Skip to content

SignatureDrop: using DropSinglePhase #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 37 commits into from
Jun 8, 2022
Merged

SignatureDrop: using DropSinglePhase #169

merged 37 commits into from
Jun 8, 2022

Conversation

nkrishang
Copy link
Contributor

No description provided.

kumaryash90 and others added 24 commits May 28, 2022 18:09
@kumaryash90
back to DropSinglePhase
d75726f
@kumaryash90
access control for setClaimConditions
1e93a69
@kumaryash90
updated unit tests
b4b2c9c
@kumaryash90
eliminate SigMint; IDrop to IDropSinglePhase
7b4c283
delete prev commented code
dc6dec0
delete unused DropSinglePhase
a1bccf8
delete getters for size
af40d0e
remove reentrancy upgradeable from SignatureDrop for sizing
785c002
@kumaryash90
reentrancy tests outline
a4ecc85
@kumaryash90
reentrancy tests: claim and mintWithSignature
eca0e06
use erc721a _burn; remove duplication
ca60132
run prettier
8901835
delete unused SigMint
b21190c
silence forge build warnings
31140ee
@kumaryash90
merkle tree, allowlist for tests
66f1c8e
use _msgSender()
79e8bb2
@kumaryash90
code cleanup; refactored tests for mintWithSignature
611a9cd
@kumaryash90
run prettier
f9312f7
@kumaryash90
scenario based tests
61ab28e
@kumaryash90
run prettier
35d413d
@kumaryash90
yaml edit forge tests
3121684
@kumaryash90
yaml edit forge tests
5f2a9d1
@kumaryash90
yaml edit forge tests
724880c
package update
2d4acdd
@ndeto ndeto mentioned this pull request Jun 6, 2022
Merged
jakeloo
jakeloo reviewed Jun 7, 2022
View reviewed changes
contracts/feature/interface/IDropSinglePhase.sol Outdated

event TokensClaimed(
ClaimCondition condition,
uint256 indexed claimConditionIndex,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably doesn't need to be indexed.
single phase = index always 0?

jakeloo
jakeloo reviewed Jun 7, 2022
View reviewed changes
contracts/signature-drop/SignatureDrop.sol

// Get receiver of tokens.
address receiver = _req.to == address(0) ? msg.sender : _req.to;
address receiver = _req.to == address(0) ? _msgSender() : _req.to;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably inform people that this is vulnerable to signature frontrunning attack

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will add this consideration to the design document.

@jakeloo
Copy link
Member

jakeloo commented Jun 7, 2022

https://github.com/chiru-labs/ERC721A/blob/main/contracts/ERC721A.sol#L742-L744 is not overriden

@jakeloo
Copy link
Member

jakeloo commented Jun 7, 2022
edited
Loading

contracts/contracts/signature-drop/SignatureDrop.sol

Lines 96 to 110 in 7f575f5

_setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
setContractURI(_contractURI);
setOwner(_defaultAdmin);
_setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
_setupRole(MINTER_ROLE, _defaultAdmin);
_setupRole(TRANSFER_ROLE, _defaultAdmin);
_setupRole(TRANSFER_ROLE, address(0));
setPlatformFeeInfo(_platformFeeRecipient, _platformFeeBps);
setDefaultRoyaltyInfo(_royaltyRecipient, _royaltyBps);
setPrimarySaleRecipient(_saleRecipient);
_revokeRole(DEFAULT_ADMIN_ROLE, _msgSender());

_setupRole docstring:

This function should only be called from the constructor when setting up the initial roles for the system. Using this function in any other way is effectively circumventing the admin system imposed by AccessControl.

i think this setup is a little weird and wasteful. basically with _setupRole, you don't need to be an admin to do so.

Other thought, could we have _setupX internal functions for our setters to address the same problem?

jakeloo
jakeloo reviewed Jun 7, 2022
View reviewed changes
contracts/signature-drop/SignatureDrop.sol
"caller not owner nor approved"
);
_burn(tokenId);
_burn(tokenId, true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make a comment here that _burn internally check for approvals from erc721a

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will add consideration in a code comment + design document.

@nkrishang
Copy link
Contributor Author

https://github.com/chiru-labs/ERC721A/blob/main/contracts/ERC721A.sol#L742-L744 is not overriden

We were using erc721a-upgradeable v3.3 where this _msgSenderERC721A did not exist. Will upgrade to the latest erc721a-upgradeable v4.0 where _msgSenderERC721A does exist, and will override it.

@nkrishang
Copy link
Contributor Author

https://github.com/chiru-labs/ERC721A/blob/main/contracts/ERC721A.sol#L742-L744 is not overriden

We were using erc721a-upgradeable v3.3 where this _msgSenderERC721A did not exist. Will upgrade to the latest erc721a-upgradeable v4.0 where _msgSenderERC721A does exist, and will override it.

Update: we'll not be upgrading to erc721a-upgradeable v4.0, and will continue using v3.3 (which we started with). The version upgrade has to do with changes in the storage layout of the ERC721A contract, and introduces breaking changes that make using ERC721AUpgradeable incompatible with OpenZeppelin's Initializable.

@nkrishang nkrishang merged commit e217a9e into main Jun 8, 2022
@nkrishang nkrishang deleted the drop-single-phase branch July 5, 2022 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakeloo jakeloo jakeloo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nkrishang @jakeloo @kumaryash90 @joaquim-verges