@zoralabs/limit-orders 0.2.0 → 0.2.2

package/test/LimitOrderAccessControl.t.sol

@@ -2,25 +2,28 @@
 pragma solidity ^0.8.28;
 
 import {BaseTest} from "./utils/BaseTest.sol";
-import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
-import {SimpleAccessManaged} from "../src/access/SimpleAccessManaged.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {IZoraLimitOrderBook} from "../src/IZoraLimitOrderBook.sol";
+import {PermittedCallers} from "../src/access/PermittedCallers.sol";
 import {PoolKey} from "@uniswap/v4-core/src/types/PoolKey.sol";
 import {Currency} from "@uniswap/v4-core/src/types/Currency.sol";
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import {IPoolManager} from "@uniswap/v4-core/src/interfaces/IPoolManager.sol";
+import {SwapWithLimitOrders} from "../src/router/SwapWithLimitOrders.sol";
+import {LimitOrderConfig} from "../src/libs/SwapLimitOrders.sol";
 
 contract LimitOrderAccessControlTest is BaseTest {
-    uint64 public constant CREATOR_ROLE = 1;
     address public unauthorizedUser;
-    address public authorizedRouter;
+    address public authorizedCaller;
+    address public newOwner;
 
     function setUp() public override {
         super.setUpNonForked();
 
         // Set up test users
         unauthorizedUser = makeAddr("unauthorizedUser");
-        authorizedRouter = makeAddr("authorizedRouter");
+        authorizedCaller = makeAddr("authorizedCaller");
+        newOwner = makeAddr("newOwner");
     }
 
     function _prepareOrder(
@@ -69,120 +72,146 @@ contract LimitOrderAccessControlTest is BaseTest {
         zoraHookRegistry.registerHooks(hooks, tags);
     }
 
-    function test_create_worksWithPublicRole() public {
+    function _setPublicAccess(bool isPublic) internal {
+        address[] memory callers = new address[](1);
+        callers[0] = address(0); // PUBLIC_ACCESS sentinel
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = isPublic;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+    }
+
+    // Test: create() works in public mode (default)
+    function test_create_publicMode() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
+        // Verify any address is permitted by default (public mode)
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser), "any address should be permitted in public mode");
+
+        // Anyone can create orders in public mode
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
     }
 
-    function test_transitionToPermissioned() public {
+    // Test: setPermittedCallers can toggle public access control via address(0)
+    function test_setPermittedCallers_togglesPublicAccessControl() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Initially anyone can create orders (PUBLIC_ROLE is set in BaseTest)
+        // Initially public - anyone can create
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser));
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
 
-        // Create a specific role for authorized creators
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-
-        // Grant role to authorized router
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        // Switch function to require CREATOR_ROLE
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Owner sets to permissioned mode by disabling address(0)
+        _setPublicAccess(false);
+        assertFalse(limitOrderBook.isPermittedCaller(unauthorizedUser));
 
         // Now unauthorized user should fail
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
 
-        // But authorized router should succeed
-        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(authorizedRouter, key);
-        _createOrder(key, isCurrency0, orderSizes, orderTicks, authorizedRouter, orderCoin);
+        // Owner sets back to public mode
+        _setPublicAccess(true);
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser));
 
-        // If we got here without reverting, the test passed
+        // Now anyone can create again
+        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
+        _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
     }
 
-    function test_unauthorizedUserCannotCreate() public {
+    // Test: unauthorized user cannot create in permissioned mode
+    function test_create_permissionedMode_unauthorizedFails() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Set up permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Set to permissioned mode
+        _setPublicAccess(false);
 
         // Unauthorized user tries to create
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
     }
 
-    function test_grantAndRevokeRole() public {
+    // Test: setPermittedCallers grants and revokes access
+    function test_setPermittedCallers_grantsAndRevokesAccess() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Set up permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Set to permissioned mode
+        _setPublicAccess(false);
 
         // Initially unauthorized user cannot create
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
 
-        // Grant role to user
-        accessManager.grantRole(CREATOR_ROLE, unauthorizedUser, 0);
+        // Grant access to user
+        address[] memory callers = new address[](1);
+        callers[0] = unauthorizedUser;
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = true;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser), "user should be permitted");
 
         // Now user can create
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
 
-        // Revoke role
-        accessManager.revokeRole(CREATOR_ROLE, unauthorizedUser);
+        // Revoke access
+        permitted[0] = false;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertFalse(limitOrderBook.isPermittedCaller(unauthorizedUser), "user should not be permitted");
 
         // Now user cannot create again
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
     }
 
-    function test_adminCanReconfigure() public {
-        PoolKey memory key = creatorCoin.getPoolKey();
-
-        // Admin sets up initial permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
-
-        // Unauthorized user cannot create
-        (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
-        vm.stopPrank();
-
-        // Admin decides to open it back up to public
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, accessManager.PUBLIC_ROLE());
-
-        // Now anyone can create again
-        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
+    // Test: setPermittedCallers works with multiple addresses
+    function test_setPermittedCallers_batchUpdate() public {
+        address caller1 = makeAddr("caller1");
+        address caller2 = makeAddr("caller2");
+        address caller3 = makeAddr("caller3");
+
+        _setPublicAccess(false);
+
+        // Grant access to multiple callers
+        address[] memory callers = new address[](3);
+        callers[0] = caller1;
+        callers[1] = caller2;
+        callers[2] = caller3;
+        // set public to false
+        bool[] memory permitted = new bool[](3);
+        permitted[0] = true;
+        permitted[1] = true;
+        permitted[2] = true;
+
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(caller1));
+        assertTrue(limitOrderBook.isPermittedCaller(caller2));
+        assertTrue(limitOrderBook.isPermittedCaller(caller3));
+
+        // Revoke access from caller2
+        address[] memory revokeList = new address[](1);
+        revokeList[0] = caller2;
+        bool[] memory revokePermitted = new bool[](1);
+        revokePermitted[0] = false;
+
+        limitOrderBook.setPermittedCallers(revokeList, revokePermitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(caller1));
+        assertFalse(limitOrderBook.isPermittedCaller(caller2));
+        assertTrue(limitOrderBook.isPermittedCaller(caller3));
     }
 
+    // Test: non-hook cannot fill while unlocked
     function test_nonHookCannotFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -194,6 +223,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         caller.attemptUnlockedFill(key, false, -type(int24).max, type(int24).max, 1, address(0));
     }
 
+    // Test: registered hook can fill while unlocked
     function test_fillRegisteredHookCanFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -217,6 +247,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         assertEq(_makerBalance(users.seller, created[0].coin), 0, "maker balance should be zero");
     }
 
+    // Test: unregistered hook cannot fill while unlocked
     function test_fillUnregisteredHookCannotFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
         UnlockedFillCaller caller = new UnlockedFillCaller(address(limitOrderBook), address(poolManager));
@@ -225,6 +256,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         caller.attemptUnlockedFill(key, true, -type(int24).max, type(int24).max, 5, address(0));
     }
 
+    // Test: fill maxFillCount defaults to storage
     function test_fill_MaxFillCountDefaultsToStorage() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -237,7 +269,6 @@ contract LimitOrderAccessControlTest is BaseTest {
         _movePriceBeyondTicksWithAutoFillDisabled(created);
 
         uint256 previousMax = limitOrderBook.getMaxFillCount();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
         (int24 startTick, int24 endTick) = _tickWindow(created, key);
 
@@ -246,10 +277,10 @@ contract LimitOrderAccessControlTest is BaseTest {
         FilledOrderLog[] memory fills = _decodeFilledLogs(vm.getRecordedLogs());
         assertEq(fills.length, 2, "should use stored maxFillCount when input is zero");
 
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(previousMax);
     }
 
+    // Test: fillBatch ignores empty order arrays
     function test_fillBatchIgnoresEmptyOrderArrays() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -288,138 +319,128 @@ contract LimitOrderAccessControlTest is BaseTest {
         assertApproxEqAbs(makerBalanceBefore - makerBalanceAfter, expectedDelta, 3, "unexpected maker balance delta");
     }
 
+    // Test: unlockCallback reverts for non-poolManager
     function test_unlockCallbackRevertsForNonPoolManager() public {
         vm.expectRevert(IZoraLimitOrderBook.NotPoolManager.selector);
         limitOrderBook.unlockCallback(bytes(""));
     }
 
+    // Test: receive reverts for non-poolManager
     function test_receiveRevertsForNonPoolManager() public {
         vm.deal(address(this), 1 ether);
         vm.expectRevert(IZoraLimitOrderBook.NotPoolManager.selector);
         payable(address(limitOrderBook)).transfer(1 wei);
     }
 
-    function test_setMaxFillCount_worksWithPublicRole() public {
+    // Test: setMaxFillCount - owner can set
+    function test_setMaxFillCount_ownerCanSet() public {
         // Initially max fill count should be 50 (set in BaseTest)
         assertEq(limitOrderBook.getMaxFillCount(), 50);
 
-        // setMaxFillCount is already configured with PUBLIC_ROLE in BaseTest
-        // Any user should be able to set it
-        vm.prank(unauthorizedUser);
+        // Owner (this contract) should be able to set it
         limitOrderBook.setMaxFillCount(20);
 
         assertEq(limitOrderBook.getMaxFillCount(), 20);
     }
 
+    // Test: setMaxFillCount - unauthorized user cannot set
     function test_setMaxFillCount_unauthorizedUserCannotSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
-
-        // Set up permissioned mode for setMaxFillCount
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
-
         // Unauthorized user tries to set max fill count
         vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
         limitOrderBook.setMaxFillCount(20);
 
         // Verify value hasn't changed (still 50 from BaseTest)
         assertEq(limitOrderBook.getMaxFillCount(), 50);
     }
 
-    function test_setMaxFillCount_authorizedUserCanSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
-
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+    // Test: setPermittedCallers - owner can set
+    function test_setPermittedCallers_ownerCanSet() public {
+        address[] memory callers = new address[](1);
+        callers[0] = authorizedCaller;
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = true;
 
-        // Authorized user sets max fill count
-        vm.prank(authorizedRouter);
-        limitOrderBook.setMaxFillCount(25);
-
-        assertEq(limitOrderBook.getMaxFillCount(), 25);
+        limitOrderBook.setPermittedCallers(callers, permitted);
+        assertTrue(limitOrderBook.isPermittedCaller(authorizedCaller));
     }
 
-    function test_setMaxFillCount_adminCanSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
+    // Test: setPermittedCallers - unauthorized user cannot set
+    function test_setPermittedCallers_unauthorizedUserCannotSet() public {
+        address[] memory callers = new address[](0);
+        bool[] memory permitted = new bool[](0);
 
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
+        vm.prank(unauthorizedUser);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
+        limitOrderBook.setPermittedCallers(callers, permitted);
+    }
 
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+    // Test: setLimitOrderConfig - owner can set
+    function test_setLimitOrderConfig_ownerCanSet() public {
+        // Owner (this contract) should be able to set limit order config
+        uint256[] memory multiples = new uint256[](2);
+        multiples[0] = 2e18; // 2x
+        multiples[1] = 3e18; // 3x
 
-        // Grant the role to admin explicitly
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, address(this), 0);
+        uint256[] memory percentages = new uint256[](2);
+        percentages[0] = 5000; // 50%
+        percentages[1] = 5000; // 50%
 
-        // Admin (this contract) should be able to set it with the granted role
-        limitOrderBook.setMaxFillCount(30);
+        LimitOrderConfig memory config = LimitOrderConfig({multiples: multiples, percentages: percentages});
 
-        assertEq(limitOrderBook.getMaxFillCount(), 30);
+        swapWithLimitOrders.setLimitOrderConfig(config);
     }
 
-    function test_setMaxFillCount_grantAndRevokeRole() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
+    // Test: setLimitOrderConfig - unauthorized user cannot set
+    function test_setLimitOrderConfig_unauthorizedUserCannotSet() public {
+        uint256[] memory multiples = new uint256[](2);
+        multiples[0] = 2e18;
+        multiples[1] = 3e18;
 
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
+        uint256[] memory percentages = new uint256[](2);
+        percentages[0] = 5000;
+        percentages[1] = 5000;
 
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+        LimitOrderConfig memory config = LimitOrderConfig({multiples: multiples, percentages: percentages});
 
-        // Initially unauthorized user cannot set
+        // Unauthorized user tries to set config
         vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setMaxFillCount(15);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
+        swapWithLimitOrders.setLimitOrderConfig(config);
+    }
 
-        // Grant role to user
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, unauthorizedUser, 0);
+    // Test: ownership transfer (two-step process)
+    function test_ownershipTransfer() public {
+        // Initial owner is this contract
+        assertEq(limitOrderBook.owner(), address(this));
 
-        // Now user can set
-        vm.prank(unauthorizedUser);
-        limitOrderBook.setMaxFillCount(15);
-        assertEq(limitOrderBook.getMaxFillCount(), 15);
+        // Step 1: Current owner proposes transfer
+        limitOrderBook.transferOwnership(newOwner);
 
-        // Revoke role
-        accessManager.revokeRole(MAX_FILL_COUNT_ROLE, unauthorizedUser);
+        // Ownership hasn't changed yet
+        assertEq(limitOrderBook.owner(), address(this));
+        assertEq(limitOrderBook.pendingOwner(), newOwner);
 
-        // Now user cannot set again
-        vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setMaxFillCount(20);
+        // New owner cannot perform owner actions yet
+        vm.prank(newOwner);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, newOwner));
+        limitOrderBook.setMaxFillCount(100);
 
-        // Verify value hasn't changed from last successful set
-        assertEq(limitOrderBook.getMaxFillCount(), 15);
-    }
+        // Step 2: New owner accepts transfer
+        vm.prank(newOwner);
+        limitOrderBook.acceptOwnership();
 
-    function test_setAuthority_revertsForUnauthorizedCaller() public {
-        address newAuthority = address(new AccessManager(address(this)));
+        // Now ownership has transferred
+        assertEq(limitOrderBook.owner(), newOwner);
 
-        vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setAuthority(newAuthority);
-    }
-
-    function test_setAuthority_revertsForNonContractAddress() public {
-        // Deploy a simple test contract with test contract as authority
-        AuthorityTester tester = new AuthorityTester(address(this));
-
-        address eoaAddress = makeAddr("eoa");
+        // New owner can perform owner actions
+        vm.prank(newOwner);
+        limitOrderBook.setMaxFillCount(100);
+        assertEq(limitOrderBook.getMaxFillCount(), 100);
 
-        // Try to set EOA as authority - should revert with AccessManagedInvalidAuthority
-        vm.expectRevert(abi.encodeWithSelector(SimpleAccessManaged.AccessManagedInvalidAuthority.selector, eoaAddress));
-        tester.setAuthority(eoaAddress);
+        // Old owner cannot perform owner actions
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, address(this)));
+        limitOrderBook.setMaxFillCount(50);
     }
 }
 
@@ -455,7 +476,3 @@ contract UnlockedFillCaller {
         return bytes("");
     }
 }
-
-contract AuthorityTester is SimpleAccessManaged {
-    constructor(address initialAuthority) SimpleAccessManaged(initialAuthority) {}
-}

package/test/LimitOrderBitmap.t.sol

@@ -30,7 +30,8 @@ contract LimitOrderBitmapTest is BaseTest {
 
         // Verify all ticks are initialized in bitmap
         for (uint256 i; i < orderTicks.length; ++i) {
-            assertTrue(_isTickInitialized(poolKeyHash, orderCoin, orderTicks[i], key.tickSpacing), "tick should be initialized");
+            int24 fillableTick = _fillableTick(isCurrency0, orderTicks[i], key.tickSpacing);
+            assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick, key.tickSpacing), "tick should be initialized");
         }
     }
 
@@ -52,7 +53,8 @@ contract LimitOrderBitmapTest is BaseTest {
         bytes32 poolKeyHash = created[0].poolKeyHash;
 
         // Verify tick is initialized
-        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, orderTicks[0], key.tickSpacing), "tick should be initialized after create");
+        int24 fillableTick = _fillableTick(isCurrency0, orderTicks[0], key.tickSpacing);
+        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick, key.tickSpacing), "tick should be initialized after create");
 
         // Withdraw order
         bytes32[] memory orderIds = new bytes32[](1);
@@ -61,7 +63,7 @@ contract LimitOrderBitmapTest is BaseTest {
         limitOrderBook.withdraw(orderIds, orderCoin, 0, users.seller);
 
         // Verify tick is cleared in bitmap
-        assertFalse(_isTickInitialized(poolKeyHash, orderCoin, orderTicks[0], key.tickSpacing), "tick should be cleared after withdraw");
+        assertFalse(_isTickInitialized(poolKeyHash, orderCoin, fillableTick, key.tickSpacing), "tick should be cleared after withdraw");
     }
 
     function test_bitmap_RemainsSetWithPartialOrders() public {
@@ -95,7 +97,8 @@ contract LimitOrderBitmapTest is BaseTest {
         limitOrderBook.withdraw(orderIds, orderCoin, 0, users.seller);
 
         // Bitmap should still be set because second order remains
-        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, tick, key.tickSpacing), "tick should remain initialized with remaining order");
+        int24 fillableTick = _fillableTick(isCurrency0, tick, key.tickSpacing);
+        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick, key.tickSpacing), "tick should remain initialized with remaining order");
     }
 
     function test_bitmap_wordBoundaries() public {
@@ -129,7 +132,8 @@ contract LimitOrderBitmapTest is BaseTest {
 
         // Verify all boundary ticks are initialized
         for (uint256 i = 0; i < boundaryTicks.length; i++) {
-            assertTrue(_isTickInitialized(poolKeyHash, orderCoin, boundaryTicks[i], spacing), "boundary tick should be initialized");
+            int24 fillableTick = _fillableTick(isCurrency0, boundaryTicks[i], spacing);
+            assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick, spacing), "boundary tick should be initialized");
         }
     }
 
@@ -171,8 +175,10 @@ contract LimitOrderBitmapTest is BaseTest {
         bytes32 poolKeyHash = created[0].poolKeyHash;
 
         // Verify extreme ticks are initialized
-        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, extremeTicks[0], spacing), "far tick 1 should be initialized");
-        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, extremeTicks[1], spacing), "far tick 2 should be initialized");
+        int24 fillableTick0 = _fillableTick(isCurrency0, extremeTicks[0], spacing);
+        int24 fillableTick1 = _fillableTick(isCurrency0, extremeTicks[1], spacing);
+        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick0, spacing), "far tick 1 should be initialized");
+        assertTrue(_isTickInitialized(poolKeyHash, orderCoin, fillableTick1, spacing), "far tick 2 should be initialized");
     }
 
     function _fundAndApprove(address user, address token, uint256 amount) internal {

package/test/LimitOrderFill.t.sol

@@ -202,7 +202,6 @@ contract LimitOrderFillTest is BaseTest {
         bool isCurrency0 = Currency.unwrap(key.currency0) == address(creatorCoin);
         address orderCoin = _orderCoin(key, isCurrency0);
 
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
 
         (uint256[] memory orderSizes, int24[] memory orderTicks) = _buildDeterministicOrders(key, isCurrency0, 3, 20e18);
@@ -336,7 +335,6 @@ contract LimitOrderFillTest is BaseTest {
 
         // 3. Now DISABLE hook auto-fills
         uint256 originalMaxFillCount = limitOrderBook.getMaxFillCount();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(0);
 
         // 4. Move price past the order WITHOUT triggering hook fills
@@ -345,7 +343,6 @@ contract LimitOrderFillTest is BaseTest {
         _swapSomeCurrencyForCoin(ICoin(address(creatorCoin)), address(zoraToken), swapAmount, swapper);
 
         // 5. Restore original maxFillCount
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(originalMaxFillCount);
 
         // 6. Verify order exists and check epoch
@@ -775,7 +772,6 @@ contract LimitOrderFillTest is BaseTest {
         address orderCoin = _orderCoin(key, isCurrency0);
 
         // Set max fill count to 2 so we can verify default is used
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
 
         // Create 5 orders that can be filled
@@ -814,6 +810,48 @@ contract LimitOrderFillTest is BaseTest {
         assertEq(fills.length, 2, "should fill default max count of 2 orders");
     }
 
+    /// @notice Tests fill() caps maxFillCount to configured default
+    function test_fill_maxFillCountExceedsDefault_isCapped() public {
+        PoolKey memory key = creatorCoin.getPoolKey();
+        bool isCurrency0 = Currency.unwrap(key.currency0) == address(creatorCoin);
+        address orderCoin = _orderCoin(key, isCurrency0);
+
+        // Set max fill count to 2
+        limitOrderBook.setMaxFillCount(2);
+
+        // Create 5 fillable orders
+        (uint256[] memory orderSizes, int24[] memory orderTicks) = _buildDeterministicOrders(key, isCurrency0, 5, 20e18);
+        uint256 totalSize;
+        for (uint256 i; i < orderSizes.length; ++i) {
+            totalSize += orderSizes[i];
+        }
+
+        if (orderCoin == address(0)) {
+            vm.deal(users.seller, totalSize);
+        } else {
+            deal(orderCoin, users.seller, totalSize);
+            vm.startPrank(users.seller);
+            IERC20(orderCoin).approve(address(limitOrderBook), totalSize);
+            vm.stopPrank();
+        }
+
+        vm.recordLogs();
+        vm.prank(users.seller);
+        limitOrderBook.create{value: orderCoin == address(0) ? totalSize : 0}(key, isCurrency0, orderSizes, orderTicks, users.seller);
+        CreatedOrderLog[] memory created = _decodeCreatedLogs(vm.getRecordedLogs());
+
+        _movePriceBeyondTicksWithAutoFillDisabled(created);
+        (int24 startTick, int24 endTick) = _tickWindow(created, key);
+
+        // Call fill with maxFillCount = 100 (way above default of 2)
+        vm.recordLogs();
+        limitOrderBook.fill(key, isCurrency0, startTick, endTick, 100, address(0));
+        FilledOrderLog[] memory fills = _decodeFilledLogs(vm.getRecordedLogs());
+
+        // Should cap to 2 orders (the configured max)
+        assertEq(fills.length, 2, "should cap to configured max of 2 orders");
+    }
+
     /// @notice Tests batch fill with empty orderIds array (line 134)
     /// @dev This tests the branch: if (batch.orderIds.length != 0)
     function test_batchFill_emptyOrderIds_skips() public {