@bananapus/omnichain-deployers-v6 0.0.31 → 0.0.34

package/CHANGELOG.md

@@ -1,6 +1,6 @@
 # Changelog
 
-## v6 post-audit (M-11 fix)
+## v6 carry-forward hook fix
 
 - **Carry-forward hook selection improved.** `queueRulesetsOf` now checks `latestQueuedOf(projectId)` before falling back to `currentOf(projectId)` when carrying forward a 721 hook. Previously it only read `currentOf`, which could miss a recently queued (and approved) ruleset's hook config. The source ruleset must have approval status `Approved` or `Empty` and a stored hook config in the deployer.
 - The `useDataHookForCashOut` flag is preserved from whichever source ruleset is selected during carry-forward.

package/README.md

@@ -69,8 +69,8 @@ npm install @bananapus/omnichain-deployers-v6
 
 ```bash
 npm install
-forge build
-forge test
+forge build --deny notes
+forge test --deny notes --fail-fast --summary --detailed --skip "*/script/**"
 ```
 
 Useful scripts:

package/foundry.toml

@@ -15,7 +15,8 @@ depth = 100
 fail_on_revert = false
 
 [lint]
-exclude_lints = ["pascal-case-struct", "mixed-case-variable"]
+exclude_lints = ["mixed-case-variable", "pascal-case-struct"]
+
 [fmt]
 number_underscore = "thousands"
 multiline_func_header = "all"

package/package.json

@@ -1,11 +1,20 @@
 {
   "name": "@bananapus/omnichain-deployers-v6",
-  "version": "0.0.31",
+  "version": "0.0.34",
   "license": "MIT",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/Bananapus/nana-omnichain-deployers-v6"
   },
+  "files": [
+    "CHANGELOG.md",
+    "foundry.toml",
+    "references/",
+    "remappings.txt",
+    "script/Deploy.s.sol",
+    "script/helpers/",
+    "src/"
+  ],
   "engines": {
     "node": ">=20.0.0"
   },
@@ -17,17 +26,17 @@
     "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'nana-omnichain-deployers-v6'"
   },
   "dependencies": {
-    "@bananapus/721-hook-v6": "^0.0.41",
-    "@bananapus/buyback-hook-v6": "^0.0.30",
-    "@bananapus/core-v6": "^0.0.36",
-    "@bananapus/ownable-v6": "^0.0.20",
-    "@bananapus/permission-ids-v6": "^0.0.19",
-    "@bananapus/suckers-v6": "^0.0.28",
-    "@openzeppelin/contracts": "^5.6.1",
-    "@uniswap/v4-core": "^1.0.2"
+    "@bananapus/721-hook-v6": "0.0.43",
+    "@bananapus/core-v6": "0.0.39",
+    "@bananapus/ownable-v6": "0.0.24",
+    "@bananapus/permission-ids-v6": "0.0.22",
+    "@bananapus/suckers-v6": "0.0.32",
+    "@openzeppelin/contracts": "5.6.1"
   },
   "devDependencies": {
-    "@bananapus/address-registry-v6": "^0.0.20",
-    "@sphinx-labs/plugins": "^0.33.2"
+    "@bananapus/address-registry-v6": "0.0.25",
+    "@bananapus/buyback-hook-v6": "0.0.37",
+    "@sphinx-labs/plugins": "0.33.3",
+    "@uniswap/v4-core": "1.0.2"
   }
 }

package/src/JBOmnichainDeployer.sol

@@ -252,6 +252,7 @@ contract JBOmnichainDeployer is
     /// @notice Launches new rulesets for a project with a 721 tiers hook attached, using this contract as the data
     /// hook.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param deploy721Config The 721 hook deployment config (hook config + cash-out flag + salt).
     /// @param rulesetConfigurations The rulesets to launch. Custom data hooks are read from each ruleset's metadata.
     /// @param terminalConfigurations The terminals to set up for the project.
@@ -261,6 +262,7 @@ contract JBOmnichainDeployer is
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -273,6 +275,7 @@ contract JBOmnichainDeployer is
     {
         return _launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             deploy721Config: deploy721Config,
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
@@ -284,6 +287,7 @@ contract JBOmnichainDeployer is
     /// @notice Launches new rulesets for a project with a default (empty-tier) 721 hook.
     /// @dev Uses `baseCurrency` from the first ruleset and `decimals = 18` for the default 721 config.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param rulesetConfigurations The rulesets to launch.
     /// @param terminalConfigurations The terminals to set up for the project.
     /// @param memo A memo to pass along to the emitted event.
@@ -292,6 +296,7 @@ contract JBOmnichainDeployer is
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
         string calldata memo,
@@ -303,6 +308,7 @@ contract JBOmnichainDeployer is
     {
         return _launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             deploy721Config: _default721Config(rulesetConfigurations),
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
@@ -720,11 +726,12 @@ contract JBOmnichainDeployer is
         internal
         returns (uint256 projectId, IJB721TiersHook hook, address[] memory suckers)
     {
-        // Get the next project ID.
-        projectId = PROJECTS.count() + 1;
+        // Reserve the project ID up front so permissionless project creations cannot invalidate hook deployment.
+        projectId = PROJECTS.createFor(address(this));
 
         // Deploy a 721 hook and set up rulesets.
         hook = _deploy721Hook({projectId: projectId, config: deploy721Config});
+        // slither-disable-next-line reentrancy-benign
         rulesetConfigurations = _setup721({
             projectId: projectId,
             rulesetConfigurations: rulesetConfigurations,
@@ -732,18 +739,16 @@ contract JBOmnichainDeployer is
             use721ForCashOut: deploy721Config.useDataHookForCashOut
         });
 
-        // Launch the project, and sanity check the project ID.
-        // slither-disable-next-line reentrancy-benign
-        if (
-            projectId
-                != controller.launchProjectFor({
-                    owner: address(this),
-                    projectUri: projectUri,
-                    rulesetConfigurations: rulesetConfigurations,
-                    terminalConfigurations: terminalConfigurations,
-                    memo: memo
-                })
-        ) revert JBOmnichainDeployer_ProjectIdMismatch();
+        // Launch the rulesets for the reserved project.
+        // slither-disable-start unused-return
+        controller.launchRulesetsFor({
+            projectId: projectId,
+            projectUri: projectUri,
+            rulesetConfigurations: rulesetConfigurations,
+            terminalConfigurations: terminalConfigurations,
+            memo: memo
+        });
+        // slither-disable-end unused-return
 
         // Transfer the hook's ownership to the project (now that the project NFT has been minted).
         JBOwnable(address(hook)).transferOwnershipToProject(projectId);
@@ -766,6 +771,7 @@ contract JBOmnichainDeployer is
     /// @notice Internal implementation of `launchRulesetsFor`.
     function _launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -775,15 +781,19 @@ contract JBOmnichainDeployer is
         internal
         returns (uint256 rulesetId, IJB721TiersHook hook)
     {
+        address owner = PROJECTS.ownerOf(projectId);
+
         // Enforce permissions. Use LAUNCH_RULESETS (not QUEUE_RULESETS) because this function calls
         // controller.launchRulesetsFor, which sets terminals and requires the broader launch permission.
-        _requirePermissionFrom({
-            account: PROJECTS.ownerOf(projectId), projectId: projectId, permissionId: JBPermissionIds.LAUNCH_RULESETS
-        });
+        _requirePermissionFrom({account: owner, projectId: projectId, permissionId: JBPermissionIds.LAUNCH_RULESETS});
 
-        _requirePermissionFrom({
-            account: PROJECTS.ownerOf(projectId), projectId: projectId, permissionId: JBPermissionIds.SET_TERMINALS
-        });
+        _requirePermissionFrom({account: owner, projectId: projectId, permissionId: JBPermissionIds.SET_TERMINALS});
+
+        if (bytes(projectUri).length != 0) {
+            _requirePermissionFrom({
+                account: owner, projectId: projectId, permissionId: JBPermissionIds.SET_PROJECT_URI
+            });
+        }
 
         // Validate that the controller matches the project's controller in the directory.
         _validateController({projectId: projectId, controller: controller});
@@ -802,6 +812,7 @@ contract JBOmnichainDeployer is
         // Configure the rulesets.
         rulesetId = controller.launchRulesetsFor({
             projectId: projectId,
+            projectUri: projectUri,
             rulesetConfigurations: rulesetConfigurations,
             terminalConfigurations: terminalConfigurations,
             memo: memo
@@ -830,6 +841,7 @@ contract JBOmnichainDeployer is
         // Revert if the project already had rulesets queued in this block, which would make our
         // `block.timestamp + i` ruleset ID prediction incorrect.
         uint256 latestRulesetId = controller.RULESETS().latestRulesetIdOf(projectId);
+        // forge-lint: disable-next-line(block-timestamp)
         if (latestRulesetId >= block.timestamp) {
             revert JBOmnichainDeployer_RulesetIdsUnpredictable();
         }
@@ -910,11 +922,13 @@ contract JBOmnichainDeployer is
 
             // Store the 721 hook config per-ruleset.
             // slither-disable-next-line reentrancy-benign
+            // forge-lint: disable-next-line(block-timestamp)
             _tiered721HookOf[projectId][block.timestamp + i] =
                 JBTiered721HookConfig({hook: hook721, useDataHookForCashOut: use721ForCashOut});
 
             // Store custom hook from metadata (same as _setup).
             if (rulesetConfigurations[i].metadata.dataHook != address(0)) {
+                // forge-lint: disable-next-line(block-timestamp)
                 _extraDataHookOf[projectId][block.timestamp + i] = JBDeployerHookConfig({
                     dataHook: IJBRulesetDataHook(rulesetConfigurations[i].metadata.dataHook),
                     useDataHookForPay: rulesetConfigurations[i].metadata.useDataHookForPay,

package/src/interfaces/IJBOmnichainDeployer.sol

@@ -100,6 +100,7 @@ interface IJBOmnichainDeployer {
 
     /// @notice Launches new rulesets for a project with a 721 tiers hook attached.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param deploy721Config The 721 hook deployment config (hook config + cash-out flag + salt).
     /// @param rulesetConfigurations The rulesets to launch. Custom data hooks are read from each ruleset's metadata.
     /// @param terminalConfigurations The terminals to set up for the project.
@@ -109,6 +110,7 @@ interface IJBOmnichainDeployer {
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBOmnichain721Config memory deploy721Config,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
@@ -120,6 +122,7 @@ interface IJBOmnichainDeployer {
 
     /// @notice Launches new rulesets for a project with a default (empty-tier) 721 hook.
     /// @param projectId The ID of the project to launch the rulesets for.
+    /// @param projectUri The project's metadata URI. Pass an empty string to leave it unchanged.
     /// @param rulesetConfigurations The rulesets to launch.
     /// @param terminalConfigurations The terminals to set up for the project.
     /// @param memo A memo to pass along to the emitted event.
@@ -128,6 +131,7 @@ interface IJBOmnichainDeployer {
     /// @return hook The 721 tiers hook that was deployed for the project.
     function launchRulesetsFor(
         uint256 projectId,
+        string calldata projectUri,
         JBRulesetConfig[] memory rulesetConfigurations,
         JBTerminalConfig[] calldata terminalConfigurations,
         string calldata memo,

package/ADMINISTRATION.md

@@ -1,29 +0,0 @@
-# Administration
-
-## At A Glance
-
-| Item | Details |
-| --- | --- |
-| Scope | Omnichain launch orchestration and wrapper behavior |
-| Control posture | Mixed deployer logic, project permissions, and registry trust |
-| Highest-risk actions | Wrong hook composition, wrong sucker wiring, and bad registry trust |
-| Recovery posture | Often requires redeploying or re-launching around bad wiring |
-
-## Purpose
-
-This repo controls how omnichain projects are launched and wrapped, not the low-level runtime logic of suckers or 721 hooks.
-
-## Control Model
-
-- launch paths are largely permissionless for new projects
-- later ruleset changes depend on project permissions
-- registry and sucker trust surfaces can widen authority if misconfigured
-
-## Recovery
-
-- bad launch wiring usually means a new deployment path rather than a local patch
-
-## Admin Boundaries
-
-- this repo does not override locked runtime behavior in sibling repos
-

package/ARCHITECTURE.md

@@ -1,31 +0,0 @@
-# Architecture
-
-## Purpose
-
-`nana-omnichain-deployers-v6` packages a Juicebox project, a 721 hook, and sucker deployment into one omnichain launch surface.
-
-## System Overview
-
-`JBOmnichainDeployer` launches the project, stores per-ruleset hook composition, and wraps sucker behavior so bridge-triggered flows can bypass project-specific logic where intended.
-
-## Core Invariants
-
-- launch wiring must match the intended omnichain project shape
-- hook composition must stay consistent with the created ruleset IDs
-- sucker-specific privileged paths must remain limited to trusted suckers
-- project NFT ownership and hook ownership must end in the intended place
-
-## Trust Boundaries
-
-- bridge runtime trust lives in `nana-suckers-v6`
-- 721 runtime trust lives in `nana-721-hook-v6`
-- this repo mainly owns orchestration and wrapper semantics
-
-## Security Model
-
-- the main risks are hook composition, ruleset ID prediction, and registry-trusted sucker bypasses
-- this repo is not the source of underlying bridge or 721 behavior, but it can wire them together incorrectly
-
-## Source Map
-
-- `src/JBOmnichainDeployer.sol`

package/AUDIT_INSTRUCTIONS.md

@@ -1,29 +0,0 @@
-# Audit Instructions
-
-Audit this repo as an orchestration layer that composes 721 hooks, suckers, and optional extra data hooks.
-
-## Audit Objective
-
-Find issues that:
-
-- launch the wrong project shape
-- miscompose hooks or wrapper behavior
-- grant privileged sucker behavior to the wrong addresses
-- create cross-chain drift or bad deterministic assumptions
-
-## Scope
-
-In scope:
-
-- `src/JBOmnichainDeployer.sol`
-- related tests under `test/`
-
-## Start Here
-
-1. `src/JBOmnichainDeployer.sol`
-
-## Verification
-
-- `npm install`
-- `forge build`
-- `forge test`

package/RISKS.md

@@ -1,97 +0,0 @@
-# Omnichain Deployers Risk Register
-
-This file covers the risks in the deployer layer that launches Juicebox projects across chains while composing 721 hooks, suckers, and optional custom data hooks.
-
-## How To Use This File
-
-- Read `Priority risks` first. They capture the highest-blast-radius deployment and cash-out assumptions.
-- Treat `Invariants to verify` as required checks for any new omnichain deployment flow.
-
-## Priority Risks
-
-| Priority | Risk | Why it matters | Primary controls |
-|----------|------|----------------|------------------|
-| P0 | Registry-trusted sucker bypass | This deployer gives suckers privileged cash-out behavior based on registry answers. A bad registry entry can affect many projects. | Registry allowlists, deployment verification, and explicit registry scrutiny. |
-| P1 | Cross-chain deployment drift | Omnichain assumptions fail if chain-specific wiring, peers, or composed hooks do not match. | Deterministic deploy ordering, parity checks, and post-deploy peer verification. |
-| P1 | Data-hook composition mistakes | The deployer wraps or forwards custom data hooks. A bad composition can alter pay or cash-out semantics unexpectedly. | Integration tests and careful forwarding review. |
-
-## 1. Trust Assumptions
-
-- **Trusted forwarder is trusted.**
-- **Sucker registry answers are trusted.**
-- **Controller trust matters.**
-- **Extra data hooks are trusted code.**
-
-## 2. Economic Risks
-
-- **Sucker cashout bypass exists for registered suckers.**
-- **Extra data hooks can manipulate weight or cash-out behavior.**
-- **721 hook amount splitting can zero out project amount in edge cases.**
-- **Cross-chain sender dependence affects deterministic sucker salts.**
-
-## 3. Access Control
-
-- **Wildcard `MAP_SUCKER_TOKEN` permission is broad.**
-- **`launchRulesetsFor` requires combined permissions.**
-- **`launchProjectFor` is intentionally permissionless for new projects.**
-
-## 4. DoS Vectors
-
-- **Ruleset ID collision can block queueing.**
-- **External hook reverts can block pay or cash-out flows.**
-- **721 hook deployment revert blocks launch.**
-- **Non-safe NFT transfers can still strand assets.**
-
-## 5. Reentrancy Surface
-
-- **`launchProjectFor` makes several external calls in sequence.**
-- **`beforePayRecordedWith` delegates to external hooks.**
-- **`beforeCashOutRecordedWith` delegates to external hooks.**
-- **There is no `ReentrancyGuard`.** The deployer relies on being effectively stateless during pay and cash-out operations.
-
-## 6. Integration Risks
-
-- **Hook config is keyed by predicted ruleset ID.**
-- **Carried-forward 721 hook behavior on queue depends on prior ruleset state.**
-- **ERC721Receiver restrictions are narrow but non-safe transfers can still strand assets.**
-- **Empty simplified launch config reverts.**
-
-## 7. Invariants To Verify
-
-- launched projects point at the intended controller
-- stored 721 hook config exists for every ruleset created through this deployer
-- sucker cashouts always get the intended zero-tax path
-- self-reference prevention holds after setup
-- the project NFT ends owned by the intended owner
-
-## 8. Accepted Behaviors
-
-### 8.1 Controller validation is skipped during initial launch
-
-Pre-launch controller validation is impossible because the project does not yet exist. The accepted safeguard is the post-launch project ID match check.
-
-### 8.2 Registered suckers receive 0% cashout tax
-
-This is intentional and shares the same trust boundary as the sucker registry.
-
-## 9. Accepted Security Risks
-
-Documented risks that were reviewed and accepted.
-
-### Configuration Risks
-
-**Unvalidated extra data hooks can brick live flows.** *(Minor)*
-Extra data hooks provided by the project owner in `_setup721` configuration can fail and brick live pay/cashout flows. Accepted because this is self-inflicted misconfiguration — only the project owner can set these hooks.
-
-**Missing hook721 alias check enables double invocation.** *(Minor)*
-If the project owner configures the 721 hook as both the primary hook and as an extra data hook, it could be invoked twice. Accepted because this is self-inflicted misconfiguration — the deployer correctly processes each hook independently.
-
-### Hook Selection
-
-**ApprovalExpected rulesets excluded from hook carry-forward.**
-When no new tiers are provided, the deployer carries forward the 721 hook from the most recent approved ruleset. Rulesets with `ApprovalExpected` status are intentionally excluded even though they may become active. Hook selection is irreversible — if the pending ruleset is later rejected by the approval hook, we'd have locked in a hook from a ruleset that never became active. The deployer falls back to the current (already-approved) ruleset in this case.
-
-### Cross-Chain Deployment
-
-**`_msgSender()` in deployment salt breaks cross-chain determinism.** *(Minor)*
-`deploySuckersFor` includes `_msgSender()` in the CREATE2 salt, which means the same deployment from different callers produces different addresses across chains. Accepted because this is intentional replay protection — prevents frontrunning of cross-chain deployments.

package/SKILLS.md

@@ -1,25 +0,0 @@
-# Juicebox Omnichain Deployers
-
-## Use This File For
-
-- Use this file when the task involves omnichain project launch, sucker deployment, or wrapped 721-hook composition.
-- Start here, then decide whether the issue is in launch orchestration, hook composition, or bridge-specific runtime behavior.
-
-## Read This Next
-
-| If you need... | Open this next |
-|---|---|
-| Repo overview and architecture | [`README.md`](./README.md), [`ARCHITECTURE.md`](./ARCHITECTURE.md) |
-| Main deployer | [`src/JBOmnichainDeployer.sol`](./src/JBOmnichainDeployer.sol) |
-| Bridge runtime | [`../nana-suckers-v6/src/JBSucker.sol`](../nana-suckers-v6/src/JBSucker.sol) |
-| 721 hook runtime | [`../nana-721-hook-v6/src/JB721TiersHook.sol`](../nana-721-hook-v6/src/JB721TiersHook.sol) |
-
-## Purpose
-
-Orchestration and wrapper layer for launching projects with suckers and a 721 hook already wired in.
-
-## Working Rules
-
-- Start in [`src/JBOmnichainDeployer.sol`](./src/JBOmnichainDeployer.sol).
-- Treat ruleset ID prediction as a real implementation dependency.
-- Keep wrapper behavior and the underlying 721 or sucker behavior separate in your reasoning.