@croptop/core-v6 0.0.6 → 0.0.7

package/README.md

@@ -1,45 +1,137 @@
-# croptop-core-v5
+# Croptop Core
 
-Permissioned NFT publishing for Juicebox projects -- anyone can post content as NFT tiers to a project's 721 hook, provided the posts meet criteria set by the project owner.
+Permissioned NFT publishing for Juicebox projects -- anyone can post content as NFT tiers to a project's 721 hook, provided the posts meet criteria set by the project owner. A 5% fee is routed to a designated fee project on each mint.
+
+[Docs](https://docs.juicebox.money) | [Discord](https://discord.gg/juicebox) | [Croptop](https://croptop.eth.limo)
+
+## Conceptual Overview
+
+Croptop turns any Juicebox project with a 721 tiers hook into a permissioned content marketplace. Project owners define posting criteria -- minimum price, supply bounds, address allowlists -- and anyone who meets those criteria can publish new NFT tiers on the project. The poster's content becomes a mintable NFT tier, and the first copy is minted to them automatically.
+
+### How It Works
+
+```
+1. Project owner configures posting criteria per category
+   → configurePostingCriteriaFor(allowedPosts)
+   → Sets min price, supply bounds, max split %, address allowlist
+   |
+2. Anyone posts content that meets the criteria
+   → mintFrom(hook, posts, nftBeneficiary, feeBeneficiary, ...)
+   → Validates each post against category rules
+   → Creates new 721 tiers on the hook (or reuses existing ones)
+   → Mints first copy of each tier to the poster
+   |
+3. Payment routing
+   → 5% fee (totalPrice / FEE_DIVISOR) sent to fee project
+   → Remainder paid into the project's primary terminal
+   |
+4. Anyone can mint additional copies
+   → Standard 721 tier minting via the project's hook
+```
+
+### One-Click Deployment
+
+`CTDeployer` creates a complete Juicebox project + 721 hook + posting criteria in a single transaction. It also:
+- Acts as a data hook proxy, forwarding pay/cash-out calls to the underlying 721 hook
+- Grants fee-free cash outs to cross-chain suckers
+- Optionally deploys suckers for omnichain support
+
+### Burn-Lock Ownership
+
+`CTProjectOwner` provides an ownership burn-lock pattern. Transferring a project's NFT to this contract permanently locks ownership while granting `CTPublisher` tier-adjustment permissions -- making the project's configuration immutable except through Croptop posts.
 
 ## Architecture
 
 | Contract | Description |
 |----------|-------------|
-| `CTPublisher` | Core publishing engine. Validates posts against owner-configured allowances (min price, supply bounds, address allowlists), creates new 721 tiers on the hook, mints the first copy to the poster, and routes a 5% fee to a designated fee project. |
-| `CTDeployer` | One-click project factory. Deploys a Juicebox project with a 721 tiers hook pre-wired, configures posting criteria via `CTPublisher`, optionally deploys cross-chain suckers, and acts as a `IJBRulesetDataHook` proxy that forwards pay/cash-out calls to the underlying hook while granting fee-free cash outs to suckers. |
+| `CTPublisher` | Core publishing engine. Validates posts against owner-configured allowances (min price, supply bounds, address allowlists, max split percent), creates new 721 tiers on the hook, mints the first copy to the poster, and routes a 5% fee to a designated fee project. Inherits `JBPermissioned` and `ERC2771Context`. |
+| `CTDeployer` | One-click project factory. Deploys a Juicebox project with a 721 tiers hook pre-wired, configures posting criteria via `CTPublisher`, optionally deploys cross-chain suckers, and acts as an `IJBRulesetDataHook` proxy that forwards pay/cash-out calls to the underlying hook while granting fee-free cash outs to suckers. |
 | `CTProjectOwner` | Burn-lock ownership helper. Receives a project's ERC-721 ownership token and automatically grants `CTPublisher` the `ADJUST_721_TIERS` permission, effectively making the project's tier configuration immutable except through Croptop posts. |
 
 ### Structs
 
 | Struct | Purpose |
 |--------|---------|
-| `CTAllowedPost` | Full posting criteria including hook address, category, price/supply bounds, and address allowlist. |
+| `CTAllowedPost` | Full posting criteria: hook address, category, price/supply bounds, max split percent, and address allowlist. |
 | `CTDeployerAllowedPost` | Same as `CTAllowedPost` but without the hook address (inferred during deployment). |
-| `CTPost` | A post to publish: encoded IPFS URI, total supply, price, and category. |
-| `CTProjectConfig` | Project deployment configuration: terminals, metadata URIs, allowed posts, collection name/symbol, and salt. |
+| `CTPost` | A post to publish: encoded IPFS URI, total supply, price, category, split percent, and splits. |
+| `CTProjectConfig` | Project deployment configuration: terminals, metadata URIs, allowed posts, collection name/symbol, and deterministic salt. |
 | `CTSuckerDeploymentConfig` | Cross-chain sucker deployment: deployer configurations and deterministic salt. |
 
+### Interfaces
+
+| Interface | Description |
+|-----------|-------------|
+| `ICTPublisher` | Publishing engine: `mintFrom`, `configurePostingCriteriaFor`, `allowanceFor`, `tiersFor`, plus events. |
+| `ICTDeployer` | Factory: `deployProjectFor`, `claimCollectionOwnershipOf`, `deploySuckersFor`. |
+| `ICTProjectOwner` | Burn-lock: `onERC721Received` (IERC721Receiver). |
+
 ## Install
 
 ```bash
-npm install @croptop/core-v5
+npm install @croptop/core-v6
 ```
 
-## Develop
-
-`croptop-core-v5` uses [npm](https://www.npmjs.com/) for package management and [Foundry](https://github.com/foundry-rs/foundry) for builds, tests, and deployments.
+If using Forge directly:
 
 ```bash
-curl -L https://foundry.paradigm.xyz | sh
-npm install && forge install
+forge install
 ```
 
+## Develop
+
 | Command | Description |
 |---------|-------------|
-| `forge build` | Compile contracts and write artifacts to `out`. |
-| `forge test` | Run the test suite. |
-| `forge fmt` | Lint Solidity files. |
-| `forge build --sizes` | Get contract sizes. |
-| `forge coverage` | Generate a test coverage report. |
-| `forge clean` | Remove build artifacts and cache. |
+| `forge build` | Compile contracts |
+| `forge test` | Run all tests (4 test files covering publishing, attacks, fork integration, metadata) |
+| `forge test -vvv` | Run tests with full trace |
+
+## Repository Layout
+
+```
+src/
+  CTPublisher.sol                        # Core publishing engine (~540 lines)
+  CTDeployer.sol                         # Project factory + data hook proxy (~425 lines)
+  CTProjectOwner.sol                     # Burn-lock ownership helper (~79 lines)
+  interfaces/
+    ICTPublisher.sol                     # Publisher interface + events
+    ICTDeployer.sol                      # Factory interface
+    ICTProjectOwner.sol                  # Burn-lock interface
+  structs/
+    CTAllowedPost.sol                    # Posting criteria with hook address
+    CTDeployerAllowedPost.sol            # Posting criteria without hook (for deployment)
+    CTPost.sol                           # Post data: IPFS URI, supply, price, category
+    CTProjectConfig.sol                  # Full project deployment config
+    CTSuckerDeploymentConfig.sol         # Cross-chain sucker config
+test/
+  CTPublisher.t.sol                      # Unit tests (~672 lines, ~22 cases)
+  CroptopAttacks.t.sol                   # Security/adversarial tests (~440 lines, ~12 cases)
+  Fork.t.sol                             # Mainnet fork integration tests
+  Test_MetadataGeneration.t.sol          # JBMetadataResolver roundtrip tests
+script/
+  Deploy.s.sol                           # Sphinx multi-chain deployment
+  ConfigureFeeProject.s.sol              # Fee project configuration
+  helpers/
+    CroptopDeploymentLib.sol             # Deployment artifact reader
+```
+
+## Permissions
+
+| Permission | Required For |
+|------------|-------------|
+| `ADJUST_721_TIERS` | `configurePostingCriteriaFor` -- set posting criteria on a hook (from hook owner) |
+| `DEPLOY_SUCKERS` | `deploySuckersFor` -- deploy cross-chain suckers for an existing project |
+
+`CTDeployer` grants the following to the project owner during deployment:
+- `ADJUST_721_TIERS` -- modify tiers directly
+- `SET_721_METADATA` -- update collection metadata
+- `MINT_721` -- mint NFTs directly
+- `SET_721_DISCOUNT_PERCENT` -- adjust discount rates
+
+## Risks
+
+- **Sucker registry compromise:** `CTDeployer.beforeCashOutRecordedWith` checks `SUCKER_REGISTRY.isSuckerOf` to grant fee-free cash outs. If the sucker registry is compromised, any address could cash out without tax.
+- **Fee skipping:** When `projectId == FEE_PROJECT_ID`, no fee is collected. This is intentional but means the fee project itself never pays Croptop fees.
+- **Allowlist scaling:** `_isAllowed()` uses linear scan over the address allowlist. Large allowlists (100+ addresses) increase gas costs proportionally.
+- **Tier reuse via IPFS URI:** If the same encoded IPFS URI has already been minted, the existing tier is reused rather than creating a new one. This prevents duplicate content but means a poster cannot create a second tier with the same content.
+- **Exact payment edge case:** `mintFrom` sends the remaining contract balance as the fee payment after the main payment. If exactly the right amount is sent (no remainder), the fee transfer is skipped.

package/SKILLS.md

@@ -1,62 +1,134 @@
-# croptop-core-v5
+# Croptop Core
 
 ## Purpose
 
-Permissioned NFT publishing system that lets anyone post content as 721 tiers to a Juicebox project, subject to owner-defined criteria for price, supply, and poster identity.
+Permissioned NFT publishing system that lets anyone post content as 721 tiers to a Juicebox project, subject to owner-defined criteria for price, supply, split percentages, and poster identity. Routes a 5% fee on each mint to a designated fee project.
 
 ## Contracts
 
 | Contract | Role |
 |----------|------|
-| `CTPublisher` | Validates posts against allowances, creates 721 tiers, mints first copies, and routes fees. |
-| `CTDeployer` | Factory that deploys a Juicebox project + 721 hook + posting criteria in one transaction. Also acts as a data hook proxy. |
-| `CTProjectOwner` | Receives project ownership and grants the publisher tier-adjustment permissions permanently. |
+| `CTPublisher` | Core publishing engine. Validates posts against bit-packed allowances, creates 721 tiers on hooks, mints first copies to posters, and routes fees. Inherits `JBPermissioned`, `ERC2771Context`. |
+| `CTDeployer` | Factory that deploys a Juicebox project + 721 hook + posting criteria in one transaction. Also acts as `IJBRulesetDataHook` proxy that forwards pay/cash-out calls to the underlying hook while granting fee-free cash outs to suckers. |
+| `CTProjectOwner` | Receives project ownership NFT and grants `CTPublisher` the `ADJUST_721_TIERS` permission permanently. Locks ownership while keeping posting enabled. |
 
 ## Key Functions
 
-| Function | Contract | What it does |
-|----------|----------|--------------|
-| `mintFrom` | `CTPublisher` | Publishes posts as new 721 tiers, mints first copies to `nftBeneficiary`, deducts a 5% fee (1/`FEE_DIVISOR`) routed to `FEE_PROJECT_ID`, and pays the remainder into the project terminal. |
-| `configurePostingCriteriaFor` | `CTPublisher` | Sets per-category posting rules (min price, min/max supply, address allowlist) for a given hook. Requires `ADJUST_721_TIERS` permission from the hook owner. |
-| `allowanceFor` | `CTPublisher` | Reads the packed allowance for a hook+category: minimum price (104 bits), min supply (32 bits), max supply (32 bits), plus the address allowlist. |
-| `tiersFor` | `CTPublisher` | Resolves an array of encoded IPFS URIs to their corresponding `JB721Tier` structs via the stored `tierIdForEncodedIPFSUriOf` mapping. |
-| `deployProjectFor` | `CTDeployer` | Deploys a new Juicebox project with a 721 tiers hook, configures posting criteria, optionally deploys suckers, and transfers project ownership to the specified owner. |
-| `claimCollectionOwnershipOf` | `CTDeployer` | Transfers hook ownership to the project (via `JBOwnable.transferOwnershipToProject`). Only callable by the project owner. |
-| `deploySuckersFor` | `CTDeployer` | Deploys new cross-chain suckers for an existing project. Requires `DEPLOY_SUCKERS` permission. |
-| `beforePayRecordedWith` | `CTDeployer` | Data hook proxy: forwards pay context to the stored `dataHookOf[projectId]`. |
-| `beforeCashOutRecordedWith` | `CTDeployer` | Data hook proxy: returns zero tax rate for sucker addresses (fee-free cross-chain cash outs), otherwise forwards to the stored data hook. |
-| `onERC721Received` | `CTProjectOwner` | On receiving the project NFT, grants `CTPublisher` the `ADJUST_721_TIERS` permission for that project. |
+### Publishing
+
+| Function | What it does |
+|----------|-------------|
+| `CTPublisher.mintFrom(hook, posts, nftBeneficiary, feeBeneficiary, additionalPayMetadata, feeMetadata)` | Publishes posts as new 721 tiers, mints first copies to `nftBeneficiary`, deducts a 5% fee (`totalPrice / FEE_DIVISOR`) routed to `FEE_PROJECT_ID`, and pays the remainder into the project's primary terminal. Reuses existing tiers if the IPFS URI was already minted. |
+| `CTPublisher.configurePostingCriteriaFor(allowedPosts)` | Sets per-category posting rules (min price, min/max supply, max split percent, address allowlist) for a given hook. Requires `ADJUST_721_TIERS` permission from the hook owner. |
+
+### Views
+
+| Function | What it does |
+|----------|-------------|
+| `CTPublisher.allowanceFor(hook, category)` | Returns the posting criteria for a hook/category: minimum price (uint104), min supply (uint32), max supply (uint32), max split percent (uint32), plus the address allowlist. Reads from bit-packed storage. |
+| `CTPublisher.tiersFor(hook, encodedIPFSUris)` | Resolves an array of encoded IPFS URIs to their corresponding `JB721Tier` structs via the stored `tierIdForEncodedIPFSUriOf` mapping. |
+
+### Project Deployment
+
+| Function | What it does |
+|----------|-------------|
+| `CTDeployer.deployProjectFor(owner, projectConfig, suckerDeploymentConfiguration, controller)` | Deploys a new Juicebox project with a 721 tiers hook, configures posting criteria, optionally deploys suckers, and transfers project ownership to the specified owner. Uses `CTDeployer` as data hook proxy. Returns `(projectId, hook)`. |
+| `CTDeployer.claimCollectionOwnershipOf(hook)` | Transfers hook ownership to the project via `JBOwnable.transferOwnershipToProject`. Only callable by the project owner. |
+| `CTDeployer.deploySuckersFor(projectId, suckerDeploymentConfiguration)` | Deploys new cross-chain suckers for an existing project. Requires `DEPLOY_SUCKERS` permission. |
+
+### Data Hook Proxy
+
+| Function | What it does |
+|----------|-------------|
+| `CTDeployer.beforePayRecordedWith(context)` | Forwards pay context to the stored `dataHookOf[projectId]` (typically the 721 tiers hook). |
+| `CTDeployer.beforeCashOutRecordedWith(context)` | Returns zero tax rate for sucker addresses (fee-free cross-chain cash outs). Otherwise forwards to the stored data hook. |
+| `CTDeployer.hasMintPermissionFor(projectId, ruleset, addr)` | Returns `true` if `addr` is a sucker for the project. |
+
+### Burn-Lock Ownership
+
+| Function | What it does |
+|----------|-------------|
+| `CTProjectOwner.onERC721Received(operator, from, tokenId, data)` | On receiving the project NFT, grants `CTPublisher` the `ADJUST_721_TIERS` permission for that project. Only accepts mints from `PROJECTS` (rejects direct transfers). |
 
 ## Integration Points
 
 | Dependency | Import | Used For |
 |------------|--------|----------|
-| `@bananapus/core-v6` | `IJBDirectory`, `IJBPermissions`, `IJBTerminal`, `IJBProjects`, `IJBController` | Project lookup, permission enforcement, payment routing, project creation. |
-| `@bananapus/721-hook-v6` | `IJB721TiersHook`, `IJB721TiersHookDeployer`, `JB721TierConfig`, `JB721Tier` | Tier creation/adjustment, hook deployment, tier data resolution. |
-| `@bananapus/ownable-v6` | `JBOwnable` | Ownership checks and transfers for hooks. |
-| `@bananapus/suckers-v6` | `IJBSuckerRegistry`, `JBSuckerDeployerConfig` | Cross-chain sucker deployment and fee-free cash-out detection. |
-| `@bananapus/permission-ids-v6` | `JBPermissionIds` | Permission ID constants (`ADJUST_721_TIERS`, `DEPLOY_SUCKERS`, `MAP_SUCKER_TOKEN`, etc.). |
-| `@openzeppelin/contracts` | `ERC2771Context`, `IERC721Receiver` | Meta-transaction support, safe project NFT receipt. |
+| `@bananapus/core-v6` | `IJBDirectory`, `IJBPermissions`, `IJBTerminal`, `IJBProjects`, `IJBController`, `JBConstants`, `JBMetadataResolver` | Project lookup, permission enforcement, payment routing, project creation, metadata encoding |
+| `@bananapus/721-hook-v6` | `IJB721TiersHook`, `IJB721TiersHookDeployer`, `JB721TierConfig`, `JB721Tier` | Tier creation/adjustment, hook deployment, tier data resolution |
+| `@bananapus/ownable-v6` | `JBOwnable` | Ownership checks and transfers for hooks |
+| `@bananapus/suckers-v6` | `IJBSuckerRegistry`, `JBSuckerDeployerConfig` | Cross-chain sucker deployment and fee-free cash-out detection |
+| `@bananapus/permission-ids-v6` | `JBPermissionIds` | Permission ID constants (`ADJUST_721_TIERS`, `DEPLOY_SUCKERS`, `MAP_SUCKER_TOKEN`, etc.) |
+| `@openzeppelin/contracts` | `ERC2771Context`, `IERC721Receiver` | Meta-transaction support, safe project NFT receipt |
 
 ## Key Types
 
-| Struct/Enum | Key Fields | Used In |
-|-------------|------------|---------|
-| `CTAllowedPost` | `hook`, `category`, `minimumPrice` (uint104), `minimumTotalSupply` (uint32), `maximumTotalSupply` (uint32), `allowedAddresses` | `CTPublisher.configurePostingCriteriaFor` |
-| `CTPost` | `encodedIPFSUri` (bytes32), `totalSupply` (uint32), `price` (uint104), `category` (uint24) | `CTPublisher.mintFrom` |
-| `CTProjectConfig` | `terminalConfigurations`, `projectUri`, `allowedPosts`, `contractUri`, `name`, `symbol`, `salt` | `CTDeployer.deployProjectFor` |
-| `CTDeployerAllowedPost` | `category`, `minimumPrice`, `minimumTotalSupply`, `maximumTotalSupply`, `allowedAddresses` | `CTProjectConfig.allowedPosts` |
-| `CTSuckerDeploymentConfig` | `deployerConfigurations`, `salt` | `CTDeployer.deployProjectFor`, `CTDeployer.deploySuckersFor` |
+| Struct | Key Fields | Used In |
+|--------|------------|---------|
+| `CTAllowedPost` | `hook`, `category` (uint24), `minimumPrice` (uint104), `minimumTotalSupply` (uint32), `maximumTotalSupply` (uint32), `maximumSplitPercent` (uint32), `allowedAddresses[]` | `configurePostingCriteriaFor` |
+| `CTPost` | `encodedIPFSUri` (bytes32), `totalSupply` (uint32), `price` (uint104), `category` (uint24), `splitPercent` (uint32), `splits[]` (JBSplit[]) | `mintFrom` |
+| `CTProjectConfig` | `terminalConfigurations`, `projectUri`, `allowedPosts` (CTDeployerAllowedPost[]), `contractUri`, `name`, `symbol`, `salt` | `deployProjectFor` |
+| `CTDeployerAllowedPost` | Same as `CTAllowedPost` minus `hook` (inferred during deployment) | `CTProjectConfig.allowedPosts` |
+| `CTSuckerDeploymentConfig` | `deployerConfigurations` (JBSuckerDeployerConfig[]), `salt` | `deployProjectFor`, `deploySuckersFor` |
+
+## Events
+
+| Event | When |
+|-------|------|
+| `ConfigurePostingCriteria(hook, allowedPost, caller)` | Posting criteria set or updated for a hook/category |
+| `Mint(projectId, hook, nftBeneficiary, feeBeneficiary, posts, postValue, txValue, caller)` | Posts published and first copies minted |
+
+## Errors
+
+| Error | When |
+|-------|------|
+| `CTPublisher_EmptyEncodedIPFSUri` | Post has `encodedIPFSUri == bytes32(0)` |
+| `CTPublisher_InsufficientEthSent` | `totalPrice + fee > msg.value` |
+| `CTPublisher_MaxTotalSupplyLessThanMin` | `minimumTotalSupply > maximumTotalSupply` in config |
+| `CTPublisher_NotInAllowList` | Caller not in allowlist (when allowlist is non-empty) |
+| `CTPublisher_PriceTooSmall` | Post price below `minimumPrice` |
+| `CTPublisher_SplitPercentExceedsMaximum` | Post `splitPercent > maximumSplitPercent` |
+| `CTPublisher_TotalSupplyTooSmall` | Post `totalSupply < minimumTotalSupply` |
+| `CTPublisher_TotalSupplyTooBig` | Post `totalSupply > maximumTotalSupply` (when max > 0) |
+| `CTPublisher_UnauthorizedToPostInCategory` | Category unconfigured (`minSupply == 0`) |
+| `CTPublisher_ZeroTotalSupply` | `configurePostingCriteriaFor` with `minimumTotalSupply == 0` |
+| `CTDeployer_NotOwnerOfProject` | `claimCollectionOwnershipOf` called by non-owner |
+
+## Constants
+
+| Constant | Value | Purpose |
+|----------|-------|---------|
+| `FEE_DIVISOR` | 20 | 5% fee: `totalPrice / 20` |
+| `FEE_PROJECT_ID` | immutable | Fees routed to this project. Fee skipped when `projectId == FEE_PROJECT_ID` |
+
+## Storage
+
+| Mapping | Type | Purpose |
+|---------|------|---------|
+| `tierIdForEncodedIPFSUriOf` | `hook => encodedIPFSUri => uint256` | Maps IPFS URI to existing tier ID (prevents duplicates) |
+| `_packedAllowanceFor` | `hook => category => uint256` | Bit-packed allowance: price (0-103), minSupply (104-135), maxSupply (136-167), maxSplitPercent (168-199) |
+| `_allowedAddresses` | `hook => category => address[]` | Per-category address allowlist |
+| `dataHookOf` | `projectId => IJBRulesetDataHook` | Stores original data hook (CTDeployer proxy pattern) |
 
 ## Gotchas
 
-- The `FEE_DIVISOR` is 20 (5% fee), not a percentage. Fee = `totalPrice / 20`. The fee is skipped when `projectId == FEE_PROJECT_ID`.
-- Allowances are bit-packed into a single `uint256`: price in bits 0-103, min supply in 104-135, max supply in 136-167. Reading with wrong bit widths will silently return wrong values.
-- `CTDeployer` owns the project NFT temporarily during deployment (to configure permissions and hooks) then transfers it to the specified `owner`. If the transfer reverts, the entire deployment fails.
-- `CTDeployer.beforeCashOutRecordedWith` checks `SUCKER_REGISTRY.isSuckerOf` to grant fee-free cash outs. If the sucker registry is compromised, any address could cash out without tax.
-- `CTProjectOwner.onERC721Received` only accepts tokens from `PROJECTS` and only from `address(0)` (mints). In `CTDeployer`, it accepts mints only. Sending a project NFT via transfer to `CTProjectOwner` works, but to `CTDeployer` it does not (reverts if `from != address(0)`).
-- `_setupPosts` resizes `tiersToAdd` via inline assembly if some posts reuse existing tiers. The `tierIdsToMint` array is NOT resized and may contain zeros for pre-existing tiers that were already minted in prior calls.
-- The `mintFrom` function sends `address(this).balance` as the fee payment after the main payment. If no ETH remains (e.g., exact payment), the fee transfer is skipped entirely.
+1. **Bit-packed allowances.** Allowances are packed into a single `uint256`: price in bits 0-103, min supply in 104-135, max supply in 136-167, max split percent in 168-199. Reading with wrong bit widths silently returns wrong values.
+2. **Fee is 1/20, not a percentage.** `FEE_DIVISOR = 20` means fee = `totalPrice / 20` = 5%. Integer division truncates (rounding down favors payer).
+3. **Fee skipped for fee project.** When `projectId == FEE_PROJECT_ID`, no fee is deducted. This prevents self-referential fee loops.
+4. **Fee payment uses contract balance.** After the main payment, `mintFrom` sends `address(this).balance` as the fee. If the main payment uses exact funds (no remainder), the fee transfer is skipped entirely.
+5. **Tier reuse by IPFS URI.** If an encoded IPFS URI was already minted on the hook, the existing tier ID is reused instead of creating a new tier. The poster still gets a mint of the existing tier. The fee is calculated from the actual tier price stored on-chain (not from `post.price`), preventing fee evasion (H-19 fix).
+6. **Stale tier mapping cleanup.** If a tier was removed externally via `adjustTiers()`, the `tierIdForEncodedIPFSUriOf` mapping is automatically cleared when the same IPFS URI is posted again, allowing a new tier to be created (L-52 fix).
+7. **Array resizing via assembly.** `_setupPosts` resizes `tiersToAdd` via inline assembly when some posts reuse existing tiers. The `tierIdsToMint` array is NOT resized and may contain zeros for pre-existing tiers.
+8. **CTProjectOwner only accepts mints.** `onERC721Received` reverts if `from != address(0)` -- it only accepts tokens minted by `PROJECTS`, not transferred directly. But external project NFT transfers (where `from` is the previous owner) DO work since the hook is on `CTProjectOwner`, not `CTDeployer`.
+9. **CTDeployer rejects direct transfers.** `CTDeployer.onERC721Received` reverts if `from != address(0)`. It only accepts mints from `PROJECTS`.
+10. **Temporary ownership during deployment.** `CTDeployer` owns the project NFT temporarily during `deployProjectFor` (to configure permissions and hooks), then transfers it to the specified `owner`. If the transfer reverts, the entire deployment fails.
+11. **Data hook proxy pattern.** `CTDeployer` wraps itself as the data hook, forwarding to `dataHookOf[projectId]`. This is needed to intercept cash-out calls and grant fee-free cash outs to suckers. Both `useDataHookForPay` and `useDataHookForCashOut` are enabled (M-37 fix).
+12. **Sucker registry trust.** `CTDeployer.beforeCashOutRecordedWith` trusts `SUCKER_REGISTRY.isSuckerOf` to determine fee exemption. If the registry is compromised, any address could cash out without tax.
+13. **Allowlist uses linear scan.** `_isAllowed()` iterates the full allowlist array. Acceptable for <100 addresses; gas cost scales linearly with list size.
+14. **Referral ID in metadata.** `FEE_PROJECT_ID` is stored in the first 32 bytes of mint metadata (via assembly `mstore`), allowing the fee terminal to track referrals.
+15. **Deterministic deployment.** Hook salt is `keccak256(abi.encode(projectConfig.salt, msg.sender))` and sucker salt is `keccak256(abi.encode(suckerConfig.salt, msg.sender))`. Different callers with the same salt get different addresses.
+16. **Default project weight.** `CTDeployer` deploys projects with `weight = 1_000_000 * 10^18`, ETH currency, and `maxCashOutTaxRate`. These defaults are hardcoded.
+17. **ERC2771 meta-transaction support.** Both `CTPublisher` and `CTDeployer` support meta-transactions via `ERC2771Context` with a configurable trusted forwarder, allowing relayers to submit transactions on behalf of users.
 
 ## Example Integration
 
@@ -65,13 +137,16 @@ import {ICTPublisher} from "@croptop/core-v6/src/interfaces/ICTPublisher.sol";
 import {CTPost} from "@croptop/core-v6/src/structs/CTPost.sol";
 import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
 
-// Mint a post from a Croptop-enabled project
+// --- Post content to a Croptop-enabled project ---
+
 CTPost[] memory posts = new CTPost[](1);
 posts[0] = CTPost({
     encodedIPFSUri: 0x1234..., // encoded IPFS CID
     totalSupply: 100,
     price: 0.01 ether,
-    category: 1
+    category: 1,
+    splitPercent: 0,
+    splits: new JBSplit[](0)
 });
 
 // Price + 5% fee
@@ -85,4 +160,29 @@ publisher.mintFrom{value: totalCost}(
     "",         // additional pay metadata
     ""          // fee metadata
 );
+
+// --- Deploy a new Croptop project ---
+
+(uint256 projectId, IJB721TiersHook hook) = deployer.deployProjectFor({
+    owner: msg.sender,
+    projectConfig: CTProjectConfig({
+        terminalConfigurations: terminals,
+        projectUri: "ipfs://...",
+        allowedPosts: allowedPosts,
+        contractUri: "ipfs://...",
+        name: "My Collection",
+        symbol: "MYC",
+        salt: bytes32("my-project")
+    }),
+    suckerDeploymentConfiguration: CTSuckerDeploymentConfig({
+        deployerConfigurations: new JBSuckerDeployerConfig[](0),
+        salt: bytes32(0)
+    }),
+    controller: IJBController(controllerAddress)
+});
+
+// --- Lock ownership via CTProjectOwner ---
+// Transfer the project NFT to CTProjectOwner to burn-lock ownership
+// while keeping Croptop posting enabled.
+IERC721(projects).safeTransferFrom(msg.sender, address(projectOwner), projectId);
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@croptop/core-v6",
-    "version": "0.0.6",
+    "version": "0.0.7",
     "license": "MIT",
     "repository": {
         "type": "git",
@@ -16,17 +16,17 @@
         "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'croptop-core-v5'"
     },
     "dependencies": {
-        "@bananapus/721-hook-v6": "^0.0.7",
-        "@bananapus/buyback-hook-v6": "^0.0.4",
-        "@bananapus/core-v6": "^0.0.5",
-        "@bananapus/ownable-v6": "^0.0.4",
-        "@bananapus/permission-ids-v6": "^0.0.3",
-        "@bananapus/suckers-v6": "^0.0.4",
+        "@bananapus/721-hook-v6": "^0.0.9",
+        "@bananapus/buyback-hook-v6": "^0.0.7",
+        "@bananapus/core-v6": "^0.0.9",
+        "@bananapus/ownable-v6": "^0.0.5",
+        "@bananapus/permission-ids-v6": "^0.0.4",
+        "@bananapus/suckers-v6": "^0.0.6",
         "@bananapus/router-terminal-v6": "^0.0.6",
         "@openzeppelin/contracts": "^5.2.0"
     },
     "devDependencies": {
-        "@rev-net/core-v6": "^0.0.3",
+        "@rev-net/core-v6": "^0.0.6",
         "@sphinx-labs/plugins": "^0.33.1"
     }
 }

package/src/CTDeployer.sol

@@ -275,6 +275,7 @@ contract CTDeployer is ERC2771Context, JBPermissioned, IJBRulesetDataHook, IERC7
         rulesetConfigurations[0].metadata.cashOutTaxRate = JBConstants.MAX_CASH_OUT_TAX_RATE;
         rulesetConfigurations[0].metadata.dataHook = address(this);
         rulesetConfigurations[0].metadata.useDataHookForPay = true;
+        rulesetConfigurations[0].metadata.useDataHookForCashOut = true;
 
         // Launch the project, and sanity check the project ID.
         assert(

package/src/CTPublisher.sol

@@ -2,6 +2,7 @@
 pragma solidity 0.8.26;
 
 import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
+import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
 import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
 import {JB721TierConfig} from "@bananapus/721-hook-v6/src/structs/JB721TierConfig.sol";
 import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
@@ -427,9 +428,12 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
         // Set the size of the tier IDs of the posts that should be minted once published.
         tierIdsToMint = new uint256[](posts.length);
 
+        // Keep a reference to the hook's store for tier lookups.
+        IJB721TiersHookStore store = hook.STORE();
+
         // The tier ID that will be created, and the first one that should be minted from, is one more than the current
         // max.
-        uint256 startingTierId = hook.STORE().maxTierIdOf(address(hook)) + 1;
+        uint256 startingTierId = store.maxTierIdOf(address(hook)) + 1;
 
         // Keep a reference to the total number of tiers being added.
         uint256 numberOfTiersBeingAdded;
@@ -450,7 +454,21 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
                 // Check if there's an ID of a tier already minted for this encodedIPFSUri.
                 uint256 tierId = tierIdForEncodedIPFSUriOf[address(hook)][post.encodedIPFSUri];
 
-                if (tierId != 0) tierIdsToMint[i] = tierId;
+                if (tierId != 0) {
+                    // If the tier was removed externally (via adjustTiers), clear the stale mapping
+                    // so the code falls through to create a new tier.
+                    // slither-disable-next-line calls-loop
+                    if (hook.STORE().isTierRemoved(address(hook), tierId)) {
+                        delete tierIdForEncodedIPFSUriOf[address(hook)][post.encodedIPFSUri];
+                    } else {
+                        tierIdsToMint[i] = tierId;
+
+                        // For existing tiers, use the actual tier price (not the user-supplied post.price)
+                        // to prevent fee evasion by passing price=0 for an existing tier.
+                        // slither-disable-next-line calls-loop
+                        totalPrice += store.tierOf(address(hook), tierId, false).price;
+                    }
+                }
             }
 
             // If no tier already exists, post the tier.
@@ -524,10 +542,10 @@ contract CTPublisher is JBPermissioned, ERC2771Context, ICTPublisher {
 
                 // Save the encodedIPFSUri as minted.
                 tierIdForEncodedIPFSUriOf[address(hook)][post.encodedIPFSUri] = tierIdsToMint[i];
-            }
 
-            // Increment the total price.
-            totalPrice += post.price;
+                // For new tiers, use the post's price for totalPrice accumulation.
+                totalPrice += post.price;
+            }
         }
 
         // Resize the array if there's a mismatch in length.

package/test/regression/H19_FeeEvasion.t.sol

@@ -0,0 +1,280 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+import "forge-std/Test.sol";
+
+import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
+import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
+import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
+import {IJBOwnable} from "@bananapus/ownable-v6/src/interfaces/IJBOwnable.sol";
+import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
+import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
+import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
+import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
+import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
+import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
+
+import {CTPublisher} from "../../src/CTPublisher.sol";
+import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
+import {CTPost} from "../../src/structs/CTPost.sol";
+
+/// @title H19_FeeEvasion
+/// @notice Regression test for H-19: fee evasion for existing tier mints.
+///         Before the fix, a user could set post.price = 0 for an existing tier
+///         to evade the 5% Croptop fee entirely. The fix reads the actual tier price
+///         from the store for existing tiers.
+contract H19_FeeEvasion is Test {
+    CTPublisher publisher;
+
+    IJBPermissions permissions = IJBPermissions(makeAddr("permissions"));
+    IJBDirectory directory = IJBDirectory(makeAddr("directory"));
+
+    address hookOwner = makeAddr("hookOwner");
+    address hookAddr = makeAddr("hook");
+    address hookStoreAddr = makeAddr("hookStore");
+    address terminalAddr = makeAddr("terminal");
+    address feeTerminalAddr = makeAddr("feeTerminal");
+    address poster = makeAddr("poster");
+
+    uint256 feeProjectId = 1;
+    uint256 hookProjectId = 42;
+
+    bytes32 constant TEST_URI = keccak256("existing-tier-content");
+    uint104 constant TIER_PRICE = 1 ether;
+
+    function setUp() public {
+        publisher = new CTPublisher(directory, permissions, feeProjectId, address(0));
+
+        // Mock hook.owner().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJBOwnable.owner.selector), abi.encode(hookOwner));
+        // Mock hook.PROJECT_ID().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.PROJECT_ID.selector), abi.encode(hookProjectId));
+        // Mock hook.STORE().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.STORE.selector), abi.encode(hookStoreAddr));
+
+        // Mock isTierRemoved to return false by default (tier exists).
+        vm.mockCall(
+            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.isTierRemoved.selector), abi.encode(false)
+        );
+
+        // Mock permissions to return true by default.
+        vm.mockCall(
+            address(permissions), abi.encodeWithSelector(IJBPermissions.hasPermission.selector), abi.encode(true)
+        );
+
+        // Fund poster.
+        vm.deal(poster, 100 ether);
+    }
+
+    function _configureCategory() internal {
+        CTAllowedPost[] memory posts = new CTAllowedPost[](1);
+        posts[0] = CTAllowedPost({
+            hook: hookAddr,
+            category: 5,
+            minimumPrice: 0,
+            minimumTotalSupply: 1,
+            maximumTotalSupply: 100,
+            maximumSplitPercent: 0,
+            allowedAddresses: new address[](0)
+        });
+
+        vm.prank(hookOwner);
+        publisher.configurePostingCriteriaFor(posts);
+    }
+
+    function _setupMintMocks(uint256 maxTierId) internal {
+        vm.mockCall(
+            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.maxTierIdOf.selector), abi.encode(maxTierId)
+        );
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.adjustTiers.selector), abi.encode());
+        vm.mockCall(hookAddr, abi.encodeWithSelector(bytes4(keccak256("METADATA_ID_TARGET()"))), abi.encode(address(0)));
+    }
+
+    /// @notice Test that fee is still charged when post.price = 0 for an existing tier.
+    ///         Before the fix, the attacker could set post.price = 0 and pay exactly 0 ETH
+    ///         for the fee. After the fix, the actual tier price is read from the store.
+    function test_feeChargedForExistingTierEvenWithZeroPostPrice() public {
+        _configureCategory();
+
+        // First mint: create tier 1 with TIER_PRICE.
+        _setupMintMocks(0);
+
+        // Mock tierOf for tier 1 to return a tier with TIER_PRICE.
+        JB721Tier memory tier = JB721Tier({
+            id: 1,
+            price: TIER_PRICE,
+            remainingSupply: 9,
+            initialSupply: 10,
+            votingUnits: 0,
+            reserveFrequency: 0,
+            reserveBeneficiary: address(0),
+            encodedIPFSUri: TEST_URI,
+            category: 5,
+            discountPercent: 0,
+            allowOwnerMint: false,
+            transfersPausable: false,
+            cannotBeRemoved: false,
+            cannotIncreaseDiscountPercent: false,
+            splitPercent: 0,
+            resolvedUri: ""
+        });
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.tierOf.selector, hookAddr, 1, false),
+            abi.encode(tier)
+        );
+
+        // Mock terminals.
+        vm.mockCall(
+            address(directory),
+            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, hookProjectId),
+            abi.encode(terminalAddr)
+        );
+        vm.mockCall(
+            address(directory),
+            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, feeProjectId),
+            abi.encode(feeTerminalAddr)
+        );
+
+        // Mock terminal.pay() to succeed and record the value sent.
+        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
+        vm.mockCall(feeTerminalAddr, "", abi.encode(uint256(0)));
+
+        CTPost[] memory posts = new CTPost[](1);
+        posts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: TIER_PRICE,
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        // First mint to create the tier and populate the mapping.
+        vm.prank(poster);
+        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        // Verify the mapping was set.
+        assertEq(publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI), 1, "tier ID should be stored");
+
+        // Now the attack: existing tier, but attacker sets post.price = 0.
+        // Update mocks for the second mint (maxTierId is now 1).
+        _setupMintMocks(1);
+
+        CTPost[] memory attackPosts = new CTPost[](1);
+        attackPosts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: 0, // Attacker tries to evade fee by setting price = 0.
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        // The fee is TIER_PRICE / FEE_DIVISOR = 1 ether / 20 = 0.05 ether.
+        // The project payment is TIER_PRICE - fee = 1 ether - 0.05 ether = 0.95 ether.
+        // Total required: TIER_PRICE = 1 ether (project gets 0.95 ether, fee is 0.05 ether).
+        // With the fix, the actual tier price (1 ether) is used, so the full msg.value is needed.
+
+        // Sending 0 ETH should revert because totalPrice is now the actual tier price (1 ether),
+        // not the attacker's 0.
+        vm.prank(poster);
+        vm.expectRevert();
+        publisher.mintFrom{value: 0}(IJB721TiersHook(hookAddr), attackPosts, poster, poster, "", "");
+
+        // Sending the correct amount should succeed.
+        vm.prank(poster);
+        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), attackPosts, poster, poster, "", "");
+    }
+
+    /// @notice Test that the correct fee amount is deducted for existing tier mints.
+    ///         The fee should be based on the actual tier price, not post.price.
+    function test_correctFeeDeductedForExistingTier() public {
+        _configureCategory();
+
+        // Create tier 1 with TIER_PRICE.
+        _setupMintMocks(0);
+
+        // Mock tierOf for tier 1.
+        JB721Tier memory tier = JB721Tier({
+            id: 1,
+            price: TIER_PRICE,
+            remainingSupply: 9,
+            initialSupply: 10,
+            votingUnits: 0,
+            reserveFrequency: 0,
+            reserveBeneficiary: address(0),
+            encodedIPFSUri: TEST_URI,
+            category: 5,
+            discountPercent: 0,
+            allowOwnerMint: false,
+            transfersPausable: false,
+            cannotBeRemoved: false,
+            cannotIncreaseDiscountPercent: false,
+            splitPercent: 0,
+            resolvedUri: ""
+        });
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.tierOf.selector, hookAddr, 1, false),
+            abi.encode(tier)
+        );
+
+        // Mock terminals.
+        vm.mockCall(
+            address(directory),
+            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, hookProjectId),
+            abi.encode(terminalAddr)
+        );
+        vm.mockCall(
+            address(directory),
+            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, feeProjectId),
+            abi.encode(feeTerminalAddr)
+        );
+        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
+        vm.mockCall(feeTerminalAddr, "", abi.encode(uint256(0)));
+
+        // First mint to create the tier.
+        CTPost[] memory posts = new CTPost[](1);
+        posts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: TIER_PRICE,
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        vm.prank(poster);
+        publisher.mintFrom{value: 2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        // Second mint with the existing tier. Even with post.price = 0, the fee
+        // should be based on the actual price (1 ether).
+        _setupMintMocks(1);
+
+        CTPost[] memory existingPosts = new CTPost[](1);
+        existingPosts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: 0, // Attacker sets price to 0.
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        // Fee = 1 ether / 20 = 0.05 ether
+        // payValue = msg.value - fee = msg.value - 0.05 ether
+        // totalPrice = 1 ether (from the store, not post.price)
+        // Need: totalPrice <= payValue, i.e., 1 ether <= msg.value - 0.05 ether
+        // So msg.value >= 1.05 ether
+
+        // Sending exactly 1.05 ether should succeed.
+        vm.prank(poster);
+        publisher.mintFrom{value: 1.05 ether}(IJB721TiersHook(hookAddr), existingPosts, poster, poster, "", "");
+
+        // Sending 1.04 ether should fail (1.04 - 0.05 = 0.99 < 1 ether totalPrice).
+        vm.prank(poster);
+        vm.expectRevert();
+        publisher.mintFrom{value: 1.04 ether}(IJB721TiersHook(hookAddr), existingPosts, poster, poster, "", "");
+    }
+}

package/test/regression/L52_StaleTierIdMapping.t.sol

@@ -0,0 +1,214 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+import "forge-std/Test.sol";
+
+import {IJBPermissions} from "@bananapus/core-v6/src/interfaces/IJBPermissions.sol";
+import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
+import {IJBOwnable} from "@bananapus/ownable-v6/src/interfaces/IJBOwnable.sol";
+import {IJB721TiersHook} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHook.sol";
+import {IJB721TiersHookStore} from "@bananapus/721-hook-v6/src/interfaces/IJB721TiersHookStore.sol";
+import {JB721Tier} from "@bananapus/721-hook-v6/src/structs/JB721Tier.sol";
+import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
+import {JBSplit} from "@bananapus/core-v6/src/structs/JBSplit.sol";
+import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
+
+import {CTPublisher} from "../../src/CTPublisher.sol";
+import {CTAllowedPost} from "../../src/structs/CTAllowedPost.sol";
+import {CTPost} from "../../src/structs/CTPost.sol";
+
+/// @title L52_StaleTierIdMapping
+/// @notice Regression test for L-52: stale tierIdForEncodedIPFSUriOf mapping after external tier removal.
+///         When a tier is removed externally via adjustTiers(), the publisher's mapping still pointed
+///         to the removed tier ID, blocking re-creation. The fix clears the stale mapping and allows
+///         the post to fall through to new-tier creation.
+contract L52_StaleTierIdMapping is Test {
+    CTPublisher publisher;
+
+    IJBPermissions permissions = IJBPermissions(makeAddr("permissions"));
+    IJBDirectory directory = IJBDirectory(makeAddr("directory"));
+
+    address hookOwner = makeAddr("hookOwner");
+    address hookAddr = makeAddr("hook");
+    address hookStoreAddr = makeAddr("hookStore");
+    address terminalAddr = makeAddr("terminal");
+    address poster = makeAddr("poster");
+
+    uint256 feeProjectId = 1;
+    uint256 hookProjectId = 42;
+
+    bytes32 constant TEST_URI = keccak256("removable-content");
+
+    function setUp() public {
+        publisher = new CTPublisher(directory, permissions, feeProjectId, address(0));
+
+        // Mock hook.owner().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJBOwnable.owner.selector), abi.encode(hookOwner));
+        // Mock hook.PROJECT_ID().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.PROJECT_ID.selector), abi.encode(hookProjectId));
+        // Mock hook.STORE().
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.STORE.selector), abi.encode(hookStoreAddr));
+
+        // Mock permissions to return true by default.
+        vm.mockCall(
+            address(permissions), abi.encodeWithSelector(IJBPermissions.hasPermission.selector), abi.encode(true)
+        );
+
+        // Fund poster.
+        vm.deal(poster, 100 ether);
+    }
+
+    function _configureCategory() internal {
+        CTAllowedPost[] memory posts = new CTAllowedPost[](1);
+        posts[0] = CTAllowedPost({
+            hook: hookAddr,
+            category: 5,
+            minimumPrice: 0,
+            minimumTotalSupply: 1,
+            maximumTotalSupply: 100,
+            maximumSplitPercent: 0,
+            allowedAddresses: new address[](0)
+        });
+
+        vm.prank(hookOwner);
+        publisher.configurePostingCriteriaFor(posts);
+    }
+
+    function _setupMintMocks(uint256 maxTierId) internal {
+        vm.mockCall(
+            hookStoreAddr, abi.encodeWithSelector(IJB721TiersHookStore.maxTierIdOf.selector), abi.encode(maxTierId)
+        );
+        vm.mockCall(hookAddr, abi.encodeWithSelector(IJB721TiersHook.adjustTiers.selector), abi.encode());
+        vm.mockCall(hookAddr, abi.encodeWithSelector(bytes4(keccak256("METADATA_ID_TARGET()"))), abi.encode(address(0)));
+        vm.mockCall(
+            address(directory),
+            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector),
+            abi.encode(terminalAddr)
+        );
+        vm.mockCall(terminalAddr, "", abi.encode(uint256(0)));
+    }
+
+    /// @notice After a tier is removed externally, the stale mapping should be cleared
+    ///         so that the same encodedIPFSUri can be re-posted as a new tier.
+    function test_staleMappingClearedWhenTierRemoved() public {
+        _configureCategory();
+
+        // First mint: create tier 1 for TEST_URI.
+        _setupMintMocks(0);
+
+        // Mock isTierRemoved to return false (tier exists).
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.isTierRemoved.selector, hookAddr, 1),
+            abi.encode(false)
+        );
+
+        CTPost[] memory posts = new CTPost[](1);
+        posts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: 0.1 ether,
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        vm.prank(poster);
+        publisher.mintFrom{value: 0.2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        // Verify tier ID 1 was stored in the mapping.
+        assertEq(
+            publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI), 1, "tier ID should be stored after first mint"
+        );
+
+        // Now simulate external tier removal: isTierRemoved returns true for tier 1.
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.isTierRemoved.selector, hookAddr, 1),
+            abi.encode(true)
+        );
+
+        // Update maxTierId to 1 so new tier gets ID 2.
+        _setupMintMocks(1);
+
+        // Second mint with the same URI should succeed (creating a new tier),
+        // because the fix detects the stale mapping and clears it.
+        vm.prank(poster);
+        publisher.mintFrom{value: 0.2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        // Verify the mapping now points to the new tier ID (2).
+        assertEq(
+            publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI),
+            2,
+            "tier ID should be updated to new tier after re-post"
+        );
+    }
+
+    /// @notice When a tier is NOT removed, the mapping should be used as-is (no re-creation).
+    function test_existingTierNotRemovedUsesMapping() public {
+        _configureCategory();
+
+        // First mint: create tier 1 for TEST_URI.
+        _setupMintMocks(0);
+
+        // Mock isTierRemoved to return false (tier exists).
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.isTierRemoved.selector, hookAddr, 1),
+            abi.encode(false)
+        );
+
+        // Mock tierOf for tier 1 so the H-19 price lookup succeeds.
+        JB721Tier memory tier = JB721Tier({
+            id: 1,
+            price: 0.1 ether,
+            remainingSupply: 9,
+            initialSupply: 10,
+            votingUnits: 0,
+            reserveFrequency: 0,
+            reserveBeneficiary: address(0),
+            encodedIPFSUri: TEST_URI,
+            category: 5,
+            discountPercent: 0,
+            allowOwnerMint: false,
+            transfersPausable: false,
+            cannotBeRemoved: false,
+            cannotIncreaseDiscountPercent: false,
+            splitPercent: 0,
+            resolvedUri: ""
+        });
+        vm.mockCall(
+            hookStoreAddr,
+            abi.encodeWithSelector(IJB721TiersHookStore.tierOf.selector, hookAddr, 1, false),
+            abi.encode(tier)
+        );
+
+        CTPost[] memory posts = new CTPost[](1);
+        posts[0] = CTPost({
+            encodedIPFSUri: TEST_URI,
+            totalSupply: 10,
+            price: 0.1 ether,
+            category: 5,
+            splitPercent: 0,
+            splits: new JBSplit[](0)
+        });
+
+        vm.prank(poster);
+        publisher.mintFrom{value: 0.2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        assertEq(publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI), 1);
+
+        // Second mint with existing tier (not removed) — should reuse tier ID 1.
+        _setupMintMocks(1);
+
+        vm.prank(poster);
+        publisher.mintFrom{value: 0.2 ether}(IJB721TiersHook(hookAddr), posts, poster, poster, "", "");
+
+        // Mapping should still point to tier 1.
+        assertEq(
+            publisher.tierIdForEncodedIPFSUriOf(hookAddr, TEST_URI),
+            1,
+            "tier ID should remain unchanged when tier is not removed"
+        );
+    }
+}