@bananapus/distributor-v6 0.0.5 → 0.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/distributor-v6",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "license": "MIT",
   "repository": {
     "type": "git",

package/src/JB721Distributor.sol

@@ -55,6 +55,19 @@ contract JB721Distributor is JBDistributor, IJB721Distributor {
     /// @notice The JB directory used to verify terminal/controller callers.
     IJBDirectory public immutable DIRECTORY;
 
+    //*********************************************************************//
+    // -------------------- internal stored properties ------------------- //
+    //*********************************************************************//
+
+    /// @notice Tracks voting power consumed per hook/token/round/owner to prevent cap resets across calls.
+    /// @custom:param hook The hook address.
+    /// @custom:param token The reward token.
+    /// @custom:param releaseRound The vesting release round.
+    /// @custom:param owner The NFT owner.
+    mapping(
+        address hook => mapping(IERC20 token => mapping(uint256 releaseRound => mapping(address owner => uint256)))
+    ) internal _consumedVotesOf;
+
     //*********************************************************************//
     // -------------------------- constructor ---------------------------- //
     //*********************************************************************//
@@ -108,16 +121,21 @@ contract JB721Distributor is JBDistributor, IJB721Distributor {
                 // Use balance delta to handle fee-on-transfer tokens correctly.
                 uint256 balanceBefore = IERC20(context.token).balanceOf(address(this));
                 IERC20(context.token).safeTransferFrom(msg.sender, address(this), context.amount);
-                _balanceOf[hook][IERC20(context.token)] += IERC20(context.token).balanceOf(address(this))
-                - balanceBefore;
+                uint256 delta = IERC20(context.token).balanceOf(address(this)) - balanceBefore;
+                _balanceOf[hook][IERC20(context.token)] += delta;
+                _accountedBalanceOf[IERC20(context.token)] += delta;
             } else {
-                // Controller-prepaid path: the controller sends tokens directly before calling processSplitWith.
-                // Credit the declared amount since the tokens are already held by this contract.
+                // Controller-prepaid path: verify actual unaccounted balance covers the declared amount.
+                uint256 actual = IERC20(context.token).balanceOf(address(this));
+                uint256 unaccounted = actual - _accountedBalanceOf[IERC20(context.token)];
+                if (unaccounted < context.amount) revert JBDistributor_UnfundedSplitCredit();
+                _accountedBalanceOf[IERC20(context.token)] += context.amount;
                 _balanceOf[hook][IERC20(context.token)] += context.amount;
             }
         } else if (msg.value != 0) {
             // Native ETH: credit actual value received.
             _balanceOf[hook][IERC20(context.token)] += msg.value;
+            _accountedBalanceOf[IERC20(context.token)] += msg.value;
         }
     }
 
@@ -194,6 +212,14 @@ contract JB721Distributor is JBDistributor, IJB721Distributor {
                 ++j;
             }
         }
+
+        // Persist consumed voting power to storage to prevent cap resets across calls.
+        for (uint256 k; k < uniqueCount;) {
+            _consumedVotesOf[hook][token][vestingReleaseRound][owners[k]] = consumed[k];
+            unchecked {
+                ++k;
+            }
+        }
     }
 
     //*********************************************************************//
@@ -354,6 +380,8 @@ contract JB721Distributor is JBDistributor, IJB721Distributor {
             if (!found) {
                 ownerIndex = newUniqueCount;
                 owners[newUniqueCount] = owner;
+                // Initialize from persistent storage to prevent cap resets across calls.
+                consumed[newUniqueCount] = _consumedVotesOf[ctx.hook][ctx.token][ctx.vestingReleaseRound][owner];
                 unchecked {
                     ++newUniqueCount;
                 }

package/src/JBDistributor.sol

@@ -27,9 +27,18 @@ abstract contract JBDistributor is IJBDistributor {
     /// @notice Thrown when the caller does not have access to the token.
     error JBDistributor_NoAccess();
 
+    /// @notice Thrown when the round duration is zero.
+    error JBDistributor_InvalidRoundDuration();
+
     /// @notice Thrown when there is nothing to distribute for a token in the current round.
     error JBDistributor_NothingToDistribute();
 
+    /// @notice Thrown when a controller-prepaid split credit is not backed by actual token balance.
+    error JBDistributor_UnfundedSplitCredit();
+
+    /// @notice Thrown when unexpected native ETH is sent with an ERC-20 operation.
+    error JBDistributor_UnexpectedNativeValue();
+
     //*********************************************************************//
     // ------------------------- public constants ------------------------ //
     //*********************************************************************//
@@ -80,6 +89,10 @@ abstract contract JBDistributor is IJBDistributor {
     // -------------------- internal stored properties ------------------- //
     //*********************************************************************//
 
+    /// @notice The total accounted balance of each token across all hooks.
+    /// @custom:param token The token to check the accounted balance of.
+    mapping(IERC20 token => uint256) internal _accountedBalanceOf;
+
     /// @notice The balance of a token held for a specific hook's stakers.
     /// @custom:param hook The hook whose balance to check.
     /// @custom:param token The token to check the balance of.
@@ -99,6 +112,7 @@ abstract contract JBDistributor is IJBDistributor {
     /// @param roundDuration_ The duration of each round, specified in seconds.
     /// @param vestingRounds_ The number of rounds until tokens are fully vested.
     constructor(uint256 roundDuration_, uint256 vestingRounds_) {
+        if (roundDuration_ == 0) revert JBDistributor_InvalidRoundDuration();
         startingTimestamp = block.timestamp;
         roundDuration = roundDuration_;
         vestingRounds = vestingRounds_;
@@ -162,12 +176,14 @@ abstract contract JBDistributor is IJBDistributor {
         if (address(token) == JBConstants.NATIVE_TOKEN) {
             amount = msg.value;
         } else {
+            if (msg.value != 0) revert JBDistributor_UnexpectedNativeValue();
             // Use balance delta to handle fee-on-transfer tokens correctly.
             uint256 balanceBefore = token.balanceOf(address(this));
             token.safeTransferFrom(msg.sender, address(this), amount);
             amount = token.balanceOf(address(this)) - balanceBefore;
         }
         _balanceOf[hook][token] += amount;
+        _accountedBalanceOf[token] += amount;
     }
 
     /// @notice Record the snapshot block for the current round. Callable by anyone (keepers, frontends).
@@ -465,6 +481,7 @@ abstract contract JBDistributor is IJBDistributor {
                 if (ownerClaim) {
                     // Decrement the hook's balance and transfer tokens out.
                     _balanceOf[hook][token] -= totalTokenAmount;
+                    _accountedBalanceOf[token] -= totalTokenAmount;
 
                     if (address(token) == JBConstants.NATIVE_TOKEN) {
                         // slither-disable-next-line arbitrary-send-eth,reentrancy-eth

package/src/JBTokenDistributor.sol

@@ -90,16 +90,21 @@ contract JBTokenDistributor is JBDistributor, IJBTokenDistributor {
                 // Use balance delta to handle fee-on-transfer tokens correctly.
                 uint256 balanceBefore = IERC20(context.token).balanceOf(address(this));
                 IERC20(context.token).safeTransferFrom(msg.sender, address(this), context.amount);
-                _balanceOf[hook][IERC20(context.token)] += IERC20(context.token).balanceOf(address(this))
-                - balanceBefore;
+                uint256 delta = IERC20(context.token).balanceOf(address(this)) - balanceBefore;
+                _balanceOf[hook][IERC20(context.token)] += delta;
+                _accountedBalanceOf[IERC20(context.token)] += delta;
             } else {
-                // Controller-prepaid path: the controller sends tokens directly before calling processSplitWith.
-                // Credit the declared amount since the tokens are already held by this contract.
+                // Controller-prepaid path: verify actual unaccounted balance covers the declared amount.
+                uint256 actual = IERC20(context.token).balanceOf(address(this));
+                uint256 unaccounted = actual - _accountedBalanceOf[IERC20(context.token)];
+                if (unaccounted < context.amount) revert JBDistributor_UnfundedSplitCredit();
+                _accountedBalanceOf[IERC20(context.token)] += context.amount;
                 _balanceOf[hook][IERC20(context.token)] += context.amount;
             }
         } else if (msg.value != 0) {
             // Native ETH: credit actual value received.
             _balanceOf[hook][IERC20(context.token)] += msg.value;
+            _accountedBalanceOf[IERC20(context.token)] += msg.value;
         }
     }
 

package/test/audit/CodexNemesisAccountingPoC.t.sol

@@ -18,6 +18,7 @@ import {JBSplitHookContext} from "@bananapus/core-v6/src/structs/JBSplitHookCont
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
 import {JB721TierFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierFlags.sol";
 
+import {JBDistributor} from "../../src/JBDistributor.sol";
 import {JB721Distributor} from "../../src/JB721Distributor.sol";
 import {JBTokenDistributor} from "../../src/JBTokenDistributor.sol";
 
@@ -180,31 +181,19 @@ contract CodexNemesisAccountingPoCTest is Test {
             split: split
         });
 
+        // C-6 FIX: The malicious controller did not actually transfer tokens, so the
+        // balance-delta check reverts with UnfundedSplitCredit.
         vm.prank(maliciousController);
+        vm.expectRevert(JBDistributor.JBDistributor_UnfundedSplitCredit.selector);
         distributor.processSplitWith(fakeContext);
 
-        assertEq(rewardToken.balanceOf(address(distributor)), 1000 ether, "no additional reward tokens arrived");
+        // The real balance should remain intact — the attack was blocked.
+        assertEq(rewardToken.balanceOf(address(distributor)), 1000 ether, "balance unchanged after blocked attack");
         assertEq(
             distributor.balanceOf(address(votesToken), IERC20(address(rewardToken))),
-            100_000 ether,
-            "tracked balance was inflated by context.amount"
+            1000 ether,
+            "tracked balance was not inflated"
         );
-
-        uint256[] memory tokenIds = new uint256[](1);
-        tokenIds[0] = uint256(uint160(attacker));
-        IERC20[] memory tokens = new IERC20[](1);
-        tokens[0] = IERC20(address(rewardToken));
-
-        distributor.beginVesting(address(votesToken), tokenIds, tokens);
-        assertEq(distributor.claimedFor(address(votesToken), tokenIds[0], tokens[0]), 1000 ether);
-
-        vm.warp(distributor.roundStartTimestamp(VESTING_ROUNDS) + 1);
-        vm.roll(block.number + 1);
-        vm.prank(attacker);
-        distributor.collectVestedRewards(address(votesToken), tokenIds, tokens, attacker);
-
-        assertEq(rewardToken.balanceOf(attacker), 1000 ether, "attacker drained the real inventory");
-        assertEq(rewardToken.balanceOf(address(distributor)), 0, "honest claimants are left unfunded");
     }
 
     function test_721LateMintCanUseOwnersPastVotesAndDrainRound() public {
@@ -325,23 +314,26 @@ contract CodexNemesisAccountingPoCTest is Test {
         secondLateMint[0] = 3;
         distributor.beginVesting(address(hook), secondLateMint, tokens);
 
+        // H-24 FIX: With persistent consumed-votes tracking, the second beginVesting sees
+        // that all 100 votes are already consumed, so token 3 gets 0 reward.
         assertEq(distributor.claimedFor(address(hook), 2, tokens[0]), 1000 ether);
-        assertEq(distributor.claimedFor(address(hook), 3, tokens[0]), 1000 ether);
+        assertEq(distributor.claimedFor(address(hook), 3, tokens[0]), 0, "votes already consumed, no double-claim");
         assertEq(
             distributor.totalVestingAmountOf(address(hook), tokens[0]),
-            2000 ether,
-            "same 100 snapshot votes were consumed twice in separate calls"
+            1000 ether,
+            "total vesting capped at funded balance"
         );
-        assertGt(
+        assertLe(
             distributor.totalVestingAmountOf(address(hook), tokens[0]),
             distributor.balanceOf(address(hook), tokens[0]),
-            "vesting obligations exceed funded balance"
+            "vesting obligations do not exceed funded balance"
         );
 
+        // Collection should succeed without underflow.
         vm.warp(distributor.roundStartTimestamp(VESTING_ROUNDS) + 1);
         vm.roll(block.number + 1);
         vm.prank(attacker);
-        vm.expectRevert(stdError.arithmeticError);
         distributor.collectVestedRewards(address(hook), firstLateMint, tokens, attacker);
+        assertEq(rewardToken.balanceOf(attacker), 1000 ether, "attacker gets only their fair share");
     }
 }

package/test/audit/CodexNemesisPoC.t.sol

@@ -0,0 +1,191 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+
+import {Test} from "forge-std/Test.sol";
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import {ERC20Votes} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+
+import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
+import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
+import {IJBSplitHook} from "@bananapus/core-v6/src/interfaces/IJBSplitHook.sol";
+import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
+import {JBSplitHookContext} from "@bananapus/core-v6/src/structs/JBSplitHookContext.sol";
+import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
+import {JB721TierFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierFlags.sol";
+
+import {JB721Distributor} from "../../src/JB721Distributor.sol";
+import {JBDistributor} from "../../src/JBDistributor.sol";
+import {JBTokenDistributor} from "../../src/JBTokenDistributor.sol";
+
+import {H26MockDirectory, H26MockHook, H26MockRewardToken, H26MockStore} from "./H26VotingPowerCap.t.sol";
+
+contract CodexNemesisDirectory {
+    mapping(uint256 projectId => mapping(address terminal => bool)) public terminals;
+    mapping(uint256 projectId => address controller) public controllers;
+
+    function setTerminal(uint256 projectId, address terminal, bool isTerminal) external {
+        terminals[projectId][terminal] = isTerminal;
+    }
+
+    function setController(uint256 projectId, address controller) external {
+        controllers[projectId] = controller;
+    }
+
+    function isTerminalOf(uint256 projectId, IJBTerminal terminal) external view returns (bool) {
+        return terminals[projectId][address(terminal)];
+    }
+
+    function controllerOf(uint256 projectId) external view returns (IERC165) {
+        return IERC165(controllers[projectId]);
+    }
+}
+
+contract CodexNemesisRewardToken is ERC20 {
+    constructor() ERC20("Reward", "RWD") {}
+
+    function mint(address to, uint256 amount) external {
+        _mint(to, amount);
+    }
+}
+
+contract CodexNemesisVotesToken is ERC20, ERC20Votes {
+    constructor() ERC20("StakeToken", "STK") EIP712("StakeToken", "1") {}
+
+    function mint(address to, uint256 amount) external {
+        _mint(to, amount);
+    }
+
+    function _update(address from, address to, uint256 value) internal override(ERC20, ERC20Votes) {
+        super._update(from, to, value);
+    }
+}
+
+contract CodexNemesisPoCTest is Test {
+    uint256 constant ROUND_DURATION = 100;
+    uint256 constant VESTING_ROUNDS = 1;
+
+    function test_721OwnerVotingCapResetsAcrossBeginVestingCalls() public {
+        H26MockStore store = new H26MockStore();
+        H26MockHook hook = new H26MockHook(store);
+        H26MockDirectory directory = new H26MockDirectory();
+        JB721Distributor distributor =
+            new JB721Distributor(IJBDirectory(address(directory)), ROUND_DURATION, VESTING_ROUNDS);
+        H26MockRewardToken rewardToken = new H26MockRewardToken();
+
+        address alice = makeAddr("alice");
+
+        store.setMaxTierIdOf(1);
+        store.setTier(
+            1,
+            JB721Tier({
+                id: 1,
+                price: 1 ether,
+                remainingSupply: 7,
+                initialSupply: 10,
+                votingUnits: 50,
+                reserveFrequency: 0,
+                reserveBeneficiary: address(0),
+                encodedIPFSUri: bytes32(0),
+                category: 0,
+                discountPercent: 0,
+                flags: JB721TierFlags({
+                    allowOwnerMint: false,
+                    transfersPausable: false,
+                    cantBeRemoved: false,
+                    cantIncreaseDiscountPercent: false,
+                    cantBuyWithCredits: false
+                }),
+                splitPercent: 0,
+                resolvedUri: ""
+            })
+        );
+
+        store.setTokenTier(1, 1);
+        store.setTokenTier(2, 1);
+        store.setTokenTier(3, 1);
+        hook.setOwner(1, alice);
+        hook.setOwner(2, alice);
+        hook.setOwner(3, alice);
+        hook._checkpoints().setVotesOverride(alice, 100);
+
+        rewardToken.mint(address(this), 1500 ether);
+        rewardToken.approve(address(distributor), 1500 ether);
+        distributor.fund(address(hook), IERC20(address(rewardToken)), 1500 ether);
+
+        IERC20[] memory tokens = new IERC20[](1);
+        tokens[0] = IERC20(address(rewardToken));
+
+        uint256[] memory oneTokenId = new uint256[](1);
+        oneTokenId[0] = 1;
+        distributor.beginVesting(address(hook), oneTokenId, tokens);
+        oneTokenId[0] = 2;
+        distributor.beginVesting(address(hook), oneTokenId, tokens);
+        oneTokenId[0] = 3;
+        distributor.beginVesting(address(hook), oneTokenId, tokens);
+
+        uint256 claimed1 = distributor.claimedFor(address(hook), 1, IERC20(address(rewardToken)));
+        uint256 claimed2 = distributor.claimedFor(address(hook), 2, IERC20(address(rewardToken)));
+        uint256 claimed3 = distributor.claimedFor(address(hook), 3, IERC20(address(rewardToken)));
+
+        // H-24 FIX: With persistent consumed-votes tracking, the total claimed is now correctly
+        // capped at the owner's voting power (100 votes / 150 total stake * 1500 = 1000 ether).
+        assertEq(claimed1 + claimed2 + claimed3, 1000 ether);
+        assertLe(claimed1 + claimed2 + claimed3, 1000 ether);
+    }
+
+    function test_processSplitWithControllerPathCanCreditUnfundedBalanceAndDrainOtherHook() public {
+        CodexNemesisDirectory directory = new CodexNemesisDirectory();
+        JBTokenDistributor distributor =
+            new JBTokenDistributor(IJBDirectory(address(directory)), ROUND_DURATION, VESTING_ROUNDS);
+        CodexNemesisRewardToken rewardToken = new CodexNemesisRewardToken();
+        CodexNemesisVotesToken attackerVotes = new CodexNemesisVotesToken();
+
+        address attacker = makeAddr("attacker");
+        address maliciousController = makeAddr("maliciousController");
+        address victimHook = makeAddr("victimHook");
+        uint256 projectId = 1;
+
+        directory.setController(projectId, maliciousController);
+
+        rewardToken.mint(address(this), 1000 ether);
+        rewardToken.approve(address(distributor), 1000 ether);
+        distributor.fund(victimHook, IERC20(address(rewardToken)), 1000 ether);
+
+        attackerVotes.mint(attacker, 1000 ether);
+        vm.prank(attacker);
+        attackerVotes.delegate(attacker);
+        vm.roll(block.number + 1);
+
+        JBSplit memory split = JBSplit({
+            percent: 1_000_000_000,
+            projectId: 0,
+            beneficiary: payable(address(attackerVotes)),
+            preferAddToBalance: false,
+            lockedUntil: 0,
+            hook: IJBSplitHook(address(distributor))
+        });
+        JBSplitHookContext memory context = JBSplitHookContext({
+            token: address(rewardToken),
+            amount: 1000 ether,
+            decimals: 18,
+            projectId: projectId,
+            groupId: uint256(uint160(address(rewardToken))),
+            split: split
+        });
+
+        // C-6 FIX: The malicious controller did not actually transfer tokens, so the
+        // balance-delta check should revert with UnfundedSplitCredit.
+        vm.prank(maliciousController);
+        vm.expectRevert(JBDistributor.JBDistributor_UnfundedSplitCredit.selector);
+        distributor.processSplitWith(context);
+
+        // The victim hook's balance should remain intact.
+        assertEq(distributor.balanceOf(victimHook, IERC20(address(rewardToken))), 1000 ether);
+        // No balance should be credited to the attacker's hook.
+        assertEq(distributor.balanceOf(address(attackerVotes), IERC20(address(rewardToken))), 0);
+    }
+}

package/test/audit/Pass12Fixes.t.sol

@@ -0,0 +1,344 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+
+import {Test} from "forge-std/Test.sol";
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import {ERC20Votes} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
+import {JB721TierFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierFlags.sol";
+
+import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
+import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
+import {IJBSplitHook} from "@bananapus/core-v6/src/interfaces/IJBSplitHook.sol";
+import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
+import {JBSplitHookContext} from "@bananapus/core-v6/src/structs/JBSplitHookContext.sol";
+import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
+
+import {JBTokenDistributor} from "../../src/JBTokenDistributor.sol";
+import {JB721Distributor} from "../../src/JB721Distributor.sol";
+import {JBDistributor} from "../../src/JBDistributor.sol";
+
+import {
+    H26MockDirectory,
+    H26MockHook,
+    H26MockRewardToken,
+    H26MockStore,
+    H26MockCheckpoints
+} from "./H26VotingPowerCap.t.sol";
+
+// =========================================================================
+// Mock contracts for JBTokenDistributor tests (C-6, L-17)
+// =========================================================================
+
+/// @notice Mock JB directory for Pass12 tests.
+contract P12MockDirectory {
+    mapping(uint256 projectId => mapping(address terminal => bool)) public terminals;
+    mapping(uint256 projectId => address controller) public controllers;
+
+    function setTerminal(uint256 projectId, address terminal, bool isTerminal) external {
+        terminals[projectId][terminal] = isTerminal;
+    }
+
+    function setController(uint256 projectId, address controller) external {
+        controllers[projectId] = controller;
+    }
+
+    function isTerminalOf(uint256 projectId, IJBTerminal terminal) external view returns (bool) {
+        return terminals[projectId][address(terminal)];
+    }
+
+    function controllerOf(uint256 projectId) external view returns (IERC165) {
+        return IERC165(controllers[projectId]);
+    }
+}
+
+/// @notice Simple ERC20 reward token for Pass12 tests.
+contract P12MockRewardToken is ERC20 {
+    constructor() ERC20("Reward", "RWD") {}
+
+    function mint(address to, uint256 amount) external {
+        _mint(to, amount);
+    }
+}
+
+/// @notice ERC20Votes token for staking in Pass12 tests.
+contract P12MockVotesToken is ERC20, ERC20Votes {
+    constructor() ERC20("StakeToken", "STK") EIP712("StakeToken", "1") {}
+
+    function mint(address to, uint256 amount) external {
+        _mint(to, amount);
+    }
+
+    function _update(address from, address to, uint256 value) internal override(ERC20, ERC20Votes) {
+        super._update(from, to, value);
+    }
+}
+
+// =========================================================================
+// Test contract
+// =========================================================================
+
+/// @notice Tests for Pass 12 audit fixes: C-6, H-24, and L-17.
+contract Pass12FixesTest is Test {
+    // --- Token Distributor setup (C-6, L-17) ---
+    P12MockDirectory tokenDirectory;
+    P12MockRewardToken rewardToken;
+    P12MockVotesToken votesToken;
+    JBTokenDistributor tokenDistributor;
+
+    // --- 721 Distributor setup (H-24) ---
+    H26MockStore store;
+    H26MockHook hook;
+    H26MockDirectory nftDirectory;
+    H26MockRewardToken nftRewardToken;
+    JB721Distributor nftDistributor;
+
+    address alice = makeAddr("alice");
+    address bob = makeAddr("bob");
+    address controller = makeAddr("controller");
+    address terminal = makeAddr("terminal");
+    uint256 projectId = 1;
+
+    uint256 constant ROUND_DURATION = 100;
+    uint256 constant VESTING_ROUNDS = 4;
+
+    function setUp() public {
+        // --- Token Distributor ---
+        tokenDirectory = new P12MockDirectory();
+        rewardToken = new P12MockRewardToken();
+        votesToken = new P12MockVotesToken();
+
+        tokenDirectory.setTerminal(projectId, terminal, true);
+        tokenDirectory.setController(projectId, controller);
+
+        tokenDistributor = new JBTokenDistributor(IJBDirectory(address(tokenDirectory)), ROUND_DURATION, VESTING_ROUNDS);
+
+        votesToken.mint(alice, 1000 ether);
+        vm.prank(alice);
+        votesToken.delegate(alice);
+
+        // --- 721 Distributor ---
+        store = new H26MockStore();
+        hook = new H26MockHook(store);
+        nftDirectory = new H26MockDirectory();
+
+        nftDistributor = new JB721Distributor(IJBDirectory(address(nftDirectory)), ROUND_DURATION, VESTING_ROUNDS);
+
+        nftDirectory.setTerminal(projectId, address(this), true);
+
+        nftRewardToken = new H26MockRewardToken();
+
+        JB721TierFlags memory flags;
+
+        // Tier 1: votingUnits = 50 each, 3 minted out of 10.
+        store.setMaxTierIdOf(1);
+        store.setTier(
+            1,
+            JB721Tier({
+                id: 1,
+                price: 1 ether,
+                remainingSupply: 7,
+                initialSupply: 10,
+                votingUnits: 50,
+                reserveFrequency: 0,
+                reserveBeneficiary: address(0),
+                encodedIPFSUri: bytes32(0),
+                category: 0,
+                discountPercent: 0,
+                flags: flags,
+                splitPercent: 0,
+                resolvedUri: ""
+            })
+        );
+
+        // Alice owns 3 NFTs: tokens 1, 2, 3 — all tier 1 (50 voting units each).
+        store.setTokenTier(1, 1);
+        store.setTokenTier(2, 1);
+        store.setTokenTier(3, 1);
+        hook.setOwner(1, alice);
+        hook.setOwner(2, alice);
+        hook.setOwner(3, alice);
+    }
+
+    // =====================================================================
+    // Helpers
+    // =====================================================================
+
+    function _advanceToRound(uint256 round, JBDistributor dist) internal {
+        uint256 targetTimestamp = dist.roundStartTimestamp(round) + 1;
+        if (block.timestamp < targetTimestamp) {
+            vm.warp(targetTimestamp);
+        }
+        vm.roll(block.number + 1);
+    }
+
+    function _buildTokenContext(address token, uint256 amount) internal view returns (JBSplitHookContext memory) {
+        JBSplit memory split = JBSplit({
+            percent: 1_000_000_000,
+            projectId: 0,
+            beneficiary: payable(address(votesToken)),
+            preferAddToBalance: false,
+            lockedUntil: 0,
+            hook: IJBSplitHook(address(tokenDistributor))
+        });
+
+        return JBSplitHookContext({
+            token: token, amount: amount, decimals: 18, projectId: projectId, groupId: 0, split: split
+        });
+    }
+
+    // =====================================================================
+    // C-6: Unbacked split credits
+    // =====================================================================
+
+    /// @notice A controller calls processSplitWith without transferring tokens first.
+    ///         Should revert with JBDistributor_UnfundedSplitCredit.
+    function test_C6_fix_reverts_unfunded_credit() public {
+        uint256 amount = 500 ether;
+        JBSplitHookContext memory context = _buildTokenContext(address(rewardToken), amount);
+
+        // Controller calls processSplitWith WITHOUT transferring any tokens to the distributor.
+        // The controller has no allowance either, so it falls into the "else" (controller-prepaid) branch.
+        vm.prank(controller);
+        vm.expectRevert(JBDistributor.JBDistributor_UnfundedSplitCredit.selector);
+        tokenDistributor.processSplitWith(context);
+
+        // Verify no balance was credited.
+        assertEq(
+            tokenDistributor.balanceOf(address(votesToken), IERC20(address(rewardToken))),
+            0,
+            "No balance should be credited without actual token transfer"
+        );
+    }
+
+    /// @notice A controller that actually transfers tokens before calling processSplitWith
+    ///         should still work correctly.
+    function test_C6_legitimate_prepaid_still_works() public {
+        uint256 amount = 500 ether;
+        JBSplitHookContext memory context = _buildTokenContext(address(rewardToken), amount);
+
+        // Controller transfers tokens to the distributor first.
+        rewardToken.mint(controller, amount);
+        vm.prank(controller);
+        rewardToken.transfer(address(tokenDistributor), amount);
+
+        // Now the controller calls processSplitWith — should succeed because the unaccounted
+        // balance covers the declared amount.
+        vm.prank(controller);
+        tokenDistributor.processSplitWith(context);
+
+        // Verify balance was credited.
+        assertEq(
+            tokenDistributor.balanceOf(address(votesToken), IERC20(address(rewardToken))),
+            amount,
+            "Balance should be credited when tokens were actually transferred"
+        );
+
+        // Verify the tokens are held by the distributor.
+        assertEq(rewardToken.balanceOf(address(tokenDistributor)), amount, "Tokens should be in the distributor");
+    }
+
+    // =====================================================================
+    // H-24: Voting cap reset across calls
+    // =====================================================================
+
+    /// @notice Calling beginVesting multiple times in the same round for the same owner's
+    ///         different tokens should not reset the voting power cap.
+    function test_H24_fix_caps_across_calls() public {
+        // Alice has 3 NFTs x 50 voting units = 150 total.
+        // Her pastVotes is only 100 — so she should be capped at 100 total.
+        hook._checkpoints().setVotesOverride(alice, 100);
+
+        // Fund with 1500 ether. Total stake = 150 (3 minted * 50 voting units).
+        nftRewardToken.mint(address(this), 1500 ether);
+        nftRewardToken.approve(address(nftDistributor), 1500 ether);
+        nftDistributor.fund(address(hook), IERC20(address(nftRewardToken)), 1500 ether);
+
+        IERC20[] memory tokens = new IERC20[](1);
+        tokens[0] = IERC20(address(nftRewardToken));
+
+        // Call beginVesting THREE TIMES, each with a single token ID.
+        // Without the H-24 fix, each call resets the consumed voting power to 0,
+        // allowing Alice to claim 50 voting units per call = 150 total (bypassing the 100 cap).
+        // With the fix, consumed votes persist in storage across calls.
+        uint256[] memory singleId = new uint256[](1);
+
+        singleId[0] = 1;
+        nftDistributor.beginVesting(address(hook), singleId, tokens);
+
+        singleId[0] = 2;
+        nftDistributor.beginVesting(address(hook), singleId, tokens);
+
+        singleId[0] = 3;
+        nftDistributor.beginVesting(address(hook), singleId, tokens);
+
+        // Check claimed amounts.
+        uint256 claimed1 = nftDistributor.claimedFor(address(hook), 1, IERC20(address(nftRewardToken)));
+        uint256 claimed2 = nftDistributor.claimedFor(address(hook), 2, IERC20(address(nftRewardToken)));
+        uint256 claimed3 = nftDistributor.claimedFor(address(hook), 3, IERC20(address(nftRewardToken)));
+
+        uint256 totalClaimed = claimed1 + claimed2 + claimed3;
+
+        // With cap enforced: Alice has 100 pastVotes out of 150 total stake.
+        // NFT 1: effective stake = min(50, 100 remaining) = 50, reward = 1500 * 50/150 = 500
+        // NFT 2: effective stake = min(50, 50 remaining) = 50, reward = 1500 * 50/150 = 500
+        // NFT 3: effective stake = min(50, 0 remaining) = 0, reward = 0
+        // Total = 1000 ether (not 1500).
+        assertEq(claimed1, 500 ether, "NFT 1 should get full 50-unit share");
+        assertEq(claimed2, 500 ether, "NFT 2 should get full 50-unit share");
+        assertEq(claimed3, 0, "NFT 3 should get 0 (voting power exhausted across calls)");
+        assertEq(totalClaimed, 1000 ether, "Total should be capped at 100/150 of distributable");
+    }
+
+    // =====================================================================
+    // L-17: fund() ETH trap
+    // =====================================================================
+
+    /// @notice Sending ETH with an ERC-20 token in fund() should revert.
+    function test_L17_fix_reverts_unexpected_eth() public {
+        uint256 erc20Amount = 100 ether;
+        rewardToken.mint(address(this), erc20Amount);
+        rewardToken.approve(address(tokenDistributor), erc20Amount);
+
+        // Call fund() with an ERC-20 token but also send msg.value.
+        // This should revert with JBDistributor_UnexpectedNativeValue.
+        vm.expectRevert(JBDistributor.JBDistributor_UnexpectedNativeValue.selector);
+        tokenDistributor.fund{value: 1 ether}(address(votesToken), IERC20(address(rewardToken)), erc20Amount);
+    }
+
+    /// @notice fund() with native token and msg.value should still work normally.
+    function test_L17_fund_native_token_still_works() public {
+        vm.deal(address(this), 5 ether);
+
+        tokenDistributor.fund{value: 5 ether}(
+            address(votesToken),
+            IERC20(JBConstants.NATIVE_TOKEN),
+            0 // amount param is ignored for native token
+        );
+
+        assertEq(
+            tokenDistributor.balanceOf(address(votesToken), IERC20(JBConstants.NATIVE_TOKEN)),
+            5 ether,
+            "Native ETH fund should work normally"
+        );
+    }
+
+    /// @notice fund() with ERC-20 and no ETH should still work normally.
+    function test_L17_fund_erc20_no_eth_still_works() public {
+        uint256 amount = 200 ether;
+        rewardToken.mint(address(this), amount);
+        rewardToken.approve(address(tokenDistributor), amount);
+
+        tokenDistributor.fund(address(votesToken), IERC20(address(rewardToken)), amount);
+
+        assertEq(
+            tokenDistributor.balanceOf(address(votesToken), IERC20(address(rewardToken))),
+            amount,
+            "ERC-20 fund without ETH should work normally"
+        );
+    }
+}