@bananapus/permission-ids-v6 0.0.23 → 0.0.25

package/AUDIT_INSTRUCTIONS.md

@@ -4,7 +4,9 @@ This repo is only permission ID constants, but those constants are security-crit
 
 ## Audit Objective
 
-Find issues that:
+There is a billion dollars of well-meaning projects' money in the Juicebox Money Engine, growing exponentially. Your job is to hack it before anyone else. Whoever hacks it first saves/steals the money, and you are obsessed with being this winner, while also being a steward of the protocol and wanting it to keep growing safely.
+
+Suggestions of where to look:
 
 - assign duplicate IDs to different permissions
 - mismatch IDs that downstream repos assume are canonical
@@ -33,7 +35,7 @@ This repo defines canonical numeric IDs that other repos treat as part of their
 | Dependency | Assumption | What breaks if wrong |
 |------------|------------|----------------------|
 | `nana-core-v6` | ERC-20 signature delegation still uses the documented ID | Signature authority checks mismatch |
-| `revnet-core-v6` | Loan and hidden-token permissions still use the documented IDs | Delegated actions widen, fail, or misroute |
+| `revnet-core-v6` | Loan permissions still use the documented IDs | Delegated actions widen, fail, or misroute |
 
 ## Critical Invariants
 
@@ -41,7 +43,7 @@ This repo defines canonical numeric IDs that other repos treat as part of their
 2. No two distinct permissions share an ID.
 3. IDs match the expectations of all dependent repos in this workspace.
 4. ID `23` (`SIGN_FOR_ERC20`) matches the value used by `nana-core-v6` for ERC-1271 signature delegation.
-5. IDs `36-40` used by `revnet-core-v6` match the values used in `REVHiddenTokens` and `REVLoans`.
+5. IDs used by `revnet-core-v6` match the values used in `REVLoans`.
 
 ## Attack Surfaces
 

package/CHANGELOG.md

@@ -19,15 +19,13 @@ This file describes the verified change from `nana-permission-ids-v5` to the cur
 
 - `SIGN_FOR_ERC20` (23) — sign messages on behalf of a project's ERC-20 token via ERC-1271. Used for Etherscan contract verification and other off-chain signature validation.
 
-## v6 additions: revnet-core delegation (IDs 36–40)
+## v6 additions: revnet-core delegation
 
-- `HIDE_TOKENS` (36) — hide tokens on behalf of a holder via `REVHiddenTokens.hideTokensOf`. Checked against the token holder.
-- `OPEN_LOAN` (37) — open a loan on behalf of a token holder via `REVLoans.borrowFrom`. Checked against the token holder.
-- `REALLOCATE_LOAN` (38) — reallocate loan collateral on behalf of a loan NFT owner via `REVLoans.reallocateCollateralFromLoan`. Checked against the loan NFT owner.
-- `REPAY_LOAN` (39) — repay a loan on behalf of a loan NFT owner via `REVLoans.repayLoan`. Checked against the loan NFT owner.
-- `REVEAL_TOKENS` (40) — reveal hidden tokens on behalf of a holder via `REVHiddenTokens.revealTokensOf`. Checked against the token holder.
+- `OPEN_LOAN` — open a loan on behalf of a token holder via `REVLoans.borrowFrom`. Checked against the token holder.
+- `REALLOCATE_LOAN` — reallocate loan collateral on behalf of a loan NFT owner via `REVLoans.reallocateCollateralFromLoan`. Checked against the loan NFT owner.
+- `REPAY_LOAN` — repay a loan on behalf of a loan NFT owner via `REVLoans.repayLoan`. Checked against the loan NFT owner.
 
-These are consumed by `revnet-core-v6` and checked via `JBPermissioned._requirePermissionFrom` (for `REVHiddenTokens`) or inline `PERMISSIONS.hasPermission` calls (for `REVLoans`).
+These are consumed by `revnet-core-v6` and checked via inline `PERMISSIONS.hasPermission` calls (for `REVLoans`).
 
 ## Verified deltas
 

package/RISKS.md

@@ -28,11 +28,11 @@ This file covers the coordination risks in `JBPermissionIds`. The contract surfa
 
 - **Fund-moving IDs.** `CASH_OUT_TOKENS` (`4`), `SEND_PAYOUTS` (`5`), `MIGRATE_TERMINAL` (`6`), `SET_TERMINALS` (`15`), `USE_ALLOWANCE` (`18`), and `SET_SPLIT_GROUPS` (`19`) can redirect or release value.
 - **Hook-routing IDs.** `SET_BUYBACK_POOL` (`28`), `SET_BUYBACK_HOOK` (`30`), and `SET_ROUTER_TERMINAL` (`31`) materially control execution routes and can lock those routes permanently.
-- **Revnet loan IDs.** `OPEN_LOAN` (`37`), `REALLOCATE_LOAN` (`38`), and `REPAY_LOAN` (`39`) are operationally powerful because they move collateral and debt state.
+- **Revnet loan IDs.** `OPEN_LOAN` (`36`), `REALLOCATE_LOAN` (`37`), and `REPAY_LOAN` (`38`) are operationally powerful because they move collateral and debt state.
 
 ## 3. Integration Risks
 
-- **Docs can lag deployed assumptions.** Off-chain tooling, UIs, and audits often rely on human-readable permission names.
+- **Docs can lag deployed assumptions.** Off-chain tooling, UIs, and reviews often rely on human-readable permission names.
 - **Cross-package imports must stay canonical.** Downstream repos should import this library instead of redefining numeric literals locally.
 - **Future IDs expand current `ROOT` power.** Any new permission automatically becomes available to existing `ROOT` operators.
 

package/STYLE_GUIDE.md

@@ -451,54 +451,9 @@ jobs:
         run: forge fmt --check
 ```
 
-**slither.yml** (repos with `src/` contracts only):
-```yaml
-name: slither
-on:
-    pull_request:
-      branches:
-        - main
-    push:
-      branches:
-        - main
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 25.9.0
-      - name: Install npm dependencies
-        run: npm install --omit=dev
-      - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@v1
-      - name: Run slither
-        uses: crytic/slither-action@v0.4.1
-        with:
-            slither-config: slither-ci.config.json
-            fail-on: medium
-```
-
-**slither-ci.config.json:**
-```json
-{
-  "detectors_to_exclude": "timestamp,uninitialized-local,naming-convention,solc-version,shadowing-local",
-  "exclude_informational": true,
-  "exclude_low": false,
-  "exclude_medium": false,
-  "exclude_high": false,
-  "disable_color": false,
-  "filter_paths": "(mocks/|test/|node_modules/|lib/)",
-  "legacy_ast": false
-}
-```
+**Static review workflow** (repos with `src/` contracts only):
 
-**Variations:**
-- Deployer-only repos (no `src/`, only `script/`) skip slither entirely — the action's internal `forge build` skips `test/` and `script/` by default, leaving nothing to compile.
-- Use inline `// slither-disable-next-line <detector>` to suppress known false positives rather than adding to `detectors_to_exclude` in the config. The comment must be on the line immediately before the flagged expression.
+Keep repo-local static review automation current with the package's runtime surface. At minimum, CI should run formatting, linting, and build checks with `--deny notes`. Repos that only contain deployment scripts can rely on the shared formatting and lint jobs unless they add runtime contracts.
 
 ### package.json
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/permission-ids-v6",
-  "version": "0.0.23",
+  "version": "0.0.25",
   "license": "MIT",
   "repository": {
     "type": "git",

package/references/runtime.md

@@ -13,6 +13,6 @@ Use this file when you need to confirm the canonical numeric labels, not when yo
 
 ## Change Checklist
 
-- If you edit a constant, audit every dependent repo that imports it.
+- If you edit a constant, review every dependent repo that imports it.
 - If you need to know who can exercise a permission, follow the usage into the enforcing repo rather than stopping here.
-- There are no repo-local tests here, so downstream compile and behavior audits matter more than this package in isolation.
+- There are no repo-local tests here, so downstream compile and behavior reviews matter more than this package in isolation.

package/src/JBPermissionIds.sol

@@ -160,25 +160,29 @@ library JBPermissionIds {
 
     /// @notice Deploy cross-chain sucker bridges for a project, enabling token bridging between chains
     /// (`JBSuckerRegistry.deploySuckersFor`).
+    /// @dev When the configuration's `peer` is `address(0)` or `address(this)` (default symmetric-address peering),
+    /// `DEPLOY_SUCKERS` is sufficient. Registering a non-symmetric explicit peer also requires `SET_SUCKER_PEER`.
     uint8 internal constant DEPLOY_SUCKERS = 33;
 
+    /// @notice Register a non-symmetric explicit peer address when deploying a cross-chain sucker
+    /// (`JBSuckerRegistry.deploySuckersFor` with `configuration.peer` != 0 and != `address(this)`).
+    /// @dev The explicit-peer field bypasses the same-address peering invariant, so any operator that can set it
+    /// can authorize mint-from-arbitrary-roots. This permission is intentionally narrower than `DEPLOY_SUCKERS` so
+    /// that ops automation with `DEPLOY_SUCKERS` cannot register attacker-controlled peers.
+    uint8 internal constant SET_SUCKER_PEER = 34;
+
     /// @notice Enable the emergency hatch on a cross-chain sucker, allowing stuck tokens to be recovered
     /// (`JBSucker.enableEmergencyHatchFor`).
-    uint8 internal constant SUCKER_SAFETY = 34;
+    uint8 internal constant SUCKER_SAFETY = 35;
 
     /// @notice Set the deprecation status of a cross-chain sucker, progressing it through its shutdown lifecycle
     /// (`JBSucker.setDeprecation`).
-    uint8 internal constant SET_SUCKER_DEPRECATION = 35;
+    uint8 internal constant SET_SUCKER_DEPRECATION = 36;
 
     /* ── revnet-core-v6
     ─────────────────────────────────────────────────
     */
 
-    /// @notice Hide tokens on behalf of a holder, removing them from public visibility
-    /// (`REVHiddenTokens.hideTokensFor`).
-    /// @dev Hidden tokens are still owned by the holder and can be revealed later.
-    uint8 internal constant HIDE_TOKENS = 36;
-
     /// @notice Open a loan against project tokens as collateral on behalf of a token holder
     /// (`REVLoans.borrowFrom`).
     uint8 internal constant OPEN_LOAN = 37;

package/slither-ci.config.json

@@ -1,10 +0,0 @@
-{
-    "detectors_to_exclude": "timestamp,uninitialized-local,naming-convention,solc-version,shadowing-local",
-    "exclude_informational": true,
-    "exclude_low": false,
-    "exclude_medium": false,
-    "exclude_high": false,
-    "disable_color": false,
-    "filter_paths": "(mocks/|test/|node_modules/|lib/)",
-    "legacy_ast": false
-}