npm - @bananapus/core-v6 - Versions diffs - 0.0.24 → 0.0.25 - Mend

@bananapus/core-v6 0.0.24 → 0.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/test/TestFeeFreeCashOutBypass.sol CHANGED Viewed

@@ -591,6 +591,338 @@ contract TestFeeFreeCashOutBypass is TestBaseWorkflow {
         assertApproxEqAbs(reclaimAmount, expectedNet, 2, "fee should apply to full 20 ETH surplus");
     }
+    /// @notice Multi-hop payouts: A → B → C. Both B and C should incur fees on cashout.
+    /// Project A pays Project B (0 cashout tax, same terminal). Project B receives external payment.
+    /// Project B pays Project C (0 cashout tax, same terminal). Both B and C cashouts incur fees.
+    function testMultiHopPayoutsCannotAvoidFees() external {
+        uint256 projectIdC = _launchMultiHopProjectC();
+        _configureProjectBPayoutsTo(projectIdC);
+        vm.prank(_projectOwner);
+        _controller.deployERC20For(_projectIdB, "ProjectB", "PB", bytes32(0));
+        vm.prank(_projectOwner);
+        _controller.deployERC20For(projectIdC, "ProjectC", "PC", bytes32(0));
+        // Step 1: Pay project A, trigger payout → 10 ETH lands on B (fee-free).
+        vm.deal(_attacker, 100 ether);
+        vm.prank(_attacker);
+        _terminal.pay{value: 100 ether}({
+            projectId: _projectIdA,
+            amount: 100 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: _attacker,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        _terminal.sendPayoutsOf({
+            projectId: _projectIdA,
+            amount: _payoutLimit,
+            currency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
+            token: JBConstants.NATIVE_TOKEN,
+            minTokensPaidOut: 0
+        });
+        // B: balance = 10 ETH, fee-free = 10 ETH.
+        // Step 2: External payment of 100 ETH to project B.
+        address user = makeAddr("user");
+        vm.deal(user, 100 ether);
+        vm.prank(user);
+        _terminal.pay{value: 100 ether}({
+            projectId: _projectIdB,
+            amount: 100 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: user,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        // B: balance = 110 ETH, fee-free = 10 ETH.
+        // Step 3: Project B pays out 100 ETH to Project C (same terminal, fee-free for C).
+        _terminal.sendPayoutsOf({
+            projectId: _projectIdB,
+            amount: 100 ether,
+            currency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
+            token: JBConstants.NATIVE_TOKEN,
+            minTokensPaidOut: 0
+        });
+        // B: balance = 10 ETH, fee-free = 10 (stays: non-fee-free left first).
+        // C: balance = 100 ETH, fee-free = 100 ETH.
+        // Step 4: Cash out from C — fees must apply to the full 100 ETH.
+        _assertCashOutIncursFees(projectIdC, _attacker);
+        // Step 5: Cash out attacker's tokens from B — fees must apply (B is all fee-free).
+        _assertCashOutIncursFees(_projectIdB, _attacker);
+    }
+    /// @dev Assert that cashing out all tokens from `projectId` for `holder` incurs a fee.
+    function _assertCashOutIncursFees(uint256 projectId, address holder) internal {
+        uint256 holderTokens = _tokens.totalBalanceOf(holder, projectId);
+        if (holderTokens == 0) return;
+        uint256 balBefore = holder.balance;
+        vm.prank(holder);
+        uint256 reclaim = _terminal.cashOutTokensOf({
+            holder: holder,
+            projectId: projectId,
+            cashOutCount: holderTokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(holder),
+            metadata: new bytes(0)
+        });
+        // With cashOutTaxRate = 0, gross reclaim = proportional share of balance.
+        // Fee-free surplus means a 2.5% fee is applied → net < gross.
+        assertGt(reclaim, 0, "should reclaim something");
+        // The fee should have been deducted: actual ETH received < reclaim + fee.
+        uint256 ethReceived = holder.balance - balBefore;
+        assertEq(ethReceived, reclaim, "ETH received should match reclaim");
+    }
+    /// @dev Launch Project C with zero tax for multi-hop test.
+    function _launchMultiHopProjectC() internal returns (uint256) {
+        JBTerminalConfig[] memory termConfigs = new JBTerminalConfig[](1);
+        JBAccountingContext[] memory ctxs = new JBAccountingContext[](1);
+        ctxs[0] = JBAccountingContext({
+            token: JBConstants.NATIVE_TOKEN, decimals: 18, currency: uint32(uint160(JBConstants.NATIVE_TOKEN))
+        });
+        termConfigs[0] = JBTerminalConfig({terminal: _terminal, accountingContextsToAccept: ctxs});
+        JBRulesetConfig[] memory rc = new JBRulesetConfig[](1);
+        rc[0].mustStartAtOrAfter = 0;
+        rc[0].duration = 0;
+        rc[0].weight = _weight;
+        rc[0].metadata = _zeroTaxMetadata();
+        rc[0].splitGroups = new JBSplitGroup[](0);
+        rc[0].fundAccessLimitGroups = new JBFundAccessLimitGroup[](0);
+        return _controller.launchProjectFor({
+            owner: _projectOwner,
+            projectUri: "project-c-multihop",
+            rulesetConfigurations: rc,
+            terminalConfigurations: termConfigs,
+            memo: ""
+        });
+    }
+    /// @dev Reconfigure Project B to route 100% payouts to `targetProjectId`.
+    function _configureProjectBPayoutsTo(uint256 targetProjectId) internal {
+        JBSplit[] memory splits = new JBSplit[](1);
+        splits[0] = JBSplit({
+            preferAddToBalance: false,
+            percent: JBConstants.SPLITS_TOTAL_PERCENT,
+            // forge-lint: disable-next-line(unsafe-typecast)
+            projectId: uint64(targetProjectId),
+            beneficiary: payable(_attacker),
+            lockedUntil: 0,
+            hook: IJBSplitHook(address(0))
+        });
+        JBSplitGroup[] memory splitGroups = new JBSplitGroup[](1);
+        splitGroups[0] = JBSplitGroup({groupId: uint32(uint160(JBConstants.NATIVE_TOKEN)), splits: splits});
+        JBCurrencyAmount[] memory limits = new JBCurrencyAmount[](1);
+        limits[0] = JBCurrencyAmount({amount: 100 ether, currency: uint32(uint160(JBConstants.NATIVE_TOKEN))});
+        JBFundAccessLimitGroup[] memory fundAccess = new JBFundAccessLimitGroup[](1);
+        fundAccess[0] = JBFundAccessLimitGroup({
+            terminal: address(_terminal),
+            token: JBConstants.NATIVE_TOKEN,
+            payoutLimits: limits,
+            surplusAllowances: new JBCurrencyAmount[](0)
+        });
+        JBRulesetConfig[] memory rc = new JBRulesetConfig[](1);
+        rc[0].mustStartAtOrAfter = 0;
+        rc[0].duration = 0;
+        rc[0].weight = _weight;
+        rc[0].metadata = _zeroTaxMetadata();
+        rc[0].splitGroups = splitGroups;
+        rc[0].fundAccessLimitGroups = fundAccess;
+        vm.prank(_projectOwner);
+        _controller.queueRulesetsOf({projectId: _projectIdB, rulesetConfigurations: rc, memo: ""});
+    }
+    /// @notice Non-zero-tax cashouts cap fee-free surplus at remaining balance.
+    /// Without this, switching from non-zero to zero tax could let stale surplus over-charge.
+    function testNonZeroTaxCashOutCapsFeeFreeSurplus() external {
+        vm.prank(_projectOwner);
+        _controller.deployERC20For(_projectIdB, "ProjectB", "PB", bytes32(0));
+        // Step 1: Pay project A, trigger payout → 10 ETH fee-free on B.
+        vm.deal(_attacker, 10 ether);
+        vm.prank(_attacker);
+        _terminal.pay{value: 10 ether}({
+            projectId: _projectIdA,
+            amount: 10 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: _attacker,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        _terminal.sendPayoutsOf({
+            projectId: _projectIdA,
+            amount: _payoutLimit,
+            currency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
+            token: JBConstants.NATIVE_TOKEN,
+            minTokensPaidOut: 0
+        });
+        // B: balance = 10 ETH, fee-free = 10 ETH.
+        // Step 2: Pay B directly with 90 ETH more.
+        address user = makeAddr("user");
+        vm.deal(user, 90 ether);
+        vm.prank(user);
+        _terminal.pay{value: 90 ether}({
+            projectId: _projectIdB,
+            amount: 90 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: user,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        // B: balance = 100 ETH, fee-free = 10 ETH.
+        // Step 3: Reconfigure B with non-zero cash out tax, then cash out most of the balance.
+        _reconfigureWithTaxRate(_projectIdB, 5000); // 50% tax
+        // Cash out 95% of user's tokens at 50% tax → drains most balance.
+        uint256 userTokens = _tokens.totalBalanceOf(user, _projectIdB);
+        vm.prank(user);
+        _terminal.cashOutTokensOf({
+            holder: user,
+            projectId: _projectIdB,
+            cashOutCount: userTokens * 95 / 100,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(user),
+            metadata: new bytes(0)
+        });
+        // Balance dropped significantly. _reduceFeeFreeSurplus should have capped fee-free at remaining balance.
+        // Step 4: Switch back to zero tax. Cash out remaining.
+        _reconfigureWithTaxRate(_projectIdB, 0);
+        uint256 remainingUserTokens = _tokens.totalBalanceOf(user, _projectIdB);
+        if (remainingUserTokens > 0) {
+            vm.prank(user);
+            uint256 reclaim = _terminal.cashOutTokensOf({
+                holder: user,
+                projectId: _projectIdB,
+                cashOutCount: remainingUserTokens,
+                tokenToReclaim: JBConstants.NATIVE_TOKEN,
+                minTokensReclaimed: 0,
+                beneficiary: payable(user),
+                metadata: new bytes(0)
+            });
+            // Should NOT revert. Fee-free was capped during the non-zero-tax cashout,
+            // so it doesn't exceed the remaining balance.
+            assertGt(reclaim, 0, "should reclaim something after tax rate switch");
+        }
+    }
+    /// @notice Feeless beneficiary cashout still caps fee-free surplus at remaining balance.
+    function testFeelessBeneficiaryCashOutCapsFeeFreeSurplus() external {
+        vm.prank(_projectOwner);
+        _controller.deployERC20For(_projectIdB, "ProjectB", "PB", bytes32(0));
+        // Step 1: Pay project A, trigger payout → 10 ETH fee-free on B.
+        vm.deal(_attacker, 10 ether);
+        vm.prank(_attacker);
+        _terminal.pay{value: 10 ether}({
+            projectId: _projectIdA,
+            amount: 10 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: _attacker,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        _terminal.sendPayoutsOf({
+            projectId: _projectIdA,
+            amount: _payoutLimit,
+            currency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
+            token: JBConstants.NATIVE_TOKEN,
+            minTokensPaidOut: 0
+        });
+        // B: balance = 10 ETH, fee-free = 10 ETH. Attacker has tokens.
+        // Step 2: Mark attacker as feeless.
+        vm.prank(multisig());
+        jbFeelessAddresses().setFeelessAddress(_attacker, true);
+        // Step 3: Feeless cashout — no fees charged, but _reduceFeeFreeSurplus should still cap.
+        uint256 attackerTokens = _tokens.totalBalanceOf(_attacker, _projectIdB);
+        vm.prank(_attacker);
+        uint256 reclaim = _terminal.cashOutTokensOf({
+            holder: _attacker,
+            projectId: _projectIdB,
+            cashOutCount: attackerTokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(_attacker),
+            metadata: new bytes(0)
+        });
+        // Feeless beneficiary gets full amount — no fee deducted.
+        assertEq(reclaim, 10 ether, "feeless beneficiary should get full reclaim");
+        // Step 4: Pay B again directly. If fee-free wasn't capped, it would still be 10 ETH
+        // even though balance went to 0 after the feeless cashout.
+        address user = makeAddr("user");
+        vm.deal(user, 10 ether);
+        vm.prank(user);
+        _terminal.pay{value: 10 ether}({
+            projectId: _projectIdB,
+            amount: 10 ether,
+            token: JBConstants.NATIVE_TOKEN,
+            beneficiary: user,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: new bytes(0)
+        });
+        // Step 5: Cash out as user (not feeless). Fee-free should be 0 (capped at 0 after feeless cashout).
+        // So this direct-pay cashout should be fee-free.
+        uint256 userTokens = _tokens.totalBalanceOf(user, _projectIdB);
+        vm.prank(user);
+        uint256 userReclaim = _terminal.cashOutTokensOf({
+            holder: user,
+            projectId: _projectIdB,
+            cashOutCount: userTokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(user),
+            metadata: new bytes(0)
+        });
+        // Direct payment → zero fee-free surplus → no fee. User gets full amount.
+        assertEq(userReclaim, 10 ether, "direct pay-in should be fee-free after feeless cashout cleared surplus");
+        // Clean up: unmark feeless.
+        vm.prank(multisig());
+        jbFeelessAddresses().setFeelessAddress(_attacker, false);
+    }
+    /// @dev Reconfigure project with a new cashOutTaxRate (keeps zero-tax metadata otherwise).
+    function _reconfigureWithTaxRate(uint256 projectId, uint16 taxRate) internal {
+        JBRulesetMetadata memory meta = _zeroTaxMetadata();
+        meta.cashOutTaxRate = taxRate;
+        JBRulesetConfig[] memory rc = new JBRulesetConfig[](1);
+        rc[0].mustStartAtOrAfter = 0;
+        rc[0].duration = 0;
+        rc[0].weight = _weight;
+        rc[0].metadata = meta;
+        rc[0].splitGroups = new JBSplitGroup[](0);
+        rc[0].fundAccessLimitGroups = new JBFundAccessLimitGroup[](0);
+        vm.prank(_projectOwner);
+        _controller.queueRulesetsOf({projectId: projectId, rulesetConfigurations: rc, memo: ""});
+    }
     function _zeroTaxMetadata() internal pure returns (JBRulesetMetadata memory) {
         return JBRulesetMetadata({
             reservedPercent: 0,

package/test/TestJBERC20Inheritance.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 import {TestBaseWorkflow} from "./helpers/TestBaseWorkflow.sol";
 import {JBERC20} from "../src/JBERC20.sol";

package/test/TestMetadataOffsetOverflow.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 import {Test} from "forge-std/Test.sol";
 import {MetadataResolverHelper} from "./helpers/MetadataResolverHelper.sol";

package/test/TestMetadataParserLib.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 import {Test} from "forge-std/Test.sol";
 import {MetadataResolverHelper} from "./helpers/MetadataResolverHelper.sol";

package/test/TestMultiTerminalSurplus.sol CHANGED Viewed

@@ -106,7 +106,7 @@ contract TestMultiTerminalSurplus_Local is TestBaseWorkflow {
         // Add price feed: USDC priced in native token terms.
         vm.prank(_projectOwner);
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId, pricingCurrency: _usdcCurrency, unitCurrency: _nativeCurrency, feed: _ethToUsdcFeed
         });

package/test/TestMultiTokenSurplus.sol CHANGED Viewed

@@ -97,7 +97,7 @@ contract TestMultiTokenSurplus_Local is TestBaseWorkflow {
         // Add price feed: USDC priced in terms of native token
         // This allows the terminal to convert USDC balances to ETH-denominated surplus
         vm.prank(_projectOwner);
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId, pricingCurrency: _usdcCurrency, unitCurrency: _nativeCurrency, feed: _ethToUsdcFeed
         });
     }

package/test/TestMultipleAccessLimits.sol CHANGED Viewed

@@ -135,7 +135,7 @@ contract TestMultipleAccessLimits_Local is TestBaseWorkflow {
         MockPriceFeed _priceFeedNativeUsd = new MockPriceFeed(_nativePricePerUsd, 18);
         vm.label(address(_priceFeedNativeUsd), "Mock Price Feed Native-USD");
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId,
             pricingCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
             unitCurrency: uint32(uint160(address(usdcToken()))),
@@ -473,13 +473,13 @@ contract TestMultipleAccessLimits_Local is TestBaseWorkflow {
             });
             vm.startPrank(address(_projectOwner));
-            _controller.addPriceFeed({
+            _controller.addPriceFeedFor({
                 projectId: _projectId,
                 pricingCurrency: JBCurrencyIds.USD,
                 unitCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
                 feed: IJBPriceFeed(address(new MockPriceFeed(_nativePricePerUsd, 18)))
             });
-            _controller.addPriceFeed({
+            _controller.addPriceFeedFor({
                 projectId: _dummyy,
                 pricingCurrency: JBCurrencyIds.USD,
                 unitCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
@@ -594,7 +594,7 @@ contract TestMultipleAccessLimits_Local is TestBaseWorkflow {
         MockPriceFeed _priceFeedNativeUsd = new MockPriceFeed(_price, 18);
         vm.label(address(_priceFeedNativeUsd), "Mock Price Feed MyToken-Native");
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId,
             pricingCurrency: _nativeCurrency,
             unitCurrency: uint32(uint160(address(usdcToken()))),

package/test/TestPermit2DataHook.t.sol CHANGED Viewed

@@ -164,7 +164,7 @@ contract TestPermit2DataHook_Local is TestBaseWorkflow {
         MockPriceFeed _priceFeedNativeUsd = new MockPriceFeed(_nativePricePerUsd, 18);
         vm.label(address(_priceFeedNativeUsd), "Mock Price Feed Native-USD");
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId,
             pricingCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
             unitCurrency: uint32(uint160(address(usdcToken()))),

package/test/TestPermit2Terminal.sol CHANGED Viewed

@@ -125,7 +125,7 @@ contract TestPermit2Terminal_Local is TestBaseWorkflow {
         MockPriceFeed _priceFeedNativeUsd = new MockPriceFeed(_nativePricePerUsd, 18);
         vm.label(address(_priceFeedNativeUsd), "Mock Price Feed Native-USD");
-        _controller.addPriceFeed({
+        _controller.addPriceFeedFor({
             projectId: _projectId,
             pricingCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
             unitCurrency: uint32(uint160(address(usdcToken()))),

package/test/TestTerminalPreviewParity.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.26;
+pragma solidity ^0.8.28;
 import {TestBaseWorkflow} from "./helpers/TestBaseWorkflow.sol";
 import {IJBController} from "../src/interfaces/IJBController.sol";