Internal Audit Fixes (#41)

rzmahmood · web-flow · commit 279478a8b4dd · 2023-07-05T11:17:43.000+10:00
diff --git a/contracts/mocks/MockMarketplace.sol b/contracts/mocks/MockMarketplace.sol
@@ -16,6 +16,18 @@ contract MockMarketplace {
         tokenAddress.transferFrom(msg.sender, recipient, _tokenId);
     }
 
+    function executeTransferFrom(
+        address from,
+        address to,
+        uint256 _tokenId
+    ) public {
+        tokenAddress.transferFrom(from, to, _tokenId);
+    }
+
+    function executeApproveForAll(address operator, bool approved) public {
+        tokenAddress.setApprovalForAll(operator, approved);
+    }
+
     function executeTransferRoyalties(
         address from,
         address recipient,
diff --git a/contracts/token/erc721/abstract/ImmutableERC721Base.sol b/contracts/token/erc721/abstract/ImmutableERC721Base.sol
@@ -47,15 +47,15 @@ abstract contract ImmutableERC721Base is
      * Sets the `baseURI` and `tokenURI`
      * Sets the royalty receiver and amount (this can not be changed once set)
      */
-    constructor (
-        address owner, 
-        string memory name_, 
-        string memory symbol_, 
-        string memory baseURI_ , 
+    constructor(
+        address owner,
+        string memory name_,
+        string memory symbol_,
+        string memory baseURI_,
         string memory contractURI_,
-        address _receiver, 
+        address _receiver,
         uint96 _feeNumerator
-        ) ERC721(name_, symbol_){
+    ) ERC721(name_, symbol_) {
         // Initialize state variables
         _setDefaultRoyalty(_receiver, _feeNumerator);
         _grantRole(DEFAULT_ADMIN_ROLE, owner);
@@ -80,11 +80,18 @@ abstract contract ImmutableERC721Base is
     }
 
     /// @dev Returns the supported interfaces
-    function supportsInterface(bytes4 interfaceId)
+    function supportsInterface(
+        bytes4 interfaceId
+    )
         public
         view
         virtual
-        override(ImmutableERC721RoyaltyEnforced, ERC721, ERC721Enumerable, ERC2981)
+        override(
+            ImmutableERC721RoyaltyEnforced,
+            ERC721,
+            ERC721Enumerable,
+            ERC2981
+        )
         returns (bool)
     {
         return super.supportsInterface(interfaceId);
@@ -104,28 +111,32 @@ abstract contract ImmutableERC721Base is
     ///     =====  External functions  =====
 
     /// @dev Allows admin to set the base URI
-    function setBaseURI(string memory baseURI_)
-        external
-        onlyRole(DEFAULT_ADMIN_ROLE)
-    {
+    function setBaseURI(
+        string memory baseURI_
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
         baseURI = baseURI_;
     }
 
     /// @dev Allows admin to set the contract URI
-    function setContractURI(string memory _contractURI)
-        external
-        onlyRole(DEFAULT_ADMIN_ROLE)
-    {
+    function setContractURI(
+        string memory _contractURI
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
         contractURI = _contractURI;
     }
 
     /// @dev Override of setApprovalForAll from {ERC721}, with added Allowlist approval validation
-    function setApprovalForAll(address operator, bool approved) public override(ImmutableERC721RoyaltyEnforced, ERC721, IERC721) {
+    function setApprovalForAll(
+        address operator,
+        bool approved
+    ) public override(ImmutableERC721RoyaltyEnforced, ERC721, IERC721) {
         super.setApprovalForAll(operator, approved);
     }
 
     /// @dev Override of approve from {ERC721}, with added Allowlist approval validation
-    function approve(address to, uint256 tokenId) public override(ImmutableERC721RoyaltyEnforced, ERC721, IERC721) {
+    function approve(
+        address to,
+        uint256 tokenId
+    ) public override(ImmutableERC721RoyaltyEnforced, ERC721, IERC721) {
         super.approve(to, tokenId);
     }
 
@@ -149,11 +160,10 @@ abstract contract ImmutableERC721Base is
     }
 
     /// @dev Internal function to mint a new token with the next token ID
-    function _mintNextToken(address to) internal virtual returns (uint256){
+    function _mintNextToken(address to) internal virtual returns (uint256) {
         uint256 newTokenId = nextTokenId.current();
         super._mint(to, newTokenId);
         nextTokenId.increment();
         return newTokenId;
     }
-
 }
diff --git a/contracts/token/erc721/abstract/ImmutableERC721RoyaltyEnforced.sol b/contracts/token/erc721/abstract/ImmutableERC721RoyaltyEnforced.sol
@@ -16,49 +16,77 @@ import "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
 */
 
 abstract contract ImmutableERC721RoyaltyEnforced is
-    ERC721, AccessControlEnumerable
+    ERC721,
+    AccessControlEnumerable
 {
     ///     =====     Errors         =====
 
     /// @dev Error thrown when calling address is not Allowlisted
     error CallerNotInAllowlist(address caller);
 
+    /// @dev Error thrown when 'from' address is not Allowlisted
+    error TransferFromNotInAllowlist(address from);
+
+    /// @dev Error thrown when 'to' address is not Allowlisted
+    error TransferToNotInAllowlist(address to);
+
     /// @dev Error thrown when approve target is not Allowlisted
     error ApproveTargetNotInAllowlist(address target);
 
+    /// @dev Error thrown when approve target is not Allowlisted
+    error ApproverNotInAllowlist(address approver);
+
     ///     =====     Events         =====
 
     /// @dev Emitted whenever the transfer Allowlist registry is updated
-    event RoyaltytAllowlistRegistryUpdated(address oldRegistry, address newRegistry);
+    event RoyaltytAllowlistRegistryUpdated(
+        address oldRegistry,
+        address newRegistry
+    );
 
     ///     =====   State Variables  =====
-    
+
     /// @dev Interface that implements the `IRoyaltyAllowlist` interface
     IRoyaltyAllowlist public royaltyAllowlist;
 
     ///     =====  External functions  =====
 
     /// @dev Returns the supported interfaces
-    function supportsInterface(bytes4 interfaceId)
+    function supportsInterface(
+        bytes4 interfaceId
+    )
         public
         view
         virtual
-        override(ERC721,  AccessControlEnumerable)
+        override(ERC721, AccessControlEnumerable)
         returns (bool)
     {
         return super.supportsInterface(interfaceId);
     }
 
     /// @dev Allows admin to set or update the royalty Allowlist registry
-    function setRoyaltyAllowlistRegistry(address _royaltyAllowlist) public onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(IERC165(_royaltyAllowlist).supportsInterface(type(IRoyaltyAllowlist).interfaceId), "contract does not implement IRoyaltyAllowlist");
-
-        emit RoyaltytAllowlistRegistryUpdated(address(royaltyAllowlist), _royaltyAllowlist);
+    function setRoyaltyAllowlistRegistry(
+        address _royaltyAllowlist
+    ) public onlyRole(DEFAULT_ADMIN_ROLE) {
+        require(
+            IERC165(_royaltyAllowlist).supportsInterface(
+                type(IRoyaltyAllowlist).interfaceId
+            ),
+            "contract does not implement IRoyaltyAllowlist"
+        );
+
+        emit RoyaltytAllowlistRegistryUpdated(
+            address(royaltyAllowlist),
+            _royaltyAllowlist
+        );
         royaltyAllowlist = IRoyaltyAllowlist(_royaltyAllowlist);
     }
 
     /// @dev Override of setApprovalForAll from {ERC721}, with added Allowlist approval validation
-    function setApprovalForAll(address operator, bool approved) public virtual override {
+    function setApprovalForAll(
+        address operator,
+        bool approved
+    ) public virtual override {
         _validateApproval(operator);
         super.setApprovalForAll(operator, approved);
     }
@@ -72,41 +100,70 @@ abstract contract ImmutableERC721RoyaltyEnforced is
     /// @dev Internal function to validate whether approval targets are Allowlisted or EOA
     function _validateApproval(address targetApproval) internal view {
         // Only check if the registry is set
-        if(address(royaltyAllowlist) != address(0)) {
-             // Check for:
+        if (address(royaltyAllowlist) != address(0)) {
+            // Check for:
+            // 1. approver is an EOA. Contract constructor is handled as transfers 'from' are blocked
+            // 2. approver is address or bytecode is allowlisted
+            if (
+                msg.sender.code.length != 0 &&
+                !royaltyAllowlist.isAllowlisted(msg.sender)
+            ) {
+                revert ApproverNotInAllowlist(msg.sender);
+            }
+
+            // Check for:
             // 1. approval target is an EOA
             // 2. approval target address is Allowlisted or target address bytecode is Allowlisted
-            if (targetApproval.code.length == 0 || royaltyAllowlist.isAllowlisted(targetApproval)){
-                return;
+            if (
+                targetApproval.code.length != 0 &&
+                !royaltyAllowlist.isAllowlisted(targetApproval)
+            ) {
+                revert ApproveTargetNotInAllowlist(targetApproval);
             }
-            revert ApproveTargetNotInAllowlist(targetApproval);
         }
     }
 
     ///     =====  Internal functions  =====
 
     /// @dev Override of internal transfer from {ERC721} function to include validation
-       function _transfer(
+    function _transfer(
         address from,
         address to,
         uint256 tokenId
     ) internal virtual override(ERC721) {
-        _validateTransfer();
+        _validateTransfer(from, to);
         super._transfer(from, to, tokenId);
     }
 
     /// @dev Internal function to validate whether the calling address is an EOA or Allowlisted
-    function _validateTransfer() internal view {
+    function _validateTransfer(address from, address to) internal view {
         // Only check if the registry is set
         if (address(royaltyAllowlist) != address(0)) {
             // Check for:
             // 1. caller is an EOA
             // 2. caller is Allowlisted or is the calling address bytecode is Allowlisted
-            if(msg.sender == tx.origin || royaltyAllowlist.isAllowlisted(msg.sender))
-            {
-                return;
+            if (
+                msg.sender != tx.origin &&
+                !royaltyAllowlist.isAllowlisted(msg.sender)
+            ) {
+                revert CallerNotInAllowlist(msg.sender);
+            }
+
+            // Check for:
+            // 1. from is an EOA
+            // 2. from is Allowlisted or from address bytecode is Allowlisted
+            if (
+                from.code.length != 0 && !royaltyAllowlist.isAllowlisted(from)
+            ) {
+                revert TransferFromNotInAllowlist(from);
+            }
+
+            // Check for:
+            // 1. to is an EOA
+            // 2. to is Allowlisted or to address bytecode is Allowlisted
+            if (to.code.length != 0 && !royaltyAllowlist.isAllowlisted(to)) {
+                revert TransferToNotInAllowlist(to);
             }
-            revert CallerNotInAllowlist(msg.sender);
         }
     }
 }
diff --git a/contracts/token/erc721/preset/ImmutableERC721PermissionedMintable.sol b/contracts/token/erc721/preset/ImmutableERC721PermissionedMintable.sol
@@ -10,9 +10,7 @@ import "../abstract/ImmutableERC721Base.sol";
     MINTER_ROLE that allows members of the role to access the `mint` function.
 */
 
-contract ImmutableERC721PermissionedMintable is
-    ImmutableERC721Base
-{
+contract ImmutableERC721PermissionedMintable is ImmutableERC721Base {
     ///     =====   State Variables  =====
 
     /// @dev Only MINTER_ROLE can invoke permissioned mint.
@@ -28,42 +26,46 @@ contract ImmutableERC721PermissionedMintable is
      * Sets the `baseURI` and `tokenURI`
      * Sets the `reciever` and `feeNumerator`
      */
-    constructor (
-        address owner_, 
-        string memory name_, 
-        string memory symbol_, 
-        string memory baseURI_ , 
+    constructor(
+        address owner_,
+        string memory name_,
+        string memory symbol_,
+        string memory baseURI_,
         string memory contractURI_,
-        address _receiver, 
+        address _receiver,
         uint96 _feeNumerator
-        ) ImmutableERC721Base(owner_,name_, symbol_, baseURI_, contractURI_, _receiver, _feeNumerator){
-    }
+    )
+        ImmutableERC721Base(
+            owner_,
+            name_,
+            symbol_,
+            baseURI_,
+            contractURI_,
+            _receiver,
+            _feeNumerator
+        )
+    {}
 
     ///     =====  External functions  =====
 
     /// @dev Allows minter to mint `amount` to `to`
-    function mint(address to, uint256 amount)
-        external
-        onlyRole(MINTER_ROLE)
-    {
+    function mint(address to, uint256 amount) external onlyRole(MINTER_ROLE) {
         for (uint256 i; i < amount; i++) {
             _mintNextToken(to);
         }
     }
 
     /// @dev Allows admin grant `user` `MINTER` role
-    function grantMinterRole(address user)
-        external
-        onlyRole(DEFAULT_ADMIN_ROLE)
-    {
+    function grantMinterRole(
+        address user
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
         grantRole(MINTER_ROLE, user);
     }
 
-    /// @dev Allows admin to revoke `MINTER_ROLE` role from `user` 
-    function revokeMinterRole(address user)
-        external
-        onlyRole(DEFAULT_ADMIN_ROLE)
-    {
+    /// @dev Allows admin to revoke `MINTER_ROLE` role from `user`
+    function revokeMinterRole(
+        address user
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
         revokeRole(MINTER_ROLE, user);
     }
 }
diff --git a/package.json b/package.json
@@ -9,7 +9,7 @@
     "compile": "hardhat compile",
     "test": "hardhat test",
     "prettier:solidity": "./node_modules/.bin/prettier --write contracts/**/*.sol",
-    "lint": "eslint . --ext .ts,.tsx"
+    "lint": "eslint . --ext .ts,.tsx && solhint --config ./.solhint.json  contracts/**/*.sol"
   },
   "repository": {
     "type": "git",
@@ -54,4 +54,4 @@
   "dependencies": {
     "@openzeppelin/contracts": "^4.8.1"
   }
-}
+}
diff --git a/test/royalty-enforcement/AllowlistERC721TransfersApprovals.test.ts b/test/royalty-enforcement/AllowlistERC721TransfersApprovals.test.ts
