Merge branch 'dev' of github.com:greenpill-dev-guild/cookie-jar into enhancement/e2e-test-infra

Author: Oba-One

client/generated.ts

@@ -301,6 +301,13 @@ export const cookieJarAbi = [
     outputs: [],
     stateMutability: 'nonpayable',
   },
+  {
+    type: 'function',
+    inputs: [{ name: '_users', internalType: 'address[]', type: 'address[]' }],
+    name: 'grantJarDenylistRole',
+    outputs: [],
+    stateMutability: 'nonpayable',
+  },
   {
     type: 'function',
     inputs: [
@@ -487,6 +494,13 @@ export const cookieJarAbi = [
     outputs: [],
     stateMutability: 'nonpayable',
   },
+  {
+    type: 'function',
+    inputs: [{ name: '_users', internalType: 'address[]', type: 'address[]' }],
+    name: 'revokeJarDenylistRole',
+    outputs: [],
+    stateMutability: 'nonpayable',
+  },
   {
     type: 'function',
     inputs: [
@@ -1054,6 +1068,7 @@ export const cookieJarAbi = [
   },
   { type: 'error', inputs: [], name: 'TooManyNFTGates' },
   { type: 'error', inputs: [], name: 'TransferFailed' },
+  { type: 'error', inputs: [], name: 'UserDenylisted' },
   { type: 'error', inputs: [], name: 'WithdrawalAlreadyDone' },
   {
     type: 'error',
@@ -2029,6 +2044,15 @@ export const useWriteCookieJarGrantJarAllowlistRole =
     functionName: 'grantJarAllowlistRole',
   })
 
+/**
+ * Wraps __{@link useWriteContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"grantJarDenylistRole"`
+ */
+export const useWriteCookieJarGrantJarDenylistRole =
+  /*#__PURE__*/ createUseWriteContract({
+    abi: cookieJarAbi,
+    functionName: 'grantJarDenylistRole',
+  })
+
 /**
  * Wraps __{@link useWriteContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"grantRole"`
  */
@@ -2072,6 +2096,15 @@ export const useWriteCookieJarRevokeJarAllowlistRole =
     functionName: 'revokeJarAllowlistRole',
   })
 
+/**
+ * Wraps __{@link useWriteContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"revokeJarDenylistRole"`
+ */
+export const useWriteCookieJarRevokeJarDenylistRole =
+  /*#__PURE__*/ createUseWriteContract({
+    abi: cookieJarAbi,
+    functionName: 'revokeJarDenylistRole',
+  })
+
 /**
  * Wraps __{@link useWriteContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"revokeRole"`
  */
@@ -2238,6 +2271,15 @@ export const useSimulateCookieJarGrantJarAllowlistRole =
     functionName: 'grantJarAllowlistRole',
   })
 
+/**
+ * Wraps __{@link useSimulateContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"grantJarDenylistRole"`
+ */
+export const useSimulateCookieJarGrantJarDenylistRole =
+  /*#__PURE__*/ createUseSimulateContract({
+    abi: cookieJarAbi,
+    functionName: 'grantJarDenylistRole',
+  })
+
 /**
  * Wraps __{@link useSimulateContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"grantRole"`
  */
@@ -2283,6 +2325,15 @@ export const useSimulateCookieJarRevokeJarAllowlistRole =
     functionName: 'revokeJarAllowlistRole',
   })
 
+/**
+ * Wraps __{@link useSimulateContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"revokeJarDenylistRole"`
+ */
+export const useSimulateCookieJarRevokeJarDenylistRole =
+  /*#__PURE__*/ createUseSimulateContract({
+    abi: cookieJarAbi,
+    functionName: 'revokeJarDenylistRole',
+  })
+
 /**
  * Wraps __{@link useSimulateContract}__ with `abi` set to __{@link cookieJarAbi}__ and `functionName` set to `"revokeRole"`
  */

client/hooks/useCookieJar.ts

@@ -32,12 +32,14 @@ export const useCookieJarConfig = (address: `0x${string}`) => {
   const chainId = useChainId()
 
   const JAR_OWNER = keccak256(toHex("JAR_OWNER")) as `0x${string}`
-  const JAR_DENYLISTED = keccak256(toHex("JAR_DENYLISTED")) as `0x${string}`
 
-  // Use correct role name based on contract version
+  // Use correct role names based on contract version
   const allowlistRoleName = isV2Chain(chainId) ? "JAR_ALLOWLISTED" : "JAR_WHITELISTED"
   const JAR_ALLOWLISTED = keccak256(toHex(allowlistRoleName)) as `0x${string}`
 
+  const denylistRoleName = isV2Chain(chainId) ? "JAR_DENYLISTED" : "JAR_BLACKLISTED"
+  const JAR_DENYLISTED = keccak256(toHex(denylistRoleName)) as `0x${string}`
+  
   // Use correct function name based on contract version
   const lastWithdrawalFunctionName = isV2Chain(chainId) ? "lastWithdrawalAllowlist" : "lastWithdrawalWhitelist"
 

contracts/src/CookieJar.sol

@@ -36,6 +36,15 @@ interface IHats {
 contract CookieJar is AccessControl, Pausable {
     using SafeERC20 for IERC20;
 
+
+    /// @notice Modifier to check if user is not denylisted
+    modifier notDenylisted() {
+        if (hasRole(CookieJarLib.JAR_DENYLISTED, msg.sender)) {
+            revert CookieJarLib.UserDenylisted();
+        }
+        _;
+    }
+
     /// @notice Array of approved NFT gates (used in NFTGated mode).
     CookieJarLib.NFTGate[] public nftGates;
 
@@ -159,6 +168,7 @@ contract CookieJar is AccessControl, Pausable {
         maxWithdrawalPerPeriod = config.maxWithdrawalPerPeriod;
 
         _setRoleAdmin(CookieJarLib.JAR_ALLOWLISTED, CookieJarLib.JAR_OWNER);
+        _setRoleAdmin(CookieJarLib.JAR_DENYLISTED, CookieJarLib.JAR_OWNER);
         _grantRole(CookieJarLib.JAR_OWNER, config.jarOwner);
         _grantRoles(CookieJarLib.JAR_ALLOWLISTED, accessConfig.allowlist);
     }
@@ -196,6 +206,18 @@ contract CookieJar is AccessControl, Pausable {
         _revokeRoles(CookieJarLib.JAR_ALLOWLISTED, _users);
     }
 
+    /// @notice Grant denylist role to users to prevent them from withdrawing
+    /// @param _users Array of addresses to add to denylist
+    function grantJarDenylistRole(address[] calldata _users) external onlyRole(CookieJarLib.JAR_OWNER) {
+        _grantRoles(CookieJarLib.JAR_DENYLISTED, _users);
+    }
+
+    /// @notice Revoke denylist role from users to allow them to withdraw again
+    /// @param _users Array of addresses to remove from denylist
+    function revokeJarDenylistRole(address[] calldata _users) external onlyRole(CookieJarLib.JAR_OWNER) {
+        _revokeRoles(CookieJarLib.JAR_DENYLISTED, _users);
+    }
+
     /// @notice Updates the fee collector address. Only the fee collector can call this function.
     /// @param _newFeeCollector The new fee collector address.
     function updateFeeCollector(address _newFeeCollector) external {
@@ -488,7 +510,7 @@ contract CookieJar is AccessControl, Pausable {
     function withdrawAllowlistMode(
         uint256 amount,
         string calldata purpose
-    ) external onlyRole(CookieJarLib.JAR_ALLOWLISTED) whenNotPaused {
+    ) external onlyRole(CookieJarLib.JAR_ALLOWLISTED) whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.Allowlist) revert CookieJarLib.InvalidAccessType();
         _checkAndUpdateWithdraw(amount, purpose, lastWithdrawalAllowlist[msg.sender]);
         lastWithdrawalAllowlist[msg.sender] = block.timestamp;
@@ -500,7 +522,12 @@ contract CookieJar is AccessControl, Pausable {
     /// @param purpose A description for the withdrawal.
     /// @param gateAddress The NFT contract address used for gating.
     /// @param tokenId The NFT token id used for gating.
-    function withdrawNFTMode(uint256 amount, string calldata purpose, address gateAddress, uint256 tokenId) external whenNotPaused {
+    function withdrawNFTMode(
+        uint256 amount, 
+        string calldata purpose, 
+        address gateAddress, 
+        uint256 tokenId
+    ) external whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.NFTGated) revert CookieJarLib.InvalidAccessType();
         if (gateAddress == address(0)) revert CookieJarLib.InvalidNFTGate();
         _checkAccessNFT(gateAddress, tokenId);
@@ -576,7 +603,11 @@ contract CookieJar is AccessControl, Pausable {
     /// @param amount The amount to withdraw.
     /// @param purpose A description for the withdrawal.
     /// @param tokenId The POAP token ID to use for access.
-    function withdrawPOAPMode(uint256 amount, string calldata purpose, uint256 tokenId) external whenNotPaused {
+    function withdrawPOAPMode(
+        uint256 amount, 
+        string calldata purpose, 
+        uint256 tokenId
+    ) external whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.POAP) revert CookieJarLib.InvalidAccessType();
         _checkAccessPOAP(tokenId);
         _checkAndUpdateWithdraw(amount, purpose, lastWithdrawalPOAP[tokenId]);
@@ -587,7 +618,7 @@ contract CookieJar is AccessControl, Pausable {
     /// @notice Withdraws funds (ETH or ERC20) for Unlock Protocol key holders.
     /// @param amount The amount to withdraw.
     /// @param purpose A description for the withdrawal.
-    function withdrawUnlockMode(uint256 amount, string calldata purpose) external whenNotPaused {
+    function withdrawUnlockMode(uint256 amount, string calldata purpose) external whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.Unlock) revert CookieJarLib.InvalidAccessType();
         _checkAccessUnlock();
         _checkAndUpdateWithdraw(amount, purpose, lastWithdrawalProtocol[msg.sender]);
@@ -599,7 +630,11 @@ contract CookieJar is AccessControl, Pausable {
     /// @param amount The amount to withdraw.
     /// @param purpose A description for the withdrawal.
     /// @param tokenId The hypercert token ID to use for access.
-    function withdrawHypercertMode(uint256 amount, string calldata purpose, uint256 tokenId) external whenNotPaused {
+    function withdrawHypercertMode(
+        uint256 amount, 
+        string calldata purpose, 
+        uint256 tokenId
+    ) external whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.Hypercert) revert CookieJarLib.InvalidAccessType();
         _checkAccessHypercert(tokenId);
         _checkAndUpdateWithdraw(amount, purpose, lastWithdrawalProtocol[msg.sender]);
@@ -610,7 +645,7 @@ contract CookieJar is AccessControl, Pausable {
     /// @notice Withdraws funds (ETH or ERC20) for Hats Protocol hat wearers.
     /// @param amount The amount to withdraw.
     /// @param purpose A description for the withdrawal.
-    function withdrawHatsMode(uint256 amount, string calldata purpose) external whenNotPaused {
+    function withdrawHatsMode(uint256 amount, string calldata purpose) external whenNotPaused notDenylisted {
         if (accessType != CookieJarLib.AccessType.Hats) revert CookieJarLib.InvalidAccessType();
         _checkAccessHats();
         _checkAndUpdateWithdraw(amount, purpose, lastWithdrawalProtocol[msg.sender]);
@@ -783,7 +818,7 @@ contract CookieJar is AccessControl, Pausable {
 
     function _checkAccessHypercert(uint256 tokenId) internal view {
         if (tokenId != hypercertRequirement.tokenId) {
-            revert CookieJarLib.InvalidAccessType();
+            revert CookieJarLib.NotAuthorized();
         }
 
         address tokenContract = hypercertRequirement.tokenContract;

contracts/src/libraries/CookieJarLib.sol

@@ -56,6 +56,7 @@ library CookieJarLib {
     // --- Constants ---
     bytes32 public constant JAR_OWNER = keccak256("JAR_OWNER");
     bytes32 public constant JAR_ALLOWLISTED = keccak256("JAR_ALLOWLISTED");
+    bytes32 public constant JAR_DENYLISTED = keccak256("JAR_DENYLISTED");
 
     // --- Structs ---
     /// @notice Represents an NFT gate with a contract address and its NFT type.

contracts/test/CookieJarProtocols.t.sol

@@ -442,7 +442,7 @@ contract CookieJarProtocolsTest is Test {
 
         vm.warp(block.timestamp + withdrawalInterval + 1);
         vm.prank(user);
-        vm.expectRevert(abi.encodeWithSelector(CookieJarLib.InvalidAccessType.selector));
+        vm.expectRevert(abi.encodeWithSelector(CookieJarLib.NotAuthorized.selector));
         jarHypercert.withdrawHypercertMode(fixedAmount, purpose, testTokenId + 1);
     }
 

contracts/test/NFTGatingEnhanced.t.sol

@@ -108,10 +108,10 @@ contract NFTGatingEnhancedTest is Test {
             nftAddresses: nftAddresses,
             nftTypes: nftTypes,
             allowlist: emptyAllowlist,
-            poapReq: CookieJarLib.POAPRequirement(0, address(0)),
-            unlockReq: CookieJarLib.UnlockRequirement(address(0)),
-            hypercertReq: CookieJarLib.HypercertRequirement(address(0), 0, 1),
-            hatsReq: CookieJarLib.HatsRequirement(0, address(0))
+            poapReq: CookieJarLib.POAPRequirement({eventId: 0, poapContract: address(0)}),
+            unlockReq: CookieJarLib.UnlockRequirement({lockAddress: address(0)}),
+            hypercertReq: CookieJarLib.HypercertRequirement({tokenContract: address(0), tokenId: 0, minBalance: 0}),
+            hatsReq: CookieJarLib.HatsRequirement({hatId: 0, hatsContract: address(0)})
         });
 
         // Deploy the jar