diff --git a/src/Billboard/BillboardRegistry.sol b/src/Billboard/BillboardRegistry.sol index 1f0a76b..2b7a51a 100644 --- a/src/Billboard/BillboardRegistry.sol +++ b/src/Billboard/BillboardRegistry.sol @@ -244,17 +244,6 @@ contract BillboardRegistry is IBillboardRegistry, ERC721 { return boards[tokenId_].contentURI; } - /** - * @notice See {IERC721-isApprovedForAll}. - */ - function isApprovedForAll(address owner_, address operator_) public view override(ERC721, IERC721) returns (bool) { - if (operator_ == operator) { - return true; - } - - return super.isApprovedForAll(owner_, operator_); - } - /** * @notice See {IERC721-transferFrom}. */ diff --git a/src/test/Billboard/BillboardTest.t.sol b/src/test/Billboard/BillboardTest.t.sol index 4a5dc25..392b652 100644 --- a/src/test/Billboard/BillboardTest.t.sol +++ b/src/test/Billboard/BillboardTest.t.sol @@ -42,7 +42,7 @@ contract BillboardTest is BillboardTestBase { assertEq(operator.isOpened(), false); } - function testSetIsOpenedByAttacker() public { + function testCannotSetIsOpenedByAttacker() public { vm.startPrank(ATTACKER); vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin")); @@ -57,7 +57,7 @@ contract BillboardTest is BillboardTestBase { assertEq(operator.whitelist(USER_B), false); } - function testAddToWhitelistByAttacker() public { + function testCannotAddToWhitelistByAttacker() public { vm.startPrank(ATTACKER); vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin")); @@ -74,7 +74,7 @@ contract BillboardTest is BillboardTestBase { assertEq(operator.whitelist(USER_A), false); } - function testRemoveToWhitelistByAttacker() public { + function testCannotRemoveToWhitelistByAttacker() public { vm.startPrank(ATTACKER); vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin")); @@ -121,7 +121,7 @@ contract BillboardTest is BillboardTestBase { assertEq(registry.balanceOf(USER_A), 1); } - function testMintBoardByAttacker() public { + function testCannotMintBoardByAttacker() public { vm.startPrank(ATTACKER); vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "whitelist")); @@ -129,7 +129,7 @@ contract BillboardTest is BillboardTestBase { } function testSetBoardProperties() public { - uint256 _tokenId = _mintBoard(ADMIN); + uint256 _tokenId = _mintBoard(); vm.startPrank(ADMIN); @@ -147,8 +147,8 @@ contract BillboardTest is BillboardTestBase { assertEq(board.redirectURI, "redirect URI"); } - function testSetBoardProprtiesByAttacker() public { - uint256 _tokenId = _mintBoard(ADMIN); + function testCannotSetBoardProprtiesByAttacker() public { + uint256 _tokenId = _mintBoard(); vm.startPrank(ATTACKER); @@ -169,7 +169,7 @@ contract BillboardTest is BillboardTestBase { } function testGetTokenURI() public { - uint256 _tokenId = _mintBoard(ADMIN); + uint256 _tokenId = _mintBoard(); vm.startPrank(ADMIN); @@ -177,174 +177,126 @@ contract BillboardTest is BillboardTestBase { assertEq(registry.tokenURI(_tokenId), "new uri"); } - // function testTransfer() public { - // _mintBoard(); - - // vm.stopPrank(); - // vm.startPrank(ADMIN); - // assertEq(ADMIN, registry.ownerOf(1)); - - // // transfer board from admin to zero address - // vm.expectRevert(abi.encodeWithSignature("InvalidAddress()")); - // registry.transferFrom(ADMIN, ZERO_ADDRESS, 1); - - // // transfer board from admin to user_a - // registry.transferFrom(ADMIN, USER_A, 1); - // IBillboardRegistry.Board memory board = operator.getBoard(1); - // assertEq(ADMIN, board.creator); - // assertEq(USER_A, board.tenant); - // assertEq(USER_A, registry.ownerOf(1)); - - // vm.stopPrank(); - // vm.startPrank(USER_A); - - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardName(1, "name by a"); - - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardDescription(1, "description by a"); - - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardLocation(1, "location by a"); - - // operator.setBoardContentURI(1, "uri by a"); - // operator.setBoardRedirectURI(1, "redirect URI by a"); + function testTransfer() public { + // mint + uint256 _tokenId = _mintBoard(); - // board = operator.getBoard(1); - // assertEq("", board.name); - // assertEq("", board.description); - // assertEq("", board.location); - // assertEq("uri by a", board.contentURI); - // assertEq("redirect URI by a", board.redirectURI); + // transfer + vm.startPrank(ADMIN); + registry.transferFrom(ADMIN, USER_A, _tokenId); - // // transfer board from user_a to user_b - // registry.safeTransferFrom(USER_A, USER_B, 1); - // board = operator.getBoard(1); - // assertEq(ADMIN, board.creator); - // assertEq(USER_B, board.tenant); - // assertEq(USER_B, registry.ownerOf(1)); + IBillboardRegistry.Board memory board = operator.getBoard(_tokenId); + assertEq(board.creator, ADMIN); + assertEq(registry.balanceOf(ADMIN), 0); + assertEq(registry.ownerOf(_tokenId), USER_A); - // vm.stopPrank(); - // vm.startPrank(USER_B); + // set board properties + vm.stopPrank(); + vm.startPrank(USER_A); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardName(1, "name by b"); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardName(_tokenId, "name by a"); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardDescription(1, "description by b"); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardDescription(_tokenId, "description by a"); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardLocation(1, "location by b"); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardLocation(_tokenId, "location by a"); - // operator.setBoardContentURI(1, "uri by b"); - // operator.setBoardRedirectURI(1, "redirect URI by b"); + operator.setBoardContentURI(_tokenId, "uri by a"); + operator.setBoardRedirectURI(_tokenId, "redirect URI by a"); - // board = operator.getBoard(1); - // assertEq("", board.name); - // assertEq("", board.description); - // assertEq("", board.location); - // assertEq("uri by b", board.contentURI); - // assertEq("redirect URI by b", board.redirectURI); + board = operator.getBoard(_tokenId); + assertEq(board.name, ""); + assertEq(board.description, ""); + assertEq(board.location, ""); + assertEq(board.contentURI, "uri by a"); + assertEq(board.redirectURI, "redirect URI by a"); - // // transfer board from user_b to user_c by operator - // vm.stopPrank(); - // vm.startPrank(address(operator)); + // transfer board from user_a to user_b + registry.safeTransferFrom(USER_A, USER_B, 1); + board = operator.getBoard(_tokenId); + assertEq(board.creator, ADMIN); + assertEq(registry.ownerOf(1), USER_B); - // registry.transferFrom(USER_B, USER_C, 1); - // board = operator.getBoard(1); - // assertEq(ADMIN, board.creator); - // assertEq(USER_C, board.tenant); - // assertEq(USER_C, registry.ownerOf(1)); + vm.stopPrank(); + vm.startPrank(USER_B); - // vm.stopPrank(); - // vm.startPrank(USER_C); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardName(_tokenId, "name by b"); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardName(1, "name by b"); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardDescription(_tokenId, "description by b"); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardDescription(1, "description by b"); + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); + operator.setBoardLocation(_tokenId, "location by b"); - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator")); - // operator.setBoardLocation(1, "location by b"); + operator.setBoardContentURI(_tokenId, "uri by b"); + operator.setBoardRedirectURI(_tokenId, "redirect URI by b"); - // operator.setBoardContentURI(1, "uri by c"); - // operator.setBoardRedirectURI(1, "redirect URI by c"); + board = operator.getBoard(_tokenId); + assertEq(board.name, ""); + assertEq(board.description, ""); + assertEq(board.location, ""); + assertEq(board.contentURI, "uri by b"); + assertEq(board.redirectURI, "redirect URI by b"); + } - // board = operator.getBoard(1); - // assertEq("", board.name); - // assertEq("", board.description); - // assertEq("", board.location); - // assertEq("uri by c", board.contentURI); - // assertEq("redirect URI by c", board.redirectURI); - // } + function testCannotTransferToZeroAddress() public { + uint256 _tokenId = _mintBoard(); - // function testTransferByAttacker() public { - // _mintBoard(); + vm.startPrank(ADMIN); - // vm.stopPrank(); - // vm.startPrank(ATTACKER); + vm.expectRevert("ERC721: transfer to the zero address"); + registry.transferFrom(ADMIN, ZERO_ADDRESS, _tokenId); + } - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "not owner nor approved")); - // registry.transferFrom(ADMIN, ATTACKER, 1); + function testCannotTransferByOperator() public { + uint256 _tokenId = _mintBoard(); - // vm.stopPrank(); - // vm.startPrank(ADMIN); - // registry.transferFrom(ADMIN, USER_A, 1); + vm.startPrank(address(operator)); - // vm.stopPrank(); - // vm.startPrank(ATTACKER); + vm.expectRevert("ERC721: caller is not token owner or approved"); + registry.transferFrom(USER_B, USER_C, _tokenId); + } - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "not owner nor approved")); - // registry.safeTransferFrom(USER_A, ATTACKER, 1); - // } + function testCannotTransferByAttacker() public { + uint256 _tokenId = _mintBoard(); - // function testApprove() public { - // _mintBoard(); + vm.startPrank(ATTACKER); - // vm.stopPrank(); - // vm.startPrank(ADMIN); + vm.expectRevert("ERC721: caller is not token owner or approved"); + registry.transferFrom(ADMIN, ATTACKER, _tokenId); + } - // registry.approve(USER_A, 1); - // assertEq(USER_A, registry.getApproved(1)); + function testApprove() public { + uint256 _tokenId = _mintBoard(); - // vm.stopPrank(); - // vm.startPrank(USER_A); - // registry.transferFrom(ADMIN, USER_A, 1); + vm.startPrank(ADMIN); + registry.approve(USER_A, _tokenId); + assertEq(USER_A, registry.getApproved(_tokenId)); - // IBillboardRegistry.Board memory board = operator.getBoard(1); - // assertEq(ADMIN, board.creator); - // assertEq(USER_A, board.tenant); - // } + vm.stopPrank(); + vm.startPrank(USER_A); + registry.transferFrom(ADMIN, USER_A, _tokenId); - // function testApproveByAttacker() public { - // _mintBoard(); + IBillboardRegistry.Board memory board = operator.getBoard(_tokenId); + assertEq(ADMIN, board.creator); + } - // vm.stopPrank(); - // vm.startPrank(USER_A); + function testApproveByAttacker() public { + uint256 _tokenId = _mintBoard(); - // vm.expectRevert("ERC721: approve caller is not token owner or approved for all"); - // registry.approve(USER_A, 1); - // } + vm.stopPrank(); + vm.startPrank(ATTACKER); + vm.expectRevert("ERC721: approve caller is not token owner or approved for all"); + registry.approve(USER_A, _tokenId); + } // ////////////////////////////// // /// Auction // ////////////////////////////// - // function testSetTaxRate() public { - // vm.startPrank(ADMIN); - - // operator.setTaxRate(2); - // assertEq(2, operator.getTaxRate()); - // } - - // function testSetTaxRateByAttacker() public { - // vm.startPrank(ATTACKER); - - // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin")); - // operator.setTaxRate(2); - // } - // function testBid() public {} // function testClearAuction() public {} @@ -352,4 +304,22 @@ contract BillboardTest is BillboardTestBase { // function testBidByAttacker() public {} // function testClearAuctionByAttacker() public {} + + ////////////////////////////// + /// Tax & Withdraw + ////////////////////////////// + + function testSetTaxRate() public { + vm.startPrank(ADMIN); + + operator.setTaxRate(2); + assertEq(operator.getTaxRate(), 2); + } + + function testSetTaxRateByAttacker() public { + vm.startPrank(ATTACKER); + + vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin")); + operator.setTaxRate(2); + } } diff --git a/src/test/Billboard/BillboardTestBase.t.sol b/src/test/Billboard/BillboardTestBase.t.sol index db493f7..89e97e2 100644 --- a/src/test/Billboard/BillboardTestBase.t.sol +++ b/src/test/Billboard/BillboardTestBase.t.sol @@ -38,9 +38,9 @@ contract BillboardTestBase is Test { vm.stopPrank(); } - function _mintBoard(address to_) public returns (uint256 tokenId) { + function _mintBoard() public returns (uint256 tokenId) { vm.prank(ADMIN); - tokenId = operator.mintBoard(to_); + tokenId = operator.mintBoard(ADMIN); assertEq(registry.balanceOf(ADMIN), 1); } }