npm - @bananapus/721-hook-v6 - Versions diffs - 0.0.35 → 0.0.37 - Mend

@bananapus/721-hook-v6 0.0.35 → 0.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/ADMINISTRATION.md +49 -163
package/ARCHITECTURE.md +71 -49
package/AUDIT_INSTRUCTIONS.md +47 -84
package/README.md +40 -28
package/RISKS.md +85 -86
package/SKILLS.md +17 -16
package/USER_JOURNEYS.md +85 -62
package/foundry.toml +2 -0
package/package.json +1 -1
package/references/operations.md +7 -3
package/references/runtime.md +5 -4
package/src/JB721CheckpointsDeployer.sol +2 -0
package/src/JB721TiersHook.sol +0 -2
package/src/JB721TiersHookProjectDeployer.sol +0 -1
package/src/JB721TiersHookStore.sol +1 -2
package/src/abstract/JB721Hook.sol +0 -1
package/src/interfaces/IJB721CheckpointsDeployer.sol +3 -0
package/src/interfaces/IJB721TiersHook.sol +0 -2
package/src/interfaces/IJB721TiersHookStore.sol +1 -1
package/src/libraries/JB721Constants.sol +0 -1
package/src/structs/JB721InitTiersConfig.sol +0 -1
package/src/structs/JB721Tier.sol +0 -2
package/src/structs/JB721TierConfig.sol +0 -2
package/src/structs/JB721TierConfigFlags.sol +0 -1
package/src/structs/JB721TierFlags.sol +0 -1
package/src/structs/JB721TiersHookFlags.sol +0 -1
package/src/structs/JB721TiersMintReservesConfig.sol +0 -1
package/src/structs/JB721TiersRulesetMetadata.sol +0 -1
package/src/structs/JB721TiersSetDiscountPercentConfig.sol +0 -1
package/src/structs/JBBitmapWord.sol +0 -1
package/src/structs/JBDeploy721TiersHookConfig.sol +0 -1
package/src/structs/JBLaunchProjectConfig.sol +0 -1
package/src/structs/JBLaunchRulesetsConfig.sol +0 -1
package/src/structs/JBPayDataHookRulesetConfig.sol +0 -1
package/src/structs/JBPayDataHookRulesetMetadata.sol +0 -1
package/src/structs/JBQueueRulesetsConfig.sol +0 -1
package/src/structs/JBStored721Tier.sol +0 -1
package/test/unit/JB721CheckpointsDeployer_AccessControl.t.sol +116 -0

package/test/unit/JB721CheckpointsDeployer_AccessControl.t.sol ADDED Viewed

@@ -0,0 +1,116 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+import {Test} from "forge-std/Test.sol";
+import {JB721CheckpointsDeployer} from "../../src/JB721CheckpointsDeployer.sol";
+import {IJB721CheckpointsDeployer} from "../../src/interfaces/IJB721CheckpointsDeployer.sol";
+import {IJB721Checkpoints} from "../../src/interfaces/IJB721Checkpoints.sol";
+import {IJB721TiersHookStore} from "../../src/interfaces/IJB721TiersHookStore.sol";
+/// @notice H-1 audit fix: access control tests for JB721CheckpointsDeployer.deploy().
+/// @dev The deployer must only allow the hook address itself (msg.sender == hook) to call deploy().
+contract Test_JB721CheckpointsDeployer_AccessControl is Test {
+    JB721CheckpointsDeployer deployer;
+    address mockStore;
+    function setUp() public {
+        deployer = new JB721CheckpointsDeployer();
+        mockStore = makeAddr("mockStore");
+        vm.etch(mockStore, new bytes(0x69));
+    }
+    // ═══════════════════════════════════════════════════════════
+    // Test 1: Calling deploy() from the hook address succeeds
+    // ═══════════════════════════════════════════════════════════
+    /// @notice deploy() succeeds when msg.sender == hook parameter.
+    function test_deploy_succeedsWhenCallerIsHook() public {
+        address hookAddr = makeAddr("hook");
+        // Call deploy from the hook address, passing itself as the hook parameter.
+        vm.prank(hookAddr);
+        IJB721Checkpoints module = deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+        // Verify the module was deployed (non-zero address).
+        assertTrue(address(module) != address(0), "Module should be deployed");
+    }
+    // ═══════════════════════════════════════════════════════════
+    // Test 2: Calling deploy() from any other address reverts
+    // ═══════════════════════════════════════════════════════════
+    /// @notice deploy() reverts with Unauthorized when msg.sender != hook.
+    function test_deploy_revertsWhenCallerIsNotHook() public {
+        address hookAddr = makeAddr("hook");
+        address attacker = makeAddr("attacker");
+        vm.prank(attacker);
+        vm.expectRevert(IJB721CheckpointsDeployer.JB721CheckpointsDeployer_Unauthorized.selector);
+        deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+    }
+    /// @notice deploy() reverts when caller passes their own address as hook but is not the actual hook.
+    function test_deploy_revertsWhenCallerPassesSelfButIsNotHook() public {
+        address attacker = makeAddr("attacker");
+        address realHook = makeAddr("realHook");
+        // Attacker tries to pass realHook as the hook parameter but calls from their own address.
+        vm.prank(attacker);
+        vm.expectRevert(IJB721CheckpointsDeployer.JB721CheckpointsDeployer_Unauthorized.selector);
+        deployer.deploy(realHook, IJB721TiersHookStore(mockStore));
+    }
+    // ═══════════════════════════════════════════════════════════
+    // Test 3: Front-running scenario
+    // ═══════════════════════════════════════════════════════════
+    /// @notice An attacker cannot front-run the hook by calling deploy() with the hook's address.
+    ///         Since msg.sender must equal hook, the attacker's tx reverts.
+    function test_deploy_frontRunningRevertsForAttacker() public {
+        address hookAddr = makeAddr("hook");
+        address frontRunner = makeAddr("frontRunner");
+        // Front-runner attempts to call deploy with the hook's address before the hook does.
+        vm.prank(frontRunner);
+        vm.expectRevert(IJB721CheckpointsDeployer.JB721CheckpointsDeployer_Unauthorized.selector);
+        deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+        // The legitimate hook can still deploy successfully after the failed front-run attempt.
+        vm.prank(hookAddr);
+        IJB721Checkpoints module = deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+        assertTrue(address(module) != address(0), "Hook should deploy successfully after failed front-run");
+    }
+    /// @notice An attacker who calls deploy(attacker, store) from their own address gets a clone
+    ///         for themselves, but this does NOT affect the real hook's future deployment.
+    function test_deploy_attackerDeploysOwnClone_doesNotAffectRealHook() public {
+        address hookAddr = makeAddr("hook");
+        address attacker = makeAddr("attacker");
+        // Attacker deploys their own clone (msg.sender == attacker == hook param).
+        // This succeeds because msg.sender == hook parameter.
+        vm.prank(attacker);
+        IJB721Checkpoints attackerModule = deployer.deploy(attacker, IJB721TiersHookStore(mockStore));
+        assertTrue(address(attackerModule) != address(0), "Attacker can deploy their own clone");
+        // The real hook can still deploy its own clone (different salt = different CREATE2 address).
+        vm.prank(hookAddr);
+        IJB721Checkpoints hookModule = deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+        assertTrue(address(hookModule) != address(0), "Real hook can still deploy its own clone");
+        // The two clones are at different addresses.
+        assertTrue(
+            address(attackerModule) != address(hookModule),
+            "Attacker clone and hook clone should be different addresses"
+        );
+    }
+    /// @notice Fuzz: any random caller that is not the hook reverts.
+    function testFuzz_deploy_revertsForArbitraryCaller(address caller, address hookAddr) public {
+        vm.assume(caller != hookAddr);
+        vm.prank(caller);
+        vm.expectRevert(IJB721CheckpointsDeployer.JB721CheckpointsDeployer_Unauthorized.selector);
+        deployer.deploy(hookAddr, IJB721TiersHookStore(mockStore));
+    }
+}