@croptop/core-v6 0.0.38 → 0.0.39

package/test/audit/DeployerPermissionBypass.t.sol

@@ -1,213 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-
-// forge-lint: disable-next-line(unaliased-plain-import)
-import "forge-std/Test.sol";
-
-import {IJB721TiersHookDeployer} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookDeployer.sol";
-import {JBDeploy721TiersHookConfig} from "@bananapus/721-hook-v6/src/structs/JBDeploy721TiersHookConfig.sol";
-import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
-import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
-import {JBPermissioned} from "@bananapus/core-v6/src/abstract/JBPermissioned.sol";
-import {IJBController} from "@bananapus/core-v6/src/interfaces/IJBController.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
-import {JBPermissions} from "@bananapus/core-v6/src/JBPermissions.sol";
-import {JBRulesetConfig} from "@bananapus/core-v6/src/structs/JBRulesetConfig.sol";
-import {JBTerminalConfig} from "@bananapus/core-v6/src/structs/JBTerminalConfig.sol";
-import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
-import {IJBSuckerRegistry} from "@bananapus/suckers-v6/src/interfaces/IJBSuckerRegistry.sol";
-import {JBSuckerDeployerConfig} from "@bananapus/suckers-v6/src/structs/JBSuckerDeployerConfig.sol";
-
-import {CTDeployer} from "../../src/CTDeployer.sol";
-import {CTPublisher} from "../../src/CTPublisher.sol";
-import {ICTPublisher} from "../../src/interfaces/ICTPublisher.sol";
-import {CTDeployerAllowedPost} from "../../src/structs/CTDeployerAllowedPost.sol";
-import {CTProjectConfig} from "../../src/structs/CTProjectConfig.sol";
-import {CTSuckerDeploymentConfig} from "../../src/structs/CTSuckerDeploymentConfig.sol";
-
-contract MockProjects {
-    uint256 public countValue;
-    address public ownerOfProject;
-
-    function setCount(uint256 count_) external {
-        countValue = count_;
-    }
-
-    function setOwner(address owner_) external {
-        ownerOfProject = owner_;
-    }
-
-    function count() external view returns (uint256) {
-        return countValue;
-    }
-
-    function ownerOf(uint256) external view returns (address) {
-        return ownerOfProject;
-    }
-
-    function transferFrom(address, address to, uint256) external {
-        ownerOfProject = to;
-    }
-}
-
-contract MockController {
-    MockProjects public immutable PROJECTS;
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    uint256 public immutable nextProjectId;
-
-    constructor(MockProjects projects_, uint256 nextProjectId_) {
-        PROJECTS = projects_;
-        nextProjectId = nextProjectId_;
-    }
-
-    function launchProjectFor(
-        address,
-        string calldata,
-        JBRulesetConfig[] calldata,
-        JBTerminalConfig[] calldata,
-        string calldata
-    )
-        external
-        view
-        returns (uint256)
-    {
-        return nextProjectId;
-    }
-}
-
-contract MockSuckerRegistry {
-    function isSuckerOf(uint256, address) external pure returns (bool) {
-        return false;
-    }
-
-    function deploySuckersFor(
-        uint256,
-        bytes32,
-        JBSuckerDeployerConfig[] calldata
-    )
-        external
-        pure
-        returns (address[] memory suckers)
-    {
-        return suckers;
-    }
-}
-
-contract PermissionedHook is JBPermissioned {
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    address public immutable ownerAccount;
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    uint256 public immutable projectId;
-    bool public adjusted;
-
-    constructor(IJBPermissions permissions, address ownerAccount_, uint256 projectId_) JBPermissioned(permissions) {
-        ownerAccount = ownerAccount_;
-        projectId = projectId_;
-    }
-
-    // forge-lint: disable-next-line(mixed-case-function)
-    function PROJECT_ID() external view returns (uint256) {
-        return projectId;
-    }
-
-    function owner() external view returns (address) {
-        return ownerAccount;
-    }
-
-    function adjustTiers(JB721TierConfig[] calldata, uint256[] calldata) external {
-        _requirePermissionFrom(ownerAccount, projectId, JBPermissionIds.ADJUST_721_TIERS);
-        adjusted = true;
-    }
-}
-
-contract MockHookDeployer {
-    IJB721TiersHook public hook;
-
-    function setHook(IJB721TiersHook hook_) external {
-        hook = hook_;
-    }
-
-    function deployHookFor(
-        uint256,
-        JBDeploy721TiersHookConfig calldata,
-        bytes32
-    )
-        external
-        view
-        returns (IJB721TiersHook)
-    {
-        return hook;
-    }
-}
-
-contract DeployerPermissionBypassTest is Test {
-    JBPermissions permissions;
-    MockProjects projects;
-    MockHookDeployer hookDeployer;
-    MockSuckerRegistry suckerRegistry;
-    MockController controller;
-    CTPublisher publisher;
-    CTDeployer deployer;
-    PermissionedHook hook;
-
-    address owner = makeAddr("owner");
-
-    function setUp() public {
-        permissions = new JBPermissions(address(0));
-        projects = new MockProjects();
-        projects.setCount(5);
-        hookDeployer = new MockHookDeployer();
-        suckerRegistry = new MockSuckerRegistry();
-        publisher = new CTPublisher(IJBDirectory(makeAddr("directory")), permissions, 1, address(0));
-        deployer = new CTDeployer(
-            permissions,
-            IJBProjects(address(projects)),
-            IJB721TiersHookDeployer(address(hookDeployer)),
-            ICTPublisher(address(publisher)),
-            IJBSuckerRegistry(address(suckerRegistry)),
-            address(0)
-        );
-        hook = new PermissionedHook(permissions, address(deployer), 6);
-        hookDeployer.setHook(IJB721TiersHook(address(hook)));
-        controller = new MockController(projects, 6);
-    }
-
-    function test_projectOwnerCanBypassCroptopAndCallHookDirectlyAfterDeployment() public {
-        CTDeployerAllowedPost[] memory allowedPosts = new CTDeployerAllowedPost[](1);
-        allowedPosts[0] = CTDeployerAllowedPost({
-            category: 1,
-            minimumPrice: 1 ether,
-            minimumTotalSupply: 10,
-            maximumTotalSupply: 10,
-            maximumSplitPercent: 0,
-            allowedAddresses: new address[](0)
-        });
-
-        CTProjectConfig memory config = CTProjectConfig({
-            terminalConfigurations: new JBTerminalConfig[](0),
-            projectUri: "ipfs://project",
-            allowedPosts: allowedPosts,
-            contractUri: "ipfs://contract",
-            name: "Croptop",
-            symbol: "CT",
-            salt: bytes32(0)
-        });
-
-        CTSuckerDeploymentConfig memory suckerConfig =
-            CTSuckerDeploymentConfig({deployerConfigurations: new JBSuckerDeployerConfig[](0), salt: bytes32(0)});
-
-        deployer.deployProjectFor(owner, config, suckerConfig, IJBController(address(controller)));
-
-        assertEq(projects.ownerOf(6), owner, "deployment should hand the project NFT to the owner");
-
-        JB721TierConfig[] memory arbitraryTiers = new JB721TierConfig[](0);
-        uint256[] memory removals = new uint256[](0);
-
-        vm.prank(owner);
-        PermissionedHook(address(hook)).adjustTiers(arbitraryTiers, removals);
-
-        assertTrue(hook.adjusted(), "project owner can mutate the hook without going through Croptop");
-    }
-}

package/test/audit/EmptyPostFeeBypass.t.sol

@@ -1,53 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-
-// forge-lint: disable-next-line(unaliased-plain-import)
-import "forge-std/Test.sol";
-
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
-
-import {CTPublisher} from "../../src/CTPublisher.sol";
-import {CTPost} from "../../src/structs/CTPost.sol";
-
-/// @title M24_EmptyPostFeeBypass
-/// @notice Verifies that calling mintFrom with an empty posts array reverts,
-///         preventing fee-free metadata shadowing via additionalPayMetadata.
-contract M24_EmptyPostFeeBypass is Test {
-    CTPublisher publisher;
-
-    IJBPermissions permissions = IJBPermissions(makeAddr("permissions"));
-    IJBDirectory directory = IJBDirectory(makeAddr("directory"));
-    address hookAddr = makeAddr("hook");
-    address poster = makeAddr("poster");
-
-    uint256 feeProjectId = 1;
-
-    function setUp() public {
-        publisher = new CTPublisher(directory, permissions, feeProjectId, address(0));
-        vm.deal(poster, 10 ether);
-    }
-
-    /// @notice mintFrom with empty posts should revert with CTPublisher_NoPosts.
-    function test_revert_emptyPostsArray() public {
-        CTPost[] memory emptyPosts = new CTPost[](0);
-
-        vm.prank(poster);
-        vm.expectRevert(CTPublisher.CTPublisher_NoPosts.selector);
-        publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), emptyPosts, poster, poster, "", "");
-    }
-
-    /// @notice mintFrom with empty posts and crafted additionalPayMetadata should still revert.
-    function test_revert_emptyPostsWithMetadata() public {
-        CTPost[] memory emptyPosts = new CTPost[](0);
-
-        // Attacker preloads additionalPayMetadata with hook mint metadata.
-        bytes memory craftedMetadata =
-            abi.encodePacked(bytes32(uint256(1)), bytes4(0xdeadbeef), uint256(32), uint256(1));
-
-        vm.prank(poster);
-        vm.expectRevert(CTPublisher.CTPublisher_NoPosts.selector);
-        publisher.mintFrom{value: 1 ether}(IJB721TiersHook(hookAddr), emptyPosts, poster, poster, craftedMetadata, "");
-    }
-}

package/test/audit/FeeBeneficiaryReentrancy.t.sol

@@ -1,247 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-
-// forge-lint: disable-next-line(unaliased-plain-import)
-import "forge-std/Test.sol";
-
-import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
-import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
-import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
-import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
-import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
-import {JBPermissionsData} from "@bananapus/core-v6/src/structs/JBPermissionsData.sol";
-import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
-
-import {CTPublisher} from "../../src/CTPublisher.sol";
-import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
-import {CTPost} from "../../src/structs/CTPost.sol";
-
-contract MockPermissions is IJBPermissions {
-    // forge-lint: disable-next-line(mixed-case-function)
-    function WILDCARD_PROJECT_ID() external pure returns (uint256) {
-        return 0;
-    }
-
-    function permissionsOf(address, address, uint256) external pure returns (uint256) {
-        return 0;
-    }
-
-    function hasPermission(address, address, uint256, uint256, bool, bool) external pure returns (bool) {
-        return true;
-    }
-
-    function hasPermissions(address, address, uint256, uint256[] calldata, bool, bool) external pure returns (bool) {
-        return true;
-    }
-
-    function setPermissionsFor(address, JBPermissionsData calldata) external {}
-}
-
-contract MockStore {
-    function maxTierIdOf(address) external pure returns (uint256) {
-        return 0;
-    }
-
-    function isTierRemoved(address, uint256) external pure returns (bool) {
-        return false;
-    }
-
-    function tierOf(address, uint256, bool) external pure returns (JB721Tier memory tier) {
-        return tier;
-    }
-
-    // Accept direct ether transfers (required alongside payable fallback to silence compiler warning 3628).
-    receive() external payable {}
-
-    fallback() external payable {}
-}
-
-contract MockHook {
-    uint256 public immutable PROJECT_ID;
-    IJB721TiersHookStore public immutable STORE;
-    address public immutable OWNER;
-
-    constructor(uint256 projectId, IJB721TiersHookStore store_, address owner_) {
-        PROJECT_ID = projectId;
-        STORE = store_;
-        OWNER = owner_;
-    }
-
-    function adjustTiers(JB721TierConfig[] calldata, uint256[] calldata) external {}
-
-    function METADATA_ID_TARGET() external view returns (address) {
-        return address(this);
-    }
-
-    function owner() external view returns (address) {
-        return OWNER;
-    }
-
-    // Accept direct ether transfers (required alongside payable fallback to silence compiler warning 3628).
-    receive() external payable {}
-
-    fallback() external payable {}
-}
-
-contract MockDirectory {
-    address public projectTerminal;
-    address public feeTerminal;
-
-    function setTerminals(address projectTerminal_, address feeTerminal_) external {
-        projectTerminal = projectTerminal_;
-        feeTerminal = feeTerminal_;
-    }
-
-    function primaryTerminalOf(uint256 projectId, address) external view returns (IJBTerminal) {
-        return IJBTerminal(projectId == 1 ? feeTerminal : projectTerminal);
-    }
-
-    // Accept direct ether transfers (required alongside payable fallback to silence compiler warning 3628).
-    receive() external payable {}
-
-    fallback() external payable {}
-}
-
-contract FeeTerminalRecorder {
-    uint256 public callCount;
-    uint256 public totalReceived;
-    address public lastBeneficiary;
-    uint256 public lastAmount;
-
-    function pay(
-        uint256,
-        address,
-        uint256 amount,
-        address beneficiary,
-        uint256,
-        string calldata,
-        bytes calldata
-    )
-        external
-        payable
-        returns (uint256)
-    {
-        callCount++;
-        totalReceived += msg.value;
-        lastBeneficiary = beneficiary;
-        lastAmount = amount;
-        return 0;
-    }
-
-    // Accept direct ether transfers (required alongside payable fallback to silence compiler warning 3628).
-    receive() external payable {}
-
-    fallback() external payable {}
-}
-
-contract ReentrantProjectTerminal {
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    CTPublisher public immutable publisher;
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    IJB721TiersHook public immutable hook;
-    // forge-lint: disable-next-line(screaming-snake-case-immutable)
-    address public immutable attackerFeeBeneficiary;
-    bool internal entered;
-
-    constructor(CTPublisher publisher_, IJB721TiersHook hook_, address attackerFeeBeneficiary_) {
-        publisher = publisher_;
-        hook = hook_;
-        attackerFeeBeneficiary = attackerFeeBeneficiary_;
-    }
-
-    function pay(
-        uint256,
-        address,
-        uint256,
-        address,
-        uint256,
-        string calldata,
-        bytes calldata
-    )
-        external
-        payable
-        returns (uint256)
-    {
-        if (!entered) {
-            entered = true;
-
-            CTPost[] memory posts = new CTPost[](1);
-            posts[0] = CTPost({
-                encodedIPFSUri: keccak256("inner"),
-                totalSupply: 1,
-                price: 20,
-                category: 1,
-                splitPercent: 0,
-                splits: new JBSplit[](0)
-            });
-
-            publisher.mintFrom{value: 21}(hook, posts, address(this), attackerFeeBeneficiary, bytes(""), bytes(""));
-        }
-
-        return 0;
-    }
-
-    receive() external payable {}
-}
-
-contract FeeBeneficiaryReentrancyTest is Test {
-    MockPermissions permissions;
-    MockDirectory directory;
-    MockStore store;
-    MockHook hook;
-    FeeTerminalRecorder feeTerminal;
-    ReentrantProjectTerminal projectTerminal;
-    CTPublisher publisher;
-
-    address victimFeeBeneficiary = makeAddr("victimFeeBeneficiary");
-    address attackerFeeBeneficiary = makeAddr("attackerFeeBeneficiary");
-
-    function setUp() public {
-        permissions = new MockPermissions();
-        directory = new MockDirectory();
-        store = new MockStore();
-        hook = new MockHook(2, IJB721TiersHookStore(address(store)), address(this));
-        publisher = new CTPublisher(IJBDirectory(address(directory)), permissions, 1, address(0));
-        feeTerminal = new FeeTerminalRecorder();
-        projectTerminal =
-            new ReentrantProjectTerminal(publisher, IJB721TiersHook(address(hook)), attackerFeeBeneficiary);
-        directory.setTerminals(address(projectTerminal), address(feeTerminal));
-
-        CTAllowedPost[] memory allowedPosts = new CTAllowedPost[](1);
-        allowedPosts[0] = CTAllowedPost({
-            hook: address(hook),
-            category: 1,
-            minimumPrice: 1,
-            minimumTotalSupply: 1,
-            maximumTotalSupply: type(uint32).max,
-            maximumSplitPercent: 0,
-            allowedAddresses: new address[](0)
-        });
-        publisher.configurePostingCriteriaFor(allowedPosts);
-    }
-
-    function test_reentrantInnerCallCannotStealOuterFee() public {
-        CTPost[] memory posts = new CTPost[](1);
-        posts[0] = CTPost({
-            encodedIPFSUri: keccak256("outer"),
-            totalSupply: 1,
-            price: 100,
-            category: 1,
-            splitPercent: 0,
-            splits: new JBSplit[](0)
-        });
-
-        publisher.mintFrom{value: 105}(
-            IJB721TiersHook(address(hook)), posts, address(this), victimFeeBeneficiary, bytes(""), bytes("")
-        );
-
-        // With the fix, fee amounts are pinned before external calls, so both inner and outer fees
-        // are paid separately with correct beneficiaries.
-        assertEq(feeTerminal.callCount(), 2, "both inner and outer fee payments should execute");
-        assertEq(feeTerminal.totalReceived(), 6, "total fees should be inner(1) + outer(5) = 6");
-        assertEq(feeTerminal.lastBeneficiary(), victimFeeBeneficiary, "outer fee should go to victim beneficiary");
-        assertEq(address(publisher).balance, 0, "publisher balance should be empty after both fee payments");
-    }
-}