@croptop/core-v6 0.0.37 → 0.0.39

package/test/regression/DuplicateUriFeeEvasion.t.sol

@@ -1,312 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-
-// forge-lint: disable-next-line(unaliased-plain-import)
-import "forge-std/Test.sol";
-
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBOwnable} from "@bananapus/ownable-v6/src/interfaces/IJBOwnable.sol";
-import {IJB721Hook} from "@bananapus/721-hook-v6/src/interfaces/IJB721Hook.sol";
-import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
-import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
-import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
-
-import {CTPublisher} from "../../src/CTPublisher.sol";
-import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
-import {CTPost} from "../../src/structs/CTPost.sol";
-
-/// @title M6_DuplicateUriFeeEvasion
-/// @notice Duplicate encodedIPFSUri in a single mintFrom batch
-///         enables fee evasion. Before the fix, a second post with the same URI would read
-///         a stale tierIdForEncodedIPFSUriOf mapping (written by _setupPosts for the first
-///         post but not yet committed to the store), causing store.tierOf() to return price=0,
-///         so the fee was computed on 1x the price instead of 2x.
-///         The fix reverts with CTPublisher_DuplicatePost when duplicate URIs appear in a batch.
-contract M6_DuplicateUriFeeEvasion is Test {
-    CTPublisher publisher;
-
-    IJBPermissions permissions = IJBPermissions(makeAddr("permissions"));
-    IJBDirectory directory = IJBDirectory(makeAddr("directory"));
-
-    address hookOwner = makeAddr("hookOwner");
-    address hookAddr = makeAddr("hook");
-    address hookStoreAddr = makeAddr("hookStore");
-    address terminalAddr = makeAddr("terminal");
-    address feeTerminalAddr = makeAddr("feeTerminal");
-    address poster = makeAddr("poster");
-
-    uint256 feeProjectId = 1;
-    uint256 hookProjectId = 42;
-
-    function setUp() public {
-        publisher = new CTPublisher(directory, permissions, feeProjectId, address(0));
-
-        // Mock hook.owner().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJBOwnable.owner.selector), abi.encode(hookOwner));
-        // Mock hook.PROJECT_ID().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721Hook.PROJECT_ID.selector), abi.encode(hookProjectId));
-        // Mock hook.STORE().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.STORE.selector), abi.encode(hookStoreAddr));
-
-        // Mock permissions to return true by default.
-        vm.mockCall(
-            address(permissions), abi.encodeWithSelector(IJBPermissions.hasPermission.selector), abi.encode(true)
-        );
-
-        // Fund poster.
-        vm.deal(poster, 100 ether);
-    }
-
-    function _configureCategory() internal {
-        CTAllowedPost[] memory posts = new CTAllowedPost[](1);
-        posts[0] = CTAllowedPost({
-            hook: hookAddr,
-            category: 5,
-            minimumPrice: 0.01 ether,
-            minimumTotalSupply: 1,
-            maximumTotalSupply: 1000,
-            maximumSplitPercent: 0,
-            allowedAddresses: new address[](0)
-        });
-
-        vm.prank(hookOwner);
-        publisher.configurePostingCriteriaFor(posts);
-    }
-
-    function _setupMintMocks() internal {
-        vm.mockCall(
-            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.maxTierIdOf.selector), abi.encode(uint256(0))
-        );
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.adjustTiers.selector), abi.encode());
-        vm.mockCall(hookAddr, abi.encodeWithSelector(bytes4(keccak256("METADATA_ID_TARGET()"))), abi.encode(address(0)));
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, hookProjectId),
-            abi.encode(terminalAddr)
-        );
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, feeProjectId),
-            abi.encode(feeTerminalAddr)
-        );
-        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
-        vm.mockCall(feeTerminalAddr, "", abi.encode(uint256(0)));
-    }
-
-    // =========================================================================
-    // Test 1: Duplicate URI in batch reverts with CTPublisher_DuplicatePost
-    // =========================================================================
-    /// @notice Sending two posts with the same encodedIPFSUri in a single mintFrom batch
-    ///         must revert with CTPublisher_DuplicatePost.
-    function test_duplicateUriInBatch_reverts() public {
-        _configureCategory();
-        _setupMintMocks();
-
-        bytes32 duplicateUri = keccak256("same-content");
-
-        CTPost[] memory posts = new CTPost[](2);
-        posts[0] = CTPost({
-            encodedIPFSUri: duplicateUri,
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-        posts[1] = CTPost({
-            encodedIPFSUri: duplicateUri, // Same URI as posts[0].
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        vm.prank(poster);
-        vm.expectRevert(abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, duplicateUri));
-        publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
-    }
-
-    // =========================================================================
-    // Test 2: Three posts, first and third duplicate — reverts
-    // =========================================================================
-    /// @notice Duplicates do not need to be adjacent to be caught.
-    function test_duplicateUriNonAdjacent_reverts() public {
-        _configureCategory();
-        _setupMintMocks();
-
-        bytes32 duplicateUri = keccak256("content-A");
-        bytes32 uniqueUri = keccak256("content-B");
-
-        CTPost[] memory posts = new CTPost[](3);
-        posts[0] = CTPost({
-            encodedIPFSUri: duplicateUri,
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-        posts[1] = CTPost({
-            encodedIPFSUri: uniqueUri, // Different URI.
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-        posts[2] = CTPost({
-            encodedIPFSUri: duplicateUri, // Same as posts[0].
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        vm.prank(poster);
-        vm.expectRevert(abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, duplicateUri));
-        publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
-    }
-
-    // =========================================================================
-    // Test 3: Two posts with different URIs succeed
-    // =========================================================================
-    /// @notice Two posts with distinct encodedIPFSUri values should not revert
-    ///         (at least not with the duplicate error).
-    function test_distinctUrisInBatch_succeeds() public {
-        _configureCategory();
-        _setupMintMocks();
-
-        CTPost[] memory posts = new CTPost[](2);
-        posts[0] = CTPost({
-            encodedIPFSUri: keccak256("content-1"),
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-        posts[1] = CTPost({
-            encodedIPFSUri: keccak256("content-2"),
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        // Should not revert with CTPublisher_DuplicatePost.
-        // May succeed fully or revert downstream in mocks, but never with the duplicate error.
-        vm.prank(poster);
-        try publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "") {}
-        catch (bytes memory reason) {
-            // Ensure it did NOT revert with CTPublisher_DuplicatePost.
-            assertTrue(
-                keccak256(reason)
-                    != keccak256(
-                        abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, keccak256("content-1"))
-                    ),
-                "should not revert with duplicate post error for content-1"
-            );
-            assertTrue(
-                keccak256(reason)
-                    != keccak256(
-                        abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, keccak256("content-2"))
-                    ),
-                "should not revert with duplicate post error for content-2"
-            );
-        }
-    }
-
-    // =========================================================================
-    // Test 4: Single post (no duplicates possible) succeeds
-    // =========================================================================
-    /// @notice A single post should never trigger the duplicate check.
-    function test_singlePost_noDuplicateError() public {
-        _configureCategory();
-        _setupMintMocks();
-
-        CTPost[] memory posts = new CTPost[](1);
-        posts[0] = CTPost({
-            encodedIPFSUri: keccak256("sole-content"),
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        vm.prank(poster);
-        try publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "") {}
-        catch (bytes memory reason) {
-            assertTrue(
-                keccak256(reason)
-                    != keccak256(
-                        abi.encodeWithSelector(
-                            CTPublisher.CTPublisher_DuplicatePost.selector, keccak256("sole-content")
-                        )
-                    ),
-                "should not revert with duplicate post error"
-            );
-        }
-    }
-
-    // =========================================================================
-    // Test 5: Fuzz — batch of 2 posts, duplicate iff URIs match
-    // =========================================================================
-    /// @notice Fuzz test: when two URIs are equal the call must revert with
-    ///         CTPublisher_DuplicatePost; when they differ it must not.
-    function testFuzz_duplicateDetection(bytes32 uri1, bytes32 uri2) public {
-        // forge-lint: disable-next-line(unsafe-typecast)
-        vm.assume(uri1 != bytes32(""));
-        // forge-lint: disable-next-line(unsafe-typecast)
-        vm.assume(uri2 != bytes32(""));
-
-        _configureCategory();
-        _setupMintMocks();
-
-        CTPost[] memory posts = new CTPost[](2);
-        posts[0] = CTPost({
-            encodedIPFSUri: uri1,
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-        posts[1] = CTPost({
-            encodedIPFSUri: uri2,
-            totalSupply: 10,
-            price: 0.1 ether,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        if (uri1 == uri2) {
-            // Must revert with duplicate error.
-            vm.prank(poster);
-            vm.expectRevert(abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, uri1));
-            publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
-        } else {
-            // Must NOT revert with duplicate error. May still revert for other reasons
-            // (e.g. mocked terminal behavior), but not CTPublisher_DuplicatePost.
-            vm.prank(poster);
-            try publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "") {}
-            catch (bytes memory reason) {
-                assertTrue(
-                    keccak256(reason)
-                        != keccak256(abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, uri1)),
-                    "should not revert with duplicate post error for uri1"
-                );
-                assertTrue(
-                    keccak256(reason)
-                        != keccak256(abi.encodeWithSelector(CTPublisher.CTPublisher_DuplicatePost.selector, uri2)),
-                    "should not revert with duplicate post error for uri2"
-                );
-            }
-        }
-    }
-}

package/test/regression/FeeEvasion.t.sol

@@ -1,286 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-
-// forge-lint: disable-next-line(unaliased-plain-import)
-import "forge-std/Test.sol";
-
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBOwnable} from "@bananapus/ownable-v6/src/interfaces/IJBOwnable.sol";
-import {IJB721Hook} from "@bananapus/721-hook-v6/src/interfaces/IJB721Hook.sol";
-import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
-import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
-import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
-import {JB721TierFlags} from "@bananapus/721-hook-v6/src/structs/JB721TierFlags.sol";
-import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
-
-import {CTPublisher} from "../../src/CTPublisher.sol";
-import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
-import {CTPost} from "../../src/structs/CTPost.sol";
-
-/// @title H19_FeeEvasion
-/// @notice Fee evasion for existing tier mints.
-///         Before the fix, a user could set post.price = 0 for an existing tier
-///         to evade the 5% Croptop fee entirely. The fix reads the actual tier price
-///         from the store for existing tiers.
-contract H19_FeeEvasion is Test {
-    CTPublisher publisher;
-
-    IJBPermissions permissions = IJBPermissions(makeAddr("permissions"));
-    IJBDirectory directory = IJBDirectory(makeAddr("directory"));
-
-    address hookOwner = makeAddr("hookOwner");
-    address hookAddr = makeAddr("hook");
-    address hookStoreAddr = makeAddr("hookStore");
-    address terminalAddr = makeAddr("terminal");
-    address feeTerminalAddr = makeAddr("feeTerminal");
-    address poster = makeAddr("poster");
-
-    uint256 feeProjectId = 1;
-    uint256 hookProjectId = 42;
-
-    bytes32 constant TEST_URI = keccak256("existing-tier-content");
-    uint104 constant TIER_PRICE = 1 ether;
-
-    function setUp() public {
-        publisher = new CTPublisher(directory, permissions, feeProjectId, address(0));
-
-        // Mock hook.owner().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJBOwnable.owner.selector), abi.encode(hookOwner));
-        // Mock hook.PROJECT_ID().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721Hook.PROJECT_ID.selector), abi.encode(hookProjectId));
-        // Mock hook.STORE().
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.STORE.selector), abi.encode(hookStoreAddr));
-
-        // Mock isTierRemoved to return false by default (tier exists).
-        vm.mockCall(
-            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.isTierRemoved.selector), abi.encode(false)
-        );
-
-        // Mock permissions to return true by default.
-        vm.mockCall(
-            address(permissions), abi.encodeWithSelector(IJBPermissions.hasPermission.selector), abi.encode(true)
-        );
-
-        // Fund poster.
-        vm.deal(poster, 100 ether);
-    }
-
-    function _configureCategory() internal {
-        CTAllowedPost[] memory posts = new CTAllowedPost[](1);
-        posts[0] = CTAllowedPost({
-            hook: hookAddr,
-            category: 5,
-            minimumPrice: 0,
-            minimumTotalSupply: 1,
-            maximumTotalSupply: 100,
-            maximumSplitPercent: 0,
-            allowedAddresses: new address[](0)
-        });
-
-        vm.prank(hookOwner);
-        publisher.configurePostingCriteriaFor(posts);
-    }
-
-    function _setupMintMocks(uint256 maxTierId) internal {
-        vm.mockCall(
-            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.maxTierIdOf.selector), abi.encode(maxTierId)
-        );
-        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.adjustTiers.selector), abi.encode());
-        vm.mockCall(hookAddr, abi.encodeWithSelector(bytes4(keccak256("METADATA_ID_TARGET()"))), abi.encode(address(0)));
-    }
-
-    /// @notice Test that fee is still charged when post.price = 0 for an existing tier.
-    ///         Before the fix, the attacker could set post.price = 0 and pay exactly 0 ETH
-    ///         for the fee. After the fix, the actual tier price is read from the store.
-    function test_feeChargedForExistingTierEvenWithZeroPostPrice() public {
-        _configureCategory();
-
-        // First mint: create tier 1 with TIER_PRICE.
-        _setupMintMocks(0);
-
-        // Mock tierOf for tier 1 to return a tier with TIER_PRICE.
-        JB721Tier memory tier = JB721Tier({
-            id: 1,
-            price: TIER_PRICE,
-            remainingSupply: 9,
-            initialSupply: 10,
-            votingUnits: 0,
-            reserveFrequency: 0,
-            reserveBeneficiary: address(0),
-            encodedIPFSUri: TEST_URI,
-            category: 5,
-            discountPercent: 0,
-            flags: JB721TierFlags({
-                allowOwnerMint: false,
-                transfersPausable: false,
-                cantBeRemoved: false,
-                cantIncreaseDiscountPercent: false,
-                cantBuyWithCredits: false
-            }),
-            splitPercent: 0,
-            resolvedUri: ""
-        });
-        vm.mockCall(
-            hookStoreAddr,
-            abi.encodeWithSelector(IJB721TiersHookStore.tierOf.selector, hookAddr, 1, false),
-            abi.encode(tier)
-        );
-
-        // Mock terminals.
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, hookProjectId),
-            abi.encode(terminalAddr)
-        );
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, feeProjectId),
-            abi.encode(feeTerminalAddr)
-        );
-
-        // Mock terminal.pay() to succeed and record the value sent.
-        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
-        vm.mockCall(feeTerminalAddr, "", abi.encode(uint256(0)));
-
-        CTPost[] memory posts = new CTPost[](1);
-        posts[0] = CTPost({
-            encodedIPFSUri: TEST_URI,
-            totalSupply: 10,
-            price: TIER_PRICE,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        // First mint to create the tier and populate the mapping.
-        vm.prank(poster);
-        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
-
-        // Verify the mapping was set.
-        assertEq(publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI), 1, "tier ID should be stored");
-
-        // Now the attack: existing tier, but attacker sets post.price = 0.
-        // Update mocks for the second mint (maxTierId is now 1).
-        _setupMintMocks(1);
-
-        CTPost[] memory attackPosts = new CTPost[](1);
-        attackPosts[0] = CTPost({
-            encodedIPFSUri: TEST_URI,
-            totalSupply: 10,
-            price: 0, // Attacker tries to evade fee by setting price = 0.
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        // The fee is TIER_PRICE / FEE_DIVISOR = 1 ether / 20 = 0.05 ether.
-        // The project payment is TIER_PRICE - fee = 1 ether - 0.05 ether = 0.95 ether.
-        // Total required: TIER_PRICE = 1 ether (project gets 0.95 ether, fee is 0.05 ether).
-        // With the fix, the actual tier price (1 ether) is used, so the full msg.value is needed.
-
-        // Sending 0 ETH should revert because totalPrice is now the actual tier price (1 ether),
-        // not the attacker's 0.
-        vm.prank(poster);
-        vm.expectRevert();
-        publisher.mintFrom{value: 0}(IJB721TiersHook(hookAddr), attackPosts, poster, poster, "", "");
-
-        // Sending the correct amount should succeed.
-        vm.prank(poster);
-        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), attackPosts, poster, poster, "", "");
-    }
-
-    /// @notice Test that the correct fee amount is deducted for existing tier mints.
-    ///         The fee should be based on the actual tier price, not post.price.
-    function test_correctFeeDeductedForExistingTier() public {
-        _configureCategory();
-
-        // Create tier 1 with TIER_PRICE.
-        _setupMintMocks(0);
-
-        // Mock tierOf for tier 1.
-        JB721Tier memory tier = JB721Tier({
-            id: 1,
-            price: TIER_PRICE,
-            remainingSupply: 9,
-            initialSupply: 10,
-            votingUnits: 0,
-            reserveFrequency: 0,
-            reserveBeneficiary: address(0),
-            encodedIPFSUri: TEST_URI,
-            category: 5,
-            discountPercent: 0,
-            flags: JB721TierFlags({
-                allowOwnerMint: false,
-                transfersPausable: false,
-                cantBeRemoved: false,
-                cantIncreaseDiscountPercent: false,
-                cantBuyWithCredits: false
-            }),
-            splitPercent: 0,
-            resolvedUri: ""
-        });
-        vm.mockCall(
-            hookStoreAddr,
-            abi.encodeWithSelector(IJB721TiersHookStore.tierOf.selector, hookAddr, 1, false),
-            abi.encode(tier)
-        );
-
-        // Mock terminals.
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, hookProjectId),
-            abi.encode(terminalAddr)
-        );
-        vm.mockCall(
-            address(directory),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, feeProjectId),
-            abi.encode(feeTerminalAddr)
-        );
-        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
-        vm.mockCall(feeTerminalAddr, "", abi.encode(uint256(0)));
-
-        // First mint to create the tier.
-        CTPost[] memory posts = new CTPost[](1);
-        posts[0] = CTPost({
-            encodedIPFSUri: TEST_URI,
-            totalSupply: 10,
-            price: TIER_PRICE,
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        vm.prank(poster);
-        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
-
-        // Second mint with the existing tier. Even with post.price = 0, the fee
-        // should be based on the actual price (1 ether).
-        _setupMintMocks(1);
-
-        CTPost[] memory existingPosts = new CTPost[](1);
-        existingPosts[0] = CTPost({
-            encodedIPFSUri: TEST_URI,
-            totalSupply: 10,
-            price: 0, // Attacker sets price to 0.
-            category: 5,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        // Fee = 1 ether / 20 = 0.05 ether
-        // payValue = msg.value - fee = msg.value - 0.05 ether
-        // totalPrice = 1 ether (from the store, not post.price)
-        // Need: totalPrice <= payValue, i.e., 1 ether <= msg.value - 0.05 ether
-        // So msg.value >= 1.05 ether
-
-        // Sending exactly 1.05 ether should succeed.
-        vm.prank(poster);
-        publisher.mintFrom{value: 1.05 ether}(IJB721TiersHook(hookAddr), existingPosts, poster, poster, "", "");
-
-        // Sending 1.04 ether should fail (1.04 - 0.05 = 0.99 < 1 ether totalPrice).
-        vm.prank(poster);
-        vm.expectRevert();
-        publisher.mintFrom{value: 1.04 ether}(IJB721TiersHook(hookAddr), existingPosts, poster, poster, "", "");
-    }
-}