npm - @croptop/core-v6 - Versions diffs - 0.0.36 → 0.0.38 - Mend

@croptop/core-v6 0.0.36 → 0.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/package.json +8 -8
package/src/CTPublisher.sol +20 -5
package/test/audit/CodexNemesisCroptopPublisherBoundary.t.sol +329 -0
package/test/audit/CodexNemesisCurrencyPoCs.t.sol +371 -0
package/test/audit/CodexNemesisFreshRound.t.sol +395 -0
package/test/audit/CodexNemesisMetadataShadow.t.sol +196 -0
package/test/audit/CodexNemesisPolicyReuse.t.sol +168 -0
package/test/audit/CodexNemesisUriDrift.t.sol +252 -0
package/test/audit/Pass12Fixes.t.sol +388 -0
package/test/fork/PublishFork.t.sol +2 -2
package/test/regression/StaleTierIdMapping.t.sol +10 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@croptop/core-v6",
-  "version": "0.0.36",
+  "version": "0.0.38",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -16,13 +16,13 @@
     "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'croptop-core-v5'"
   },
   "dependencies": {
-    "@bananapus/721-hook-v6": "^0.0.35",
-    "@bananapus/buyback-hook-v6": "^0.0.27",
-    "@bananapus/core-v6": "^0.0.34",
-    "@bananapus/ownable-v6": "^0.0.17",
-    "@bananapus/permission-ids-v6": "^0.0.17",
-    "@bananapus/router-terminal-v6": "^0.0.26",
-    "@bananapus/suckers-v6": "^0.0.25",
+    "@bananapus/721-hook-v6": "^0.0.38",
+    "@bananapus/buyback-hook-v6": "^0.0.30",
+    "@bananapus/core-v6": "^0.0.36",
+    "@bananapus/ownable-v6": "^0.0.20",
+    "@bananapus/permission-ids-v6": "^0.0.19",
+    "@bananapus/router-terminal-v6": "^0.0.30",
+    "@bananapus/suckers-v6": "^0.0.28",
     "@openzeppelin/contracts": "^5.6.1"
   },
   "devDependencies": {

package/src/CTPublisher.sol CHANGED Viewed

@@ -33,6 +33,7 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
     error CTPublisher_MaxTotalSupplyLessThanMin(uint256 min, uint256 max);
     error CTPublisher_NotInAllowList(address addr, address[] allowedAddresses);
     error CTPublisher_PriceTooSmall(uint256 price, uint256 minimumPrice);
+    error CTPublisher_DuplicatePayMetadata();
     error CTPublisher_FeePaymentFailed(uint256 feeAmount);
     error CTPublisher_SplitPercentExceedsMaximum(uint256 splitPercent, uint256 maximumSplitPercent);
     error CTPublisher_TotalSupplyTooBig(uint256 totalSupply, uint256 maximumTotalSupply);
@@ -236,6 +237,15 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
             // Keep a reference to the metadata ID target.
             address metadataIdTarget = hook.METADATA_ID_TARGET();
+            // Revert if the caller's additional metadata already contains a pay ID — this would shadow Croptop's
+            // tier selection, allowing the caller to mint arbitrary tiers.
+            {
+                bytes4 payId = JBMetadataResolver.getId({purpose: "pay", target: metadataIdTarget});
+                // slither-disable-next-line unused-return
+                (bool exists,) = JBMetadataResolver.getDataFor({id: payId, metadata: additionalPayMetadata});
+                if (exists) revert CTPublisher_DuplicatePayMetadata();
+            }
             // Create the metadata for the payment to specify the tier IDs that should be minted. We create manually the
             // original metadata, following
             // the specifications from the JBMetadataResolver library.
@@ -464,18 +474,23 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
                 uint256 tierId = tierIdForEncodedIPFSUriOf[address(hook)][post.encodedIPFSUri];
                 if (tierId != 0) {
-                    // If the tier was removed externally (via adjustTiers), clear the stale mapping
-                    // so the code falls through to create a new tier.
+                    // Validate the cached tier still exists and its URI still matches.
+                    // The cache can become stale if the tier was removed (via adjustTiers) or
+                    // its URI was changed (via setMetadata). In either case, clear the stale
+                    // mapping and fall through to create a new tier.
+                    // slither-disable-next-line calls-loop
+                    JB721Tier memory cachedTier =
+                        store.tierOf({hook: address(hook), id: tierId, includeResolvedUri: false});
                     // slither-disable-next-line calls-loop
-                    if (store.isTierRemoved(address(hook), tierId)) {
+                    if (store.isTierRemoved(address(hook), tierId) || cachedTier.encodedIPFSUri != post.encodedIPFSUri)
+                    {
                         delete tierIdForEncodedIPFSUriOf[address(hook)][post.encodedIPFSUri];
                     } else {
                         tierIdsToMint[i] = tierId;
                         // For existing tiers, use the actual tier price (not the user-supplied post.price)
                         // to prevent fee evasion by passing price=0 for an existing tier.
-                        // slither-disable-next-line calls-loop
-                        totalPrice += store.tierOf({hook: address(hook), id: tierId, includeResolvedUri: false}).price;
+                        totalPrice += cachedTier.price;
                     }
                 }
             }

package/test/audit/CodexNemesisCroptopPublisherBoundary.t.sol ADDED Viewed

@@ -0,0 +1,329 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.28;
+import "forge-std/Test.sol";
+import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
+import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
+import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
+import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
+import {JB721TierFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierFlags.sol";
+import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
+import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
+import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
+import {JBPermissionsData} from "@bananapus/core-v6/src/structs/JBPermissionsData.sol";
+import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
+import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
+import {CTPost} from "../../src/structs/CTPost.sol";
+import {CTPublisher} from "../../src/CTPublisher.sol";
+contract NemesisMockPermissions is IJBPermissions {
+    function WILDCARD_PROJECT_ID() external pure returns (uint256) {
+        return 0;
+    }
+    function hasPermission(address, address, uint256, uint256, bool, bool) external pure returns (bool) {
+        return true;
+    }
+    function hasPermissions(address, address, uint256, uint256[] calldata, bool, bool) external pure returns (bool) {
+        return true;
+    }
+    function permissionsOf(address, address, uint256) external pure returns (uint256) {
+        return 0;
+    }
+    function setPermissionsFor(address, JBPermissionsData calldata) external {}
+}
+contract NemesisMockTerminal {
+    mapping(uint256 projectId => uint256 amount) public paidToProject;
+    function pay(
+        uint256 projectId,
+        address,
+        uint256,
+        address,
+        uint256,
+        string calldata,
+        bytes calldata
+    )
+        external
+        payable
+        returns (uint256)
+    {
+        paidToProject[projectId] += msg.value;
+        return 0;
+    }
+}
+contract NemesisMockDirectory {
+    mapping(uint256 projectId => address terminal) public terminalOf;
+    function setTerminal(uint256 projectId, address terminal) external {
+        terminalOf[projectId] = terminal;
+    }
+    function primaryTerminalOf(uint256 projectId, address) external view returns (IJBTerminal) {
+        return IJBTerminal(terminalOf[projectId]);
+    }
+}
+contract NemesisMockStore {
+    struct StoredTier {
+        uint104 price;
+        uint32 initialSupply;
+        uint32 remainingSupply;
+        bytes32 encodedIPFSUri;
+        bool removed;
+    }
+    uint256 public maxTierId;
+    mapping(uint256 tierId => StoredTier) public tierData;
+    function encodedUriOf(uint256 tierId) external view returns (bytes32) {
+        return tierData[tierId].encodedIPFSUri;
+    }
+    function addTier(JB721TierConfig memory config) external returns (uint256 tierId) {
+        tierId = ++maxTierId;
+        tierData[tierId] = StoredTier({
+            price: config.price,
+            initialSupply: config.initialSupply,
+            remainingSupply: config.initialSupply,
+            encodedIPFSUri: config.encodedIPFSUri,
+            removed: false
+        });
+    }
+    function setEncodedUri(uint256 tierId, bytes32 encodedIPFSUri) external {
+        tierData[tierId].encodedIPFSUri = encodedIPFSUri;
+    }
+    function maxTierIdOf(address) external view returns (uint256) {
+        return maxTierId;
+    }
+    function isTierRemoved(address, uint256 tierId) external view returns (bool) {
+        return tierData[tierId].removed;
+    }
+    function tierOf(address, uint256 tierId, bool) external view returns (JB721Tier memory tier) {
+        StoredTier memory stored = tierData[tierId];
+        tier = JB721Tier({
+            id: uint32(tierId),
+            price: stored.price,
+            remainingSupply: stored.remainingSupply,
+            initialSupply: stored.initialSupply,
+            votingUnits: 0,
+            reserveFrequency: 0,
+            reserveBeneficiary: address(0),
+            encodedIPFSUri: stored.encodedIPFSUri,
+            category: 0,
+            discountPercent: 0,
+            flags: JB721TierFlags({
+                allowOwnerMint: false,
+                transfersPausable: false,
+                cantBeRemoved: false,
+                cantIncreaseDiscountPercent: false,
+                cantBuyWithCredits: false
+            }),
+            splitPercent: 0,
+            resolvedUri: ""
+        });
+    }
+}
+contract NemesisMutableHook {
+    uint256 public immutable PROJECT_ID;
+    IJB721TiersHookStore public immutable STORE;
+    address public ownerAddress;
+    constructor(uint256 projectId, IJB721TiersHookStore store_, address owner_) {
+        PROJECT_ID = projectId;
+        STORE = store_;
+        ownerAddress = owner_;
+    }
+    function owner() external view returns (address) {
+        return ownerAddress;
+    }
+    function METADATA_ID_TARGET() external view returns (address) {
+        return address(this);
+    }
+    function adjustTiers(JB721TierConfig[] calldata tiersToAdd, uint256[] calldata) external {
+        for (uint256 i; i < tiersToAdd.length; i++) {
+            NemesisMockStore(address(STORE)).addTier(tiersToAdd[i]);
+        }
+    }
+    function setMetadata(
+        string calldata,
+        string calldata,
+        string calldata,
+        string calldata,
+        address,
+        uint256 encodedIPFSUriTierId,
+        bytes32 encodedIPFSUri
+    )
+        external
+    {
+        NemesisMockStore(address(STORE)).setEncodedUri(encodedIPFSUriTierId, encodedIPFSUri);
+    }
+}
+contract CodexNemesisCroptopPublisherBoundaryTest is Test {
+    uint256 internal constant FEE_PROJECT_ID = 1;
+    uint256 internal constant PROJECT_ID = 2;
+    bytes32 internal constant URI_A = keccak256("uri-a");
+    bytes32 internal constant URI_B = keccak256("uri-b");
+    address internal hookOwner = makeAddr("hookOwner");
+    address internal unrestrictedPoster = makeAddr("unrestrictedPoster");
+    address internal restrictedPoster = makeAddr("restrictedPoster");
+    address internal outsider = makeAddr("outsider");
+    NemesisMockPermissions internal permissions;
+    NemesisMockDirectory internal directory;
+    NemesisMockStore internal store;
+    NemesisMutableHook internal hook;
+    NemesisMockTerminal internal projectTerminal;
+    NemesisMockTerminal internal feeTerminal;
+    CTPublisher internal publisher;
+    function setUp() public {
+        permissions = new NemesisMockPermissions();
+        directory = new NemesisMockDirectory();
+        store = new NemesisMockStore();
+        hook = new NemesisMutableHook(PROJECT_ID, IJB721TiersHookStore(address(store)), hookOwner);
+        projectTerminal = new NemesisMockTerminal();
+        feeTerminal = new NemesisMockTerminal();
+        publisher = new CTPublisher(IJBDirectory(address(directory)), permissions, FEE_PROJECT_ID, address(0));
+        directory.setTerminal(PROJECT_ID, address(projectTerminal));
+        directory.setTerminal(FEE_PROJECT_ID, address(feeTerminal));
+        vm.deal(unrestrictedPoster, 100 ether);
+        vm.deal(restrictedPoster, 100 ether);
+        vm.deal(outsider, 100 ether);
+    }
+    function test_existingTierReuseBypassesUpdatedAllowlistAndPriceFloor() external {
+        _configureCategory(1, 1 ether, _singletonArray(unrestrictedPoster));
+        vm.prank(unrestrictedPoster);
+        publisher.mintFrom{value: 2 ether}(
+            IJB721TiersHook(address(hook)),
+            _singlePost({uri: URI_A, price: 1 ether, category: 1}),
+            unrestrictedPoster,
+            unrestrictedPoster,
+            "",
+            ""
+        );
+        assertEq(publisher.tierIdForEncodedIPFSUriOf(address(hook), URI_A), 1, "initial publish should cache tier 1");
+        // Tighten the policy so only `restrictedPoster` can publish, and only at >= 5 ether.
+        _configureCategory(1, 5 ether, _singletonArray(restrictedPoster));
+        vm.prank(outsider);
+        publisher.mintFrom{value: 2 ether}(
+            IJB721TiersHook(address(hook)), _singlePost({uri: URI_A, price: 0, category: 1}), outsider, outsider, "", ""
+        );
+        // The outsider's second call succeeds because existing-tier reuse skips the allowlist and price checks.
+        assertEq(store.maxTierId(), 1, "reuse path should mint from the old tier instead of creating a new one");
+        assertEq(
+            projectTerminal.paidToProject(PROJECT_ID),
+            3.9 ether,
+            "both mints should settle against the stale reused tier price"
+        );
+        assertEq(
+            feeTerminal.paidToProject(FEE_PROJECT_ID),
+            0.1 ether,
+            "fee routing still uses the stale reused tier price instead of the new stricter floor"
+        );
+    }
+    function test_hookMetadataMutationDesyncsPublisherCacheAndAllowsDuplicateTier() external {
+        _configureCategory(1, 1 ether, new address[](0));
+        vm.prank(unrestrictedPoster);
+        publisher.mintFrom{value: 2 ether}(
+            IJB721TiersHook(address(hook)),
+            _singlePost({uri: URI_A, price: 1 ether, category: 1}),
+            unrestrictedPoster,
+            unrestrictedPoster,
+            "",
+            ""
+        );
+        assertEq(publisher.tierIdForEncodedIPFSUriOf(address(hook), URI_A), 1, "publisher cache should point at tier 1");
+        assertEq(store.encodedUriOf(1), URI_A, "canonical hook metadata should start at uri A");
+        // The hook owner changes the canonical tier URI through the underlying 721 hook.
+        vm.prank(hookOwner);
+        hook.setMetadata("", "", "", "", address(0), 1, URI_B);
+        assertEq(store.encodedUriOf(1), URI_B, "hook metadata now says tier 1 is uri B");
+        assertEq(
+            publisher.tierIdForEncodedIPFSUriOf(address(hook), URI_A),
+            1,
+            "publisher cache is stale and still thinks uri A owns tier 1"
+        );
+        vm.prank(unrestrictedPoster);
+        publisher.mintFrom{value: 2 ether}(
+            IJB721TiersHook(address(hook)),
+            _singlePost({uri: URI_B, price: 1 ether, category: 1}),
+            unrestrictedPoster,
+            unrestrictedPoster,
+            "",
+            ""
+        );
+        // Croptop creates a second tier for the same canonical URI because it never re-syncs against hook metadata.
+        assertEq(store.maxTierId(), 2, "publisher should have created a duplicate tier after the metadata drift");
+        assertEq(store.encodedUriOf(1), URI_B, "tier 1 still resolves to uri B");
+        assertEq(store.encodedUriOf(2), URI_B, "tier 2 now also resolves to uri B");
+        assertEq(publisher.tierIdForEncodedIPFSUriOf(address(hook), URI_B), 2, "cache now points uri B at tier 2");
+    }
+    function _configureCategory(uint24 category, uint104 minimumPrice, address[] memory allowedAddresses) internal {
+        CTAllowedPost[] memory allowedPosts = new CTAllowedPost[](1);
+        allowedPosts[0] = CTAllowedPost({
+            hook: address(hook),
+            category: category,
+            minimumPrice: minimumPrice,
+            minimumTotalSupply: 1,
+            maximumTotalSupply: 100,
+            maximumSplitPercent: 0,
+            allowedAddresses: allowedAddresses
+        });
+        vm.prank(hookOwner);
+        publisher.configurePostingCriteriaFor(allowedPosts);
+    }
+    function _singlePost(bytes32 uri, uint104 price, uint24 category) internal pure returns (CTPost[] memory posts) {
+        posts = new CTPost[](1);
+        posts[0] = CTPost({
+            encodedIPFSUri: uri,
+            totalSupply: 10,
+            price: price,
+            category: category,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+    }
+    function _singletonArray(address account) internal pure returns (address[] memory addrs) {
+        addrs = new address[](1);
+        addrs[0] = account;
+    }
+}