Merge branch 'main' into main

.env.example

@@ -15,9 +15,9 @@ TENDERLY_PRIVATEKEY =
 ETHERSCAN_API_KEY = ETHERSCANAPIKEYETHERSCANAPIKEY
 
 # TESTNET
-DEVNET_URL = http://
-DEVNET_CHAINID = 1315
-DEVNET_PRIVATEKEY = 
-DEVNET_USER1 = 
-DEVNET_USER2 = 
-DEVNET_ERC721 = 
+STORY_URL = http://
+STORY_CHAINID = 1315
+STORY_PRIVATEKEY = 
+STORY_USER1 = 
+STORY_USER2 = 
+STORY_ERC721 = 

.github/workflows/hardhat_e2e.yml

@@ -0,0 +1,255 @@
+name: HardHat E2E Test
+
+on:
+  # push:
+  #   branches:
+  #     - update-e2e-test
+
+  workflow_dispatch:
+    inputs:
+      devnet_version:
+        description: 'devnet; mainnet;'
+        required: true
+        default: 'devnet'
+        type: choice
+        options:
+          - devnet
+          - mainnet
+      erc721_address:
+        description: 'ERC721 contract address'
+        required: false
+        default: ''
+        type: string
+      deploy_oov3:
+        description: 'Deploy Optimistic Oracle V3'
+        required: false
+        default: false
+        type: boolean
+
+  workflow_call:
+    inputs:
+      devnet_version:
+        description: 'devnet; mainnet;'
+        required: false
+        default: 'devnet'
+        type: string
+      erc721_address:
+        description: 'ERC721 contract address'
+        required: false
+        default: ''
+        type: string
+
+jobs:
+  print-config:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Print Inputs
+        run: |
+          echo "Inputs:"
+          echo "devnet_version: ${{ inputs.devnet_version || github.event.inputs.devnet_version || 'devnet' }}"
+          echo "erc721_address: ${{ inputs.erc721_address || github.event.inputs.erc721_address || '' }}"
+
+  set-devnet-constants:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Devnet Version
+        id: devnet_version
+        run: |
+          declare -A devnet_config=(
+            ["devnet"]="1315 http://r1-d.odyssey-devnet.storyrpc.io:8545"
+            ["mainnet"]="1514 https://public.storyrpc.io"
+          )
+
+          devnet_version="${{ inputs.devnet_version || github.event.inputs.devnet_version || 'devnet' }}"
+
+          if [[ -n "${devnet_config[$devnet_version]}" ]]; then
+            read -r chainid rpcurl <<< "${devnet_config[$devnet_version]}"
+            
+            echo "CHAINID=$chainid" >> $GITHUB_OUTPUT
+            echo "RPCURL='$rpcurl'" >> $GITHUB_OUTPUT
+          else
+            echo "Unknown devnet version: $devnet_version"
+            exit 1
+          fi
+
+      - name: Mock ERC20 Address
+        id: mock_erc20_address
+        run: |
+          echo "MOCK_ERC20_ADDRESS=0x1514000000000000000000000000000000000000" >> $GITHUB_OUTPUT
+
+    outputs:
+      CHAINID: ${{ steps.devnet_version.outputs.CHAINID }}
+      RPCURL: ${{ steps.devnet_version.outputs.RPCURL }}
+      MOCK_ERC20_ADDRESS: ${{ steps.mock_erc20_address.outputs.MOCK_ERC20_ADDRESS }}
+
+  deploy-erc721:
+    name: Deploy ERC721
+    needs: set-devnet-constants
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [21.x]
+
+    steps:
+      - name: Check Out Repository Code
+        uses: actions/checkout@v4
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Run install
+        uses: borales/actions-yarn@v4
+        with:
+          cmd: install # will run `yarn install` command
+
+      - name: Install Dependencies
+        run: |
+          forge compile
+
+      - name: Deploy MockERC721 Contract
+        id: deploy-mock-erc721
+        run: |
+          erc721_address=${{ inputs.erc721_address || github.event.inputs.erc721_address || '' }}
+          if [[ -n "$erc721_address" ]]; then
+            echo "ERC721 address provided: $erc721_address"
+            erc721=$erc721_address
+          else
+            echo "Deploying MockERC721 contract"
+            result=$(forge create --rpc-url ${{ needs.set-devnet-constants.outputs.RPCURL }} --broadcast --private-key ${{ secrets.STORY_PRIVATEKEY }} --optimize --optimizer-runs 30000 --legacy --json test/foundry/mocks/token/MockERC721.sol:MockERC721 --constructor-args "MockERC" "MockERC" 2>&1)
+            echo $result
+            erc721=$(echo $result | grep deployedTo | jq -r '.deployedTo')
+            echo "Deployed to: $erc721"
+          fi
+
+          echo "STORY_ERC721=$erc721" >> $GITHUB_OUTPUT
+    outputs:
+      STORY_ERC721: ${{ steps.deploy-mock-erc721.outputs.STORY_ERC721 }}
+
+  deploy-oov3-sandbox:
+    name: Deploy UMA Optimistic Oracle V3
+    if: ${{ inputs.deploy_oov3 == true || github.event.inputs.deploy_oov3 == true }}
+    needs: set-devnet-constants
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [21.x]
+
+    steps:
+      - name: Check Out Repository Code
+        uses: actions/checkout@v4
+
+      - name: Checkout dev-quickstart-oov3 repository
+        uses: actions/checkout@v4
+        with:
+          repository: UMAprotocol/dev-quickstart-oov3
+          path: dev-quickstart-oov3
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Install Dependencies
+        run: |
+          cd dev-quickstart-oov3
+          forge install
+    
+      - name: Deploy UMA Optimistic Oracle V3
+        id: deploy-oov3-sandbox
+        run: |
+          cd dev-quickstart-oov3
+          echo "DEFAULT_CURRENCY=${{ needs.set-devnet-constants.outputs.MOCK_ERC20_ADDRESS }}" >> .env
+          echo "DEFAULT_LIVENESS=600" >> .env
+          echo "MINIMUM_BOND=0" >> .env
+          source .env
+
+          output=$(forge script script/OracleSandbox.s.sol --fork-url ${{ needs.set-devnet-constants.outputs.RPCURL }} --broadcast --private-key ${{ secrets.STORY_PRIVATEKEY }} --priority-gas-price 1 --legacy)
+          echo "$output"
+
+          oov3_address=$(echo "$output" | grep '^  Deployed Optimistic Oracle V3' | awk '{print $NF}')
+          echo "OOV3_ADDRESS: $oov3_address"
+          echo "OOV3_ADDRESS=$oov3_address" >> $GITHUB_OUTPUT
+    outputs:
+      OOV3_ADDRESS: ${{ steps.deploy-oov3-sandbox.outputs.OOV3_ADDRESS }}
+
+  run-hardhat-test:
+    name: Run E2E Test
+    runs-on: ubuntu-latest
+    needs: [set-devnet-constants, deploy-erc721, deploy-oov3-sandbox ]
+    if: always() && !failure() && !cancelled()
+
+    strategy:
+      matrix:
+        node-version: [21.x]
+
+    steps:
+      - name: Check Out Repository Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Run install
+        uses: borales/actions-yarn@v4
+        with:
+          cmd: install # will run `yarn install` command
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: 'Create env file'
+        run: |
+          touch .env
+          echo "MAINNET_PRIVATEKEY=${{ secrets.STORY_PRIVATEKEY }}" >> .env
+          echo "SEPOLIA_PRIVATEKEY=${{ secrets.STORY_PRIVATEKEY }}" >> .env
+          echo "STORY_PRIVATEKEY=${{ secrets.STORY_PRIVATEKEY }}" >> .env
+          echo "STORY_USER1=${{ secrets.STORY_USER1 }}" >> .env
+          echo "STORY_USER2=${{ secrets.STORY_USER2 }}" >> .env    
+          echo "STORY_URL=${{ needs.set-devnet-constants.outputs.RPCURL }}" >> .env
+          echo "STORY_CHAINID=${{ needs.set-devnet-constants.outputs.CHAINID }}" >> .env
+          echo "STORY_ERC721=${{ needs.deploy-erc721.outputs.STORY_ERC721 }}" >> .env
+          echo "STORY_OOV3=${{ needs.deploy-oov3-sandbox.outputs.OOV3_ADDRESS }}" >> .env
+
+          # add one more blank line to .env
+          echo "" >> .env
+
+      - name: Run test
+        run: |
+          npx hardhat test --network odyssey
+
+      - name: Upload Test Report
+        uses: actions/upload-artifact@v4
+        with:
+          name: poc-test-report
+          path: |
+            ./mochawesome-report
+        if: always()
+
+      - name: Copy report to date folder
+        id: create_folder
+        run: |
+          folder_name=$(date +%Y%m%d)
+          echo "Folder name: $folder_name"
+
+          # Determine version_name based on devnet_version
+          env_name=${{ inputs.devnet_version || github.event.inputs.devnet_version || 'devnet' }}
+          
+          mkdir -p ./tmp/$folder_name/$env_name
+          cp -R ./mochawesome-report/* ./tmp/$folder_name/$env_name
+
+      - name: Deploy report to GitHub Pages
+        if: ${{ inputs.deploy_report == 'true' }}
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./tmp
+          publish_branch: gh-pages
+          keep_files: true

CHANGELOG.md

@@ -16,7 +16,7 @@
 - Miscellaneous changes (#130)
 - More tests (#101)
 
-Full Changelog: [v1.0.0...v1.1.0](https://github.com/storyprotocol/protocol-core/compare/v1.0.0...v1.1.0)
+Full Changelog: [v1.0.0...v1.1.0](https://github.com/storyprotocol/protocol-core-v1/compare/v1.0.0...v1.1.0)
 
 ## v1.0.0
 
@@ -47,7 +47,7 @@ Full Changelog: [v1.0.0...v1.1.0](https://github.com/storyprotocol/protocol-core
 - Miscellaneous configs (#50), code cleanup (#52, #112) and structure (#56, #85), and pkg bump (#34)
 - Enhance CI/CD (#72, #92)
 
-Full Changelog: [v1.0.0-rc.1...v1.0.0](https://github.com/storyprotocol/protocol-core/compare/v1.0.0-rc.1...v1.0.0)
+Full Changelog: [v1.0.0-rc.1...v1.0.0](https://github.com/storyprotocol/protocol-core-v1/compare/v1.0.0-rc.1...v1.0.0)
 
 ## v1.0.0-rc.1
 

README.md

@@ -144,17 +144,11 @@ make format
 
 [See our contribution guidelines](./GUIDELINES.md)
 
-# 🛡️ Security
-
-We use slither, a popular security framework from [Trail of Bits](https://www.trailofbits.com/). To use slither, you'll first need to [install python](https://www.python.org/downloads/) and [install slither](https://github.com/crytic/slither#how-to-install).
 
-Then, you can run:
+# 🛡️ Security
 
-```
-make slither
-```
 
-And get your slither output.
+We welcome responsible disclosure of vulnerabilities. Please see our [security policy](SECURITY.md) for more information.
 
 # 📜 Licensing
 

SECURITY.md

@@ -0,0 +1,37 @@
+# Security Policy
+
+The security of Story is critical. If you discover any security vulnerabilities, we appreciate your help in responsibly disclosing them to us.
+
+## Reporting a Vulnerability
+
+**Please do not file a public ticket** mentioning the vulnerability.
+
+We are in the process of setting up a bug bounty program. This document will be updated when ready, and the program will be announced on our channels.
+
+We recommend to wait for the program to be ready for reporting, but if you find a vulnerability that will put the network at risk, please send an email to **security@piplabs.xyz**. We kindly request that you provide us with the following details:
+
+- A clear description of the vulnerability and its potential impact.
+- Steps to reproduce the vulnerability.
+- Any additional information or proof of concept that can help us understand and address the issue.
+
+If applicable, rewards will be provided through the bug bounty program when ready.
+
+## Audit Reports, Known Issues and Ongoing Auditing Contest
+
+There is a series of known issues reported by our our multiple auditors. Please [review our audit reports](./audits/) to make sure you are not reporting a duplicate.
+
+Folders:
+
+- geth: audits of the original geth codebase
+- story: Story network audits (scope includes Story Geth, Story Consensus Client and Cosmos fork, please refer to the relevant issues for this repository)
+
+Story has undergone a public [audit competition by Cantina](https://cantina.xyz/competitions/0561defa-eeb2-4a74-8884-5d7a873afa58). We will publish the report as soon as the judging period is over.
+Please be advised that there is a high chance that your reported vulnerability can be a duplicate if you do it before we publish the report.
+
+## Responsible Disclosure
+
+We believe in responsible disclosure and request that you refrain from publicly disclosing any vulnerabilities until we have had sufficient time to investigate and address them. We appreciate your cooperation in helping us maintain the security and integrity of our blockchain network.
+
+## Disclaimer
+
+Please note that this document is subject to change and may be updated as our security practices evolve. We encourage you to check back regularly for any updates or changes.

contracts/GroupNFT.sol

@@ -74,7 +74,7 @@ contract GroupNFT is IGroupNFT, ERC721Upgradeable, AccessManagedUpgradeable, UUP
     function mintGroupNft(address minter, address receiver) external onlyGroupingModule returns (uint256 groupNftId) {
         GroupNFTStorage storage $ = _getGroupNFTStorage();
         groupNftId = $.totalSupply++;
-        _safeMint(receiver, groupNftId);
+        _mint(receiver, groupNftId);
         emit GroupNFTMinted(minter, receiver, groupNftId);
     }
 
@@ -88,6 +88,7 @@ contract GroupNFT is IGroupNFT, ERC721Upgradeable, AccessManagedUpgradeable, UUP
     function tokenURI(
         uint256 id
     ) public view virtual override(ERC721Upgradeable, IERC721Metadata) returns (string memory) {
+        _requireOwned(id);
         GroupNFTStorage storage $ = _getGroupNFTStorage();
 
         /* solhint-disable */

contracts/IPAccountImpl.sol

@@ -257,6 +257,10 @@ contract IPAccountImpl is ERC6551, IPAccountStorage, IIPAccount {
         // Smart contract signature
         if (v == 0) {
             // Signer address encoded in r
+            // prevent from signature malleability
+            if ((bytes32(signature[:32]) >> 160) != 0) {
+                revert Errors.IPAccount__InvalidSigner();
+            }
             signer = address(uint160(uint256(bytes32(signature[:32]))));
 
             // Allow recursive signature verification
@@ -283,4 +287,8 @@ contract IPAccountImpl is ERC6551, IPAccountStorage, IIPAccount {
         name = "Story Protocol IP Account";
         version = "1";
     }
+
+    function _authorizeUpgrade(address) internal virtual override {
+        revert Errors.IPAccount__UUPSUpgradeDisabled();
+    }
 }