@silvana-one/token 0.1.0

package/src/FungibleTokenAdvancedAdmin.ts

@@ -0,0 +1,260 @@
+import {
+  AccountUpdate,
+  Bool,
+  DeployArgs,
+  method,
+  Permissions,
+  Provable,
+  PublicKey,
+  State,
+  state,
+  TokenContract,
+  UInt64,
+  VerificationKey,
+  AccountUpdateForest,
+  Struct,
+  Field,
+  TokenId,
+} from "o1js";
+import { Whitelist } from "@silvana-one/storage";
+import { FungibleTokenAdminBase } from "./FungibleTokenContract.js";
+
+export class AdvancedAdminData extends Struct({
+  totalSupply: UInt64,
+  requireAdminSignatureForMint: Bool,
+  anyoneCanMint: Bool,
+}) {
+  static new(
+    params: {
+      totalSupply?: number; // default is UInt64.MAXINT()
+      requireAdminSignatureForMint?: boolean; // default is false
+      anyoneCanMint?: boolean; // default is false
+    } = {}
+  ): AdvancedAdminData {
+    const { totalSupply, requireAdminSignatureForMint, anyoneCanMint } = params;
+    return new AdvancedAdminData({
+      totalSupply: UInt64.from(totalSupply ?? 0),
+      requireAdminSignatureForMint: Bool(requireAdminSignatureForMint ?? false),
+      anyoneCanMint: Bool(anyoneCanMint ?? false),
+    });
+  }
+
+  pack(): Field {
+    const totalSupplyBits = this.totalSupply.value.toBits(64);
+    return Field.fromBits([
+      ...totalSupplyBits,
+      this.requireAdminSignatureForMint,
+      this.anyoneCanMint,
+    ]);
+  }
+
+  static unpack(packed: Field) {
+    const bits = packed.toBits(64 + 1 + 1);
+    const totalSupply = UInt64.Unsafe.fromField(
+      Field.fromBits(bits.slice(0, 64))
+    );
+    const requireAdminSignatureForMint = bits[64];
+    const anyoneCanMint = bits[64 + 1];
+    return new AdvancedAdminData({
+      totalSupply,
+      requireAdminSignatureForMint,
+      anyoneCanMint,
+    });
+  }
+}
+
+export interface FungibleTokenWhitelistedAdminDeployProps
+  extends Exclude<DeployArgs, undefined> {
+  adminPublicKey: PublicKey;
+  tokenContract: PublicKey;
+  totalSupply: UInt64;
+  whitelist: Whitelist;
+  requireAdminSignatureForMint: Bool;
+  anyoneCanMint: Bool;
+}
+
+/** A contract that grants permissions for administrative actions on a token.
+ *
+ * We separate this out into a dedicated contract. That way, when issuing a token, a user can
+ * specify their own rules for administrative actions, without changing the token contract itself.
+ *
+ * The advantage is that third party applications that only use the token in a non-privileged way
+ * can integrate against the unchanged token contract.
+ */
+export class FungibleTokenAdvancedAdmin
+  extends TokenContract
+  implements FungibleTokenAdminBase
+{
+  @state(PublicKey) adminPublicKey = State<PublicKey>();
+  @state(PublicKey) tokenContract = State<PublicKey>();
+  @state(Whitelist) whitelist = State<Whitelist>();
+  @state(Field) adminData = State<Field>();
+
+  /**
+   * Overrides the approveBase method to prevent transfers of tokens.
+   *
+   * @param forest - The account update forest.
+   */
+  async approveBase(forest: AccountUpdateForest) {
+    throw Error("Transfer not allowed");
+  }
+
+  async deploy(props: FungibleTokenWhitelistedAdminDeployProps) {
+    await super.deploy(props);
+    this.adminPublicKey.set(props.adminPublicKey);
+    this.tokenContract.set(props.tokenContract);
+    this.adminData.set(
+      new AdvancedAdminData({
+        totalSupply: props.totalSupply,
+        requireAdminSignatureForMint: props.requireAdminSignatureForMint,
+        anyoneCanMint: props.anyoneCanMint,
+      }).pack()
+    );
+    this.whitelist.set(props.whitelist);
+    this.account.permissions.set({
+      ...Permissions.default(),
+      setVerificationKey:
+        Permissions.VerificationKey.proofDuringCurrentVersion(),
+      setPermissions: Permissions.impossible(),
+    });
+  }
+
+  events = { updateWhitelist: Whitelist };
+
+  /** Update the verification key.
+   * Note that because we have set the permissions for setting
+   * the verification key to `impossibleDuringCurrentVersion()`,
+   * this will only be possible in case of a protocol update that requires an update.
+   */
+  @method
+  async updateVerificationKey(vk: VerificationKey) {
+    await this.ensureAdminSignature();
+    this.account.verificationKey.set(vk);
+  }
+
+  private async ensureAdminSignature() {
+    // We do not fetch the admin public key here to allow error handling during
+    // the fetching of the admin public key that should be done before calling this method
+    const admin = this.adminPublicKey.getAndRequireEquals();
+    const adminUpdate = AccountUpdate.createSigned(admin);
+    adminUpdate.body.useFullCommitment = Bool(true);
+    return adminUpdate;
+  }
+
+  @method.returns(Bool)
+  public async canMint(_accountUpdate: AccountUpdate) {
+    // We use many conditional account updates here to allow other contracts to call this method
+    // without hitting the account update limit
+    const address = _accountUpdate.body.publicKey;
+    const balanceChange = _accountUpdate.body.balanceChange;
+    balanceChange.isPositive().assertTrue();
+    const amount: UInt64 = balanceChange.magnitude;
+
+    const adminData = AdvancedAdminData.unpack(
+      this.adminData.getAndRequireEquals()
+    );
+    amount.assertLessThanOrEqual(adminData.totalSupply);
+
+    const tokenContract = this.tokenContract.getAndRequireEquals();
+    const tokenId = TokenId.derive(tokenContract); // it is NOT this.tokenId
+    const adminTokenId = this.deriveTokenId(); // it is NOT this.tokenId
+
+    // Does this guarantee that the call is from the token contract?
+    // TODO: If not, consider adding a sync method to handle the case when
+    // the contract will be called not from the token contract
+    // and the totalSupply will run out of sync with the token contract
+    _accountUpdate.body.tokenId.assertEquals(tokenId);
+
+    // Create a conditional AccountUpdate to check total supply in case it is limited
+    const maxAdditionalSupply = adminData.totalSupply.sub(amount);
+    const tokenUpdate = AccountUpdate.createIf(
+      adminData.totalSupply.equals(UInt64.MAXINT()).not(),
+      this.address,
+      adminTokenId
+    );
+    tokenUpdate.account.balance.requireBetween(
+      UInt64.zero,
+      maxAdditionalSupply
+    );
+    tokenUpdate.balance.addInPlace(amount);
+    this.self.approve(tokenUpdate);
+
+    const whitelist = this.whitelist.getAndRequireEquals();
+    const whitelistedAmount = await whitelist.getWhitelistedAmount(address);
+    whitelistedAmount.isSome
+      .or(adminData.anyoneCanMint)
+      .assertTrue("Cannot mint to non-whitelisted address");
+    const maxMintAmount = Provable.if(
+      adminData.anyoneCanMint,
+      Provable.if(
+        whitelistedAmount.isSome,
+        whitelistedAmount.value,
+        UInt64.MAXINT()
+      ), // blacklist
+      whitelistedAmount.value
+    );
+    amount.assertLessThanOrEqual(maxMintAmount);
+
+    // create a conditional account update to check if the tokens already have been minted
+    // we will keep track of the total amount minted in the admin contract
+    // It is the responsibility of Mina.transaction to fund the new account
+    // We will not handle it here to save one account update
+    const trackMintUpdate = AccountUpdate.createIf(
+      whitelist.isSome(), // we do not track minting if the whitelist is empty
+      address,
+      adminTokenId
+    );
+    trackMintUpdate.account.balance.requireBetween(
+      UInt64.zero,
+      maxMintAmount.sub(amount)
+    );
+    trackMintUpdate.balance.addInPlace(amount);
+    this.self.approve(trackMintUpdate);
+
+    // This conditional account update will be created only if admin signature is required
+    const adminSignatureUpdate = AccountUpdate.createIf(
+      adminData.requireAdminSignatureForMint,
+      this.adminPublicKey.getAndRequireEquals()
+    );
+    adminSignatureUpdate.requireSignature();
+    adminSignatureUpdate.body.useFullCommitment = Bool(true);
+
+    // We return true as we already checked that the mint is allowed
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canChangeAdmin(_admin: PublicKey) {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canPause(): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canResume(): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method async updateWhitelist(whitelist: Whitelist) {
+    const admin = this.adminPublicKey.getAndRequireEquals();
+    const sender = this.sender.getUnconstrained();
+    const senderUpdate = AccountUpdate.createSigned(sender);
+    senderUpdate.body.useFullCommitment = Bool(true);
+    admin.assertEquals(sender);
+
+    this.whitelist.set(whitelist);
+    this.emitEvent("updateWhitelist", whitelist);
+  }
+
+  @method.returns(Bool)
+  public async canChangeVerificationKey(_vk: VerificationKey): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+}

package/src/FungibleTokenContract.ts

@@ -0,0 +1,337 @@
+import {
+  AccountUpdate,
+  AccountUpdateForest,
+  assert,
+  Bool,
+  DeployArgs,
+  Field,
+  Int64,
+  method,
+  Permissions,
+  Provable,
+  PublicKey,
+  SmartContract,
+  State,
+  state,
+  Struct,
+  TokenContract,
+  Types,
+  UInt64,
+  UInt8,
+  VerificationKey,
+} from "o1js";
+
+export type FungibleTokenAdminBase = SmartContract & {
+  canMint(accountUpdate: AccountUpdate): Promise<Bool>;
+  canChangeAdmin(admin: PublicKey): Promise<Bool>;
+  canPause(): Promise<Bool>;
+  canResume(): Promise<Bool>;
+  canChangeVerificationKey(vk: VerificationKey): Promise<Bool>;
+};
+
+export type FungibleTokenAdminConstructor = new (
+  adminPublicKey: PublicKey
+) => FungibleTokenAdminBase;
+
+export interface FungibleTokenDeployProps
+  extends Exclude<DeployArgs, undefined> {
+  /** The token symbol. */
+  symbol: string;
+  /** A source code reference, which is placed within the `zkappUri` of the contract account.
+   * Typically a link to a file on github. */
+  src: string;
+  /** Setting this to `true` will allow changing the verification key later with a signature from the deployer. This will allow updating the token contract at a later stage, for instance to react to an update of the o1js library.
+   * Setting it to `false` will make changes to the contract impossible, unless there is a backward incompatible change to the protocol. (see https://docs.minaprotocol.com/zkapps/writing-a-zkapp/feature-overview/permissions#example-impossible-to-upgrade and https://minafoundation.github.io/mina-fungible-token/deploy.html) */
+  allowUpdates: boolean;
+}
+
+export const FungibleTokenErrors = {
+  noAdminKey: "could not fetch admin contract key",
+  noPermissionToChangeAdmin: "Not allowed to change admin contract",
+  tokenPaused: "Token is currently paused",
+  noPermissionToMint: "Not allowed to mint tokens",
+  noPermissionToPause: "Not allowed to pause token",
+  noPermissionToResume: "Not allowed to resume token",
+  noTransferFromCirculation: "Can't transfer to/from the circulation account",
+  noPermissionChangeAllowed:
+    "Can't change permissions for access or receive on token accounts",
+  flashMinting:
+    "Flash-minting or unbalanced transaction detected. Please make sure that your transaction is balanced, and that your `AccountUpdate`s are ordered properly, so that tokens are not received before they are sent.",
+  unbalancedTransaction: "Transaction is unbalanced",
+};
+export function FungibleTokenContract(
+  adminContract: FungibleTokenAdminConstructor
+) {
+  class FungibleToken extends TokenContract {
+    @state(UInt8)
+    decimals = State<UInt8>();
+    @state(PublicKey)
+    admin = State<PublicKey>();
+    @state(Bool)
+    paused = State<Bool>();
+
+    readonly events = {
+      SetAdmin: SetAdminEvent,
+      Pause: PauseEvent,
+      Mint: MintEvent,
+      Burn: BurnEvent,
+      BalanceChange: BalanceChangeEvent,
+    };
+
+    async deploy(props: FungibleTokenDeployProps) {
+      await super.deploy(props);
+      this.paused.set(Bool(true));
+      this.account.zkappUri.set(props.src);
+      this.account.tokenSymbol.set(props.symbol);
+
+      this.account.permissions.set({
+        ...Permissions.default(),
+        setVerificationKey: props.allowUpdates
+          ? Permissions.VerificationKey.proofDuringCurrentVersion()
+          : Permissions.VerificationKey.impossibleDuringCurrentVersion(),
+        setPermissions: Permissions.impossible(),
+        access: Permissions.proof(),
+      });
+    }
+
+    /** Update the verification key.
+     * This will only work when `allowUpdates` has been set to `true` during deployment.
+     */
+    @method
+    async updateVerificationKey(vk: VerificationKey) {
+      const adminContract = await this.getAdminContract();
+      const canChangeVerificationKey =
+        await adminContract.canChangeVerificationKey(vk);
+      canChangeVerificationKey.assertTrue(
+        FungibleTokenErrors.noPermissionToChangeAdmin
+      );
+      this.account.verificationKey.set(vk);
+    }
+
+    /** Initializes the account for tracking total circulation.
+     * @argument {PublicKey} admin - public key where the admin contract is deployed
+     * @argument {UInt8} decimals - number of decimals for the token
+     * @argument {Bool} startPaused - if set to `Bool(true), the contract will start in a mode where token minting and transfers are paused. This should be used for non-atomic deployments
+     */
+    @method
+    async initialize(admin: PublicKey, decimals: UInt8, startPaused: Bool) {
+      this.account.provedState.requireEquals(Bool(false));
+
+      this.admin.set(admin);
+      this.decimals.set(decimals);
+      this.paused.set(Bool(false));
+
+      this.paused.set(startPaused);
+
+      const accountUpdate = AccountUpdate.createSigned(
+        this.address,
+        this.deriveTokenId()
+      );
+      let permissions = Permissions.default();
+      // This is necessary in order to allow token holders to burn.
+      permissions.send = Permissions.none();
+      permissions.setPermissions = Permissions.impossible();
+      accountUpdate.account.permissions.set(permissions);
+    }
+
+    public async getAdminContract(): Promise<FungibleTokenAdminBase> {
+      const admin = await Provable.witnessAsync(PublicKey, async () => {
+        let pk = await this.admin.fetch();
+        assert(pk !== undefined, FungibleTokenErrors.noAdminKey);
+        return pk;
+      });
+      this.admin.requireEquals(admin);
+      return new adminContract(admin);
+    }
+
+    @method
+    async setAdmin(admin: PublicKey) {
+      const adminContract = await this.getAdminContract();
+      const canChangeAdmin = await adminContract.canChangeAdmin(admin);
+      canChangeAdmin.assertTrue(FungibleTokenErrors.noPermissionToChangeAdmin);
+      this.admin.set(admin);
+      this.emitEvent("SetAdmin", new SetAdminEvent({ adminKey: admin }));
+    }
+
+    @method.returns(AccountUpdate)
+    async mint(recipient: PublicKey, amount: UInt64): Promise<AccountUpdate> {
+      this.paused
+        .getAndRequireEquals()
+        .assertFalse(FungibleTokenErrors.tokenPaused);
+      const accountUpdate = this.internal.mint({ address: recipient, amount });
+      const adminContract = await this.getAdminContract();
+      const canMint = await adminContract.canMint(accountUpdate);
+      canMint.assertTrue(FungibleTokenErrors.noPermissionToMint);
+      recipient
+        .equals(this.address)
+        .assertFalse(FungibleTokenErrors.noTransferFromCirculation);
+      this.approve(accountUpdate);
+      this.emitEvent("Mint", new MintEvent({ recipient, amount }));
+      const circulationUpdate = AccountUpdate.create(
+        this.address,
+        this.deriveTokenId()
+      );
+      circulationUpdate.balanceChange = Int64.fromUnsigned(amount);
+      return accountUpdate;
+    }
+
+    @method.returns(AccountUpdate)
+    async burn(from: PublicKey, amount: UInt64): Promise<AccountUpdate> {
+      this.paused
+        .getAndRequireEquals()
+        .assertFalse(FungibleTokenErrors.tokenPaused);
+      const accountUpdate = this.internal.burn({ address: from, amount });
+      const circulationUpdate = AccountUpdate.create(
+        this.address,
+        this.deriveTokenId()
+      );
+      from
+        .equals(this.address)
+        .assertFalse(FungibleTokenErrors.noTransferFromCirculation);
+      circulationUpdate.balanceChange = Int64.fromUnsigned(amount).neg();
+      this.emitEvent("Burn", new BurnEvent({ from, amount }));
+      return accountUpdate;
+    }
+
+    @method
+    async pause() {
+      const adminContract = await this.getAdminContract();
+      const canPause = await adminContract.canPause();
+      canPause.assertTrue(FungibleTokenErrors.noPermissionToPause);
+      this.paused.set(Bool(true));
+      this.emitEvent("Pause", new PauseEvent({ isPaused: Bool(true) }));
+    }
+
+    @method
+    async resume() {
+      const adminContract = await this.getAdminContract();
+      const canResume = await adminContract.canResume();
+      canResume.assertTrue(FungibleTokenErrors.noPermissionToResume);
+      this.paused.set(Bool(false));
+      this.emitEvent("Pause", new PauseEvent({ isPaused: Bool(false) }));
+    }
+
+    @method
+    async transfer(from: PublicKey, to: PublicKey, amount: UInt64) {
+      this.paused
+        .getAndRequireEquals()
+        .assertFalse(FungibleTokenErrors.tokenPaused);
+      from
+        .equals(this.address)
+        .assertFalse(FungibleTokenErrors.noTransferFromCirculation);
+      to.equals(this.address).assertFalse(
+        FungibleTokenErrors.noTransferFromCirculation
+      );
+      this.internal.send({ from, to, amount });
+    }
+
+    checkPermissionsUpdate(update: AccountUpdate) {
+      let permissions = update.update.permissions;
+
+      let { access, receive } = permissions.value;
+      let accessIsNone = Provable.equal(
+        Types.AuthRequired,
+        access,
+        Permissions.none()
+      );
+      let receiveIsNone = Provable.equal(
+        Types.AuthRequired,
+        receive,
+        Permissions.none()
+      );
+      let updateAllowed = accessIsNone.and(receiveIsNone);
+
+      assert(
+        updateAllowed.or(permissions.isSome.not()),
+        FungibleTokenErrors.noPermissionChangeAllowed
+      );
+    }
+
+    /** Approve `AccountUpdate`s that have been created outside of the token contract.
+     *
+     * @argument {AccountUpdateForest} updates - The `AccountUpdate`s to approve. Note that the forest size is limited by the base token contract, @see TokenContract.MAX_ACCOUNT_UPDATES The current limit is 9.
+     */
+    @method
+    async approveBase(updates: AccountUpdateForest): Promise<void> {
+      this.paused
+        .getAndRequireEquals()
+        .assertFalse(FungibleTokenErrors.tokenPaused);
+      let totalBalance = Int64.from(0);
+      this.forEachUpdate(updates, (update, usesToken) => {
+        // Make sure that the account permissions are not changed
+        this.checkPermissionsUpdate(update);
+        this.emitEventIf(
+          usesToken,
+          "BalanceChange",
+          new BalanceChangeEvent({
+            address: update.publicKey,
+            amount: update.balanceChange,
+          })
+        );
+        // Don't allow transfers to/from the account that's tracking circulation
+        update.publicKey
+          .equals(this.address)
+          .and(usesToken)
+          .assertFalse(FungibleTokenErrors.noTransferFromCirculation);
+        totalBalance = Provable.if(
+          usesToken,
+          totalBalance.add(update.balanceChange),
+          totalBalance
+        );
+        totalBalance.isPositive().assertFalse(FungibleTokenErrors.flashMinting);
+      });
+      totalBalance.assertEquals(
+        Int64.zero,
+        FungibleTokenErrors.unbalancedTransaction
+      );
+    }
+
+    @method.returns(UInt64)
+    async getBalanceOf(address: PublicKey): Promise<UInt64> {
+      const account = AccountUpdate.create(
+        address,
+        this.deriveTokenId()
+      ).account;
+      const balance = account.balance.get();
+      account.balance.requireEquals(balance);
+      return balance;
+    }
+
+    /** Reports the current circulating supply
+     * This does take into account currently unreduced actions.
+     */
+    async getCirculating(): Promise<UInt64> {
+      let circulating = await this.getBalanceOf(this.address);
+      return circulating;
+    }
+
+    @method.returns(UInt8)
+    async getDecimals(): Promise<UInt8> {
+      return this.decimals.getAndRequireEquals();
+    }
+  }
+  return FungibleToken;
+}
+
+export class SetAdminEvent extends Struct({
+  adminKey: PublicKey,
+}) {}
+
+export class PauseEvent extends Struct({
+  isPaused: Bool,
+}) {}
+
+export class MintEvent extends Struct({
+  recipient: PublicKey,
+  amount: UInt64,
+}) {}
+
+export class BurnEvent extends Struct({
+  from: PublicKey,
+  amount: UInt64,
+}) {}
+
+export class BalanceChangeEvent extends Struct({
+  address: PublicKey,
+  amount: Int64,
+}) {}

package/src/FungibleTokenStandardAdmin.ts

@@ -0,0 +1,95 @@
+import {
+  AccountUpdate,
+  assert,
+  Bool,
+  DeployArgs,
+  method,
+  Permissions,
+  Provable,
+  PublicKey,
+  SmartContract,
+  State,
+  state,
+  VerificationKey,
+} from "o1js";
+import { FungibleTokenAdminBase } from "./FungibleTokenContract.js";
+
+export interface FungibleTokenAdminDeployProps
+  extends Exclude<DeployArgs, undefined> {
+  adminPublicKey: PublicKey;
+}
+
+/** A contract that grants permissions for administrative actions on a token.
+ *
+ * We separate this out into a dedicated contract. That way, when issuing a token, a user can
+ * specify their own rules for administrative actions, without changing the token contract itself.
+ *
+ * The advantage is that third party applications that only use the token in a non-privileged way
+ * can integrate against the unchanged token contract.
+ */
+export class FungibleTokenAdmin
+  extends SmartContract
+  implements FungibleTokenAdminBase
+{
+  @state(PublicKey)
+  private adminPublicKey = State<PublicKey>();
+
+  async deploy(props: FungibleTokenAdminDeployProps) {
+    await super.deploy(props);
+    this.adminPublicKey.set(props.adminPublicKey);
+    this.account.permissions.set({
+      ...Permissions.default(),
+      setVerificationKey:
+        Permissions.VerificationKey.impossibleDuringCurrentVersion(),
+      setPermissions: Permissions.impossible(),
+    });
+  }
+
+  /** Update the verification key.
+   * Note that because we have set the permissions for setting the verification key to `impossibleDuringCurrentVersion()`, this will only be possible in case of a protocol update that requires an update.
+   */
+  @method
+  async updateVerificationKey(vk: VerificationKey) {
+    this.account.verificationKey.set(vk);
+  }
+
+  private async ensureAdminSignature() {
+    const admin = await Provable.witnessAsync(PublicKey, async () => {
+      let pk = await this.adminPublicKey.fetch();
+      assert(pk !== undefined, "could not fetch admin public key");
+      return pk;
+    });
+    this.adminPublicKey.requireEquals(admin);
+    return AccountUpdate.createSigned(admin);
+  }
+
+  @method.returns(Bool)
+  public async canMint(_accountUpdate: AccountUpdate) {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canChangeAdmin(_admin: PublicKey) {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canPause(): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canResume(): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+
+  @method.returns(Bool)
+  public async canChangeVerificationKey(_vk: VerificationKey): Promise<Bool> {
+    await this.ensureAdminSignature();
+    return Bool(true);
+  }
+}