Audit final revision compared to initial audit (based on branch is v0.1.5, commit f1dfefc71c3ace567a5b79e98100ee17d9cfcc5d)

contracts/cw721-tester/src/lib.rs

@@ -1,7 +1,7 @@
 use cosmwasm_schema::cw_serde;
 #[cfg(not(feature = "library"))]
 use cosmwasm_std::entry_point;
-use cosmwasm_std::{Addr, Binary, Deps, DepsMut, Empty, Env, MessageInfo, Response, StdResult};
+use cosmwasm_std::{Binary, Deps, DepsMut, Empty, Env, MessageInfo, Response, StdResult};
 use cw2::set_contract_version;
 use cw721_base::{msg, ContractError, Extension};
 use cw_storage_plus::Item;
@@ -14,13 +14,13 @@ pub struct InstantiateMsg {
     pub name: String,
     pub symbol: String,
     pub minter: String,
-    /// An address which will be unable to transfer NFTs away from
-    /// themselves (they are a black hole). If this address attempts a
-    /// `TransferNft` message it will fail with an out-of-gas error.
-    pub target: String,
+    /// An address which will be unable receive NFT on `TransferNft` message
+    /// If `TransferNft` message attempts sending to banned recipient
+    /// it will fail with an out-of-gas error.
+    pub banned_recipient: String,
 }
 
-const TARGET: Item<Addr> = Item::new("target");
+const BANNED_RECIPIENT: Item<String> = Item::new("banned_recipient");
 
 const CONTRACT_NAME: &str = "crates.io:cw721-gas-tester";
 const CONTRACT_VERSION: &str = env!("CARGO_PKG_VERSION");
@@ -39,11 +39,11 @@ pub fn instantiate(
         msg::InstantiateMsg {
             name: msg.name,
             symbol: msg.symbol,
-            minter: msg.minter,
+            minter: Some(msg.minter),
             withdraw_address: None,
         },
     )?;
-    TARGET.save(deps.storage, &deps.api.addr_validate(&msg.target)?)?;
+    BANNED_RECIPIENT.save(deps.storage, &msg.banned_recipient)?;
     set_contract_version(deps.storage, CONTRACT_NAME, CONTRACT_VERSION)?;
 
     Ok(response)
@@ -56,13 +56,17 @@ pub fn execute(
     info: MessageInfo,
     msg: ExecuteMsg,
 ) -> Result<Response, ContractError> {
-    if matches!(msg, ExecuteMsg::TransferNft { .. }) && info.sender == TARGET.load(deps.storage)? {
-        // loop here causes the relayer to hang while it tries to
-        // simulate the TX.
-        panic!("gotem")
-        // loop {}
-    } else {
-        cw721_base::entry::execute(deps, env, info, msg)
+    match msg.clone() {
+        ExecuteMsg::TransferNft { recipient, .. } => {
+            if recipient == BANNED_RECIPIENT.load(deps.storage)? {
+                // loop here causes the relayer to hang while it tries to
+                // simulate the TX.
+                panic!("gotem")
+                // loop {}
+            }
+            cw721_base::entry::execute(deps, env, info, msg)
+        }
+        _ => cw721_base::entry::execute(deps, env, info, msg),
     }
 }
 

contracts/sg-ics721/src/execute.rs

@@ -4,7 +4,7 @@ use ics721_types::token_types::Class;
 
 use sg721_base::msg::{CollectionInfoResponse, QueryMsg};
 
-use crate::state::{SgCollectionData, SgIcs721Contract};
+use crate::state::{SgCollectionData, SgIcs721Contract, STARGAZE_ICON_PLACEHOLDER};
 
 impl Ics721Execute for SgIcs721Contract {
     type ClassData = SgCollectionData;
@@ -48,7 +48,8 @@ impl Ics721Execute for SgIcs721Contract {
                 // therefore, we use ics721 creator as owner
                 creator: ics721_contract_info.creator,
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                // use Stargaze icon as placeholder
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,

contracts/sg-ics721/src/state.rs

@@ -2,6 +2,9 @@ use cosmwasm_schema::cw_serde;
 use cosmwasm_std::ContractInfoResponse;
 use sg721_base::msg::CollectionInfoResponse;
 
+pub const STARGAZE_ICON_PLACEHOLDER: &str =
+    "ipfs://bafkreie5vwrm5zts4wiq6ebtopmztgl5qzyl4uszyllgwpaizyc5w2uycm";
+
 /// Collection data provided by the (source) cw721 contract. This is pass as optional class data during interchain transfer to target chain.
 /// ICS721 on target chain is free to use this data or not. Lik in case of `sg721-base` it uses owner for defining creator in collection info.
 #[cw_serde]

contracts/sg-ics721/src/testing/integration_tests.rs

@@ -30,7 +30,10 @@ use sg721::InstantiateMsg as Sg721InstantiateMsg;
 use sg721_base::msg::{CollectionInfoResponse, QueryMsg as Sg721QueryMsg};
 use sha2::{digest::Update, Digest, Sha256};
 
-use crate::{state::SgCollectionData, ContractError, SgIcs721Contract};
+use crate::{
+    state::{SgCollectionData, STARGAZE_ICON_PLACEHOLDER},
+    ContractError, SgIcs721Contract,
+};
 
 const ICS721_CREATOR: &str = "ics721-creator";
 const CONTRACT_NAME: &str = "crates.io:sg-ics721";
@@ -338,6 +341,9 @@ impl Test {
             false => None,
         };
 
+        let admin = admin_and_pauser
+            .clone()
+            .map(|p| app.api().addr_make(&p).to_string());
         let ics721 = app
             .instantiate_contract(
                 ics721_id,
@@ -346,9 +352,8 @@ impl Test {
                     cw721_base_code_id: source_cw721_id,
                     incoming_proxy,
                     outgoing_proxy,
-                    pauser: admin_and_pauser
-                        .clone()
-                        .map(|p| app.api().addr_make(&p).to_string()),
+                    pauser: admin.clone(),
+                    cw721_admin: admin,
                 },
                 &[],
                 "sg-ics721",
@@ -369,7 +374,7 @@ impl Test {
                     collection_info: sg721::CollectionInfo {
                         creator: source_cw721_owner.to_string(),
                         description: "".to_string(),
-                        image: "https://arkprotocol.io".to_string(),
+                        image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                         external_link: None,
                         explicit_content: None,
                         start_trading_time: None,
@@ -452,6 +457,13 @@ impl Test {
             .unwrap()
     }
 
+    fn query_cw721_admin(&mut self) -> Option<Addr> {
+        self.app
+            .wrap()
+            .query_wasm_smart(self.ics721.clone(), &QueryMsg::Cw721Admin {})
+            .unwrap()
+    }
+
     fn query_nft_contracts(&mut self) -> Vec<(String, Addr)> {
         self.app
             .wrap()
@@ -719,7 +731,7 @@ fn test_do_instantiate_and_mint() {
                 // creator of ics721 contract is also creator of collection, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -895,7 +907,7 @@ fn test_do_instantiate_and_mint() {
                 // creator based on owner from collection in soure chain
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1069,7 +1081,7 @@ fn test_do_instantiate_and_mint() {
                 // creator of ics721 contract is creator of nft contract, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1247,7 +1259,7 @@ fn test_do_instantiate_and_mint() {
                 // creator of ics721 contract is creator of nft contract, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1425,7 +1437,7 @@ fn test_do_instantiate_and_mint() {
                 // creator of ics721 contract is creator of nft contract, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1657,7 +1669,7 @@ fn test_do_instantiate_and_mint_2_different_collections() {
                 // creator of ics721 contract is also creator of collection, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1670,7 +1682,7 @@ fn test_do_instantiate_and_mint_2_different_collections() {
                 // creator of ics721 contract is also creator of collection, since no owner in ClassData provided
                 creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
                 description: "".to_string(),
-                image: "https://arkprotocol.io".to_string(),
+                image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                 external_link: None,
                 explicit_content: None,
                 start_trading_time: None,
@@ -1917,7 +1929,7 @@ fn test_do_instantiate_and_mint_no_instantiate() {
         CollectionInfoResponse {
             creator: test.app.api().addr_make(ICS721_CREATOR).to_string(),
             description: "".to_string(),
-            image: "https://arkprotocol.io".to_string(),
+            image: STARGAZE_ICON_PLACEHOLDER.to_string(),
             external_link: None,
             explicit_content: None,
             start_trading_time: None,
@@ -2099,7 +2111,7 @@ fn test_proxy_authorized() {
                         .addr_make(COLLECTION_OWNER_SOURCE_CHAIN)
                         .to_string(),
                     description: "".to_string(),
-                    image: "https://arkprotocol.io".to_string(),
+                    image: STARGAZE_ICON_PLACEHOLDER.to_string(),
                     external_link: None,
                     explicit_content: None,
                     start_trading_time: None,
@@ -2225,7 +2237,7 @@ fn test_receive_nft() {
         collection_info: Some(CollectionInfoResponse {
             creator: test.ics721.to_string(),
             description: "".to_string(),
-            image: "https://arkprotocol.io".to_string(),
+            image: STARGAZE_ICON_PLACEHOLDER.to_string(),
             external_link: None,
             explicit_content: None,
             start_trading_time: None,
@@ -2337,6 +2349,7 @@ fn test_pause() {
                     incoming_proxy: None,
                     outgoing_proxy: None,
                     cw721_base_code_id: None,
+                    cw721_admin: None,
                 })
                 .unwrap(),
             }
@@ -2378,9 +2391,10 @@ fn test_migration() {
     assert_eq!(cw721_code_id, test.source_cw721_id);
 
     // migrate changes
+    let admin = test.app.api().addr_make(ICS721_ADMIN_AND_PAUSER);
     test.app
         .execute(
-            test.app.api().addr_make(ICS721_ADMIN_AND_PAUSER),
+            admin.clone(),
             WasmMsg::Migrate {
                 contract_addr: test.ics721.to_string(),
                 new_code_id: test.ics721_id,
@@ -2389,6 +2403,7 @@ fn test_migration() {
                     incoming_proxy: None,
                     outgoing_proxy: None,
                     cw721_base_code_id: Some(12345678),
+                    cw721_admin: Some(admin.to_string()),
                 })
                 .unwrap(),
             }
@@ -2402,6 +2417,7 @@ fn test_migration() {
     assert!(proxy.is_none());
     let cw721_code_id = test.query_cw721_id();
     assert_eq!(cw721_code_id, 12345678);
+    assert_eq!(test.query_cw721_admin(), Some(admin),);
 
     // migrate without changing code id
     test.app
@@ -2415,6 +2431,7 @@ fn test_migration() {
                     incoming_proxy: None,
                     outgoing_proxy: None,
                     cw721_base_code_id: None,
+                    cw721_admin: Some("".to_string()),
                 })
                 .unwrap(),
             }
@@ -2428,4 +2445,5 @@ fn test_migration() {
     assert!(proxy.is_none());
     let cw721_code_id = test.query_cw721_id();
     assert_eq!(cw721_code_id, 12345678);
+    assert_eq!(test.query_cw721_admin(), None,);
 }

justfile

@@ -1,7 +1,7 @@
 set dotenv-load
 
 platform := if arch() =~ "aarch64" {"linux/arm64"} else {"linux/amd64"}
-image := if arch() =~ "aarch64" {"cosmwasm/workspace-optimizer-arm64:0.14.0"} else {"cosmwasm/workspace-optimizer:0.14.0"}
+image := if arch() =~ "aarch64" {"cosmwasm/workspace-optimizer-arm64:0.15.0"} else {"cosmwasm/workspace-optimizer:0.15.0"}
 
 alias log := optimize-watch