@bannynet/core-v6 0.0.11 → 0.0.13

package/foundry.toml

@@ -1,5 +1,5 @@
 [profile.default]
-solc = '0.8.26'
+solc = '0.8.28'
 evm_version = 'cancun'
 optimizer_runs = 200
 via_ir = true

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@bannynet/core-v6",
-    "version": "0.0.11",
+    "version": "0.0.13",
     "license": "MIT",
     "repository": {
         "type": "git",
@@ -20,14 +20,14 @@
         "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'banny-core-v6'"
     },
     "dependencies": {
-        "@bananapus/721-hook-v6": "^0.0.19",
-        "@bananapus/core-v6": "^0.0.24",
-        "@bananapus/permission-ids-v6": "^0.0.10",
-        "@bananapus/router-terminal-v6": "^0.0.17",
-        "@bananapus/suckers-v6": "^0.0.13",
-        "@croptop/core-v6": "^0.0.20",
+        "@bananapus/721-hook-v6": "^0.0.21",
+        "@bananapus/core-v6": "^0.0.27",
+        "@bananapus/permission-ids-v6": "^0.0.14",
+        "@bananapus/router-terminal-v6": "^0.0.20",
+        "@bananapus/suckers-v6": "^0.0.17",
+        "@croptop/core-v6": "^0.0.22",
         "@openzeppelin/contracts": "^5.6.1",
-        "@rev-net/core-v6": "^0.0.15",
+        "@rev-net/core-v6": "^0.0.17",
         "keccak": "^3.0.4"
     },
     "devDependencies": {

package/script/Add.Denver.s.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
 import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";

package/script/Deploy.s.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Hook721Deployment, Hook721DeploymentLib} from "@bananapus/721-hook-v6/script/helpers/Hook721DeploymentLib.sol";
 import {CoreDeployment, CoreDeploymentLib} from "@bananapus/core-v6/script/helpers/CoreDeploymentLib.sol";

package/script/Drop1.s.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
 import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";

package/script/helpers/BannyverseDeploymentLib.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {stdJson} from "forge-std/Script.sol";
 import {Vm} from "forge-std/Vm.sol";

package/script/helpers/MigrationHelper.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Banny721TokenUriResolver} from "../../src/Banny721TokenUriResolver.sol";
 import {JB721TiersHook} from "@bananapus/721-hook-v6/src/JB721TiersHook.sol";

package/src/Banny721TokenUriResolver.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {ERC2771Context} from "@openzeppelin/contracts/metatx/ERC2771Context.sol";
@@ -1209,26 +1209,39 @@ contract Banny721TokenUriResolver is
                     revert Banny721TokenUriResolver_UnrecognizedBackground();
                 }
 
-                // Effects: update all state before any external transfers (CEI pattern).
-                _attachedBackgroundIdOf[hook][bannyBodyId] = backgroundId;
-                _userOf[hook][backgroundId] = bannyBodyId;
-
-                // Interactions: try-transfer the previous background back (may have been burned).
+                // Try to transfer the previous background back before updating state.
+                // If the transfer fails, the old background stays attached to prevent NFT stranding.
                 if (userOfPreviousBackground == bannyBodyId) {
-                    _tryTransferFrom({hook: hook, from: address(this), to: _msgSender(), assetId: previousBackgroundId});
+                    if (!_tryTransferFrom({
+                            hook: hook, from: address(this), to: _msgSender(), assetId: previousBackgroundId
+                        })) {
+                        // Transfer failed — skip the background change entirely so the old background
+                        // remains tracked and recoverable. The new background is not equipped.
+                        return;
+                    }
                 }
 
+                // Effects: update state now that the old background has been successfully returned.
+                _attachedBackgroundIdOf[hook][bannyBodyId] = backgroundId;
+                _userOf[hook][backgroundId] = bannyBodyId;
+
                 // Transfer the new background to this contract if it's not already owned by this contract.
                 if (owner != address(this)) {
                     _transferFrom({hook: hook, from: _msgSender(), to: address(this), assetId: backgroundId});
                 }
             } else {
-                // Effects: clear the background state before any external transfer.
-                _attachedBackgroundIdOf[hook][bannyBodyId] = 0;
-
-                // Interactions: try-transfer the previous background back (may have been burned).
+                // Try to transfer the previous background back before clearing state.
                 if (userOfPreviousBackground == bannyBodyId) {
-                    _tryTransferFrom({hook: hook, from: address(this), to: _msgSender(), assetId: previousBackgroundId});
+                    // Only clear attachment state if the transfer succeeded. If it fails (e.g. recipient rejects
+                    // ERC-721), the background stays attached so the owner can retry or recover.
+                    if (_tryTransferFrom({
+                            hook: hook, from: address(this), to: _msgSender(), assetId: previousBackgroundId
+                        })) {
+                        _attachedBackgroundIdOf[hook][bannyBodyId] = 0;
+                    }
+                } else {
+                    // No transfer needed — just clear the stale attachment record.
+                    _attachedBackgroundIdOf[hook][bannyBodyId] = 0;
                 }
             }
         }
@@ -1335,7 +1348,17 @@ contract Banny721TokenUriResolver is
                 // decorated.
                 if (previousOutfitId != outfitId && wearerOf({hook: hook, outfitId: previousOutfitId}) == bannyBodyId) {
                     // Use try-transfer: the previous outfit may have been burned or its tier removed.
-                    _tryTransferFrom({hook: hook, from: address(this), to: _msgSender(), assetId: previousOutfitId});
+                    // If transfer fails, zero is NOT written to previousOutfitIds — the entry is preserved
+                    // so it can be retained in the attached list (preventing NFT stranding).
+                    if (_tryTransferFrom({
+                            hook: hook, from: address(this), to: _msgSender(), assetId: previousOutfitId
+                        })) {
+                        // Mark as successfully transferred so it won't be retained.
+                        previousOutfitIds[previousOutfitIndex] = 0;
+                    }
+                } else {
+                    // Not transferring (same outfit being re-equipped or not worn by this banny) — mark as handled.
+                    previousOutfitIds[previousOutfitIndex] = 0;
                 }
 
                 if (++previousOutfitIndex < previousOutfitIds.length) {
@@ -1374,10 +1397,17 @@ contract Banny721TokenUriResolver is
             // decorated.
             // Skip outfits that are being re-equipped in the new outfit set.
             if (_isInArray(previousOutfitId, outfitIds)) {
-                // This outfit is being re-equipped — do not transfer it out.
+                // This outfit is being re-equipped — mark as handled.
+                previousOutfitIds[previousOutfitIndex] = 0;
             } else if (wearerOf({hook: hook, outfitId: previousOutfitId}) == bannyBodyId) {
                 // Use try-transfer: the previous outfit may have been burned or its tier removed.
-                _tryTransferFrom({hook: hook, from: address(this), to: _msgSender(), assetId: previousOutfitId});
+                // If transfer fails, the entry stays non-zero and is retained (preventing NFT stranding).
+                if (_tryTransferFrom({hook: hook, from: address(this), to: _msgSender(), assetId: previousOutfitId})) {
+                    previousOutfitIds[previousOutfitIndex] = 0;
+                }
+            } else {
+                // Not worn by this banny — mark as handled.
+                previousOutfitIds[previousOutfitIndex] = 0;
             }
 
             if (++previousOutfitIndex < previousOutfitIds.length) {
@@ -1388,8 +1418,87 @@ contract Banny721TokenUriResolver is
             }
         }
 
-        // Store the outfits.
-        _attachedOutfitIdsOf[hook][bannyBodyId] = outfitIds;
+        // Store the outfits, merging in any retained outfits whose transfers failed.
+        _storeOutfitsWithRetained({
+            hook: hook, bannyBodyId: bannyBodyId, outfitIds: outfitIds, previousOutfitIds: previousOutfitIds
+        });
+    }
+
+    /// @notice Store outfit IDs, merging in any retained outfits (failed transfers) from the previous list.
+    /// @dev Entries in `previousOutfitIds` that are still non-zero represent outfits whose transfer back to the
+    /// owner failed. These are appended to `outfitIds` so the attachment record is preserved and the owner can retry.
+    /// @param hook The hook storing the assets.
+    /// @param bannyBodyId The ID of the banny body being dressed.
+    /// @param outfitIds The new outfit IDs to store.
+    /// @param previousOutfitIds The previous outfit IDs array (zeroed entries were successfully transferred or
+    /// handled).
+    function _storeOutfitsWithRetained(
+        address hook,
+        uint256 bannyBodyId,
+        uint256[] memory outfitIds,
+        uint256[] memory previousOutfitIds
+    )
+        internal
+    {
+        // Count how many previous outfits failed to transfer (non-zero entries remain).
+        uint256 retainedCount;
+        for (uint256 i; i < previousOutfitIds.length; i++) {
+            if (previousOutfitIds[i] != 0) retainedCount++;
+        }
+
+        if (retainedCount == 0) {
+            _attachedOutfitIdsOf[hook][bannyBodyId] = outfitIds;
+        } else {
+            // Merge new outfits with retained outfits that couldn't be transferred back.
+            uint256[] memory mergedOutfitIds = new uint256[](outfitIds.length + retainedCount);
+            for (uint256 i; i < outfitIds.length; i++) {
+                mergedOutfitIds[i] = outfitIds[i];
+            }
+            uint256 mergeIndex = outfitIds.length;
+            for (uint256 i; i < previousOutfitIds.length; i++) {
+                if (previousOutfitIds[i] != 0) {
+                    mergedOutfitIds[mergeIndex++] = previousOutfitIds[i];
+                }
+            }
+
+            // Revalidate category exclusivity on the merged set. Retained outfits may conflict with the new outfits
+            // (e.g., a retained HEAD outfit combined with new EYES/GLASSES/MOUTH/HEADTOP outfits).
+            _validateCategoryExclusivity({hook: hook, outfitIds: mergedOutfitIds});
+
+            _attachedOutfitIdsOf[hook][bannyBodyId] = mergedOutfitIds;
+        }
+    }
+
+    /// @notice Validate that an array of outfit IDs does not violate category exclusivity rules.
+    /// @dev HEAD is exclusive with EYES, GLASSES, MOUTH, and HEADTOP. SUIT is exclusive with SUIT_TOP and
+    /// SUIT_BOTTOM. The array does not need to be sorted.
+    /// @param hook The hook storing the assets.
+    /// @param outfitIds The outfit IDs to validate.
+    function _validateCategoryExclusivity(address hook, uint256[] memory outfitIds) internal view {
+        bool hasHead;
+        bool hasSuit;
+        bool hasHeadAccessory;
+        bool hasSuitPiece;
+
+        for (uint256 i; i < outfitIds.length; i++) {
+            uint256 category = _productOfTokenId({hook: hook, tokenId: outfitIds[i]}).category;
+
+            if (category == _HEAD_CATEGORY) {
+                hasHead = true;
+            } else if (
+                category == _EYES_CATEGORY || category == _GLASSES_CATEGORY || category == _MOUTH_CATEGORY
+                    || category == _HEADTOP_CATEGORY
+            ) {
+                hasHeadAccessory = true;
+            } else if (category == _SUIT_CATEGORY) {
+                hasSuit = true;
+            } else if (category == _SUIT_TOP_CATEGORY || category == _SUIT_BOTTOM_CATEGORY) {
+                hasSuitPiece = true;
+            }
+        }
+
+        if (hasHead && hasHeadAccessory) revert Banny721TokenUriResolver_HeadAlreadyAdded();
+        if (hasSuit && hasSuitPiece) revert Banny721TokenUriResolver_SuitAlreadyAdded();
     }
 
     /// @notice Check if a value is present in an array.
@@ -1411,18 +1520,17 @@ contract Banny721TokenUriResolver is
         IERC721(hook).safeTransferFrom({from: from, to: to, tokenId: assetId});
     }
 
-    /// @notice Try to transfer a token, silently succeeding if the transfer fails (e.g. token was burned).
+    /// @notice Try to transfer a token, returning whether the transfer succeeded.
     /// @dev Used when returning previously equipped items that may no longer exist.
-    // `_tryTransferFrom` may silently fail to transfer outfit NFTs, leaving them attached to the
-    // Banny but owned by a different address. This is by design — the try-catch pattern prevents a single failing
-    // outfit transfer from blocking the entire Banny transfer. Orphaned outfits can be recovered by the original
-    // owner.
     /// @param hook The 721 contract of the token being transferred.
     /// @param from The address to transfer the token from.
     /// @param to The address to transfer the token to.
     /// @param assetId The ID of the token to transfer.
-    function _tryTransferFrom(address hook, address from, address to, uint256 assetId) internal {
+    /// @return success Whether the transfer succeeded.
+    function _tryTransferFrom(address hook, address from, address to, uint256 assetId) internal returns (bool success) {
         // slither-disable-next-line reentrancy-no-eth
-        try IERC721(hook).safeTransferFrom({from: from, to: to, tokenId: assetId}) {} catch {}
+        try IERC721(hook).safeTransferFrom({from: from, to: to, tokenId: assetId}) {
+            success = true;
+        } catch {}
     }
 }

package/test/Banny721TokenUriResolver.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";

package/test/BannyAttacks.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";

package/test/DecorateFlow.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";

package/test/Fork.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 

package/test/OutfitTransferLifecycle.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";

package/test/TestAuditGaps.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";

package/test/TestQALastMile.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
+pragma solidity 0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";