zMiHheBNwQT;d$vK6F3zy`3W!2yHQ8Y4OuXKZ$xI(oc zl*i$=>>5BW<_|jl;5?i8M(itecZo299#(DwZ(czp=`;FeL9xqcp@j+J^JNLT?Xg`a zc9on+@a&1iQ0#q@@m}BwwLh3usqn?4fzRyLt~MxcrRH~B)bRVAxfP-`K?k_PUG2wX z`gB87G4-vInAh&7zVrL3mByhoW)itwuV1g%>cepj5^k7U!ixe07LX{0rwU;G`)qkP zCiI=#i+g+5U1KFyPUnuMfl|-cOU^xM+&F{#U&+ zGFa&Rq0Ca$kU)6pXw0Bjk5m{sl-G1p()p!`)vu8QKvwHuo11yeG_u?rWKOuA>tEj_ z^B^&C*2ObkC#!T&C$g3;mK#gO0(}uF#21RiEYb)8k_J`xt2`M(Ev-k;YW$E#fzJgY z2yIlzqdCHIF^);dx!(wtQ0AgI+otld;ci5XF+}>~UV9Q_;3=;rmxw&zt}LlFrx48X zv{VjQgORHN12i5rZzkHq#xLLo0&Y*SYer1EM0h-Ut+(%@#wl!+di?N)6+8C(?IBnezWGjGrDi24)pHfjRs(c z=x`jWQ2PfWt;kM>D{r>*Kz%gCR`60Nq)G5DzZ(BE@B5anE#m_< z8=ZP?^#oKLf|N_dU^FDP=gPQP3y`X{RRV(Mogh8Wv)go9s_F58EBh zpq^+Q46vJhrV9Mb+1n72Y{&0mDc9_D5Lkd#)5u&Xs#4qep5T2iXSj9E%=povIxif% z(XnYXdz3jRA{eodUW(hqq{wNdB}+5+%|;g{F^^83@NZG~?RaZ4t9!#E)R+`UP66%O z&%)kLtOl#zp5rtgb22}X{TV|9!_oY8q$q2HkcmQGJ!llloCUWgW(PPd)E8engyh4U zz9BqVdwDBrGHEtbOdgg&8&3BLf(q+5^tr0#;VKxGeXn{>`5{WDI9eBJj1+kFMZmTD zBf1p4NRerh*dj;1Kt}Gcw)OZH9{Eq@1lWRFxieYSrYPIm6KTp$3LpfQu0Alok74=@ z3c2n}S|;;zLK*Bd@^fkz)2W@m&$|s&eSN%AdZM6Np_Ni3mn3Axd9##4Bj<}zh-3GB zzQtT7>0>o;pc^wz?4#je4kVHa50|W+uiI<|-mIJjlj3ju2=Nn?(rZdG&$cpJy& zgfRDK_kxty?T*<_{uohTrd^XuJnYb>-IL=<;5tku>~)H>DrFi~KXT=?k~k$oJX7l! zgg9Xn8atEtKrvq+_Y(>adfp-$-${LIp5!H2D>aT!jE=vM!=7ko>V0 zs}-%M`=p=MhOL!x8^cB3*sH?hxABCNK%}LPC;gn!e@TMLza(KEaYHekMfU?%wV=a1 z2Mg*?rFr_&oA>H4#2sfwDC^{fLcZ_T1s%J!3aE%qD6dc1=sPnJhsf_3LBzgaQvXJ& z;otr7*xR|1E)N?z!4)Dg(@NjZ?GluUzQJn)Tgvf|L3Jgx4J#@T03qO581p~~IeN6fH zIG$Adm?H>H%-lD&Uit`(Ck+pkgxcme!pJC8`cG3ZPFQ>Gd8`nHgMY?hp&4A{pDT15qUXY@S^kN<7ByGnRv>a7I=gj@IJODdacS*U zC?L7VRxfa)-|X~}hbbV`E z%f+zOE2moSj8_aih5M>S621F}l=&PK^U}zOAiWn{D3F#rdWwAtO$XVQp+}H`B$fxW zu9OpyS&aS9-ab9b6h+TaN|`M^qpvHLYgLu_7Jr}Oj6ZYedO{nMJSe-F<&vsuW*lM_ z{vF{>)u!#bf=(tR6P4W+Kz<{5Ssh{%n~W@|v6*Y=@|KZ0oL1^p)k+-pnDBBEWfqkN zV)rX_auIocLi5%$qFnxH_XIyRj@Y=mHS|hi<+8n3q$ICx753l$=o*ItVppxxx z^pQRXn{Xl{&V>i~a?0?>%dazp3LMl}(f`J6dw;|^GE%oxT4H1(Xhyhc*z0t9+82O8 z3ZTI67LqasyBLiFqxb zh@?{NK9$sO_vO8koYjcy^DVeXN+MuTq3{roK%(lEAnXMNQDYKq5NM~05`wNoNArZW?kZW?|a@NmsEL2U)U=YMycwD}g66Q4Z$boHBlb0U5v zr5iO?FKI9N(Oga5rc?V_KW$oR^_&p$p#VX@e_t$5m}XZGkx~Ek#Pk_994C6NS}mWW z-a&O!i2*ucXp*vj8Kf^3*#W^2*2JV9s0An!NK&tC zB|H_8iQ~1OwNo3kt!+@9H)n|N3RA^-dbqhc?DRwmh>)r+ktA^QI9LUp+2hq*D+I7I zc!BZ4EDN4>F>a)y(deg9+7>2e2trd=;&5Il|^NNh92etUYZ&lPoN0H2ggxR zXHS{90c^%0ArDY*s=Xbau=()t0Y?#C`*JxLlBCMA`9JX5Q1m2#-^!^Nh@uSF8UjYFg&8c@v=F$ z@YH$PG_-%@ z(EE^r@oXVJdzW0%SlGQ6+=V2lb!g7Hp)>OP;@9e(|c8Ld|04`Vx(9e)KQ$;G3bD|o(8MoK5 z<6Y2^34#Th2qlSJQB47nRfYp~=o|Zo3+~^Mh~V*onvG5?vPQmpbgb0E5jYZJ^U#oh zCyNO1Ee3^{5?UcZ2C^51<$}z=tG864t#W00ud7s2@q&GWk;~TsuS-iJ>{Xe_9q04l z!%rbEAUD4X#d*GpdQcH>Y?2$j1I$s4^E=+_ke&_tBZITi%oq~MsBuNiIR#L~0x8){ zI@bqZnXV9S+?sW<80U7<8*)sA0}R&RMiOQUlq#Ra0mu{@Qdm9hc8WS5d8>loL zwI2(Z1$%9I0FZmmLVu`jq?#PgqoC1XGwv|(3<=QpxeF{!YWBZ77g9o$5ssFH27qL~ z%=ZG&T~-Pc1q}T(KMBBaB1!$)pQ&ghC`vOfyQ5;d+P|voAYW>Bt}$20I#=@+^4zaP z5Q!exU3|D+n!2=GPLISOVS`3rb9_rg?CRk~`&@gZ$;c<6Xu*dt%I7ilNa)7f$o@1V zqM299<(6ynDgiO<`e^A6T{u`)R3z+lxi(ARYnF?HA{JuTc0WD@-!5&kO%z7XKzKUV zu_pi8t{o$S%q(qFH`Mwy;!UW$1HVYzsZ!_yf;LS*bYe;v`15Z|C7;4=j4E|pSIVMR ziK3t4y#bfEUHOh3hY+yz{XO@=D_c@7+Yz4SP-c;@XXGK?wDv#4CE({&52}`K;!WV^ z5HX0$IVd(gk}{y7LgHZ~^<{3zhy(f+sVUx}YxRgPj|jE0$gw@}rGfufw#R8(Bog1M zp=$1mlqnQ+^~;=H>*zJHCm#Lyw-dMQ|5w_{<|tu}B-VXJ7|tz@zNZjftt^8$d+Ott zd*O;{Hs>)x6kP!H;_w55+qjiL5X667I8=`J~min@WKM!ORHP>I6&#ThiKzxVh}p>Kbfkz1CH zZU&G*z#&++{`peB6IE0z4Sv+)PoEXQsc5!d9W7}mStZR|&}n?pjMnEkWC)kk>5Ij> zBV8dTr#;1uT)622E}E`5@wRXvwuf{%p;Lrj>;!#9k`39lqL>~6u28m5A#q9JN@RrW zt`*67*MKb{tPx3+evC*Bj{JY5VyV%-Cc-VKJIZs7!v&of%SBY;Yt(KmA`TC3@Eeh~ zAQTe-o_!`Dmr`QgpvRo}Z2u4+)o)s@_nZgu#0Pmxi~AuM%dB@w#OM60XCtKnN}G%t z*19F~dan*t9Mo#o)1WC6)@exR*{;0~;o9IUOl2)BHFy7v?vGeT{Qx*h6KX5Q;|Rbg zM=;js9)F+as8kBe&gXk%Ru0HxrSVJgHF88LffN};h{H;>nf|y&9qMa}C4c)NJFXgb zyuO_q-sS|a9W4Z+fDjW`wr#nR31(i2If$~Ae((7F!_u0a9Tz-CGkXvCHvq>s1Rs+zD0)qmHjQJg{nv zJ3A5`57?Xd%~DI0GNq0|G!Yf{1iMk$z$Fm?XW|gE@;)jHLxFsi0j!hcjU!B z`&XFBh`#_*cp6ZaH(%-ayKNoUBq?^bPjTZkHvZkBhfpYeAGGF0MX@e)nhVECp5WVo zp3sAQ7Lu_DlxxsuJWPPZp0WT-gcrnL9yhsjo7H{U{*%`U68tOY$j{4}ii7eHThZiw zH6poUb$Ee=-M)%Td#W-@b#u8mZ-N$_L-KV$`zWX(5cx=4_2#4Zm~QPR%-%@d9SFwmrPP1I;(?~)&uTkC3&|Zv5LGWVAZo=rT*;$lssC#3u8lCjlPwaA%yYh zb1rM)Cr%Qz_nxDEi+V5)t4tzCVC1pIyZz3A^Wasc6i6S6JBoHi^7a#nsGO~1o@n=) ze-A3lsHf_J&=AfxRe6)@hD!#YhEKF}jw6?Nac^XPln=YD188EKU=Hb^0o}Um!ZiwZ=u;dut(joD>&UVK;qG;S0n=L?mhWcpTogWr*(>?@zqPXG}t{13e799vIsH zRf|a@TD0T)H|}St<@urN55=+9^Zjl?Mh>&STNUd=Mom-B{D+5IAUuN+6JO*RIChBx z(W&t0klSc-Sf^p_c8s(fpQy|-#AX@ua(3xWa^gEE%YFSM%A&f^3y5r?3%Xp2QRybu z6(h+9INEukybLQG;Q0E6yNz9<3_<&{(iIiKY>Yw~Jk#6R_dsxsh2h%|hi#C;N3~zI zP!h0z@W*?a;n}6c7bQl0#mO_j{)Gm!eaesJ*wrQ&rnx5y>yCv>y<|8QioHCs^b2Rr zNc{<%wb4M~ni)Nwo&U>d>tcr{umzq)hwHoaMRD{h_9ph`^U9t!oLF%{p#)T$Uji;B zojB6=*?EcTKv4J83}K5+LB;2l(@^^sfZiN5=|*M12l}_DEdDc!krp;XA?BJNTZ`GR z$W=~x!V2{H%vOjvXTPdM??KUpMo_$Ycr&%g1ErD~43_z6zR$yv_hle1lg2oU*O%^B z$WkOMxN2Q`0!;}4gq(1kl55iy@$#^ylB2V#AY zt1UH_jlvNYnw>kzIZ%wokTbbFc2!x)7cO*ypgNZtomi6th@MLT5T@MD=R~_v;rU8= zO*y>i5{}5(`wgRi9KjzP8X+`{jMx)4kiN2vT;1=7^APiNWobq0cPSKXLRyZ{Gupx0 z99j`G6T6B|s4;Fwn2hF$I1sf%W)_NM-|C~`Z_JcXwt`}YMI7M?ZAc1Hnx0HqX< zNfDK>YC|U$9lRfEb;zW((BC-@u)-m|bfEp)L^YfO>K}TndaP=W54-Ak4TR9_UFC|m zr!Jy3C9dW%d*NzKJhY^RmSCw+XP5qq>Tuf?(p!|2)AMqGfC9pstp4Zjo(CEWd z(RDuo|JjnWw+;6A@p_2U383t$Z!9bt*;y-GCYZxv|BroWM55dv>e*zVV$lH4co>Iw zVX?ayFn0_CkEJpOolmBc>ocpsw0{m)uNX=T6|) zIbn~Ft$7S#x#=6tor9X&RT{wO@hTy)3x0vr&bGhSEC;e~v0~b%n@e=wvK^DWR+t*i z+B$J{fR!aQ<)noZa;J3EY5X zaQIoohl`cVT(FwifVuP8SL!iBqc$DeroC~e;n~Y~3|ZEN*Ocaww@a_tI)@*F7kJYx zoWc3}8ab?4i1#$Z!z$Lgq_J5=sIU)-7_N<{=k~n4F5d?VcqqQmlZkaqG>#F9JX22JzfL%Xy)PyP zfPqtHzgM{|$;V%Hcz4ny)UI$D9X4^CELqT$g-v4>z)~ z;i<00^F_)bWM=%xC(xw48S-pACLk8!Y@2zfZ3*>6qTN0=t!z~Sz~*=(zM-Ua zBUHV`eU@2u80E*%}h9gRy6=0$2}=lYMy+C3!lxGPA@~`u~eKZ=F&Y|t;BGz z8GC?)NyNO0NytvW8kIS1NJP#L&wNIL^=H4IjXa!3^W4Q}r0c+IdkjWJaSgwTY+P_I zeIxRTYIdWC;)WY}3anFh_kP*xq3i8D5)i+eWR`q`Ci#gw><}S!HVbjCSroBW*SOli z2anG>@maUV$gs13-=%%MCG3tQ!GOW#Zj3_MK4rTD)s)B-0LQtk?~>E=ny4-(=Ws%f zs`s5{4DDQ&w1CX8T z6{#=#)e9Q=I22d8%KKT*H|}dch+{pwCrYCV%|#UVm0c&RRruKNI_mf(VFADGZX0*y z;um=&%9)X|&lcWM@yXc3iq@AM>px3%A3R9(w~`H^M4@E@^HS^il*{I+7gpc|6s`yO zXv!zZznMsBW}2AkHPH;U=V`lRD|<7!J~l|LNe;9v`7niUM@$2fl`;Ml&A3HYQNmdg zuA9atBvq9pUsUpo`?}na8Eei3wHh!CNkKfJH=j+Z7~$gPEn3f7BkcPVvEMGurCucv zsig!E*{^lv>?_Yo4`A{PonnV25d~Qxj&j&SGDDxjRMEqb(b%hQ;Tb=Q&wnHO@lY5` z6*p0ERJYdU3=Q`zzCt6%2PA$Oj!#7cBX`4!J>P!|5rxpjU?BkA?ztR#fPq5A3(zRV z5w->14W(8O336`a?AG;TyRT>k;u{}Xb|`ZI@M?(rh_Z>1NL4HGwFk5;87YmfPF7$>_H%eKJ9_!KvFxw!MiUn+aJG_>^Vx5U&A*fgd&?IsDliz_)_jbQF?*yoc%74UI4>&$WJ3WojV4$83u=`pRe^zo4j7JKU9 zD+Yc^hlX+NlYT(6=E_$wPJA4@m)BgCp>XwvI`Y*ok1M2JT#vYGYbXdYk=qU^T=jRa zSN4Ub(B<7YN527Ra=>U8E8;!jRgna^BuFhw&XWQ6=)d+2jJB}yhaS|L_N0y9g4P}y zf2?iz1V<__dsl5YtriXiFdh!O<6I%awWued_R7dHQck~ag~UEZQX-vb`bFco`$xxM zu+O|^P`1Ic3L2C7I3RSiCQeT;*o{*#!6b&34na){;%T|7zue>ARaMk^=|*EOyZEkl zgA5xb!7}bkV!YxCRlFK5M+*((J;h`_(lS(GC$N7>^PYQMr7KdX%UsgYeSWT( zG6@%EMhRd(C@w+cuL(xP-p z3rM$gmvl*&q;yI*NP~2DcS|=&F1nHK?sxL+v*YZu_y6PjNx%i`UiUp?%rUO(H@uB^ z212a#r}Ta$0Hu3Es@jL|R#wGGDfwGt2-brS72)PA#=m9l?C^3E+SHL3)9jhNN0&)5 zfsl>ruAPOpVh9KpUHFNsK7ly(o$tqhG&t4oDnF%@B$Wr_-AvM;o03z8^gb_MnA&Q& z`h2gvCt(A+MUHMd9v>a)ly>riSrA26DZg$QS09?dyY1~KM{a2AaOvxlc>hNLmEjtJ z^VKs0p0Q1J8TIbyCVu$Ut%CDL}KtIDqG>Y-Fabtfs&5#yO?0J z$Z!ZZY|a z8l7a8l>ovyBGaebJZ6JVdRUAZFWrahtxOna*;*hnFElGk<_>IWNfz`4o|;`Nk~alicaW%Ger}r8wO0Rw2u6-tS-~ zKW^_Sj5ANinG8zF<3wK6|s%6f!hokJOsu8R9-kP2f zErm)OX1eoHl2|HFGrlZbxxL$)_H9D_K{)lM3E5rq_j`mII*)RtZcbfq+t7Oq!e>Ga z+-}ZZJN^+6>^|*xruQcd5x-;LrGWTH)}T7V${9s2N1%cq#M6+58k zOF1I{6aS%$8)fqq@~^4*aTR|Dxp{?y`b~UHScm)q-j=szvi?cV+iCB#vEV?^+_GiO z{*STm3XPV(j6kn^N2#NzT7|}+8EK&8Rfr}SnJ2h9I;99>W*u~N4 zx`_;}3*X`h$F|1d*(2)3ImXJsffm#wrz^bP|Hw=-#aVoc$vZ_^JZI3&iK*p?W4+Ls z;)@d!uI(y%#qr8fm{=dmC!}^MC8zn@ko$K|9;~AXZnqmwtxN_IoDyyZrw{koIh6nGE!P$1!X&Eo<4+dz0$5VU-TiS{XvpPa@EbfJ zHlQ7Aa{78-ZP{_>cjXx_=(9x%xZE5KN$=Mh zQljYV0^YCm&*bmdRGgI_ zZ3rcHI}@XJP*5=|2|FWdh20dL(!wOLDaGBOJepp?)J&#ZlK7Z^3(;`X=5u?A!XB9`lI7JCeMm6qA8J;M&zAmpnk+ns=c0F>}W&S9h&VYS6cd*dt za-b;cy$R=7{dGnj<)dHsIuKo`RdNnfkhL*KJHPFB@uP3UJPdJIN>vyD9p^;& zm1#k!|IGPuncZj+v;5V_RbLdv?(=)urBQU~&=e(sHF(@oohMsMa}?60sfKVeUxyVi zQrY2^`L|ZY8l-}No}zu}ALUVi+wv;RaAJZh$@|znM;DK#!+ZQXc05heIG^K!KKNJ+4PO-18q7lR?ZHk0GpF*lV0tmTZ zGPd;~g*~6++j`-8w+w~64b-w3KEFqAT+>2;H;XVaPBC9zG3GeuAzmm2>`(AbdZ+7s znFF26csN@_aX@`)P}`s{G0EgqfJbMb zSz0?5-3Be-nz}n~0*jF{GlQ*9qg>8 zjZEWv1C0noVj;5AMDzy^#&ACAo@hj32$)n^sl3KNymNWDRNdeQ0+>0(&Q%`T zqiF~f*IFzwS*3*dQ!jcG2CO|idyReg?t_LIQ?&n0nT`Nns-9yDUxQVXME?sUPrjX9e8P3~ zazCGZd7u9Ev zqpc#^c(#aIKaW%x@w3PoUP^gUP}Crgj^GS;04d8hKgkgTNWixtE((7T=5U3RiT|M0 z6CrqM9KgTU6RzN~h8LU<1feJKE@Ft;S7rWfl}=|{a?g>GUaVwQqgf9=Gwuy{`<~~8 ziui!kBxm$nYRNS^;cSZsfn`b-!7$lvN6D(%`7WIYb`{T{2KfR<1wj{^XYtF`GvDR! zZMDDV#Uzv2j*;D@;%!zFvFJ2<%U=;|zu&W_=QH*JY9FTyf=>$^8~X^Ouk2VP`zhl0GrWeHhvhifzG{h_?3u|^)6;1@{%p(tT? zwEmRG__Ex!FLEU21M^h*Z~{ne$P$84Avcmkr8dYkKx90a!Yu(WulItgXT1ZI@a^tz zO3&`w@t0=QQc9g1tBEj#PydAPF2a!Gbt=v~SiLG*Y&CTIR1RchLMYIkEWVD4Qpi4M znL{q)dx>@&BFLnE&%1u>ecAe*KBb5z-Ymp#F+)V3A`>tfcH`f+@C8*GQly&6U2>e1 zz<$cT;3!vR{F-|*kmk|KV{5Lq^kC)-mH>@F09-EHDmijZ=naC5QWKL3GID60A?w%a zFPeJ}Je2Sy@N$+5O-3p(%24PKoJHi{eEw!gDZ@Azq%?(xpvXO2_9D)B~e zKeF61ow4D5G%my1S|Kw>I#eiBD*n9bQFdX)G60nzZ-wlGHvSJoZylM{0t_TYm0b0L z`;*@WFY==vl1^&QFAwbO-w{na5p>N<9I8WzZBOr;2=rC z_;6_vi?%RAj@5=K@`Ls8zG2tt{sx%~AK_0gAr+lkm8g@3^ySWl@A=UuzCB(?GMtWQ zC|j!rtgbleg>`SP5O%da?wL2FSSM2^PUk{y4ph?&z3}kne?s=Tcs>MS(H2y8j8CNg z-nM_+aa4@Ku4)XTdgR@r!kggjQZmv^3=JgYD8*gEr@tmwQcEK<0fs&W|{(mKXj=Rx&x zkGBLem{6H#_W0u={?+A!cKH5E-7ygg12Gkqnv1q-V^epn3>>W2-BF2;Q4MdYd~U_3 zq43*dx66&mMXjS6J3Ums-v)1+(U*1n)*OP|c5?R2l408so7Aiy2%Gk1Dn*i_x@0cq|O;lBN^VP!8-S5mer%L|B`0a3D@O(QaL(zzY*B^{_R)(`R$J__$SQ8CSIm4kr1K&_nn9EAI}TSD6(XY z6n0@u%C&s)j+j3L>`?7c%6!Io?y(_6Tug~#qWAUA(rvJ)a2pEcvsKKY@KBY3#8+45 z&M-j-yMSVxA$)6-P$IuCz~;_HGCIqiaeHvNWXase{$FVmo`U>Od&0;(xJLoTWI0-L z44D~(EgY)RxJNsYYAX^ysy72=y$y+ewFEvlQzyt5oYOZgD+y3Z$D|zAWGAsq#W9w6 zH!ssDi=%PymcCliDw)}=27dvkz3@#||GRST#lmC~7-fMVg}*1T{tX`D*(vyR0a6uq zQG59(os6Tpg=ix5xr)wIFPnnQUQ@Lc3ToF;HRv|euV88wn$mVo1$;II0Inh}(`)SX zmoVZbFYCl|1T})UZU%fwDwaD*CEAyb_CM(yk67 z+$oMKI^_scqbO1Yi{=O_Df(flE7s2rFk7^5i7E~!j~yQtphkg<6Jdrdx0aSR!7k^{F&^wYe3Qtea7q(~l_m-GFXXZ9Qo z4%>5=u5Oj@P&`UR+^~R)DX!)v$vw9(*};O+Y6H<5Nb{5rh<`ul{QZ@)jWXWCw; zlw6O;MQh|sh+eFBwI8fF)2$j^bKZ!sJ3pw;xHxlit6P5W9}@Vl=p#=nbWvc;s6$Db z`$t*-KfKt}haBLM(gQ2F{vX$r7z?mPi5C;6zy4WJ{XeV_w4dNbKIHu;|FB{G-!ClG z0CUK4R$&B+;@^h*zkDld`~)WY`F`O4aou$$0Q}T!BEyZ6^xs)6gz4Z#QpOoH;s5Q_L{eL(Gg4JC=?VVZ8VV)uS4PDxCu()_K*jd zLRfZt8-Y63k^TQgMETbV@(WpjP!6sn-?Hz$@5#p)^>O`HonPdWP}i69^cB0kuI!IX zsbc4-b^kmZ{&N}r8wks40ge;_Fozzb)xI`6URNdY+*aN>91q$-*;HDvxy`ogWqdjmzYj81S_6ggWddeB-4)oLXajebecbSDPhCk-&t3;apEXeA>}W{9i6W zbpGl6)#^JR&z`BCSx9kVl8MB^!a$i6-(JLYRw~S+|JSE4`r@x&&0hZ!8t7%VnooYA(YtKfu3;frJuSuFPYmVE?xDly)i1F?UobX3kqq~F^hBw)_T#}^Z8(ie8KI8-4o9q)75r7@9Ppr# zJDsdYtaSMIf%3{;;Rc|wj3=!YEx-8ZsI7Yr7fq|K#9}^c3-t~j#q+NvZ`qI#tZs&E z1N`_TFc3mdvWRuCsm6dy=qpk^?EB>jg+8S9w(T6Cb|TMrAuboY54VTPL{PEff`UF( zmP=XyaI~*#WVpP|0UVGf6L}FJ*``D;8UICT!D<}jv!C!LB;K$n4LVIumUU6K-UPBX zcFh|j@lrvH*0p!;2UTBrog^RF9uJv0cO>&IV2uh_sYuhD%>b!XP_+EVfrZG+iz1ul(x{XBL*Bl63GB6nlsVTG zeJ^iO1eyg#>qPn_$#zZpjy}@-iBc==!sA6Qi|^2Y;xa12pwsSnKFmrdM<6FyA=>wY zx^muqDcNSFwDM&00sUl&ce7-MXDN~>RKJNgF{^>Q_|EP~`FeAUGOz{h@pR0*Mg6cz zit*1tPWa}C8^!vP_G8%P^gN@Oy9B}z!@@$s`k;)*)>`A;Qnq95CW|&(!ZKmx3yE6E z`9FvhQC5%vD@HM@bLx4BX%lNWw6xVYLJ6}e_j@RR`&cbak=`0wm(?!ZuQ!f}lAZ8i zmaImhx0leWl*s~W5z*gH==#Y5k~vU!+*ReD->x zWy^8GA7K^#wsT>&V6jV_iYze-^n%*xA`>P@yv{~W$Uu?i+vZrZ&Tu8)ez8Pi%;q2t zaMpG*oYWw@NI6!sxL+YB=*(B9W{HHYTri^*XGvuvr7wL{32ahsicKW2NQiD=ibE=% z5R?}tXBFz}${RQti$m0(D;41$*kiId^^Fpf*V*=iANEglT`@#EaDF3AzGAq2@$*~a z2(rYj+p6#bH-JjMKv7oF#nMz*h*iROtSQMFb}WQ!vt7;Dvo~?&#Kl5_P(9`q8sq0L zMa4?xhaay?zrJY{q`PyQGOIrae;GAb+%}Ic0dc{AR$O}jM%7+YolK5LP^(swabtjv zjAQagFGe5NTyTS}P)l-y{KNERuu+0rw|UFcGoV@c&~|MVML+*P17)6OLF=2vX}yj~ ztBlX?r4)7DRDpuDU)UC%<{U~CZK6Zh0O$1CF;;v4x&~rfHCO=(b{(J=_OCbMU_}8i zDI4g^crvXQo^L)C1#EzQ=Cupt;Mqn2Peoy?8>8hS*Y)jTU2)|I_hpj)kaI3> z$QB|V0s5_4v6@{o%Jx`x6qsziPn@cm3IjAeJoAMt2$x_RNS}xSvQ=n@;4V zhu;F57o=xjHQn&HqQ~`#!IY5JX?g|hC9tihaeW;q#Hq-gWS=8Ubv+4ObRem#vAC~t z1-Hey@d;XX*t$d+&vRoe!2H+@d4N7$1NQ!??$Eaq4|mra54Wd%Kx;|@61|b!F7~_p zIkMqJK(}IpiEdw~1#Kz+!SZ)n`b8B;)`T4ldjL)yVmsdFLM17?N12j1P@^7F3o+us zuuu6kA(`f77E7ag_Drw$764^7dLwYcQOy9t^a+z-#}L!>_@HqOtitEI8r0q|k*7|d zuvH-0E*^@@JXx)#ilSzJyej0zvrO3xEFcQeYiCpHmXnYLl5j3!aO{YDGP!cJI-MF` z1G3Bpz&M3n*L|>l-D@RbnjpIdU(cy2e7)MES#j5kB2TEmV&dvSSI#qD}7lSe-j^=2>cV{&*UH|sU=XG$pQ zkI~`|n^Bs%VFPz=>ZFP%7-KY#P&P7toa+Or7k$gf!CmeS4g* zOQRIO6%s0Kp7%YfsL~eUs~$HeJ+5ijH|o0g$zNHp-_G%#graHE-@m=o98l!3dyQqL zu2_LJLhC_rEfrR>NY*D$9;Y#hAkpxycAyWBx8GqL5^(Ri9V_NHubO2W?oTEk*yKN1 z-X?K19O*yr&NLLp_l&fYzc%2VB7?%FzPc0Qjla4DAMB^;JYVv`G0#5|*d z%f_ZlifcR^&KGLZcE1+-$>Js{oy4XyvU9Cjs>MC&X4=G8XU7Ov3JkKSM@)VP7l5C} z$a^nMA>}L}9FD&qPmXZ`fF4Ta%DM1@GC0!$g1&k1DKgxX;@u%{s8Pv^z0AOD-{?Tu z+`W+pflnYp+S_us&GJy-9GAE}0Jf)cVCWrio+IDCKHba)WFPT6&97J{46Y+7%{Q!q zZNMe6d;e6#)AG9)OaOX}IAB`?a6I3$lOBAt3>YgJep7M)2(kGFOkb z4a9;u(ryw54ZCy;IG!(GX;`BA=%7M4ZH-Gyja+8#lI!5OH0!*UEyw9$H@fJto$X7E zV;l98PMn*qHZneHeH5e92x|>arKk*l6OfGf)=t4o-)6hsrX=o)twHS@rL_oM!ga^X zdn4L*^A=qyuJ&nDTH64hivh#lgkT1OoZ6fwp+8(>a%0(&v?C?%+ARu1$VGo*`=(99 zCCWK%`X}(r^cNRtQ;5|usY5~b{ z?A5d$QlX#f`U6+l4Fj#`@$-z7_mX&h@t4vwkH=Wo){1+zH{2-Lako1$KX_5@sMINF zsx8Dv8vC#<$i+Of)yctzohZh(YfzWqlbD@o_6oZ&(bYn=yI#)6`Z6=^mqxu_FsZ6ea2VF&O5)x+t@ln?d_sJUczF~V_KHlN4-8hC}D zbd>ZKun2!eS%AEJ%&(8!!^gjZ4+AMuCh&`KXb=`daeUxc$(ryPsJLpLTQ*WDQkjj& zDFnRM;JrUX&sRQty*~;|-vdf!aL{$ap}4!Ai9a6J!g*ssyw0q8jxqP$Dxl?vFvO^f^!okGU4` z75l*-JJ_H#6V&>Ol0n~D1rUwKBhoZX7l5c`!t+44QXVh`}512@Y@lQ9)pOMj#{19W|)X+M_L zC!Z^gH%WN(vtV3-yAcP0Q-&xu0TlNfy;@KDsZSu<9{C3jC>%jQ0mZFoXEKpP3QT)0 z{8^#{zbv{O-qMBes?!|Kzb#EH|bm0nv?N?+<>f z{bgKe0TlpVj1lGJXZ=nCP;|~`TWxJEOV7GHyIl?mVY)5FiO~ z_kHKIQ9YD85JYl(iFMq+ca*7=^68}A`&@r=bb--!%}9$9_0ZOIKX;>ZrgfuFX6eKx z!#c5a$=hyyg-b~PEOz7Mn&_}3C47ULR#W10l!1tSf51>Vft^Lde11E_pdyV-eqHSl zcI$TaV=bu!(YGCkA0hpEb=e#>+KN}udQagd`~@>*ne9O5Q)~zC(2N9jI{DUix8k2J zokMI=(HVseaMTZn3}VUb$*$-9FW4_{O-dCMH0-)sGmWLMb%3|w+WEIxaw5UZz&wSo zx?(iCI?BLs!fsQLsDm;&<)teWyT?vQk;euJJ+K5_BXA%8Sbv|WY~R|-@BT15$3U(; z`6;s0`VD)__V>M?r;2+mb^2abNSLt9lh&4ydzofEwT1*fD<|VG==EfpxT?IyErhOK z3}6@Q7u^3U|7ANi@ag>W0!5Y;LbakpUQGaD0@9+Yz3 z4pwJ?EGsrVKeIj^Zi@P2Kv~kh$AsgYug}?t{Q7W}jQwF;Y-8WZX@_kcj-|Odz>Km^ zR~?me1sUOxzmPwv2^5H%8yY*FTom-xZ16JNj(ao6T0Tb=-aVQC3EB)Tl6AjVIg(G^#^zCDWU0JswJ{3Ih9fCQ{=-L%WX`Y(T5VRnqx;C}k3m zTO+~d%fH;ER%?N`ki1waKeQZAB-sXac7M4P2S{?G4QePh=Ld~URsMef%`dmX8RbkZ zoB%c7XfQq>x}#bAXn$X!$qPcPMKRuA#Qk;RKyF(iaj!{S`qJkR1*{0Mim z&E4}IZY3?6%K$ANGYF(&#c>{GV5(oQ=Ie!v9rlBw$faXHo?Lc*bPH2BnmVsyhS{DC zX`X{6gVTZMEQfh`Or;{+_vw;LixV>Cg&SUzc>!NkQA#OnnJ}hj(-J#41)EgwH|Yz7 z6MWIR%Qe8MNxGIsMQIkhILlWPu1Tr!vW8P%eu#oJ8%=BJ;Xxvyk<%W-;wd~M%`da< zfZptrY5_aqUvtu`($;0DerVG#`~1PWa+rc;^t^`4K{R3Uyy`bX+oUND#-BF#bGtlG z-V6LV^C+dxA|;eTVi`rHf$`m|l2$j5!Jkqi9eOOmK?%;bLv*wyKcTZ5CL<-UzZsWf zW)w~yP z{O7@{IY&&|YA9)g#p&Q$Nj_a3UM!hIIPY3BFtJeSYiv1*QO|3V@mv{dZ-0jfMieZp zfIMtEjp!~!Nbm6BtNtI5Mj(ztX1V`Gl$F&FOR_+JZY#q7U?gdeHMg6|ny;p|F0&TTW~Ho^SxKb|4sPPRuu`tD2P} zR`WAT1%W+&^h&8@96@-e`_~4sa4u>4Vi*WGp7jR2F6A`m7-sBTe8+5Bb@8lNF0&zS zOAk$8T?=Qrl3R9yWqF`zU?)r-NqHu5r1<-(Q#k>X&`8UFu|2e5%{YLWn3R?7}d( zYz`*q1)cx==~-S@7Aj;VbOj&a2_pB%&6M5!7z!efU+UjxDmK&v{o^RERAH2Nd17c( z#d&T-o#5Yl|AISIj%W8ca<*7(O3=ch;?xY-*9M=Xg7_6JSIVdz!D5H~?a9D-Lt|?* z4=Aqt)brIn_wg!wi_7pk{yA7i;wWgK+6B_SYQzB)=_#dsIKXPVAa$5Eg2dp(>NRHs zs-sF5*1mF1n5(_9f5?o@In?n^3$k-wI)?JX+IXSGWot4gZMX+xS0&_{X^|4$jEB;Q z{+?n#wq=*h5KD34swcnX-2d@flY>5W<27T%wfD>9jWCcPD-WmWOU2d|x^pdPf@fBv zIzEkDTnw;`?XT!456!kXF;KwI1)JlTwNC28yt<@CbZwR`wW?Hbv57)fBn3}$0hgIx zlk@_kQ~FoU{FufvBstv^)8P1!BN&BfD>t+L&o|RbcURs`HIy|Gf9<4yWl5~n={ued zi(|-t%VL2TSF123abJojDqc|8(W71Ba1;4f{}NW)B{@NNzo6jYc!pGHR^2x4j{fm7 z-N?;PBcWQ><@%27+IhO?WNCZafo_3W#jcq5bU?epX`KR}2t9$ic}!A%Aw_Ab`OLE) zeRtvqPcD^AS48v4l0h@KV^aI+M0}!aK2!F%4iqZ3eMez=y05I^us95p%?o2RULe!7{48GPd8-t%r1^nSDK7yer!_!K=cxPxuYjmmm>aDHk(Sr_+7x zYKN`2Yk&Gy1b7jlM-I3Nloz@mqnj=Zor3+%%C@b?wA_jdxim_>2AwPeC*;O`PnG*x zxJAf3+PKCF?6^%HC%(*7a{l4Bb|~T8*iU$jN{xxziDu=A)Rsw#M9V&rC~YZdY&@~; zdZx8G-1U+rmC@~cv~${bNnBo;snP{Hxqk0TmB8Chz-!xn|{yR2qTVUCinvkOYs%eW<8EdGvmvw4VIa2SsUU3-A#;wA4$U2#NUXp zlgswdz5?JPx1MK}4O7W300i(XBI>~HnUl1Oj_zV8{~d?z`<(MRD&iYzYK)7c2Igaa zY9&`ul%PLV#UN+3!jyJwwz&ERStlvOkDg|O z^t`iMB8z!+?*lJhMmiu;tgSO3qQ))*qSA!7jbgD{7tNoK5w9ITIT_R_XeAux*X1)! zq%t5;O{S}mIa!=@y~*rU;7T=h+ropL4XHyuglxuKnpO3OsQ4aEm}Ck~mQWk^dA91} z(n;1+|Kz6Vo3K;WTYN7ArS8mZ44Igf>5FKU>3iVyh{=t1*yHR+v<>S*oRDhyl<@8S z;R3~a?P+QsY9)o0%*nGW{=_a)k?(~S zGU%)zb7jfvdHV0JTPhEvA%yqWMDdC*F_#mp{Y&Py{y$}ICkEaQEwg!+<9adsY*MLJ z#SgRSbvNE5b4@d%5jP)Ce;WMUDa{`~c+W5twG{LYs<>%|#>dRgI z$+~>}_$?0YmdDIUDm}Fst{o=!`*8v-C({rYHR8|VBQe}Y&M9%IL`0$wF01tHZhI*F zN#c#zd5NywBuAy*tvhVRh9YI}tTjwuSRl*M^d_y;C17+7$)_mmCK~lgU4?O>Wl-H%4*iDwH$y zd7LERQ_Jv^wW6f7dmQ_q6Y;M@flz&F*xbKYjw}h++n=h*GL-htH3W=cBsFG&G~H;e zkHOhOh5p$NtxAlhS1yc}7J~v%FJ_e07biEWU1_HD&=O=VVs^3(9&WWA`$14nk=Zc_ zj^W3Vasb53ws3-HFF?<@@(eZg>~cx3%fRJEquz#^h^KOdZfom?3lPc{?(v<7J`!P3 zHAIr&7nJfRge;rx+gL2IxI64k%k`vn@yWsaN?wxkkfx-ZRY5K4d`X<%4eK89~I~vK=oj(#SNzhQs#C^%OLqH zK&4nvBtT2J-m%#1(hRMPG;QEx^Gz~WCRGW_u&ZfWPhA*j2l6`0k^q4 zz-Z7<^Mrp+hYP}>+@pRIr)~6tTU;?t*h!+VbD!E^^kLuGaygx&!Sq`~lUp?nN0}y% z(!$Bg#;nx}^hlb5C{BKg-r8iE8mh$Nbc;CF!4i41I3)VzWelnhuA@UP*>IwGs~WA?sa9JH7=qBe5S9UX-MddIslPdoH}Qq&-tzX93>+rrY?{21{O+>(g;ASvzL5 z)kc4CC-)!5>L0nf1lYQs?gq#St8OgO!u*VhYNY-X*D+w<+cu&HqoIGp>tghLvvbt% z7~6sV;6N#@t`Un?I$~8xBY6Ci_2rmuS9%vB#(OP|phh$6+_OZZgE@^zi7*YU$bs{O z2j`i+;lYCk2m5fBi{woqFDl7n5rQp5m{$64HB___G2Cq_haNG4PVy3dYS(Aw%ki@F z=GeS0Hhm9@@bzx%74H(R8xN>ms{$fhZ#Pel#_-q~&4RJ`);2}cYcuhK8o~V(k;0I$ zcdM08DcI7&2+&9U@%XM%X|efQ1mUctpf){BZr)_mguLa~m?rr_&FM#UnJ@_%rsIzi z4hQV>r3Y2t;9|Y7SB;zZsUs2I^t$m@-A@{S+7a6-zhPk9Hn} zoIXikJ;a$?D99aQ4h>1064CZs=CE5uOJE*)^b9wjB9mLKI~lkspG9~kS2jh)-_BOC zQ+r(T2eLn__G{WNU^1zGY~V_cccA_H?Tci(Fc$t|%e|h5Q$4`(B@`r0FNEQV2CY%P zRX1Eb6N1jo^dgl8wGDZNUuLEwpEF>@C;H~GE&^0+BF2nm6<8#kyi61(gZ?dDl(0hnFI=uy0gD09ay?Q<8ux-JAEmDx)ewJ&U3foOhsqTJc+WO^PE|)7qy-!c1Xp`x(v(RU(22?L z;7dfmvREw>8oQ##S6&X^G&F zoXk3wAI$-2KKJh;Ri>GWu0w+1Zg=n|SEUxSRejSK%ipHUbg1%G%`wSbKU2IGfPrg_ zi7Blp+;G$DoOD+?Ttoek(~GNcwI&!;0Np2C@i=90Z4sWD?ZZ$#?L6CT{SiL1J33(l zcQMvEopMexT z*|`ahKeIV6lX4Fg_eK)CC}5P~$hH|t<0eed3ZWGP$z1EKsNRe+}^NIg;24if?+>Cy))1QWMc~r z*||gN`*gpBB>Q?M?(n&t^S0-yUla$2qDH?sWnkv`_3_~;s3cWE-IM)M2OAMH)rG2I zH1zY$maUzDhTG|%&@7o$X@}?3(2}(NL(lGvG${l8m<6>vU@`VzB*q?!w~l5ADah5h z=bTK*Re4r3ckmbuCyD>MICbn#VDcXiFzm2@-s73q3!npA0)SAR`YR5R>-QoDQPe%d z+Y6WrFKXg1pqiVTsZ2!G?s5J*UBKpWk$ZtYzB43$Pi(?{nbTD80m#-TkvMNpnOYi2 z>Q>1*4i;RXy>8>QSt0@W-VE`X%5y>+R?Eea7lH)ph$W&bHBOcLh{S7-M*H&tEJNDQa!lyv1ZPL(Hk8MWe``7kXjKk_n_Hm$z&Ah0Z zW7F2k50H$WWaboKFMFM}I##ZhRmF=gK+|^P@!&=gRs>x}8!4_;o%08BA`hR8`B~d( z()PhJcuE$&N=cnd#w=%q*4!rccVA7;yAv0!x;eU5@mc22LL&$D*3!<8A$?T#}2Oj(ezcoMxeZlgq7C4Ih=r zxD7%JGp0B|Qij4-shg^?==|x#_I+-Y;a>7E%<-7LE@r2VFM zikR%ycV0YNyXM`Df@{P3!noSBsR@-iu`l~kY6SDSZi*?mbaZ&F&dQd~geAHj>7lDZ ziglT^4iqcJs6OYVRdm48InJhf7cNB%H9H*gaMYvDP9sYCEeE~l6`7d|y|)Ejccg|6 zvfLOEF{$#DJLb^Zv7pH$`8`fLNB9Pu^mKS~BUUc&jnTeaZdOo4M>({m2Ts58{Q695d zwoi;X+%meo+A3T#JlEY`;8ls%fR7vq(5*H&96B8{n`3N##XE1lDMsGXK88nL_wuhr zUnX2ahVd!5Ib?U3tM5QtixfJO_|}vq@`l$v>0;s%D-MIKQoNy{eq*&e6OH35j#xBn zC>oTqDjMhthOQ<~y)@~e)fzLTne^CL^P82qiuTu%ktG$%__?%9?s}fz?55r3j}4CP zsnF)ls@nWfLaA&Sn8h+9rGq$$#CxNf`tetR%_sK7G~sj$lbf(E&s7lT*`2$llf@?# z<#cm`as^ivPqt3Dn-?|7Q>n~+WEd$%S80cz8!V|9kR6S1Hov2ABkr3lDVo3C{rN6w z$Fh7AY`Bcan6U>R+PbWt)(}T$4d=+GDdsX#KR1jQdy~G>MZiN=mm`+=`48(CdQH z#PdJX>rq8zyw=2bN{T;MXF8V3fVQ&5?Gmy0d% zTXw#`v7=Nf${XLB5emkV0DhIPTnrugy}N)+V9HQxFo0EIo%zTMN5cuH|9qc;8Sh0r zQ7nx7eRHC8%GoJJH5Ln$nZ6%)JjkX>1g8Tb%;@+m9@tTsJ54ce*Km2=z0l04`)<)< z+0j6QQbZ3qLCy}Q>4a&`JXxY-S>)TtA6|uT?AfqHx-{D+Q6FBrA#;XoQa$z4C~#KcX!&Du6p{pD)DbiZ$&O6FOwx>jI|YISm(Fj+Tl zSF-&vv53O>x%$8wWQ0sI@59N!i~yqo*;)l1ud)T@@uU;v+Ae6`>ELo~P?LOthniwT z!C-t7i(SLfBtJvt@S#;^4_((jya`i3xdI#KIQNlY1{@4X(Y1B9U!iNfb(jSqQ*KW- z#Z$=Cc$w6=Kd%#LeXUI&pN^r?364F2so6>jTfx1-E;6LLNqIJ+@Sc~_S7hp)7oz2v z;wzrjXBYcWak`4%BeyC)I^(vKuWaoV+w7)29%|@u^B`W9QkD@pmRwx!tT4qyn|X%? zG4JS`$chHGn1GKM$~*G5aKRLtK?#Ff^KocA?#0U0&V>TUo49O+ci|kYNhCC{zSwE4aXAm~W1#n!OWF zOAToF_K~|q+S_IwT(#v@L>pU^Mr;O)(kNyYzFIMzU-|4l^6AwU8(Aw(ChQjrBh4bxYEP}=nhv#R8H7b-T@*6fog1M4N&HWnooS^(l zi8w9;b2J%MCr!Zy-;*kURD;E8$6!JB1f_>|iM99FS4ZMXebqP!)7tw2^{`yJSjdnj0=b5XBEIy9D&$Ve% ztCV_gd5EGhwlt+aQS+a!uP!wF%O~l_fVa`&cBN~KA-ulnL);ybx3w}4L}jV~zxUZH z7mrIl_*FiMXtdqqgdIDZQ|8d&K(BSCM7lfk1VdA_xf?ds3gqxIyHPR{b0`npqD^V# zS10nxrE2RN@@{y;`-(i$!DMkVoKqQDKl6WCA)x;A3b8%3s^GO-HRDF69%d__{Z%B< zSU$j1kK8WC%lF$fT*;8SavYYqDYWQk#XM1IO@d`mz5^Kq7iAd8(a!#S`$h+u@L-;N zt{O_>ng}my2)&9>VRsn1K)3V(x#ny*f^4mGapYK`w!${VET~9*|5AxQ@4Q^bhzxX7 zVgvT>)~Uq;R8pd*p_F~>dgFHPAXE1hc7bu_6x-b4$4GYF0w_&H*J;Vm{009BwyAwDEv)DY648H9AE>4Nyky zzY{FF9|K)U*&T*i+Uo&aNPKHQgP41+Fz4V7R!$y+Nd=kUPb|$s{~NM znJ;u=+_G7(!bLKz%b8KK5(KhAlQ1+$eZN-)nb%9L90aKa%3kD1t3p zXuuf{8sV;^rDeI(Zx*{PY8VKuA^$rIV7w&sB(FH1%hZFTMd8tMA)i6WWqaF=@%qud zyxZO(zB2$-46$issVVklp;2!Xgg*43N)xJ6Td?KRyxUp-BZ?7-5(oa486*AM(JV^x zL%gdem=u4-mMJaDv?xCwr$1R?sE0~C)0VpmK6qOzjh|GB2~VqFoNF1|*mIY=x?8h@ zZFq38L1sS-J!^^CQuzO|_m*K*c3a!95>k>9f+8&q(g+etw{(MacS(mxcM1qdcXxLS z2m*_ckdRn(!y?{^_kQm8dH43-zrP>fACAT1T3qXzbIdWuJjXfDA?_F7=z%ehS&X>t zt=q|r*IIx@aTa+7<0`Xz+FQL$4cQ&q{dw~&Z+h37_q?N%;Ph%%$lhyS&p`F^`=?A# z*CAcb+6U7c7_qkU6p|HWHESg}pIshmJ-11NA?37}W^8<$&En^v7+P?T2!Rih9?6=WR6^dldHYc5$EpLWLV@vhpJK^R&P#5lA zrB7`Mt7lBki6D^}8P+-6$k5HUc?(^6|2cl?c|G}|{atg)A-q11m0t9< z*KWcnS(pf&8bErrnt+;Iinj<^+2S=ubO6@W;riK-W26;m3_FSK1!UgGcF4^2FWGWM zD8?e4SP&opMc=#@{M>B67NXVYDB&F_MuSTJ0Fd3XDAY^l3>r+wGU*B(;{;c`yds{y zBnQxl{Gvfo{%kRi-giKDsPRD@n`jkWdgITOJMaWCxSmunPc~IU?37&nv2b;TK_5?8 zh$yeEMumP3{$uQhps$AqD}9N=!8n`NXM2lftRoOs=L~`2axo;45M22_4rMukJ^@@Z z&J{$I?I*SmvHCk6blQP#nMOMra~n1j#4q0YL<|ahbB}_Qb~AqlAdkq+`tnE;HK6-g zAtTvaOhkr4r3)>zilCeMHt+Ob>Ca^}eB*s|SGUC{Zw0k)h0sckXEr}nUh0Y3e#{SB zRR>>jijSP`$(zC~ea3q7%%@ZESmG?kfF?vbQ?-uOoG;NoEKhp zi$969THHhwvc(Is2BOQi0aJXu(a9pO&(BM(S?-JIrPes7iA2NsMrpO$ZEVE1Zuxle zH2KS4s%h3`X;LM+&*_;JZVPUwb?AkjnWbjcUpehHI!-qW-c~$*u4L-VY~ITqyo!X! z!aK^OkDpd9#cxBwLN1)pG3fSg=(Yr@GZ2M7R+1}ff@NhOTPVc|j(NL_X17+zn{ALI z0W$cZ_F$G|b&9P`+~a&$R#Bof>S_MPCCS=V7jJLrabA=31N!u7zu@nKg${v6UvCx} zJe^gd+v1g~_eY>6YbiT7Y^q_X|A-Ji-Bop&MU1D)Op2!5sddu{pKp_Z39d_gQXn!O zVTQ%6g|a-#a14=F;MmElJndvrcUa(@9e-bYK5Jr&ui3$>ULhTmA*$o*w&IJ=gPjo^ zL#j$QFjb%5tg^hsNriI*^JZ3Pk-rw#c|%oSm}`ut-An=NEuL&+7AjZ_Om`|IWl`vM zddw19a4ix~L#PuRJ2eHL(e*L9S({Fxy1Qa+qO!$aglfN%>25$S+`UR4`E+od_AGjN ze-Moz(57zhn7Ezq@`|R0T*IrD>$)VZn(8Pl8%aG^b@?0<8+v5|F)UORjKP&IyEeca zowoEecboY~aJOrCOSb7tr7$~NS_$*y5h@$f5gK<)D)C)Ot2^GpL zfV_&9?$}>(+4}^BhthjU+KS+6Q5(^}&2pxtBKkO)hl~k1v2Y$d>`7S*ynwetP*n=T z;fOgVp4Jj;6Ai(A9qbrs^lM_x{^*jAc#X$$AG1=rhC}i#6iLLkhkra*>N(#fXLRw* z_riSs6CTC*wmpFuLdArkagmf`mld%DOS5c)M7J1PDLRgv1!mN}wIPW8`H~sov`gWS zCMefO$o!=!FKiUJ7NS1YMn^N^gP?*zteG&s%}en@1o`osoih3LqtT)*TIhb2|9iu@ z_0e?t`+M0BpKwZ}*x$cqK<{t@ZI@Xcemx|n`ov|!&p4HViR=S~lqKF=!_2V1Z9r}w zk*k#Hv?ynrzkL0MI;$OS>08DJ$?YA+L}p!16{PcS779BR5QrVS^X2bnu5EtLi_d?h zcG0rSqQZMEoXrsPR*#4u_5Evv6h8ObN*%R#kFG7|g9%T8{?Zh7w>X?J?o+myCxZPt zjgCo&>eosY#1@Y}noaajBXj~KY_!WtCYRkGW1gS|^ulviLZ>B`kf24Nx2A^hCTj<% zG*#EY#TXMterj1gM11fKMf>;95& z2m=XY{azTH?~_x6Anv}$jw<6hQhA6wph~Mw9xPAb2?$6MGyV@J^c$*9wMbqeld4Ze zkxx>|`NdsgUdbfNnF>HUCBCDib$iAO1_>ONNDV$tM`rb0Av}u5F)QOcxP@nspZGMG z`=!EPk=z_6bF?;boiZhZ*x7+aB^{u$yq)%By=GdS(#%Z)`})yLUhd7=wLwGkg?A<` zG+?*Z;R1kd&(XUl;`90B`> zsl^tf;b?Sl+`%410v~^P-H5lUNK{)397Qg3okH(`mX3muvU9NA`&=F2*r_@eko(7tAyF}`K*EhL(N=s?p`N>USda>ztowvez z!vSg+Vt>?*cyYGFOZ7ZYNd-RIae_WmcPErr`Ww>KI|mnrGJ)t~XsKir9=(jm z>rRI9`LfI)^f8EA`tRiaX&H05V`6aA&MUA5{Tv=%+)Cf}54UPu^it;0=msq}C`CMT(3(YmwHw#8;4=LrM-#(+cKdr-E zV-w~{DM6%L*6MtcfOB!>VYdw>Tm+RDQxgxbhaGrh{y~miB#WOGY;py~g&fVRP33Fe z8@?B79H*Y9luD3}c`j2(p^RO!C7mteJ>>@l#PwsQrI#TH>KSp5Z4Xyb8k~ll2fx80 z;PH{M%1H6aJDFc}47M^0(~%c)*e!Q!RQtU@UH*7Gp$NN-X#H>>0kSccWf9FqvjYM- zyE!PmJH}bOO(I21jqLGe%rI8nBmY*e`_jG|=DlXo~lQxmA$nmzgS(bEC z3#D@3sfOtSCnw>wL2?U0LoE_{LR->irQ&iT!vIqCr%VfWNJlR{gqHu{b>Ns$n zJE?Tih8nrd8T$Bt(h$;T;a&3^mX6 z1Me!nR(rXKn|c|xno^6F?cWaJ;6EJ#q_0&q7Jr14u&uugaY9>2bt92oH13to^!DRw z=~3?f$=a~)fhe_6)^mqrB4}UmrcpYsmP|SaFLGRaAC?yUyxxn24RKra-oPOtiu-{G zq?HtJ@R^B#Sut?g%!=Y_aM?ev*MR&y^iI4-zA;XlvA=snO}82EjXTmu?w74;M(Ar_+`Gbz$=zR%FTl?>;i`Tv{$o#8>;up#PjZ)8%3Q!tb8JA69c5+b3Fu@(s<6nUoGviG8Ja^~iT zd7gErsd*vO;3K2-r7dP@mn8piT%FMIa(Y3>lA<1f!5RAXn*ck)f8><$!+c%uc^cTb z7%tPVKn)g(hmiKll~hQUOipQ9r5H*YCgv-H+043X#7L9Epnp zl~K(y=X&XmNizIW%0Fm4Bm$)mC&EeZJaRz&vqp|-i(cyyfUfXs!H6uqj{ImEj9}iiXj)2|StLa^M?4V~<6~dvP zh12-k$Y63ZFu|6}C;!(d{!RSi+y-mEaVeR>>$OCDeOR*>Ol_B+`(p9Sv#`L_+J)2*8yVlvA{)7a%3)ArR)f^==SfSIZ+yEhL1KTXsyA$*<0$AK)oj{_5d1za znZNL95o}gdrLFF^~C~`9~Q`M?XUR$`J(%ych>oG z>c^u$X<7Uw9V3WL4RkyFb>F2u`{#>%)mfpkIczo_rD zJAhT-7Qu1$$3^$o0>tVBYY+V=!KXa2KdsEaE?RmC+z4M^vim;?zyKRX{t0dtu#fij z`+pG@+J6c}R?-ZH`Ti`B@_UfL)Z%Ihog@C*{4W>1j{u%>wBlFVKdo!<{u^#^GqNkV zqvQW_(JL{q{@2wUIKKNsj z=rCzr5HFd=T|_Ax^?ISzlhOOxMUMpI+@w53UyLQ8)Mk9& zsAYVg+^zWrtE0BLN|uv#R7AENJb4l#+bX7poEU)Tq#bDaKs|0!ch+ZMZ(#xO!y%N3A|xR1dJ z_Ru`h-Ta#}f9Z+h!?^(c~ft{4Gf0{>a#d+x6J?*OweAJ6CW1u!_mT!D69S zJqDQEM|((gFNdhKJucUFx{L&m$K{ zQ!!C6FSu`}{S>8iS|?Z9l~%E_8OLChMt*8fr^33==ug8d@q2ia0V>dAO)eG!q9b3d z_d<(PC8S+d5%fKXtgHPssPKB$`=#dIO_7d74SG)>H@+~J!NbpO9)b_#iuYNZ59DFl zOPBHoUgaa-vt{YQu?*EIDjUQ0_JysalfiK=a&@VA26`&VID7^H_fzT9n+7RKT;>ue z_am(=&|do*hCb#L;4L5wT3s7##-jbFBcQ|@2d>%4UPK^ZY0FTRsVsMCiDOgMm{$H(F`G0m$b!Dgq2SZi|%^}xE+@>=vD~pcL&j?w(jN@ftyxT zNUf*EywD?`X>_V8)>%nruHB6j_=B@*@B4k*4*u#TA_|RH5-~5b7Bt_XeCP~7XC_p@ zi+XRT0HUtk@$tdj8Ivhy&lgZak&R=J#}CG%Xsu+fe-5!pjRAk+c{z7hCY!R%7H{?{ z=0~%q%8i$!(3_8_jI=R^vC?L!Lo0b_MzB`I`#dNlOfjV&99}!_W%bpq9ry4ZzV+mx zOZtvCS!A==vNT~&=2>_JCmNZ)5L?7`V?Pm2`cr*^rb1ctSj_%lRxi*APLq(y5n#|df$%;7LQWVh?qKPRkqXUyE)Rr*~>JTTBnGFF2|9tz4Ub~K$ZC*#?da4l! zs#-%61NJCtIt>?zT8+-#Ysf!=3yBjx_&z{g5mVsFpE&2jymhb^hPc%m68$z^fcuL- zCV~8Tc0a|zN_HIDVBya~o&cA<8@u;cr}U4yWlH+Qt7+2nVbE+X1;~ES5Orhn^|k)u z)cG@+aK+EJ)D^L2P1s?+pm5WKix}ztBBQaEc0w%#mnFG%bX0pb55{tdxkc@v0(6vR z=MD6TXHf)gOSJQRi`80%BcAeQH_3hGE|BuGSd&!FF&)Fh(tFI>Q7WM$t>YyWAN$nZ^=pLtRwQ!Lb? zia0HG#mkb?wNlyDX1sWsV!bTrRv0)IZJ{q`|_Qe9=DW+!z2S(8)1MFYLt-~~NW zjzbk94&N4aqq_&mtBhtNRV)oDd`mjKkeYZ?`DL{!gZuhZKOeOXeC;7#y9gEIoO|Ha zB7vsXguxWQDNt846TrM-;c?p*H~mC%_eUG$eBc`TTO@kXGd{`+1Iie5Z|T@{)e{G` zzOlg-j}#~={Gv47xxajo?NE4!mvt&DM+uJB(b@H-UYvPr# zH!7jgn{?tDlrp+tF>!V20I22*j1)-Hms8#GT-1^4bzRs%ZfaHcrPoaJ5T_(=_=~A6 zWkLoK{vv9u^O7M(s<2V*F{v9KSm23yicwh81LZ(TVJb(>#Kf|+!NTDc!{LO3sUmG1 zSyyNjxnEg{yzxTKj{ zF59{^9D^q+^08+**FMq-jlFQ0KQ61)jj(4x9MA6_yO#VhM2V#@f0qMv94H1h(B!&R5+UJ83%Lrzm!%Gda(NrP&w6y}&?`3FkE`dfzSTPHz} zi3>8>OR~s{;x|is#D&Y8pTi%1QHBXbZ>v~rs)FPL1NxX_+TNo5j4 zCQ)zX)TIoP7Vcmnwa0}jQjg~JtPwDiNG;0utlo4%8)X~FOAzE6euwabmDP*XkP2OY zdSRKMHPMcf9w*Mh4`N(StCkb}72P-uu+`Fssai9lxWN402WJSshh9JBy>1!{$60Bs z4n`Gmv`()rV$gruJ2uQ~GTE>uA00L3#QRyOZH($iNI>--D58@quJlTjQhca@7mkX! z&hY(+H$~`2{aCx+UXTudkF@vkN83;263%#bL@3He1G5OF7;Vo{Qphjac!s&busY zw?5(zTOW@!A5cA>(l2^_V-Q@LhO3258yF;yEBuy8i|?)V5B{t+p?w&GyRw;vMO<1T z#_Pf8rI4VnWhoAz1c42AV z0v!R@+_VbRgla36jBrpX2r-9}Mjx^H> zFhY$D$b2>rS~SYyK8-!<-~BLTI6LYU?Ss#4-VvXz&XU!a=(Pi}@FkwYb5K3S7naWS z#~>DMZP0-YiL5WYdQ+ZV64-zG4~VykrX;Rl+nhy!SaEaQo$KB+}wlNEOvbi_TfF$G)#qdQlc<%r+|^J-TStJ zBf<2Ya5xuCzt~U}f}+36l@(e9bNv%MTDkeS+rr0nu)B@VIA)_t0+aNtC zPecM)?HflYW0QMi+o2(greyeVgu+5u_2l*Bmlfs757Ib|bdriQsfk^i66mI-WggwC zpk?#5F`GKtTsVr@?o4@9L^O&BAAB27M!^1Zinu+?`ME$9GfnOFh%Wy--JZ>}UB(2- z-0JD^?tb+d#ok8&OkP_-2v6qZ%q6BB-ouW``Bp8^0K^Xi zy34iW*(oPuNxoZr7LGiH-Ey|s|3(b-QQPH>|B@`Ka&_8rRcROJq?lsV<#OCV5Y8$p zbKzX`*srMN-m1Af)Gfg29*)QfiRP?ZEPgC09T}?QM)qKWmH0i*{O`u8wifk=w^yZe z7>v(rmF0s(S&M?OGyA)J^PC*1G6~Lr0L~*f6TE9QxwpcPP8IwrDKe(*UpS+cB9}VL zJoOsR_XuXuCeHLo@iK#dU)(BZD{{Q~sWq_X)7gAnq5Wm2bs(%mvWvhuIwV)8&Z_de z+tiaNTU0-8e>>qNavX^KYex%wyv-0$%*Ha22lX+_xnn7Ur7K6OlNC)TD{Mw{=Ef&; z@UU)A)|DoDo@4@)uS*1$xCXc75AW$VOII+P3S7@g@!$~F!eO0-!$lM6bM)@`*cmZI zH{8*{O&2a_)A1K~5FyMKVNuH$M4O2$??t)k%b)n{+>59<;VNK+(Uo~bTc~d5QPk-b z+_(9OsUC(rVKwKKs9dDlIN=1kGUduBAz0-y*k2q{CB3k#mb$LO`9tD-PUQQJxxQ6S z$#c=!g*k|<{>_!!`FVoWe7nV@IL=z(Qb_ho8H)=Md*`>UIg#;!c~yS>yuwQ}Xr-S* z(8(V5c(t8+;tfIGQct2XY{q#$ncusOH3nU?7P5D7rBURP*qf4x1e8p20w;a0t8Kb; z?q{ks-6v!WuA#%X0o%1+_H*o(Qwgp3nRyMhuSpHXj!KH1WbK(H(JTw`1{}r6Z_j)} z-f7?VDKTC)j!zXYq3V9?9(2cFM}Cc&)3@)z$zQ5=#@|un6LMoIZ<3j|yU=K3&PPSO z^Ayj({EEbz>22-3)ThcQ)ysX69FI}Rr? z3g^GgsF9<`Ngx}*&D1mK6@Mp@ZS*vf4HT$gBnt+SlKk-sZEEdk4{)~~rphgN>`(L7 z=8cAS)5GQw&i#G(tu{ooAv(6H7xT(H>7k;&+7w}da{5%0o{?_{)|UD#aA64U<)p9K z*+!u42OJny&%$bbJ@wNUF-eLjKB?YRN;_}wFPgmD0S;58SWP5^fSxMy8DC6?P%Fwm zMprCLz`za3e_e9hO8<+t0}mw)OB-c$vNbCd(M?VC4IKkJQPcNAe&sGsx^#5y$wS|=;{^VP}mb1+*54C-gst!wU>rRHVh zXOmsdS>8`AbmOCF^VfusOYa~W&@N$PReuV0yFRZ;jP0?!%}JY37md#$ki8UQ=u}Q5 zm;^RDl|=jQ*k4q+&sm)MT{*0?W`*mQ8-;?<&FxmXKrJyWkDcyyVvSm4(3L?R*HENX zlX|B9hsrjx4{eEn`aYN|^ThBvfP;wxJ!DBEOVny0z3j`6R!=F>uw!@m<#AcHKNS=_ zf&|O)w7j3%X&O|YT6&VGT8!1$)t&DZJ=<^w>2|M@E9GPJ8S0#fS5D6F(2G3tGI>%S z5dGxQlT~c6gN0QwSx$ASv`-fFgTn`+Zy2_b30Kda>Ch6CK8xc$V^WWyCj5Suic%Wj zom0UlmdomwFLr!ZB8l)3?!Y_-N3Y8trKoB~EcmIW>(AYZIX`kr=mQKd(hCIu^c>%& z8`GBI5Q?e4#!X;HYvZ=T88071$XU}76l~8E?6oN{2ob++q<~%mQL+N^< ziDdfeetupXLFcSQ*xIM zoIoYz4MLTc{N1;Y1b2fH$P-)X$p#la;b}Wl(oCH zRg1xS;EOUVL%CtfC63{?jAkcahrB<~Oi=|LMQuQtNcBwM`ZaMkPG ze7dxiX(!b|K1~+z#ax$GBW{|t^;VZB6HmUa=g6~Q2R@n4&R!go2f&X@2ezcqz_&PLUvsAws=QK7RqR_j#*Gpn3^+Z#rF;I3t<8=i-p4&lG?J8~G zCwHC-$!nm%f`mow`fM7$L*}XMmMQHIS9MvTfo4p^q9Ej}l*~#cPnfNB53C$^ zVSd-%N{{~&#tK13(CnC;Bjuy2*Dy)Y1smWCE7-%pyk{b=))7j?Fc0blas$+QKkp?5KL#vssrjC2!``JZJ>bSNL)*eARgE(t!0=V7ga$Rv=x`rX@g7_*5*x=wK| zfz}hHYZXa6%jaCXpX2!@s{;^yvfvKb0q0Hy{}l1;#q7%?+?(1tj2#R2{c|3|TSWud zFJCX4>GEL1(F8>x-brWB7mi$ATEPNB{vtm-mGM`#!#)ztRfw|JC~6jo*B@%}g5rM_ zk&fe*Lgt0C{nb#&@)kcS*h6<4?ui*OE_35(4dI*7I?-ds0AN=BS*-3R%`2E})If_a z%n3(~YGtMwilly#V&R8+X(wX)afwR@#hwPh0A#8*S2>9#-lQF>Wh(SFea7$nEH3n| za-4g-ctTj5zY4pB978@-%^)j@Cm`6N1P?D&1Q*O=k&}r($RT}GZ&I{2TQ{jg%61w2 zh^-<_0i4zXppzwenI7M_rttLom+!O)cN8tE+4#}1zv>io)QUx32IHWrLJeiq*2Qf( z$Uj8mmdLbKb25Z^@o=V5yktwftAh=G8;GwdE2tPg?~XgOX|ht4-W$y1fJf~7T+~w@ z=7Ys;s899e{*R3;`+*2a?%fhZZ7sHGqc6b4g=d?N_zQ>a)uJ1l-s*1ef#T0&c=*-@ zN~|=S#U@htIF}chRwbc!yS+TH0|ZS3%KEN~(p!T<2CX%MaPtW+e(Vx$23-o@k3HEh zhZ&qvv|Bauvl^qHqUltg0^Ueh+VtpM>f2gZ04gD_vxB*ZnmU`s*^<bIiD_uuLN*y7~&D5@}eOx z?Ze5Gb?+0cxgnQ+k2Ud@>U*tTU2b)ZEh?j%&b}YVFNSQ0=Cw)BtiuPUb5H%1Jye-6 zGv+BrV%{jp#*q(IM-gN+9?6PZB8jqzU0DmKSH?<${g=4yM>X^c3?l&H9yUoXBi1gN z#?eIUOYYUSNiLsnBI;Beshp}1Zl9_7zZUl4EPbh9Bj#@r`SarBJ?m`S-lMU2&$*I{ z<48*VK3SWw<-)Y_(q1!}_{R^|YwY?Say+=yXk@3a@064#Bx1gbS1wc~hR z?{AC8v*(4RT@UJe9t>|R&+2!XLI+I_S8207n?@S9&QY>f2jhqKtbP?PC9?=UH=8Ps z-?iC~@;clY>pD9fM*Wi!h5j}ob6`Yv$UVyJPsqLcF*o;O$0H8QSHu-|BB!0}6Hm@@ z`Qjz0wli%Q5s}Y1MVJnXE((60Qh4Z|f}~z^V)aBP#gDG^i2Xf&(AybMSG|Il)tzR{ zGM<|3Y#U=TUsW3y5;0g2d5HS>N4I zM~r+hO7p3)W&IoLg_$enKx$2lqy~FW!BPlk5M_x*V-fC6aVfq>m=|fIc9W|D{?%pp zXQi=}*Nh;O-QfBdGVTB3Vf17p>E%&hjy9EC?I2Hu+&k=2)4){$tWi?Z8j?=~dc984 z>3!^OaV!GtQ54i%TShKk?eGL|9#^(d=zpWZ>KxIT&FiUZ^44X!W8PORdkY0=RU1bY z&+!Z>U=Gx2Or%mKjpI*wmG(Z6mP>ER4#j^BbNTT_l@~{=;(n$91r@6SLpwcQPjon( z|CYH?W04ykqaVwbKIq7Xo#dc;9Me96=mbw6^rfVfTvA|IYlIvtli$PLg+wd&qg>ca zsJ@D=h;BWTQ@o80*sCzCN1oJ+hALO@Oz}AwZbhMyDBJej*fOH66;KR3GQvKm*Hy$W zBq)6vbKR$6ao{oj<-0E!3wWKgt8^>ekf6y{)tzMD()^Z-?DC63_n4;ef} zllNv1a!A;muzx0!n>l-4VY#!UE)bw*YOT;Yk7f0aMP~%zh~7y$K`^7!u-JD*#E$Qm z&8!Aj6`Ia|GN-$ckW!#kg^BSYM;`=JS?p{@>Z#8K%WR4B^CpU;M=y_rR47hRi`8Y zR6Z1FsCnTZ1_Gu^c*VDr%(QCp-Y@E@7QY3Xa%QSPjGe>_v@7!QMM%KhADDXWs^DLr zOw#w=bsgKMxi5S~KBGK!Ol8;|reS|`cs~$k12Ijg_3-f&S|@v1gBa8m((&GCxm#it z8Zocr2$dqd+_|SHUn-v^8mq$xE6Cse#(D)KJKWE(5pG0U8R`Oz<9~;BkbeOO{@@6$ zy9@jc`58i#V{y79en7V2r^Ys~Im4G;#wn+w7z9jyloC-Ag9H{7go*?cNX^brVfE%- zmsp|6LUmQZ3u1o4Rho$2R^kLBS1P;th}*9#?gg_-y{ffKox3h4`xD%U3YcQ8_BroA zgF)7z_USe+*^*OSHh+-UcX*o4RcWj2JyY$F@SUf%oJ_0U7KhKx(G_-D^2+VFe@7?+ zkG?j<8a;`~ zz|%n-)3x)XO^r#1_bEd}JklSTuuHCYWW3SO?sxy_H3DgSt9xJnFqWf)E8QPV75{CgL4bvM^09aR55A^)3t`a%Q{raJgV= zI6g*(|6$txu7bCxgK_l6*ZMCENYeX?;PI0?`+EN#k3YOvk^|!?fX4J+$c<4xwBYe& zei|73w+Yz?RMN?G#KgbH;}0*|alzx~?pLtktLP;V-MQr4nUz+PoOSiFVgLb#MS(5=hzR zLW#L;1xvLW4i`9ERmdDSUL5Yu3+TMuew*jVQ7mU}3wudX(<`z=6zw$e9ThHHWuUk1kts`%}+(WS8XZsqV zS+(=hx`oTyGpS|9&ZM@5x$5Y|oBEv9y=rB|5>~F)IRLnI?~oBRh*V&*lK7@{dCc1h zd$~&J)l6Jq$9s<9`;MX>^g|T_3NXLHQ_z(TL9!gEX^ewIa@r=~+|GEWh=VI^%F~YN zTdM1OgIU~kiHsjkl!~*RIBaenFI~*iubfUX)o=T7og&HvF2``st8+b)bD9mMwZ-?K zs~5!fU_(CRWV`8pM$BpXo>n!x#!yyM_>S3xNwS#m$fRy4;u>vjJ4aw~j$ig`w?g4J z)fieCGQd2G)oOBmBl~%dEXDb291OFpt*%Ag*?7)9HnpsZs|y3ZOWNJ0>gcro>^ZMZ z6_@*Hiq)RXsc|0|y4J4|D^o7FsY^pEQxI=RQp@^q?b)xRDM&h@@wDBKWLVS4!@tJp z_V9?);u1%J+}l7RnI^V7I0INt!c?!z3pV8#;BJrva_!64El2R{p- z&uG{k6isvk&OxpXF+UjqegEEc_w)mF-todb!yoO*>-5nf)lo`)e;T)o{oqAIP=}Ki z@odFZ=vm&$QTf=~NR%mc>v<--KZFlh7G#yiLkKO~8%X3LccepmL%J+3KpcCMjUE?bI$B7dH?n6xp;Q)1h_H2ROO6*Wk%Squ8N`%FlDkAU#70!RtM+^ zI4T%56lSXIpb4)5`hryE`R4KI%OUsvh9MZ`4RyhB1GU^|Wx(#B`0zYV@%mMj4U_Rq z60j*}pPzp(#Ad$TmVpsSUkNi9q5o$D!FyckkOkvDlYp}uPfO5Y z#;_hhixOUl30Z8y94hjkmP)W9(I->Nf6H14@v@q@?n_5o4Wvr7Y_$6RuF)gc>-7(B zTbV|$M9sF6s!}XwS=5Wxb)6RT%TX(&guDivXMz{OWn)`a7A~P$jNIHakp4G-Pz7wJ(D$_ zbx-*pkF`>NG7o&#Vg1R8NkEeO0wlez_3G;j-d*r9BjD}4nAe*RTvG4+8(%4(UpCgv z#QT(66@sj~{uvk%iW*u@CgWfpM z;YXrGgJbRT;N4Re_|bi>zf>;6+R4@1HuA$VfqLYMtpl221C*+VK4`IQ7bZi1SC`bnr* z<5sJYv4c8`*^j$KfRKCP4YA5=KX#vc9R|geu1`WO!f-u0@mKtk5S)2H%&1xwLSl7QT(#pB@>jDE< zzAXb7AEr}Q7Us5_2Nt&ZY-+)frx3b4t-I1jY9iBxx%ibuYU+9!fAZ8xw%P+9yJ{M_ z``qtke|A&Kb~nm>dnxUx+h_Jh1*EWu(ilM4sw|M~n0$cL1{@w4);1yp0R^XjJZFef zK2!K`sRO=18-@nNUaLX$j@(6b;1@#PV6eU4;&wWVwVLj!3N1oU_^1T9KmAI3ArHPw13yEmWm zSV06@ZmJ!N@!zq%__Fdq0x&p!T*E>fVN8)m4%?rCv)yK%UBVLP1qJ{ylyR<@fK-kA zXM6aZiP6qf@Knk~Yu~1@b_9Zql5{dnl?R}{_^aaI7xzINx(8*=gzyJH;Z0IxsW)AC zFrNL3X5R2uCPrbTNW!o5Zb>@RNUo5GZY?ECWt))IA$9FG#_oniciYMFg@?S3`n4@w zGe6Hk%>7q1s_O%9TwKeB zWVBn{ltcZZ#-mG3?^H$#)GGX5xvdgxk?=U0f>x4&l+vHx)@U>Ext*hYI^_)^ z;wS{|@N~(AgGedFBH{*OsnrXw_Pa3QBGu#W!(R@8Y=L2Jq3&Dx?2Davx8n)pc&))v z!?{M8xd6616eB@7h{^SE8&oU5YZzqro17pF3ME*n z`IyKo))p}i)N$@5GXj93dSW29B&6DkTZqH~)aT)^;AoZ0li2ewOLA_q8-^z}J9HTr z|CLX9q_z+`KfZV8hf;q}pDXZ3?hALb!u7Z3X@%_}=sv4!y=fZxy|%c3XS(_Nq6_2} zKfugQr`);r+r;#`$7jBHU)6|b+}pYVdAoPSnnpaxO8ZXfxXsxnx7IPt7PWb*Wnu^MdV}IU=o_U<6$v;-&DW zjnG`YcJX5d&hS>-*3royG1R58Geq(CyHuW|+GP6-e0KdY{{8l6Kq` zVi3!x*$`A$r8~A&Rvmoz-6Tb7$O%=g@jMXG1dg3f$J6P81_d4u&3HAWA&9rb5d3nM zl6hU2l30xjlPh&4ADPcL##>I8|7@uStvl#HqT)vK*+ji8VkX3&i$@lMiilEYjn zQ7G_=oE50xFh1e39*1gHn=++vUNCCbrSrkWXf>+yw`Xe&pZUL=&y1-+x+8qzwqf&gK#$%p?`+;=*XJ<0T#AlGogef+ln%vG`~K z8Fb>Lbt_5OM6EmV>t={#-LKF|$6J^2YBBxm;1hBC$%YvZKv4N|^D&CgfVMy-x9M|J zwOl|xjb_&4J`)=gAFg6}UMq#pGkQYq*5dY~=UH25okx`?H`rxh9?kBe)4zh+@W@{w zZFu1;U*vkiUGi%4JDnQZ=C<}cTSRGnW$k&Lr1vZB>}37_O~e)#Qy0#`a;;~Zdj?r( zeCJGK?ADn~C3iX)1K9Gw{(Z%$M|a9g3lq^h@N}OEv`~Mbj)SQ9P2nA_73ccT6}ZJ` z(WpZkwE$!QU?IQMrOT@e2lYDZ)QNogt~aJv=Lf9L+mDA_#L&QsQ+=~xy@RNcCu?;9 z8V?dHe}~?j8#GZ$#0Z0Sxtd8V1_3z>gYj+RwU#r6lZDFT6$VH{ZVcTacv2?~a$Ze_$m7$IM4@?e{USR6+3TiG_m6z=^vuPzQxJ>D6ocM?9@ zZ@yhMI}*(2Muy;rm*g@WTh)m|91N*^(D!|a=lkRwYa>1n$JLhKA^Y1etF_A8C{bAR zyS2T@ZPqhhuI&YKIkq9%PmU8d?NI2VSHaXnc?V8C(YnhY`0Tu{(@Wp1Js;Z+W%1kY zn2IiY?|_8OrCcdzwBL=&lU%2rr5?j;K{Zcs$sPhi-<|JduHqWHi)B?uzv}Ojyeck- z(Uk^+yVUPLmmXMd4eOrQuF#>;hrdIhu5q6ow51LDJCU~ADUpg-NM&?YDPKqmGOw<{ z*GeoVCby`Se!)58fw9{x@&bBvo>anWFKU%yb$9v<>k1ixw_}oM3<%3OEz?W?w3)3A zzB=e5nM$!rC{ixU%{_>mQn?2jEKhPGaN-rWhCRv4T~{s5ywW3(7)`tJ%0z#{8RH9& zgetr^%0HAP5N-^V7ZZU<9rq983A-}~>BX+u(KWzYLJTfjIvCHIWIcH?T%5&gGtXDn z^bE51iE}uurMk*;4w|?+M^Y86->2O=yBhQb9n;8I+uJZgK_zNlj{UlbR;eNdBHy z&$;K^duHmb@BQ^w-Kwb>P#NJ#d+)W^TKffKGxVnh_wL;k%UjBHmTPxDI6AHXZohFy z%SZkXq_-f~QR`7Mxqwh-e>5ctv!I(dS9B;9^t4yw$M5L8muzhi171Gz;A*Jxg;1G_)6+G?fc}8NfO_m3uogG_R((gaJ`<$-F4Cp zI*Bd4MQl6{V)XxcA7P+G{GFS_oI0b^LyM8jjI&MtQTSQc%%LL3FhMCKM^X7E=lGp> zsQR$;ZP5=5rN(9iF(`F1E*V^EP;As4!TnsrOiZ}?{Z zdq?grFwQ9a>QM|BhbdF-gfh=Py_fX-WrU#J6OB6k=;La$AdDr8R%M#Z&#WSfV+)uu zb@XA#3W2vQjp(yxv4khmzMG$&1WZ*gJj>X8AH&}w-+uzJC$6$ZCKnU@l)Tj<%L3TO z}I>Q%YCkG>`gT^8wn?wo_OY{}^%ZmAMv~ue1&}h$Cv~()q{STV-25l*gjV zvAe;~S>NqWJ^iT6cJ`uGGHIeOE&&sz{zuM)-Z~VdR%@_372sfe5Z8QhC4Eh17iO|#iUA+& zfe+FU(C@t#82WlwM?v~S-4dQM0VNNSl5dDZ=lB`ZnmuTe{&w6x)C;vF+&r`{vv<-H z3_&4060#66tMijmN0Tu%wSotmw*-Vy-`V^Bpq#}o&4^#Gt}0bGRLtRK^8)I`%|y$dUW*Vh8u&s9b0`DTvG)2b;$;j zplKQIl@4Z^&-=HI?WVh~!!yD&tZ-~n+#}N5sxaF_O(Vq{GyZS2x89WvNzV0k*T0Ao zUv35Tn$1F~iK-E%35cw(E7FU~x@1D#BAxwryK7~SF> z0VolK?HrLu!I-PnKKMKqwqi4-JS~k$hnQw>m_kam&Vq@KEh{|hM`BJFW%pofHYZc2 z(S_d-u?TofA$B`Y&g{MLYC_Ns@*n8Uw{k^Jk5$}4Sjb98OCgnWRMh*2pN09`*thLA zPMYPH?tkFGCaYvOo_w`iESg63<04G>2@d`id7A8jR(`mCblP>t zQ4|6Yu7_oysy1)T?~Y>aMmR@BQhOaM@I%&8O(p>RqsaG$eOQEDguiZ79||#x3_7sN zK(%+xe(=lO#bMXIiHApRim#GTP?2R*C)=tCd*E~>Vi&Q`V7#m}tQ>01LR3A>UM?)M zn_^$t^aC%TV8@3y=Z)zbd{xt0^5yB6j9UB1`|8y@gGld~chNHMmsW!sv*)>J@~=O> zqwaUJSCc|Ofi25PA17_?rqUmeOyKCYzF_Bz>P%01Uau)8s>cVm2J z4?Z1wU-DxI7`lSyEmE4-RE|eFJ|cM-U+*FV>k5&~jHgC#9`9^#3^=`+YREa1BU=+W z?RQYje(u3%KgT)Y>Kd0?&r-uX|INQ^zEUqL;+`p3b1RHWc~qa}K+hnbXvZ z47R&j>z_CKUk9GK(SC6aTsqZ`n4HrIYBAcO4&R{m?P>)K5U@8EG zUyhf1^b^n)N&^4cN90c|mA`_TF3hI>L>0}jDAJ;nFzOY@WIyg;W!&fOq~B^GwTeOH z7_SesH*J4THmpA0gC}uVx?LZRA#`8ku3C(>K#ma$8SOB1>+EHRTUoHWa}N^?Z)WV? z(RnJK0Ap0trj;i=(`JK0esoP?-swoc>vApKqiAHl^;y@u!%a$zY|!G{z=}vwJZwf) z=FKI#Y@y}lxlw8r~)T!JZWSdZzsEd z!zP(ZsT)f)nF5L`qLR9ZZ^!(hK2admG z=RIIbwJvrVutODM3CO{=@c>X`jg?tM!5UPRSZM z56g#9A@7Ejlv7v9!eNZ8i+8JhOu8=X!`8*e=dpz?4xk>G$Lwz1y};Htf|so(;#3R~EYg zf9926zy6GvmPAhL5~<$a6mJ6YD0sAf?8hb~jm2SKuh@hr$OgAS!C2h!;*Txt8#eXN zunaaS35|WGI&G#lPV$nD@PBO&r@%P+UZX*$F1R^h+k~kUhx3OtrlxDz-mu&ny(CO5 zE%KVxgXD2swBxkXkKy_R#H8|tzUFLiYkGDEzId z0&Wndr-?dSz9%0WnX`$WwTmnl!5?TXig#&zB>UPsnjb2)G)cru zS#dNY`JvcJbV}STCjOm^q`b)V;~Nb%;#njE2i|vSg>+;bO+_xLVy?Ma+}@v)FZB{D?CtWmV(q}oIhs|*5ta*J z7C&O~vZ#b5W89DGL`=}pwR|rp0wq}^lo@S`7z_?)+?JKE%~aP8lQjmiJWEjUnJu&3LVN)V&;3)!~I(H zEK?t+8iJR$zuh=mwm-J_p+nd%3-@F}Qpu=td%aW(ko>!KVY zjKvjaWX_{#rBU9IGGn`@dna6 zQ~A$W*Y3@{r;cOv(0#DA-lkDJhgPu8X38^4seY$MmtSVsWN-!T-K@1%y;0tLXVSWl ztL{+=iL>ICF)eZED@e5pzXVO1a7KeA{yXFXGMXZk~ICis1o;0r3hMoc#J5YwV7z}0ZRQKDXu z?`779SL&?BBY~97@oD3;)t;#Po!0WDO+viuA3~B&wO3G=i|Ws|a%JM-%5njd8_kP9 zY0lqz?s>_5#kRFcm02xc5l`a;RKWwl()3_1(919x@EfHQ-HS7Za@6|PH}mmc1+0P0 z*cbqbU{dUsX!V2~0H%=NLY^?2(vmDUiR=6jmW_K-W;zsHoRH`>wxu`GaeBhe`SjaL zC6eZn=x{ON%h;h670mS6@q=lqY1+QJ$>uV{)*K9NqIwQLCTg0BWy3OlMKyO>vVu(j z(lkkLzZn-DT_mT^Ya~z}O(VIHOT#l2`qFrI?-Zt&ALR!*xhj1F?I7jvKF~SR7n2uV zoh*uJPwMS%qYOm17SlgdQgKyZ%W;K?oo8UV)fa!Jsq5+-@1}T1>-?56sb(T}`Hy?1 z!a)#%uho`9!R~yYTHpyeZGJj!@jp`I4Ne))9nTG$lS$KPY}`s3`(X{MDc~#izRIF{LhU1j+*5p)QD@aNFm&5JG{ojY|Gm>kQkw7Xu!(SJKJDk!{W@ixO{>m>TG zgM~=U|6#DmbKZ9X)y3Bk-W+G64ra2o3Q@1a0|7o)O!7y>HRyYk6g+7=oy$CZEsa{P zT_wUE`@{P-sGx1R^^cdog}eYWn}+5zkzEKPQ>nZc2}6Hnr3W}bn>^?FwRL)_O)9J> zD_^v_C$Jk<0|&uo$&W9<|Mf5bxgqnG0DiVrIqOfp=2v>93*=l(vawtdL1dg=2Rln? znq}GVB+Ie)=+*w&LlN-^X0^zrBrlo zwkOmHUl5~jadfSfq+x2f$PAS?bSHSnLO;<@+*$4Yt{OI5&l{HwEP z>qL~?ytgV`e+>D{KO=hK#dEN|biUuS|7HR5t-;@>i&%=9{!fM!f4=Y@F4*2!-$D)I zzg~dT!ZRKJ zGMGvz`?SLsG@{PHZP`2HtGz#c&(J@}{_N!Y1DmO1F{D=HgN*_`S_^m`^XSr2*NsZd zxCIh8i`H@YwWlbD9TrqA-c@M^GoFb8Vw)soR-c)j8G97V|J-N;@l_bD>g(~$#p{mN zM=azwXl+(eG?uAV_m5AkA!J&y*iYidS?ctv9ak0ts69gg4%Ciu3R5|Cg6l8SY3dS@r(O!BWyZA{bRr54d0OTn*ZTZDdqNlBXsZ1VyspcAqhNG#C!C7=UbUDo%&% zr0#S&dff!~n=HQIWkmK%wB}xu=DWaILJ@b?X)muAb$s^f9%Q}%M2xH5Y}&!}%qgkGUr)?_Vlg5EW`?q2Q(v7L;fU{X6&+1}eO*aj zZPw18$ax~i%PhKu_QRE|5Op4L=x9A=5C=4Kt?EH^N(J#=vB=;uqegLfynwS@xix|b zWNhK!n_KvZiYw+Z1}NSG=x=DmNB{75vWdlC>1*pTpz1@9>}sxXL&K(Pr;oHm{sGVK zj9V*sfkrPfC4lM+7?}MMvo;nnznxQ12Yd!exO!>9-MU)XEvDl z@o>Zxj1)&U;!uB?YYmhJW5ki|)L!9W+v%89Yb~dzYv;yKTO2D74>U~=<9M*BTzT__ z%hw*(^GFXgQ4rC1)ZcjG3+OPfmAX zuE*}7^c!q9viS|QussL+h~0O9-cI=L!$DP1f{4{+hMCy>hS~uV^BdgNonTpIRZ0&M zvYX>O;@*q1dkAK?d@eN`?2_d{qz1$Dv@+U$rr5A}9v~YVcy)1~9l!y56KXHFx$quj zG2IQ`K40Io8lge`P34ko97@r4M#(Su2nO9JDBS@qW&3WHicILmtKSeIf&&kpv+kZF zQg_>5H4UD0^5$52t)ziTzS9IbGD~lFd*DZg&278LDa|jB$`Mf8_%r`0S-CBwpL%2$L}4 zJgrj<8nPxT1-gSxRjj(TzI(F)aVq@VG|msAN9C>Zz!lAO({<4=Qpr`fQ>jP%&^gv>va~b@?s97j?A^w zswI-k13%iBQ*63^RVGnuvSTr;0A%j_^}$gLwunC|1C@(qMdfLXHg?1RoP8`J{SDzJ zAPkhN!A{!?X55k385j{FUgx(J#Bc_Vof>g^#(%32j$PAdb(x!}@2JC<<0Q?r4n z(L-?hMzRCz)Cdv%CORj*x6q3fBGCKtqd!kav}{Ti`@BZLps(EOf{qC0iZ4|=z3)Z} z^_x|yGHV=`q?#Om1Oo=MhE3gps_1&l2c?lJ2ht(CiE_fKRo`+En<@7ZFz7hEx7~Scq=K`0W@|d~AcP%**7QS5kHwxb-130Y zHNOM3DZ)1*EY;f)g~7`~w0znLlk1hVf!t1AoLx7^)17LVG2fc~3^2KV*@*_NFSU!@ z;-}H|bp;lpJY%-w^EVx1(;gSiVZcVzgCD;^(h|zSfp=!jYQA2* zSj0)M0GLBd%BVPWxK;uq8Sl^hak4tKxYI}YFrkuPyR6w|zKyVX{Zqd%Z^)0f{*51L z-L%<>U|zhIN{%XCcYyoOB1<^_`i6L)m;tXgjKb9AByQg!={$72bcGgmu%xHF-%?oQ zhi6Dn{bTknO#a#lC4GgV|Lx~jNI|&B}UY2#c*TKuh-Z(Oa zUOHOf!Or0}^i-wA_ro`2liv<~s{#+frAQVn>-H;5%-{}%0^Wq5SrD~Iqo;9N+S+Il z;GVnPdo)dVULWs92Ci1itMS5FpX9ksrcvldo`PM7Nl!Elr-=+mBh%7YE6XXi^j}6jW^N6PC}q99vep`W8VWABCc%Uk z6tf1=p<&ml-h~|ZjAz%P@?ml>!yl$$_R$lx0B3?GQ?*3tz{XGJQv8aII8s$XKH-T60JkqRj9w_dm`3_p0BFL@=1>YUqi8RI7d0_5rf=u_f4_Q#$`ay;c(qHf|J~vIeL5k;#%!( z4%1#su^yTev+>fbJRZqb5+;q}r|O%|E$(h7dpv8e_o|SfT~OX!U#zO4b)-U8)~`xu z%67#a3=CCek1jl?TJP!Mv%7^TG43`Iuy0PNy5TyR8cHGNab1i4WEqTY2l_CqS{Hk zL?>i^-q!Eio&5(ONhuVoIKa0E#TvvQeTu0b%r2AR#zq&pMkv987*a&<~_W_QXs) zKI$yo7AGov`y({vL_F+bJ8_rVm!l0EDqaGF>)x=MQTIp)_LmKx$twm|!FBbFMapU) zq9>dbgFD_foI%RRjdRPp?L8IKsx_!AC&WPRTJXiIRP9}@`+-kg@YtkYtc!Gg*$Fl?3eJDeOkuZ=PS5>y3)CD#q!m0KtujkloX{-Ju~4u?_UN#ukg z{Ht1l=WtyCV?K#L7dGBZ#V~jE&}HYFF_vMHK_8b5`BA1mn0N#f%T5cR90N* z2}9y?%G}R;k2N!e4bI|)pi^$h2o-boyp1*9j8MV|)OcAO)5XRy=?Esu@DO#${-eb> zn~ROx35Wd4FfI2CUD)A69m@8r$a`<=l=N7${aW+mSKjNC8MHEIpIp60sMEo3{EB2? zD}a}~SMaFu-N);Jckuv{fM>|-SuFSKkAT`dYp%}V=1fLXqFKZv4JNTYi<$=5MUu;b%3g2W+zl%0 z_NO$5G5k)e*_Q(aAZwOmoRDGI=r)oy=T2^AA8sCPe*1goK+HT9t6`gr7;^bezSf## zxE%o)ifjrxJ z*SU_c)sCA7pi0e3@~Gr@agX;lcv|iXm=tq6_ufacQScj;df0W(j!#XUIWP&2H4E{& z=Eqk>l-vsL%T}?djP%|JA>O{{Q!nVcEg9}m%%olU=50&G>jHGnpX*N{%yCQOwh2L3Cq|k-qtBwx&SmB3G?mCK| z=r=#RgoJ0SXk8xyq^E2b)UXf=eg+@A9#CDkZ1`&Kkypc8F{T3OKEtE%G-UEOBse2C zxu(cmsE%^f>P__70#wArTFo6zuIi5hj2mYDARw0ERF~l~X`is!>5Xu{F=omg9*auq?VI)FnFB>$qkSz`Q-} z;Vc_1LBi1|$SJ*&#B0~p1WPQzXKg3bJzE5w8{WPYha>{HS38B=W6z0<=Hd0qT4A$s z{mcY+YptI0T%Dt-d+p)Y6`-NXR&$$E$H{HETsq3S>+{tN>o(tKCH27P?- z&Z4kQV`BpQJmt-9$5lEe?x~{yO&~+j9en)=84AO~3~&-qVj9l_l+-iy@s?NziU#O{!Gn+M6jaWSl-ZL7 z?W7FH3ORc<(SXRd$LQ~&bZTSQ^rkQp-71LBo^Uk%%C*V2G z(JZ?=0^1)U?D^u`oDV81F++rI*p!1_Lm`EW1T7%Qf1RprIgvfs zCLYR_4floyj+#`1G){UL$MyKZkOBpDKn?`IdF$gL+d(RLfy{4pfLcf8?)U|U!X1Hj zW9kxnb_ZfFNM!|^M@BQT4S#jShaKC)U5(a@MB4Ejy1|^ar{9mN`fL*=mV_zur;b+Q zmuORt94p6zLwuX09|@stTTz?QCs}78*EJl@RcJS#NQb$#QU#Bmzv!=V_54ikQQgs9 zX4ARM&qVJA5;#WNnGYTs9#>}FM9!gXTU&`rR28gC(g~kFBHg2stdWkAx?m<5NTOu+9Db2rP^Dc79U?q_%QhAau;#djL#e~l^==)IlrNY8&XKCm z4MEtjeTdMAN@q$Q|8-E{D1kb(-xJ%b{>2da&2RgLc&zB5Abw==J2dp2K3OzLf>)=4 zR`q`?PVtuRwZVV-3=Z=#UVz)x5)^DOL)L!szOnpt{M?Iw=#ELxoF~l}imrB}4`5Cw z4!t$6aY~KJcm84FT8@n#JOrz9W?`%>zw5R#>J!hD;yy3Hs7e4MYSoREEW03NZ;v!( z#4&b)gwvc`z!EWa!}lApt8Lq2pWZ!l*Is^5)H}Q`zTCvbyR%yd_=v(UGpekn-FH}q zukey392`Oqx9a|Z9WC)Wt`E-MtrD@ff4L5h!LzDDy5Y`20{H1kz!j(1-op~3Uh}?V z@^2LW@0(Y9pv#Q`Du=sf4nsLVT_~r~gu$x36gR1dvoe>>uni*j2kP zSZFM-IKqYr)ZD2PNG8hN4_;==^n7$W>gAU$kvMs8My^%$BEqJiF6VJ{rR~>Vlkc(2 z0rOxk;=A!oy;*Pf(sF%Uq6yK)tdJX*La7B^-ZPOR=d+l{XTzIkuGsg&LuO`1oQ5+M zlv>w3&Q1u2f>fZ5Id6p%GcEWsl(Yrjv%hYf!S`Y6f#}qG`Y=huv3OHjNck$4rR=ZE zEpdb`|Nh{Io~AZU!4QiPy|`cWP7h24doP|YYC!V^pWJ2*;-8Qzr$7O^+-{!U+s^sT zo!dgeZJM}lmQ>Zj?;>##o|}!&(l`O`k-X)SsjVH%K1jT0m`*Rw)*^|+5j}dIf!)#0 z=C+y;S|;%O?6r){MGni+&G$$fM72(*U%vj$ETOAW}9Iq9~m{&{$9)%Z*lRvmX&bpP}rLm9DEP^TC>4`mygS%B{hnTREp#k7Ee#~ z9!i;%Zj_o2o2#scGsGAeN3~i69{mS_Ve{IY!KIxy>+j!;VHzNT{FCd!I!vcT5 z_@lqsSa68V@3;7*2e3|A)bib5yQ8&f8~Oa(PEC{0D)zSh{)>K80?l*{MI^CFp@zP4 z%|fE7YD=^c8ig}D-ta?-4Ziy;EyJ_dJbJD@tC`e2fFt|jc=S47>%UGQvBG2E?rPC` zdnk*`NBq-+*85z~cp*{K$)%F_iZ#S704Mal)oPVzA@ygq!_`8=@ zvnvtX9}*UvJq?3zS+nKrjusJ(fW`$C$voK8uio2iGxm`ghL>l#sfYO9yy}tB$iO!! zx=&c#>$o&?{V;lEwS4ZOL8G|HZW$T&?fb=J{|B^QsQ)j}dbEYK_~Gx`{KPYl^Wggt ztbT8N{WnwxNFc6O6_p|V`{yeQ9D-p9N77M`)$9*hcuaMdPs8Lf%Eh*G?WPHz`t9S} z)jv_89oqsRi&7JCP8kV?4^Ia^gfy%4C4VBx0B(B>DieF;A3v{3RwufCu(cv)QVwzv zzL!IpfAu+e*f(@oG<0 zpl-i$hPho=9)CY;c+m{kO3R%xzj9gbGuPp{bAs>}PsNm1W76`pBtrsy+*wfNcT~hF z^2cXE31MwaA1Rd|PZmLhtAYyYD7tp<8Agr1kQtp(m3e>o?xtW@tKZ!#fzj0ef@5 zlkJy?Hs6Nz#!yukkX~pz37$y(@(P^%)_uJ14pg)YZ|nB$(~ti9nmcXO#0MQ0$_H5Z z2EI~EtOfX~-T4F|lm@aiS8KmcR4S;oY^LKW#UM~5Tpl3WrUZF{B&Eca5am5WDlQIl zM2D0BZRdlQ*^hXb+N!=B`Lelov5d}s!24p~>1xad-xWE3RsiOIMBF{;q1hYb~r6PxV%Q5JM z`J+nz%eJdFlXr;BuXD;KtbE1*7z#agf;;@A=j$isspEq_CbCBaq%W@ELA}SaluUCE z_s(E8A#@>*U>gitE8CsIF00j&eJI|#3sY+QF951{Cleh1v}W#Qoc!xP6Fl9vTQ#Xp8*kmXmD!DlXu}}N1Suv!T16Q5J!^*unlr!on(eJiR`2$f z$F2ousKX-PKJeR5e_RVhCZ)xueJKlUqT;#tv_q4E3-8i*saLFfJebFD5&N)FUhJ_d zd>dWl7MVSfywr#@kyT7{QNuK@D1_sOaEqtpxs(25jgrMo_fmE)R`y+NHvS(1w!pK! z7yqov>dd^*NWjvCp#C)bxCL0zQx*{2k~7x*3IHps!I^5?)=4-)v(JQyI_!SG$g`v7 zkNbCWXm{1LNk*Gs3+@v%A1cuI`E>SB6PeT{DH5mvLsFE0Z~FY5VD{3>Rv*#C9(mN% z0nDB}ZkW7@`&yvYPB=-9@Ng!BKQVwj8V|r_+_HNJN-syPQkRCZwG@eftm2{$_PMdu zjm!$&aTvVbRb;>7@R+Xx_5Nw7)JVi_G8Qku)G!g6LONZPY6v> zK32_oCl6J&*WXH%IApZv%EY{*bhdp0S?+I*Wjker(i`L#_G)dMO6<);gS;>5p0u~_tz;w>_36meKHwcN?F+^&4tDRTityNg?XhS( zri5J1j^}V|eZHV?i|iRZA{3caSP{Q+w2Y$8qI{)m+Fatv7zqH)hq`)RCZu(HgI_ z^WKg^AfRYRC5bZU`kZWEcne!7S@wG1}x3`6u z2i!Mkcouv4uBM4QMSj1>VvNQ|N|TKHk<2dlh1BvVBMA!LN=Ck(PjT{QtRs)l`*gQT z{^_;hAMJoI9FKHb9l9Rwb%b7d)RQ@E$v*ZB#aH23_eWG@v?Lhd2CDCz=GoW_49Y*Z z!bQunxzjvP{I>xuxC4lqFIr&*3=4;-0zwMfvq5?1t}Yek1;8>PNJS-pr0XSufA5!= z0#N&9gQ<>GAA35BS!QGyeUHU@b39n;O9~^^RR<03#1V6`iEu`xu4M%xmGM7qC9#9g z1d6H8Y0y-w5B=~+RqlJ89%N96cq$hgchm4p+WNelsP`(U-JBCIdgL5N&gu4L(s59B zyQ|9>FfPlVt5l^=Ya}NNZi;Fh)SpS`jRMhde(BK~|&k!vN<`qugqO9=KY3nXs;r zJv~IRu8id6_2hapw`r zDzRCf;$x^QF@+Ljzm$Hzs3!uy`xLV3UI}+R{IL*oNjhYWzZJ-`d9=!o3Hj`fVy3A|0BqqB4{K|VM{;Y50{>R_SH7XJRcs|&9`-y^gXsU zk(#Wa{Df`WIO+Ku)v?weD+W^v(C<$=gb0nHNYZ#9Yw8-6n`4C>AiJc)h%2quor|f= zkRS&xBdk~(1i(1Yfqns9#mcEcU*b0mmWXOu1oPhV4~Z%Fo$EZGles2CdO( zR0rP}y$=rIweO2X@_+(wEZ0q3UT>~ZIqgQ@Y(qHGbrD0=L(z1O_S z7fw@aC%YkI?77)KSUOrLgR4oRkAHO1gXF?(hN9fG;$_t~@#SE-lY;}&3GYg$68A!V zolpslB~;#rW@6*imrf;IZ~DQEzsKnm71i3jMPM4jSBl{xzR=lwYY2tiKR;Dzpj^k*m;zfL~4WCmJhNHAJMAIVQN(^H|=6Am`+(v^#M zd@aXIJ5S|2=p04ohFU#=`fq3^`^}H9=WAfLv+t@KWa2Q&nJ%M6;3$p?kn1-QAb&|% zute^twd39?U%-(#J#jMFBf|pPeW#Ide%3Zz&k8Mo5zAmjdcU4dliqj@gw&}1L1~_~#W#?xl5^K?+fPYq!*K4|+386duzux#Va2{>2&nJi z0M8{mE}f@^fRAK@SfD$vO@-A&c9)RrcB;~YRZoy`Kg1{Ue-=W;Qf59(Qi?-8 zRBtx;Oy%rgXEy8$c1ElP++RLaq3iM4OoP9Jir0)S3^R^ep^doqFMjx=yXc*)ZoqiGZZyXt7uO3t>&ypHnM?riGNDBAFVnXi5q= z;doLvL_LYuRWRFuKOfnuMj+3*QH^>GlmV=B#|uyDoSufYzdp}t0=z<4>W{ajxqcK1 z#!K+ZZh4oGlsL@qR2?kF4L4kn|56W*=Fdzfjo%2<=4GsK_%9)d+7Vaw|A9V`^fup@ zG&sza2&l79NKUyjpf*E2rP67R47(A)q0mi~8@{`V~X?~VIEewXYnkK4CX#ykKGRC|Z)IOJ}O5|DqtI5^p# zE)bP{^yNQT?w&#~VWSej=p(5;e~JM{@Xqwb1{+|idjm_NWuxn4m~A7sQT}u=A0je` z$P6Om=sMZwiK=zo!CBG#TaNhPq3kY}B|h8)(ryL$OaQG1=jv-JYS(!2tL z)0ATj@xPEzOvU}$5kI|lLuq!b3T~VQ{p1O`Q}-`zeJLX-GgeR0KyU-Gm?M@4d1Hb- zy>6X5-;`6#>H3^bio`4^A)bnOp;HQsUVzEKw-aSd6^u3jM* z0R-y6K&w~u2SAj;O_ua+8_AqCVud(VsMT~Glx0lQn-=>*|D9!fP+p{yA!#i%$@BC@ zv1vCA;1}HDwRiTc)zS5IHLLAPvvs_HEg~G(Mqe&D2gh;0yN zo~p_DY6~h@!Si82P~0orcNy8>eX-bT;)(05-x50Jdxk+?igMP#08rsG>eba6b%csR z(1*%TY^LtxkqR?|g#-A=zp}-PCn{`8D32_VWpLd<75Hy0+aFQeFNGS4QwFOrl&+Bs zSTpuQ1B75K?w7@biH(7CsaEihW8OOMGOgul$b{8EnS~mo7KVzuP98{}L3JbZsVGAh z+O_w+H9;HQ2R2}(Js zAqjsoFY>ZYbq>J1x(~AX2!V}SC6F}T2ZhQPADsGdz&+^(d~S-sawr6=U;~XGWu(yI zGHtQhVEVmAKFPBcl4lm$11uxh3)M)z7M>u|NHi7;`2>VKka_xHte z$2qRGQLVqUg-HO?RkP$J6QhqsrS*k)V;SEHeip!?sA(y#AORG zB$qG0(KHK4*Bux@WP20GU~Fipr}nz!oYB zhR1lMk24KVHo92}ue8nbvka6=1}8A>C8ZL_|-ZRJx!9BkokD`-8*%boJ{LCgH~@()8x z25a)PA4P^zV}NjZ58Yz_-#6)%U?u+_26ktNSfb!T?&TdlWv|hYKEAu$_U{IAbZQcF zbkk*=E7MW@Zu@tWcWa!W9NF=aOHcC3UN?#Z1>Iwf_TYpB_8*Kd^=&SEgS_G zv2vh(qwdPcY_pUye_c}C;{m`q`D&E>pV-)R9!d~wRlCFa3!C;d37Ecs#(Y_&{!;y0 zja%@?z5w8(*iOLjUnIhmYL#r|0r(oQcRiz}w#6gJCy6id;$8+^^%PLBER_-J9LeaJmYEspKpIbz0@K2gu z01HV~$-#NIeG_udF0s%F%6+B4uXcaxE->H>!Kz_TL~MJKvqdY#{s;I3u+PO@g%Dh9QS7oqx3g7bL`vDy=ifVp=rsH`)s zqF?!5QmXm%%JS=j38JTf2g$#^UbFGC!dhouc^&k{Q$ZX6T*@n1fJ`%BS7XC*o$)pH z1s$>m21Ry?wG^h&#ercoiXBl{L8*VncTWRGM9p3}s1%DS^%>C(lVe7Uxn`KlTkkC_ z2GgW%+6nUVw)1N+{D9maK0aMx6LNgozHy#1x3|)5uiM)Yb}_>`kR)#}<#u(>d;11T z5l@-kcp=K??Y*RWYZa7%(02pzIG8Y1=#R9Iiub(4i1n7|S~nIpXA6-1aJ{iWUXS(L z*C%WSQvK|EJTPOA1u_rLPprgAUn6~d-77i>SC;*L}4_sHVvgCNo;PBGDPi z5|<-!3+)E@!fWbc^D0C~7&I;56<^~b6`M}10M?HLsRGV79Nsj%Jr7a52J*A= zkMPtTpnEXKu{?WaOMsw=4VAF{2|RPNq9s+bl_QB5BDPH>T@ z{GI?pAE7ynSD%Bss(VYKAXyzW2r89^%^FlqkL(oDm8~YL*nalN3k4DQZ;E%^( z&?wD9CN4;x63@UXum?^B@XR(qBD&t+Y^MEid4L8lVP~l?$EAwey-*AZh{&;=rgFol z;EcTlnlbdzav%Egr-})biQrQ86MrlP8+0Uoy?+<3v?t^QgQBW)GyF*zWeBoMC0tGQ zaToyfIz9Ht#}al-G>~(TBzM3AWhL+?DQGXQA?u0Jn|d}rUKG82?9Isa$j#HkGE7i= z#bj~#w+hLfkuI~3l3{E$BZ<1y>hI0Ik2|l81#eWX-nZ*ne$mCgKaR>-n^`1H^Qe*Q z`g|w5&LJ za}ozXgT1}2x=ZoIQau?1M2DTg_RK12DV)Ror>y|nX`r_tj1!8n%+jhzbl+^m!Mro2 zbSfU7f^NV#92OrP0LEA!!u?&!DqS8vDF59C9?*o7YXC4L9NL-n)$zpLLDw+N` zkwxJPnEjyuoUQ44`jQK6<5Z>o5TBETy&I0ci1TngaMNF3Tg1g-16Wi@0|V()hb6gp ze%{|a3VF#63msPmvRWG<>yu^z?#|2+qZIi->!OI4sQ(M z8&|FzNS~tJ!kGn#?0Y?fJ1VCh``p2!S6F}&j?`k26E9a^qJ0z(m}yuBBmmO^svP}h z`jPmtK8?NADbgZ*wpfk>G8NLwF-|MmuIi#7o4XeVQ0l^%o`vM<8zNVWq;EE>uqOH? z@1!_6qQ_+;yc>2?&QDI1dpt*a?0m2Ae!VC6i?h6a(`z^;*yAXI6a^~45$1y2;_}fz zvy_BT=dKi?=gxtB;7CwMWEegdBbbI~6_5@$iRniNYN3*?%xTuj4^xN~~ zkNF8!kJ|RAWl8dP+}0guIn-sv${t)hf6E=Xp+q&`5cWZfze2hA86Xg57da&GI}M+_ z1_|N+$KG3pRk^Kg!_puPA|c(-s8TUQnIC)K1Iu`s$A8lFagX}ibbhU|abcmIOMl2| zC-9Twl@=RquV_zb3ShWXVf_Cg1n8a zr)Rng)Pw3(ui7~ZJ@0PD1F#X5xS*yCz0P)~=#b1xXnq1UT`WH2aNR_y-3Cougik*Z zBPy||rM}g@WD>L+8yg&UUi`pFEdW}5G}SkttN0ya0<11ydV}iA@d?lb*lgSZ>1o1S zuO~Wt$4!4Ypar6_c(UrXdM?{nL&4m!QUWHu$lhJh;72sxZb5LUNcm0j;^Xrty~DEq zX_Lk9j#tBb81B7l!A@f zKu-oawfeT<{`zxX0rsA#C0P$PwM|a+)%C759bMzigsN`PM8pl`jk4Dii%gNDnbQ3& z3?$+)5W}@hFn{b31J!{V{pE{yENH#HYd;)!UjYTrU18Yys^PNJdbc7FA-ZYL?HfIM zfl)-jbe?`q1~d;v)an^)?!bvJRAYjav6(M{9f52j4l*1Fz_xRB{g0 zokx&yZ>i2gy4+|@_0P;JAqh?!E?&KTywwCDD>kWo7MXd)Z?f}BCxgz%b9FR(B3|%N ztd6PlyQFaHCr5{}^(pgcF-yM!(2Z^0T$p%Q5K-mN0gpvIKvmZsBtT&3D*QEEalXfs z8_JCTWssMX$(E!;N$o4>N@4D}T1m`x(3@E7D@>B`~lVv~7q)|haOM~Y3GnJg4N|dvK-ZJU}~^AeRhK%cy>_-zy_m@_l}xato}kEY{*u#@Sr%;HJ&g>Rq*Mx`WzcbTGMi!9 z$ePTa8(9khd{pf^ImHctljN*(JG%EP%kgM|YGg0DcsI0fvWJo37$I(ZbOYTHUBKl~ zA!Fc?qg%Ynd(vMZIBOW;h>S!?IuVeQf`j(R1-AN~3+#{!$-6P}&MCt!+oH<^`RjHI z`g$e)51jrCIe+$M=9Eg8uW?^vuc7X$@Og2e_QO_G10{M<3^2;v~ zKcG{7J~9Wog~S0A_D^q1@FHhH=M5{*srAe6o+lM^qIrxbhF+lR`JHkC_<+A@i3s-2 zo932G`r`SRtU5vXF+B&TMiiVWor(X>kzhq33Knb*S?5iZ(aN;w%s&{y-yylHRmU%| zc%0nvRl<94kT-VS!hr{UP#nScfv8dD7_7_z&=jq$bli11OSKt#jyFmDR#)D&#UIO5 z2atT=d%RD!#vS)j33){-VNl+f);`X|CUB$+XO)@Zvh==DO(@6Oj6qR-A#BGCO1&N0 zp!Kx{w}8s;x=SQ9s4OG17JwQ;i#NNXQSb5zlU~E4`vsRl{b&*(m|#79vhrm9J}ns! z(NXAuNs zD8O4TTt5};vW(mqFIN?LdkmVS@ibL{+0#42^Wiu)!}XL_1jt3c@Z}<6dwwM&@`H|D zi{-KZnG$W^cpVL7Xo8v+;G8&ssu<&@%r zgGsC$21${k@84*9nOzcT$B!N5>Q+sCpq%11t#Q%I>XRw3+?#bAf8l-U3AN|OT4e{+ zI$wbwTyAxRxO(lDh*EPq9MjD#M-FBnYZPr%AE7 z^L@VIO07McLM5v6YVKOA;wqqYL_v}|yhebmTkByqapj(SWoyvist76=6e;IkJpt+X z0-AkVSjd|TFLY)RzscRXs`Naslb?mp(~4Fk*;cg!_-n-K6e!m#8Ge|dj^@aG=xwEC zohD+ZaS1H7Uk*Ch9q-x|8EzS~skicxKH$XVU$|?yXWy=t#ki}6AjVY zhfl>ocZ|*EB$jsHhNRG~2b&`oTH)AujMSw@&h<3`xJ<@{mZc6hE2IKNZ2r11K?LPp zAuE!49E~laCH8F5bU3JSQq4JpivzerTO`Yaw9M3P9jmRTOJ2%MsmF&qKkcmc8vj7~ zOCj)kqomi~S!FNaPg+9F-_Lbv)6;F)IBHeb^L}^neLf)h{iI~;?bg^U)4EiYF@L(` zfW(~IqPqR3sHb}c(g(Y^MV020%HjN+H(7V0wJsJx7JIW%aM-nj>t&88dW$Y=^k?R% zX=#B!P>*D66-C{XhIuzjJv*SwF57km25*Nw2pHkyblRa>^U1BwAvWoI{p!n+2o7Lb z?Me+cAGx}(s%hSQ%^eNkZ!A{Q?RwhkEPkIM#LQ}($`WiCT0cBx@((cL-<%I9ttzm8 zd$`@+Rc*!mR)SKvjV;wbdbr8{3U_*e*%fQZ<`wn`NnE=q6B%xrm8!U%y1ePxs+!Nh z-ahD|a-&h_95>LUg1SJ@ec@GI{ORpazzB=`5xpWRN2hkSF{AJUgFPoI^p6 z&;Org!{7iQHP^_WV7}ni`l6K*eJldf!@TVrK!)0wllj8N^;FY?0tM8Jge9wEHR<_x zr|Rbn_*J+?W~>fOv>b2hR-^aDgJ@e}x0=tZn*okE7uVA0k)Drev6a!@1LJdeWRB3Q zUVlkZ*^z(iGWsjlet)e}t9uO<_@1jE#yE1zkQ|IVbGsaU#gn&6y_%jvQF50zO@v<8 zkIdQCZM-#}!mXK|!RIDsdqi~DdH!5q{;2kUTU<;w{~YR0go?RD&IlY++fP5!|A9^G z20@0N&hi*B^+5c9pn4Jh#9jAgDh zWu}D^UsYh~Po`{8{^XzR79_~boKq=uRn8`3Eb>bCtmPS&+p`h98kr5PWL4ld83RhC z=}dejkC^+}T>v~3JIe7ad!F9+Tf1-Bgl#+?x*UKsr}v#YWv{R@2>4cES?h%D+I09a zGQRS$>}S7D?oLh4dn57m^1*oeS?VkFwys+4`INGe^SdoT`&F;l`rtV7>GT@jcVIWv z2}F_kF%%@j;V)djdxak>F@^2%l_%ZPoZvmPrrMBB*s0VAru?bG*=q&|C+68NbI-4( zB8yCcwT2Yzl2Xq09$5r$-Z2xCz5Qese?u>o5#R;>yAvxb&onm0vyoY}Y3~yV!6Oha{W~#`|VYRYyI$x8pUeKf8T=D$dQI!aL)>Ma;MS zofK;Rbfdc9%HPg4mjOo)IvMkpez^q(F!=nfWLu}hg+D{lo(%FnZbAV31hmuL``Osk zF_daRgI4Gg^kd=(29WT}pba3hY{NH@YqY5yNV-dj4hVlF*9NvJ^LPO{;EF~UC^!(M zfabs}L;LIiIeh8+TmU_{FmH{+H?9lJzLk$u<^SN@hHV$nGG9326V`jaX><=LIpDCE z#CNpSsoK9Q;avy^Sjo#I5M!bN_+i7Wk9wXF=LZsOo3o6UP+tZoyYgQSLHVX+hLEoI$7Y&{CVOt0UQka(n{o$6=C6d!HbmHM!lNmm3ah|ztDhW|)C{rzdVtGIM6Zxll z{uLJ@BsE45HYgF8;Y^fhHH4}BC5OVKK*Bfm!}@p?&ftX!8$@ntXzQ?>2S zZ4V?)G`S}%z`{y~co72@56}XYx4VN_fa_#07=ZC9ENU?jRO#d6ZN*Y8=1k~qka6|HA@~U=`G^29-)K6D{F77(mdx#3i_Jm#w|8|;9ws0Y zizP#|)PSPW1o}NNMgaU;Q`~QNmO$L_b|Du^e-dq0kVgS5bb9*2aQn=M++Mku!0_s& z6t?wNK%=BzKy~BoF>M@?B}?c@9p?pL!gn+f;5S{@XQr4>W$aP2;# z>wn-*gYV$xBj$6i!epPasa+m@Y6jh2+P1*(sL$4o>LvqeB%lQtJ{xZ!D&6ge>J+K# zc_k_qMo8-QaOWK9{(J9%#`5>x18{%GHyTV4ecx4-VF~PZBLEoO@6^9UdJgmYI}z7$ z*uvztkf^rvg5zl3grD#E%E{eD!us^lm%P-ZgKjziJ;wocw@xExi7ucl(ly; zbbd-B=U8xvsV}oj0{$%YbOH@WJAm!7=(k>$?2LVtBs*xR5(EB3efDK=9`&L4QZ3m64}H!eLSX#&TIG@~PawX~gs8`Frh}qs|u_ppSdp3`M`OHS$G+ z*9`G|~egOJ1xz)OC6mLn0>%Adfq4%))iY4+6Qv8h)6k4(cug1>CE|II3K zAp-v11Yo+?g0v1i6_Y`Oei=bMCAmKs-=Yx3iKAm3tb zeZ~~KI;7^CF-RcP0n%Wjo@mhxA`lhJpxa3INS)oF*RFjVh;((4Mq7avV?ofnGg(-7 zx_@`zF>`s$H>9|`0wY9K$| zYzg#uE{ydO0O~H8&fgH-)u8qHRpG{={>6>w|EQrOnU9w9NCboOyK+Dy=4mM3m$zKh zUEwcC;;|MUkaISISJq<5e$|McY=knN!+Aj64$A@xWrS(SaX1}+}#usgDMo%gt zj|#;fmP;5%kjl9V=%sB>r?F#^AWc8t1C&}380FBt;3$l^B*1K2`N-{dfv3mAbPx%! zk=Ng32&{Ge8Fx&yMl1oZ)M)f;&l?aQ>c}i^44}gjg8n|E*@_&k-88`62E14WF81B= z@ATk*8YbcoekW+x;<8@pww&50Q4Itnl*-fr4=6dEXQu-kOWo@|F~-0qrL`AXwj`Z$ zPVPh{nn9a84#t!}B?qTl1P^VCh3T+7of?=uD324PZR0$#0yI}EC8Ek=3KSJn*l$*rU}imF#y z75O{%lmwgVRZ@tqm5n~H&YDHA#t03Z*Kc=zULW6%DdnD5U@|fN__c&l%qt)9O$sd{ zdOgqzkgE>P+pVtKvQxwNG_D3E7JfqHO%nlTkyEPmjl)lYry4O>$P)HGJ+wN$dY|jQ zWeZGKCO*vpldOE)-ps3!a9flWn@+evjsBvrp|0Og06l-60R9i1=d**$$#E-Nc|e=z zcY7n^>c-NsqL%7d64!p)d}P6hmi>{}VT*POfplbtwPrGN9yDttfw)~6E3x!r)&1&m z%UrU}{YHgpg6GA8sHDW)+8cQ`T#tPa=VsX?Da(ec@6r}JxH|t z<Gx+karW{n(q{!bWDP1=l^7{{`L;J;Um#? zEvD_;-x%#){_iFIF-px3<%V5sPo6x1Z@aDQgq7a$jPJa4W}9iv2IkbB3CEeMsJu8;Us- zQ_}|?o~o06o&$fdwf-P~z|FnDm%U|;q@%FWd6lB5u@6PQI7#YjGEdR}o{U7fO zkqWl3OAsd^{ntGZ446^PG9I>Sq`c2x5U2mRHU5P}IA>`MpSQFbHuS|F4X; zf{iime~#Rr@Awd-XDs89N6G~L-R+>RE<^gezgaL6Ucm+#LxS@4e;;GP$H@u%#~uEQ z7sUTNIsal*yrKVpP0sFDz7~y#zIGOw*KgLYeeGTs+P`6&;_o4_eIt;$#`CdfFguLG zQ};uI2kCjmua{n0D9W59Ay{joPbqi=dZ5swEj$XIU9whb)o?|uhYw}0bv&P;>#$&q z<)v@}5G=x#@x~H`ao;!mGS9K+>h3O?_tWM(cd`L%<1)MqqoyIZfTu)^pO5ABWcu|0;;VfS0Q~0z`afR#R6v($ z*#sC{T(q`jn-_f+T|GBNY+>gmQMs4UA}u~35|f^)Fb;J4%Yppu&3d$MyOy(k+BvBk z3~h&V;S-|h+~dy_KR+%+Gj1yO;M!^&$WLpko!=>H$`Mj$R>^l#_C&2xZRjP9*`3ZB zNxn?nadFd!drh$v2>PS%&~q;nCGj+MD`B%jrMkWKm84Ae5`*%$Hsgb zDMmEfmy4kpW?BB3lSaeYdC9+Sx!&9ipt><+@K87X4;=izYjl1 zJBkpDM=U}VKeO9pCgqjP`XVQ#W>iKV6#6wVaLe#z4|;TLr1YC;t><|?nfi7#Y{E{P zA@NP2U6Ka-Df?^%v^8=m(JVZu(j#kB6sG27B4594wdqGmV&KM5>!TO-{1AR4O#aIu zcbPjU#$L)UueSQBI3~u%;t1<0_ru@RO_74Gj}L}6M`IjMM2|j+9Sw_&u&@#Zw{l3< zrWWLO&A5Uj-wR4L(iHfJXl<_J?(^x}GFC4L$$s2DxwhKq-Eqm6p6ijZ9|cG|*2NXVtKiAZarhonS4_LV*FqB;8<1OxSV``lM);y#!uf*31j zQx;}AEfn$Uz>_WtDygE_@_oa}xYy`h#?mq=@530V-3$;V4ZdQxuy23W!u1lAO6R5C zz(A4qSy!4gn%`|K(#*P0-FNXRcw3;R2s~LgSwq^}MP{13n(zU96&<5JS;a5EEcD-R zn$LStZ{K`Z{D**LU_R~u2#q>{g!e!=vH_6KC@y=GKA>i2aX=w^9N*?_u?&?$jc77) z6!ki%LVUobepAP{7?BPQ_))~bP-ocm4hXS5(+0K@pdco36DE~@@_4=DlV3#seKfSJ zpv&TxlWiEJ&U1dol;_w>Ec!p|vF&895TNUN*Aunr?=McVy=l)z8uY#|N!2O8sg28E z<85MJRsP+|hKyu%_1Mvy({bh+sk;qn{z4$X$9$Os!pNUF68N)n4fce%Z<6zN;l517 zV;tGknrbQ4Q?I@zt6r_8lu758?fisGW;(>Jd6Vp-1)CsfmfPncYHn_BgE^>Y9u*a3 ze*EKPgUK%khF$}x$}1}!O)x(N2S)-=%5Gq~!SY$;+YllmVodC_1fJ-Aa^HH>xPT8@ zS}Dsjz}%gKRUP#*MX*mhwlMB^z{3sUMmIGM=o%j236Xr4<1_E^-Fp5fIR07YgzYp!Bgn*+Uf;L-7#}2{at|BOVR|?LGSOHMiGDA;P}ws%smST_BK>OwxToDMj_m8}Ee6*WVD)oeugevzpHihFyKp^M=0bWGv^q7Fo zLJcBM5;oIbI0}ij(-zmiA#^YKGG3&uSp=d$W=iz^=m5^!z{3iFV7|%s-_(Pu@0+1e z9|K1xYOu(ybtaO^-Kq*SD&Oe1tiUu_2_S@>V$phDOe1IRwTEENV%URt#baP%-_skH zX3Hyg=}bmR34FtM-qnCaIfpgOI+C{!AOeoXa`vq_?FE2`znh+#C9mrdM3niOJ^+jI z9*}ND3mPWHL!&7fPR$b_51nt~?DJE+sICYi)r&?cKr^ccI_%EvXAvGgB^MIi`fb5f zAT5FzFtN&cI$HyDr2)JQ2$Y47v9o*;@?#=>NN#SVz+YnO)~b3%O#7U8_0isa>cv`D z6S)iJITP@EsM-GZd9RM3>If;_%Tp%VFzIEL1i;K`^5k5oWL+1X#=qO=Ghm*tscJjM z<&j-WWJ_UX18XFWf?I$-8iR)U@k$U8=f_MJ0l@2WjQFac3!rQn1yx}9jG;Z{o2~@^ z?b6rPX*i?h&5!r$LJI+M17R-|t#4`8I>Q=>N%0F9mt1!(b2RPeotHfJlnKg4k8qq; zIo3+M2vr^T3y)ji4*EbALVf3%liui8)r~k+9ncy1;S#!9N_0TD6LKmHn5AzCYFe3R z1B?y|2bpkNZf1+L-2gcIJ@2)Yd5a@3^RFFrJL<62@nQto8T5c%_p0YoD@$grp(Idn z=?b(6HDXR`!Z!iEG3_9Ui)8q^RxB)ewARr=*=vCuGyz7NYy}?bMIKa)zs5{29r)`t zo&bP4>Sn)Aw+M(X7kYdZF+s}M+a^cG-6iQZ>IRB^{rlU9Y@iZ@aNPgqOh8EW&+|(4 zC4v!c%bA3*=S*!?7XFf=3TYK~+@ZgkEa#7Ilb1Sfnd>i0rLAx5AoM)Q7gq_E6lI(k zEa{GJdh4>f_7Wm@C%>OQ#Anr>Dw}E?pgT?>Y^E;iw}po39VWnq70`2*%htZJIuF)ImROBfOFM z&{Bh@r|Y^+kv>my=>c3kxerQ;=74p!rw-6WPJQrJdy4M1J*pe|mB(RsQZ}@L`in|F zuNKi2(+V)cI9`vD@68ewNYo~j)*|{v{Dw?zhU5VZ$xF~SI^pc9MTd8@;9i_;2%!pn zPCsf8Qg!kR$?LL=$!$xs|(LSp%;dhlQGT+u^>>TF2dmv-|{VSB`cA2iKXl0245e1o_RU z8YL&Xig)DLV;Ey!SJMj#egLNFR7NenFh5J&LQohSM6z^btk)4e#laeicTuB;aGJVQ z>-brYk!%CDiKn>XXBl*r3F+`P-i9+s&e}gf+&zF3`q}30wdnp?;!H zTrK>>?<_{C8SbY)0wy0`CXi{y67tpZh;B9#qcsOzo(u^TE8%firIaD1eCZHlLjfrW zSr-Cl<4Uu3wD1Wh5?LTun#Fma*ODG`mq{&0Fyp0mZH2iY>SGVoVz+qC%3_(s8?OZ` zEP%yW%Izxxt*n|=3nX$Flt19;a=#)kq-y0xoupCKvJF7OIjq1~TdX2<((2+;`X&>1 zeYR^6<=7qBat!Fw+kx1(#SNFM(i*(}W+`cv*=sQFzx+#{O2>e`>*a1m7-*)T(JKIx z7OAG!i3KR}nk6DaYr}*z%694q)=Q1rVxMq|=($@kRci09`SJ>4X=s^E>M)|MFVJ2U z`qKKp<7Kq*M)S1*n<9Z7NG9Lu^SIuo(nzs0r$!~{il>*>Z4VOk-84r|GPWLl zvWY5?lHYMW@R_3zQ=XRuQ1m8(6k+vxuG&zScr*xBQ#lA|DEW3V4tTlw(Li(c^UoRM zAM>Pq!P3+@jjgBKtPTWBUia?GPDCfcPkjzR8p^P-d82Jy0b13w*~9q z9B6eblsDnHq_k_3L9G6%~aX-;--7M{wBvw5V5hbU-!9>D&4(+hrgh!TJFzsQ{}O^yl4Jd zuNLV-qk@9}k|89hD02AD79)DA>`f>`#p{o6wP~1De@%Ume`5uS5vK{^uhlCn_|=Yf z`B{C3^zVgn4TBA`Byx|3R;$#0tQO3LWMfJYxp@0KXFKKev^5=6qmKQyiG<~kyUjF( z;t^^4(pf8SGFvP6VUYqc@JNuOnEdfxTajc{yq|fa`Kx7h3q-z;69w%1-)jr;B4u_S z+Flm(I5Q}R@VQl(oh>*o)fOA_p{hur85B%Pn3ZH4{d&g4OO)l00C)|PZGFr}OS8*e zR}x*C-f`s6WEO&JENY$@BWRb~IUUJRfyTnrC4nKBRPTas8*&YQ94iwmtXnNLrit{py*5)OzF|=gK=U>phQBYyx1?~)W10-G9 z=+HK3m_I5loQn;4cjd^kG9df{X*kuPdJzi{^uNFOrRQ&__2RV%iB|Fx^vym-Y_ohG zT?4LOfxwkH7)2xjXddX`4wYRkGT!Axbgfb=WE|g*D~<3apX~5PK?axIUAQ218lPMI znZun`))$z}cVl%%ch_h8Ym3mT&d`;HzX`&iF?Y_eA|@_B>$c{-{NZWyO|CUA3$n;!1re6|pxkPeC(8oLgjapMrT z3T=7)OwuQuL49j;Ceg1?*5J&q(83NT8$k}eMuh?y&nw!}(j;+@ApPsh2Ep9jVIlv! zp9>ckJR~>=yhW%&IF8KROob3%)b%#PtXEZaK8QNIXhzIUk!X?e$5&(D-W&G(3m7i< zh(6qHMJevP2YgG5>5jFxV_<(fm=YRWj`1x*w1Y5aI;)PHW|AFU5-?Sa@}!MqpDJUn zOXTt(?|!UuFK$#6>$K_4A~JrOX!VOz5`$Jdrq^xILnx5tFYPB?CLPBV`XvlITy>Zx!}OSpd!HG9KhsJk z*KY`Lrued2$_~NSOwuc4kqECGMFcLneLc=cVy9DTq1?O~06~?YGH$~?`kl>?svvA6p z`|2Y$V-a*}`l%JXE}BWGzONn(YaCs=Ez{!%IAx*N<9MI8R%LBOwSqq)K6lUVy8{%f z3ejXqGMv@W()Vesrr~%Ek>?i#2DBoo4z2SJF?|VDHJ%yLyVkNbGHTV_+7H2F-c7OwZPaA0P61_F}nRoG|ZW2vrOmgmqd$hrr8EuILBIVowBfP5%XfrFz^m2F+|eyY1eF zLvO%YrHgbDCfJXdu50uKq?YF7ZZ~K~nPL_;z;Mr}*_d z7z#;*lAJeoJu~Ar4MY#z1J=8bJA`fvRy>Xwk~$RKB{;I=ICCKsQOQ%9*><>wE8BF4 zvlay5v6<2*d)3vJGrR7bZDpWcY2hOw0)U zqq5Bk3~Jll0f5$4>+yco#dWep?%m}q95ZItHx5OV=ema<;4PHaVLa(&tAV-N*)WS5 zJYbV*pnm7*>c?oMpcI8H2eiCg`ka1dwFBX5A7X7Gb*3*z7N{jCcXtdy*$U=@_i)8KR!ii7dj3Q2hqllKVgi*+v8QX*KM%=1iV4?Z&Qq z3d4(uIC)byT%XTA^88nC>x6{6@I5UGNg@FhP=7L6&so@X_4Apf@`2IJ`v_E`@!T#Z zbLf3|rZS`$Zk9hAWZsxQbl6&^sy8#K#U<`Rkq6~a zBfd@8_|BmU@p$YxdXDRfB&|feounSE}Uf~#kzAO)j zG)Fz8LZE$Z(a3Z=!|gEd8QwJ4`4NrPr>$%XZ#bjt{RtWb`ZDUX3j;_>cOOpZDWt^$ zvVL+B7bngsnhaq0I=}*)JRJ(Z>nTI;W`XJblBAd2!ch!HHMjw7i{Hj3L2n;QIym)^ z;1fwg3EhnvvbJooz9rsAv^C;hV@kncu@6FD(8Bc9guWaLulk)_`^tLZ_5s-VWh@{&ZQ_{gi!W^v#6vyEIGVaAUcny4 zTl`=ekCA6R8DrOioj-An^ZYxRIR8y?M9ag6%cg(AWwoxCxnlHm1fj_a(N>B#Bzw91hZ#%WHldhA4!m)e~#6mWK z9lUg#4KRj<+k2dx25Ple+9LJ8$g2&;VcmJx?t);v7HZE%csO6>cu4MjeS3cCrI^Vqc4lvojDg7OQ*!wWF<04rH!n zX!eDT*E>cR{z=nHOeQy;rW2ML-U{PO&i#oR=a?EP)68#exZO%_^Z$x*x=#t0T+ zerKOLd7>kAf9w}hcR9z#b?=E%@V2lk@s66+ZE({;qJVP{NJdtTS0b373c#^la8#ZT zAM(~ie1?fX)7cI1m%%zd<7#iDUQb(i-=46p}{+(})olcagm&_@NBTg)A~Z1>VLqQi z3meI(+#HD==+~%TC1eG21opX8nH)bY_R*Rqrq5z=*z&Ggf%Wx)9jd%CJPpnln7Ud=c_6YohnB#2Z*<9WJ4gc zrtf?VY71?ngF5?BuejrfTl`VNC1WUel6DmrDdjz7r*scfLs^2Bv~z}= z9+Z07<((H0{3Y9#{qPUycW{G0mbky(gy?-Kg0Ez4j1A5!H7*ZKJ(_?ke`?Lo&Ecuw zsek0QM~~BIbxYXXAvKW9KCyIG>xY!un8>!h7P0B(fIl{$(h zk2@9gZYsxzQih|3k4x$@HX-4fpQsPd2iJJrp;{pcW41F-9DqTQYgy$fw`sxDI`=<& zlg%6d=>9Fv$l3%@K+rucXyL!fk6GRsh@coP)g*2XB6OG1D3n7-jSn!}YW4bpfQCjw zt^tKdkw`$;`UJ9o;{{u8@rzxwP}$4LzIHOSL?$h~FfC~KaGYo>I+uYfG+upXi`Md? z@bTBg15O#z!CwJFKG`!Jlzp)^q9m^ayPGci`4!E|@W%b>PJUlb=?^xd)k`z$(RCF1 zT0y#2F0tH7dZ%DO1!$szzlRPbgz}B7+QS-8ItN1T;G!x zKe)JqT0+<0SK&M`@a#?ZwKAd4rgU|cI1)*wf#Hp2=m6P7f1_Lr8z-@euu+v0M&jjR zP>}wVq@*OkSVLxpcWH#?G`V~xcB_^=b2<=j+LcU3N$Y5XZ?8`B)nl86jb9ir-S(&!0DzR8%BLdqJy`g=dXHwq5K&u+I8H(Yfk( z)akV(>@2*`qt~c&KKK?iJvYSs&cMm#ke$SNU+pD`XZqnJPDqjh?6Ma|t~=H2f#r70 z^Z1hBptyXG)dInp&j=mFqs`p+0HB)eGmj!5z$&p3DG7~0D;vgTvi~XbhzWPqOd_j& zZ5yhnio`va=+h#K2|>nT64YdxD_&t!OyUdoc;O2(?fQARhmdIQK2|g5WPra!EEUOT zj>ax|O-{Nxv87HqLr{p1nP|s6IMlGKF(YVxcIZglhTRcr9!l`7Xvs&$X{Vk3*ENE0 zFwopow3;bFwYW`67vFn4(I#K2@=e24LFY;nd7MVEHHC3!U7Mz%yK`o-LKD0^_YTQj zE$HHhJoJJeb6LWH<))q*qb+4-t8)eZ`%o+HT_#v*{3VLAz;yark%- zK;K1_oEht0CD(&`bS*`d!Y@Vz2=~A}KCl17(+*BTGY`vo?xb*Kd)ZGPllk1j@eqzH z_hs6vo{7lZni%9Z{4uG7?i6b5DEP8q35>Vgo42ss$>_DOLqmR6w_9UyE6Y%^iRI{h zg`U@6asKo#thHZ{ZEn|BOZt*U_3EU>voC8-4ia)x1}7=LORYs~i&&A`tqd@kNeEjD#|_`ZO@#v)afKCMjYB&xKk#b7Rh=B zvxzY9PyY&H-)fJLc6rH+RypxX=wrWls(ncW$3Aqp_yjqkRWqc!B6n}RBgl8tFi0^B z@!*jT!pNblb8dN)`wfrO1iQcAUxbnr8WtYSgoQzky%k6Xo02+5J5nMLWSF8t5YSMf ztl3h~Z6a*)pFl9HK{R$Si6FI@$3cYZsl9I1enKhgO@T!jAn46h?|h)sV0E8~&IRIF z`HY^eK67tz1TLMLo}4upOq==$UcQefcujxcIWh4XN0e&|=x2VYh`feX!73>dEO}bw z8kFEw5*|}7UUh&$s+<6{1wffSq5tr z+TRhgAf8Xf8TV(kIv!D-*|?B5TZ_zLrOk?JZK?mA9<;#wDQ#8d(9b1hLh52kfoE04 zlKP*pN+p*P6n;f4&lb!q^nUzloQ^p#y=1x$aR9l9kfR5!nqz1}1Wl3>u`(t%gd&WK z7fM|xhiN*YEX>)C-@lK9$gjr#8I9WQ(uYAgFLupwfF1b672lB=>mlwv4r({qT2W zhep$F(LI;g9TMQ!3P+B;0om>ES|ExzL9aBwFlNL>T)jWn=H2nd+0>F*zOGlhhF5Q4 zP59Wcobd*`?JBwU(3%H_r&8)_vPY*t#f%tN8_$lVT9JV7uKiHh?d4iT ztyZFiW4Z0iRzbV-9Px?vw@g}j!m$sLJduo_DAanRkEL1QYermz|}a0@qSO zU4M|e7#JaEq-^+-sDw~-?FBJ9F*cNlfc?CZav za~Ww4)|YAC5e%Z!=CqO$jK#FokiWMV3YmE;`1C$b*I-o}l8987x@CfkY|xD)e#Rqo zRuqzzZTKb3W%cW}Zaj192WPq0^yqNHIPMzielY?9?rLAq{X658a0C`-81q9yd+NT) za2-6LHJ&nYMIxN9g<>;Kwyh2v>CrK-6RFU{BfnUrEV=Dqa%O8MiET}V#M>)b^v|Y% z%^ z7?Lq)B(9*05bzwcA&o3ELm)4biWUt&FGBN-Lb(mCv|f?}?N*bl4|D?xQvHp$eT>rc zU3z;k4;AN@fGw6d58-t9MH@vtEGa%H48{-$KO zYOPEj_}NN}V)_()i1}=3)2_^Dn;D2*GA+ayIU-N~h|i^3#z4Rk(gYlzO|kIUD0-Z5qh8Xf5;2#P=+f z?M9Ca;Q|MZn003fm4S`_Zd}>q?p^(jl9lXzN_=i8*h2_#z6ZW|nblzn?MDCN6|`AhN8?R~Wky!)F z3GucQabTW1zy~AJYO}eb{d!*El#f90ve^qqs>W%LJM}4EI$G*7>=PAvGYOphpq&Ye z>VOwW;(ohNa`fEilMJ0Qdw*3i>Kk*q9HQ+>4;>2P2V;XU$Km*)L*(i2V;`ErRaz=# zl19(T&t7R!A`$TmYkq8rMrf^RV1|!E$IQ(bQLH-;yH2KLX8nY@NkU$KwJv-Ob%bWsy`{iF0|B|!JYL8)vyKgiYCJn zLEU~7kd!m7XA?cM?9h0ZfJ>4d6i|k)btJdC;PA9W?=!REH&6aUA4H-KIfyLUwDO5C z_|=y5HDHJktFWYF>!GcF%6Guehjwlw4(UUbHO4-rl`0m?iY;Uc1sc8e2t{(9!UI>0 z@jfNun-DwV{-Bkje#7Wg8-FBZeu2FA4Ev^k-AM(J#@e=FPri8Gl?S!4Q9myHdX;$& z+G26gb{16;_TYv43HKf46LE-jt9yTDv}c7#e<*&gP(Y1v`(s^5-WBkS-C+Rnz7h zgx$`aSN?MNijR zN{(T?>V|Iv%P{v_*lc#$cOQ}~1~4WAajrk1y?^Wybq|3>0Gc%W|Ksf}1FG8Ay)O;Ypp-PyT_W8g zozfjr(kb2D-QC?Rx~rqk+xzkTwgg#o%#qJ{;`gr)qv-C4u#r&x z00goQsnPFUp!90@rTaYUFPdZ3EKZZzEXo!|R$4sov6Kf4KD1w-0%6S@4XOv7^E`;hN&a6dCMgRa{a5X zGcEKE&{r2F^D4BUPF{L9@ss3N%Lf3NuJ)^RD2q`RId;w6>+66BPekQVJt6Qk&a^f- z&p(cdGaU`xgpZ%J`CRe|Ggn)6lv+ zArJp}lgflAd$pXz*NP7Ax*b`6;bnF2eJmc*SP}lj)T(-lr_bimUcU#h5+*KF*@}-Y z%0|}zv+vWrxWMxjcr94%$wnweDeRQj262_lp`^r27E~m8NZ%_&b&-&Mxiu4Jz$ha{ zL#D0=Cx3rE%k0$lxEy#wu_;AZfAHh&w$3U}(L=+h6v?Oxo3gZ>UtOzc)$FRe&%-2) z^Xu>T9HkuOkV~68TJV1a-D_F}06T0tky| zU=q`)Zk$O&Q%hEK9&{U70>1ZGt1yUyh(Lym9`{BiQpan-Lxd)awns%oLFXSNVQueF zR7XF50@kQIFqQ3>t1a%yJfD=Ww@u5oy&XeXT+7DyAVuHBGhW(ioR zjtOOt1kvPQC(pC~qLqob@y$qA9c#M?{Q|dsuK*4+vz`&l znL3bFVIFK&oFNZn=JEJHC#|N~%g!nD-JL-hlPOfHO&BOxLcu6+@j;${ZP7C@(DIi- zhBpFz^Vo+*2iLK1tuOvky!U0H%hCctSh%98hCx91E3G<&PWS^>Tkw_3Y62XP<*Cr6 z;BSnHSJ8g;w&dCgh&)c-w=O7M*oJ?nu3wV!=`qay6na4cZGkbqG;B9#aWm)32{=cX zLuRQ=)Os*syOzityedFnLkG9N=SyviKw;4>Jw&Z*u4n=LSgl%9tovU^Bw1bb?A^-l zf{O5EJFnWgb1*I4?e-RuGA&S@ReNEY7k$MD54>d!XU@Wl;`i`k-5?67$r|Xp} zpp@K~Z}}i!;+>YvJlc$KBpjy9v32JfbG~X)`3A>o!KZMxbv)f0Q{2cONIsMebIY zJL{n$O_mNEC1geQM54Jp-Snodv#^1(nyc7H^~Q`F>+L=f=o2L-pQ&ho1*j@gP38Q&JAD zVYWR1f~5gaAMaF!@ZNjXs=~H*8@m%9hql!ZJu4D<*&c;HQVPh8t+5bvCm*g{Mxyzw zL*&&fCC=L54fk@0eDvBJ-5N@sgp}JZO=j!{$R)hLrfQaaRsoz1#j^2Y4D4yJKP%Ij z4kUm6Y8P3$rLRX|@_}w`;wcVBQ^mq1n{tm+Km$sV%vMRq9PH1ZG7=;hB$E4_5waa` z5!sc4*ISGxi*h;LKe~7Mg@!45Og*R_qaM8p@vQ`I4wWahO|})9ea3i-T1Gws8@-%x z!Mx}tw`cL(OUTXVun8GI)bc}W-74XeJz>i{t3+BulV58Q+n2kOW8E>N_RmFVwz-Ax z_5+MO=qW{bGu&%7N9ua1-HdN#%BM|rPPpvWKGuSaU6e^$_nJT=Gj~wuksK)y&MmE9 zqGC2|%^llWX7bC=a00y&WT{nfwV{E!5I^+piF(X{~~ z9&*)wjL(tvi!vyZb+^Ta?76iStYrGL#p1F94@w6sU`1T(sKe{vky!jnG*4F;u@%b} zd~Vz?f_1}`fZgB(QplDzh*~y_zPKBS8^Y%GO7jf!!~C>pEB)2By7OSQx8WJ?4tmvj z%)Dn|5qG`2>Dedx?|MW!?w4Tx6}FX|K=eW;d5-dpd4KYGfKPW?R0Ku5?>-o5!c%O1 z!TXILrRg3T43fu{Gf?vhFTh8!TUuz?Nc7%GRke49l9^c+!Oxa z2@WkL4&JdCW#Cj@m(AL$Ck2N6>~KD65Q*T0?SZ{%7w)2MfsSNfUM3|=?Lb+`$$7sR zP{;PZ9hqPOWkfqLFmWWc^CblZT}uZ%kn{LkmY=-+1fnzxA0fpP5TBRIzg>Xgzl)aU z85LYR-LBxE_o}-AQ;ZLUc)v>K0f2i3NIw0td``_AKQ9olIivVh45f1 zH^9HYy}g&mcv6yWkp|_%F9vU3p?sSmyOcObIuvG|mOZnX4-XYc@2*190`D>NF>w{U+HpDb63SY>L9@$>C z!&Ab=5L!01_7`K!4C*f&ykG`jImW8wEQPrP@6gs*_t2DYIiSut{g&AumS!QA2;`Ax z!*%8Z4((+*QLZ`)m?bn%hrngA+e~*r{4msR_v7$+bjWcld&isv0V_D4T@mSWY09!+ zutJZ{^WSye!W!Jv$Flt{-Rz#(<+IvXep0Iy;$s(A0y1ByIo+`1+tHPgBU-Y$_YnSpTPU9cYUyh62t)JAN|Ec zblD{&`H)~jpBn{1qP-g*=p-=Mj|?XZkob{3!gQO? znmCxXsj+-T&7+*}WIFTRv|FIU)6)ABlaOJtMI|t4D$MzLP9#dNVWv?nzj&xjABG}u znv(E+yya$T#ULsX)UJn)*G3>HiXD^q?Dfzdg)>FeN@geE1Z4Jur>9??bfZffQL6>C zQy3}|w0(q$X712+u1bQ1m41OS0{iiA766I_q^i1u`h*_y$7YIq&%q(9 zO$0~%$(e7K-w>DVr0Oo^Q}YF+(gY^3GUd=6xXYFuVnP9UO%uJ&TP>NmWGYNz`_pnj zi|LLH*6Rs|pt<~kEB%^O6R2a+D2vRfuL2a8L=UgAF0);|a8nHT1Ohnd@hWV~-HDgS-^Nz|6f0X9BaXQA+FxT^6bdc&7$Zj(Yw+ok<3oHDnR%0{)k^PD ziW@+C5cckeSmw>6ocl9$!`%jI>QAE0BJF<_E$*y3y@JVKJhLQ>w@y!<^r9|N(+&*C z^di%adasNna3BDIivE@Bq#XjkI#zJSbO99UA1=m{a$<$Z2o0u7CT!`ed`Sut_~rv8J)SpIlS^9$ zpaV@Bw$rAJ{kF|#tAu&=9Q<$U2Q2NJ!xok5GGP~CVH{*J-@G{1iI zS@Njg&l-vp>QtK5+PxcK7-(YUlksd@1k{I3_ca;nKD4eLTLQ7##!Bd7?P6qk3oq)W z?6n?oqiMkTYCm~AX_)SsC&V6~n|FEl!d*&>d3_H^rDmV;4A5ecJR@^oMASv}S~V4H zi(C3)!LCBY&4XYz`U@ZUXi@+`cVqd;MGgfB2^^9dAsiCZInk=e@)6mG8&VLq(b4dv z%x-r~TP4bR@3?U1J*5xj*OEkn+&<12pfV zWn&w0xSyQw}iXj8Z+Tzy^&2ykGqM2GcR`T)lT6;PYNiweS)sDiE}s*7{xEIp%&vr~f7U z9_z!>ifcQk_o&Q{k!{g2)BPX$Gg!DZ>Nl}CRt)W3cmhCK;iUrx$1MXmBniJnJ5LBw zmxa;c9290WX5VQgvqMm{hu{vE&z7n%gCKIin?shs`s1L&yR2@XeW^- zh!t@@GGDzk^o6=$r;I->2(M#5vAW+6v7Sb=k2JD?N7)ffr7mF4tV8O(i^B#`i@&A{ zJ|kB*2)Y!@X8S$O06Sk|-HP4WkO3Kz_sJ{Ij->!*L`2K>k|Co56^O47Jr$ZPa)fT? zOU?NxtF;^UWMHCH&nZ>Mj6 zowN%vp|oj#sdIaD3g3CWYjBa#CHFzPN%pmbwgOiqF>+a7N&%-S*B*toLbPJEwb&lU zlPj9|GRK6`b<}}jU^N(56X$he1@DQn-F1fr{yOa)B!n$AAB%^yhV!dz!!+zN4g3`> zngrQTI(C7*Bxm8Tg6Tjs70|^iK~-R;Yyop9-(=!YPPhzd1U?6H2n?Vi*9;Ax(@h|A1lTN$de z0r&yFbgI>0sE!8oGW(5iaG_feRUbs+1GzT~o|s4I#E3X`J05(k0JuJr+*y!Y7c($q zCCCvQ&XU$MvwbQ;<%$f^@{>O-2LuY?3cpXcb6^$Ja(BV?!Eqk@G7W%ZW!4xbq7YP; zqKA|-KQv}D`o$M}Sm@*cq@mbiSM*g{thyy_46`JtT&}v9zvJ`#=+8pP#IG;J$MFMVNd;H1-PxPy zR?&*N7;-x3Ej1PO!HAuT4=31!U27+hO9pufK{HQOl>Dk~7)THQa%n2r0`En&_mf!o zwRlfZ?8SYs!>iP|E5mSfa07zRsXAozLOhnwOMCjbA|7_-my3x1T2&8#(l{bKtJfAj zt?fP{?=uvz!sMiRx%pyY;!(jlc!A=c0?uB--s~=fOS~ml3nJ!axDLndCaUMliW6bO zw`rVvUtJ7W-$B@6?BTnRtg!XnC3`Ky2GmMD?WZ20rncQc^YsBrN8>43mIQw$&lr4q zsp1FI3bQ5YgH*Q4U(YQ_`n5-O8GpPiT57))5W9IR_5+O73PV85C?N$dIA)^)RuoBz zK!&KyFNrhLT`6SWGayDkP|nytw-IOCS7EL;>?mSwPZd^VGDm%0VXkR%S;vl6qQ;tB3*4AGnd2~Ajp;v zS-E{7!i6L7Nr<6u2u*+u(n6WLeQ#h7r=4}7G`r5$`?C=^P8q;I^=*7U4GR@4UNIT& zKnoeY;rE8s1@{|Nqcuc@>3mg^K!^*dSW4H;m++$Y;cGv766IEC`@$L_Yc$$^@v;`V zhBW$!L=cbihA86Zbw!fb4P54%DRVN9ai9R08pz+97ATvw(CTzp0PbgnzVB=hhz|jZ z;2inDgGSHvhsM;WOE^;vjwUr zEs4-k(QL3bFcbE3M3E)(0BTD(js1$(L4Oq3I9dSOfW^;*+CV}@mmvfeIP{V{i2@OA z^Ej3{{2;d}d#z?)BR;G%EI)|n!7j;ziCL$Udala+XyLo+E4R(q_}I6X)MP#}+=ysiQB9&KtCCFWF3*TDe73K8!kPysVB6}qJk ztFj{@#C}DlKmu5!%xZ=bDLdAyx@XBtRdTsO_-(fxXzI-O!!UxDJ=`$BdUFZLyE)=F zqyl%l{>8u8_8ff%gp2lFTc2)$1FggXe`@h2%%eSs=^MD4>8WOW7QS61E0zvdww+Bn zk1I?1Pbo-~mJieaaYi7%I3wJcvs;q&i_qqyVjYvj;c|SV(cWKutKx~n!l3h?tauh8 ztsw697csW7Z3E~d1#QfG3Gxilrf(I&sf8A1s_6(KKJ!X7Q2&TsLwjE9BGGr(50TbqxmN#xayS5}LOJHW*u2h|&bxy*<{Bg>)#`a${n#{Wh~sp+{%ZJ&1;0 z7#dv@sWc@nxxNlyUEre;KH9H>S(OLA!%uyBx0aEjT&mZcx^2cgfOi(=p>y?Y0E{-Z zkOd2ml^LwzlONwq*CSLK=Rh!hW$!YV0gGG4!KkcHV;P^PS5fQTJ#Pz)`=HsUM12EmpBC$3<|i>I^U~v>U-sGpha@=1zy-veQ|2MM2 z0}@E0Qny@W+_iT|Q|~MqtYV;JAEgawBzb6B8-(&;En`csnEI%EZMTTl!tFmkKhly= zKPp2H=#f^PG{~_z5}6+^G%zo&`eE*+!60B2JSrw#0G=gkAdlkbH|yVHc4pIFK`C7Z z&?$AWa>hy_tomP;oVxorhvKpesLT!jkeb!k{4?3)uOHgUUqTyft@iPp-l7Akd|5b4 z;Su5u=m82{_o)IdjyVT`1GJp6oSqttP#gOCHS#QhQXG^$Xh@<~n^G$S%;YiRVA9VL zTko}|Tk`t0$yD>=fW&p1yx}GV>AS=FbGJ9E*GOHWM0L6!oPSbSfcrU40%!*3I6Y1g z1Xs=KufBo9r2jsj{)UFrhksd8bcu7lh{O_dq-V>4rBM^z$^*$o_X&2JDM?C{!U7u! zXN#{#S(k#5rax-wb;$~u>P@e&O}0OGOh&Bzd8Pcfhw*>9i;xo)z%1FF$zN_ZT9?gAwZNs@ zYZHla^>iy5#!$eIUe+Wj3{q~$MCh}`#Eb&a47zGRzKf39s7tHO^R=^>c0FAW zWinXRy4qPl0`~;K9fD-iX(?p6v(<*C%cYjA?f+H&_h;PeUmq~vy-X4K&A=$D>o0MQ zZ(rY}G!MLeg8sa&%xRoxT|A@#Tx; z1Pc#u0Sa(+)X9jgNFiODTZNMsdWvV4`9!eO)VAXWB%K)v(>`07y9 zO*O|QgG)sXrGErQH*HABx%e@SeC{BL;A|}D-lEDw_t|OGU4Pdhox(s{0Tlud| z{c}6iCg)lfePGW;&~N^yrR>W(m*vWP{t*2}{aJ0P83#_C z2GYFw^wTX6H=>U_U`qdo_lqEXc>vtifvfE6vf2Av1_u>sLLr0IJrH%y*GM^QrrVH` zh3oJKo3#qP-cA95T;bcju)Y#b^eCx8rTHlp2ZQ2EAabz#Adzqq)C`c5W~nT$e)@d! z5q+{&`kW>QwRtfbZLNKXBr5gMEPSgH4-Jjjw>UOxM)#JK=|g_^F$ZzqGdl(O6Z?Ar zc61&vi1-gv?nHP6NZ&f|+l*WauZtxOevUY9)jSIBcekfuVG)v(r&kx`5efSY)I-E> zY*f1~qC+XQSu&m(e9BO7?PSW6qVA6;>2=*M+?Ly1L1+YLxSA1pMap%M3~njG*Vwj3_b zd)K{=={4#S7ObX+tOXATtS?zf4VIU>&W1X*4E9V3`gg}g@u!b}-O}xjmHPJa?Dw|N zrbV?lBdIv-UiM0wN7Ws^>#uz)zJG}5ZXSI)(nexB{SZr5HXf!8Uk20yQUj3@CcvdU z3$n^qcfFiE`z44x_%as&MUyB%L76JJ;k4@O5KjI9==uvl;=^}2;V)FKjCw<*@EOpM zC)}SdkFH;G5~rPRT31mD!l0!J=Q=A`Vs$(r6crPD0nLa5?#&!P^UiwfC$Vjf@Hap#;98)~1FS8WlNRU0sDVrNMz%>KC-!*|gTut)H*2C=f2skxX{Z zQExa)>N{>L|23^yq3wAvUq9kRS!O5?uGGB|D_XxuJ{l=|HZ@0j*5`?5ojd1nT+8-3 zvDsJu$6C04zxjwYN)ZkDF^zoBKHj26SyIffJP_Ay8;F_Y{T>>RhotW?TC2T@CRc0f z%5K9Y`*i1$o3h|8VI5CHVQ^eRx5xN{KAU$6quf3&79aGbtmMllq{jv|`==WIu;Y&u z!bKXSqQFZOHFb3AX1t;E|FDo&KL0UCHwS6C@9QFS+e#vj+u+K4O-tWV_phvK zY_`n88w}6GZh6-LxlWeD{@}ed*QrpFBS0Tg5HMjb?MD zx6}_lI$xClgaW>;;nd_U$5xkH{k85u>v2i8eLa*Qpm3YCCpcb)SSA1vQxQ38$ge#B zkb^@F3z03bA*IuwOy1Cudb=f&i(fw+4y!NWHf)4`!h27}rLIyq9MhH0wJh!+H2=Cp zi`QgS&Du{yET2CAyPdc;C#^VJb@2`k4hGewCP-Q>iw^rVGKD>IXDg=OmZ;%rl+60z z__0d2Qwe{nsKTd|_sC6DQYw-Frj^`qB&D1LUXg}wvT>QLubv>rfZpv$DxCVC#xwY3 z$=-RP>{N0lFA|T0?9q|}wbrah_A+Z!tXgHY)O{2zpvm#iiSejI#R<8(+fVEQB8yXxO4Jdtx0kyjN z^L1u(cW;fE^rgX1dhS&ATdO#q3b-yN)r^^DGsh&yD#xBy7du#x>|_E6IQx0ZCO2S+DIpu8q5nHvoD%FaBjNVf4%w!ya|V$2EB;SMi6{ULmF5D93j*Y)f+?+cRv60})oRM< zA^hzk`|g@4f-y^NLtrXTGSg@`{Vm+1hu%G(20$=g4IY#AHzT)3Gm_*tg@?N4rpM69 zE2u8UP7#me^;ezU$RmHYiH*mQyu1BbzWJta5}p*arVEskHgH`j^O~WW&;j>cNm?=8 zcY;SsCCWNT#{B0k*Gtn`=;i>}EkLb> z{7|?3z<=^cUYfhKR5_WYK@gzd=^*Wrj%ih_P*bYamGA+K2cwKWD|3AU@Xd3~$m!U( z`}NNy@!N53kz{(L=iU7woQ;m$XkVpZ1EETBv2bnfBm@>Jn{PD?&;+^IG1Mr$wgwk3`!Po%cd2_fG9OPa<|Z#z`u?H7qEJnvH)Nlh#9uP9d_u+vy|;Bi z+WcS8Wwwr#f zZ)Vi1*!YP}ig$#!wzO?V%Ecwos`AkI@UTvWomHX+0SBzy#ah$&sx5^hL>e!@{_V9M zUQ=qNfJ%V>Q#o7ewb{zr6URebO1yn z&w%2nhVaB#-JYO+Y2F5!V2j4WI)61V<#eg^BeV{nzMHaG@jGUZHDD}#k`ZnNG7E@+ zS{1DNnBFalP3H2LEL0Ngm2{Ly!@g*AIo-Y0xvifl zBvVpXk-2B;X$WrBB9i7|T3T1H1|uj>#cx#mDs``LWUivbll&Zguuv&IS7Z8qvy6^N zexh5^LMqKL3tk;=W9S`qt%=fD*3rUst8CX5GAP{r=7}vz{}g72M_a8>tu3!T>GD>V z8Ok_;!Enh)REmSzLh@OnNU=#(*JeBF?cj4vE^m1pi3k@hsZQYi>@@mDsM2=-L&Nf5 zsh9_yS}UkTy^=qUPK6|pd<4FS%++ELSp9&2t_Xuwto#i?G|L5`oO51p<4RyrQBkX$ zE^*8jIouw^=a7rW8)l~Sr3pw)c=BAb)8dN0l-s~pD|TE)irfttrZ+q^sE)%axv>GE zppwVJIpN6{KqXLo91CC!sHmsaO7nA@+zxA}slaZ;4~a7YV@_4ZjsqaN3=E7Mp_10Sf8+@@ML_SPNiOcMx|=eh z2zD@w)8XX|J|#PHucXmz2Dwc?v|udgDip5mO(e0~_=R9Gb}qm7LgRJ61#SuH^9Ft4 z@ATIfw8nF=HQtvma25FCF4c&*rElyyy%%XUDqO0L>@N5S=NvYWE@s=ZS2rM6A!jxF zw8%00&~HI3hV|cQo`3Jzo*^ip0?6rmf^Wp(T&w9TCWIS5P$`4mlOu^b-X1|XadWBG zJ=Kb*<6~nJrPH~ns8r;A9{=Pj8Fge(zf_uQT8{y~T(UoXX92~!=euOBw*D^H?EI<9 zbspcLG2NY+|23vn1ItW>TX9`hOP&BFdr|jP8Qv$y8~sxC+!Bd&ZuPvj+e(b!^Uaa$ zHN1Eb_;-WrGKjI;Rvlv@)ob5x)WDiQoUaeJr_^prS?aEEy^(i4A7V53nK0@^0GUDH zZaXx$)Z{>adp1a)Dm8hZ#9~YwP1fL&FM#FC7o`1GU5DFg=ND1S@{x!KJ0_948*8 zDz1GHaZWVWtH;k(z`vY;Zg98tSe^`AnD9`I=>F|37~m*-Ozo^b4>njTVt{! zD8^J#FznkLH8q)QELmZIdZe8Atw$(bOrPt|WL{+l$g+QMn|MHY28&xBI_7hoIXbt| zs1I@9lYm-zb_El!{PKHd;nxXbIWA2Bcdl>H_lv8aDyE~C za#UYRZjsT%J+JFyKXzddLt8^PSV2dRwaXdIs*OTZ)N;EN1r*6*YD_O{=B;a&%%@5t@@Xv6;{i)+(MhavKY{QY0InGeH4Ob#WdMJ>j(ogU!b&&&>#usInS9VfDLTzIE!P z5n8yuS5#phx3TVuh(MuqRPatxIs&kp6jhBN`Loh zd~Sz%IgVX3#x>^ri+SmwezpKZD3GAu>B^>gpG#2nF*~ zxr-lObrq5e){)8(JGfyh+|yCUmsbpAGvzA~ZK?;kRGhLI%eFQigz@INfQBdTTOOO* zbj^0vZ!uIV>_S5{(x&Fd=D%ZFKldETwO3H8*T$rA!3z|_^~2>G)SvCE7V(qLR_;j8 zezZtrf3Fj{YOS&DB$uJfc(`nLPELIxPg_W~O67WQ2R=9}c@De{lzZdI>g#`SyWS96 z%EFc5aV(R%-qkj(V3b|6IFIQW@xJ0=Ey%6`Zh{M%7PX_v#_{`hoQ2df*aKImO^o%#}#2aJT@i@OO_U2XG`GlXj!efOtoy62eZKo3kw@--)5_#>g(%W%5W?vp`ie#Z`_Y|T4Rgr58I|- zdPo`88Y+hg-^xM~{m@tV%d2`FavijI0zIqJWH&5Pjf~&2ahz^^xSXk7SiWYiR@W1w z1+RM)V)yjsh(|xU=7Uf!aOH8V1xj|u0MstH5vogYc5g60V{|V`I_B}tVzyGZ=giO0 zpkK9@>Mfe0;dh0pIbk-6tK(w8F7reL*&nEef4r~z zHu@n??YZ`G&M5?&nqw$oI@~dXy8f%+?m+H*onkd7z0`tojomeiEQdDRcccW;Y4Ic) zqS84AKe8|lf#9blqtPkWK<3g}max1KEh?CmDrKW};m>fOvrH>dFgjYxvkkZ+mFm3E z?90?1>;iV1t+VPhllEFb!g1s1h|WPbjotK`?l>MpwTEiUvI&t7L=bU znW4R=u%VIzZ3ePR>cu-B`dN30kNzoGIGDOVPkOmkW^yvRXI)9H*!Si;5&Mh@JiSJ3 zb4-aonXHs{Jq5MpV2#))Q7vVaJj>j?JG-mPAzMaLp(c@-Is>hSimL*&fh6K7?pE@*=xeU?( zO617x3tSERLa;;ghVAonL^TS$=Rb2e-xV!hHk4(Q&JV(44)L$&+vjI`e;uETZPLF7 zNZO;lc+tDVseMckGcMWR&kVARb<@q%5VG||=o09wZn@q=sk8s!Fqts=o|2X(XasB{ zZeb0;%-L9F?dI{n1(K13Y>vwL#f@Ws%A)k2|{DzIJDOiTjp_%Y}V=W%^h2R7rcMq zFgN<$b7i9zjJf*0dVGOVtATumju_Pr?NUiP zy;)av`VOuwKQnu7yezfPcsDDZ6~D_DUL@M^f*2`l>Pa49%=9u_NKoYjiJl$N9bWR)>+S$e~2q5ve>qlMye`T@~+8t;7E zAN^_EoT1pvacE=`p8*#~HP%HC%)(ryUOukles|#d1Ym17x-D7@-9aPb$V`_l2JBDZ z0~}XQTP~c>9{Y{Mg}*{HU0tN@roPW2EEroDiX}qFFq-S)*x53hH5exrmY1SO5rkrV zGY}t^*_49ZJXxQ)}AdTUz_XukL636eaM0ua~7Uxp=W5$f={*~~WfqtWB_k2HM< ze@^#*Zyz4D9+^NFoTRJ{B$kO|e9IepcO^fz0cQ|#y2wc|5XqccAkQHPD7UrV{&?9rD2?}CB|H`)PEzej)RUGHg;ealYMWWq519vv z^RMO6o*lZR*0NIv#)Sg?_7}JAvkF{%ig`4JM#p8*wp%sJ+SCMtd6)N_m7G0c{OftP z`9F0ZFHNt7GH`hyR|uni_+ma^2S@$6cu?dk&} zl{_79Y^jWgA99*_vC=_}^72w}1coJ$MMMMKRx}_1&#&MX%_y+@%K>Fv1}HIx=0JV( zT%8#SG}gWOX`P#Jdn}uBg*H(Vvmufd8I^Q8uX`S#dLbY5hLQpRh+E^s$gvv@oDb!{ z+>AYF3lVoR}n%bE987+m|q_6sB!h_nv!#hbbNhyNDOXPMcC=?sIZD^q%ZhJq|fP2};UuGYsAP^lDX;(i%$VAErhGRoi33!>d&m z7v=&aru{mJ!*(OIT3ti|sR3g8@?EC=$(j{+X}2%H0LHUfXafEy^tTi;zjWCEs9P4` zEc^xRyZwEAeY%NPUd$Tz7gqUzsXTZFIp;Dw!ELvfQ-bacWW$<$z!xlNzmc<}RC~y= z-P+aQAbmon?yaV$0&e$}ppV?nM9dp$Dy^5Hm6Y0xC}v4@cT49uQr0z%Md75+ zfl(t73KjB&naDYbB>5FBU%z|Ug87E=tG-wY8>?^tej*($uh8|CiW_$4%xbn!PKwz8 z3XBqO%Vp*^=JB|p1wqi(fzT;4IjZSH#yR|T@WISGqN|0K_Wym@!}1a8zYJT^=_&0s zm*d1`@%4i~tI7V(>5smP)s}GBr^laBcW?VT`1M+IpH{sMk<94)e(Y`PHQ3BEB@agS zwsEZN{oujV@E4~7fj|+})zu}rcRQmbiMRVk_ga2cf_r#05E7xVXcFP3hejy^~W2uUUh7BDS6wN;MdsGb-^Nk z-PCTLDYa)j_Mb<_-*O#uyoXWu7J23D>G2G{Dx3&Ejb)`TaXgj0{Zx)C7PmE$t~EvX zp>uxqmC1#V)WvS-&Ds9tJs+O+#>{BIAc`ZeqwsQ@8@z&A3BrFHTz@=L8w^r?6!`&` zaAnUQlKHQL^gqVgO2jMhG9<>wXH__`>1VC&cgGliJr@7?%av(3!j-#y8o{AB6iYe4pR&wX?oYdz%^#2d0!N{mLHs zZ|#3EBej)*mq2vhb6fT#S-HFaR%!6p-u%PZ^!!EZ;bFSN)5h=Q01JW+L=64S>+->Z zve0i(`PwIu;lBRIK>c4|+D-(v2vOE!?I@GLu)5PxO@f5Spm_HPj%)dNy8iBvo%QDW z7{U2(M(+Q-7zNrd?v*4?SJNPTR#a|xn@AqlD zI9%3$?3`DSwtsxdL<35$gnAs0yQ}z!rp8zxSkokAjWswM!ME%tX(XfSQ`mp(Ghi4# z5@t99dy?#+_2%{x!O{5qHS!H*p7xu7H;m9dAzNaoU426KrVNdGN`E)jU*02AoKOf- zJzFS9Fi~zIDi=xsv;1@kF&+(MX$p1g;$+z2h0zr<8z<1R*rBc@V0myHUGcu_b(#?y9rK2wSqHHdV2MnL44&Y zLkA2u1#gF=^FOyA#e?qzn6Ef4Q#0tl>0&~ZftQ)ONseWK{EsvKr71kX?DHPMarXMh zmI6~ipaEDunGcZbhy4HC9k0MU$bq(=sOU-mwy6}Dz*>k&*KX$iUp@I>Ur2ZZ3AB~R z^Z@R+P2B{C1^Jz!ht$LTZc;#|18wav4CVf9Q!~|HflbS}dHo+fzk&|5^`@kf{I^Yw zfd@K%K$>9*|F=Ew0<;x6o%IUxcTM%N20C8w7Or>R`*%I>B@MK7rMfrmWs+chBK-PO zIfliU$?5qCZ?Vyi`A1*s2Q#N2EJotR=I^OIE;lF}hZ#hFYf(D|(3ClL`F=FR%x=2f z-Tmni+l!xV_ES|Uc-$u629h#sQocX!nLF)2{;Uz`Wf3m0x|F>*yA({Ss$g$OvY7+R!o zy$b0P6{DHm+u2==#* zf(`wn;l;I2J0fqzZ8NTU$_rCPI5P@b=H>3ce}vy-V93rMs=$X7@ZlRz(koPM^*giaNJo|+QX=$* zt@(fnHtmm0@aqOHdk0V}b3^)|4zg4z(pSNj*xcqCN??yI(`eGIG>@T>EiAw11ME>W z$%Kzd_*@{1N?iKCui;F|S71thRlT;*usIabOEX(a#y%Rp5HovfW=Y#$hfVwwUcZUZ4Ok12~n_W}FfU z3==I)ob2S5d8E%Y8PVk7_p^>!LV<OkI^8Ao`!1NVa;(m1~0SljFqip9HRdU`MPuri_O=B_Yj=e&bZW#U{n|5(9D?k3>AAABR zbHJ`pYxBunq@~{aV9sL*-_T`)*$=v_j3+Q z;${5E4}kI0>-o%A2FLuP<(5rb=H>*I(sjTqhS1#l>~@3Jg24UkA+ID8E5U;rSt^D_ z_G=K{ph^rqNE#VmE027{V)lDI*oag#S2>n3*K2Mk>rliPMze3@DCnQc1+%c{J5f;Z!V}>?F5y| z?kr}`13)d2pwy|Aio}4rt{86qrhNc`QA*N%kk!DQ%q1&~Tvpv+(ySML5e}B_E{% zg-T}_tv%?F4icre%MP-HP46KoPdKWkiP$?II$2wGdl#c8YH!hku({I~xZ3cU8oZ2^ zaE)lc6ktEfHskdKU`(^5r&}`YU-X!D3$-YLgHDac=G3#$2wc1T3%Ep^rc7oxg#+{-PZaZw4JZ0tG3wXP<||+h5wn| za%j^KLXtl{woKi0&rWvkv0s4AT3|e6rNCe)iOn~CHFRmgc96nnS|2|8_4d2OYEo)Z z>^{HBc>GoM!REeyjmx+;hl@#Qy20F2c&dhoX7GGKW0O3kQe4m*%@hZ-I|?y38s)`k z5b|6yh@cKolsX&K`Zo(e<)AI5hw5SJS!J7_6X_?>`N-g~cbrPrLcqQ1Bb8u*(b8Qv znA`boC2R=2`nW%x`n)O6{2KdpliwGAIepZf59vH^P9pmbQaPbbWQim8H{bUrjQdON zoEx43A_aGD&kZrm^!maCwRqeyw9uNFha6Z|l7Pe9WU{LCn|~EJ8PDH51)ee#+8__p z$*TXy-g`zxwRPK~A_6K10so7E#U=T9KSNKbnHG9AV6fOQV%Y zH;@j(X{C7>|8*XCz z$m@*{mRI-6Q@lC|HjytDvJ5LzCJhK~QGH?Gd7Q{4ENyHaZ~9c7bxH-7LC768G}rCL zJy)Izt9VUVRT_ER;w#r@?Y>w*tUt248{)SdgnS%!i;Kk(S{*FN6VCh?x0ib97=Ve0 zW|NdKXfAwwet#Z?U9E7OZr!3)tu+`OReao*Nrm^m1p1K`k55RmNZ!NiSk!VTUm(nQ z*=j$hq$8>taUT3pA>WGl7F5}kq?JU{W$!$(b~mMhk~kP@6;9SUQSCWZD1ft2byv*I zO}?&Dl%AA3%c^aw*+{p8&g7{!G{rA5G477IHFq3kx5ym9;5B=y_yU(?@@?ac1ZPF1 zRuY;Qhzx2$xy^Wa<3#CSYUZt3Y5aa4JvgSPig<8ZgqmE|POv7J9CxR=AM{BsJ;YBK z>ex$I@<94mcoSB6ZM(|0?(#*g9A_PUr~7!cOIO_P#W^$1 z%8@8xEo-5$vbf?|QMR(^?$#Rzf#}8Eq*Ia?FuU{8WFFS(d9>f<`0H0 zSWj_ud;ALH&$h1D;F>l?^DGG(MKSlL>ejrzDdu6P*0AhjFl(ijt5sOCtL{kneByeQ zo%Gw4w?WU8imupRvO1X`r5|_u?%>V~FP+IeeiQewqq!2jAgg_4ZL#<4I1NYF`|L;( zT9?vaE>*Z1e|1tD-q7PqM|gE-AD-4IRWWmAzA2sGq)+LiFrOZsEJ?S{L^ObY1?&-6 zmA*+89bF?%Y6K4sVOmrh(+#Z0HP@yb|kS;{&-i&=M185_1WWb(J}S*BU;I$(yG z3r0TnL`$fU^JeU6I48W5rzWr(Gm9Z`0Y~;{X}6JYF7VJ{o27zoFQh=b&n#?8#vGkT zOU`)Z=-}uvWHdrWjzZYMj;!aXO@OrjJwvh}w^@veoayfBH!0llYKK-ZC9Z`sQuMEq!I?EjyB~^!3=6#A8|C1MeP24wWXAHpw_+3Dv1fctQRS=ZXif(F8Vk zc{x!{27)%Ha^{~pACI;2)Q+k?j^8qHkcj7)Ou$o%yx;jODS<7ussxj*YYcn&z}bu| zPxPb2W%%ahrosQSKNnxeB;^;)eUc?wbRO5I!TVhdhi%O|I-cb(*Em$`b)j16@6N+g zrp!8VmkV~5Va!VWw#kBDro45p*`lr6kvl|>8y8NK!X+n`sQmjY&UxfhjCxax)GH`< z4kog<#^3mI+#M*;V(t8Lj|Uh;M8EA$d^1_>tw?>NYM1}ykc!Q+fmYbV2Tbi=hQBQ# z_#-U@#L15!rgrSD z?F}Fn%Cv*15`ME8O+l%ay%SMmS)-~eC9^5i&5P{zS}IWK{akmk8i8U8uv9pJHU_3k zIhH0!u4WHhyfwqp=zZ>ZS8v=pM6JkQOHhMG%Rb5vGK!@&t9#nG9H4_>9Vq&NZ#<_w z#f%sH6D7u2W(p9PB*H0pjJ)I0Pz!p+xcY;U=~&S2^=K2^yQaHwiuKyX=>)m>K{}lp zkz)}lls}dc<8Hmp>V!3utfo!A-zLdUyCm4~+6B#W%_( zht#f7vbRk*dPGTw6wCWu;X0JTfHg+T9@|x*)BAu{xbV6yZVsx&33;a{rp#aN*w1=e z=ym<4nK3b)!mq*RRn}YfcLYm<2{v_#3p~}UiybHhF$8lS^{@gI3 zk&+mPHicmip0(mA&iF4?tgh$|`eAR0+U8#8(0VOqTey5r&pECWqKT(F^l1;C-P2eq zZr^m=6u2~+@L8*&eySkc*OUXB+v%XMluVbk3M8eap>`UI@TPJUZq;y8Mz+A}cs0tG zu*w2k$M)c%X__!M4%6IZu8Q-^`S>UfgNEm2D=tE%t_9eCWR{N-eePW@(!S*H*u$fZ z?71K_mBg>Yb<_#P)fKuboSwY}*@|2dfVEfgzy(adg*u5d@!&&nbY=EM=`QExn)g&F z?{6KHEX%VeTRO`0=}syvw6eoP6||d1gfA_cx$mLM2eCwzhJCJ?bW?N~lHf%P;ybJk zcV?N0UK*d{5LxokVURlS`z3bJW%x!U{6o%-w`4-Ec;mTOKXn%^ZnQF(Qs2E+pWlvN zicd|HAD6ij1;P0wk7tBx3HQlYBTeAs38-oDs1?RrnsWQPqhiFD>ceW961wHAjl1_z zvG}EiHEn72-Q?Vn4|+_cxdK~pZ=J>Va75>B;k5`o>ZPno479YI-x%$tABtvf&`a?v z6E(-usDL2CNBd4ASp)C>XsKSZQbwfKR!ld_pcA|Acxk-d+r9Kwms2yL{M^3d(!mm^ zN&&OAxcxXJF0k7KN3g0`p8D&uA>ZMYFKJgiw>@lW(x}AahOwu%7lg(JqHDw(-F^{! z#{IFF_<)H+pveU9==RjUqRFHNjxt5Hf)r6)bq^z7RmFC3VmZOEm^(THMKvm1zSeX_ zH-V3gvYe7<2+UPC-;J^*gxqEQliUerx;c+sgoUGqtxY>jnhpxMN2n8|kw5!R$ zqwF37XTaNcS?A+!l%ml{rci2vrM9E3)SN%n&D6^`s_w=(Sesf7T8F^h9ReTV_qUF+ zcrDus;c+0ERKk9_8i%|VXFcY5itl3QsnNSwAz;#n8k8tHk=Gf%^U9*Eu@F1u;N^8Q6g6@rm>13kA4JRS9C%$W68(HL_WE34<$^&f*PHk4Z!TqB;r1)b zbmtDzS?D=5IoIv7x$(eH-Lh>W#F(1*|exYEBT@xt4R*kNsmYe_y)#z`rO9*>2i{P@|;C0HIRD7bH7{LE;&P7kTvqK znUT0W5HF#I-lAf6PD}Jsc;VEZ>kN2FtC={9Q=|!cTP4+FT^=s^$Wu%3q`V`sS(41L zI3Lik{unmX_^{>yYcrM&t!R(E1>=P}ANxWCx$fjUJR-{>@euQd48?LEW}^5d1E*~M z)%g0-n}8;WcGPxl;-)qJRQ5XQP4ySt!NJfr{U*ND^RNv^O@hbKPrOQ+3?6N_oF?+j zH*_Z^HP$dAg?SC8LQ-T1Q~Pea$rf4C*d&RaB^RW0g`A1VOy31bHhra-HUUQ)$_3Wp z<|D=-`F*1MtU)0WZdTUqH#*uVGrN)#PHK$1H|ec0fIb<r;QzcgU(<@PzSGY?c6Y zw*O`y8Vw=u`jhthNOrXZYpe-Z8N1d?!j!EFJg+8FQw_VG5wC?$r|z1QKB}XX;J+!v zUW_E|J7cTk*WTz_+Gg*-1YVno@=-ySFJ)N-ui~~Mu%C*?pN~OPmQp1u0B_@k$F;3o z#6~8?k09a7QK5j(6lH_DZsO7^tumyH5>4=)g1qO{CWYXYySVnc?5TfU%I=X`F zm3g6JLuOmrDzr@jepamft|uMTj=Xc)70+3fO)H6P`$s(H!pt}>hWDmaV|O)!)ya$8~Kz{x@x{J9C#Ew@QcbV0~6`( zR!jFBmxe}Tr9BN?UDt2I9DGef!ynkCan-Hm}TNxg#2pQj!3Z;&7+8BSSQ(^6pV{Ul4h|gj; z?ea1H0HFQM_iw{FUs6wAQ~#5=zx|x91y}ci_WT)l{Fv2^_7Tz5$*=zQ68WdKqTrcK z7Ve5RDIppj8ZYP8V_T|1s@m7BmZ2XJi#R>2zasMw_+N9SbX^y8V=c|V(tt>?%@T*v zc`xp3*SK!o7xVO*;&q8|I&G-;$yaZDrIRdXq%~h4Gduf;>*g&*>biKAci(<}{}7uo zAro{*X85}pT`UgMXEv(wqh>$OO!;sFbPA6>4%cU8T6Xo9K%lt z0{B!b7U))z8Stf?)@(~?y?Vzln}HIjE)62NwjYx6n|B+z=Q_8B zy7saN(0C5=pGak+j#gK6=6?wPh(>hn?(9)q79m0-Z^99kipJ_Ch0)bT)-_Q$&%}FV zgm~0GGZMLo(Xw@W$`L1EZ%<5y@)u*+U>XrZ8X>y?^@1~*1mu86SWHuw~*1Kp3&O~>Z zY;EBzxHLZwQB4xX1L?;Ca0R7g5fE5{8_fNRJ9Tm^H{ujP;#Xds&yrdD3T0RS96v|9 z_!fgUbv*CfyKb|k0yxPrRo5<7egy#q;}tJlbGLHsdrMpWROwjU1{AM;uY^m7fxJ%A;FV-6N^M|Uu_xc!^w@nmID zZiT1UBHI!rJ!v#gp|@kxNEyP~PX3D|p;a69^h83ra7*2^@LXOrYrh5Y)ReT+vb|6! zH~qK1xOP#T%vn1?2Sn>snc{mG$-^ zFWgn4+PRFK=)!K@{n8N*zydJ7?YUE}MJqX@zx4psxgDH|7F8JOhwfKr{ zE~^+9W~{E#keV%wPWYt4oPYf-L38~l`ovyDYf-f>@+Mz zxpEU#RoE$RGJolmY>NA_)ow^fq|}P7HWAMfyUr#{xXpcWxu|k8ko$V1N7sWdQ0BM6 zN4#lpO4r~a3RpUWDVoo~Y9|q~23Q6oF3wa6>Z>WMw))l=DJa@<$6}-p^%#7KPDoLv zmCMZ6V8kc?;DevHpSdk$x&b-b<$1C0!|MH_$$;GEo5%Lo-BN=0)8Qjwgdr;(!oZYN zcy99B`Xd&-93e3ew~&)hseG}QzVX>^^9CP<$!cjTo>4A49avl^LX;Sc!o*y?c;w^Z zEj87R#Z-J2FDFWuQ%?`K2Hpo|oa<@m0IJ-wvB9ss;~_tCrZ#A_@UULpY^wRs5;|Qu zsOnp+$l+=K0ZVwDV{BrI<9j-XUmk=LEA)YOjRdKY?poOhua2e zR-f6#PstWvAsOaE<12WV#j;gPuliU{<$!ecDs^p_4@U|QM{IMXMUxuUtsZ^4@Kfj7 zk7dT^2D5Nb*s;5Nd)yVzcJ3I^P`paRgv(YsdoSF#CPfkG787C@ACbqS?C$kuYi@8W zRfs1tybKn!auHPZzI7OWv2W}CD?EJoDnbxUat8&PpqV>Upd znrX+kyR(yqg?$=;0B=vX;2j$v*2BF)J*T5?^y|B;!*T(10!OFK*Yytwh{XVEs1_?5 zIHpZ};QZi~n6~Sc{DP-g)ZaMOHaO8GVuGs^@t(4kP63rG_bZ0mD2hi6z&F>qM0Lk( z61aLVA3w!8f}=8R#;K<{9nh{_hSZHq13Z=kA1vLGb?%L2G}o%^^6%-PGwug+2i6p3 zo9#4unruhhyZwEH(QTWS49*Kf5%c*6VeC zz~#8pZOwDje5UsV<}|HK9Pk*GJ;Q>s&ljHvHm-$YZsZ{S^y|{k}(&PpopC83VdT(5UuB2-le^uHNBY0~TDl zTDDVmXe>`swLXWpbk%#@*uj3L!n-?`grl^AB~OyY8=St%MLad`t9TUMuqs~ko~7Z-Y;o`6X}Qd&u1y{G1(p%J&NuZwCjMd$@~R#m*5V(MMMXWa?F52e zJ*0Ru-~EHk?#TH=rDkiOA7{FS;p$%A!gp+XlG6xa5MJ50iM#58*xMg&_df`?*QNwA zL)iw#I*$^5G|1uDP1maf={|{98B(}K zAL*$$N!-swsjebXTc*OXd4Bq)qZAJa+OI4~sB7Hg4ws(s_u2hI$qi~w97o`WJl`hI zq;brGo9}iXSHPZpD-3UOo^HOg=SRRPjUqtB(*mNx*5p`|8+J74=C-v_PR5;s@<5(< zLJ#tQRp5aUmtZVlAhjaijV%~%O)n*#vx}rc`cA^ZG(=&md%b4Mfp~px2lJsGP~FGA z*+UeS;bRf}VI{-l6<0{IlvDNF#e?5GWOYyDBp+3|h>w(JEJIw6P8{)h_{;OX%lZ%YM|e5kOV zc{b&2b?sXr;HT}D(5c*+T|;{-eP%7~_pq!fSpO6`1+)10u`)3N9S@hV&nyzegM&b_yXnF!zO)q2X|_9fTX<@X%ywYPO%So*e` zP~in*X1*V%|Erf6-{1l5c8bc0I$>-1asf3VT`m5hN?pc(lTS_|(s`+HP4GZ=okU7D_w#F^SZC?AI}OszpO^ zihV!q<(f79UVZXeon@EMk=NFaly|oLemdBT?l$P#*7?qC~hP>mS+ROmY zmUd>QV`Ab1zqPhZtrPNFtr**XQ<~QUqL`a5xI%uPW$`?=U0E*+#mZG?;w>v3A8cN+ zjZmgme(6)TLL0~?SQzuxup*V}-khk6sTGvq_7^(q>%?C@p~|nC+^9Ts zL=H2*3@mglxSq_%NC{m*ps-Kl{X*(IXZvRGR{W6E_7$9_ckRDLlsTt}Hk#zw-x)vL z&L3MbN)Xzp5bfJjcghfxA)lDRiM<@iT&i8Yh&Lv?GjHXy2~e@N*J5MKkKXxFeQNK2v4?eHlG< z!6y^rF}Hg|Pt3lZgpOZ>pqYo1*(tL($t_@GG>q3_Tq2WgY<0j$DP@+Ho>hb`gnH>k zu>lpskl2+JTIxIhRmSw*1|yd`y7v7SVE^tt^}(aryXp5~C)L;kfsPRyT0I*PE9JKX zLWTAbMh3M9voYLXS?&|L3~fFv_sFot^UqT&qh0FK@Tq{ppXgLVuJ69c(XZzxV^jJ9 zMhePJRX_=Mo%(P7d84;5H)@wMrdK=n&ep`Td{~Y)G`85vQRKCByquD+R=W z7){#Q@;E@!H$PnwymWdl!Y%N0;9;xIpPKUrKscD!;{WqcRQ9in^8#EW{aSy=!h<%`%m;^KAe4u$?zS1oQX@crmFq&Z%WaL;C zT$9&d|M-}(1#eul8^=rh;8p`Q18IL1(?rFIiWGS{dCF1pPX%n}+Uc;6~ggDQEOsLq$HmbgxJ5 zZyvf$u0e`V;xxcY)LS&FK%mAV`#K9~k>>XEQLreg;(K{WRNd^I^Z2wk{$BY9&Pkts ze=ZCGnY&;Lz03UY#(JHfI6syGL~IbZiclS#-1`)dbemw(A$NG)_HRFQK0C6tm_FhJ z8RLM#E(NvZi7HO6PEh8pdmi_zVPPq=DvQqt7WV)Q9aub;k1l0)2gyQFUi7P3>j=){HBfONhWv~+z!FN z_bW8cyYnl?hV)_Z+zNqGnv+7?izLHEFUx(nV_u3YSUY`ah*ytN$QC#Fous!ar5nJG`Mpb?Hu7zP zeKHG0)#)Q3{+1uTE*`5RoxwYFCJ>K#zrcnY@E*hblEzwP+#q=d$dQ5?{lbP?Ttkjj z$CK*djpelj_;iORX(k~+rf9ir0USS1*kHI8HSBG^n(X>EN)38S`-FBG5FY|{5e!6>%XU@GRtl}X`9HKghk0+Mao zI5wpKb&u{7HAqyQL_mIr52^{m^UKnc&Tiu`N8+qH>z1*1LmKA!!W?d60}>HAMcVaE-pR`yDOfh z4YL^Z!^0Ze?~Y-o$^>mgghh^f%kniI$E7`VkioAn0xwq9`qQ57BNNVj^GKK#Kfp-UUSfwU_RU$x}$>g(zXi41$pPYH|GBD3CK8|t{yW?Qm#t-+m=}3}vh6s5~axvh@MUv;;$4-tog5N-!&;JnbxznHq2HD?wda1v1MM5(BxtnC&?fzmTKZfa`F)EP02kKEBoNceI+K zocJBDlbxmmQ5%PDQ)}jbMXSpCmyJ&wTepNc1dPkUth9Rgo#Xg4w|Z3wX8r$q!+!5! zFYq_!-OM|$a6wBCfBktIr~~<2+0B16Har5D5|`rY4weQ51%-CC9U0@xr~nYUr5x9X zvk+t6ZzU#o`%=WkZ`^+Lc@T_oF8P9;i%-Gv)pp_MV6F3(T-Wtm51xaG88H~f^En5@En zA)2DUxUsRN#3+F5Vht$yhK*ckhvtDCG{>!4e-~BsbPpr^%raS46g2F>CKUCs3*kp5 zziD{B;hs*N)1@vEsUa8ffD{E}EA*d8utYDB#}YhBkv0Yz%)u0LUJ%0Jq+G{kmm&U zZuw9x9AR#{?`64Y`SIUQiPdxUJ_Kymsp{?O;g-?wH@43^Z0=f{WYnnrQ!ToB);zc z>cHA~$-=FNukPRBc}oB~P)8itKy`qzh^uR;$rszK`5jJ{36_|-D&&1ZwA;b10#}u) zr+9v)C2zv6aiLXw-vs0AmcbW&fqcH?Ps@dhqE)IFJB%jvszXn9-dm=+IZQu!-QxW; zTYZ-_ie}U^r68roW8tQF^Z0{sqfY}Qm85X`X40`&j(1g_JzlxXmEM}!f$fPXB}~45 zdEihXE@mfkv1lU4p!P;qbEOk)q744nK7V1xjBqo|V9NFD9?t{KwI@BfuSZ^Ip|Uxw zUbOWV@zksTg;fTSY8zG9IprX#YJfCss{-c8l%YRD2pm(_nN2 zv&CfjwH@{|wEQ)a`>A}Eqn%A_=<`#Pxkw&m*LmNHmoaQFBAFG_z*LM+1rub$Wu}Tl z%WnItk^r`4Rzl&gl0~c6KqGIK$z&v$78E3b&^$q(i;z8hrD_^t>2^kE(jx^Q`I8qqR%(`cC=2B2xZW&;3x%`9?)I=D1&Rb` zyd65qY2h{8RbAfP4=j>=J54U(I!!8IMEiy;cxr{&xqe0MlGRykW(sY6kVovx1w)}B zD=MS=jOJ5lE!8wl9k+{Ld@xe2s>zlq6p)BDSc%h#VR%}d`;|gfdkQ3L`3|V%*IL?h zE!82su97@M!kPH6n^+@hrB0B>l2*CB;}?0x)$R2?jSidZ)>_yx`2C#PQyPLj{Ds+n zosbz*`Qx^DN|-}o_8fC!BGrB)s&Wm?p%`N2?`1g+qE|Ki4%jQ}ruwk@OMdhDWV`<3*yq52l~(@aLA1b*vsN5tr*7Zhxo&p+T(WB~&lAbJsG9d*l7 zO1mr%+~j(Tlrw~rgqIS+<5<*KCL28c6XAJkvXdo04y#>HUH8ygp#OTH*$*!V?7QV4 z3^*SyF=EzwY1p6YOU{VTre41Djz>a;xo=@5=FH(CzEa;P>)PUR4=+TSHJ)ewF-8O_ z-Ipg%QM6eyPJ+jLTA{}otEe~r#Mrkew#zcgIo5a5U$HpczujvIzv8$BYhvO}t*91! z&>+{CIZvxu&-m*BG1h?WaCVP&wSLfS(LO2xDxpm!zta}BHC&+a#&+t$xtfs3ZUlDx z=4DFW=k~lpxe4y5EDIC&LDW=RyNdCIMWmC*=n}yZ)u^PNQ$W)p^Bvw?YDY8CFzx_| z?VRgKObTUjo)acr;3@r$6ah^BeeghvcjHzNF&Nyeb_${z!&Dml&LRAo^k$`W@rJY(Hl8qX|Yl-V3%N`HD5x zQmKWOm(M|oAqp|U!q@~s8HYCG{T}^b*19b;3^8ixCjRUfKOeTdT zJ*nYayshNT%1Ekwo7X>7I4jjaHxEiR&!_}r*6>Qbd+XzV-bgI)HKe$(;?k#yXz!Be|mCTmdd`Yc(6 zrBkxbrKyNm%oC3k!N)BQDz>tl@puas+V<4-C@*OmJkyxH(kxCXy?FMl85#1yGc~cr zI+Ejy^q+jvq|mY;QzxM?@A4u6`ItL%26u*}$T<~3j~?s#n8Vk#Af2J`p$07&HT;78Rmm?7XG=Otz03>9BktQl2omd^o*HF!UB^6YYyPRch4Uyy1a!qBs zU;+lYLO!D%k<2-7d*ZXygo04*;TdmyvbVW^MDysu%-04@=&vTk0$H+@n481c+lvSp z+9(!K!z_10Tm`KYbp;dJMb9ncMH{ar)qQI%Cu%^YK%KulDke^9sOsT`p9R|2MWrVr z6h7VJ%1eY4NBN90*?nDITw0^*r{OQWK2zuZDvIzZR(C!-9jGb$%VM3E@^p87pf?se z3Jq9>nsg_4VlqK1MrU(T)v$yvvqoIpspeV4ZH|iUXxh1xG7lX%=-x7Kde3bqa^{B^ zvP;q?ycrg+6>0aDg|idyOn&O1=d1Uq`Z*e`jb!Q03B7=!jq~(gGb!)Hy@Vi-x^TfEx5zH?d2EJ$~2S_SLg~Ttwk@k7X zo7M=FI$}7Nef_f+Dq}J`tk!I3u+QV-?R2Ae3b3DkQ}QWxi~#t;6cqgGgz384+1jRI z;}Le+;oP`0oc+|FP^(@{ShBJ#t}Tqr)yr8r!=7JnQ*7kb&h37i$w=;{~&8Q^bVV6$xe z{+uq<4=upuZA~3_v}KE~^#GkK<+fw@W#SEKu1ZMA_}-+jfjNqZ6D9N6XF&@`T=$j( zbx!e4@A356u&exZ{>CoOs?~F}yTm$E@80&t8hD2<`se`zkTg+OyCI-*%5~i%=bkzM zn1Ea2bfJwXh(C|B{N#9)PW0dj4I+=RSJKShq<+5X%Oz)HH~@93+H)XzS@vGwyI@GK$pb}5jT+p8#%uOhadi}{tW=HTMfp|zpJ_+75uNFi+McQi z)UjiqI%^|HyKO^X$@|PyInp^_ye`)OeVxdU) zSLA1-olIuh;>X&ujCCQh~y!&joylCd8%1Dl^%H3Z{}Tg<^y%kiBzg= ze&rao5vCLPLhF@v&bW+zMggiUW~UCkqAI{}{u!k&_HeO*0T>)tsS7jiAaOW7fE=G` zpyz7x8QhO!9^MwOyq8p6KGU}hlUVUq{%A&356!C1rnkNJ4!X21ITTHw`3n;bCE6FTQjU+8q0?^rff(9JJO;(`AQMM?YpX15yWF)1&Rz z<&Xq;b9Sj|p8^1%;e5ui9OwRbc+H+OD<^gbz<AW{EeY*LPIEL~22aHNV_kWI2oq_TUbyTZ>Ng_0ml_o*u z>FMdg@ODbRcHm~P`I0C{9D^BLPsF=huU&gC&Pzh&7v>K{T zmH_@s*|>d_ta-R{z5;FGph2M98VRz8^)WAoo%WE#dtGs*qoi9YJPxES@(Q}eW`pn$ z6ESuDVx^+V;nE`Lw)5y9;k+k%rM1GD{C5AQyNT;N48J5hMik{|Z~NAIVLe0YTZJ!M zTEDZLa?pk*j3wuCWo6?Lo^`#gAIu<@K}zVUoZ zRFD-n()wPT!Y_1_N{j)dO*U8>(nvVmFP0%V*Q1MzBWE>_cX3bmsIyY@iROMg>a?FzMb zjB-D}8sI$gRLp5#~qPqx?iz>%~_Fd>=b{3+F(w^l11wA`l^vB$KhvJ2EWZt;2^ zp9Bux?_;%wTzx8fb+l>%WkNUnX5qrU`E+gYFZT8$Hwd2S=grp z$JJGYI8C#5hl>WRlu78{b*I)lEclE&(<=X@D{ALOKT&Drq$%RGgkH}}su08MjlW4= zfI1HV5Cw&pFx1H7J?Vc)4gk@3O?@W*f&rcEw9N60Q-3D* zn##in<7}6b$aYr`fsOJH><}iU4zg`*AdFDH{E?t)w@DpLPmaLW@;uoOv>47&0QDK( z=B(%8?|>)s6ENG5uIM~ZzHT$^DV}+g50(R9BOw(%ZO;Np1{yq1O}>TWt!G(&?(YBC+EU@&L$o?RG%Nz}i7Q52iKW&6w=@64{aZ zsV_}s;2~vr43zpwf|FtiOluH#W`1KFbWE>x%ERMJmRap3DqN9)QGA{cF`0wzJ`fNJ zgJ0+&K3yrj0;oA)(L$c?xqE*ifXC7mxVZ#7-PL-YUm3bzoU8lO&vPVi&ieY`Za1h_ z41MbPvG_a~3qtqJX>{rzOBLe(=cNi1D1`lvRcn>HOy87Y#Pk`k_iJ0`o3fxV*WX|y zYu-_V=B5l>!4xf?G)M$ot3ngzfj|UC(045QXj2<5#TUUFj%O|I_M_jlh04o>Qb%J= zfoT^(zGZ0qoNH1cccQ^)5&8=vo25(Y&+osBElDC72oYg^mb#~R$?{^dHPIygJ72=| zD!Ve(M;R<8DF$BIIRsb5f31XCwl*PS}A)0S{1azxH#E+9~Q|K_$U zhRWaoV^`L9nkIAJJAV80UtR!@F&xmJG+lh!Zk)ggYP5Zf;6L)Blk>l6o_!tK0^!&1 z%5O2a>1yR|H7|5|{Z#(d@BuJ9S0^r~0eSnAt>w{=ZU-9=@y1w`=o)|cYDasfv;SAs z%fF-|hE_m^0!b9_wFdY*tl(JKcK%Adplx~x>=BUm{3(+9{XL&d;P7&>7jT;^{r2;G zqT?fv)b$ZdU^d4C8nc3ds7OJyot)`kijO~)9#|MVH1V`_sh~l)cb|Z3z01x!0GDI| z@5I;hgY=)ji2nV>q{}$hUxDe5`(>Y*tEH!R?C;P`st-%;@%>Zvf!hd>9SEa$V`Vmvrf{pRtU(1t9@Ep@l z&*o?TY<&Ft8_f@Z0oS89|KxQB(7`G>Ftu_>F{l&y$Cba0xmIbbjqCq-sWV{VKW^>? zIsdZ(R|dG&=712rf4tN*9kB5Io?bhf|NY$ph;N87&bwVw!upSw`adtpe|<*(zk5mY z&o+Vm?z7%rj$7;&Kmc-dPt4=U=dssWPMx0BzbWAU)AmZk?8<%@b?;_(JB2y9k-U-g z;oKo@D|TDe-e zT8V{HcJERX5~2D1?T?-slZsk0UzIRnA#rBFa*4RSHY>zYc;L}>Vw1vcg~VPL0tyeKafs6V0pvQWd^_%x+v_!Jq?V^ z*T(wgElznb>?nLfjM{i43%JO3S&1Q0BEd z`av?9gKS9|J>FZ%21TxzW(WNqj|&m!&HDnCqv*HOHPzM1K)Ag~E65Xjv0_jm8ghp( zqOPuP(H@MzijBaql4^NTy4~j?ekW%kEV0FAqXoG~rN6!vX4xfMxU2oGyTYs}D5{I3 z{G|@Tu-g2qW0rt;{i|I2*V2M2;a|cc%;K}7E3N|iDX%dfs7YLVlrZ`v4cNj_PfK8A z&J!HCu`pWa02o~_&d-03z2bJbNdvPO8Qg?dfGK+!VE&s@=F8|M`1k2$Fp4Uz!E@&L zArr&(mQPFj*cS*(B~)L$_}d=c?F@}#H2KQ+j)wM^>QQsl;{$CSB^^s_#<7zUN=LSYJ50C>2v?K5YB-L&m$#WoNzZ0_IF>sD4X} zii05kdvR@g1kZzrkM~pQ(&;IQuU!wgPew+JgA;zA9 zJW|=yYjW_)>6K^f#DFz0<*S&ewyLbUc(EB>F(F&*n%f}nR8$uGEn{ZV{c+4>l4=T? zALW!3_17Q#T$5XUk833=4F*1L4zJze^hWbIP*qq>*v;Z|)-BebAH3mIXTve)dE32z zfD}nZ9d2E8PL&wN>Zd#wW3?6$)Ia^Q=Ct50iAH}RSyPEKf^qCzE|R1LG$M*gJ~0bB zZOmcat%XBa@KXUL5#n66Q2RUp$?Rg)c2ZMa(wwVatj`ea3dD$Fg1T4k-*djNDYoCw zP;&+b%B&fh+T5*oLyfwQdq=aVWgHN>Yc--7*m>-i3v$ld?s`92k;E-+E-eY=R_6CY z+gyKre6`Mce7mIgDGh@ok$*!}{d<~q&VkAv{Z55EXk-#%gK@*Ga^l9S>N)Iv{qW}3 zlULr5y?EytYrVIeFp=B_h!a0@mS1FQV+~5Q<|EGn!JmYzLr4=gbQ{NBOuRrbKE~eA zDL2cVDs+)9&@6eSIz`qzM#A_~I`iq_{?MMgY)l|lJMMn0HOjz~Ol<~RULqjDjd zpy~vdkfHLpOTLK=h47FUpt)La+4Pw~-JniS5~_3786$QYfNW#ha+o^IFK)<6+5-|MV`um5ZuZB$K=&?d;Dq0Vm`0Jk^fv zgN=!76FRE6Fm7Tiy*d|jRa)a(hqbIdWtm}=4MKKY7Tg2`ybC{EqgJQhu5i0Q1b5v9 z7KQuog~&X7nXr*LR;LPQ5*hRShEC?-qRps4uy4)!m&v5u^tu0o-w5Q(PJxF zZ-S~$%9nl3zxr2h7nwgId{6nqaW6(5tr;^kKbkXOBCi(7)H4##cQ=oDr6=&AzhqpW zNO5SMI_%@FIO2d=>MVF9>Dh7)o!Er#7-ozwZ}t81As zbNlGz4k&VR#A4y6qFP5prrJ`c+Hmy}>-vtIGjcXp{gm`UpPFDYOIXpT0l zPvgUN@>k4>Ht8qxL4|JLOF$4iBK>?W@F1BS(fWx@MK*>_&2@KC8Pu_Zg_64fFQuBV zuJNF6Pt^~XA~#9oVsSiEmZHb(0_|x5#6MhN;M_a2m}~O&(x>IKe;acGnD(c3kf{n3 zifO&%6_^846q_dJ%?L^t>#Y<9uS`0llmX$@e@e6rlyj1b{DX?EjvNRp{vQRcTz-~0n@Lq zaeEx~P1^E0RV1_NdWWmfN6YKmgU>%;jqwUnR$r^4ryDzsY4EyP8YOPCtBd-z?kzJ? z_dGm3Pp6Vf6+N_vn48uxpy`h!N^)B_*Cvg}cvpNxM~vNW*bg<83aYZ+Eapg0ECiQUSXZ>;pPps}u$Ncf<3%T0&wvvS zqzbPj=2cM-f5((Gq$f8*XVRL#{=3m`Enj5<$O|)8;N92oK6M;>w668kH>{<`w-2?$ z09N|b9K{IjL|jN;vNIAN;g@ z3>&$h(~zIQ`J|`OAH%~tg#C_c0ur52OD^rAuhU|X?EXgFs2?OedR9UTTSRP}`&etc zR53zdpGx7vaG}=|PUih9T=$~xoA(5+kW?-{n`VOU>>Q@&rO&u&^Or|#MpH}V(A1}T zo{;F5KzGy8+qTq@wvfn8j%d60oszeV8j8l?T1?K?qin{NdAw~s9}+nf&P9E0*rjAz zjY@hd5x2fug~Q{R^0z*mLB$+gbegBZhtX7Y_T2YHW@uc?@=+Iihm-Yn8p>cXJsf^` z^oGCr6ROdxg~f*{)^=_P+V!9Zhw*sRkE+Hhm0I_0ecS}7EPJcQ>FA@>V(O-uH>VA{ z3Fhu+{e3vU$?s@w*qiM^lSud?TrBD#)?DRL)zM*fuV&KPx_vr?xW z+-MUQX_Y={4`N}WwWv$(u2dh(4A(U2`I*2F;5Y{7@^~il^tJL;=1k|Ul{!|sO*k2W z1Xbcac2w-xm{9g_US^7{0;Ep~m%9=|&6Id$C`ciLVas+$ODyG(lh{~?wt+4*m8az){%;%CYpF6`ydW#6qRDWh8iZD zAHCaun5;<}~lRIbV)_F^e$FWCXHd!fH?kz_*DWys@|LA1| zFO!%P3vHs1$7U!gIganXnocZB{mR4^E%U>B>S96z4zSBExKPQ@3)wdL=Xa7edoM5N zEpmQSfwScwV8O-o;O^*+5ilN{`#`7)$5#D`dIE#!T zQhKY`4RSDHL-%Po@HklnTSe(al_%}5dv0CsWWN`>j@VV8(Q-sLX(53QQ09i$TKyGw zMyDHj>6|%wm9&z&Z<1KbjS96_qp!O6`l-{pZ-|b(H?w8e`=A^<-i#ZS)u-~f*z*W1 z?wczvS1F$ab zoJ|(aNu|$IkOi_vfgLvAY~>GEGTL%>Vf%B$h$1tZ(k+qcZH^uCPhd^)VEP^+W)iJi z!0fBePCR%_U-KL%aD({UkFCyMBe-pP_|!8^BZU;TD{f~X+xC-P6{DKfq%8d%M${)Q zqGU>jeslhIJpsIn5uqhPNe|2sL2fipH&=2!IYwYD zeZbLg?B$;EpSD8+ufZj|^{=lk4FB}q!=D1#jg^}*DJ zujXaXHQkh@3mOukw}GMnTvd%5m1^Lr%xGL^DZ)L`i4Dmmevh5Y zAdM%r#Gj^tjAH=XnFh|6po)>ZlFK6erw}0C@r@?Rmi}hmP6d>af30 z#{T~PF}qrNwv~Bb+T~ks9M2i%Fm!y4TeGFC>!_oT+<8POVLT)kQ{5DZkh9|Xi8qj> zLT;6*NjR4{5`oTCpwni{fjpaGU>Nxt|7J7B8AB#hsaAQLXpCJY`N0B1QrAsOm85zj z?Sf4keq`5XaS24mY*U zJeoFpMD;ZDEZ-2qd7?BSbF?ko zU<4hI*$t`I33k+Re|Z;0*E(SeY4SK{$l%iVF6)!2Yn9!c@z?kGc{S-edX&)Wzk z)XE&b^Q`IC`0 zRg|;mJia+=N8C)`CZe5G;3}>U+545X_1@vE4}Y^bL^s6r1I^|J2H*)_=XLZ^Ls7k3 z2IV{N*0Ub-7*did`>~SU$MNCm?tP@7hQtf4X!sA4Wb`KD=lhI{Ol!_3CJ)#v9|^wU z?zxTkJwRWoOlK1HDYEKa3=dWM6O2Q7I;W(8C6{rHz~OX9dLAqyAEL2uq5YZDdB@@3 zD+Z$R288O|@E-tOR4V0olE6=_A6t-1Q<6NJgvTJ2`1_o8*~*xc=(kAmcX}hA$@f2%?5tQM^M?kCpKaLF^1{z)^CRy#9rAn?N_f*e9c| zN(t?Dx- zpjpQXw=_WUtd63$$_Z@FcI|}8&Ah?WnssQ#y2Vr}SH-YU+i}{uoi3%kS^Je*(^>vaYI`n#tkbQ^La1G zr8~HoY$cc*zbKeWvE}G%I;+O|*Ch}Nfqpt+U5ln+(|z&uE8OUz{b-8sXU8~HdWMBE z{2IP+KgoU{&uvhXT5CH*o91_NG&GOl)8EdEPZC>S=41%xw(r=o{ql9-x0VU9j&Ko# zrgP)!4(E}5=_(u|-n8jWECBpZ4vpdC{{=$wk7tew`KJz>j$Ugi|+cfP$}iPY9IY9_!zc zNxt{_G%nVei+(Q9u*Muwv)rDNT3p$Da&RZgv@6xiI4!@a3zC>#rvdBT1Qlvbj?a6) z3e*dxusPCSUVPf)7boK+3EVC!(vxJ~kA9=&x%Hj52}pPCB$U;!#0ge@%3c9g(yIlA zdKLhr8lqbz(GG0X)NkmwnV0QHi!SCe$yBDw9LVzqpKl3jqnlM>?RfP{)-v43CCoR= zq06+0L%G9zv+u*#uC|6p)O@*rF3QjSYf+BHBUD}c8rPg1QHY-uC85fza17j0;#!ql zMm&Z)57|5*u_I-c$o+Z_^ zU9OOnuYONxB>O%$?qI#8(8T{pL^EMNQc5-L#n-Sb$8Y|7a|f9Evs)w1El0GE#kdm; zU6br4-@lSP-kTqZk~_|?aXh)pe259y3{HpZmS5%qb^$vA#nqo0I+BhsVXQ7&xCKki zR*a;F4Ru5^6;NFrXN_ldW>ZU-hTA7#H5Ymq^uGZz18`do8USu+`X8WX+$SHf7VEgN z`0IKbJH#@HxHd`de~TTd9FWNc=Lmzdj^NM$uZg_J(r3M+nUgg5gu_g;3hVsI!hzh$ z_#5t%EVZNUAvL>WVKw+grqOmDlCZNBziJ*GP*W|)oqTk&+uzL1T4k#q%zwfrVxbr> zIroxg*lWfYrd?uKU3RqfWCEb^z3Ewzb>ueI&`ytS)FkJ?U*`99nDvV${$vI?!Vcy58K85bC z;U8dP>mhi!u}jyuGOehh?OfUZCa4 zADFJNLi#k`D(Q*4mDA4pVwOn6b0tw1E~x^~;DTygJ1-S??azF6!9KQaPWb&Po?bvu zdHPiS8#vuvgQe)&sBY`W*=`k7Pmb7_Y`N% zgPql3Kw`Q3sh+T_^=pF30orOZxHv}X7wW2Cd(||EDeLlD!vu-Oy5NU+EI$TY+Op#x zI*j&(j#OAFxl#t;5o{yxictlC&RhCWcxx+^wONPNzeyhP<0~<4Yd|gqOdd;h04L_J zFK5eU8nuknckjNs1KU4XgUSWenI}OG((aoPS;acXzYXB-=^_w$hnu7D#|v;t7yF+3 zzd%tn10I=@uror$FTJ*zmdFGs>{V$vA~s0gk*Pd+;6CyGk%rtjO77QZpZdYLCOErt zVy3bGQFY=$x}*o(zqi<3z3NeH$7IZd3tv<5G(5|$mwHzwtCe~)#hiWt;Br`uG%hex zHV8&?Zd=Eo#vzPH)Pbq>@H`DW9Nf{m^g&h#>=`nGPWL2nZ5V5I;Sv)N|7y*5s;M(D zFkEYtahVNhZnd;ljf{>&$6;U}WpydQ+hhCl+v`5Swk`be_AWj+WbXUd>h#s}9pa26 zjYcY=?@^B);IInv)n_Z8f3 zI;+VQ#eZN>@{Q(Q=)5do=={!XwlwJQL&z3)sB!$OWJO+UlQ9C~X{gP&@3=u{7#s@O z_;0al<~xciHBFWa$amZ@Xm5#LrD98xk|OKkFY+3P*L2^Y>$?vZkO^v9rN&096O|7@ z(J#TE#mhYcXzH>yqKAK~7K?jLexgM+e4%Xcw=TB73=z@ghctxk-W_Ht@*f_1 ziUTaPgT?3ve;uM5(d^*&SBa%*wfhf`U8fd6q_aD4E$V0R|Ly1BRLB7Z#?BEm@*f`C zB?AOSV%1E)AFdR8+ltnwMxK! z8x84;1!6N0Bg95W%deyRUY6un{SP-VpkXB?^lC9%bNTotzLVK2wPbF+eU)^r@vd~ly9EWd((qX z786!ZgEwm2icpT}(%y&t_Gd@X2xx3%+MV5(G^*;Lim-Q5rLj8BCL9d&GzPU!zDA9p zCQ^aNb7c6uX8i0QExB6NQV4LVw(pNtF5Ifu4E%Dt68ypyu3Mz8Gbg)HOp?v_n_7IY zXlV9OGsk%)jcX8(xmP$%z+H|2CG;>*N)5XW$iQR|e*}N(3B6YPFy=bke#{9IM8WrC z!0jw<8I}QtJL|wD+*r1tqU-(7sYUG5VL(_4!;BUef=L>g+NHu24(38xHG#1h2Mm>{kr5q}+?n2X)X@H7Mk$N$wxE$s7b$KAg5~uX zQW0ZcDTjhT3W!M72HSIN`2Aj}x6bTs%=?H|ZbORv3Hlb)is3)Hn4{?f(S)95-tG+8^7VL73T#Hk8((iWJz(*^9cK*d-+%BD zCZ}2oBD#(};xTC+Y}_71Hu)dUyO-)$W6*=SNO#H2Yjjw{EaQAJjGRrsVX57SoqmfI z5{ck7kR4kVZ`N&i*m#Uj*FT5%nvogj)`C}gbuidKfZv!RSAjjfIWFzqjHpz?1VIvF zWF2ZB=m~vz5Sp`kibZQ3YekQ$9X&xbL01vP5U?wkcd85~wu%A02TG0F?*5u-l;vVW ziw6iSSlzPyz*IxBy|vuzOV$LYFoaGH{GJicC^Cs^@-EatKqB%z9YGgaW+_vq>Dd

&>Z3_rz1-;H+9v`F6#F9!j2=`YLP*{Ire`U`dDGPR5618abQ z$bK4Zh(&#V-D4xKizE2yhUw_Heq}`#W{Ah{;FEzLTk#p&p@Ist9&I5}9>?HyUXJ&w z8&3><3n2ad=`(gC@YU6slXqyjZ|18sxVzK9GnPxzE}sNu>x4#L>}2R|lU#8;!bes0 z_9j(kZ?gIyo=+oV=u!l%E>O-?kWl|#<(u`Tvc1XCTAiRC<9NBz2%uItvO1{t3RkZ&JNm|r=_^|Wf`-1*9CYh=C*S8A)NmcYu9fmTJux2b^ zzeC;m&oIds3d$z~s1urun-an(NvZj8t?o+&d+!!Ivp+?7nc z<~;Y&<}S+mtniYNhZaX=0hd-$cIU}dxkck-< z8`lz19yQD1W5Jrl*tAQkB_($Huy-9kQt$~xOU?85jwZghs251Dq&agBgtJf^s zs4eM{%+~v0QKe;lMS<&**1fV>Y-$uEFc5~GZJo^pB+S@n<(|3GkjyXsV!W`?xt6QcXWfa`qc8+q1m7UEjH0Z{^Oav1_U8v<)HI z^P8zPsvPaddm^FC9VM2i>yYC}wh2DMNsFs}>bqA2G+9cu-oT8VG5B)qSyT>!d41p$ zsX+P8{^D2|N5^&xJ)uDP@v;U-5=Cd|k_FkRhYjC?ebeGKFq|6@ZBgd^{Swc8oYFh4 zd9r8D0~-%r=9z#XDDG-%+sh4&oI#75P5YxvnCda(uy?s62%YNn_rZCIx0gQz9vx?X zfrYZ0LyjVJ0P9uSK79Xce$2dw>Dntgx_pJ>mnPE<#-$`-F&DVCn+j=VPaJ^C=wMhw zO+!l5{+sWtOr@t^SVFZ^F zK3mUKO3*HC+EhD{&d6S?Ut|&STAR<3u6+CMT`ssoGY{=|;OPIc602Nc47_oMDjBj0 z1F5*(5i9TQ)XDjD-nK&}y!q%3{dWKGQe@BU~pqI>NXj^HH>0TMaeQyPfliTSULm_*u&Mx$&sH4?94T}}w{2QUQ7 zs2!W{Ubox1IruW5xTJc@d4=!u-b*MZP7hs_6onZWI5JL$JR^GF&PYvqRgm88?^>U% zYiBVdjhu0jhXBj9uQvOky{l!mQr=2vBz&nxdSu;>rL&*9JUkb)#Xl^W?}e(-!9I$O zj(q-t@pj#C3XuLtf^;|f9BXRX;I+Q2lChI1=CH)+Pn@r49CrC80^~>tkdL@WXfdEKI7e7<)MweFWfu%!BEXGkIgPk&DYnOe(TNtOrM){lfE)zON z=*j`U9|B3V81nthtC-+zU5oB*tQV}GNy0VG_%2l^)38{q-Tg?n;4NAI<4VX0J?2b9 z^hM0$Q)Q-G(rNnx2(eHrVS5gHlm*iu?M(9el&TO!TPiyQ!H9DT;?vr*S|3HX(+uM= zVe{}PSCf#;*F6ACIs&{Mb_dR&I{T3V3*ALa4Q8Cds;ozd(R%Mri-}qrNRQX_*)l6o zWvWP|XK9jduE?BRu*Fd~8;}&4Y2%6^@;wZ}Y&! ztppUxDa%J5DEJBpYJUI5&=3jWu$6M!8-6GH3qjWd7_s6&|Iis_p;#Z|3dS4%I5eZk z9*i)YsIb8vB|djZVJGirWbOt-B;zNao14Q;5oOITa}?;cX=oD|J_$W$;^ifSG28nO z$kg6h zCW~aX=ph|qIuacEN~6|0)M;gH^l5`p!k?3(n8G()%WAOvs<=yZKX$q?DzxIaU{?3= z)YFcWlz_`0!FMn*Z96^VoQIqo5A1;e81&!(J_m2Z$ofHJpWnp#*R5i#r~MFU4L`_u zz9O4r_SL>hi=coBrBcgVwVy20b(*T{-fA(vSZxJHy@??~9kLwxkP`+lng$n}*g=*u zq=rS^xlddN6!S`R>anItXWo2bqiGApQB zbs*PAiyJ-rV-R9}nd6BIG!3=r$p^?{y-Gf7-=2Tf>M+S@&ae89g1Is0oNq@^LiX`( zzbP_NCO?Nn9{?mPe3(6lnmejq)4t|r< z7+@<0k}Jhk>5UF#oPYb3VgzU=L5A}B$aANC-1vDzjbVy>t`nda%S*x`_YW=37^Rkg zP5+d7ea?d!n8#7Mo`P+Z%ubzZaMPFe%edA)k~T(DrdIvl)H+8L6#@TW(<3##7CJA2 zXJF9sU>pP*;({S$f}9Rn6 z381wsd*tZJ7Ps4wbC7zcaY2|7{8dUMspi!-gA#ne=C*83Qcb#&r_}SW-_)U3R>y(u z^3`OKI18!XC5QWsyT=ExR|`q=5w$BLg|(vuM}SW5W5uTp8$Ff~{HGtTl5~JGeDa~% zHkMZMH$wUOgzjs=v4T5`<>fR@5ZU?Gy9xQKdj|?=L|f;xv~mk}Y}Ofpt9OcK zzCD^~quNIJ-s!avAR6Nv>p1q2g+a!<#N?m)cm|ky0H*{_;EXc@r#im41qvKpDSb+Y z==}5{n9ZwHnX8bdEK+5L;}wKHi*sM}Xo(S&c?I~{&By%!BC_Ho^Uis56BB$y$s&CZ z#>U!e9!C?0sT@{ah(I1yB$#@Rsas)UX9!bgij;CkG5=SfNg`PdCO zP~jtxv4CsGUGcjnqYBG{-3gl%neA=LQQN7ym9QLI9$or)mN?Ma%rl$P5nqUs z#oy>uqrw9NmlY6R&1G?P(U~~x3ZS*Vk=p0e^}O_P$;hW3+|Vwy=v0Nsxc;^dII1Q0 zuDKV%cp!lt^dx+s33s65=a4Nu!NEV)UQLUBmPHNT-lCY*{Xil-TS=3 zrB8y>eh(6A#Q~|v?vHA&$b`JCd_GYG%neZv#%S?&2W4FJk-%ubd#k})r>OgEMi^q3aMYYq1K z;6*mkaDj&ViUtiq&+8>)_{3%@Q^%8rqG*yj7s^6(_o{=&a0wZWFcr9e7 zquO(f5%{bLip754r^tDYV+y`}rb^{FA{*zRtmt+diWn<0lDrtPP}2af)k&Nn8Ic%~ z##N3;G2Lc{Ggm!c;FoR8(aOqY6O>TX?LQ-0#~maCs6g$!fPul2qUAIr+r%OWN-Us> zD+iLp4E{N=ocakFtH~2P*_U#hn$Ej=MiIF(?5*!53BPCg{gK*-l?5QqlL?v3Dfs@LsH`#dsii ztY;Ec3xaa0MHPuVV^kIA2KY%zj@xNS%`FJTjHGE&Qqq+xzfg>l$=4?7MLpA7BHil6 z&ym+9&pLx@x_zpX!6ua<-WagcS&-^yEV6#E0=jsYmoC<=RkQfH3w7B@KSjmrd~{-~ zFLOT*^y=+kuQv<QI2t)cW=tByQXZ%E0OuqIq`@{J@a0@p|;%`lv7ks%g$s;gG1N7 z{+-{22q%!}#N6IL2{#T32?WT`r<@poT8GOboqq<{@8N1$-%MLbilcBdc$clw6{Fdy!;mboCtb zz11~-x5*Pn-?ib2&tW&A;>0B~4ZFh!^kSkz;5O8I&*bQ70Ha8BY>=Uvbz378Nc-%V zw<8@#;3}H4b(Y z1p8^(2ZRom(BOieP`3_(cm?=j=9tA@)RAUE1*YjqW^{PqVWL0^yS_-Vm36K=IkwGW zA`L?6=~cSdcZH^YInM{(uH(~uP&EG{I*N=%Sv$aYeoq;qPKT|uk;}IdFw=3_3kGw+ zvCqx2sFNPbIQ+Dx{ZRlJK>sU`h*GQ8e9aIc27baOMp5^;o&^4k zgdDa%)1#k%|id7=^-^y!;gWpc4SCxKnIBQhZik@;TjGmkHM9bgdhpj(mw(ir972~ z*VLp|Z{sHIOA7((T>vbaaH;hsw#U}P`CouQMHK@^u*3B#^Xz7teV+({s67SL!>!cN z_2vWBV#E5UBSm@|3j-M@M}YX&sGS;A;?=L>d^~W2^6HCP%tR#&J%xbQPS$P6^{f{c zs)FuQwb#1wNLJg39bl&vr5(PrPvhuoJzV|-Ju zShu`l6B>s(v#@j!f~Amn^6r<@;{<=gnf>+eZYm!=khaL{bj2E;kpsl;9FFOXY)Nrk>1jjFa!NTf`;ZHpmGIS37E;(P|Q>;zjP zV317SaES?J0i&_s=cXLVtzKadT5z#fIu-qA6UT|Sd-v~vzRl5*vgSp`+v>WVtWMW~ z^Kk>~ZWAdMr#ZfycDSJiEVay3t$$dLSNH!$R{$p15x8xS2^~SUEuNy z%|C$;$Q~&Bx1N{lmAm{f1axn^KWFp&wP@kY`5V6h)e5nA@AbcG0)wvyS`su8l)OD} z|EDbEe@HLx5QB)a2ek402d&9}AL+kQ`tMr$|9i)sQ0tOsvC#G%gDGQY&OExWdavZJ HY0&=xkslrR literal 0 HcmV?d00001 diff --git a/tasks/eth/ink-002-set-respected-game-type/input.json b/tasks/eth/ink-002-set-respected-game-type/input.json new file mode 100644 index 000000000..471d1adb8 --- /dev/null +++ b/tasks/eth/ink-002-set-respected-game-type/input.json @@ -0,0 +1,38 @@ +{ + "chainId": 1, + "metadata": { + "name": "Deputy Guardian - Enable Permissionless Dispute Game", + "description": "This task updates the `respectedGameType` in the `OptimismPortal` to `CANNON`, enabling users to permissionlessly propose outputs as well as for anyone to participate in the dispute of these proposals. This action requires all in-progress withdrawals to be re-proven against a new `FaultDisputeGame` that was created after this update occurs." + }, + "transactions": [ + { + "metadata": { + "name": "Update `respectedGameType` in the `OptimismPortal`", + "description": "Update the `respectedGameType` to `CANNON` in the `OptimismPortal`, enabling permissionless proposals and challenging." + }, + "to": "0xc6901F65369FC59fC1B4D6D6bE7A2318Ff38dB5B", + "value": "0x0", + "data": "0xa1155ed90000000000000000000000005d66c1782664115999c47c9fa5cd031f495d3e4f0000000000000000000000000000000000000000000000000000000000000000", + "contractMethod": { + "type": "function", + "name": "setRespectedGameType", + "inputs": [ + { + "name": "_portal", + "type": "address" + }, + { + "name": "_gameType", + "type": "uint32" + } + ], + "outputs": [], + "stateMutability": "nonpayable" + }, + "contractInputsValues": { + "_portal": "0x5d66c1782664115999c47c9fa5cd031f495d3e4f", + "_gameType": "0" + } + } + ] +} \ No newline at end of file From c06f6af1745e0396fb84999bde944c5ab5f2d2f8 Mon Sep 17 00:00:00 2001 From: Sebastian Stammler Date: Fri, 10 Jan 2025 17:32:26 +0100 Subject: [PATCH 10/10] Update executed tasks eth/002, eth/base-003, sep/026 (#458) --- .circleci/config.yml | 9 --------- tasks/eth/022-holocene-fp-upgrade/README.md | 6 +++--- tasks/eth/base-003-holocene-fp-upgrade/README.md | 2 +- tasks/sep/026-fp-holocene-upgrade-fix/README.md | 2 +- 4 files changed, 5 insertions(+), 14 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e1be1bd9a..220ecc94f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -274,13 +274,6 @@ jobs: yq --version forge --version - simulate_sep_026: - docker: - - image: << pipeline.parameters.ci_builder_image >> - steps: - - simulate_nested: - task: "sep/026-fp-holocene-upgrade-fix" - workflows: main: jobs: @@ -310,5 +303,3 @@ workflows: - just_simulate_sc_rehearsal_4 - just_simulate_permissionless_fp_upgrade - just_simulate_ink_respected_game_type - # sepolia - - simulate_sep_026 diff --git a/tasks/eth/022-holocene-fp-upgrade/README.md b/tasks/eth/022-holocene-fp-upgrade/README.md index 1c6a3567e..a2f3d4262 100644 --- a/tasks/eth/022-holocene-fp-upgrade/README.md +++ b/tasks/eth/022-holocene-fp-upgrade/README.md @@ -1,6 +1,6 @@ # Holocene Hardfork Upgrade - OP Mainnet -Status: READY TO SIGN +Status: [EXECUTED](https://etherscan.io/tx/0x22ab07b0bb1bc8504256835d555307ff522b78651dca33c9cd5b05591ca5b4f7) ## Objective @@ -10,8 +10,8 @@ The proposal was: - [X] [Posted](https://gov.optimism.io/t/upgrade-proposal-11-holocene-network-upgrade/9313) on the governance forum. - [X] [Approved](https://vote.optimism.io/proposals/20127877429053636874064552098716749508236019236440427814457915785398876262515) by Token House voting. -- [ ] Not vetoed by the Citizens' house. -- [ ] Executed on OP Mainnet. +- [X] Not vetoed by the Citizens' house. +- [X] Executed on OP Mainnet. The governance proposal should be treated as the source of truth and used to verify the correctness of the onchain operations. diff --git a/tasks/eth/base-003-holocene-fp-upgrade/README.md b/tasks/eth/base-003-holocene-fp-upgrade/README.md index 069db85e2..0d70ec540 100644 --- a/tasks/eth/base-003-holocene-fp-upgrade/README.md +++ b/tasks/eth/base-003-holocene-fp-upgrade/README.md @@ -1,6 +1,6 @@ # Holocene Hardfork Upgrade -Status: READY TO SIGN +Status: [EXECUTED](https://etherscan.io/tx/0xb6fc07450001150de1d6edcda68e7b4de5725259bb55ca3e5c22d474c7127e9c) ## Objective diff --git a/tasks/sep/026-fp-holocene-upgrade-fix/README.md b/tasks/sep/026-fp-holocene-upgrade-fix/README.md index 514fa16e8..3034e7b39 100644 --- a/tasks/sep/026-fp-holocene-upgrade-fix/README.md +++ b/tasks/sep/026-fp-holocene-upgrade-fix/README.md @@ -1,6 +1,6 @@ # Holocene Hardfork Upgrade -Status: READY TO SIGN +Status: [EXECUTED](https://sepolia.etherscan.io/tx/0x02746854719a3022f15fd86cc611d28a87901ff90886e877f44bacb36508d256) ## Objective