@ballkidz/defifa 0.0.35 → 0.0.37

package/RISKS.md

@@ -103,6 +103,14 @@ This means **a single bad split cannot block the others from being paid**, and t
 
 `fulfilledCommitmentsOf[gameId]` always equals the requested commitment amount whenever any portion was attempted, regardless of whether every split succeeded. `currentGamePotOf(gameId, true)` adds this back to the remaining balance so the displayed pot represents the original pre-commitment value, but the actual on-terminal balance may be higher than the displayed pot when splits silently failed — by exactly the failed split amounts, which remain redeemable by game players. The bound therefore stays one-sided: real balance ≥ reported pot.
 
+### 8.9 `DefifaProjectOwner.onERC721Received` accepts any project NFT and grants `SET_SPLIT_GROUPS` on its ID
+
+`DefifaProjectOwner.onERC721Received` (line 53) checks `msg.sender == address(PROJECTS)` but explicitly discards the `from` argument (`from;` at line 63). It then calls `PERMISSIONS.setPermissionsFor` to grant `SET_SPLIT_GROUPS` to the deployer for the received `tokenId`, regardless of whether the transfer was a mint or a stray transfer of an existing project NFT.
+
+Anyone holding any project NFT can `safeTransferFrom` it to this contract and trigger a real on-chain permission grant: the DEPLOYER address gains `SET_SPLIT_GROUPS` authority on whatever projectId was transferred. The grant is dormant in current code because `DefifaDeployer` only invokes `SET_SPLIT_GROUPS` on its own `DEFIFA_PROJECT_ID` lifecycle, but it is a real grant and would activate if any future deployer code path acts on caller-supplied project IDs. The same shape exists in `CTProjectOwner` (croptop) for the `ADJUST_721_TIERS` permission and was previously fixed for `JBOmnichainDeployer.onERC721Received` (finding 72).
+
+Accepted because the grants are dormant against the current deployer surface and the receiving contract's project (the Defifa fee/governance project) is never the recipient of a hostile transfer in canonical flows. Anyone integrating `DefifaProjectOwner` into a deployer that operates on arbitrary projectIds must add the `require(from == address(0))` guard before relying on it.
+
 ### 8.8 Reserve minting is blocked during NO_CONTEST
 
 `DefifaHook.mintReservesFor` reverts with `DefifaHook_ReservedTokenMintingBlockedInNoContest` once `currentGamePhaseOf` reports `NO_CONTEST`. Reserve mints inflate `totalMintCost` so reserved recipients can claim a proportional share of fee tokens. Without this block, a game that failed `minParticipation` could be revived back into a SCORING-eligible state via free notional face value (reserves bump `totalMintCost` over the threshold) before `triggerNoContestFor()` latches the failure into a refund ruleset. The block tightens the §8.4 trust assumption that pending reserves are folded into governance and fee accounting: that remains true while the game is live, but once a game has already failed participation the reserve channel is closed so the no-contest outcome is final.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ballkidz/defifa",
-  "version": "0.0.35",
+  "version": "0.0.37",
   "license": "MIT",
   "engines": {
     "node": "25.9.0"
@@ -31,9 +31,9 @@
     "remappings.txt"
   ],
   "dependencies": {
-    "@bananapus/721-hook-v6": "^0.0.50",
+    "@bananapus/721-hook-v6": "^0.0.51",
     "@bananapus/address-registry-v6": "^0.0.25",
-    "@bananapus/core-v6": "^0.0.53",
+    "@bananapus/core-v6": "^0.0.54",
     "@bananapus/permission-ids-v6": "^0.0.25",
     "@openzeppelin/contracts": "5.6.1",
     "@prb/math": "4.1.1",

package/script/Deploy.s.sol

@@ -106,20 +106,20 @@ contract DeployMainnet is Script, Sphinx {
 
     function deploy() public sphinx {
         DefifaHook hook = new DefifaHook{salt: _salt}({
-            _directory: core.directory, _defifaToken: defifaToken, _baseProtocolToken: baseProtocolToken
+            directory: core.directory, defifaToken: defifaToken, baseProtocolToken: baseProtocolToken
         });
         DefifaTokenUriResolver tokenUriResolver = new DefifaTokenUriResolver{salt: _salt}(_typeface);
         DefifaGovernor governor = new DefifaGovernor{salt: _salt}({controller: core.controller, owner: safeAddress()});
         JB721TiersHookStore hookStore = new JB721TiersHookStore{salt: _salt}();
         DefifaDeployer deployer = new DefifaDeployer{salt: _salt}({
-            _hookCodeOrigin: address(hook),
-            _tokenUriResolver: tokenUriResolver,
-            _governor: governor,
-            _controller: core.controller,
-            _registry: registry.registry,
-            _defifaProjectId: _defifaProjectId,
-            _baseProtocolProjectId: _baseProtocolProjectId,
-            _hookStore: hookStore
+            hookCodeOrigin: address(hook),
+            tokenUriResolver: tokenUriResolver,
+            governor: governor,
+            controller: core.controller,
+            registry: registry.registry,
+            defifaProjectId: _defifaProjectId,
+            baseProtocolProjectId: _baseProtocolProjectId,
+            hookStore: hookStore
         });
 
         governor.transferOwnership(address(deployer));

package/src/DefifaDeployer.sol

@@ -273,31 +273,32 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
     // -------------------------- constructor ---------------------------- //
     //*********************************************************************//
 
-    /// @param _hookCodeOrigin The code of the Defifa hook.
-    /// @param _tokenUriResolver The standard default token URI resolver.
-    /// @param _governor The Defifa governor.
-    /// @param _controller The controller to use to launch the game from.
-    /// @param _registry The contract storing references to the deployer of each hook.
-    /// @param _defifaProjectId The ID of the project that should take the fee from the games.
-    /// @param _baseProtocolProjectId The ID of the protocol project that'll receive fees from fulfilling commitments.
+    /// @param hookCodeOrigin The code of the Defifa hook.
+    /// @param tokenUriResolver The standard default token URI resolver.
+    /// @param governor The Defifa governor.
+    /// @param controller The controller to use to launch the game from.
+    /// @param registry The contract storing references to the deployer of each hook.
+    /// @param defifaProjectId The ID of the project that should take the fee from the games.
+    /// @param baseProtocolProjectId The ID of the protocol project that'll receive fees from fulfilling commitments.
+    /// @param hookStore The store used by Defifa hooks.
     constructor(
-        address _hookCodeOrigin,
-        IJB721TokenUriResolver _tokenUriResolver,
-        IDefifaGovernor _governor,
-        IJBController _controller,
-        IJBAddressRegistry _registry,
-        uint256 _defifaProjectId,
-        uint256 _baseProtocolProjectId,
-        IJB721TiersHookStore _hookStore
+        address hookCodeOrigin,
+        IJB721TokenUriResolver tokenUriResolver,
+        IDefifaGovernor governor,
+        IJBController controller,
+        IJBAddressRegistry registry,
+        uint256 defifaProjectId,
+        uint256 baseProtocolProjectId,
+        IJB721TiersHookStore hookStore
     ) {
-        HOOK_CODE_ORIGIN = _hookCodeOrigin;
-        TOKEN_URI_RESOLVER = _tokenUriResolver;
-        GOVERNOR = _governor;
-        CONTROLLER = _controller;
-        REGISTRY = _registry;
-        DEFIFA_PROJECT_ID = _defifaProjectId;
-        BASE_PROTOCOL_PROJECT_ID = _baseProtocolProjectId;
-        HOOK_STORE = _hookStore;
+        HOOK_CODE_ORIGIN = hookCodeOrigin;
+        TOKEN_URI_RESOLVER = tokenUriResolver;
+        GOVERNOR = governor;
+        CONTROLLER = controller;
+        REGISTRY = registry;
+        DEFIFA_PROJECT_ID = defifaProjectId;
+        BASE_PROTOCOL_PROJECT_ID = baseProtocolProjectId;
+        HOOK_STORE = hookStore;
         /// @dev Uses the deployer address as group ID. Game scoring rulesets use uint160(token) as group ID.
         SPLIT_GROUP = uint256(uint160(address(this)));
     }
@@ -545,7 +546,7 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                 votingUnits: 0,
                 reserveFrequency: defifaTier.reservedRate,
                 reserveBeneficiary: defifaTier.reservedTokenBeneficiary,
-                encodedIPFSUri: defifaTier.encodedIPFSUri,
+                encodedIPFSUri: defifaTier.encodedIpfsUri,
                 category: 0,
                 discountPercent: 0,
                 flags: JB721TierConfigFlags({
@@ -687,7 +688,6 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                 ownerMustSendPayouts: true,
                 holdFees: false,
                 scopeCashOutsToLocalBalances: true,
-                pauseCrossProjectFeeFreeInflows: false,
                 useDataHookForPay: true,
                 useDataHookForCashOut: true,
                 dataHook: metadata.dataHook,
@@ -851,7 +851,6 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                 ownerMustSendPayouts: false,
                 holdFees: false,
                 scopeCashOutsToLocalBalances: true,
-                pauseCrossProjectFeeFreeInflows: false,
                 useDataHookForPay: true,
                 useDataHookForCashOut: true,
                 dataHook: dataHook,
@@ -895,7 +894,6 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                     ownerMustSendPayouts: false,
                     holdFees: false,
                     scopeCashOutsToLocalBalances: true,
-                    pauseCrossProjectFeeFreeInflows: false,
                     useDataHookForPay: true,
                     useDataHookForCashOut: true,
                     dataHook: dataHook,
@@ -956,7 +954,6 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                 ownerMustSendPayouts: true,
                 holdFees: false,
                 scopeCashOutsToLocalBalances: true,
-                pauseCrossProjectFeeFreeInflows: false,
                 useDataHookForPay: true,
                 useDataHookForCashOut: true,
                 dataHook: dataHook,
@@ -1012,7 +1009,6 @@ contract DefifaDeployer is IDefifaDeployer, IDefifaGamePhaseReporter, IDefifaGam
                 ownerMustSendPayouts: false,
                 holdFees: false,
                 scopeCashOutsToLocalBalances: true,
-                pauseCrossProjectFeeFreeInflows: false,
                 useDataHookForPay: true,
                 useDataHookForCashOut: true,
                 dataHook: metadata.dataHook,

package/src/DefifaGovernor.sol

@@ -407,10 +407,10 @@ contract DefifaGovernor is Ownable, IDefifaGovernor {
             }
 
             // maxShare² in totalCashOutWeight scale (nonlinear: gentle for moderate, steep for extreme).
-            uint256 maxShareSquared = mulDiv(maxWeight, maxWeight, totalCashOutWeight);
+            uint256 maxShareSquared = mulDiv({x: maxWeight, y: maxWeight, denominator: totalCashOutWeight});
 
             // Penalty fills headroom proportional to concentration².
-            adjustedQuorum += mulDiv(headroom, maxShareSquared, totalCashOutWeight);
+            adjustedQuorum += mulDiv({x: headroom, y: maxShareSquared, denominator: totalCashOutWeight});
         }
 
         scorecard.quorumSnapshot = adjustedQuorum;

package/src/DefifaHook.sol

@@ -390,7 +390,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     /// @return The token URI corresponding with the tier or the tokenUriResolver URI.
     function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
         // Use the resolver.
-        return store.tokenUriResolverOf(address(this)).tokenUriOf(address(this), tokenId);
+        return store.tokenUriResolverOf(address(this)).tokenUriOf({nft: address(this), tokenId: tokenId});
     }
 
     /// @notice The amount of $DEFIFA and $BASE_PROTOCOL tokens claimable for a set of token IDs.
@@ -431,22 +431,22 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
 
     /// @dev The initial owner is msg.sender; ownership is transferred to the governor after initialization.
     constructor(
-        IJBDirectory _directory,
-        IERC20 _defifaToken,
-        IERC20 _baseProtocolToken
+        IJBDirectory directory,
+        IERC20 defifaToken,
+        IERC20 baseProtocolToken
     )
-        JB721Hook(_directory)
+        JB721Hook(directory)
         Ownable(msg.sender)
     {
-        if (address(_defifaToken) == address(_baseProtocolToken)) {
+        if (address(defifaToken) == address(baseProtocolToken)) {
             revert DefifaHook_IdenticalTokens({
-                defifaToken: address(_defifaToken), baseProtocolToken: address(_baseProtocolToken)
+                defifaToken: address(defifaToken), baseProtocolToken: address(baseProtocolToken)
             });
         }
 
         CODE_ORIGIN = address(this);
-        DEFIFA_TOKEN = _defifaToken;
-        BASE_PROTOCOL_TOKEN = _baseProtocolToken;
+        DEFIFA_TOKEN = defifaToken;
+        BASE_PROTOCOL_TOKEN = baseProtocolToken;
     }
 
     //*********************************************************************//
@@ -1135,7 +1135,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
             hookStore.tierOfTokenId({hook: address(this), tokenId: tokenId, includeResolvedUri: false});
 
         // Record the transfers and keep a reference to where the token is coming from.
-        from = super._update(to, tokenId, auth);
+        from = super._update({to: to, tokenId: tokenId, auth: auth});
 
         // Transfers must not be paused (when not minting or burning).
         if (from != address(0)) {

package/src/DefifaTokenUriResolver.sol

@@ -2,10 +2,10 @@
 pragma solidity 0.8.28;
 
 import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
+import {IERC721Metadata} from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol";
 import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
 import {mulDiv} from "@prb/math/src/Common.sol";
 
-import {ERC721} from "@bananapus/721-hook-v6/src/abstract/ERC721.sol";
 import {IJB721TokenUriResolver} from "@bananapus/721-hook-v6/src/interfaces/IJB721TokenUriResolver.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
 import {JBIpfsDecoder} from "@bananapus/721-hook-v6/src/libraries/JBIpfsDecoder.sol";
@@ -65,15 +65,14 @@ contract DefifaTokenUriResolver is IDefifaTokenUriResolver, IJB721TokenUriResolv
         // Keep a reference to the game phase text.
         string memory gamePhaseText;
 
-        // Keep a reference to the rarity text;
+        // Keep a reference to the rarity text.
         string memory rarityText;
 
-        // Keep a reference to the rarity text;
+        // Keep a reference to the value text.
         string memory valueText;
 
         // Keep a reference to the game's name (escaped for JSON/SVG safety).
-        // TODO: Somehow make the `IDefifaHook` have the `name` function.
-        string memory titleSvg = _escapeSvg(ERC721(address(hook)).name());
+        string memory titleSvg = _escapeSvg(IERC721Metadata(address(hook)).name());
 
         // Keep a reference to the tier's name.
         string memory teamJson;
@@ -293,7 +292,7 @@ contract DefifaTokenUriResolver is IDefifaTokenUriResolver, IJB721TokenUriResolv
         try IERC20Metadata(token).symbol() returns (string memory s) {
             tokenSymbol = _escapeSvg(s);
         } catch {
-            tokenSymbol = Strings.toHexString(uint160(token), 20);
+            tokenSymbol = Strings.toHexString({value: uint160(token), length: 20});
         }
 
         return string(abi.encodePacked(integerPart, ".", decimalPartStr, " ", tokenSymbol));

package/src/structs/DefifaTierParams.sol

@@ -5,13 +5,13 @@ pragma solidity ^0.8.0;
 /// @custom:member name The name of the tier.
 /// @custom:member reservedRate The number of minted tokens needed in the tier to allow for minting another reserved
 /// token. @custom:member reservedRateBeneficiary The beneficiary of the reserved tokens for this tier.
-/// @custom:member encodedIPFSUri The URI to use for each token within the tier.
+/// @custom:member encodedIpfsUri The URI to use for each token within the tier.
 /// @custom:member shouldUseReservedRateBeneficiaryAsDefault A flag indicating if the `reservedTokenBeneficiary` should
 /// be stored as the default beneficiary for all tiers, saving storage.
 struct DefifaTierParams {
     string name;
     uint16 reservedRate;
     address reservedTokenBeneficiary;
-    bytes32 encodedIPFSUri;
+    bytes32 encodedIpfsUri;
     bool shouldUseReservedTokenBeneficiaryAsDefault;
 }