Merge pull request #1145 from thesandboxgame/asset-audit-tsb-01

Shorten revert messages and update tests
thesandboxgame · Sep 18, 2023 · 9eb8a70 · 9eb8a70 · github-actions · Sep 18, 2023
2 parents 1ce2167 + f7d7fae
commit 9eb8a70
Show file tree

Hide file tree

Showing 11 changed files with 76 additions and 84 deletions.
diff --git a/packages/asset/.solhint.json b/packages/asset/.solhint.json
@@ -9,7 +9,6 @@
       }
     ],
     "compiler-version": ["error", "^0.8.0"],
-    "func-visibility": ["error", {"ignoreConstructors": true}],
-    "reason-string": ["warn", {"maxLength": 64}]
+    "func-visibility": ["error", {"ignoreConstructors": true}]
   }
 }
diff --git a/packages/asset/contracts/Asset.sol b/packages/asset/contracts/Asset.sol
@@ -114,8 +114,8 @@ contract Asset is
         uint256[] memory amounts,
         string[] memory metadataHashes
     ) external onlyRole(MINTER_ROLE) {
-        require(ids.length == metadataHashes.length, "Asset: ids and metadataHash length mismatch");
-        require(ids.length == amounts.length, "Asset: ids and amounts length mismatch");
+        require(ids.length == metadataHashes.length, "Asset: 1-Array mismatch");
+        require(ids.length == amounts.length, "Asset: 2-Array mismatch");
         for (uint256 i = 0; i < ids.length; i++) {
             _setMetadataHash(ids[i], metadataHashes[i]);
         }
@@ -193,7 +193,7 @@ contract Asset is
     /// @param metadataHash The metadata hash to set
     function _setMetadataHash(uint256 tokenId, string memory metadataHash) internal {
         if (hashUsed[metadataHash] != 0) {
-            require(hashUsed[metadataHash] == tokenId, "Asset: not allowed to reuse metadata hash");
+            require(hashUsed[metadataHash] == tokenId, "Asset: Hash already used");
         } else {
             hashUsed[metadataHash] = tokenId;
             _setURI(tokenId, metadataHash);
@@ -204,7 +204,7 @@ contract Asset is
     /// @dev Change the address of the trusted forwarder for meta-TX
     /// @param trustedForwarder The new trustedForwarder
     function setTrustedForwarder(address trustedForwarder) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(trustedForwarder != address(0), "Asset: trusted forwarder can't be zero address");
+        require(trustedForwarder != address(0), "Asset: Zero address");
         _setTrustedForwarder(trustedForwarder);
     }
 
@@ -294,10 +294,7 @@ contract Asset is
         uint256 amount,
         bytes memory data
     ) public virtual override onlyAllowedOperator(from) {
-        require(
-            from == _msgSender() || isApprovedForAll(from, _msgSender()),
-            "ERC1155: caller is not token owner or approved"
-        );
+        require(from == _msgSender() || isApprovedForAll(from, _msgSender()), "Asset: Transfer error");
         _safeTransferFrom(from, to, id, amount, data);
     }
 
@@ -363,14 +360,14 @@ contract Asset is
         external
         onlyRole(DEFAULT_ADMIN_ROLE)
     {
-        require(subscriptionOrRegistrantToCopy != address(0), "Asset: subscription can't be zero address");
+        require(subscriptionOrRegistrantToCopy != address(0), "Asset: Zero address");
         _registerAndSubscribe(subscriptionOrRegistrantToCopy, subscribe);
     }
 
     /// @notice sets the operator filter registry address
     /// @param registry the address of the registry
     function setOperatorRegistry(address registry) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(registry != address(0), "Asset: registry can't be zero address");
+        require(registry != address(0), "Asset: Zero address");
         OperatorFiltererUpgradeable._setOperatorFilterRegistry(registry);
     }
 

diff --git a/packages/asset/contracts/AssetCreate.sol b/packages/asset/contracts/AssetCreate.sol
@@ -290,7 +290,7 @@ contract AssetCreate is
     /// @dev Change the address of the trusted forwarder for meta-TX
     /// @param trustedForwarder The new trustedForwarder
     function setTrustedForwarder(address trustedForwarder) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(trustedForwarder != address(0), "AssetCreate: trusted forwarder can't be zero address");
+        require(trustedForwarder != address(0), "AssetCreate: Zero address");
         _setTrustedForwarder(trustedForwarder);
     }
 

diff --git a/packages/asset/contracts/AssetReveal.sol b/packages/asset/contracts/AssetReveal.sol
@@ -114,14 +114,14 @@ contract AssetReveal is
         string[] calldata metadataHashes,
         bytes32[] calldata revealHashes
     ) external whenNotPaused {
-        require(amounts.length == metadataHashes.length, "AssetReveal: Invalid amounts length");
-        require(amounts.length == revealHashes.length, "AssetReveal: Invalid revealHashes length");
+        require(amounts.length == metadataHashes.length, "AssetReveal: 1-Array mismatch");
+        require(amounts.length == revealHashes.length, "AssetReveal: 2-Array mismatch");
         require(
             authValidator.verify(
                 signature,
                 _hashReveal(_msgSender(), prevTokenId, amounts, metadataHashes, revealHashes)
             ),
-            "AssetReveal: Invalid revealMint signature"
+            "AssetReveal: Invalid signature"
         );
         uint256[] memory newTokenIds = _revealAsset(prevTokenId, metadataHashes, amounts, revealHashes);
         emit AssetRevealMint(_msgSender(), prevTokenId, amounts, newTokenIds, revealHashes);
@@ -141,15 +141,15 @@ contract AssetReveal is
         string[][] calldata metadataHashes,
         bytes32[][] calldata revealHashes
     ) external whenNotPaused {
-        require(prevTokenIds.length == amounts.length, "AssetReveal: Invalid amounts length");
-        require(amounts.length == metadataHashes.length, "AssetReveal: Invalid metadataHashes length");
-        require(prevTokenIds.length == revealHashes.length, "AssetReveal: Invalid revealHashes length");
+        require(prevTokenIds.length == amounts.length, "AssetReveal: 1-Array mismatch");
+        require(amounts.length == metadataHashes.length, "AssetReveal: 2-Array mismatch");
+        require(prevTokenIds.length == revealHashes.length, "AssetReveal: 3-Array mismatch");
         require(
             authValidator.verify(
                 signature,
                 _hashBatchReveal(_msgSender(), prevTokenIds, amounts, metadataHashes, revealHashes)
             ),
-            "AssetReveal: Invalid revealBatchMint signature"
+            "AssetReveal: Invalid signature"
         );
         uint256[][] memory newTokenIds = new uint256[][](prevTokenIds.length);
         for (uint256 i = 0; i < prevTokenIds.length; i++) {
@@ -174,16 +174,16 @@ contract AssetReveal is
         string[] calldata metadataHashes,
         bytes32[] calldata revealHashes
     ) external whenNotPaused {
-        require(amounts.length == metadataHashes.length, "AssetReveal: Invalid amounts length");
-        require(amounts.length == revealHashes.length, "AssetReveal: Invalid revealHashes length");
+        require(amounts.length == metadataHashes.length, "AssetReveal: 1-Array mismatch");
+        require(amounts.length == revealHashes.length, "AssetReveal: 2-Array mismatch");
         uint8 tier = prevTokenId.getTier();
-        require(tierInstantRevealAllowed[tier], "AssetReveal: Tier not allowed for instant reveal");
+        require(tierInstantRevealAllowed[tier], "AssetReveal: Not allowed");
         require(
             authValidator.verify(
                 signature,
                 _hashInstantReveal(_msgSender(), prevTokenId, amounts, metadataHashes, revealHashes)
             ),
-            "AssetReveal: Invalid burnAndReveal signature"
+            "AssetReveal: Invalid signature"
         );
         _burnAsset(prevTokenId, burnAmount);
         uint256[] memory newTokenIds = _revealAsset(prevTokenId, metadataHashes, amounts, revealHashes);
@@ -202,7 +202,7 @@ contract AssetReveal is
     ) internal returns (uint256[] memory) {
         uint256[] memory newTokenIds = getRevealedTokenIds(metadataHashes, prevTokenId);
         for (uint256 i = 0; i < revealHashes.length; i++) {
-            require(revealHashesUsed[revealHashes[i]] == false, "AssetReveal: RevealHash already used");
+            require(revealHashesUsed[revealHashes[i]] == false, "AssetReveal: Hash already used");
             revealHashesUsed[revealHashes[i]] = true;
         }
         if (newTokenIds.length == 1) {
@@ -231,8 +231,8 @@ contract AssetReveal is
 
     function _verifyBurnData(uint256 tokenId, uint256 amount) internal pure {
         IAsset.AssetData memory data = tokenId.getData();
-        require(!data.revealed, "AssetReveal: Asset is already revealed");
-        require(amount > 0, "AssetReveal: Burn amount should be greater than 0");
+        require(!data.revealed, "AssetReveal: Already revealed");
+        require(amount > 0, "AssetReveal: Invalid amount");
     }
 
     /// @notice Creates a hash of the reveal data
@@ -373,7 +373,7 @@ contract AssetReveal is
         returns (uint256[] memory tokenIds)
     {
         IAsset.AssetData memory data = prevTokenId.getData();
-        require(!data.revealed, "AssetReveal: already revealed");
+        require(!data.revealed, "AssetReveal: Already revealed");
         uint256[] memory tokenIdArray = new uint256[](metadataHashes.length);
         for (uint256 i = 0; i < metadataHashes.length; i++) {
             uint256 tokenId = assetContract.getTokenIdByMetadataHash(metadataHashes[i]);
@@ -438,7 +438,7 @@ contract AssetReveal is
     /// @dev Change the address of the trusted forwarder for meta-TX
     /// @param trustedForwarder The new trustedForwarder
     function setTrustedForwarder(address trustedForwarder) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(trustedForwarder != address(0), "AssetReveal: trusted forwarder can't be zero address");
+        require(trustedForwarder != address(0), "AssetReveal: Zero address");
         _setTrustedForwarder(trustedForwarder);
     }
 

diff --git a/packages/asset/contracts/AuthSuperValidator.sol b/packages/asset/contracts/AuthSuperValidator.sol
@@ -38,7 +38,7 @@ contract AuthSuperValidator is AccessControl {
     /// @return bool
     function verify(bytes memory signature, bytes32 digest) public view returns (bool) {
         address signer = _signers[_msgSender()];
-        require(signer != address(0), "AuthSuperValidator: signer not set");
+        require(signer != address(0), "AuthSuperValidator: No signer");
         address recoveredSigner = ECDSA.recover(digest, signature);
         return recoveredSigner == signer;
     }

diff --git a/packages/asset/contracts/Catalyst.sol b/packages/asset/contracts/Catalyst.sol
@@ -78,12 +78,12 @@ contract Catalyst is
         string[] memory _catalystIpfsCID,
         address _royaltyManager
     ) external initializer {
-        require(bytes(_baseUri).length != 0, "Catalyst: base uri can't be empty");
-        require(_trustedForwarder != address(0), "Catalyst: trusted forwarder can't be zero");
-        require(_subscription != address(0), "Catalyst: subscription can't be zero");
-        require(_defaultAdmin != address(0), "Catalyst: admin can't be zero");
-        require(_defaultMinter != address(0), "Catalyst: minter can't be zero");
-        require(_royaltyManager != address(0), "Catalyst: royalty manager can't be zero");
+        require(bytes(_baseUri).length != 0, "Catalyst: URI empty");
+        require(_trustedForwarder != address(0), "Catalyst: 1-Zero address");
+        require(_subscription != address(0), "Catalyst: 2-Zero address");
+        require(_defaultAdmin != address(0), "Catalyst: 3-Zero address");
+        require(_defaultMinter != address(0), "Catalyst: 4-Zero address");
+        require(_royaltyManager != address(0), "Catalyst: 5-Zero address");
         __ERC1155_init(_baseUri);
         __AccessControl_init();
         __ERC1155Burnable_init();
@@ -166,7 +166,7 @@ contract Catalyst is
     /// @dev Change the address of the trusted forwarder for meta-TX
     /// @param trustedForwarder The new trustedForwarder
     function setTrustedForwarder(address trustedForwarder) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(trustedForwarder != address(0), "Catalyst: trusted forwarder can't be zero address");
+        require(trustedForwarder != address(0), "Catalyst: Zero address");
         _setTrustedForwarder(trustedForwarder);
     }
 
@@ -178,14 +178,14 @@ contract Catalyst is
         onlyRole(DEFAULT_ADMIN_ROLE)
         onlyValidId(tokenId)
     {
-        require(bytes(metadataHash).length != 0, "Catalyst: metadataHash can't be empty");
+        require(bytes(metadataHash).length != 0, "Catalyst: Metadata hash empty");
         _setURI(tokenId, metadataHash);
     }
 
     /// @notice Set a new base URI
     /// @param baseURI The new base URI
     function setBaseURI(string memory baseURI) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(bytes(baseURI).length != 0, "Catalyst: base uri can't be empty");
+        require(bytes(baseURI).length != 0, "Catalyst: URI empty");
         _setBaseURI(baseURI);
         emit BaseURISet(baseURI);
     }
@@ -301,14 +301,14 @@ contract Catalyst is
         external
         onlyRole(DEFAULT_ADMIN_ROLE)
     {
-        require(subscriptionOrRegistrantToCopy != address(0), "Catalyst: subscription can't be zero address");
+        require(subscriptionOrRegistrantToCopy != address(0), "Catalyst: Zero address");
         _registerAndSubscribe(subscriptionOrRegistrantToCopy, subscribe);
     }
 
     /// @notice sets filter registry address
     /// @param registry the address of the registry
     function setOperatorRegistry(address registry) external onlyRole(DEFAULT_ADMIN_ROLE) {
-        require(registry != address(0), "Catalyst: registry can't be zero address");
+        require(registry != address(0), "Catalyst: Zero address");
         OperatorFiltererUpgradeable._setOperatorFilterRegistry(registry);
         emit OperatorRegistrySet(registry);
     }

diff --git a/packages/asset/test/Asset.test.ts b/packages/asset/test/Asset.test.ts
@@ -255,7 +255,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
         await mintOne(undefined, undefined, undefined, metadataHashes[0]);
         await expect(
           mintOne(undefined, undefined, undefined, metadataHashes[0])
-        ).to.be.revertedWith('Asset: not allowed to reuse metadata hash');
+        ).to.be.revertedWith('Asset: Hash already used');
       });
     });
     describe('Batch Mint', function () {
@@ -301,7 +301,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
             metadataHashes[0],
             metadataHashes[0],
           ])
-        ).to.be.revertedWith('Asset: not allowed to reuse metadata hash');
+        ).to.be.revertedWith('Asset: Hash already used');
       });
       it('should not allow minting with already existing metadata hash', async function () {
         const {mintOne, mintBatch, metadataHashes} = await runAssetSetup();
@@ -311,7 +311,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
             metadataHashes[0],
             metadataHashes[1],
           ])
-        ).to.be.revertedWith('Asset: not allowed to reuse metadata hash');
+        ).to.be.revertedWith('Asset: Hash already used');
       });
       it("should not allow minting if the length of the ids and amounts don't match", async function () {
         const {AssetContractAsMinter, generateRandomTokenId, minter} =
@@ -330,7 +330,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
             amounts,
             hashes
           )
-        ).to.be.revertedWith('Asset: ids and amounts length mismatch');
+        ).to.be.revertedWith('Asset: 2-Array mismatch');
       });
       it("should not allow minting if the length of the ids and hashes don't match", async function () {
         const {AssetContractAsMinter, generateRandomTokenId, minter} =
@@ -345,7 +345,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
             amounts,
             hashes
           )
-        ).to.be.revertedWith('Asset: ids and metadataHash length mismatch');
+        ).to.be.revertedWith('Asset: 1-Array mismatch');
       });
     });
     describe('Mint Events', function () {
@@ -761,7 +761,7 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
           5,
           '0x'
         )
-      ).to.be.revertedWith('ERC1155: caller is not token owner or approved');
+      ).to.be.revertedWith('Asset: Transfer error');
     });
     it('should not allow non-owner to transfer a batch of tokens if not approved', async function () {
       const {AssetContractAsOwner, mintBatch, minter} = await runAssetSetup();
@@ -1067,11 +1067,11 @@ describe('Base Asset Contract (/packages/asset/contracts/Asset.sol)', function (
 
         await expect(
           Asset.connect(assetAdmin).setOperatorRegistry(zeroAddress)
-        ).to.be.revertedWith("Asset: registry can't be zero address");
+        ).to.be.revertedWith('Asset: Zero address');
 
         await expect(
           Asset.connect(assetAdmin).registerAndSubscribe(zeroAddress, true)
-        ).to.be.revertedWith("Asset: subscription can't be zero address");
+        ).to.be.revertedWith('Asset: Zero address');
       });
 
       it('should revert when registry is set and subscription is set by non-admin', async function () {

diff --git a/packages/asset/test/AssetCreate.test.ts b/packages/asset/test/AssetCreate.test.ts
@@ -572,7 +572,7 @@ describe('AssetCreate (/packages/asset/contracts/AssetCreate.sol)', function ()
         );
         await expect(
           mintSingleAsset(signature2, 4, 2, true, metadataHashes[0])
-        ).to.be.revertedWith('Asset: not allowed to reuse metadata hash');
+        ).to.be.revertedWith('Asset: Hash already used');
       });
       it('should NOT mint same token ids', async function () {
         const {
@@ -1142,7 +1142,7 @@ describe('AssetCreate (/packages/asset/contracts/AssetCreate.sol)', function ()
             [true, true],
             metadataHashes
           )
-        ).to.be.revertedWith('Asset: not allowed to reuse metadata hash');
+        ).to.be.revertedWith('Asset: Hash already used');
       });
     });
     describe('Event', function () {
File	Stmts	Branches	Funcs	Lines	Uncovered Lines
packages/asset/contracts
Asset.sol	94.53%	89.58%	96.43%	98.08%	116, 207, 309, 309–310, 76
AssetCreate.sol	94.51%	83.33%	100%	100%	138, 140, 173, 293, 72
AssetReveal.sol	94.35%	86.21%	96.55%	98.89%	143, 147, 181, 376, 416, 424, 441, 75, 98
AuthSuperValidator.sol	90%	83.33%	100%	88.89%	51–52
Catalyst.sol	95%	91.94%	95.45%	98.21%	125, 127, 140, 152, 224, 80
packages/asset/contracts/interfaces
IAsset.sol	100%	100%	100%	100%
IAssetCreate.sol	100%	100%	100%	100%
IAssetReveal.sol	100%	100%	100%	100%
ICatalyst.sol	100%	100%	100%	100%
ITokenUtils.sol	100%	100%	100%	100%
packages/asset/contracts/libraries
TokenIdUtils.sol	100%	100%	100%	100%
packages/dependency-metatx/contracts
ERC2771Handler.sol	100%	100%	100%	100%
ERC2771HandlerAbstract.sol	100%	100%	100%	100%
ERC2771HandlerUpgradeable.sol	95.45%	83.33%	100%	100%	43
packages/dependency-metatx/contracts/test
ERC2771HandlerTest.sol	100%	100%	100%	100%
ERC2771HandlerUpgradeableTest.sol	100%	100%	100%	100%
MockTrustedForwarder.sol	0%	0%	0%	0%	15, 18–19, 19, 19–20
packages/dependency-operator-filter/contracts
OperatorFiltererUpgradeable.sol	82.35%	85%	71.43%	83.33%	17, 51–52, 61–62, 71, 87
OperatorFilterSubscription.sol	60%	50%	100%	50%	19–20
packages/dependency-operator-filter/contracts/interfaces
IOperatorFilterRegistry.sol	100%	100%	100%	100%
packages/dependency-royalty-management/contracts
MultiRoyaltyDistributor.sol	84.06%	65%	90%	92.31%	104, 144, 25, 41, 41, 41, 41, 60–61, 97
RoyaltyDistributor.sol	78.95%	50%	80%	90%	20, 50, 56
RoyaltyManager.sol	96.39%	87.50%	100%	100%	104, 47, 98
RoyaltySplitter.sol	92.08%	75%	92.31%	97.06%	117, 157, 185, 218, 65, 72, 83
packages/dependency-royalty-management/contracts/interfaces
IERC20Approve.sol	100%	100%	100%	100%
IMultiRoyaltyDistributor.sol	100%	100%	100%	100%
IMultiRoyaltyRecipients.sol	100%	100%	100%	100%
IRoyaltyManager.sol	100%	100%	100%	100%
IRoyaltyUGC.sol	100%	100%	100%	100%