Merge branch 'main' of https://github.com/PartyDAO/party-protocol int…

…o chore/validate-deploy-addresses

README.md

@@ -151,14 +151,14 @@ The following are known and are _not_ eligible for a bug bounty:
 
 The rubric we use to determine bug bounties is as follows:
 
-| **Level**   | **Example**                                                                                                                                                                                      | **Maximum Bug Bounty** |
-| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------- |
-| 6. Critical | - Draining or freezing of holdings protocol-wide (e.g. draining token distributor, economic attacks, reentrancy, MEV, logic errors)                                                              | Let's talk             |
-| 5. Severe   | - Contracts with balances can be exploited to steal holdings under specific conditions (e.g. bypass guardrails to transfer precious NFT from parties, user can steal their party's distribution) | Up to 25 ETH           |
-| 4. High     | - Contracts temporarily unable to transfer holdings<br>- Users spoof each other                                                                                                                  | Up to 10 ETH           |
-| 3. Medium   | - Contract consumes unbounded gas<br>- Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract)                                                               | Up to 5 ETH            |
-| 2. Low      | - Contract fails to behave as expected, but doesn't lose value                                                                                                                                   | Up to 1 ETH            |
-| 1. None     | - Best practices                                                                                                                                                                                 |                        |
+| **Level**   | **Example**                                                                                                                             | **Maximum Bug Bounty** |
+| ----------- | --------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
+| 6. Critical | - Draining or freezing of holdings protocol-wide (e.g. draining token distributor, economic attacks, reentrancy, MEV, logic errors)     | Let's talk             |
+| 5. Severe   | - Contracts with balances can be exploited to steal holdings under specific conditions (e.g. user can steal their party's distribution) | Up to 25 ETH           |
+| 4. High     | - Contracts temporarily unable to transfer holdings<br>- Users spoof each other                                                         | Up to 10 ETH           |
+| 3. Medium   | - Contract consumes unbounded gas<br>- Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract)      | Up to 5 ETH            |
+| 2. Low      | - Contract fails to behave as expected, but doesn't lose value                                                                          | Up to 1 ETH            |
+| 1. None     | - Best practices                                                                                                                        |                        |
 
 Any vulnerability or bug discovered must be reported only to the following email: [[email protected]](mailto:[email protected]).
 

contracts/crowdfund/ContributionRouter.sol

@@ -4,6 +4,7 @@ pragma solidity 0.8.20;
 import { LibAddress } from "../utils/LibAddress.sol";
 import { LibRawResult } from "../utils/LibRawResult.sol";
 import { InitialETHCrowdfund } from "../crowdfund/InitialETHCrowdfund.sol";
+import { SellPartyCardsAuthority } from "../../contracts/authorities/SellPartyCardsAuthority.sol";
 
 contract ContributionRouter {
     using LibRawResult for bytes;
@@ -75,11 +76,13 @@ contract ContributionRouter {
         assembly {
             target := shr(96, calldataload(sub(calldatasize(), 20)))
         }
-        if (msg.sig == InitialETHCrowdfund.batchContributeFor.selector) {
+        if (
+            msg.sig == InitialETHCrowdfund.batchContributeFor.selector ||
+            msg.sig == SellPartyCardsAuthority.batchContributeFor.selector
+        ) {
             uint256 numOfMints;
             assembly {
-                // 196 is the offset of the length of `tokenIds` in the
-                // calldata.
+                // 196 is the offset of the array length in the calldata.
                 numOfMints := calldataload(196)
             }
             feeAmount *= numOfMints;

contracts/party/PartyGovernanceNFT.sol

@@ -11,7 +11,7 @@ import "./PartyGovernance.sol";
 import "../renderers/RendererStorage.sol";
 
 /// @notice ERC721 functionality built on top of `PartyGovernance`.
-contract PartyGovernanceNFT is PartyGovernance, ERC721, IERC2981 {
+abstract contract PartyGovernanceNFT is PartyGovernance, ERC721, IERC2981 {
     using LibSafeCast for uint256;
     using LibSafeCast for uint96;
     using LibERC20Compat for IERC20;

contracts/utils/LibSafeCast.sol

@@ -8,6 +8,7 @@ library LibSafeCast {
     error Uint256ToInt128CastOutOfRangeError(uint256 u256);
     error Uint256ToUint128CastOutOfRangeError(uint256 u256);
     error Uint256ToUint40CastOutOfRangeError(uint256 u256);
+    error Uint96ToUint16CastOutOfRange(uint96 u96);
 
     function safeCastUint256ToUint96(uint256 v) internal pure returns (uint96) {
         if (v > uint256(type(uint96).max)) {
@@ -23,13 +24,27 @@ library LibSafeCast {
         return uint128(v);
     }
 
+    function safeCastUint256ToUint160(uint256 v) internal pure returns (uint160) {
+        if (v > uint256(type(uint160).max)) {
+            revert Uint256ToUint128CastOutOfRangeError(v);
+        }
+        return uint160(v);
+    }
+
     function safeCastUint256ToInt192(uint256 v) internal pure returns (int192) {
         if (v > uint256(uint192(type(int192).max))) {
             revert Uint256ToInt192CastOutOfRange(v);
         }
         return int192(uint192(v));
     }
 
+    function safeCastUint96ToUint16(uint96 v) internal pure returns (uint16) {
+        if (v > uint96(type(uint16).max)) {
+            revert Uint96ToUint16CastOutOfRange(v);
+        }
+        return uint16(v);
+    }
+
     function safeCastUint96ToInt192(uint96 v) internal pure returns (int192) {
         return int192(uint192(v));
     }

deploy/Deploy.s.sol

@@ -31,6 +31,7 @@ import "../contracts/market-wrapper/NounsMarketWrapper.sol";
 import { AtomicManualParty } from "../contracts/crowdfund/AtomicManualParty.sol";
 import { ContributionRouter } from "../contracts/crowdfund/ContributionRouter.sol";
 import { AddPartyCardsAuthority } from "../contracts/authorities/AddPartyCardsAuthority.sol";
+import { SellPartyCardsAuthority } from "../contracts/authorities/SellPartyCardsAuthority.sol";
 import { SSTORE2MetadataProvider } from "../contracts/renderers/SSTORE2MetadataProvider.sol";
 import { BasicMetadataProvider } from "../contracts/renderers/BasicMetadataProvider.sol";
 import "./LibDeployConstants.sol";
@@ -81,6 +82,7 @@ abstract contract Deploy {
     AtomicManualParty public atomicManualParty;
     ContributionRouter public contributionRouter;
     AddPartyCardsAuthority public addPartyCardsAuthority;
+    SellPartyCardsAuthority public sellPartyCardsAuthority;
 
     function deploy(LibDeployConstants.DeployConstants memory deployConstants) public virtual {
         _switchDeployer(DeployerRole.Default);
@@ -349,6 +351,15 @@ abstract contract Deploy {
         _trackDeployerGasAfter();
         console.log("  Deployed - AddPartyCardsAuthority", address(addPartyCardsAuthority));
 
+        // DEPLOY_SELL_PARTY_CARDS_AUTHORITY
+        console.log("");
+        console.log("### SellPartyCardsAuthority");
+        console.log("  Deploying - SellPartyCardsAuthority");
+        _trackDeployerGasBefore();
+        sellPartyCardsAuthority = new SellPartyCardsAuthority();
+        _trackDeployerGasAfter();
+        console.log("  Deployed - SellPartyCardsAuthority", address(sellPartyCardsAuthority));
+
         // DEPLOY_BATCH_BUY_OPERATOR
         console.log("");
         console.log("### CollectionBatchBuyOperator");
@@ -685,7 +696,7 @@ contract DeployScript is Script, Deploy {
         Deploy.deploy(deployConstants);
         vm.stopBroadcast();
 
-        AddressMapping[] memory addressMapping = new AddressMapping[](28);
+        AddressMapping[] memory addressMapping = new AddressMapping[](29);
         addressMapping[0] = AddressMapping("Globals", address(globals));
         addressMapping[1] = AddressMapping("TokenDistributor", address(tokenDistributor));
         addressMapping[2] = AddressMapping(
@@ -741,6 +752,10 @@ contract DeployScript is Script, Deploy {
             "AddPartyCardsAuthority",
             address(addPartyCardsAuthority)
         );
+        addressMapping[28] = AddressMapping(
+            "SellPartyCardsAuthority",
+            address(sellPartyCardsAuthority)
+        );
 
         console.log("");
         console.log("### Deployed addresses");

deploy/LibDeployConstants.sol

@@ -171,4 +171,38 @@ library LibDeployConstants {
 
         return deployConstants;
     }
+
+    function zora() internal pure returns (DeployConstants memory) {
+        address[] memory allowedERC20SwapOperatorTargets = new address[](0);
+
+        DeployConstants memory deployConstants = DeployConstants({
+            seaportExchangeAddress: 0x00000000000000ADc04C56Bf30aC9d3c0aAF14dC,
+            osZoraAuctionDuration: 1 days,
+            osZoraAuctionTimeout: 1 days,
+            osMinOrderDuration: 1 hours,
+            osMaxOrderDuration: 4 weeks,
+            zoraMinAuctionDuration: 1 days,
+            zoraMaxAuctionDuration: 4 weeks,
+            zoraMaxAuctionTimeout: 2 weeks,
+            minCancelDelay: 6 weeks,
+            maxCancelDelay: 12 weeks,
+            distributorEmergencyActionAllowedDuration: 365 days,
+            partyDaoMultisig: 0x1B059499F194B3ec0c754b3c8DEb0Ec91b0e68e9,
+            allowedERC20SwapOperatorTargets: allowedERC20SwapOperatorTargets,
+            osZone: 0x0000000000000000000000000000000000000000,
+            osConduitKey: 0xf984c55ca75735630c1c27d3d06969c1aa6af1df86d22ddc0e3a978ad6138e9f,
+            osConduitController: 0x00000000F9490004C11Cef243f5400493c00Ad63,
+            fractionalVaultFactory: 0x0000000000000000000000000000000000000000,
+            nounsAuctionHouse: 0x0000000000000000000000000000000000000000,
+            zoraReserveAuctionCoreEth: 0x0000000000000000000000000000000000000000,
+            networkName: "zora",
+            deployedNounsMarketWrapper: 0x0000000000000000000000000000000000000000,
+            contributionRouterInitialFee: 0.00055 ether,
+            tokenDistributorV1: address(0),
+            tokenDistributorV2: address(0),
+            baseExternalURL: "https://zora.party.app/party/"
+        });
+
+        return deployConstants;
+    }
 }

deploy/Zora.s.sol

@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8;
+
+import "./Deploy.s.sol";
+import "./LibDeployConstants.sol";
+
+contract ZoraDeploy is DeployScript {
+    function _run() internal override {
+        console.log("Starting zora deploy script.");
+
+        deploy(LibDeployConstants.zora());
+
+        console.log("Ending zora deploy script.");
+    }
+}

package.json

@@ -21,6 +21,8 @@
     "deploy:base:dry": "DRY_RUN=1 forge script ./deploy/Base.s.sol -vvv --rpc-url $BASE_RPC_URL --via-ir --evm-version paris --skip test --optimize --optimizer-runs 0 --ffi",
     "deploy:base-goerli": "DRY_RUN=0 forge script ./deploy/BaseGoerli.s.sol -vvv --rpc-url $BASE_GOERLI_RPC_URL --via-ir --broadcast --etherscan-api-key $BASESCAN_API_KEY --evm-version paris --skip test --optimize --optimizer-runs 0 --ffi --slow",
     "deploy:base-goerli:dry": "DRY_RUN=1 forge script ./deploy/BaseGoerli.s.sol -vvv --rpc-url $BASE_GOERLI_RPC_URL --via-ir --evm-version paris --skip test --optimize --optimizer-runs 0 --ffi",
+    "deploy:zora:dry": "DRY_RUN=1 forge script ./deploy/Zora.s.sol -vvv --rpc-url $ZORA_RPC_URL --via-ir --skip test --optimize --optimizer-runs 0 --evm-version paris --ffi --priority-gas-price 1",
+    "deploy:zora": "DRY_RUN=0 forge script ./deploy/Zora.s.sol -vvv --rpc-url $ZORA_RPC_URL --broadcast --via-ir --skip test --optimize --optimizer-runs 0 --evm-version paris --ffi --slow  --priority-gas-price 1",
     "decode-revert": "node js/decode-revert.js",
     "layout": "node js/gen-storage-layout.js",
     "coverage": "COVERAGE=true forge coverage --report lcov"