@zoralabs/limit-orders 0.2.1 → 0.2.4

package/test/LimitOrderAccessControl.t.sol

@@ -2,25 +2,28 @@
 pragma solidity ^0.8.28;
 
 import {BaseTest} from "./utils/BaseTest.sol";
-import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
-import {SimpleAccessManaged} from "../src/access/SimpleAccessManaged.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {IZoraLimitOrderBook} from "../src/IZoraLimitOrderBook.sol";
+import {PermittedCallers} from "../src/access/PermittedCallers.sol";
 import {PoolKey} from "@uniswap/v4-core/src/types/PoolKey.sol";
 import {Currency} from "@uniswap/v4-core/src/types/Currency.sol";
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import {IPoolManager} from "@uniswap/v4-core/src/interfaces/IPoolManager.sol";
+import {SwapWithLimitOrders} from "../src/router/SwapWithLimitOrders.sol";
+import {LimitOrderConfig} from "../src/libs/SwapLimitOrders.sol";
 
 contract LimitOrderAccessControlTest is BaseTest {
-    uint64 public constant CREATOR_ROLE = 1;
     address public unauthorizedUser;
-    address public authorizedRouter;
+    address public authorizedCaller;
+    address public newOwner;
 
     function setUp() public override {
         super.setUpNonForked();
 
         // Set up test users
         unauthorizedUser = makeAddr("unauthorizedUser");
-        authorizedRouter = makeAddr("authorizedRouter");
+        authorizedCaller = makeAddr("authorizedCaller");
+        newOwner = makeAddr("newOwner");
     }
 
     function _prepareOrder(
@@ -69,120 +72,146 @@ contract LimitOrderAccessControlTest is BaseTest {
         zoraHookRegistry.registerHooks(hooks, tags);
     }
 
-    function test_create_worksWithPublicRole() public {
+    function _setPublicAccess(bool isPublic) internal {
+        address[] memory callers = new address[](1);
+        callers[0] = address(0); // PUBLIC_ACCESS sentinel
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = isPublic;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+    }
+
+    // Test: create() works in public mode (default)
+    function test_create_publicMode() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
+        // Verify any address is permitted by default (public mode)
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser), "any address should be permitted in public mode");
+
+        // Anyone can create orders in public mode
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
     }
 
-    function test_transitionToPermissioned() public {
+    // Test: setPermittedCallers can toggle public access control via address(0)
+    function test_setPermittedCallers_togglesPublicAccessControl() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Initially anyone can create orders (PUBLIC_ROLE is set in BaseTest)
+        // Initially public - anyone can create
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser));
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
 
-        // Create a specific role for authorized creators
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-
-        // Grant role to authorized router
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        // Switch function to require CREATOR_ROLE
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Owner sets to permissioned mode by disabling address(0)
+        _setPublicAccess(false);
+        assertFalse(limitOrderBook.isPermittedCaller(unauthorizedUser));
 
         // Now unauthorized user should fail
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
 
-        // But authorized router should succeed
-        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(authorizedRouter, key);
-        _createOrder(key, isCurrency0, orderSizes, orderTicks, authorizedRouter, orderCoin);
+        // Owner sets back to public mode
+        _setPublicAccess(true);
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser));
 
-        // If we got here without reverting, the test passed
+        // Now anyone can create again
+        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
+        _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
     }
 
-    function test_unauthorizedUserCannotCreate() public {
+    // Test: unauthorized user cannot create in permissioned mode
+    function test_create_permissionedMode_unauthorizedFails() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Set up permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Set to permissioned mode
+        _setPublicAccess(false);
 
         // Unauthorized user tries to create
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
     }
 
-    function test_grantAndRevokeRole() public {
+    // Test: setPermittedCallers grants and revokes access
+    function test_setPermittedCallers_grantsAndRevokesAccess() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
-        // Set up permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
+        // Set to permissioned mode
+        _setPublicAccess(false);
 
         // Initially unauthorized user cannot create
         (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
 
-        // Grant role to user
-        accessManager.grantRole(CREATOR_ROLE, unauthorizedUser, 0);
+        // Grant access to user
+        address[] memory callers = new address[](1);
+        callers[0] = unauthorizedUser;
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = true;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(unauthorizedUser), "user should be permitted");
 
         // Now user can create
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
         _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
 
-        // Revoke role
-        accessManager.revokeRole(CREATOR_ROLE, unauthorizedUser);
+        // Revoke access
+        permitted[0] = false;
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertFalse(limitOrderBook.isPermittedCaller(unauthorizedUser), "user should not be permitted");
 
         // Now user cannot create again
         (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(PermittedCallers.CallerNotPermitted.selector);
         limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
         vm.stopPrank();
     }
 
-    function test_adminCanReconfigure() public {
-        PoolKey memory key = creatorCoin.getPoolKey();
-
-        // Admin sets up initial permissioned mode
-        accessManager.labelRole(CREATOR_ROLE, "CREATOR");
-        accessManager.grantRole(CREATOR_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.create.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, CREATOR_ROLE);
-
-        // Unauthorized user cannot create
-        (bool isCurrency0, address orderCoin, uint256[] memory orderSizes, int24[] memory orderTicks) = _prepareOrder(unauthorizedUser, key);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.create{value: orderCoin == address(0) ? 1 ether : 0}(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser);
-        vm.stopPrank();
-
-        // Admin decides to open it back up to public
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, accessManager.PUBLIC_ROLE());
-
-        // Now anyone can create again
-        (isCurrency0, orderCoin, orderSizes, orderTicks) = _prepareOrder(unauthorizedUser, key);
-        _createOrder(key, isCurrency0, orderSizes, orderTicks, unauthorizedUser, orderCoin);
+    // Test: setPermittedCallers works with multiple addresses
+    function test_setPermittedCallers_batchUpdate() public {
+        address caller1 = makeAddr("caller1");
+        address caller2 = makeAddr("caller2");
+        address caller3 = makeAddr("caller3");
+
+        _setPublicAccess(false);
+
+        // Grant access to multiple callers
+        address[] memory callers = new address[](3);
+        callers[0] = caller1;
+        callers[1] = caller2;
+        callers[2] = caller3;
+        // set public to false
+        bool[] memory permitted = new bool[](3);
+        permitted[0] = true;
+        permitted[1] = true;
+        permitted[2] = true;
+
+        limitOrderBook.setPermittedCallers(callers, permitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(caller1));
+        assertTrue(limitOrderBook.isPermittedCaller(caller2));
+        assertTrue(limitOrderBook.isPermittedCaller(caller3));
+
+        // Revoke access from caller2
+        address[] memory revokeList = new address[](1);
+        revokeList[0] = caller2;
+        bool[] memory revokePermitted = new bool[](1);
+        revokePermitted[0] = false;
+
+        limitOrderBook.setPermittedCallers(revokeList, revokePermitted);
+
+        assertTrue(limitOrderBook.isPermittedCaller(caller1));
+        assertFalse(limitOrderBook.isPermittedCaller(caller2));
+        assertTrue(limitOrderBook.isPermittedCaller(caller3));
     }
 
+    // Test: non-hook cannot fill while unlocked
     function test_nonHookCannotFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -194,6 +223,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         caller.attemptUnlockedFill(key, false, -type(int24).max, type(int24).max, 1, address(0));
     }
 
+    // Test: registered hook can fill while unlocked
     function test_fillRegisteredHookCanFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -217,6 +247,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         assertEq(_makerBalance(users.seller, created[0].coin), 0, "maker balance should be zero");
     }
 
+    // Test: unregistered hook cannot fill while unlocked
     function test_fillUnregisteredHookCannotFillWhileUnlocked() public {
         PoolKey memory key = creatorCoin.getPoolKey();
         UnlockedFillCaller caller = new UnlockedFillCaller(address(limitOrderBook), address(poolManager));
@@ -225,6 +256,7 @@ contract LimitOrderAccessControlTest is BaseTest {
         caller.attemptUnlockedFill(key, true, -type(int24).max, type(int24).max, 5, address(0));
     }
 
+    // Test: fill maxFillCount defaults to storage
     function test_fill_MaxFillCountDefaultsToStorage() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -237,7 +269,6 @@ contract LimitOrderAccessControlTest is BaseTest {
         _movePriceBeyondTicksWithAutoFillDisabled(created);
 
         uint256 previousMax = limitOrderBook.getMaxFillCount();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
         (int24 startTick, int24 endTick) = _tickWindow(created, key);
 
@@ -246,10 +277,10 @@ contract LimitOrderAccessControlTest is BaseTest {
         FilledOrderLog[] memory fills = _decodeFilledLogs(vm.getRecordedLogs());
         assertEq(fills.length, 2, "should use stored maxFillCount when input is zero");
 
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(previousMax);
     }
 
+    // Test: fillBatch ignores empty order arrays
     function test_fillBatchIgnoresEmptyOrderArrays() public {
         PoolKey memory key = creatorCoin.getPoolKey();
 
@@ -288,138 +319,128 @@ contract LimitOrderAccessControlTest is BaseTest {
         assertApproxEqAbs(makerBalanceBefore - makerBalanceAfter, expectedDelta, 3, "unexpected maker balance delta");
     }
 
+    // Test: unlockCallback reverts for non-poolManager
     function test_unlockCallbackRevertsForNonPoolManager() public {
         vm.expectRevert(IZoraLimitOrderBook.NotPoolManager.selector);
         limitOrderBook.unlockCallback(bytes(""));
     }
 
+    // Test: receive reverts for non-poolManager
     function test_receiveRevertsForNonPoolManager() public {
         vm.deal(address(this), 1 ether);
         vm.expectRevert(IZoraLimitOrderBook.NotPoolManager.selector);
         payable(address(limitOrderBook)).transfer(1 wei);
     }
 
-    function test_setMaxFillCount_worksWithPublicRole() public {
+    // Test: setMaxFillCount - owner can set
+    function test_setMaxFillCount_ownerCanSet() public {
         // Initially max fill count should be 50 (set in BaseTest)
         assertEq(limitOrderBook.getMaxFillCount(), 50);
 
-        // setMaxFillCount is already configured with PUBLIC_ROLE in BaseTest
-        // Any user should be able to set it
-        vm.prank(unauthorizedUser);
+        // Owner (this contract) should be able to set it
         limitOrderBook.setMaxFillCount(20);
 
         assertEq(limitOrderBook.getMaxFillCount(), 20);
     }
 
+    // Test: setMaxFillCount - unauthorized user cannot set
     function test_setMaxFillCount_unauthorizedUserCannotSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
-
-        // Set up permissioned mode for setMaxFillCount
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
-
         // Unauthorized user tries to set max fill count
         vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
         limitOrderBook.setMaxFillCount(20);
 
         // Verify value hasn't changed (still 50 from BaseTest)
         assertEq(limitOrderBook.getMaxFillCount(), 50);
     }
 
-    function test_setMaxFillCount_authorizedUserCanSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
-
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, authorizedRouter, 0);
-
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+    // Test: setPermittedCallers - owner can set
+    function test_setPermittedCallers_ownerCanSet() public {
+        address[] memory callers = new address[](1);
+        callers[0] = authorizedCaller;
+        bool[] memory permitted = new bool[](1);
+        permitted[0] = true;
 
-        // Authorized user sets max fill count
-        vm.prank(authorizedRouter);
-        limitOrderBook.setMaxFillCount(25);
-
-        assertEq(limitOrderBook.getMaxFillCount(), 25);
+        limitOrderBook.setPermittedCallers(callers, permitted);
+        assertTrue(limitOrderBook.isPermittedCaller(authorizedCaller));
     }
 
-    function test_setMaxFillCount_adminCanSet() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
+    // Test: setPermittedCallers - unauthorized user cannot set
+    function test_setPermittedCallers_unauthorizedUserCannotSet() public {
+        address[] memory callers = new address[](0);
+        bool[] memory permitted = new bool[](0);
 
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
+        vm.prank(unauthorizedUser);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
+        limitOrderBook.setPermittedCallers(callers, permitted);
+    }
 
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+    // Test: setLimitOrderConfig - owner can set
+    function test_setLimitOrderConfig_ownerCanSet() public {
+        // Owner (this contract) should be able to set limit order config
+        uint256[] memory multiples = new uint256[](2);
+        multiples[0] = 2e18; // 2x
+        multiples[1] = 3e18; // 3x
 
-        // Grant the role to admin explicitly
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, address(this), 0);
+        uint256[] memory percentages = new uint256[](2);
+        percentages[0] = 5000; // 50%
+        percentages[1] = 5000; // 50%
 
-        // Admin (this contract) should be able to set it with the granted role
-        limitOrderBook.setMaxFillCount(30);
+        LimitOrderConfig memory config = LimitOrderConfig({multiples: multiples, percentages: percentages});
 
-        assertEq(limitOrderBook.getMaxFillCount(), 30);
+        swapWithLimitOrders.setLimitOrderConfig(config);
     }
 
-    function test_setMaxFillCount_grantAndRevokeRole() public {
-        uint64 MAX_FILL_COUNT_ROLE = 2;
+    // Test: setLimitOrderConfig - unauthorized user cannot set
+    function test_setLimitOrderConfig_unauthorizedUserCannotSet() public {
+        uint256[] memory multiples = new uint256[](2);
+        multiples[0] = 2e18;
+        multiples[1] = 3e18;
 
-        // Set up permissioned mode
-        accessManager.labelRole(MAX_FILL_COUNT_ROLE, "MAX_FILL_COUNT_SETTER");
+        uint256[] memory percentages = new uint256[](2);
+        percentages[0] = 5000;
+        percentages[1] = 5000;
 
-        bytes4[] memory selectors = new bytes4[](1);
-        selectors[0] = IZoraLimitOrderBook.setMaxFillCount.selector;
-        accessManager.setTargetFunctionRole(address(limitOrderBook), selectors, MAX_FILL_COUNT_ROLE);
+        LimitOrderConfig memory config = LimitOrderConfig({multiples: multiples, percentages: percentages});
 
-        // Initially unauthorized user cannot set
+        // Unauthorized user tries to set config
         vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setMaxFillCount(15);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, unauthorizedUser));
+        swapWithLimitOrders.setLimitOrderConfig(config);
+    }
 
-        // Grant role to user
-        accessManager.grantRole(MAX_FILL_COUNT_ROLE, unauthorizedUser, 0);
+    // Test: ownership transfer (two-step process)
+    function test_ownershipTransfer() public {
+        // Initial owner is this contract
+        assertEq(limitOrderBook.owner(), address(this));
 
-        // Now user can set
-        vm.prank(unauthorizedUser);
-        limitOrderBook.setMaxFillCount(15);
-        assertEq(limitOrderBook.getMaxFillCount(), 15);
+        // Step 1: Current owner proposes transfer
+        limitOrderBook.transferOwnership(newOwner);
 
-        // Revoke role
-        accessManager.revokeRole(MAX_FILL_COUNT_ROLE, unauthorizedUser);
+        // Ownership hasn't changed yet
+        assertEq(limitOrderBook.owner(), address(this));
+        assertEq(limitOrderBook.pendingOwner(), newOwner);
 
-        // Now user cannot set again
-        vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setMaxFillCount(20);
+        // New owner cannot perform owner actions yet
+        vm.prank(newOwner);
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, newOwner));
+        limitOrderBook.setMaxFillCount(100);
 
-        // Verify value hasn't changed from last successful set
-        assertEq(limitOrderBook.getMaxFillCount(), 15);
-    }
+        // Step 2: New owner accepts transfer
+        vm.prank(newOwner);
+        limitOrderBook.acceptOwnership();
 
-    function test_setAuthority_revertsForUnauthorizedCaller() public {
-        address newAuthority = address(new AccessManager(address(this)));
+        // Now ownership has transferred
+        assertEq(limitOrderBook.owner(), newOwner);
 
-        vm.prank(unauthorizedUser);
-        vm.expectRevert(SimpleAccessManaged.AccessManagedUnauthorized.selector);
-        limitOrderBook.setAuthority(newAuthority);
-    }
-
-    function test_setAuthority_revertsForNonContractAddress() public {
-        // Deploy a simple test contract with test contract as authority
-        AuthorityTester tester = new AuthorityTester(address(this));
-
-        address eoaAddress = makeAddr("eoa");
+        // New owner can perform owner actions
+        vm.prank(newOwner);
+        limitOrderBook.setMaxFillCount(100);
+        assertEq(limitOrderBook.getMaxFillCount(), 100);
 
-        // Try to set EOA as authority - should revert with AccessManagedInvalidAuthority
-        vm.expectRevert(abi.encodeWithSelector(SimpleAccessManaged.AccessManagedInvalidAuthority.selector, eoaAddress));
-        tester.setAuthority(eoaAddress);
+        // Old owner cannot perform owner actions
+        vm.expectRevert(abi.encodeWithSelector(Ownable.OwnableUnauthorizedAccount.selector, address(this)));
+        limitOrderBook.setMaxFillCount(50);
     }
 }
 
@@ -455,7 +476,3 @@ contract UnlockedFillCaller {
         return bytes("");
     }
 }
-
-contract AuthorityTester is SimpleAccessManaged {
-    constructor(address initialAuthority) SimpleAccessManaged(initialAuthority) {}
-}

package/test/LimitOrderFill.t.sol

@@ -202,7 +202,6 @@ contract LimitOrderFillTest is BaseTest {
         bool isCurrency0 = Currency.unwrap(key.currency0) == address(creatorCoin);
         address orderCoin = _orderCoin(key, isCurrency0);
 
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
 
         (uint256[] memory orderSizes, int24[] memory orderTicks) = _buildDeterministicOrders(key, isCurrency0, 3, 20e18);
@@ -336,7 +335,6 @@ contract LimitOrderFillTest is BaseTest {
 
         // 3. Now DISABLE hook auto-fills
         uint256 originalMaxFillCount = limitOrderBook.getMaxFillCount();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(0);
 
         // 4. Move price past the order WITHOUT triggering hook fills
@@ -345,7 +343,6 @@ contract LimitOrderFillTest is BaseTest {
         _swapSomeCurrencyForCoin(ICoin(address(creatorCoin)), address(zoraToken), swapAmount, swapper);
 
         // 5. Restore original maxFillCount
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(originalMaxFillCount);
 
         // 6. Verify order exists and check epoch
@@ -775,7 +772,6 @@ contract LimitOrderFillTest is BaseTest {
         address orderCoin = _orderCoin(key, isCurrency0);
 
         // Set max fill count to 2 so we can verify default is used
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
 
         // Create 5 orders that can be filled
@@ -821,7 +817,6 @@ contract LimitOrderFillTest is BaseTest {
         address orderCoin = _orderCoin(key, isCurrency0);
 
         // Set max fill count to 2
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(2);
 
         // Create 5 fillable orders

package/test/LimitOrderLiquidityPayouts.t.sol

@@ -46,7 +46,7 @@ contract MockPoolManager {
         swapDelta = toBalanceDelta(amount0, amount1);
     }
 
-    function modifyLiquidity(PoolKey memory, ModifyLiquidityParams memory, bytes calldata) external returns (BalanceDelta, BalanceDelta) {
+    function modifyLiquidity(PoolKey memory, ModifyLiquidityParams memory, bytes calldata) external view returns (BalanceDelta, BalanceDelta) {
         return (liquidityDelta, feeDelta);
     }
 
@@ -270,18 +270,25 @@ contract LimitOrderLiquidityPayoutsTest is Test {
         assertEq(Currency.unwrap(poolManager.lastTakeCurrency()), address(currency1Token));
     }
 
+    /// @notice Test that dual positive deltas are consolidated into single payout currency
     function test_burnAndRefundPaysBothCurrenciesWhenPositive() public {
+        // isCurrency0 = true (default), so refund should be in currency0
         poolManager.setModifyLiquidityResponse(int128(10), int128(20), 0, 0);
+
+        // Simulate swap: 20 of currency1 → 18 of currency0
+        poolManager.setSwapResponse(int128(18), 0);
+
         deal(address(currency0Token), address(poolManager), 100e18);
         deal(address(currency1Token), address(poolManager), 100e18);
         address recipient = makeAddr("dual-recipient");
 
         uint128 amountOut = harness.burnAndRefund(poolManager, poolKey, ORDER_ID, recipient);
 
-        assertEq(amountOut, 10, "amountOut should match order currency payout");
-        assertEq(currency0Token.balanceOf(recipient), 10, "recipient receives currency0");
-        assertEq(currency1Token.balanceOf(recipient), 20, "recipient receives currency1");
-        assertEq(poolManager.takeCalls(), 2, "both currencies should be taken");
+        // Verify consolidated payout: 10 (original) + 18 (swapped) = 28
+        assertEq(amountOut, 28, "amountOut should be combined total");
+        assertEq(currency0Token.balanceOf(recipient), 28, "recipient receives combined in currency0");
+        assertEq(currency1Token.balanceOf(recipient), 0, "recipient should NOT receive currency1");
+        assertEq(poolManager.swapCalls(), 1, "swap should consolidate currencies");
     }
 
     function test_burnAndPayoutWithoutReferralRoutesAllProceeds() public {
@@ -340,7 +347,7 @@ contract LimitOrderLiquidityPayoutsTest is Test {
         uint256 makerCurrency0Before = currency0Token.balanceOf(maker);
         uint256 makerCurrency1Before = currency1Token.balanceOf(maker);
 
-        (, uint128 makerAmount, ) = harness.burnAndPayout(poolManager, poolKey, ORDER_ID, address(0), address(currency0Token), versionLookup);
+        harness.burnAndPayout(poolManager, poolKey, ORDER_ID, address(0), address(currency0Token), versionLookup);
 
         // With the fix: only currency1 is paid out (NOT currency0)
         assertEq(currency0Token.balanceOf(maker), makerCurrency0Before, "maker should NOT receive currency0");
@@ -503,14 +510,7 @@ contract LimitOrderLiquidityPayoutsTest is Test {
         uint256 ref0Before = currency0Token.balanceOf(referral);
         uint256 ref1Before = currency1Token.balanceOf(referral);
 
-        (Currency makerCoinOut, uint128 makerAmount, uint128 referralAmount) = harness.burnAndPayout(
-            poolManager,
-            poolKey,
-            ORDER_ID,
-            referral,
-            address(0),
-            versionLookup
-        );
+        (Currency makerCoinOut, , ) = harness.burnAndPayout(poolManager, poolKey, ORDER_ID, referral, address(0), versionLookup);
 
         // Verify maker receives only currency1
         assertEq(Currency.unwrap(makerCoinOut), address(currency1Token), "maker payout should be currency1");

package/test/SwapWithLimitOrders.t.sol

@@ -11,8 +11,6 @@ import {Vm} from "forge-std/Vm.sol";
 contract SwapWithLimitOrdersTest is BaseTest {
     function test_autosellCreatesOrdersForSmallPurchases() public {
         PoolKey memory key = creatorCoin.getPoolKey();
-        bool isCurrency0 = Currency.unwrap(key.currency0) == address(creatorCoin);
-        address orderCoin = _orderCoin(key, isCurrency0);
 
         vm.recordLogs();
         _executeSingleHopSwapWithLimitOrders(users.buyer, key, 1e13, _defaultMultiples(), _defaultPercentages());

package/test/SwapWithLimitOrdersRouter.t.sol

@@ -306,11 +306,15 @@ contract SwapWithLimitOrdersTestNonForked is SwapWithLimitOrdersTestBase {
         // TODO: Requires controlling tick movement during swap
     }
 
+    /// forge-config: default.isolate = true
     function test_orderFilling_invertedDirection() public {
         // This test verifies the fix for audit issue #16
         // https://github.com/kadenzipfel/zora-autosell-audit/issues/16
         // The router should pass isCoinCurrency0 (not !isCoinCurrency0) to _fillOrders
 
+        // Skip past launch fee period to test normal swap behavior
+        vm.warp(block.timestamp + 1 days);
+
         PoolKey memory key = creatorCoin.getPoolKey();
 
         // 1. Create first buyer's orders using swapWithLimitOrders
@@ -548,7 +552,6 @@ contract SwapWithLimitOrdersTestNonForked is SwapWithLimitOrdersTestBase {
         LimitOrderConfig memory limitOrderConfig = _prepareLimitOrderParams(users.buyer, _defaultMultiples(), _defaultPercentages());
 
         uint256 previousMax = limitOrderBook.getMaxFillCount();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(0);
 
         bytes memory callData = abi.encodeWithSelector(IERC165.supportsInterface.selector, type(ISupportsLimitOrderFill).interfaceId);
@@ -571,7 +574,6 @@ contract SwapWithLimitOrdersTestNonForked is SwapWithLimitOrdersTestBase {
         assertEq(ordersFilled, 0, "max fill count zero should short-circuit fills");
 
         vm.clearMockedCalls();
-        vm.prank(users.factoryOwner);
         limitOrderBook.setMaxFillCount(previousMax);
     }