@lukso/lsp8-contracts 0.16.5 → 0.17.3

package/contracts/extensions/LSP8CappedBalance/LSP8CappedBalanceInitAbstract.sol

@@ -0,0 +1,174 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+// modules
+import {
+    OwnableUpgradeable
+} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {
+    LSP8IdentifiableDigitalAssetInitAbstract
+} from "../../LSP8IdentifiableDigitalAssetInitAbstract.sol";
+import {
+    AccessControlExtendedInitAbstract
+} from "../AccessControlExtended/AccessControlExtendedInitAbstract.sol";
+
+// interfaces
+import {ILSP8CappedBalance} from "./ILSP8CappedBalance.sol";
+
+// errors
+import {LSP8CappedBalanceExceeded} from "./LSP8CappedBalanceErrors.sol";
+
+/// @title LSP8CappedBalanceInitAbstract
+/// @dev Abstract contract implementing a per-address NFT count cap for LSP8 tokens, with role-based exemptions.
+abstract contract LSP8CappedBalanceInitAbstract is
+    ILSP8CappedBalance,
+    LSP8IdentifiableDigitalAssetInitAbstract,
+    AccessControlExtendedInitAbstract
+{
+    /// @notice The dead address is also commonly used for burning tokens as an alternative to address(0).
+    address internal constant _DEAD_ADDRESS =
+        0x000000000000000000000000000000000000dEaD;
+
+    /// @dev keccak256("UNCAPPED_BALANCE_ROLE")
+    bytes32 public constant UNCAPPED_BALANCE_ROLE =
+        0x975773d1e0a917a74b57f36a377f439ffff6271648aebdbff75a52ab58eb7bad;
+
+    /// @notice The maximum number of NFTs allowed per address.
+    uint256 private _tokenBalanceCap;
+
+    /// @notice Initializes the LSP8CappedBalance contract with base token params and balance cap.
+    /// @dev Initializes the LSP8IdentifiableDigitalAsset base, the access control layer and the balance cap.
+    /// @param name_ The name of the token.
+    /// @param symbol_ The symbol of the token.
+    /// @param newOwner_ The owner of the contract.
+    /// @param lsp4TokenType_ The token type (see LSP4).
+    /// @param lsp8TokenIdFormat_ The format of tokenIds (= NFTs) that this contract will create.
+    /// @param tokenBalanceCap_ The maximum number of NFTs per address, 0 to disable.
+    function __LSP8CappedBalance_init(
+        string memory name_,
+        string memory symbol_,
+        address newOwner_,
+        uint256 lsp4TokenType_,
+        uint256 lsp8TokenIdFormat_,
+        uint256 tokenBalanceCap_
+    ) internal virtual onlyInitializing {
+        LSP8IdentifiableDigitalAssetInitAbstract._initialize(
+            name_,
+            symbol_,
+            newOwner_,
+            lsp4TokenType_,
+            lsp8TokenIdFormat_
+        );
+        __AccessControlExtended_init();
+        __LSP8CappedBalance_init_unchained(tokenBalanceCap_);
+    }
+
+    /// @notice Unchained initializer for the balance cap.
+    /// @dev Sets the balance cap. If set, grants the initial uncapped balance role exemption to the contract owner.
+    /// @param tokenBalanceCap_ The maximum number of NFTs allowed per address. Set to 0 to disable.
+    function __LSP8CappedBalance_init_unchained(
+        uint256 tokenBalanceCap_
+    ) internal virtual onlyInitializing {
+        _tokenBalanceCap = tokenBalanceCap_;
+
+        if (tokenBalanceCap_ != 0) {
+            _grantRole(UNCAPPED_BALANCE_ROLE, owner());
+        }
+    }
+
+    /// @inheritdoc ILSP8CappedBalance
+    function tokenBalanceCap() public view virtual override returns (uint256) {
+        return _tokenBalanceCap;
+    }
+
+    function supportsInterface(
+        bytes4 interfaceId
+    )
+        public
+        view
+        virtual
+        override(
+            AccessControlExtendedInitAbstract,
+            LSP8IdentifiableDigitalAssetInitAbstract
+        )
+        returns (bool)
+    {
+        return
+            AccessControlExtendedInitAbstract.supportsInterface(interfaceId) ||
+            LSP8IdentifiableDigitalAssetInitAbstract.supportsInterface(
+                interfaceId
+            );
+    }
+
+    /// @notice Checks if a token transfer complies with the balance cap.
+    /// @dev The address(0) is not subject to balance cap checks as this address is used for burning tokens. Reverts with {LSP8CappedBalanceExceeded} if the recipient's NFT count after receiving the token would exceed the maximum allowed.
+    /// @param from The address sending the token.
+    /// @param to The address receiving the token.
+    function _tokenBalanceCapCheck(
+        address from,
+        address to,
+        bytes32 /* tokenId */,
+        bool /* force */,
+        bytes memory /* data */
+    ) internal virtual {
+        // self-transfers do not increase the balance of the recipient, so we skip the check
+        if (from == to) return;
+
+        // Address(0) and 0x0000...dead addresses are used for burning tokens
+        if (to == address(0) || to == _DEAD_ADDRESS) return;
+
+        // Do not check for addresses exempted from balance cap
+        if (hasRole(UNCAPPED_BALANCE_ROLE, to)) return;
+
+        uint256 maxBalanceAllowed = tokenBalanceCap();
+        bool isBalanceCapEnabled = maxBalanceAllowed != 0;
+
+        if (!isBalanceCapEnabled) return;
+
+        require(
+            (balanceOf(to) + 1) <= tokenBalanceCap(),
+            LSP8CappedBalanceExceeded(to, balanceOf(to), tokenBalanceCap())
+        );
+    }
+
+    /// @notice Hook called before a token transfer to enforce balance cap restrictions.
+    /// @dev Bypasses balance cap checks for recipients holding `UNCAPPED_BALANCE_ROLE`. Applies cap checks for all other recipients.
+    /// @param from The address sending the token.
+    /// @param to The address receiving the token.
+    /// @param tokenId The unique identifier of the token being transferred.
+    /// @param force Whether to force the transfer.
+    /// @param data Additional data for the transfer.
+    function _beforeTokenTransfer(
+        address from,
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) internal virtual override {
+        _tokenBalanceCapCheck(from, to, tokenId, force, data);
+        super._beforeTokenTransfer(from, to, tokenId, force, data);
+    }
+
+    function _transferOwnership(
+        address newOwner
+    )
+        internal
+        virtual
+        override(AccessControlExtendedInitAbstract, OwnableUpgradeable)
+    {
+        // restore default admin hierarchy so a previously-installed custom admin
+        // cannot grant UNCAPPED_BALANCE_ROLE to new accounts post-transfer
+        _setRoleAdmin(UNCAPPED_BALANCE_ROLE, DEFAULT_ADMIN_ROLE);
+        super._transferOwnership(newOwner);
+    }
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     *
+     * @custom:info The size of the `__gap` array is calculated so that the amount of storage used by the contract
+     * always adds up to the same number (in this case 50 storage slots).
+     */
+    uint256[49] private __gap;
+}

package/contracts/extensions/LSP8CappedSupply/ILSP8CappedSupply.sol

@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+/// @title ILSP8CappedSupply
+/// @dev Interface for an LSP8 token extension that enforces a max token supply cap.
+interface ILSP8CappedSupply {
+    /// @notice The maximum supply amount of tokens allowed to exist is `_TOKEN_SUPPLY_CAP`.
+    /// @dev Get the maximum number of tokens that can exist to circulate. Once {totalSupply} reaches {totalSupplyCap}, it is not possible to mint more tokens.
+    /// @return The maximum number of tokens that can exist in the contract.
+    function tokenSupplyCap() external view returns (uint256);
+}

package/contracts/extensions/LSP8CappedSupply/LSP8CappedSupplyAbstract.sol

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+// modules
+import {
+    LSP8IdentifiableDigitalAsset
+} from "../../LSP8IdentifiableDigitalAsset.sol";
+
+// interfaces
+import {ILSP8CappedSupply} from "./ILSP8CappedSupply.sol";
+
+// errors
+import {LSP8CappedSupplyCannotMintOverCap} from "./LSP8CappedSupplyErrors.sol";
+
+/// @title LSP8CappedSupplyAbstract
+/// @dev Abstract contract implementing a token supply cap for LSP8 tokens.
+abstract contract LSP8CappedSupplyAbstract is
+    ILSP8CappedSupply,
+    LSP8IdentifiableDigitalAsset
+{
+    /// @notice The immutable maximum token supply.
+    uint256 private immutable _TOKEN_SUPPLY_CAP;
+
+    /// @notice Deploying a `LSP8CappedSupply` token contract with max token supply cap set to `tokenSupplyCap_`.
+    /// @dev Deploy a `LSP8CappedSupply` token contract and set the maximum token supply token cap up to which it is not possible to mint more tokens.
+    /// @param tokenSupplyCap_ The maximum total supply, 0 to disable.
+    constructor(uint256 tokenSupplyCap_) {
+        _TOKEN_SUPPLY_CAP = tokenSupplyCap_;
+    }
+
+    /// @inheritdoc ILSP8CappedSupply
+    function tokenSupplyCap() public view virtual override returns (uint256) {
+        return _TOKEN_SUPPLY_CAP;
+    }
+
+    /// @dev Checks if minting a new token would exceed the token supply cap.
+    function _tokenSupplyCapCheck(
+        address /* to */,
+        bytes32 /* tokenId */,
+        bool /* force */,
+        bytes memory /* data */
+    ) internal virtual {
+        require(
+            tokenSupplyCap() == 0 || (totalSupply() + 1) <= tokenSupplyCap(),
+            LSP8CappedSupplyCannotMintOverCap()
+        );
+    }
+
+    /// @dev Same as {_mint} but allows to mint only if the {totalSupply} does not exceed the {tokenSupplyCap} after the token has been minted.
+    function _mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) internal virtual override {
+        _tokenSupplyCapCheck(to, tokenId, force, data);
+        super._mint(to, tokenId, force, data);
+    }
+}

package/contracts/extensions/LSP8CappedSupply/LSP8CappedSupplyErrors.sol

@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+/// @notice Cannot mint anymore as total supply reached the maximum cap.
+/// @dev Reverts when trying to mint tokens but the {totalSupply} has reached the maximum {tokenSupplyCap}.
+error LSP8CappedSupplyCannotMintOverCap();

package/contracts/extensions/LSP8CappedSupply/LSP8CappedSupplyInitAbstract.sol

@@ -0,0 +1,97 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+// modules
+import {
+    LSP8IdentifiableDigitalAssetInitAbstract
+} from "../../LSP8IdentifiableDigitalAssetInitAbstract.sol";
+
+// interfaces
+import {ILSP8CappedSupply} from "./ILSP8CappedSupply.sol";
+
+// errors
+import {LSP8CappedSupplyCannotMintOverCap} from "./LSP8CappedSupplyErrors.sol";
+
+/// @title LSP8CappedSupplyInitAbstract
+/// @dev Abstract contract implementing a token supply cap for LSP8 tokens.
+abstract contract LSP8CappedSupplyInitAbstract is
+    ILSP8CappedSupply,
+    LSP8IdentifiableDigitalAssetInitAbstract
+{
+    /// @notice The maximum token supply.
+    uint256 private _tokenSupplyCap;
+
+    /// @notice Initializes the LSP8CappedSupply contract with base token params and supply cap.
+    /// @dev Initializes the LSP8IdentifiableDigitalAsset base and sets the maximum token supply cap.
+    /// @param name_ The name of the token.
+    /// @param symbol_ The symbol of the token.
+    /// @param newOwner_ The owner of the contract.
+    /// @param lsp4TokenType_ The token type (see LSP4).
+    /// @param lsp8TokenIdFormat_ The format of tokenIds (= NFTs) that this contract will create.
+    /// @param tokenSupplyCap_ The maximum total supply, 0 to disable.
+    function __LSP8CappedSupply_init(
+        string memory name_,
+        string memory symbol_,
+        address newOwner_,
+        uint256 lsp4TokenType_,
+        uint256 lsp8TokenIdFormat_,
+        uint256 tokenSupplyCap_
+    ) internal virtual onlyInitializing {
+        LSP8IdentifiableDigitalAssetInitAbstract._initialize(
+            name_,
+            symbol_,
+            newOwner_,
+            lsp4TokenType_,
+            lsp8TokenIdFormat_
+        );
+        __LSP8CappedSupply_init_unchained(tokenSupplyCap_);
+    }
+
+    /// @notice Unchained initializer for the token supply cap.
+    /// @dev Sets the maximum token supply cap.
+    /// @param tokenSupplyCap_ The maximum total supply, 0 to disable.
+    function __LSP8CappedSupply_init_unchained(
+        uint256 tokenSupplyCap_
+    ) internal virtual onlyInitializing {
+        _tokenSupplyCap = tokenSupplyCap_;
+    }
+
+    /// @inheritdoc ILSP8CappedSupply
+    function tokenSupplyCap() public view virtual override returns (uint256) {
+        return _tokenSupplyCap;
+    }
+
+    /// @dev Checks if minting a new token would exceed the token supply cap.
+    function _tokenSupplyCapCheck(
+        address /* to */,
+        bytes32 /* tokenId */,
+        bool /* force */,
+        bytes memory /* data */
+    ) internal virtual {
+        require(
+            tokenSupplyCap() == 0 || (totalSupply() + 1) <= tokenSupplyCap(),
+            LSP8CappedSupplyCannotMintOverCap()
+        );
+    }
+
+    /// @dev Same as {_mint} but allows to mint only if the {totalSupply} does not exceed the {tokenSupplyCap} after the token has been minted.
+    function _mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) internal virtual override {
+        _tokenSupplyCapCheck(to, tokenId, force, data);
+        super._mint(to, tokenId, force, data);
+    }
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     *
+     * @custom:info The size of the `__gap` array is calculated so that the amount of storage used by the contract
+     * always adds up to the same number (in this case 50 storage slots).
+     */
+    uint256[49] private __gap;
+}

package/contracts/extensions/{LSP8Enumerable.sol → LSP8Enumerable/LSP8Enumerable.sol}

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 // modules
 import {
     LSP8IdentifiableDigitalAsset
-} from "../LSP8IdentifiableDigitalAsset.sol";
+} from "../../LSP8IdentifiableDigitalAsset.sol";
 
 /**
  * @dev LSP8 extension that enables to enumerate over all the `tokenIds` ever minted.

package/contracts/extensions/{LSP8EnumerableInitAbstract.sol → LSP8Enumerable/LSP8EnumerableInitAbstract.sol}

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 // modules
 import {
     LSP8IdentifiableDigitalAssetInitAbstract
-} from "../LSP8IdentifiableDigitalAssetInitAbstract.sol";
+} from "../../LSP8IdentifiableDigitalAssetInitAbstract.sol";
 
 /**
  * @dev LSP8 extension.

package/contracts/extensions/LSP8Mintable/ILSP8Mintable.sol

@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+/// @title ILSP8Mintable
+/// @dev Interface for a mintable LSP8 token extension, allowing the owner to mint new tokens and disable minting.
+interface ILSP8Mintable {
+    /// @dev Emitted when minting status is changed.
+    event MintingStatusChanged(bool indexed enabled);
+
+    /// @notice Disables minting of new tokens permanently.
+    /// @dev Can only be called by the contract owner. Prevents further calls to mint after invocation.
+    /// @custom:events {MintingDisabled} event.
+    function disableMinting() external;
+
+    /// @notice Mints a new token with the specified tokenId to a given address.
+    /// @dev Mints a token with `tokenId` to `to`, callable only by the contract owner. Emits a Transfer event as defined in ILSP8IdentifiableDigitalAsset. Reverts if `to` is the zero address, if minting is disabled, or if the tokenId already exists.
+    /// @param to The address to receive the minted token.
+    /// @param tokenId The unique identifier for the token to mint.
+    /// @param force When true, allows minting to any address; when false, requires `to` to support LSP1 UniversalReceiver.
+    /// @param data Additional data included in the Transfer event and sent to `to`'s UniversalReceiver hook, if applicable.
+    function mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) external;
+}

package/contracts/extensions/LSP8Mintable/LSP8MintableAbstract.sol

@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+// modules
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {
+    LSP8IdentifiableDigitalAsset
+} from "../../LSP8IdentifiableDigitalAsset.sol";
+import {
+    AccessControlExtendedAbstract
+} from "../AccessControlExtended/AccessControlExtendedAbstract.sol";
+
+// interfaces
+import {ILSP8Mintable} from "./ILSP8Mintable.sol";
+
+// errors
+import {LSP8MintDisabled} from "./LSP8MintableErrors.sol";
+
+/// @title LSP8MintableAbstract
+/// @dev Abstract contract implementing a mintable LSP8 token extension, allowing the owner to mint any address granted the `MINTER_ROLE` to mint new tokens until minting is disabled.
+/// Inherits from LSP8IdentifiableDigitalAsset to provide core token functionality.
+abstract contract LSP8MintableAbstract is
+    ILSP8Mintable,
+    LSP8IdentifiableDigitalAsset,
+    AccessControlExtendedAbstract
+{
+    /// @notice Indicates whether minting is currently enabled.
+    bool public isMintable;
+
+    /// @dev keccak256("MINTER_ROLE")
+    bytes32 public constant MINTER_ROLE =
+        0x9f2df0fed2c77648de5860a4cc508cd0818c85b8b8a1ab4ceeef8d981c8956a6;
+
+    /// @notice Initializes the contract with the minting status.
+    /// @dev Sets the initial minting status. Inherits LSP8IdentifiableDigitalAsset constructor logic.
+    /// @param mintable_ True to enable minting after deployment, false to disable it forever.
+    /// @custom:info If `mintable_` is set to `true` then it can be disabled using `disableMinting()` function later on.
+    constructor(bool mintable_) {
+        isMintable = mintable_;
+        emit MintingStatusChanged({enabled: mintable_});
+
+        if (mintable_) {
+            _grantRole(MINTER_ROLE, owner());
+        }
+    }
+
+    /// @inheritdoc ILSP8Mintable
+    /// @custom:warning Once this function is called, any address holding the `MINTER_ROLE` will be inoperable.
+    /// @custom:info The list of addresses holding the `MINTER_ROLE` remains populated after the minting feature is switched off.
+    function disableMinting() public virtual override onlyOwner {
+        require(isMintable, LSP8MintDisabled());
+        isMintable = false;
+        emit MintingStatusChanged({enabled: false});
+    }
+
+    /// @inheritdoc ILSP8Mintable
+    function mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) public virtual override onlyRole(MINTER_ROLE) {
+        _mint(to, tokenId, force, data);
+    }
+
+    function supportsInterface(
+        bytes4 interfaceId
+    )
+        public
+        view
+        virtual
+        override(AccessControlExtendedAbstract, LSP8IdentifiableDigitalAsset)
+        returns (bool)
+    {
+        return
+            AccessControlExtendedAbstract.supportsInterface(interfaceId) ||
+            LSP8IdentifiableDigitalAsset.supportsInterface(interfaceId);
+    }
+
+    /// @notice Internal function to mint tokens, overridden to enforce minting status.
+    /// @dev Checks if minting is enabled, reverting with LSP8MintDisabled if not. Calls the parent _mint function from LSP8IdentifiableDigitalAsset.
+    /// @param to The address to receive the minted token.
+    /// @param tokenId The unique identifier for the token to mint.
+    /// @param force When true, allows minting to any address; when false, requires `to` to support LSP1 UniversalReceiver.
+    /// @param data Additional data included in the Transfer event and sent to `to`'s UniversalReceiver hook, if applicable.
+    function _mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) internal virtual override {
+        require(isMintable, LSP8MintDisabled());
+
+        super._mint(to, tokenId, force, data);
+    }
+
+    function _transferOwnership(
+        address newOwner
+    ) internal virtual override(AccessControlExtendedAbstract, Ownable) {
+        // restore default admin hierarchy so a previously-installed custom admin
+        // cannot grant MINTER_ROLE to new accounts post-transfer
+        _setRoleAdmin(MINTER_ROLE, DEFAULT_ADMIN_ROLE);
+        super._transferOwnership(newOwner);
+    }
+}

package/contracts/extensions/LSP8Mintable/LSP8MintableErrors.sol

@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+/// @dev Error thrown when attempting to mint tokens after minting has been disabled.
+error LSP8MintDisabled();

package/contracts/extensions/LSP8Mintable/LSP8MintableInitAbstract.sol

@@ -0,0 +1,155 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.27;
+
+// modules
+import {
+    OwnableUpgradeable
+} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {
+    LSP8IdentifiableDigitalAssetInitAbstract
+} from "../../LSP8IdentifiableDigitalAssetInitAbstract.sol";
+import {
+    AccessControlExtendedInitAbstract
+} from "../AccessControlExtended/AccessControlExtendedInitAbstract.sol";
+
+// interfaces
+import {ILSP8Mintable} from "./ILSP8Mintable.sol";
+
+// errors
+import {LSP8MintDisabled} from "./LSP8MintableErrors.sol";
+
+/// @title LSP8MintableInitAbstract
+/// @dev Abstract contract implementing a mintable LSP8 token extension, allowing the owner to mint any address granted the `MINTER_ROLE` to mint new tokens until minting is disabled.
+/// Inherits from LSP8IdentifiableDigitalAssetInitAbstract to provide core token functionality.
+abstract contract LSP8MintableInitAbstract is
+    ILSP8Mintable,
+    LSP8IdentifiableDigitalAssetInitAbstract,
+    AccessControlExtendedInitAbstract
+{
+    /// @notice Indicates whether minting is currently enabled.
+    bool public isMintable;
+
+    /// @dev keccak256("MINTER_ROLE")
+    bytes32 public constant MINTER_ROLE =
+        0x9f2df0fed2c77648de5860a4cc508cd0818c85b8b8a1ab4ceeef8d981c8956a6;
+
+    /// @notice Initializes the LSP8Mintable contract with base token params and minting status.
+    /// @dev Initializes the LSP8IdentifiableDigitalAsset base and sets the initial minting status.
+    /// @param name_ The name of the token.
+    /// @param symbol_ The symbol of the token.
+    /// @param newOwner_ The owner of the contract.
+    /// @param lsp4TokenType_ The token type (see LSP4).
+    /// @param lsp8TokenIdFormat_ The format of tokenIds (= NFTs) that this contract will create.
+    /// @param mintable_ True to enable minting after deployment, false to disable it forever.
+    /// @custom:info If `mintable_` is set to `true` then it can be disabled using `disableMinting()` function later on.
+    function __LSP8Mintable_init(
+        string memory name_,
+        string memory symbol_,
+        address newOwner_,
+        uint256 lsp4TokenType_,
+        uint256 lsp8TokenIdFormat_,
+        bool mintable_
+    ) internal virtual onlyInitializing {
+        LSP8IdentifiableDigitalAssetInitAbstract._initialize(
+            name_,
+            symbol_,
+            newOwner_,
+            lsp4TokenType_,
+            lsp8TokenIdFormat_
+        );
+        __AccessControlExtended_init();
+        __LSP8Mintable_init_unchained(mintable_);
+    }
+
+    /// @notice Unchained initializer for the minting status.
+    /// @dev Sets the initial minting status.
+    /// @param mintable_ True to enable minting after deployment, false to disable it forever.
+    function __LSP8Mintable_init_unchained(
+        bool mintable_
+    ) internal virtual onlyInitializing {
+        isMintable = mintable_;
+        emit MintingStatusChanged({enabled: mintable_});
+
+        if (mintable_) {
+            _grantRole(MINTER_ROLE, owner());
+        }
+    }
+
+    /// @inheritdoc ILSP8Mintable
+    /// @custom:warning Once this function is called, any address holding the `MINTER_ROLE` will be inoperable.
+    /// @custom:info The list of addresses holding the `MINTER_ROLE` remains populated after the minting feature is switched off.
+    function disableMinting() public virtual override onlyOwner {
+        require(isMintable, LSP8MintDisabled());
+        isMintable = false;
+        emit MintingStatusChanged({enabled: false});
+    }
+
+    /// @inheritdoc ILSP8Mintable
+    function mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) public virtual override onlyRole(MINTER_ROLE) {
+        _mint(to, tokenId, force, data);
+    }
+
+    function supportsInterface(
+        bytes4 interfaceId
+    )
+        public
+        view
+        virtual
+        override(
+            AccessControlExtendedInitAbstract,
+            LSP8IdentifiableDigitalAssetInitAbstract
+        )
+        returns (bool)
+    {
+        return
+            AccessControlExtendedInitAbstract.supportsInterface(interfaceId) ||
+            LSP8IdentifiableDigitalAssetInitAbstract.supportsInterface(
+                interfaceId
+            );
+    }
+
+    /// @notice Internal function to mint tokens, overridden to enforce minting status.
+    /// @dev Checks if minting is enabled, reverting with LSP8MintDisabled if not. Calls the parent _mint function from LSP8IdentifiableDigitalAssetInitAbstract.
+    /// @param to The address to receive the minted token.
+    /// @param tokenId The unique identifier for the token to mint.
+    /// @param force When true, allows minting to any address; when false, requires `to` to support LSP1 UniversalReceiver.
+    /// @param data Additional data included in the Transfer event and sent to `to`'s UniversalReceiver hook, if applicable.
+    function _mint(
+        address to,
+        bytes32 tokenId,
+        bool force,
+        bytes memory data
+    ) internal virtual override {
+        require(isMintable, LSP8MintDisabled());
+
+        super._mint(to, tokenId, force, data);
+    }
+
+    function _transferOwnership(
+        address newOwner
+    )
+        internal
+        virtual
+        override(AccessControlExtendedInitAbstract, OwnableUpgradeable)
+    {
+        // restore default admin hierarchy so a previously-installed custom admin
+        // cannot grant MINTER_ROLE to new accounts post-transfer
+        _setRoleAdmin(MINTER_ROLE, DEFAULT_ADMIN_ROLE);
+        super._transferOwnership(newOwner);
+    }
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     *
+     * @custom:info The size of the `__gap` array is calculated so that the amount of storage used by the contract
+     * always adds up to the same number (in this case 50 storage slots).
+     */
+    uint256[49] private __gap;
+}