Skip to content

Add ERC1155Holder to prevent Packs.reveal abuse #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 9, 2025
Merged

Add ERC1155Holder to prevent Packs.reveal abuse #40

merged 8 commits into from
Oct 9, 2025

Conversation

ScreamingHawk
Copy link
Contributor

@ScreamingHawk ScreamingHawk commented Oct 6, 2025
edited
Loading

Adds ERC1155Holder, which accepts ERC1155 tokens and allows them to be claimed by the claimant encoded in the data.

This prevents the user from denying certain tokens when interacting with packs.reveal(), which would allow them to retry for a better reveal.

Includes some trivial optimizations to keep bytecode size within the limits.
This change does not require any ABI updates.

This includes NC-03, flipping the _commitment nested mapping keys.

Future optimizations if we can reduce bytecode size further:

  • Always attempt transfer to the recipient, only use the ERC1155Holder as a fallback
  • Use abi.encodePacked(recipient)
  • Add updateERC1155Holder() to configure the holder after deployment

@ScreamingHawk ScreamingHawk mentioned this pull request Oct 7, 2025
Merged
@ScreamingHawk ScreamingHawk merged commit 4fe67a2 into master Oct 9, 2025
3 checks passed
@ScreamingHawk ScreamingHawk deleted the packs branch October 9, 2025 18:13
VojtechVitek
VojtechVitek reviewed Oct 14, 2025
View reviewed changes
src/tokens/ERC1155/presets/pack/ERC1155Pack.sol
Comment on lines +113 to +114
unchecked {
++i;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm surprised that Solidity doesn't recognize that the previous i++ version was already bound by i < packContent.tokenAddresses.length and cannot overflow :)

Feels like Solidity could do this optimization by itself?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha. Yes, it does in some scenarios. This change saved a bit of gas so I guess this isn't one of them.
Usually I wouldn't bother with it but we are so close to the bytecode limit for this contract that it's worth including.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VojtechVitek VojtechVitek VojtechVitek left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ScreamingHawk @VojtechVitek