nibbstack / erc721 Goto Github PK

Shouldn't it be better to use https://github.com/OpenZeppelin/openzeppelin-solidity/tree/master/contracts/token/ERC721 ?

This is probably just a documentation change.

See ethereum/EIPs#1125

Let's find a way to add a screenshot.

• Maybe deploy a token (to mainnet) and load it up on Toshi. Add a screenshot of Toshi.
• Maybe deploy a contract and show the read contract page on etherscan like https://etherscan.io/address/0x6731560e455537c9f088ea02a47a0ecfa28a9231#readContract
• Maybe a flow diagram, anything

After updating to the latest version of solidity we can see the warnings below:

Compilation warnings encountered:

/Users/xpeper/Work/0xcert.org/repositories/ethereum-erc721/contracts/tokens/ERC721.sol:142:3: Warning: Functions in interfaces should be declared external.
  function getApproved(
  ^ (Relevant source part starts here and spans across multiple lines).
,/Users/xpeper/Work/0xcert.org/repositories/ethereum-erc721/contracts/mocks/NFTokenMetadataEnumerableMock.sol:6:1: Warning: Base constructor arguments given twice.
contract NFTokenMetadataEnumerableMock is NFTokenEnumerable, NFTokenMetadata {
^ (Relevant source part starts here and spans across multiple lines).
/Users/xpeper/Work/0xcert.org/repositories/ethereum-erc721/contracts/tokens/NFTokenEnumerable.sol:35:5: First constructor call is here:
    NFToken()
    ^-------^
/Users/xpeper/Work/0xcert.org/repositories/ethereum-erc721/contracts/tokens/NFTokenMetadata.sol:35:5: Second constructor call is here:
    NFToken()
    ^-------^

I have to say it IS convenient in my unit tests, that it does, but not all deployments will require it.

In the removeNFToken function in the NFTokenEnumerable.sol file ownerToIds[_from][lastTokenIndex] is set to 0 twice instead of once. This is redundant and costs about 5300 extra gas.

Here is the code I am talking about:

 ownerToIds[_from][lastTokenIndex] = 0;
 
 ownerToIds[_from].length--;

The first line obviously sets ownerToIds[_from][lastTokenIndex] to 0. Reducing the length of the array also sets ownerToIds[_from][lastTokenIndex] to 0.

So it makes sense to get rid of this line: ownerToIds[_from][lastTokenIndex] = 0;.

I think canTransfer modifier should be moved to private _transfer function instead of other wrapping functions. If somebody decides to build upon our implementation then decoupling these could pose a serious risk: one just needs to add another function which calls _transfer and forget to add the modifier. Or changes _transfer to external.

1. missing tests for function _mint
2. missing tests for function removeNFToken
3. missing tests for function addNFToken

If issue #9 gets accepted then _safeTransferFrom should just call transferFrom before checking if recipient is a contract.

The ERC721 standard changed recently. The onERC721Received function now has an additional operator parameter. This should be updated in ERC721 code so that it complies with the ERC721 standard.

Low Severity

For manager.0xcert.org, the suggested website for getting Ropsten ether is http://ethereumfaucet.info/ is filled with ads and looks super scammy.

Instead, use the Metamask faucet https://faucet.metamask.io/ or ALabs Faucet http://faucet.ropsten.be:3001/

@lknix asked me to file an issue but it wasn't clear what repo to put this in. Please point me at the manager repo -- I have other bugs to file :)

The 0xcert team has decided to provide a valid and secure ERC-721 implementation for the Ethereum community. We recognize the need and necessity of a security audit in order to keep all further usage safe and secure. In this light, a bug bounty program is being launched and we would love if the community can help find and disclose security issues and vulnerabilities.

About implementation

ERC-721 is a standard interface for non-fungible tokens on the Ethereum blockchain, invented by Dieter Shirley and written by William Entriken. The 0xcert development team decided to build the fully compatible implementation, which is going to be open-source and available to everyone.

Scope & rules

This bug bounty program will run from 2018-05-16 at 00:01 CET to 2018-07-16 at 23:59 CET. All of the discussions and code in this bug bounty program are publicly available in this repository. Help us find any problems with the ERC-721 implementation and you will be rewarded.

• Be descriptive and detailed when describing your issue.
• Fix it and recommend a way to solve the problem.
• Include a truffle or detailed test case that we can reproduce.
• Issues that have already been published here or are already disclosed to the 0xcert team are not eligible for rewards.
• Social engineering, XKCD#538 attacks, bringing down Ropsten/Metamask/Infura are not in scope and will NOT be paid a reward.
• Only the contracts regarding the ERC-721 are in scope, our website is not in scope.
• GitHub issues is the only way to report issues and request rewards.
• The 0xcert team has a complete and final judgment on the acceptability of issue reports.

Rewards

• We will distribute up to 5 ETH among all participants that reported a unique high severity bug.
• Reports for medium and low bugs will receive our 0xcert t-shirt and an honorable mention.

Note that if the EIP standard is amended then an issue will be Low severity if it points this out to us. We will support the updated standard.

Additional bounty

We are providing another bounty for a token that builds on top of this implementation called Xcert. If you are interested in participating in that bounty you can check it out here: 0xcert/ethereum-xcert#24

Hi,
How will I call .json files from build folder Truffle...?Truffle migration successfully completed..I worked in Privatenet...Then I tried

truffle console
truffle(development)> const { abi } = require('./build/contracts/MyNFT.json');
**Undefined**

Please help me to figured out this issue? Why it's showing undefined?

@mg6maciej suggested: #109 (review)

If we do this, we should do it everywhere where this is applicable.

When burn is called on the last token, code in removeNFToken will not clear idToOwnerIndex for it.
Order of these statements should be changed, but even better to use check for last token mentioned in previous issue #104.

    idToOwnerIndex[_tokenId] = 0;
    idToOwnerIndex[lastToken] = tokenToRemoveIndex;

Because this function is called only from _burn and _transfer in which cases also Transfer is emitted, clearApproval should only set state to 0 (might be more gas efficient to do it conditionally).

According to spec (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md)

    ///  When a Transfer event emits, this also indicates that the approved
    ///  address for that NFT (if any) is reset to none.
    event Approval(address indexed _owner, address indexed _approved, uint256 indexed _tokenId);

OZ also does it incorrectly, but "slightly" better.
https://github.com/OpenZeppelin/openzeppelin-solidity/blob/07020e954475a4fdd36e0252e88717b60f790b71/contracts/token/ERC721/ERC721BasicToken.sol#L300-L303

These lines are lifted directly from OpenZeppelin.

https://github.com/0xcert/ethereum-erc721/blob/master/contracts/tokens/NFTokenEnumerable.sol#L110-L113

mapping(uint256 => uint256) internal idToIndex;

is updated in _burn, but never set in _mint.

I use to name index mappings like idToIndexInTokens (or tokenIdToIndexInTokens) and idToIndexInOwnerToIds (last part after In is the same as name of array). This makes it clear which array uses given index mapping.

As per @mg6maciej suggestion:

If possible I would go with a bit different inheritance to avoid duplicating mint and burn in 4 mock contracts. Something like NFTokenEnumerableMock is NFTokenEnumerable, NFTokenMock.

I am opening an issue about this.

@xpepermint
@lknix

README.md includes the line Licence (MIT).

Can you please add the appropriate LICENSE file to the repo.

ethereum-erc721/contracts/tokens/MyNFToken.sol:23:5: DeclarationError: Undeclared identifier.
    onlyOwner
    ^-------^

following README instructions https://github.com/0xcert/ethereum-erc721#creating-smart-contract does not compile

Just for fun, could you please:

• Take the example at https://github.com/lknix/ethereum-erc721/blob/4cc409a6ddfc1183bbe0fdd82a8dfff07222f24e/README.md
• Remove onlyOwner
• Deploy to main net and ropsten
• Publish code on etherscan.io

Then you can add to the README:

We deployed a contract you can play with RIGHT NOW. No need to install software. In this test version of the contract, anybody can mint or burn tokens, so don't use it for anything important.

Mainnet address: xxxxx
Ropsten address: xxxxx

Every GitHub project needs selling points

• Complete implementation (all functions implemented)
• XX% code coverage Truffle testing
• It is subclassable so you can add your own features while relying on our base work
• The code is verified by the community and has an active bug bounty

Hi,
Is this code only worked in Ropsten? I just want to integrate this code to my private Net.
I saw one command : npm run migrate -- --network Ropsten ( works in Ropsten) instead of this I used
npm run migrate -- --network localhost:8545. But it's not connecting. How will I resolved my issue?
My network id : 54 ( That i gave to truffle.js).

I believe name of NFToken could be misleading as users might think this is the one they would want to use. I suggest renaming it to NFTokenBasic and adding new one NFToken (or NFTokenFull) that only extends NFTokenEnumarable and NFTokenMetadata.

We should rename issuerName, issuerSymbol which are too restrictive and specific for our use case.

These two lines don't need to be executed when tokenToRemoveIndex == lastTokenIndex.

    ownerToIds[_from][tokenToRemoveIndex] = lastToken;
    ownerToIds[_from][lastTokenIndex] = 0;

Next line covers clearing it:

    ownerToIds[_from].length--;

Currently metadata is not compliant with the standard. Standard is pure, implementation is view.

Will consider to change the standard because everyone is doing this. But for now this should be noted.

The NFToken constructor should invoke the SupportsInterface constructor.

See ethereum/EIPs#1124

Add link to bug bounty

We set it in _mint function and don't use it anywhere.

contracts/tokens/ERC721EnumerableImplementation.sol:  mapping(uint256 => uint256) internal idToIndex;
contracts/tokens/ERC721EnumerableImplementation.sol:    idToIndex[_id] = tokens.length;

Tests should be testing a single unit (function). Currently we don't test all functions directly since some of them are tested through other functions. This doesn't follow the best practices because it's misleading when tests start to fail and it leaves out edge cases. Ideally, tests should:

1. Every test should test a single unit.
2. Every test should set up the required contract state directly prior to testing.
3. Every unit should be fully covered.

How about if we change current naming that:

1. ERC721.sol (interface) -> ERC721Interface.sol or ERC721Standard.sol and ERC721implementation.sol -> ERC721.sol;
2. Alternatively we move interfaces in tokens/interfaces and name both ERC721.sol (interface and implementation).

If the plan is that our implementation gets reused then we need to have simpler names. ERC721implementation is way too long and verbose. Thoughts?

ethereum/EIPs#721 (comment)

There is currently only internal _mint function, which can't be used. Either we complete it with some external function for minting or add a comment describing this is by default NOT implemented / used. We probably want to keep it since it has the code which shows how to properly mint a token using our implementation.

Hi,
When I am trying to execute
const { abi } = require('./build/contracts/MyNFToken.json');

const account0 = '0x294a4c67667565765668e3329a2b219a1f3d8c22'; // for eg: owner address
const account1 = '0x294a4c67670c0dae6ce8e3329a2b219a1f3d8c22'; // another account (you can create it)
const MyNFTokenContract = web3.eth.contract(abi);
const MyNFTokenInstance = MyNFTokenContract.at();
MyNFTokenInstance.transferFrom(account0,account1,"1234");
Error: invalid address
at SolidityFunction.execute (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/function.js:256:1)
at SolidityFunction.sendTransaction (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/function.js:170:1)
at Eth.send [as sendTransaction] (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/method.js:139:1)
at Method.toPayload (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/method.js:114:1)
at Method.formatInput (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/method.js:88:1)
at Array.map ()
at /usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/method.js:89:1
at inputTransactionFormatter (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/formatters.js:100:1)
at inputAddressFormatter (/usr/local/lib/node_modules/truffle/build/webpack://web3/lib/web3/formatters.js:274:1)
Why its showing like that? (mint,balanceof,safeTransferfrom is working but for approval,setApproveForAll etc is not working...showing same error only);
I have done in PrivateNet.
Help me to resolve this issue...

Redeploy, fix readme: https://github.com/0xcert/ethereum-erc721#playground

If you move implementation of tokenOfOwnerByIndex and related fields (ownerToIds and idToOwnerIndex) to NFToken, you can remove ownerToNFTokenCount and use ownerToIds[_owner].length in balanceOf. This saves gas on two updates of ownerToNFTokenCount every time token is transferred and one when minted or burned.

This doesn't break compatibility with ERC721 spec, as you may leave ERC721 and ERC721Enumerable as they are now.
This has drawback of slightly more expensive deploy and transfers for simpler NFToken, but is cheaper for full NFTokenEnumerable (+ NFTokenMetadata) and assuming OpenSea and others will require enumeration and developers will want to be listed there, this makes it cheaper in most cases. Also additional, non-standard funcitonality provided by tokenOfOwnerByIndex in basic NFToken might be a good thing.

In order to have a complete coverage at some point, let's keep track of missing tests. ERC165 implementation is currently missing all tests.

Via a chat on ETH-NFT/Lobby, we've determined that the Approval() even should be emitted on both sets OR reaffirmations.

ethereum/EIPs#1151

(this is not a bug report, as previous behavior was undefined)