@silvana-one/nft 0.2.11 → 1.0.0

package/src/contracts/collection.ts

@@ -21,7 +21,6 @@ import {
   VerificationKey,
   UInt32,
   UInt64,
-  SmartContract,
   Mina,
   Provable,
 } from "o1js";
@@ -29,11 +28,13 @@ import { NFT } from "./nft.js";
 import {
   MintParams,
   MintRequest,
-  TransferParams,
+  TransferBySignatureParams,
+  TransferByProofParams,
   CollectionData,
   NFTUpdateProof,
   NFTStateStruct,
   MintEvent,
+  NFTUpdateEvent,
   TransferEvent,
   ApproveEvent,
   UpgradeVerificationKeyEvent,
@@ -43,6 +44,11 @@ import {
   NFTAdminContractConstructor,
   PausableContract,
   PauseEvent,
+  SetNameEvent,
+  SetBaseURLEvent,
+  SetRoyaltyFeeEvent,
+  SetTransferFeeEvent,
+  SetAdminEvent,
   OwnableContract,
   OwnershipChangeEvent,
   NFTOwnerBase,
@@ -85,6 +91,7 @@ const CollectionErrors = {
   onlyOwnerCanUpgradeVerificationKey: "Only owner can upgrade verification key",
   invalidRoyaltyFee: "Royalty fee is too high, cannot be more than 100%",
   invalidOracleAddress: "Oracle address is invalid",
+  pendingCreatorIsEmpty: "Pending creator address is empty",
 };
 
 interface CollectionDeployProps extends Exclude<DeployArgs, undefined> {
@@ -132,6 +139,8 @@ function CollectionFactory(params: {
      * such as flags and fee configurations.
      */
     @state(Field) packedData = State<Field>();
+    /** The public key part (x) of the pending creator. The isOdd field is written to the packedData */
+    @state(Field) pendingCreatorX = State<Field>();
 
     /**
      * Deploys the NFT Collection Contract with the initial settings.
@@ -150,6 +159,9 @@ function CollectionFactory(params: {
           isPaused: true,
         }).pack()
       );
+      this.pendingCreatorX.set(PublicKey.empty().x);
+      // Changes must be made if the number of state fields available on the Mina blockchain changes
+      // This function should initialize ALL state fields due to the logic in the initialize() method
       this.account.zkappUri.set(props.url);
       this.account.tokenSymbol.set(props.symbol);
       this.account.permissions.set({
@@ -159,8 +171,8 @@ function CollectionFactory(params: {
         setPermissions: Permissions.impossible(),
         access: Permissions.proof(),
         send: Permissions.proof(),
-        setZkappUri: Permissions.none(),
-        setTokenSymbol: Permissions.none(),
+        setZkappUri: Permissions.proof(),
+        setTokenSymbol: Permissions.proof(),
       });
     }
 
@@ -172,6 +184,9 @@ function CollectionFactory(params: {
      */
     @method
     async initialize(masterNFT: MintParams, collectionData: CollectionData) {
+      // Changes must be made if the number of state fields available on the Mina blockchain changes
+      // as the next line relies on the fact that the state size is 8 Fields
+      // and all 8 Field are initialized in deploy()
       this.account.provedState.requireEquals(Bool(false));
       collectionData.royaltyFee.assertLessThanOrEqual(
         UInt32.from(MAX_ROYALTY_FEE),
@@ -189,22 +204,23 @@ function CollectionFactory(params: {
      */
     events = {
       mint: MintEvent,
-      update: PublicKey,
+      update: NFTUpdateEvent,
       transfer: TransferEvent,
       approve: ApproveEvent,
       upgradeNFTVerificationKey: UpgradeVerificationKeyEvent,
-      upgradeVerificationKey: Field,
+      upgradeVerificationKey: UpgradeVerificationKeyEvent,
       limitMinting: LimitMintingEvent,
       pause: PauseEvent,
       resume: PauseEvent,
       pauseNFT: PauseNFTEvent,
       resumeNFT: PauseNFTEvent,
-      ownershipChange: OwnershipChangeEvent,
-      setName: Field,
-      setBaseURL: Field,
-      setRoyaltyFee: UInt32,
-      setTransferFee: UInt64,
-      setAdmin: PublicKey,
+      ownershipTransfer: OwnershipChangeEvent,
+      ownershipAccepted: OwnershipChangeEvent,
+      setName: SetNameEvent,
+      setBaseURL: SetBaseURLEvent,
+      setRoyaltyFee: SetRoyaltyFeeEvent,
+      setTransferFee: SetTransferFeeEvent,
+      setAdmin: SetAdminEvent,
     };
 
     /**
@@ -285,10 +301,12 @@ function CollectionFactory(params: {
      *
      * @returns The packed data of the collection.
      */
-    async ensureNotPaused(): Promise<void> {
-      CollectionData.isPaused(
+    async ensureNotPaused(): Promise<CollectionData> {
+      const collectionData = CollectionData.unpack(
         this.packedData.getAndRequireEquals()
-      ).assertFalse(CollectionErrors.collectionPaused);
+      );
+      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      return collectionData;
     }
 
     /**
@@ -307,9 +325,8 @@ function CollectionFactory(params: {
      */
 
     @method async mintByCreator(params: MintParams): Promise<void> {
-      CollectionData.mintingIsLimited(
-        this.packedData.getAndRequireEquals()
-      ).assertFalse(CollectionErrors.cannotMint);
+      const collectionData = await this.ensureNotPaused();
+      collectionData.mintingIsLimited.assertFalse(CollectionErrors.cannotMint);
       const creatorUpdate = await this.ensureCreatorSignature();
       // Pay 1 MINA fee for a new account
       creatorUpdate.balance.subInPlace(1_000_000_000);
@@ -322,14 +339,15 @@ function CollectionFactory(params: {
      * @param mintRequest - The minting request containing parameters and proofs.
      */
     @method async mint(mintRequest: MintRequest): Promise<void> {
-      CollectionData.mintingIsLimited(
-        this.packedData.getAndRequireEquals()
-      ).assertFalse(CollectionErrors.cannotMint);
+      const collectionData = await this.ensureNotPaused();
+      collectionData.mintingIsLimited.assertFalse(CollectionErrors.cannotMint);
       const adminContract = this.getAdminContract();
       // The admin contract checks that the sender is allowed to mint
       const mintParams = (await adminContract.canMint(mintRequest)).assertSome(
         CollectionErrors.cannotMint
       );
+      mintParams.address.assertEquals(mintRequest.address);
+      mintParams.data.owner.assertEquals(mintRequest.owner);
 
       // Prevent minting the Master NFT using this method
       mintParams.address
@@ -354,12 +372,19 @@ function CollectionFactory(params: {
         storage,
         metadataVerificationKeyHash,
         expiry,
+        fee,
+        tokenId,
       } = params;
 
       this.network.globalSlotSinceGenesis.requireBetween(UInt32.zero, expiry);
-      data.version.assertEquals(UInt32.zero);
+      data.version.assertEquals(UInt64.zero);
+      data.isPaused
+        .equals(Bool(false))
+        .or(data.canPause.equals(Bool(true)))
+        .assertTrue(CollectionErrors.cannotMint);
       const packedData = data.pack();
-      const tokenId = this.deriveTokenId();
+      const collectionTokenId = this.deriveTokenId();
+      collectionTokenId.assertEquals(tokenId);
 
       const update = AccountUpdate.createSigned(address, tokenId);
       update.body.useFullCommitment = Bool(true); // Prevent memo and fee change
@@ -405,23 +430,13 @@ function CollectionFactory(params: {
       const devnetVerificationKeyHash = Field(
         nftVerificationKeys.devnet.vk.NFT.hash
       );
-      const isMainnet = Provable.witness(Bool, () => {
-        // This check does NOT create a constraint on the verification key
-        // as this witness can be replaced during runtime
-        // and is useful only for making sure that the verification key
-        // of the NFT will match the compiled verification key of the NFT
-        // at the time of the deployment of the Collection Contract
-        return Bool(Mina.getNetworkId() === "mainnet");
-      });
       // We check that the verification key hash is the same as the one
-      // that was compiled at the time of the deployment
-      verificationKey.hash.assertEquals(
-        Provable.if(
-          isMainnet,
-          mainnetVerificationKeyHash,
-          devnetVerificationKeyHash
-        )
-      );
+      // that was compiled at the time of the collection deployment
+      if (Mina.getNetworkId() === "mainnet") {
+        verificationKey.hash.assertEquals(mainnetVerificationKeyHash);
+      } else {
+        verificationKey.hash.assertEquals(devnetVerificationKeyHash);
+      }
       update.body.update.verificationKey = {
         isSome: Bool(true),
         value: verificationKey,
@@ -459,6 +474,8 @@ function CollectionFactory(params: {
       const event = new MintEvent({
         initialState,
         address,
+        tokenId,
+        fee,
       });
       this.emitEvent("mint", event);
       return event;
@@ -474,6 +491,12 @@ function CollectionFactory(params: {
       proof: NFTUpdateProof,
       vk: VerificationKey
     ): Promise<void> {
+      // The oracle address is optional and can be empty, NFT ZkProgram can verify the address
+      // as it can be different for different NFTs. It should be empty for the update() call
+      const oracleAddress = proof.publicInput.oracleAddress;
+      oracleAddress
+        .equals(PublicKey.empty())
+        .assertTrue(CollectionErrors.invalidOracleAddress);
       await this._update(proof, vk);
     }
 
@@ -488,7 +511,7 @@ function CollectionFactory(params: {
       vk: VerificationKey
     ): Promise<void> {
       // The oracle address is optional and can be empty, NFT ZkProgram can verify the address
-      // as it can be different for different NFTs
+      // as it can be different for different NFTs. It should be non-empty for the updateWithOracle() call
       const oracleAddress = proof.publicInput.oracleAddress;
       oracleAddress
         .equals(PublicKey.empty())
@@ -535,7 +558,12 @@ function CollectionFactory(params: {
       // Verify the metadata update proof
       metadataVerificationKeyHash.assertEquals(vk.hash);
       proof.verify(vk);
-      this.emitEvent("update", proof.publicInput.immutableState.address);
+      this.emitEvent(
+        "update",
+        new NFTUpdateEvent({
+          address: proof.publicInput.immutableState.address,
+        })
+      );
     }
 
     /**
@@ -559,13 +587,14 @@ function CollectionFactory(params: {
     /**
      * Transfers ownership of an NFT without admin approval.
      *
-     * @param address - The address of the NFT.
-     * @param to - The recipient's public key.
+     * @param nftAddress - The address of the NFT.
+     * @param approved - The approved public key.
      */
     @method async approveAddressByProof(
       nftAddress: PublicKey,
       approved: PublicKey
     ): Promise<void> {
+      await this.ensureNotPaused();
       const tokenId = this.deriveTokenId();
       const nft = new NFT(nftAddress, tokenId);
       const owner = await nft.approveAddress(approved);
@@ -588,12 +617,11 @@ function CollectionFactory(params: {
      * @param to - The recipient's public key.
      * @param price - The price of the NFT (optional).
      */
-    @method async transferBySignature(params: TransferParams): Promise<void> {
+    @method async transferBySignature(
+      params: TransferBySignatureParams
+    ): Promise<void> {
       const { address, to, price, context } = params;
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
       collectionData.requireTransferApproval.assertFalse(
         CollectionErrors.transferApprovalRequired
       );
@@ -623,12 +651,14 @@ function CollectionFactory(params: {
      *
      * @param params - The transfer parameters.
      */
-    @method async transferByProof(params: TransferParams): Promise<void> {
+    @method async transferByProof(
+      params: TransferByProofParams
+    ): Promise<void> {
       const { address, from, to, price, context } = params;
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
+      const collectionData = await this.ensureNotPaused();
+      collectionData.requireTransferApproval.assertFalse(
+        CollectionErrors.transferApprovalRequired
       );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
 
       const transferEventDraft = new TransferExtendedParams({
         from,
@@ -666,14 +696,11 @@ function CollectionFactory(params: {
      *
      * @param params - The transfer parameters.
      */
-    @method async approvedTransferByProof(
-      params: TransferParams
+    @method async adminApprovedTransferByProof(
+      params: TransferByProofParams
     ): Promise<void> {
       const { address, from, to, price, context } = params;
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
 
       const transferEventDraft = new TransferExtendedParams({
         from,
@@ -718,14 +745,11 @@ function CollectionFactory(params: {
      * @param to - The recipient's public key.
      * @param price - The price of the NFT (optional).
      */
-    @method async approvedTransferBySignature(
-      params: TransferParams
+    @method async adminApprovedTransferBySignature(
+      params: TransferBySignatureParams
     ): Promise<void> {
       const { address, to, price, context } = params;
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
 
       const transferEventDraft = new TransferExtendedParams({
         from: PublicKey.empty(), // will be added later
@@ -746,15 +770,22 @@ function CollectionFactory(params: {
       const adminContract = this.getAdminContract();
       const canTransfer = await adminContract.canTransfer(transferEvent);
       canTransfer.assertTrue();
-      this.emitEvent("transfer", transferEvent);
     }
 
     /**
      * Internal method to transfer an NFT.
      *
-     * @param address - The address of the NFT.
-     * @param to - The recipient's public key.
+     * This method handles the transfer logic and fee calculation. The fee is determined as follows:
+     * - If a price is provided, the fee is calculated as (price * royaltyFee / MAX_ROYALTY_FEE)
+     * - If no price is provided, the fixed transferFee is used to handle two cases:
+     *  when NFT is being sold and the price is not provided to the contract
+     *  when NFT is being transferred by the owner (without price)
+     * - If the sender is the creator, no fee is charged
+     * - The minimum fee is always the transferFee (unless sender is creator)
+     *
+     * @param transferEventDraft - The transfer event draft, containing the information about the transfer
      * @param transferFee - The transfer fee amount.
+     * @param royaltyFee - The royalty fee amount.
      * @returns The TransferEvent emitted.
      */
     async _transfer(params: {
@@ -776,7 +807,6 @@ function CollectionFactory(params: {
       const nft = new NFT(transferEventDraft.nft, tokenId);
       const transferEvent = await nft.transfer(transferEventDraft);
       const creator = this.creator.getAndRequireEquals();
-      // TODO: check is the owner is the creator
       let fee = Provable.if(
         transferEventDraft.price.isSome,
         // We cannot check the price here, so we just rely on owner contract
@@ -834,6 +864,7 @@ function CollectionFactory(params: {
       address: PublicKey,
       vk: VerificationKey
     ): Promise<void> {
+      await this.ensureNotPaused();
       const sender = this.sender.getAndRequireSignature();
       const data = await this._upgrade(address, vk);
       data.owner
@@ -853,6 +884,7 @@ function CollectionFactory(params: {
       address: PublicKey,
       vk: VerificationKey
     ): Promise<void> {
+      await this.ensureNotPaused();
       const data = await this._upgrade(address, vk);
       const ownerContract = this.getOwnerContract(data.owner);
       const canUpgrade = await ownerContract.canChangeVerificationKey(
@@ -895,6 +927,7 @@ function CollectionFactory(params: {
      */
     @method
     async upgradeVerificationKey(vk: VerificationKey): Promise<void> {
+      await this.ensureNotPaused();
       const adminContract = this.getAdminContract();
       const canUpgrade = await adminContract.canChangeVerificationKey(
         vk,
@@ -904,7 +937,14 @@ function CollectionFactory(params: {
       canUpgrade.assertTrue(CollectionErrors.cannotUpgradeVerificationKey);
       this.account.verificationKey.set(vk);
 
-      this.emitEvent("upgradeVerificationKey", vk.hash);
+      this.emitEvent(
+        "upgradeVerificationKey",
+        new UpgradeVerificationKeyEvent({
+          address: this.address,
+          tokenId: this.tokenId,
+          verificationKeyHash: vk.hash,
+        })
+      );
     }
 
     /**
@@ -913,10 +953,7 @@ function CollectionFactory(params: {
     @method
     async limitMinting(): Promise<void> {
       await this.ensureCreatorSignature();
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
       collectionData.mintingIsLimited = Bool(true);
       this.packedData.set(collectionData.pack());
       this.emitEvent(
@@ -930,10 +967,7 @@ function CollectionFactory(params: {
      */
     @method
     async pause(): Promise<void> {
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
       const adminContract = this.getAdminContract();
       const canPause = await adminContract.canPause();
       canPause.assertTrue(CollectionErrors.noPermissionToPause);
@@ -966,6 +1000,7 @@ function CollectionFactory(params: {
      */
     @method
     async pauseNFTBySignature(address: PublicKey): Promise<void> {
+      await this.ensureNotPaused();
       const tokenId = this.deriveTokenId();
       const nft = new NFT(address, tokenId);
       const owner = await nft.pause();
@@ -983,6 +1018,7 @@ function CollectionFactory(params: {
      */
     @method
     async pauseNFTByProof(address: PublicKey): Promise<void> {
+      await this.ensureNotPaused();
       const tokenId = this.deriveTokenId();
       const nft = new NFT(address, tokenId);
       const owner = await nft.pause();
@@ -1002,6 +1038,7 @@ function CollectionFactory(params: {
      */
     @method
     async resumeNFT(address: PublicKey): Promise<void> {
+      await this.ensureNotPaused();
       const tokenId = this.deriveTokenId();
       const nft = new NFT(address, tokenId);
       const owner = await nft.resume();
@@ -1019,6 +1056,7 @@ function CollectionFactory(params: {
      */
     @method
     async resumeNFTByProof(address: PublicKey): Promise<void> {
+      await this.ensureNotPaused();
       const tokenId = this.deriveTokenId();
       const nft = new NFT(address, tokenId);
       const owner = await nft.resume();
@@ -1046,7 +1084,7 @@ function CollectionFactory(params: {
       const canChangeName = await adminContract.canChangeName(name);
       canChangeName.assertTrue(CollectionErrors.noPermissionToChangeName);
       this.collectionName.set(name);
-      this.emitEvent("setName", name);
+      this.emitEvent("setName", new SetNameEvent({ name }));
     }
 
     /**
@@ -1064,7 +1102,7 @@ function CollectionFactory(params: {
       const canChangeBaseUri = await adminContract.canChangeBaseUri(baseURL);
       canChangeBaseUri.assertTrue(CollectionErrors.noPermissionToChangeBaseUri);
       this.baseURL.set(baseURL);
-      this.emitEvent("setBaseURL", baseURL);
+      this.emitEvent("setBaseURL", new SetBaseURLEvent({ baseURL }));
     }
 
     /**
@@ -1082,7 +1120,7 @@ function CollectionFactory(params: {
       const canSetAdmin = await adminContract.canSetAdmin(admin);
       canSetAdmin.assertTrue(CollectionErrors.noPermissionToSetAdmin);
       this.admin.set(admin);
-      this.emitEvent("setAdmin", admin);
+      this.emitEvent("setAdmin", new SetAdminEvent({ admin }));
     }
 
     /**
@@ -1095,10 +1133,7 @@ function CollectionFactory(params: {
      */
     @method
     async setRoyaltyFee(royaltyFee: UInt32): Promise<void> {
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
       royaltyFee.assertLessThanOrEqual(
         UInt32.from(MAX_ROYALTY_FEE),
         CollectionErrors.invalidRoyaltyFee
@@ -1108,7 +1143,7 @@ function CollectionFactory(params: {
       canChangeRoyalty.assertTrue(CollectionErrors.noPermissionToChangeRoyalty);
       collectionData.royaltyFee = royaltyFee;
       this.packedData.set(collectionData.pack());
-      this.emitEvent("setRoyaltyFee", royaltyFee);
+      this.emitEvent("setRoyaltyFee", new SetRoyaltyFeeEvent({ royaltyFee }));
     }
 
     /**
@@ -1121,10 +1156,7 @@ function CollectionFactory(params: {
      */
     @method
     async setTransferFee(transferFee: UInt64): Promise<void> {
-      const collectionData = CollectionData.unpack(
-        this.packedData.getAndRequireEquals()
-      );
-      collectionData.isPaused.assertFalse(CollectionErrors.collectionPaused);
+      const collectionData = await this.ensureNotPaused();
       const adminContract = this.getAdminContract();
       const canChangeTransferFee = await adminContract.canChangeTransferFee(
         transferFee
@@ -1134,26 +1166,38 @@ function CollectionFactory(params: {
       );
       collectionData.transferFee = transferFee;
       this.packedData.set(collectionData.pack());
-      this.emitEvent("setTransferFee", transferFee);
+      this.emitEvent(
+        "setTransferFee",
+        new SetTransferFeeEvent({ transferFee })
+      );
     }
 
     /**
-     * Transfers ownership of the collection to a new owner.
+     * Transfers ownership of the collection to a new creator.
+     * This method is called transferOwnership as the Collection is implementing OwnableContract interface
+     * For the Collection, the creator is the owner of the collection
      *
-     * @param to - The public key of the new owner.
-     * @returns The public key of the old owner.
+     * @param to - The public key of the new creator.
+     * @returns The public key of the old creator.
      */
     @method.returns(PublicKey)
     async transferOwnership(to: PublicKey): Promise<PublicKey> {
       await this.ensureCreatorSignature();
-      await this.ensureNotPaused();
+      const collectionData = CollectionData.unpack(
+        this.packedData.getAndRequireEquals()
+      );
+      collectionData.isPaused.assertFalse(CollectionErrors.collectionNotPaused);
+
       const adminContract = this.getAdminContract();
       const canChangeCreator = await adminContract.canChangeCreator(to);
       canChangeCreator.assertTrue(CollectionErrors.noPermissionToChangeCreator);
       const from = this.creator.getAndRequireEquals();
-      this.creator.set(to);
+      // Pending creator public key can be empty, it cancels the transfer
+      this.pendingCreatorX.set(to.x);
+      collectionData.pendingCreatorIsOdd = to.isOdd;
+      this.packedData.set(collectionData.pack());
       this.emitEvent(
-        "ownershipChange",
+        "ownershipTransfer",
         new OwnershipChangeEvent({
           from,
           to,
@@ -1162,6 +1206,54 @@ function CollectionFactory(params: {
       return from;
     }
 
+    /**
+     * Transfers ownership of the collection to a new owner.
+     *
+     * @param to - The public key of the new owner.
+     * @returns The public key of the old owner.
+     */
+    @method.returns(PublicKey)
+    async acceptOwnership(): Promise<PublicKey> {
+      const collectionData = CollectionData.unpack(
+        this.packedData.getAndRequireEquals()
+      );
+      collectionData.isPaused.assertFalse(CollectionErrors.collectionNotPaused);
+
+      const pendingCreatorX = this.pendingCreatorX.getAndRequireEquals();
+      const pendingCreator = PublicKey.from({
+        x: pendingCreatorX,
+        isOdd: collectionData.pendingCreatorIsOdd,
+      });
+      const emptyPublicKey = PublicKey.empty();
+      pendingCreator
+        .equals(emptyPublicKey)
+        .assertFalse(CollectionErrors.pendingCreatorIsEmpty);
+      // pendingCreator can be different from the sender, but it should sign the tx
+      const pendingCreatorUpdate = AccountUpdate.createSigned(pendingCreator);
+      pendingCreatorUpdate.body.useFullCommitment = Bool(true); // Prevent memo and fee change
+
+      // Check second time that the transfer is allowed
+      const adminContract = this.getAdminContract();
+      const canChangeCreator = await adminContract.canChangeCreator(
+        pendingCreator
+      );
+      canChangeCreator.assertTrue(CollectionErrors.noPermissionToChangeCreator);
+      const from = this.creator.getAndRequireEquals();
+
+      this.pendingCreatorX.set(emptyPublicKey.x);
+      collectionData.pendingCreatorIsOdd = Bool(emptyPublicKey.isOdd);
+      this.creator.set(pendingCreator);
+      this.packedData.set(collectionData.pack());
+      this.emitEvent(
+        "ownershipAccepted",
+        new OwnershipChangeEvent({
+          from,
+          to: pendingCreator,
+        })
+      );
+      return from;
+    }
+
     @method.returns(NFTStateStruct)
     async getNFTState(address: PublicKey): Promise<NFTStateStruct> {
       const tokenId = this.deriveTokenId();

package/src/contracts/nft.ts

@@ -30,6 +30,7 @@ const NftErrors = {
   cannotChangeMetadataVerificationKeyHash:
     "Cannot change metadata verification key hash",
   cannotChangeOwner: "Cannot change owner",
+  cannotChangeApproval: "Cannot change approval",
   cannotChangeStorage: "Cannot change storage",
   cannotChangePauseState: "Cannot change pause state",
   noPermissionToPause: "No permission to pause",
@@ -212,6 +213,7 @@ class NFT extends SmartContract {
     data.owner = output.owner;
     data.approved = output.approved;
     data.version = output.version;
+    data.isPaused = output.isPaused;
 
     this.packedData.set(data.pack());
 
@@ -282,6 +284,7 @@ class NFT extends SmartContract {
   async approveAddress(approved: PublicKey): Promise<PublicKey> {
     const data = NFTData.unpack(this.packedData.getAndRequireEquals());
     data.isPaused.assertFalse(NftErrors.nftIsPaused);
+    data.canApprove.assertTrue(NftErrors.cannotChangeApproval);
     data.approved = approved;
     this.packedData.set(data.pack());
     this.emitEvent("approve", approved);