han/2025-01-cyfrin-pieces-protocol
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: han:main
Branches Tags
han:audit
han:audit-asahi
han:main
..
compare: han:audit
Branches Tags
han:audit
han:audit-asahi
han:main

17 Commits
main ... audit

Author SHA1 Message Date
han
7082e0bbc3 add test suite for sell and buy erc20 2025-01-22 23:54:13 +07:00
han
67295b4682 finish up test suite in claimNft 2025-01-22 16:15:18 +07:00
han
2443e5a16f add test suite for claimNft 2025-01-22 13:49:11 +07:00
han
4328ff75f4 add audit note 2025-01-20 23:53:47 +07:00
han
964e75dfd6 add test suites for DivideNFT audited function 2025-01-20 21:42:31 +07:00
han
4e07b8b28b setup unit testing 2025-01-20 01:15:16 +07:00
han
32b6089241 Merge branch 'audit-asahi' into audit 2025-01-19 22:59:19 +07:00
han
385c78651f Merge branch 'audit' of git.fbrns.co:han/2025-01-cyfrin-pieces-protocol into audit 2025-01-19 22:57:14 +07:00
han
1c7ff31322 prep audit test for divideNft 2025-01-19 17:57:32 +07:00
han
7d438f1c44 finish up contract audit comments 2025-01-19 17:22:25 +07:00
han
50370b5b0c add comment on TokenDividerTest 2025-01-19 16:43:31 +07:00
han
4a53c0dfa2 add audit comment 2025-01-19 12:24:02 +07:00
han
9055f078ba run forge fmt and leave audit notes up to claimNft 2025-01-17 21:18:33 +07:00
han
1157105b63 ignore vim buffer files 2025-01-17 21:18:05 +07:00
han
bede329cdf update dependencies 2025-01-17 21:17:52 +07:00
han
5b7b107375 install dependencies 2025-01-17 21:17:33 +07:00
han
20889f4985 remove github workflow 2025-01-17 16:40:56 +07:00
11 changed files with 1163 additions and 376 deletions
Show Stats Expand all files Collapse all files

45
.github/workflows/test.yml vendored
View File

@ -1,45 +0,0 @@
name: CI
on:
push:
pull_request:
workflow_dispatch:
env:
FOUNDRY_PROFILE: ci
jobs:
check:
strategy:
fail-fast: true
name: Foundry project
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Show Forge version
run: |
forge --version
- name: Run Forge fmt
run: |
forge fmt --check
id: fmt
- name: Run Forge build
run: |
forge build --sizes
id: build
- name: Run Forge tests
run: |
forge test -vvv
id: test

3
.gitignore vendored
View File

@ -12,3 +12,6 @@ docs/
# Dotenv file # Dotenv file
.env .env
# Vim buffer file
*.swp

2
.gitmodules vendored
View File

@ -3,7 +3,7 @@
url = https://github.com/foundry-rs/forge-std url = https://github.com/foundry-rs/forge-std
[submodule "lib/openzeppelin-contracts"] [submodule "lib/openzeppelin-contracts"]
path = lib/openzeppelin-contracts path = lib/openzeppelin-contracts
url = https://github.com/openzeppelin/openzeppelin-contracts url = https://github.com/OpenZeppelin/openzeppelin-contracts
[submodule "lib/foundry-devops"] [submodule "lib/foundry-devops"]
path = lib/foundry-devops path = lib/foundry-devops
url = https://github.com/Cyfrin/foundry-devops url = https://github.com/Cyfrin/foundry-devops

1
lib/forge-std Submodule

@ -0,0 +1 @@
Subproject commit b93cf4bc34ff214c099dc970b153f85ade8c9f66

1
lib/foundry-devops Submodule

@ -0,0 +1 @@
Subproject commit 90b6dde61322b916020d396817023602f4ef96ed

1
lib/openzeppelin-contracts Submodule

@ -0,0 +1 @@
Subproject commit acd4ff74de833399287ed6b31b4debf6b2b35527

671
src/TokenDivider.sol
View File

@ -1,327 +1,344 @@
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
pragma solidity ^0.8.18; pragma solidity ^0.8.18;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol"; import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {ERC20ToGenerateNftFraccion} from "src/token/ERC20ToGenerateNftFraccion.sol"; import {ERC20ToGenerateNftFraccion} from "src/token/ERC20ToGenerateNftFraccion.sol";
import {IERC721, ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol"; import {IERC721, ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol"; import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol"; import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
/** /**
* @title TokenDivider * @title TokenDivider
* @author Juan Pedro Ventura Baltian, 14 years old * @author Juan Pedro Ventura Baltian, 14 years old
* @notice This contracts was created, with the intention to make a new market of nft franctions * @notice This contracts was created, with the intention to make a new market of nft franctions
* There are a function to divide an nft, then you can sell and buy some fraction of nft, that are basicaly * There are a function to divide an nft, then you can sell and buy some fraction of nft, that are basicaly
* erc20 tokens, each nft pegged to an nft.There are some validations, to make the platforme the most secure * erc20 tokens, each nft pegged to an nft.There are some validations, to make the platforme the most secure
* as possible.This is the first project that i code alone, in blockchain, foundry and solidity. * as possible.This is the first project that i code alone, in blockchain, foundry and solidity.
* Thank you so much for read it. * Thank you so much for read it.
*/ */
contract TokenDivider is IERC721Receiver, Ownable {
error TokenDivider__NotFromNftOwner();
contract TokenDivider is IERC721Receiver,Ownable { error TokenDivider__NotEnoughErc20Balance();
error TokenDivider__NftTransferFailed();
error TokenDivider__NotFromNftOwner(); error TokenDivider__InsuficientBalance();
error TokenDivider__NotEnoughErc20Balance(); error TokenDivider__CantTransferToAddressZero();
error TokenDivider__NftTransferFailed(); error TokenDivider__TransferFailed();
error TokenDivider__InsuficientBalance(); error TokenDivider__NftAddressIsZero();
error TokenDivider__CantTransferToAddressZero(); error TokenDivider__AmountCantBeZero();
error TokenDivider__TransferFailed(); error TokenDivider__InvalidSeller();
error TokenDivider__NftAddressIsZero(); error TokenDivier__InvalidAmount();
error TokenDivider__AmountCantBeZero(); error TokenDivider__IncorrectEtherAmount();
error TokenDivider__InvalidSeller(); error TokenDivider__InsuficientEtherForFees();
error TokenDivier__InvalidAmount();
error TokenDivider__IncorrectEtherAmount(); struct ERC20Info {
error TokenDivider__InsuficientEtherForFees(); address erc20Address;
uint256 tokenId;
struct ERC20Info { }
address erc20Address;
uint256 tokenId; struct SellOrder {
} address seller;
address erc20Address;
struct SellOrder { uint256 price;
address seller; uint256 amount;
address erc20Address; }
uint256 price;
uint256 amount; /**
} * @dev balances Relates a user with an amount of a erc20 token, this erc20 tokens is an nft fraction
*
* @dev nftToErc20Info Relates an nft with the erc20 pegged, and othe data like the erc20 amount, or the tokenId
/** *
* @dev balances Relates a user with an amount of a erc20 token, this erc20 tokens is an nft fraction * @dev s_userToSellOrders Relates a user with an array of sell orders, that each sell order
* has a seller, an erc20 that is the token to sell, a price and an amount of erc20 to sell
@dev nftToErc20Info Relates an nft with the erc20 pegged, and othe data like the erc20 amount, or the tokenId */
mapping(address user => mapping(address erc20Address => uint256 amount)) balances;
@dev s_userToSellOrders Relates a user with an array of sell orders, that each sell order mapping(address nft => ERC20Info) nftToErc20Info;
has a seller, an erc20 that is the token to sell, a price and an amount of erc20 to sell mapping(address user => SellOrder[] orders) s_userToSellOrders;
mapping(address erc20 => address nft) erc20ToNft;
*/ mapping(address erc20 => uint256 totalErc20Minted) erc20ToMintedAmount;
mapping(address user => mapping(address erc20Address => uint256 amount)) balances;
mapping(address nft => ERC20Info) nftToErc20Info; event NftDivided(address indexed nftAddress, uint256 indexed amountErc20Minted, address indexed erc20Minted);
mapping(address user => SellOrder[] orders) s_userToSellOrders; event NftClaimed(address indexed nftAddress);
mapping(address erc20 => address nft) erc20ToNft; event TokensTransfered(uint256 indexed amount, address indexed erc20Address);
mapping(address erc20 => uint256 totalErc20Minted) erc20ToMintedAmount; event OrderPublished(uint256 indexed amount, address indexed seller, address indexed nftPegged);
event OrderSelled(address indexed buyer, uint256 price);
event NftDivided(address indexed nftAddress, uint256 indexed amountErc20Minted, address indexed erc20Minted);
event NftClaimed(address indexed nftAddress); /**
event TokensTransfered(uint256 indexed amount, address indexed erc20Address); *
event OrderPublished(uint256 indexed amount, address indexed seller, address indexed nftPegged); * Only the owner of the nft can call a function with this modifier
event OrderSelled(address indexed buyer, uint256 price); */
modifier onlyNftOwner(address nft, uint256 tokenId) {
if (msg.sender != IERC721(nft).ownerOf(tokenId)) {
/** revert TokenDivider__NotFromNftOwner();
* }
* Only the owner of the nft can call a function with this modifier _;
*/ }
modifier onlyNftOwner(address nft, uint256 tokenId) {
if(msg.sender != IERC721(nft).ownerOf(tokenId)) { constructor() Ownable(msg.sender) {}
revert TokenDivider__NotFromNftOwner();
} /**
_; * @dev Handles the receipt of an ERC721 token. This function is called whenever an ERC721 token is transferred to this contract.
} */
function onERC721Received(
constructor() Ownable(msg.sender) {} address, /* operator */
address, /* from */
uint256, /* tokenId */
bytes calldata /* data */
/** ) external pure override returns (bytes4) {
* @dev Handles the receipt of an ERC721 token. This function is called whenever an ERC721 token is transferred to this contract. // Return this value to confirm the receipt of the NFT
*/ return this.onERC721Received.selector;
function onERC721Received( }
address /* operator */,
address /* from */, /**
uint256 /* tokenId */, *
bytes calldata /* data */ * @param nftAddress The addres of the nft to divide
) external pure override returns (bytes4) { * @param tokenId The id of the token to divide
// Return this value to confirm the receipt of the NFT * @param amount The amount of erc20 tokens to mint for the nft
return this.onERC721Received.selector; *
} * @dev in this function, the nft passed as parameter, is locked by transfering it to this contract, then, it gives to the
* person calling this function an amount of erc20, beeing like a fraction of this nft.
/** */
* function divideNft(address nftAddress, uint256 tokenId, uint256 amount)
* @param nftAddress The addres of the nft to divide external
* @param tokenId The id of the token to divide onlyNftOwner(nftAddress, tokenId)
* @param amount The amount of erc20 tokens to mint for the nft onlyNftOwner(nftAddress, tokenId)
* {
* @dev in this function, the nft passed as parameter, is locked by transfering it to this contract, then, it gives to the if (nftAddress == address(0)) revert TokenDivider__NftAddressIsZero();
* person calling this function an amount of erc20, beeing like a fraction of this nft. if (amount == 0) revert TokenDivider__AmountCantBeZero();
*/ // @audit: there is no checking of inExistence tokenId, it might handled on modifier but need to check
// @audit-report: dependency has its own check
function divideNft(address nftAddress, uint256 tokenId, uint256 amount) onlyNftOwner(nftAddress, tokenId) onlyNftOwner(nftAddress ,tokenId) external {
ERC20ToGenerateNftFraccion erc20Contract = new ERC20ToGenerateNftFraccion(
string(abi.encodePacked(ERC721(nftAddress).name(), "Fraccion")),
if(nftAddress == address(0)) { revert TokenDivider__NftAddressIsZero(); } string(abi.encodePacked("F", ERC721(nftAddress).symbol()))
if(amount == 0) { revert TokenDivider__AmountCantBeZero(); } );
ERC20ToGenerateNftFraccion erc20Contract = new ERC20ToGenerateNftFraccion( // @audit: can we mint again? out of this function?
string(abi.encodePacked(ERC721(nftAddress).name(), "Fraccion")), // @audit-finding: low
string(abi.encodePacked("F", ERC721(nftAddress).symbol()))); // @audit-report: yes it can be minted again. It should not be able to do so.
// @audit-report: but so far this contract only handle the recorded ERC20 transactions
erc20Contract.mint(address(this), amount); erc20Contract.mint(address(this), amount);
address erc20 = address(erc20Contract); address erc20 = address(erc20Contract);
IERC721(nftAddress).safeTransferFrom(msg.sender, address(this), tokenId, ""); IERC721(nftAddress).safeTransferFrom(msg.sender, address(this), tokenId, "");
if(IERC721(nftAddress).ownerOf(tokenId) == msg.sender) { revert TokenDivider__NftTransferFailed(); } // @audit: what if we send the NFT to other address during this period?
// @audit-report: you cannot send the NFT to other address, related to unit testing test_failIf_sendNFTDuringDivide
balances[msg.sender][erc20] = amount; if (IERC721(nftAddress).ownerOf(tokenId) == msg.sender) revert TokenDivider__NftTransferFailed();
nftToErc20Info[nftAddress] = ERC20Info({erc20Address: erc20, tokenId: tokenId});
erc20ToMintedAmount[erc20] = amount; balances[msg.sender][erc20] = amount;
erc20ToNft[erc20] = nftAddress; // @audit: what happen if the given nft address already registered in this CA, then another token id register again?
// @audit-finding: high (critical)
emit NftDivided(nftAddress, amount, erc20); // @audit-report: it overrides the previous divided NFT. The previously ERC20 tokens of divided NFT is no longer usable.
nftToErc20Info[nftAddress] = ERC20Info({erc20Address: erc20, tokenId: tokenId});
bool transferSuccess = IERC20(erc20).transfer(msg.sender, amount); erc20ToMintedAmount[erc20] = amount;
if(!transferSuccess) { erc20ToNft[erc20] = nftAddress;
revert TokenDivider__TransferFailed();
} emit NftDivided(nftAddress, amount, erc20);
}
bool transferSuccess = IERC20(erc20).transfer(msg.sender, amount);
/** if (!transferSuccess) {
* revert TokenDivider__TransferFailed();
* @param nftAddress The address of the nft to claim }
* }
* @dev in this function, if you have all the erc20 minted for the nft, you can call this function to claim the nft,
* giving to the contract all the erc20 and it will give you back the nft /**
*/ *
* @param nftAddress The address of the nft to claim
function claimNft(address nftAddress) external { *
* @dev in this function, if you have all the erc20 minted for the nft, you can call this function to claim the nft,
if(nftAddress == address(0)) { * giving to the contract all the erc20 and it will give you back the nft
revert TokenDivider__NftAddressIsZero(); */
} function claimNft(address nftAddress) external {
// @audit: check with "counterfeit" token
ERC20Info storage tokenInfo = nftToErc20Info[nftAddress]; // @audit-report: the "counterfeit" or extra minted token is not registered in this contract so its not working. tested test_failIf_claimNftWithCounterfeitNFT
if (nftAddress == address(0)) {
if(balances[msg.sender][tokenInfo.erc20Address] < erc20ToMintedAmount[tokenInfo.erc20Address]) { revert TokenDivider__NftAddressIsZero();
revert TokenDivider__NotEnoughErc20Balance(); }
}
// @audit: what if the nft address is not stored?
ERC20ToGenerateNftFraccion(tokenInfo.erc20Address).burnFrom(msg.sender, erc20ToMintedAmount[tokenInfo.erc20Address]); // @audit-report: it returns weird error but you can't claim nft with inexistence nft address test_failIf_notExistingNftAddress
ERC20Info storage tokenInfo = nftToErc20Info[nftAddress];
balances[msg.sender][tokenInfo.erc20Address] = 0;
erc20ToMintedAmount[tokenInfo.erc20Address] = 0; if (balances[msg.sender][tokenInfo.erc20Address] < erc20ToMintedAmount[tokenInfo.erc20Address]) {
revert TokenDivider__NotEnoughErc20Balance();
emit NftClaimed(nftAddress); }
IERC721(nftAddress).safeTransferFrom(address(this), msg.sender, tokenInfo.tokenId); // @audit: what if token already sent to other address through ERC20 send function
} // @audit-report: there is an error which doesn't procceed the transaction further and it reverts
ERC20ToGenerateNftFraccion(tokenInfo.erc20Address).burnFrom(
msg.sender, erc20ToMintedAmount[tokenInfo.erc20Address]
/** );
*
* @param nftAddress The nft address pegged to the erc20 balances[msg.sender][tokenInfo.erc20Address] = 0;
* @param to The reciver of the erc20 erc20ToMintedAmount[tokenInfo.erc20Address] = 0;
* @param amount The amount of erc20 to transfer
* emit NftClaimed(nftAddress);
* @dev you can use this function to transfer nft franctions 100% securily and registered by te contract
*/ // @audit: what happen if there is overlaps in same NFT address with different token id? will someone get a different NFT?
// @audit-finding: high
function transferErcTokens(address nftAddress,address to, uint256 amount) external { // @audit-report: you cannot claim the previous NFT with a weird error
IERC721(nftAddress).safeTransferFrom(address(this), msg.sender, tokenInfo.tokenId);
if(nftAddress == address(0)) { }
revert TokenDivider__NftAddressIsZero();
} /**
*
if(to == address(0)) { * @param nftAddress The nft address pegged to the erc20
revert TokenDivider__CantTransferToAddressZero(); * @param to The reciver of the erc20
} * @param amount The amount of erc20 to transfer
*
if(amount == 0) { * @dev you can use this function to transfer nft franctions 100% securily and registered by te contract
revert TokenDivider__AmountCantBeZero(); */
} function transferErcTokens(address nftAddress, address to, uint256 amount) external {
// @audit: check with "counterfeit" token
ERC20Info memory tokenInfo = nftToErc20Info[nftAddress]; if (nftAddress == address(0)) {
revert TokenDivider__NftAddressIsZero();
if(to == address(0)) { }
revert TokenDivider__CantTransferToAddressZero();
} if (to == address(0)) {
if(balances[msg.sender][tokenInfo.erc20Address] < amount) { revert TokenDivider__CantTransferToAddressZero();
revert TokenDivider__NotEnoughErc20Balance(); }
}
if (amount == 0) {
balances[msg.sender][tokenInfo.erc20Address] -= amount; revert TokenDivider__AmountCantBeZero();
balances[to][tokenInfo.erc20Address] += amount; }
emit TokensTransfered(amount, tokenInfo.erc20Address); ERC20Info memory tokenInfo = nftToErc20Info[nftAddress];
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender,to, amount); if (to == address(0)) {
} revert TokenDivider__CantTransferToAddressZero();
}
/** if (balances[msg.sender][tokenInfo.erc20Address] < amount) {
* revert TokenDivider__NotEnoughErc20Balance();
* @param nftPegged The nft address pegged to the tokens to sell }
* @param price The price of all the tokens to sell
* @param amount The amount of tokens to sell balances[msg.sender][tokenInfo.erc20Address] -= amount;
* balances[to][tokenInfo.erc20Address] += amount;
* @dev this function creates a new order, is like publish you assets into a marketplace, where other persons can buy it.
* firstly, once you call this function, the amount of tokens that you passed into as a parameter, get blocked, by sending it emit TokensTransfered(amount, tokenInfo.erc20Address);
* to this contract, then a new order is created and published.
*/ IERC20(tokenInfo.erc20Address).transferFrom(msg.sender, to, amount);
}
function sellErc20(address nftPegged, uint256 price,uint256 amount) external {
if(nftPegged == address(0)) { /**
revert TokenDivider__NftAddressIsZero(); *
} * @param nftPegged The nft address pegged to the tokens to sell
* @param price The price of all the tokens to sell
if( amount == 0) { * @param amount The amount of tokens to sell
revert TokenDivider__AmountCantBeZero(); *
} * @dev this function creates a new order, is like publish you assets into a marketplace, where other persons can buy it.
* firstly, once you call this function, the amount of tokens that you passed into as a parameter, get blocked, by sending it
ERC20Info memory tokenInfo = nftToErc20Info[nftPegged]; * to this contract, then a new order is created and published.
if(balances[msg.sender][tokenInfo.erc20Address] < amount) { */
revert TokenDivider__InsuficientBalance(); function sellErc20(address nftPegged, uint256 price, uint256 amount) external {
} // @audit: check with "counterfeit" token
if (nftPegged == address(0)) {
balances[msg.sender][tokenInfo.erc20Address] -= amount; revert TokenDivider__NftAddressIsZero();
}
s_userToSellOrders[msg.sender].push(
SellOrder({ if (amount == 0) {
seller: msg.sender, revert TokenDivider__AmountCantBeZero();
erc20Address: tokenInfo.erc20Address, }
price: price, // @audit: no check for 0 price?
amount: amount // @audit-report: no check but it successfully transfer the given amount without transfering the given ether
})
); ERC20Info memory tokenInfo = nftToErc20Info[nftPegged];
if (balances[msg.sender][tokenInfo.erc20Address] < amount) {
emit OrderPublished(amount,msg.sender, nftPegged); revert TokenDivider__InsuficientBalance();
}
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender,address(this), amount);
} balances[msg.sender][tokenInfo.erc20Address] -= amount; // token amount reduced from its holder on sell order even tho no one buy it
// push sell order to array of sender
/** s_userToSellOrders[msg.sender].push(
* SellOrder({seller: msg.sender, erc20Address: tokenInfo.erc20Address, price: price, amount: amount})
* @param orderIndex The index of the order in all the orders array of the seller (the seller can have multiple orders active) );
* @param seller The person who is selling this tokens
* emit OrderPublished(amount, msg.sender, nftPegged);
* @dev when the buyer call this function, the eth or any token accepted to pay, is sent to the seller
* if the transfer executed correctly, then this contract, wich has all the tokens, send the tokens to the msg.sender // send erc20 token from owner to this contract
*/ // @audit: what if the owner of ERC20 rejected this transaction?
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender, address(this), amount);
function buyOrder(uint256 orderIndex, address seller) external payable { }
if(seller == address(0)) {
revert TokenDivider__InvalidSeller(); /**
} *
* @param orderIndex The index of the order in all the orders array of the seller (the seller can have multiple orders active)
* @param seller The person who is selling this tokens
*
SellOrder memory order = s_userToSellOrders[seller][orderIndex]; * @dev when the buyer call this function, the eth or any token accepted to pay, is sent to the seller
* if the transfer executed correctly, then this contract, wich has all the tokens, send the tokens to the msg.sender
if(msg.value < order.price) { */
revert TokenDivider__IncorrectEtherAmount(); function buyOrder(uint256 orderIndex, address seller) external payable {
} // @audit: check with "counterfeit" token
if (seller == address(0)) {
uint256 fee = order.price / 100; revert TokenDivider__InvalidSeller();
uint256 sellerFee = fee / 2; }
SellOrder memory order = s_userToSellOrders[seller][orderIndex];
if(msg.value < order.price + sellerFee) {
revert TokenDivider__InsuficientEtherForFees(); // msg.value can be greater than order price?
} if (msg.value < order.price) {
revert TokenDivider__IncorrectEtherAmount();
}
balances[msg.sender][order.erc20Address] += order.amount;
// if price 100, then fee is 1
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1]; uint256 fee = order.price / 100;
s_userToSellOrders[seller].pop(); // if price 100, then seller fee is 0.5
uint256 sellerFee = fee / 2;
emit OrderSelled(msg.sender, order.price);
if (msg.value < order.price + sellerFee) {
// Transfer The Ether revert TokenDivider__InsuficientEtherForFees();
}
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
// record erc20 amount on storage variable onchain
if(!success) { balances[msg.sender][order.erc20Address] += order.amount;
revert TokenDivider__TransferFailed();
} // override the current orderIndex with tail, then pop the tail out of array
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
(bool taxSuccess, ) = payable(owner()).call{value: fee}(""); s_userToSellOrders[seller].pop();
emit OrderSelled(msg.sender, order.price);
if(!taxSuccess) {
revert TokenDivider__TransferFailed(); // Transfer The Ether
}
// send ether to seller, reduced with seller fee
IERC20(order.erc20Address).transfer(msg.sender, order.amount); (bool success,) = payable(order.seller).call{value: (order.price - sellerFee)}("");
} if (!success) {
revert TokenDivider__TransferFailed();
/** Getters */ }
function getBalanceOf(address user, address token) public view returns(uint256) { // send "fee" to "owner"?
return balances[user][token]; // @audit: if buyer needs to pay price + seller fee. then seller is given price - seller fee. does fee is guarranted to be paid by buyer?
} // @audit-report: yes it does. if the price is 0, then there is no value increase
// @audit: who owner?
function getErc20TotalMintedAmount(address erc20) public view returns(uint256) { // @audit-report: the deployer
return erc20ToMintedAmount[erc20]; (bool taxSuccess,) = payable(owner()).call{value: fee}("");
}
if (!taxSuccess) {
function getErc20InfoFromNft(address nft) public view returns(ERC20Info memory) { revert TokenDivider__TransferFailed();
return nftToErc20Info[nft]; }
}
// send erc20 token to buyer address
function getOrderPrice(address seller, uint256 index) public view returns(uint256 price) { IERC20(order.erc20Address).transfer(msg.sender, order.amount);
price = s_userToSellOrders[seller][index].price; }
}
/**
} * Getters
*/
function getBalanceOf(address user, address token) public view returns (uint256) {
return balances[user][token];
}
function getErc20TotalMintedAmount(address erc20) public view returns (uint256) {
return erc20ToMintedAmount[erc20];
}
function getErc20InfoFromNft(address nft) public view returns (ERC20Info memory) {
return nftToErc20Info[nft];
}
function getOrderPrice(address seller, uint256 index) public view returns (uint256 price) {
price = s_userToSellOrders[seller][index].price;
}
}

293
test/unit/TokenDividerTest.audit.claimNft.t.sol Normal file
View File

@ -0,0 +1,293 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.18;
import {Test} from 'forge-std/Test.sol';
import {DeployTokenDivider} from 'script/DeployTokenDivider.s.sol';
import {TokenDivider} from 'src/TokenDivider.sol';
import {ERC721Mock} from '../mocks/ERC721Mock.sol';
import {ERC20Mock} from '@openzeppelin/contracts/mocks/token/ERC20Mock.sol';
contract TokenDividerClaimTest is Test {
DeployTokenDivider deployer;
TokenDivider tokenDivider;
ERC721Mock erc721Mock;
address public USER = makeAddr("user");
address public USER2 = makeAddr("user2");
uint256 constant public STARTING_USER_BALANCE = 10e18;
uint256 constant public AMOUNT = 2e18;
uint256 constant public TOKEN_ID = 0;
function setUp() public {
deployer = new DeployTokenDivider();
tokenDivider = deployer.run();
erc721Mock = new ERC721Mock();
erc721Mock.mint(USER);
// divide the ERC721 and mint ERC20
vm.startPrank(USER);
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
}
function test_assertSetUp() public {
erc721Mock.mint(USER);
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT
);
}
function test_claimNftSuccessfully() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), AMOUNT);
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(
address(USER),
address(erc20Mock)
),
0
);
assertEq(
tokenDivider.getErc20TotalMintedAmount(
address(erc20Mock)
),
0
);
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(USER)
);
assertEq(
erc20Mock.balanceOf(
address(USER)
),
0
);
}
function test_failIf_claimNftWithCounterfeitNFT() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
vm.startPrank(USER2);
erc20Mock.mint(address(USER2), AMOUNT);
erc20Mock.approve(address(tokenDivider), AMOUNT);
vm.expectRevert(
TokenDivider.TokenDivider__NotEnoughErc20Balance.selector
);
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
}
function test_failIf_notExistingNftAddress() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), AMOUNT);
tokenDivider.claimNft(address(1));
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(
address(USER),
address(erc20Mock)
),
0
);
assertEq(
tokenDivider.getErc20TotalMintedAmount(
address(erc20Mock)
),
0
);
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(USER)
);
assertEq(
erc20Mock.balanceOf(
address(USER)
),
0
);
}
function test_failIf_ERC20SentToOtherOnClaim() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
assertEq(
erc20Mock.balanceOf(
address(USER)
),
AMOUNT
);
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), AMOUNT);
erc20Mock.transfer(
address(USER2),
AMOUNT
);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(
address(USER),
address(erc20Mock)
),
AMOUNT
);
assertEq(
tokenDivider.getBalanceOf(
address(USER2),
address(erc20Mock)
),
0
);
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), AMOUNT);
vm.expectRevert();
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
}
function test_failIf_claimOverlappingNFTWithDifferentId() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
// mint ERC721 with new TOKEN_ID
erc721Mock.mint(USER2);
uint256 newTokenId = TOKEN_ID + 1;
vm.startPrank(USER2);
erc721Mock.approve(address(tokenDivider), newTokenId);
tokenDivider.divideNft(
address(erc721Mock),
newTokenId,
AMOUNT
);
vm.stopPrank();
ERC20Mock erc20MockWithNewTokenId = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
assertEq(
erc721Mock.ownerOf(newTokenId),
address(tokenDivider)
);
// assert if USER2 has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(
USER2,
address(erc20MockWithNewTokenId)
),
AMOUNT
);
// USER2 claim NFT
vm.startPrank(USER2);
erc20MockWithNewTokenId.approve(
address(tokenDivider),
AMOUNT
);
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
assertEq(
erc721Mock.ownerOf(newTokenId),
address(USER2)
);
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert ERC20 address before USER claim NFT
// @audit-report: it returns different erc20 address
// @dev: feel free to uncomment to see the error
/*
assertEq(
address(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
),
address(erc20Mock)
);
*/
// USER claim NFT
vm.startPrank(USER2);
erc20MockWithNewTokenId.approve(
address(tokenDivider),
AMOUNT
);
// @dev: it weirdly returns ERC721InsufficientApproval
// despite its already approved in above.
// maybe because of different ERC20 address?
// @dev: changing the ERC20 address and the USER prank
// doesn't help
/*
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(USER)
);
*/
}
}

279
test/unit/TokenDividerTest.audit.divideNft.t.sol Normal file
View File

@ -0,0 +1,279 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.18;
import {Test, console} from 'forge-std/Test.sol';
import {DeployTokenDivider} from 'script/DeployTokenDivider.s.sol';
import {TokenDivider} from 'src/TokenDivider.sol';
import {ERC721Mock} from '../mocks/ERC721Mock.sol';
import {ERC20Mock} from '@openzeppelin/contracts/mocks/token/ERC20Mock.sol';
import {Ownable} from '@openzeppelin/contracts/access/Ownable.sol';
contract TokenDividerDivideTest is Test {
DeployTokenDivider deployer;
TokenDivider tokenDivider;
ERC721Mock erc721Mock;
address public USER = makeAddr("user");
address public USER2 = makeAddr("user2");
uint256 constant public STARTING_USER_BALANCE = 10e18;
uint256 constant public AMOUNT = 2e18;
uint256 constant public TOKEN_ID = 0;
function setUp() public {
deployer = new DeployTokenDivider();
tokenDivider = deployer.run();
erc721Mock = new ERC721Mock();
erc721Mock.mint(USER); // @auditor: user has the NFT
vm.deal(USER2, STARTING_USER_BALANCE); // @auditor: user2 got 10 ether
}
function test_assertSetUp() public view {
// USER has the ERC721 NFT of TOKEN_ID
assertTrue(address(erc721Mock.ownerOf(TOKEN_ID)) == address(USER));
// USER2 has no ERC721 NFT of TOKEN_ID
assertTrue(address(erc721Mock.ownerOf(TOKEN_ID)) != address(USER2));
}
function test_divideNftSuccessfully() public {
vm.startPrank(USER);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT
);
}
function test_failIf_sendNFTDuringDivide() public {
vm.startPrank(USER);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
// send the NFT to USER2
erc721Mock.safeTransferFrom(
address(USER),
address(USER2),
TOKEN_ID
);
vm.expectRevert(
TokenDivider.TokenDivider__NotFromNftOwner.selector
);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
}
function test_sendNFTBeforeDivide() public {
vm.startPrank(USER);
// send the NFT to USER2
erc721Mock.safeTransferFrom(
address(USER),
address(USER2),
TOKEN_ID
);
vm.stopPrank();
vm.startPrank(USER2);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address
);
// assert if USER2 has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER2, address(erc20Mock)),
AMOUNT
);
}
function test_failIf_nonExistenceNftTokenId() public {
vm.startPrank(USER);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
vm.expectRevert();
tokenDivider.divideNft(
address(erc721Mock),
404,
AMOUNT
);
vm.stopPrank();
}
function test_failWhen_reMintTheDividedERC20Token() public {
vm.startPrank(USER);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT
);
vm.startPrank(USER2);
erc20Mock.mint(address(USER2), AMOUNT);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(
USER,
address(erc20Mock)
),
AMOUNT
);
assertEq(
tokenDivider.getBalanceOf(
USER2,
address(erc20Mock)
),
erc20Mock.balanceOf(address(USER2))
);
assertEq(
erc20Mock.totalSupply(),
AMOUNT
);
}
function test_divideSameNFTAddressWithDifferentTokenId() public {
vm.startPrank(USER);
// approve the NFT to receive the NFT in USER
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT
);
uint256 counterfeitTokenId = TOKEN_ID + 1;
erc721Mock.mint(USER2);
assertEq(
erc721Mock.ownerOf(counterfeitTokenId),
address(USER2)
);
// USER2 divide the counterfeit
vm.startPrank(USER2);
// approve the NFT to receive the NFT in USER2
erc721Mock.approve(
address(tokenDivider),
counterfeitTokenId
);
tokenDivider.divideNft(
address(erc721Mock),
counterfeitTokenId,
AMOUNT
);
vm.stopPrank();
// now both of users (USER and USER2) has the same amount of registered ERC20 tokens despite it refer to different NFT Token Id
ERC20Mock erc20MockCounterfeit = ERC20Mock(
tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(counterfeitTokenId),
address(tokenDivider)
);
// assert if previous NFT is still being hold by contract
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert if USER2 has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(
USER2,
address(erc20MockCounterfeit)
),
AMOUNT
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(
USER,
address(erc20MockCounterfeit)
),
AMOUNT
);
}
}

237
test/unit/TokenDividerTest.audit.sellErc20.t.sol Normal file
View File

@ -0,0 +1,237 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.18;
import {Test} from 'forge-std/Test.sol';
import {DeployTokenDivider} from 'script/DeployTokenDivider.s.sol';
import {TokenDivider} from 'src/TokenDivider.sol';
import {ERC721Mock} from '../mocks/ERC721Mock.sol';
import {ERC20Mock} from '@openzeppelin/contracts/mocks/token/ERC20Mock.sol';
contract TokenDividerSellTest is Test {
DeployTokenDivider deployer;
TokenDivider tokenDivider;
ERC721Mock erc721Mock;
address public USER = makeAddr("user");
address public USER2 = makeAddr("user2");
uint256 constant public STARTING_USER_BALANCE = 10e18;
uint256 constant public AMOUNT = 2e18;
uint256 constant public TOKEN_ID = 0;
function setUp() public {
deployer = new DeployTokenDivider();
tokenDivider = deployer.run();
erc721Mock = new ERC721Mock();
erc721Mock.mint(USER);
// divide the ERC721 and mint ERC20
vm.startPrank(USER);
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(
address(erc721Mock),
TOKEN_ID,
AMOUNT
);
vm.stopPrank();
}
function test_assertSetUp() public {
erc721Mock.mint(USER);
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
// assert if NFT already moved to tokenDivider
assertEq(
erc721Mock.ownerOf(TOKEN_ID),
address(tokenDivider)
);
// assert if USER has the ERC20 token
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT
);
}
function test_sellErc20() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
uint256 sellAmount = 1;
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), sellAmount);
tokenDivider.sellErc20(
address(erc721Mock),
1,
sellAmount
);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT - 1
);
}
function test_sellErc20WithZeroPrice() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
uint256 sellAmount = 1e17;
uint256 sellPrice = 0;
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), sellAmount);
tokenDivider.sellErc20(
address(erc721Mock),
sellPrice,
sellAmount
);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT - sellAmount
);
assertEq(
sellPrice,
tokenDivider.getOrderPrice(
address(USER),
0 // index of order price
)
);
}
function test_sellAndBuyErc20() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
uint256 sellAmount = 1e17;
uint256 sellPrice = 1 ether;
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), sellAmount);
tokenDivider.sellErc20(
address(erc721Mock),
sellPrice,
sellAmount
);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT - sellAmount
);
uint256 buyPrice = sellPrice + ((sellPrice / 100) / 2);
vm.deal(
address(USER2),
buyPrice
);
uint256 contractInitialBalance = address(
tokenDivider.owner()
).balance;
assertEq(
address(USER).balance,
0
);
vm.startPrank(USER2);
tokenDivider.buyOrder{value: buyPrice}(
0,
address(USER)
);
vm.stopPrank();
assertEq(
erc20Mock.balanceOf(address(USER2)),
sellAmount
);
uint256 sellerFee = buyPrice - sellPrice;
assertEq(
address(
tokenDivider.owner()
).balance - contractInitialBalance,
sellerFee * 2
);
assertEq(
address(USER).balance,
sellPrice - sellerFee
);
}
function test_sellAndBuyErc20With0Price() public {
ERC20Mock erc20Mock = ERC20Mock(
tokenDivider.getErc20InfoFromNft(
address(erc721Mock)
).erc20Address
);
uint256 sellAmount = 1e17;
uint256 sellPrice = 0 ether;
vm.startPrank(USER);
erc20Mock.approve(address(tokenDivider), sellAmount);
tokenDivider.sellErc20(
address(erc721Mock),
sellPrice,
sellAmount
);
vm.stopPrank();
assertEq(
tokenDivider.getBalanceOf(USER, address(erc20Mock)),
AMOUNT - sellAmount
);
uint256 buyPrice = sellPrice + ((sellPrice / 100) / 2);
vm.deal(
address(USER2),
buyPrice
);
uint256 contractInitialBalance = address(
tokenDivider.owner()
).balance;
assertEq(
address(USER).balance,
0
);
vm.startPrank(USER2);
tokenDivider.buyOrder{value: buyPrice}(
0,
address(USER)
);
vm.stopPrank();
assertEq(
erc20Mock.balanceOf(address(USER2)),
sellAmount
);
uint256 sellerFee = buyPrice - sellPrice;
assertEq(
address(
tokenDivider.owner()
).balance - contractInitialBalance,
sellerFee * 2
);
assertEq(
address(USER).balance,
sellPrice - sellerFee
);
}
}

6
test/unit/TokenDividerTest.t.sol
View File

@ -27,8 +27,8 @@ contract TokenDiverTest is Test {
erc721Mock = new ERC721Mock(); erc721Mock = new ERC721Mock();
erc721Mock.mint(USER); erc721Mock.mint(USER); // @auditor: user has the NFT
vm.deal(USER2, STARTING_USER_BALANCE); vm.deal(USER2, STARTING_USER_BALANCE); // @auditor: user2 got 10 ether
} }
function testDivideNft() public { function testDivideNft() public {
@ -151,4 +151,4 @@ contract TokenDiverTest is Test {
} }
} }
} }