Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add poi verification before minting function #169

Merged
merged 11 commits into from
Nov 27, 2024
Merged

add poi verification before minting function #169

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0070789
add poi verification before minting function
nour-karoui Oct 23, 2024
88368b7
compute the tokenId from poi hash and reuse the authoriseMint function
nour-karoui Oct 24, 2024
3587a0d
add test case for minting ipnft with POI
nour-karoui Oct 24, 2024
e1f8fb4
add poi event emitting
nour-karoui Oct 24, 2024
896c68b
remove unnecessary event emitting / improve test cases
nour-karoui Oct 28, 2024
5b91b43
revert network name on docker compose file
nour-karoui Oct 28, 2024
fd7539c
merge two minting function into one
nour-karoui Oct 30, 2024
5edc1bf
add back deleting reservations / remove duplicate tests / add test ca…
nour-karoui Oct 31, 2024
977706d
upgrade contract version / make isPoi visibility public
nour-karoui Nov 4, 2024
a1e6173
renamed arg
elmariachi111 Nov 4, 2024
cf62367
checks unhappy auth for poi mints
elmariachi111 Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions src/IPNFT.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,15 +103,17 @@ contract IPNFT is ERC721URIStorageUpgradeable, ERC721BurnableUpgradeable, IReser
}

/**
* @notice mints an IPNFT with `tokenURI` as source of metadata. Invalidates the reservation. Redeems `mintpassId` on the authorizer contract
* @notice We are charging a nominal fee to symbolically represent the transfer of ownership rights, for a price of .001 ETH (<$2USD at current prices). This helps the ensure the protocol is affordable to almost all projects, but discourages frivolous IP-NFT minting.
* @notice mints an IPNFT with `tokenURI` as source of metadata.
* Minting the IPNFT can happen either with a reservation id or poi hash (Proof of Idea).
* if the tokenId is a reservationId then it invalidates the reservation.
* @notice We are charging a nominal fee to symbolically represent the transfer of ownership rights, for a price of .001 ETH (<$2USD at current prices). This helps ensure the protocol is affordable to almost all projects, but discourages frivolous IP-NFT minting.
*
* @param to the recipient of the NFT
* @param reservationId the reserved token id that has been reserved with `reserve()`
* @param reservationId the reserved token id that has been reserved with `reserve()` / or the poi hash
* @param _tokenURI a location that resolves to a valid IP-NFT metadata structure
* @param _symbol a symbol that represents the IPNFT's derivatives. Can be changed by the owner
* @param authorization a bytes encoded parameter that's handed to the current authorizer
* @return the `reservationId`
* @return the `tokenId`
*/
function mintReservation(address to, uint256 reservationId, string calldata _tokenURI, string calldata _symbol, bytes calldata authorization)
external
Expand All @@ -120,7 +122,8 @@ contract IPNFT is ERC721URIStorageUpgradeable, ERC721BurnableUpgradeable, IReser
whenNotPaused
returns (uint256)
{
if (reservations[reservationId] != _msgSender()) {
bool isPoi = reservationId > type(uint128).max;
if (!isPoi && reservations[reservationId] != _msgSender()) {
revert NotOwningReservation(reservationId);
}

Expand All @@ -131,8 +134,6 @@ contract IPNFT is ERC721URIStorageUpgradeable, ERC721BurnableUpgradeable, IReser
if (!mintAuthorizer.authorizeMint(_msgSender(), to, abi.encode(SignedMintAuthorization(reservationId, _tokenURI, authorization)))) {
revert Unauthorized();
}

delete reservations[reservationId];
symbol[reservationId] = _symbol;
mintAuthorizer.redeem(authorization);

Expand Down Expand Up @@ -188,7 +189,7 @@ contract IPNFT is ERC721URIStorageUpgradeable, ERC721BurnableUpgradeable, IReser
(bool success,) = _msgSender().call{ value: address(this).balance }("");
require(success, "transfer failed");
}

/// @inheritdoc UUPSUpgradeable
function _authorizeUpgrade(address /*newImplementation*/ )
internal
Expand Down
38 changes: 21 additions & 17 deletions subgraph/src/ipnftMapping.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,17 +75,21 @@ export function handleReservation(event: ReservedEvent): void {
reservation.save()
}

function updateIpnftMetadata(ipnft: Ipnft, uri: string, timestamp: BigInt): void {
let ipfsLocation = uri.replace('ipfs://', '');
if (!ipfsLocation || ipfsLocation == uri) {
log.error("Invalid URI format for tokenId {}: {}", [ipnft.id, uri])
return
}
function updateIpnftMetadata(
ipnft: Ipnft,
uri: string,
timestamp: BigInt
): void {
let ipfsLocation = uri.replace('ipfs://', '')
if (!ipfsLocation || ipfsLocation == uri) {
log.error('Invalid URI format for tokenId {}: {}', [ipnft.id, uri])
return
}

ipnft.tokenURI = uri
ipnft.metadata = ipfsLocation
ipnft.updatedAtTimestamp = timestamp
IpnftMetadataTemplate.create(ipfsLocation)
ipnft.tokenURI = uri
ipnft.metadata = ipfsLocation
ipnft.updatedAtTimestamp = timestamp
IpnftMetadataTemplate.create(ipfsLocation)
}

//the underlying parameter arrays are misaligned, hence we cannot cast or unify both events
Expand All @@ -97,7 +101,6 @@ export function handleMint(event: IPNFTMintedEvent): void {
updateIpnftMetadata(ipnft, event.params.tokenURI, event.block.timestamp)
store.remove('Reservation', event.params.tokenId.toString())
ipnft.save()

}

export function handleMetadataUpdated(event: MetadataUpdateEvent): void {
Expand All @@ -108,13 +111,14 @@ export function handleMetadataUpdated(event: MetadataUpdateEvent): void {
}

//erc4906 is not emitting the new url, we must query it ourselves
let _ipnftContract = IPNFTContract.bind(event.params._event.address);
let _ipnftContract = IPNFTContract.bind(event.params._event.address)
let newUri = _ipnftContract.tokenURI(event.params._tokenId)
if (!newUri || newUri == "") {
log.debug("no new uri found for token, likely just minted {}", [event.params._tokenId.toString()])
return
if (!newUri || newUri == '') {
log.debug('no new uri found for token, likely just minted {}', [
event.params._tokenId.toString()
])
return
}
updateIpnftMetadata(ipnft, newUri, event.block.timestamp)
updateIpnftMetadata(ipnft, newUri, event.block.timestamp)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider adding URI validation before metadata update.

While updateIpnftMetadata handles invalid URIs internally, adding validation before the update would be more efficient and provide clearer error handling.

Consider this improvement:

+  if (!newUri.startsWith('ipfs://')) {
+    log.error('Invalid URI format received in MetadataUpdate for token {}: {}', [
+      event.params._tokenId.toString(),
+      newUri
+    ])
+    return
+  }
   updateIpnftMetadata(ipnft, newUri, event.block.timestamp)
   ipnft.save()

Committable suggestion was skipped due to low confidence.

ipnft.save()
}

39 changes: 32 additions & 7 deletions test/IPNFT.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,36 @@ contract IPNFTTest is IPNFTMintHelper {
assertEq(ipnft.reservations(2), bob);
}

function testMintWithPoi() public {
bytes32 poiHash = 0x073cb54264ef688e56531a2d09ab47b14086b5c7813e3a23a2bd7b1bb6458a52;
uint256 tokenId = uint256(poiHash);
(, uint256 maliciousSignerPk) = makeAddrAndKey("malicious");
bytes32 authMessageHash = ECDSA.toEthSignedMessageHash(keccak256(abi.encodePacked(alice, alice, tokenId, ipfsUri)));
(uint8 v, bytes32 r, bytes32 s) = vm.sign(maliciousSignerPk, authMessageHash);
bytes memory maliciousAuthorization = abi.encodePacked(r, s, v);

vm.startPrank(deployer);
ipnft.setAuthorizer(new SignedMintAuthorizer(deployer));
vm.stopPrank();

vm.startPrank(alice);
vm.expectRevert(IPNFT.MintingFeeTooLow.selector);
ipnft.mintReservation(alice, tokenId, ipfsUri, DEFAULT_SYMBOL, maliciousAuthorization);

vm.expectRevert(IPNFT.Unauthorized.selector);
ipnft.mintReservation{ value: MINTING_FEE }(alice, tokenId, ipfsUri, DEFAULT_SYMBOL, maliciousAuthorization);

(v, r, s) = vm.sign(deployerPk, authMessageHash);
bytes memory authorization = abi.encodePacked(r, s, v);
vm.expectEmit(true, true, false, true);
emit IPNFTMinted(alice, tokenId, ipfsUri, DEFAULT_SYMBOL);
ipnft.mintReservation{ value: MINTING_FEE }(alice, tokenId, ipfsUri, DEFAULT_SYMBOL, authorization);
assertEq(ipnft.ownerOf(tokenId), alice);
assertEq(ipnft.tokenURI(tokenId), ipfsUri);
assertEq(ipnft.symbol(tokenId), DEFAULT_SYMBOL);
vm.stopPrank();
}

function testMintFromReservation() public {
vm.startPrank(deployer);
ipnft.setAuthorizer(new SignedMintAuthorizer(deployer));
Expand Down Expand Up @@ -101,8 +131,6 @@ contract IPNFTTest is IPNFTMintHelper {
assertEq(ipnft.tokenURI(1), ipfsUri);
assertEq(ipnft.symbol(reservationId), DEFAULT_SYMBOL);

assertEq(ipnft.reservations(1), address(0));

vm.stopPrank();
}

Expand Down Expand Up @@ -145,7 +173,6 @@ contract IPNFTTest is IPNFTMintHelper {
/**
* ... but when set as heir of a self destruct operation the contract accepts the money.
*/

function testOwnerCanWithdrawEthFunds() public {
vm.deal(address(bob), 10 ether);
vm.startPrank(bob);
Expand Down Expand Up @@ -232,15 +259,13 @@ contract IPNFTTest is IPNFTMintHelper {
//the signoff only allows alice to call this
vm.startPrank(charlie);
vm.expectRevert(IPNFT.Unauthorized.selector);
ipnft.amendMetadata(1, "ipfs://QmNewUri", authorization);
ipnft.amendMetadata(1, "ipfs://QmNewUri", authorization);

vm.startPrank(alice);
vm.expectEmit(true, true, false, false);
emit MetadataUpdate(1);
ipnft.amendMetadata(1, "ipfs://QmNewUri", authorization);
ipnft.amendMetadata(1, "ipfs://QmNewUri", authorization);
assertEq(ipnft.tokenURI(1), "ipfs://QmNewUri");
vm.stopPrank();
}


}