@bannynet/core-v6 0.0.17 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ADMINISTRATION.md +28 -0
- package/ARCHITECTURE.md +51 -75
- package/AUDIT_INSTRUCTIONS.md +64 -331
- package/CHANGELOG.md +31 -0
- package/README.md +53 -167
- package/RISKS.md +18 -1
- package/SKILLS.md +27 -243
- package/STYLE_GUIDE.md +56 -17
- package/USER_JOURNEYS.md +51 -496
- package/package.json +8 -8
- package/references/operations.md +25 -0
- package/references/runtime.md +27 -0
- package/script/Add.Denver.s.sol +10 -7
- package/script/Deploy.s.sol +37 -28
- package/script/Drop1.s.sol +424 -329
- package/src/Banny721TokenUriResolver.sol +109 -59
- package/test/Banny721TokenUriResolver.t.sol +8 -5
- package/test/BannyAttacks.t.sol +8 -5
- package/test/DecorateFlow.t.sol +8 -5
- package/test/Fork.t.sol +25 -17
- package/test/OutfitTransferLifecycle.t.sol +8 -5
- package/test/TestAuditGaps.sol +8 -5
- package/test/TestQALastMile.t.sol +8 -5
- package/test/audit/AntiStrandingRetention.t.sol +33 -5
- package/test/audit/BurnedBodyStrandsAssets.t.sol +9 -5
- package/test/audit/MergedOutfitExclusivity.t.sol +8 -5
- package/test/audit/MigrationHelperVerificationBypass.t.sol +102 -0
- package/test/audit/TryTransferFromStrandsAssets.t.sol +8 -5
- package/test/regression/BodyCategoryValidation.t.sol +8 -5
- package/test/regression/BurnedTokenCheck.t.sol +8 -5
- package/test/regression/CEIReorder.t.sol +8 -5
- package/test/regression/RemovedTierDesync.t.sol +8 -5
- package/CHANGE_LOG.md +0 -243
- package/assets/findings/banny-retail-v6-pashov-ai-audit-report-20260330-102839.md +0 -34
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# Banny Runtime
|
|
2
|
+
|
|
3
|
+
## Contract Role
|
|
4
|
+
|
|
5
|
+
- [`src/Banny721TokenUriResolver.sol`](../src/Banny721TokenUriResolver.sol) resolves token metadata, stores equipped outfits and backgrounds, enforces outfit locks, and composes layered SVG output for Banny collections.
|
|
6
|
+
|
|
7
|
+
## Runtime Path
|
|
8
|
+
|
|
9
|
+
1. The hook calls the resolver for `tokenURI`-style metadata.
|
|
10
|
+
2. The resolver reads tier and ownership context from the upstream 721 hook.
|
|
11
|
+
3. If the token is a body, it composes background, body, and equipped items into a single SVG.
|
|
12
|
+
4. If the token is an outfit or background, it renders a preview-style representation instead.
|
|
13
|
+
5. During decoration flows, the resolver takes custody of attached items and updates wearer/background mappings.
|
|
14
|
+
|
|
15
|
+
## High-Risk Areas
|
|
16
|
+
|
|
17
|
+
- Attachment custody: equipped items are held by the resolver, so transfer and return behavior matters.
|
|
18
|
+
- Outfit lock windows: lock duration is part of user-facing state and should not drift unexpectedly.
|
|
19
|
+
- Rendering composition: layer ordering and default-item behavior affect visible output and must stay deterministic.
|
|
20
|
+
- Stale attachment cleanup: views intentionally guard against inconsistent attachment state.
|
|
21
|
+
|
|
22
|
+
## Tests To Trust First
|
|
23
|
+
|
|
24
|
+
- [`test/DecorateFlow.t.sol`](../test/DecorateFlow.t.sol) for the main equip/unequip lifecycle.
|
|
25
|
+
- [`test/OutfitTransferLifecycle.t.sol`](../test/OutfitTransferLifecycle.t.sol) for custody and return behavior.
|
|
26
|
+
- [`test/BannyAttacks.t.sol`](../test/BannyAttacks.t.sol) for adversarial flows.
|
|
27
|
+
- [`test/TestQALastMile.t.sol`](../test/TestQALastMile.t.sol) and [`test/regression/`](../test/regression/) for pinned edge cases.
|
package/script/Add.Denver.s.sol
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
pragma solidity 0.8.28;
|
|
3
3
|
|
|
4
4
|
import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
|
|
5
|
+
import {JB721TierConfigFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierConfigFlags.sol";
|
|
5
6
|
import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
|
|
6
7
|
import {JB721TiersHook} from "@bananapus/721-hook-v6/src/JB721TiersHook.sol";
|
|
7
8
|
|
|
@@ -66,13 +67,15 @@ contract Drop1Script is Script, Sphinx {
|
|
|
66
67
|
encodedIPFSUri: bytes32(0x233dd4173ef4ed0f60822a469277bb328b5ae056d8980301f7bd7ad9df780099),
|
|
67
68
|
category: 1,
|
|
68
69
|
discountPercent: 0,
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
70
|
+
flags: JB721TierConfigFlags({
|
|
71
|
+
allowOwnerMint: false,
|
|
72
|
+
useReserveBeneficiaryAsDefault: false,
|
|
73
|
+
transfersPausable: false,
|
|
74
|
+
useVotingUnits: false,
|
|
75
|
+
cantBeRemoved: false,
|
|
76
|
+
cantIncreaseDiscountPercent: false,
|
|
77
|
+
cantBuyWithCredits: false
|
|
78
|
+
}),
|
|
76
79
|
splitPercent: 0,
|
|
77
80
|
splits: new JBSplit[](0)
|
|
78
81
|
});
|
package/script/Deploy.s.sol
CHANGED
|
@@ -16,6 +16,7 @@ import {
|
|
|
16
16
|
import {IJB721TokenUriResolver} from "@bananapus/721-hook-v6/src/interfaces/IJB721TokenUriResolver.sol";
|
|
17
17
|
import {JB721InitTiersConfig} from "@bananapus/721-hook-v6/src/structs/JB721InitTiersConfig.sol";
|
|
18
18
|
import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
|
|
19
|
+
import {JB721TierConfigFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierConfigFlags.sol";
|
|
19
20
|
import {IJBSplitHook} from "@bananapus/core-v6/src/interfaces/IJBSplitHook.sol";
|
|
20
21
|
import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
|
|
21
22
|
import {JBCurrencyIds} from "@bananapus/core-v6/src/libraries/JBCurrencyIds.sol";
|
|
@@ -229,13 +230,15 @@ contract DeployScript is Script, Sphinx {
|
|
|
229
230
|
encodedIPFSUri: bytes32(0),
|
|
230
231
|
category: BANNY_BODY_CATEGORY,
|
|
231
232
|
discountPercent: 0,
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
233
|
+
flags: JB721TierConfigFlags({
|
|
234
|
+
allowOwnerMint: false,
|
|
235
|
+
useReserveBeneficiaryAsDefault: false,
|
|
236
|
+
transfersPausable: false,
|
|
237
|
+
useVotingUnits: false,
|
|
238
|
+
cantBeRemoved: true,
|
|
239
|
+
cantIncreaseDiscountPercent: true,
|
|
240
|
+
cantBuyWithCredits: false
|
|
241
|
+
}),
|
|
239
242
|
splitPercent: 0,
|
|
240
243
|
splits: new JBSplit[](0)
|
|
241
244
|
});
|
|
@@ -248,13 +251,15 @@ contract DeployScript is Script, Sphinx {
|
|
|
248
251
|
encodedIPFSUri: bytes32(0),
|
|
249
252
|
category: BANNY_BODY_CATEGORY,
|
|
250
253
|
discountPercent: 0,
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
254
|
+
flags: JB721TierConfigFlags({
|
|
255
|
+
allowOwnerMint: false,
|
|
256
|
+
useReserveBeneficiaryAsDefault: false,
|
|
257
|
+
transfersPausable: false,
|
|
258
|
+
useVotingUnits: false,
|
|
259
|
+
cantBeRemoved: true,
|
|
260
|
+
cantIncreaseDiscountPercent: true,
|
|
261
|
+
cantBuyWithCredits: false
|
|
262
|
+
}),
|
|
258
263
|
splitPercent: 0,
|
|
259
264
|
splits: new JBSplit[](0)
|
|
260
265
|
});
|
|
@@ -267,13 +272,15 @@ contract DeployScript is Script, Sphinx {
|
|
|
267
272
|
encodedIPFSUri: bytes32(0),
|
|
268
273
|
category: BANNY_BODY_CATEGORY,
|
|
269
274
|
discountPercent: 0,
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
275
|
+
flags: JB721TierConfigFlags({
|
|
276
|
+
allowOwnerMint: false,
|
|
277
|
+
useReserveBeneficiaryAsDefault: false,
|
|
278
|
+
transfersPausable: false,
|
|
279
|
+
useVotingUnits: false,
|
|
280
|
+
cantBeRemoved: true,
|
|
281
|
+
cantIncreaseDiscountPercent: true,
|
|
282
|
+
cantBuyWithCredits: false
|
|
283
|
+
}),
|
|
277
284
|
splitPercent: 0,
|
|
278
285
|
splits: new JBSplit[](0)
|
|
279
286
|
});
|
|
@@ -286,13 +293,15 @@ contract DeployScript is Script, Sphinx {
|
|
|
286
293
|
encodedIPFSUri: bytes32(0),
|
|
287
294
|
category: BANNY_BODY_CATEGORY,
|
|
288
295
|
discountPercent: 0,
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
+
flags: JB721TierConfigFlags({
|
|
297
|
+
allowOwnerMint: false,
|
|
298
|
+
useReserveBeneficiaryAsDefault: false,
|
|
299
|
+
transfersPausable: false,
|
|
300
|
+
useVotingUnits: false,
|
|
301
|
+
cantBeRemoved: true,
|
|
302
|
+
cantIncreaseDiscountPercent: true,
|
|
303
|
+
cantBuyWithCredits: false
|
|
304
|
+
}),
|
|
296
305
|
splitPercent: 0,
|
|
297
306
|
splits: new JBSplit[](0)
|
|
298
307
|
});
|