@ballkidz/defifa 0.0.7 → 0.0.8

package/src/DefifaHook.sol

@@ -36,7 +36,6 @@ import {DefifaTierCashOutWeight} from "./structs/DefifaTierCashOutWeight.sol";
 import {DefifaGamePhase} from "./enums/DefifaGamePhase.sol";
 import {DefifaHookLib} from "./libraries/DefifaHookLib.sol";
 
-/// @title DefifaHook
 /// @notice A hook that transforms Juicebox treasury interactions into a Defifa game.
 contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     using Checkpoints for Checkpoints.Trace208;
@@ -106,17 +105,17 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     //*********************************************************************//
 
     /// @notice The $DEFIFA token that is expected to be issued from paying fees.
-    IERC20 public immutable override defifaToken;
+    IERC20 public immutable override DEFIFA_TOKEN;
 
     /// @notice The $BASE_PROTOCOL token that is expected to be issued from paying fees.
-    IERC20 public immutable override baseProtocolToken;
+    IERC20 public immutable override BASE_PROTOCOL_TOKEN;
 
     //*********************************************************************//
     // --------------------- public stored properties -------------------- //
     //*********************************************************************//
 
     /// @notice The address of the origin 'DefifaHook', used to check in the init if the contract is the original or not
-    address public immutable override codeOrigin;
+    address public immutable override CODE_ORIGIN;
 
     /// @notice The contract that stores and manages the NFT's data.
     IJB721TiersHookStore public override store;
@@ -267,7 +266,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
 
         // Fetch the cash out hook metadata using the corresponding metadata ID.
         (bool metadataExists, bytes memory metadata) = JBMetadataResolver.getDataFor({
-            id: JBMetadataResolver.getId({purpose: "cashOut", target: codeOrigin}), metadata: context.metadata
+            id: JBMetadataResolver.getId({purpose: "cashOut", target: CODE_ORIGIN}), metadata: context.metadata
         });
 
         uint256[] memory decodedTokenIds;
@@ -279,8 +278,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         DefifaGamePhase _gamePhase = gamePhaseReporter.currentGamePhaseOf(context.projectId);
 
         // Calculate the amount paid to mint the tokens that are being burned.
-        uint256 _cumulativeMintPrice =
-            DefifaHookLib.computeCumulativeMintPrice({tokenIds: decodedTokenIds, _store: store, hook: address(this)});
+        uint256 _cumulativeMintPrice = DefifaHookLib.computeCumulativeMintPrice({
+            tokenIds: decodedTokenIds, hookStore: store, hook: address(this)
+        });
 
         // Use this contract as the only cash out hook.
         hookSpecifications = new JBCashOutHookSpecification[](1);
@@ -292,7 +292,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
             gamePhase: _gamePhase,
             cumulativeMintPrice: _cumulativeMintPrice,
             surplusValue: context.surplus.value,
-            _amountRedeemed: amountRedeemed,
+            totalAmountRedeemed: amountRedeemed,
             cumulativeCashOutWeight: cashOutWeightOf(decodedTokenIds)
         });
 
@@ -315,7 +315,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     {
         cumulativeWeight = DefifaHookLib.computeCashOutWeightBatch({
             tokenIds: tokenIds,
-            _store: store,
+            hookStore: store,
             hook: address(this),
             tierCashOutWeights: _tierCashOutWeights,
             tokensRedeemedFrom: tokensRedeemedFrom
@@ -328,7 +328,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     function cashOutWeightOf(uint256 tokenId) public view override returns (uint256) {
         return DefifaHookLib.computeCashOutWeight({
             tokenId: tokenId,
-            _store: store,
+            hookStore: store,
             hook: address(this),
             tierCashOutWeights: _tierCashOutWeights,
             tokensRedeemedFrom: tokensRedeemedFrom
@@ -338,7 +338,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     /// @notice The amount of tokens of a tier that are currently in circulation.
     /// @param tierId The ID of the tier to get the current supply of.
     function currentSupplyOfTier(uint256 tierId) public view returns (uint256) {
-        return DefifaHookLib.computeCurrentSupply({_store: store, hook: address(this), tierId: tierId});
+        return DefifaHookLib.computeCurrentSupply({hookStore: store, hook: address(this), tierId: tierId});
     }
 
     /// @notice Indicates if this contract adheres to the specified interface.
@@ -356,8 +356,8 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         view
         returns (uint256 defifaTokenAllocation, uint256 baseProtocolTokenAllocation)
     {
-        defifaTokenAllocation = defifaToken.balanceOf(address(this));
-        baseProtocolTokenAllocation = baseProtocolToken.balanceOf(address(this));
+        defifaTokenAllocation = DEFIFA_TOKEN.balanceOf(address(this));
+        baseProtocolTokenAllocation = BASE_PROTOCOL_TOKEN.balanceOf(address(this));
     }
 
     /// @notice The metadata URI of the provided token ID.
@@ -384,11 +384,11 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         // slither-disable-next-line unused-return
         return DefifaHookLib.computeTokensClaim({
             tokenIds: tokenIds,
-            _store: store,
+            hookStore: store,
             hook: address(this),
             totalMintCost: _totalMintCost,
-            defifaBalance: defifaToken.balanceOf(address(this)),
-            baseProtocolBalance: baseProtocolToken.balanceOf(address(this))
+            defifaBalance: DEFIFA_TOKEN.balanceOf(address(this)),
+            baseProtocolBalance: BASE_PROTOCOL_TOKEN.balanceOf(address(this))
         });
     }
 
@@ -412,9 +412,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         JB721Hook(_directory)
         Ownable(msg.sender)
     {
-        codeOrigin = address(this);
-        defifaToken = _defifaToken;
-        baseProtocolToken = _baseProtocolToken;
+        CODE_ORIGIN = address(this);
+        DEFIFA_TOKEN = _defifaToken;
+        BASE_PROTOCOL_TOKEN = _baseProtocolToken;
     }
 
     //*********************************************************************//
@@ -483,7 +483,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         override
     {
         // Make the original un-initializable.
-        if (address(this) == codeOrigin) revert();
+        if (address(this) == CODE_ORIGIN) revert();
 
         // Stop re-initialization.
         if (address(store) != address(0)) revert();
@@ -568,6 +568,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         JB721Tier memory _tier = store.tierOf({hook: address(this), id: tierId, includeResolvedUri: false});
 
         // Increment _totalMintCost so reserved recipients can claim their share of fee tokens ($DEFIFA/$NANA).
+        // Note: reserved mints dilute existing fee token claimants because they increase the total mint cost
+        // denominator without contributing new funds to the fee token balances. This is the intended design —
+        // reserved recipients receive a proportional claim on fee tokens as if they had paid to mint.
         _totalMintCost += _tier.price * count;
 
         for (uint256 _i; _i < count;) {
@@ -676,6 +679,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         }
 
         // If there's nothing being claimed and we did not distribute fee tokens, revert to prevent burning for nothing.
+        // Tokens in 0-weight tiers (losing teams) cannot burn to reclaim fees if no fee tokens were
+        // distributed. This is correct behavior — 0-weight means the tier has no claim on the pot. Burning would
+        // return 0 value regardless.
         if (context.reclaimedAmount.value == 0 && !_beneficiaryReceivedTokens) revert DefifaHook_NothingToClaim();
 
         // Decrement the paid mint cost by the cumulative mint price of the tokens being burned.
@@ -718,7 +724,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
 
         // Validate weights and build the array. Reverts on invalid input.
         _tierCashOutWeights =
-            DefifaHookLib.validateAndBuildWeights({tierWeights: tierWeights, _store: store, hook: address(this)});
+            DefifaHookLib.validateAndBuildWeights({tierWeights: tierWeights, hookStore: store, hook: address(this)});
 
         // Mark the cashOut weight as set.
         cashOutWeightIsSet = true;
@@ -730,6 +736,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
     /// @param delegatee The account to delegate tier attestation units to.
     /// @param tierId The ID of the tier to delegate attestation units for.
     function setTierDelegateTo(address delegatee, uint256 tierId) public virtual override {
+        // Make sure a delegate is specified.
+        if (delegatee == address(0)) revert DefifaHook_DelegateAddressZero();
+
         // Make sure the current game phase is the minting phase.
         if (gamePhaseReporter.currentGamePhaseOf(PROJECT_ID) != DefifaGamePhase.MINT) {
             revert DefifaHook_DelegateChangesUnavailableInThisPhase();
@@ -785,11 +794,11 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         returns (bool beneficiaryReceivedTokens)
     {
         return DefifaHookLib.claimTokensFor({
-            _beneficiary: _beneficiary,
+            beneficiary: _beneficiary,
             shareToBeneficiary: shareToBeneficiary,
             outOfTotal: outOfTotal,
-            _defifaToken: defifaToken,
-            _baseProtocolToken: baseProtocolToken
+            defifaToken: DEFIFA_TOKEN,
+            baseProtocolToken: BASE_PROTOCOL_TOKEN
         });
     }
 
@@ -847,6 +856,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         uint256[] memory _tokenIds;
 
         // Record the mint. The returned token IDs correspond to the tiers passed in.
+        // slither-disable-next-line reentrancy-benign
         (_tokenIds, leftoverAmount) = store.recordMint({
             amount: _amount,
             tierIds: _mintTierIds,
@@ -892,8 +902,14 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
             // Get the current amount for the sending delegate.
             uint208 _current = _delegateTierCheckpoints[_from][_tierId].latest();
             // Set the new amount for the sending delegate.
+            // uint208 is sufficient for attestation values: each tier's attestation units are bounded by the NFT
+            // supply (max ~999_999_999 per tier * 128 tiers), well within uint208's ~4.1e62 range.
+            // forge-lint: disable-next-line(unsafe-typecast)
             (uint256 _oldValue, uint256 _newValue) = _delegateTierCheckpoints[_from][_tierId].push({
-                key: uint48(block.timestamp), value: _current - uint208(_amount)
+                // forge-lint: disable-next-line(unsafe-typecast)
+                key: uint48(block.timestamp),
+                // forge-lint: disable-next-line(unsafe-typecast)
+                value: _current - uint208(_amount)
             });
             emit TierDelegateAttestationsChanged(_from, _tierId, _oldValue, _newValue, msg.sender);
         }
@@ -903,8 +919,12 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
             // Get the current amount for the receiving delegate.
             uint208 _current = _delegateTierCheckpoints[_to][_tierId].latest();
             // Set the new amount for the receiving delegate.
+            // forge-lint: disable-next-line(unsafe-typecast)
             (uint256 _oldValue, uint256 _newValue) = _delegateTierCheckpoints[_to][_tierId].push({
-                key: uint48(block.timestamp), value: _current + uint208(_amount)
+                // forge-lint: disable-next-line(unsafe-typecast)
+                key: uint48(block.timestamp),
+                // forge-lint: disable-next-line(unsafe-typecast)
+                value: _current + uint208(_amount)
             });
             emit TierDelegateAttestationsChanged(_to, _tierId, _oldValue, _newValue, msg.sender);
         }
@@ -918,7 +938,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
 
         // Resolve the metadata.
         (bool found, bytes memory metadata) = JBMetadataResolver.getDataFor({
-            id: JBMetadataResolver.getId({purpose: "pay", target: codeOrigin}), metadata: context.payerMetadata
+            id: JBMetadataResolver.getId({purpose: "pay", target: CODE_ORIGIN}), metadata: context.payerMetadata
         });
 
         if (!found) revert DefifaHook_NothingToMint();
@@ -935,8 +955,9 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         if (_tierIdsToMint.length == 0) revert DefifaHook_NothingToMint();
 
         // Compute attestation units per unique tier (validates ascending order, reverts on bad order).
-        (uint256[] memory _tierIds, uint256[] memory _attestationAmounts, uint256 _uniqueTierCount) =
-            DefifaHookLib.computeAttestationUnits({_tierIdsToMint: _tierIdsToMint, _store: store, hook: address(this)});
+        (uint256[] memory _tierIds, uint256[] memory _attestationAmounts, uint256 _uniqueTierCount) = DefifaHookLib.computeAttestationUnits({
+            tierIdsToMint: _tierIdsToMint, hookStore: store, hook: address(this)
+        });
 
         // Apply attestation units for each unique tier.
         for (uint256 _i; _i < _uniqueTierCount;) {
@@ -992,19 +1013,31 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
 
             // If minting, add to the total tier checkpoints.
             if (_from == address(0)) {
+                // Casting to uint208/uint48 is safe because attestation unit amounts are bounded by NFT supply counts.
+                // forge-lint: disable-next-line(unsafe-typecast)
+                uint208 newValue = _current + uint208(_amount);
+                // forge-lint: disable-next-line(unsafe-typecast)
                 // slither-disable-next-line unused-return
-                _totalTierCheckpoints[_tierId].push({key: uint48(block.timestamp), value: _current + uint208(_amount)});
+                _totalTierCheckpoints[_tierId].push({key: uint48(block.timestamp), value: newValue});
             }
 
             // If burning, subtract from the total tier checkpoints.
             if (_to == address(0)) {
+                // Casting to uint208/uint48 is safe because attestation unit amounts are bounded by NFT supply counts.
+                // forge-lint: disable-next-line(unsafe-typecast)
+                uint208 newValue = _current - uint208(_amount);
+                // forge-lint: disable-next-line(unsafe-typecast)
                 // slither-disable-next-line unused-return
-                _totalTierCheckpoints[_tierId].push({key: uint48(block.timestamp), value: _current - uint208(_amount)});
+                _totalTierCheckpoints[_tierId].push({key: uint48(block.timestamp), value: newValue});
             }
         }
 
         // Resolve the recipient's delegate. If the recipient has no delegate set, auto-delegate to themselves to
         // prevent attestation units from being permanently lost.
+        // Note: delegation persists after token transfers. If Alice delegates to Bob, then transfers her token
+        // to Carol, Carol's attestation units auto-delegate to Carol (not Bob). However, Alice's delegation
+        // to Bob persists — if Alice later receives another token, her units still go to Bob. This matches
+        // ERC5805Votes behavior where delegation is an account-level setting, not a token-level one.
         address _toDelegate = _tierDelegation[_to][_tierId];
         if (_toDelegate == address(0) && _to != address(0)) {
             _toDelegate = _to;
@@ -1051,7 +1084,7 @@ contract DefifaHook is JB721Hook, Ownable, IDefifaHook {
         }
 
         // Record the transfer.
-        // slither-disable-next-line reentrency-events,calls-loop
+        // slither-disable-next-line reentrancy-events,calls-loop
         store.recordTransferForTier({tierId: tier.id, from: from, to: to});
 
         // Dont transfer on mint since the delegation will be transferred more efficiently in _processPayment.

package/src/DefifaProjectOwner.sol

@@ -1,16 +1,27 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.26;
 
-import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
-import {DefifaDeployer} from "./DefifaDeployer.sol";
 import {IJBPermissions, JBPermissionsData} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
 import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
 import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
+import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
+
+import {DefifaDeployer} from "./DefifaDeployer.sol";
 
 /// @notice A contract that can be sent a project to be burned, while still allowing defifa permissions.
 /// @dev Once the project NFT is transferred here, it cannot be recovered. This contract permanently
 /// holds the project NFT and grants SET_SPLIT_GROUPS permission to the Defifa deployer.
 contract DefifaProjectOwner is IERC721Receiver {
+    //*********************************************************************//
+    // --------------------------- custom errors ------------------------- //
+    //*********************************************************************//
+
+    error DefifaProjectOwner_InvalidSender();
+
+    //*********************************************************************//
+    // --------------- public immutable stored properties ---------------- //
+    //*********************************************************************//
+
     /// @notice The contract where operator permissions are stored.
     IJBPermissions public immutable PERMISSIONS;
 
@@ -20,6 +31,10 @@ contract DefifaProjectOwner is IERC721Receiver {
     /// @notice The Defifa deployer.
     DefifaDeployer public immutable DEPLOYER;
 
+    //*********************************************************************//
+    // -------------------------- constructor ---------------------------- //
+    //*********************************************************************//
+
     /// @param permissions The contract where operator permissions are stored.
     /// @param projects The contract from which projects are minted.
     /// @param deployer The Defifa deployer which will receive permissions to set splits.
@@ -29,6 +44,10 @@ contract DefifaProjectOwner is IERC721Receiver {
         DEPLOYER = deployer;
     }
 
+    //*********************************************************************//
+    // ---------------------- external transactions ---------------------- //
+    //*********************************************************************//
+
     /// @notice Give the defifa deployer permission to set splits on this contract's behalf.
     function onERC721Received(
         address operator,
@@ -44,7 +63,7 @@ contract DefifaProjectOwner is IERC721Receiver {
         operator;
 
         // Make sure the 721 received is the JBProjects contract.
-        if (msg.sender != address(PROJECTS)) revert();
+        if (msg.sender != address(PROJECTS)) revert DefifaProjectOwner_InvalidSender();
 
         // Set the correct permission.
         uint8[] memory permissionIds = new uint8[](1);
@@ -54,7 +73,11 @@ contract DefifaProjectOwner is IERC721Receiver {
         PERMISSIONS.setPermissionsFor({
             account: address(this),
             permissionsData: JBPermissionsData({
-                operator: address(DEPLOYER), projectId: uint64(tokenId), permissionIds: permissionIds
+                // Casting to uint64 is safe because Juicebox project IDs are sequential and will not exceed uint64.
+                operator: address(DEPLOYER),
+                // forge-lint: disable-next-line(unsafe-typecast)
+                projectId: uint64(tokenId),
+                permissionIds: permissionIds
             })
         });