npm - @bananapus/ownable-v6 - Versions diffs - 0.0.22 → 0.0.24 - Mend

@bananapus/ownable-v6 0.0.22 → 0.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/foundry.toml +1 -1
package/package.json +13 -4
package/src/JBOwnable.sol +5 -10
package/src/JBOwnableOverrides.sol +29 -23
package/src/interfaces/IJBOwnable.sol +7 -5
package/src/structs/JBOwner.sol +6 -6
package/ADMINISTRATION.md +0 -79
package/ARCHITECTURE.md +0 -92
package/AUDIT_INSTRUCTIONS.md +0 -69
package/RISKS.md +0 -51
package/SKILLS.md +0 -41
package/STYLE_GUIDE.md +0 -610
package/USER_JOURNEYS.md +0 -117
package/slither-ci.config.json +0 -10
package/test/CodexUnmintedProjectHijack.t.sol +0 -45
package/test/Ownable.t.sol +0 -383
package/test/OwnableAttacks.t.sol +0 -190
package/test/OwnableEdgeCases.t.sol +0 -437
package/test/OwnableInvariantTests.sol +0 -48
package/test/audit/PermissionDriftAfterProjectTransfer.t.sol +0 -58
package/test/audit/PermissionIdNFTTransfer.t.sol +0 -93
package/test/audit/ProjectTransferPermissionPolicy.t.sol +0 -58
package/test/handlers/OwnableHandler.sol +0 -75
package/test/regression/BurnLockProtection.t.sol +0 -112
package/test/regression/RootPermissionBypassesPermissionIdZero.t.sol +0 -87
package/test/regression/ZeroAddressValidation.t.sol +0 -67

package/test/OwnableAttacks.t.sol DELETED Viewed

@@ -1,190 +0,0 @@
-// SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.28;
-import {Test} from "forge-std/Test.sol";
-import {MockOwnable} from "./mocks/MockOwnable.sol";
-import {JBOwnableOverrides} from "../src/JBOwnableOverrides.sol";
-import {JBPermissions} from "@bananapus/core-v6/src/JBPermissions.sol";
-import {JBPermissioned} from "@bananapus/core-v6/src/abstract/JBPermissioned.sol";
-import {JBProjects} from "@bananapus/core-v6/src/JBProjects.sol";
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
-import {JBPermissionsData} from "@bananapus/core-v6/src/structs/JBPermissionsData.sol";
-/// @title OwnableAttacks
-/// @notice Adversarial security tests for JBOwnable covering edge cases
-///         around dual ownership, permission semantics, and renounced contracts.
-contract OwnableAttacks is Test {
-    IJBProjects projects;
-    IJBPermissions permissions;
-    address alice = makeAddr("alice");
-    address bob = makeAddr("bob");
-    address attacker = makeAddr("attacker");
-    modifier isNotContract(address a) {
-        uint256 size;
-        assembly {
-            size := extcodesize(a)
-        }
-        vm.assume(size == 0);
-        _;
-    }
-    function setUp() public {
-        permissions = new JBPermissions(address(0));
-        projects = new JBProjects(address(123), address(0), address(0));
-    }
-    // =========================================================================
-    // Test 1: Constructor rejects both owner AND projectId set
-    // =========================================================================
-    function test_bothOwnerAndProjectId_constructorReverts() public {
-        uint256 projectId = projects.createFor(alice);
-        vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_InvalidNewOwner.selector));
-        // forge-lint: disable-next-line(unsafe-typecast)
-        new MockOwnable(projects, permissions, bob, uint88(projectId));
-    }
-    // =========================================================================
-    // Test 2: Renounced contract — protectedMethod always reverts
-    // =========================================================================
-    function test_renounced_protectedMethodAlwaysReverts() public {
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        // Owner can call.
-        vm.prank(alice);
-        ownable.protectedMethod();
-        // Renounce.
-        vm.prank(alice);
-        ownable.renounceOwnership();
-        assertEq(ownable.owner(), address(0), "Should be renounced");
-        // Now NOBODY can call — not alice, not bob, not anyone.
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        vm.prank(bob);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        vm.prank(attacker);
-        vm.expectRevert();
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 3: Permission ID reset on transfer
-    // =========================================================================
-    /// @notice After any ownership transfer, permissionId should reset to 0.
-    ///         This prevents stale permission delegation.
-    function test_permissionIdResetOnTransfer() public {
-        uint256 projectId = projects.createFor(alice);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectId));
-        // Set permission ID.
-        vm.prank(alice);
-        ownable.setPermissionId(42);
-        (, uint88 pid, uint8 permId) = ownable.jbOwner();
-        assertEq(permId, 42, "Permission ID should be 42");
-        // Transfer to bob directly.
-        vm.prank(alice);
-        ownable.transferOwnership(bob);
-        (, pid, permId) = ownable.jbOwner();
-        assertEq(permId, 0, "Permission ID should reset to 0 after transfer");
-    }
-    // =========================================================================
-    // Test 4: Stale owner after NFT transfer
-    // =========================================================================
-    /// @notice After transferring project NFT, old owner should lose access.
-    function test_staleOwner_afterNFTTransfer() public {
-        uint256 projectId = projects.createFor(alice);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectId));
-        // Alice is current owner.
-        assertEq(ownable.owner(), alice);
-        vm.prank(alice);
-        ownable.protectedMethod(); // Should succeed.
-        // Transfer project NFT to bob.
-        vm.prank(alice);
-        projects.transferFrom(alice, bob, projectId);
-        // Alice should no longer be owner.
-        assertEq(ownable.owner(), bob, "Bob should be new owner");
-        // Alice cannot call protectedMethod anymore.
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        // Bob can call.
-        vm.prank(bob);
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 5: Transfer to project with overflow ID — must revert
-    // =========================================================================
-    /// @notice transferOwnershipToProject with projectId > type(uint88).max should revert.
-    function test_transferOwnershipToProject_overflowReverts() public {
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        // type(uint88).max + 1 = 309485009821345068724781056
-        uint256 overflowId = uint256(type(uint88).max) + 1;
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.transferOwnershipToProject(overflowId);
-    }
-    // =========================================================================
-    // Test 6: ROOT permission on wrong project doesn't grant access
-    // =========================================================================
-    /// @notice Attacker has ROOT permission on their own project. Verify it
-    ///         doesn't grant access to a different project's JBOwnable.
-    function test_rootOnWrongProject_noAccess() public {
-        // Create two projects.
-        uint256 aliceProject = projects.createFor(alice);
-        uint256 attackerProject = projects.createFor(attacker);
-        // Ownable is owned by alice's project.
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(aliceProject));
-        // Set permission ID so delegated access is possible.
-        vm.prank(alice);
-        ownable.setPermissionId(42);
-        // Attacker grants themselves ROOT (permission 1) on their OWN project.
-        uint8[] memory rootPerms = new uint8[](1);
-        rootPerms[0] = 1; // ROOT
-        vm.prank(attacker);
-        permissions.setPermissionsFor(
-            attacker,
-            // forge-lint: disable-next-line(unsafe-typecast)
-            JBPermissionsData({operator: attacker, projectId: uint56(attackerProject), permissionIds: rootPerms})
-        );
-        // Attacker tries to call protectedMethod — should still fail because
-        // ROOT is on attackerProject, not aliceProject.
-        vm.prank(attacker);
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                JBPermissioned.JBPermissioned_Unauthorized.selector, alice, attacker, aliceProject, 42
-            )
-        );
-        ownable.protectedMethod();
-    }
-}

package/test/OwnableEdgeCases.t.sol DELETED Viewed

@@ -1,437 +0,0 @@
-// SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.28;
-import {Test} from "forge-std/Test.sol";
-import {MockOwnable} from "./mocks/MockOwnable.sol";
-import {MockOwnableERC2771} from "./mocks/MockOwnableERC2771.sol";
-import {JBOwnableOverrides} from "../src/JBOwnableOverrides.sol";
-import {IJBOwnable} from "../src/interfaces/IJBOwnable.sol";
-import {JBPermissions} from "@bananapus/core-v6/src/JBPermissions.sol";
-import {JBProjects} from "@bananapus/core-v6/src/JBProjects.sol";
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
-import {JBPermissionsData} from "@bananapus/core-v6/src/structs/JBPermissionsData.sol";
-/// @title OwnableEdgeCases
-/// @notice Edge case and gap tests for JBOwnable: multi-hop NFT transfers,
-///         project-to-project ownership, permissionId lifecycle, and nonexistent projects.
-contract OwnableEdgeCases is Test {
-    IJBProjects projects;
-    IJBPermissions permissions;
-    address alice = makeAddr("alice");
-    address bob = makeAddr("bob");
-    address charlie = makeAddr("charlie");
-    address dave = makeAddr("dave");
-    modifier isNotContract(address a) {
-        uint256 size;
-        assembly {
-            size := extcodesize(a)
-        }
-        vm.assume(size == 0);
-        _;
-    }
-    function setUp() public {
-        permissions = new JBPermissions(address(0));
-        projects = new JBProjects(address(123), address(0), address(0));
-    }
-    // =========================================================================
-    // Test 1: Multi-hop NFT transfer — ownership follows through A→B→C→D
-    // =========================================================================
-    function test_multiHopNFTTransfer_ownerFollows() public {
-        uint256 projectId = projects.createFor(alice);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectId));
-        assertEq(ownable.owner(), alice);
-        // Transfer NFT: alice → bob
-        vm.prank(alice);
-        projects.transferFrom(alice, bob, projectId);
-        assertEq(ownable.owner(), bob, "Should follow to bob");
-        // Transfer NFT: bob → charlie
-        vm.prank(bob);
-        projects.transferFrom(bob, charlie, projectId);
-        assertEq(ownable.owner(), charlie, "Should follow to charlie");
-        // Transfer NFT: charlie → dave
-        vm.prank(charlie);
-        projects.transferFrom(charlie, dave, projectId);
-        assertEq(ownable.owner(), dave, "Should follow to dave");
-        // dave can call protectedMethod, alice/bob/charlie cannot
-        vm.prank(dave);
-        ownable.protectedMethod();
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        vm.prank(bob);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        vm.prank(charlie);
-        vm.expectRevert();
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 2: Transfer project → different project
-    // =========================================================================
-    function test_transferProjectToProject() public {
-        uint256 projectA = projects.createFor(alice);
-        uint256 projectB = projects.createFor(bob);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectA));
-        assertEq(ownable.owner(), alice);
-        // Transfer ownership from project A to project B.
-        vm.prank(alice);
-        ownable.transferOwnershipToProject(projectB);
-        // Owner should now be bob (owner of project B).
-        assertEq(ownable.owner(), bob, "Owner should be projectB's owner (bob)");
-        // alice no longer has access
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        // bob has access
-        vm.prank(bob);
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 3: Full ownership cycle: address → project → address → project
-    // =========================================================================
-    function test_fullOwnershipCycle() public {
-        uint256 projectA = projects.createFor(alice);
-        uint256 projectB = projects.createFor(bob);
-        // Start with address ownership.
-        MockOwnable ownable = new MockOwnable(projects, permissions, charlie, 0);
-        assertEq(ownable.owner(), charlie);
-        // charlie → project A (alice)
-        vm.prank(charlie);
-        ownable.transferOwnershipToProject(projectA);
-        assertEq(ownable.owner(), alice);
-        // project A → bob (address)
-        vm.prank(alice);
-        ownable.transferOwnership(bob);
-        assertEq(ownable.owner(), bob);
-        // bob → project B (bob is also project B owner, but that's fine)
-        vm.prank(bob);
-        ownable.transferOwnershipToProject(projectB);
-        assertEq(ownable.owner(), bob, "bob owns projectB so still bob");
-        // Verify jbOwner struct is correct (projectId set, owner zeroed).
-        (address storedOwner, uint88 storedProjectId, uint8 storedPermId) = ownable.jbOwner();
-        assertEq(storedOwner, address(0), "owner field should be zero in project mode");
-        // forge-lint: disable-next-line(unsafe-typecast)
-        assertEq(storedProjectId, uint88(projectB), "projectId should be projectB");
-        assertEq(storedPermId, 0, "permissionId should be 0");
-    }
-    // =========================================================================
-    // Test 4: permissionId lifecycle through multiple transfers
-    // =========================================================================
-    function test_permissionIdLifecycle() public {
-        uint256 projectA = projects.createFor(alice);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectA));
-        // Set permissionId to 42.
-        vm.prank(alice);
-        ownable.setPermissionId(42);
-        (,, uint8 permId) = ownable.jbOwner();
-        assertEq(permId, 42);
-        // Transfer to bob — permissionId should reset.
-        vm.prank(alice);
-        ownable.transferOwnership(bob);
-        (,, permId) = ownable.jbOwner();
-        assertEq(permId, 0, "permissionId should reset after transferOwnership");
-        // Set permissionId again as new owner.
-        vm.prank(bob);
-        ownable.setPermissionId(99);
-        (,, permId) = ownable.jbOwner();
-        assertEq(permId, 99);
-        // Transfer to project — permissionId should reset again.
-        vm.prank(bob);
-        ownable.transferOwnershipToProject(projectA);
-        (,, permId) = ownable.jbOwner();
-        assertEq(permId, 0, "permissionId should reset after transferOwnershipToProject");
-        // Set permissionId as project owner.
-        vm.prank(alice);
-        ownable.setPermissionId(200);
-        (,, permId) = ownable.jbOwner();
-        assertEq(permId, 200);
-        // Renounce — permissionId should be 0.
-        vm.prank(alice);
-        ownable.renounceOwnership();
-        (,, permId) = ownable.jbOwner();
-        assertEq(permId, 0, "permissionId should be 0 after renounce");
-    }
-    // =========================================================================
-    // Test 5: Non-owner cannot call setPermissionId
-    // =========================================================================
-    function test_nonOwnerCannotSetPermissionId(address nonOwner) public {
-        vm.assume(nonOwner != alice && nonOwner != address(0));
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        vm.prank(nonOwner);
-        vm.expectRevert();
-        ownable.setPermissionId(42);
-    }
-    // =========================================================================
-    // Test 6: Transfer to nonexistent project reverts
-    // =========================================================================
-    function test_transferToNonexistentProject_reverts() public {
-        // Create one project so count == 1.
-        projects.createFor(alice);
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        // Project 2 doesn't exist.
-        vm.prank(alice);
-        vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_ProjectDoesNotExist.selector));
-        ownable.transferOwnershipToProject(2);
-        // Project 999 doesn't exist.
-        vm.prank(alice);
-        vm.expectRevert(abi.encodeWithSelector(JBOwnableOverrides.JBOwnableOverrides_ProjectDoesNotExist.selector));
-        ownable.transferOwnershipToProject(999);
-    }
-    // =========================================================================
-    // Test 7: Delegated access — permission granted on project, then NFT
-    //         transferred, old delegate loses access
-    // =========================================================================
-    function test_delegatedAccess_lostAfterNFTTransfer() public {
-        uint256 projectId = projects.createFor(alice);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(projectId));
-        // Set permissionId so delegation is possible.
-        vm.prank(alice);
-        ownable.setPermissionId(42);
-        // Alice grants charlie permission 42 on the project.
-        uint8[] memory permIds = new uint8[](1);
-        permIds[0] = 42;
-        vm.prank(alice);
-        permissions.setPermissionsFor(
-            alice,
-            // forge-lint: disable-next-line(unsafe-typecast)
-            JBPermissionsData({operator: charlie, projectId: uint56(projectId), permissionIds: permIds})
-        );
-        // Charlie can call protectedMethod (delegated via permissions).
-        vm.prank(charlie);
-        ownable.protectedMethod();
-        // Transfer NFT to bob.
-        vm.prank(alice);
-        projects.transferFrom(alice, bob, projectId);
-        // Charlie's delegation was from alice. Now owner is bob.
-        // Charlie should lose access because _checkOwner resolves to bob,
-        // and charlie has no permissions from bob.
-        vm.prank(charlie);
-        vm.expectRevert();
-        ownable.protectedMethod();
-        // bob can still call directly.
-        vm.prank(bob);
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 8: OwnershipTransferred event emitted correctly
-    // =========================================================================
-    function test_ownershipTransferredEvent() public {
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        // Transfer to bob — expect event.
-        vm.expectEmit(true, true, false, true);
-        emit IJBOwnable.OwnershipTransferred(alice, bob, alice);
-        vm.prank(alice);
-        ownable.transferOwnership(bob);
-    }
-    // =========================================================================
-    // Test 9: PermissionIdChanged event emitted correctly
-    // =========================================================================
-    function test_permissionIdChangedEvent() public {
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        vm.expectEmit(true, true, false, true);
-        emit IJBOwnable.PermissionIdChanged(42, alice);
-        vm.prank(alice);
-        ownable.setPermissionId(42);
-    }
-    // =========================================================================
-    // Test 10: Constructor tolerates an unminted project owner
-    // =========================================================================
-    function test_constructorWithUnmintedProject_emitsZeroOwnerUntilMinted() public {
-        vm.expectEmit(true, true, false, true);
-        emit IJBOwnable.OwnershipTransferred(address(0), address(0), address(this));
-        MockOwnable ownable = new MockOwnable(projects, permissions, address(0), uint88(1));
-        assertEq(ownable.owner(), address(0), "Owner should resolve to zero before the project exists");
-        uint256 projectId = projects.createFor(alice);
-        assertEq(projectId, 1, "Expected the first minted project to match the configured future owner");
-        assertEq(ownable.owner(), alice, "Owner should resolve once the project is minted");
-    }
-    // =========================================================================
-    // Test 11: Fuzz — transfer to any valid project, verify owner resolution
-    // =========================================================================
-    function testFuzz_transferToProject(address projectOwner) public isNotContract(projectOwner) {
-        vm.assume(projectOwner != address(0));
-        uint256 projectId = projects.createFor(projectOwner);
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        vm.prank(alice);
-        ownable.transferOwnershipToProject(projectId);
-        assertEq(ownable.owner(), projectOwner, "Owner should match project owner");
-        // Verify jbOwner struct.
-        (address storedOwner, uint88 storedProjectId,) = ownable.jbOwner();
-        assertEq(storedOwner, address(0), "stored owner should be zero");
-        // forge-lint: disable-next-line(unsafe-typecast)
-        assertEq(storedProjectId, uint88(projectId), "stored projectId should match");
-    }
-    // =========================================================================
-    // Test 12: Renounced contract cannot reclaim ownership
-    // =========================================================================
-    /// @notice After renouncing, no one can call transferOwnership, transferOwnershipToProject,
-    ///         setPermissionId, or renounceOwnership again.
-    function test_renouncedContract_cannotReclaim() public {
-        uint256 projectId = projects.createFor(alice);
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        vm.prank(alice);
-        ownable.renounceOwnership();
-        // Nobody can transfer ownership back.
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.transferOwnership(alice);
-        vm.prank(bob);
-        vm.expectRevert();
-        ownable.transferOwnership(bob);
-        // Nobody can transfer to a project.
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.transferOwnershipToProject(projectId);
-        // Nobody can set permissionId.
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.setPermissionId(1);
-        // Nobody can renounce again (already renounced, _checkOwner fails).
-        vm.prank(alice);
-        vm.expectRevert();
-        ownable.renounceOwnership();
-    }
-    // =========================================================================
-    // Test 13: _msgSender is NOT ERC2771-aware (design documentation)
-    // =========================================================================
-    /// @notice JBOwnable uses plain Context._msgSender() (returns msg.sender),
-    ///         NOT ERC2771Context. This test documents that a trusted forwarder
-    ///         appending a sender address to calldata does NOT affect _checkOwner.
-    function test_noERC2771_trustedForwarderHasNoEffect() public {
-        MockOwnable ownable = new MockOwnable(projects, permissions, alice, 0);
-        // Simulate what a trusted forwarder would do: call with alice's address
-        // appended to calldata. Since JBOwnable uses plain Context, this has no effect.
-        // The msg.sender is still bob, not alice.
-        bytes memory callData = abi.encodeWithSelector(MockOwnable.protectedMethod.selector);
-        bytes memory forwardedCallData = abi.encodePacked(callData, alice);
-        vm.prank(bob);
-        (bool success,) = address(ownable).call(forwardedCallData);
-        assertFalse(success, "Forwarded call should fail - JBOwnable ignores appended sender");
-        // Direct call from alice still works.
-        vm.prank(alice);
-        ownable.protectedMethod();
-    }
-    // =========================================================================
-    // Test 14: OwnershipTransferred event uses _msgSender() (L-27 fix)
-    // =========================================================================
-    /// @notice When a subclass overrides _msgSender() (e.g., for ERC-2771),
-    ///         the OwnershipTransferred event's caller field should reflect the
-    ///         forwarded sender, not msg.sender.
-    function test_ownershipTransferredEvent_usesOverriddenMsgSender() public {
-        address forwarder = makeAddr("forwarder");
-        MockOwnableERC2771 ownable = new MockOwnableERC2771(projects, permissions, alice, 0, forwarder);
-        // Expect event with caller=alice (the forwarded sender), not forwarder.
-        vm.expectEmit(true, true, false, true);
-        emit IJBOwnable.OwnershipTransferred(alice, bob, alice);
-        // Forwarder calls transferOwnership with alice's address appended (ERC-2771 style).
-        bytes memory callData = abi.encodeWithSelector(IJBOwnable.transferOwnership.selector, bob);
-        bytes memory forwardedCallData = abi.encodePacked(callData, alice);
-        vm.prank(forwarder);
-        (bool success,) = address(ownable).call(forwardedCallData);
-        assertTrue(success, "Forwarded transferOwnership should succeed");
-    }
-    // =========================================================================
-    // Test 15: PermissionIdChanged event uses _msgSender() (L-27 fix)
-    // =========================================================================
-    /// @notice When a subclass overrides _msgSender() (e.g., for ERC-2771),
-    ///         the PermissionIdChanged event's caller field should reflect the
-    ///         forwarded sender, not msg.sender.
-    function test_permissionIdChangedEvent_usesOverriddenMsgSender() public {
-        address forwarder = makeAddr("forwarder");
-        MockOwnableERC2771 ownable = new MockOwnableERC2771(projects, permissions, alice, 0, forwarder);
-        // Expect event with caller=alice (the forwarded sender), not forwarder.
-        vm.expectEmit(true, true, false, true);
-        emit IJBOwnable.PermissionIdChanged(42, alice);
-        // Forwarder calls setPermissionId with alice's address appended.
-        bytes memory callData = abi.encodeWithSelector(IJBOwnable.setPermissionId.selector, uint8(42));
-        bytes memory forwardedCallData = abi.encodePacked(callData, alice);
-        vm.prank(forwarder);
-        (bool success,) = address(ownable).call(forwardedCallData);
-        assertTrue(success, "Forwarded setPermissionId should succeed");
-    }
-}

package/test/OwnableInvariantTests.sol DELETED Viewed

@@ -1,48 +0,0 @@
-// SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.28;
-import {Test} from "forge-std/Test.sol";
-import {OwnableHandler} from "./handlers/OwnableHandler.sol";
-contract OwnableInvariantTests is Test {
-    OwnableHandler handler;
-    function setUp() public {
-        handler = new OwnableHandler();
-        targetContract(address(handler));
-    }
-    /// @notice Owner address and project ID are mutually exclusive: can't both be non-zero.
-    function invariant_cantBelongToUserAndProject() public {
-        (address owner, uint88 projectId,) = handler.OWNABLE().jbOwner();
-        assertTrue(owner == address(0) || projectId == uint256(0), "owner and projectId cannot both be non-zero");
-    }
-    /// @notice After renouncing, both owner and projectId must be zero.
-    function invariant_renounceZerosOut() public {
-        if (
-            handler.wasEverRenounced()
-                && handler.renounceCount() > handler.transferCount() + handler.projectTransferCount()
-        ) {
-            (address owner, uint88 projectId,) = handler.OWNABLE().jbOwner();
-            assertTrue(owner == address(0) && projectId == 0, "renounced state should have zero owner and projectId");
-        }
-    }
-    /// @notice The permissionId is always reset to 0 on ownership transfers.
-    function invariant_permissionIdResetOnTransfer() public {
-        (,, uint8 permissionId) = handler.OWNABLE().jbOwner();
-        // After any ownership change, permissionId should be 0 (reset by _transferOwnership).
-        // This is always true because the handler only calls transfer/renounce functions,
-        // and never calls setPermissionId.
-        assertEq(permissionId, 0, "permissionId should be 0 after transfers");
-    }
-    /// @notice If projectId is set, owner address must be zero.
-    function invariant_projectOwnershipExcludesAddress() public {
-        (address owner, uint88 projectId,) = handler.OWNABLE().jbOwner();
-        if (projectId != 0) {
-            assertEq(owner, address(0), "project ownership should zero the owner address");
-        }
-    }
-}