Pack update: add _trustedForwarders param in initialize (#244)

* _trustedForwarders in initialize

* run prettier

* size and optimize

Author: kumaryash90

contracts/extension/TokenBundle.sol

@@ -38,8 +38,8 @@ abstract contract TokenBundle is ITokenBundle {
     function _createBundle(Token[] calldata _tokensToBind, uint256 _bundleId) internal {
         uint256 targetCount = _tokensToBind.length;
 
-        require(targetCount > 0, "no tokens to bind");
-        require(bundle[_bundleId].count == 0, "existent at bundleId");
+        require(targetCount > 0, "!Tokens");
+        require(bundle[_bundleId].count == 0, "id exists");
 
         for (uint256 i = 0; i < targetCount; i += 1) {
             _checkTokenType(_tokensToBind[i]);
@@ -51,7 +51,7 @@ abstract contract TokenBundle is ITokenBundle {
 
     /// @dev Lets the calling contract update a bundle, by passing in a list of tokens and a unique id.
     function _updateBundle(Token[] memory _tokensToBind, uint256 _bundleId) internal {
-        require(_tokensToBind.length > 0, "no tokens to bind");
+        require(_tokensToBind.length > 0, "!Tokens");
 
         uint256 currentCount = bundle[_bundleId].count;
         uint256 targetCount = _tokensToBind.length;

contracts/pack/Pack.sol

@@ -92,6 +92,7 @@ contract Pack is
         string memory _name,
         string memory _symbol,
         string memory _contractURI,
+        address[] memory _trustedForwarders,
         address _royaltyRecipient,
         uint256 _royaltyBps
     ) external initializer {
@@ -101,8 +102,17 @@ contract Pack is
         // Initialize inherited contracts, most base-like -> most derived.
         __ReentrancyGuard_init();
 
-        address[] memory forwarders = new address[](1);
-        forwarders[0] = forwarder;
+        /** note:  The immutable state-variable `forwarder` is an EOA-only forwarder,
+         *         which guards against automated attacks.
+         *
+         *         Use other forwarders only if there's a strong reason to bypass this check.
+         */
+        address[] memory forwarders = new address[](_trustedForwarders.length + 1);
+        uint256 i;
+        for (; i < _trustedForwarders.length; i++) {
+            forwarders[i] = _trustedForwarders[i];
+        }
+        forwarders[i] = forwarder;
         __ERC2771Context_init(forwarders);
         __ERC1155_init(_contractURI);
 
@@ -111,7 +121,6 @@ contract Pack is
 
         _setupContractURI(_contractURI);
         _setupOwner(_defaultAdmin);
-
         _setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
 
         _setupRole(_transferRole, _defaultAdmin);
@@ -192,8 +201,7 @@ contract Pack is
         uint128 _amountDistributedPerOpen,
         address _recipient
     ) external payable onlyRoleWithSwitch(minterRole) nonReentrant returns (uint256 packId, uint256 packTotalSupply) {
-        require(_contents.length > 0, "!Contents");
-        require(_contents.length == _numOfRewardUnits.length, "!Rewards");
+        require(_contents.length > 0 && _contents.length == _numOfRewardUnits.length, "!Len");
 
         if (!hasRole(assetRole, address(0))) {
             for (uint256 i = 0; i < _contents.length; i += 1) {
@@ -236,9 +244,8 @@ contract Pack is
         returns (uint256 packTotalSupply, uint256 newSupplyAdded)
     {
         require(canUpdatePack[_packId], "!Allowed");
-        require(_contents.length > 0, "!Contents");
-        require(_contents.length == _numOfRewardUnits.length, "!Rewards");
-        require(balanceOf(_recipient, _packId) != 0, "!Recipient");
+        require(_contents.length > 0 && _contents.length == _numOfRewardUnits.length, "!Len");
+        require(balanceOf(_recipient, _packId) != 0, "!Bal");
 
         if (!hasRole(assetRole, address(0))) {
             for (uint256 i = 0; i < _contents.length; i += 1) {
@@ -261,7 +268,7 @@ contract Pack is
         address opener = _msgSender();
 
         require(isTrustedForwarder(msg.sender) || opener == tx.origin, "!EOA");
-        require(balanceOf(opener, _packId) >= _amountToOpen, "!Balance");
+        require(balanceOf(opener, _packId) >= _amountToOpen, "!Bal");
 
         PackInfo memory pack = packInfo[_packId];
         require(pack.openStartTimestamp <= block.timestamp, "cant open");
@@ -290,15 +297,15 @@ contract Pack is
 
         for (uint256 i = 0; i < _contents.length; i += 1) {
             require(_contents[i].totalAmount != 0, "0 amt");
-            require(_contents[i].totalAmount % _numOfRewardUnits[i] == 0, "!Rewards");
-            require(_contents[i].tokenType != TokenType.ERC721 || _contents[i].totalAmount == 1, "!Rewards");
+            require(_contents[i].totalAmount % _numOfRewardUnits[i] == 0, "!R");
+            require(_contents[i].tokenType != TokenType.ERC721 || _contents[i].totalAmount == 1, "!R");
 
             sumOfRewardUnits += _numOfRewardUnits[i];
 
             packInfo[packId].perUnitAmounts.push(_contents[i].totalAmount / _numOfRewardUnits[i]);
         }
 
-        require(sumOfRewardUnits % amountPerOpen == 0, "!Amounts");
+        require(sumOfRewardUnits % amountPerOpen == 0, "!Amt");
         supplyToMint = sumOfRewardUnits / amountPerOpen;
 
         if (isUpdate) {

docs/Pack.md

@@ -464,7 +464,7 @@ Checks whether an account has a particular role;                  role restricti
 ### initialize
 
 ```solidity
-function initialize(address _defaultAdmin, string _name, string _symbol, string _contractURI, address _royaltyRecipient, uint256 _royaltyBps) external nonpayable
+function initialize(address _defaultAdmin, string _name, string _symbol, string _contractURI, address[] _trustedForwarders, address _royaltyRecipient, uint256 _royaltyBps) external nonpayable
 ```
 
 
@@ -479,6 +479,7 @@ function initialize(address _defaultAdmin, string _name, string _symbol, string
 | _name | string | undefined |
 | _symbol | string | undefined |
 | _contractURI | string | undefined |
+| _trustedForwarders | address[] | undefined |
 | _royaltyRecipient | address | undefined |
 | _royaltyBps | uint256 | undefined |
 

lib/forge-std

@@ -508,7 +508,7 @@ contract MultiwrapTest is BaseTest {
         address recipient = address(0x123);
 
         vm.prank(address(tokenOwner));
-        vm.expectRevert("no tokens to bind");
+        vm.expectRevert("!Tokens");
         multiwrap.wrap(emptyContent, uriForWrappedToken, recipient);
     }
 

src/test/Multiwrap.t.sol

@@ -200,6 +200,11 @@ contract PackTest is BaseTest {
         pack.addPackContents(packId, additionalContents, additionalContentsRewardUnits, recipient);
     }
 
+    function test_checkForwarders() public {
+        assertTrue(pack.isTrustedForwarder(eoaForwarder));
+        assertTrue(pack.isTrustedForwarder(forwarder));
+    }
+
     /*///////////////////////////////////////////////////////////////
                         Unit tests: `createPack`
     //////////////////////////////////////////////////////////////*/
@@ -581,8 +586,9 @@ contract PackTest is BaseTest {
 
         address recipient = address(0x123);
 
+        bytes memory err = "!Len";
         vm.startPrank(address(tokenOwner));
-        vm.expectRevert("!Contents");
+        vm.expectRevert(err);
         pack.createPack(emptyContent, rewardUnits, packUri, 0, 1, recipient);
     }
 
@@ -594,8 +600,9 @@ contract PackTest is BaseTest {
 
         address recipient = address(0x123);
 
+        bytes memory err = "!Len";
         vm.startPrank(address(tokenOwner));
-        vm.expectRevert("!Rewards");
+        vm.expectRevert(err);
         pack.createPack(packContents, rewardUnits, packUri, 0, 1, recipient);
     }
 
@@ -760,7 +767,8 @@ contract PackTest is BaseTest {
 
         address randomRecipient = address(0x12345);
 
-        vm.expectRevert("!Recipient");
+        bytes memory err = "!Bal";
+        vm.expectRevert(err);
         vm.prank(address(tokenOwner));
         pack.addPackContents(packId, additionalContents, additionalContentsRewardUnits, randomRecipient);
     }
@@ -914,8 +922,9 @@ contract PackTest is BaseTest {
         vm.prank(address(tokenOwner));
         (, uint256 totalSupply) = pack.createPack(packContents, numOfRewardUnits, packUri, 0, 1, recipient);
 
+        bytes memory err = "!Bal";
         vm.startPrank(recipient, recipient);
-        vm.expectRevert("!Balance");
+        vm.expectRevert(err);
         pack.openPack(packId, totalSupply + 1);
     }
 
@@ -942,8 +951,9 @@ contract PackTest is BaseTest {
         vm.prank(address(tokenOwner));
         pack.createPack(packContents, numOfRewardUnits, packUri, 0, 1, recipient);
 
+        bytes memory err = "!Bal";
         vm.startPrank(recipient, recipient);
-        vm.expectRevert("!Balance");
+        vm.expectRevert(err);
         pack.openPack(2, 1);
     }
 

src/test/Pack.t.sol

@@ -107,14 +107,14 @@ contract ExtensionTokenBundle is DSTest, Test {
     function test_revert_createBundle_emptyBundle() public {
         ITokenBundle.Token[] memory emptyBundle;
 
-        vm.expectRevert("no tokens to bind");
+        vm.expectRevert("!Tokens");
         ext.createBundle(emptyBundle, 0);
     }
 
     function test_revert_createBundle_existingBundleId() public {
         ext.createBundle(bundleContent, 0);
 
-        vm.expectRevert("existent at bundleId");
+        vm.expectRevert("id exists");
         ext.createBundle(bundleContent, 0);
     }
 
@@ -246,7 +246,7 @@ contract ExtensionTokenBundle is DSTest, Test {
         ext.createBundle(bundleContent, 0);
 
         ITokenBundle.Token[] memory emptyBundle;
-        vm.expectRevert("no tokens to bind");
+        vm.expectRevert("!Tokens");
         ext.updateBundle(emptyBundle, 0);
     }
 

src/test/sdk/extension/TokenBundle.t.sol

@@ -10,6 +10,7 @@ import "../mocks/MockERC20.sol";
 import "../mocks/MockERC721.sol";
 import "../mocks/MockERC1155.sol";
 import "contracts/forwarder/Forwarder.sol";
+import { ForwarderEOAOnly } from "contracts/forwarder/ForwarderEOAOnly.sol";
 import "contracts/TWRegistry.sol";
 import "contracts/TWFactory.sol";
 import { Multiwrap } from "contracts/multiwrap/Multiwrap.sol";
@@ -41,6 +42,7 @@ abstract contract BaseTest is DSTest, Test {
     WETH9 public weth;
 
     address public forwarder;
+    address public eoaForwarder;
     address public registry;
     address public factory;
     address public fee;
@@ -71,6 +73,7 @@ abstract contract BaseTest is DSTest, Test {
         erc1155 = new MockERC1155();
         weth = new WETH9();
         forwarder = address(new Forwarder());
+        eoaForwarder = address(new ForwarderEOAOnly());
         registry = address(new TWRegistry(forwarder));
         factory = address(new TWFactory(forwarder, registry));
         contractPublisher = address(new ContractPublisher(forwarder, new MockContractPublisher()));
@@ -92,7 +95,7 @@ abstract contract BaseTest is DSTest, Test {
         TWFactory(factory).addImplementation(address(new Split()));
         TWFactory(factory).addImplementation(address(new Multiwrap(address(weth))));
         TWFactory(factory).addImplementation(address(new MockContract(bytes32("Pack"), 1)));
-        TWFactory(factory).addImplementation(address(new Pack(address(weth), forwarder)));
+        TWFactory(factory).addImplementation(address(new Pack(address(weth), eoaForwarder)));
         TWFactory(factory).addImplementation(address(new VoteERC20()));
         vm.stopPrank();
 
@@ -226,7 +229,10 @@ abstract contract BaseTest is DSTest, Test {
         );
         deployContractProxy(
             "Pack",
-            abi.encodeCall(Pack.initialize, (deployer, NAME, SYMBOL, CONTRACT_URI, royaltyRecipient, royaltyBps))
+            abi.encodeCall(
+                Pack.initialize,
+                (deployer, NAME, SYMBOL, CONTRACT_URI, forwarders(), royaltyRecipient, royaltyBps)
+            )
         );
     }