Skip to content

Commit

Permalink
feat: security improvements on nft
Browse files Browse the repository at this point in the history
andresaiello committed Aug 21, 2024
1 parent 03f8b9a commit 596ce4d
Showing 3 changed files with 29 additions and 5 deletions.
10 changes: 7 additions & 3 deletions packages/zevm-app-contracts/contracts/xp-nft/xpNFT.sol
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@ pragma solidity 0.8.7;

import "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

contract ZetaXP is ERC721Upgradeable, OwnableUpgradeable {
/* An ECDSA signature. */
@@ -47,10 +48,12 @@ contract ZetaXP is ERC721Upgradeable, OwnableUpgradeable {
string memory name,
string memory symbol,
string memory baseTokenURI_,
address signerAddress_
address signerAddress_,

Check notice

Code scanning / Slither

Missing zero address validation Low

address owner
) public initializer {
__ERC721_init(name, symbol);
__Ownable_init();
transferOwnership(owner);
baseTokenURI = baseTokenURI_;
signerAddress = signerAddress_;
_currentTokenId = 1; // Start token IDs from 1
@@ -95,9 +98,10 @@ contract ZetaXP is ERC721Upgradeable, OwnableUpgradeable {

function _verify(uint256 tokenId, UpdateData memory updateData) private view {
bytes32 payloadHash = _calculateHash(updateData);
bytes32 messageHash = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", payloadHash));

address messageSigner = ecrecover(
bytes32 messageHash = ECDSA.toEthSignedMessageHash(payloadHash);

address messageSigner = ECDSA.recover(
messageHash,
updateData.signature.v,
updateData.signature.r,
3 changes: 2 additions & 1 deletion packages/zevm-app-contracts/scripts/xp-nft/deploy.ts
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ const networkName = network.name;

const ZETA_BASE_URL = "https://api.zetachain.io/nft/";
const signer = "0x1d24d94520B94B26351f6573de5ef9731c48531A";
const owner = "0x1d24d94520B94B26351f6573de5ef9731c48531A";

const verifyContract = async (contractAddress: string, constructorArguments: any[]) => {
// Verification process
@@ -27,7 +28,7 @@ const deployZetaXP = async () => {
if (!isProtocolNetworkName(networkName)) throw new Error("Invalid network name");

const ZetaXPFactory = (await ethers.getContractFactory("ZetaXP")) as ZetaXP__factory;
const zetaXP = await upgrades.deployProxy(ZetaXPFactory, ["ZETA NFT", "ZNFT", ZETA_BASE_URL, signer]);
const zetaXP = await upgrades.deployProxy(ZetaXPFactory, ["ZETA NFT", "ZNFT", ZETA_BASE_URL, signer, owner]);

await zetaXP.deployed();

21 changes: 20 additions & 1 deletion packages/zevm-app-contracts/test/xp-nft/xp-nft.ts
Original file line number Diff line number Diff line change
@@ -2,6 +2,7 @@ import { expect, use } from "chai";
import { solidity } from "ethereum-waffle";
use(solidity);
import { SignerWithAddress } from "@nomiclabs/hardhat-ethers/signers";
import exp from "constants";
import { ethers, upgrades } from "hardhat";

import { ZetaXP } from "../../typechain-types";
@@ -17,7 +18,13 @@ describe("XP NFT Contract test", () => {
[signer, user, ...addrs] = await ethers.getSigners();
const zetaXPFactory = await ethers.getContractFactory("ZetaXP");

zetaXP = await upgrades.deployProxy(zetaXPFactory, ["ZETA NFT", "ZNFT", ZETA_BASE_URL, signer.address]);
zetaXP = await upgrades.deployProxy(zetaXPFactory, [
"ZETA NFT",
"ZNFT",
ZETA_BASE_URL,
signer.address,
signer.address,
]);

await zetaXP.deployed();
const tag = ethers.utils.keccak256(ethers.utils.defaultAbiCoder.encode(["string"], ["XP_NFT"]));
@@ -314,4 +321,16 @@ describe("XP NFT Contract test", () => {
const queriedTag = await zetaXP.tagByTokenId(tokenId);
await expect(queriedTag).to.be.eq(sampleNFT.tag);
});

it("Should transfer ownership", async () => {
{
const ownerAddr = await zetaXP.owner();
expect(ownerAddr).to.be.eq(signer.address);
}
await zetaXP.transferOwnership(user.address);
{
const ownerAddr = await zetaXP.owner();
expect(ownerAddr).to.be.eq(user.address);
}
});
});

0 comments on commit 596ce4d

Please sign in to comment.