Skip to content

refactor: R\refactor authorization check in ERC1155 to reduce code duplication #6133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refactor: R\refactor authorization check in ERC1155 to reduce code duplication #6133

wants to merge 1 commit into from
+7 −7

Conversation

@letmehateu
Copy link
Contributor

@letmehateu letmehateu commented Nov 21, 2025

This PR refactors the authorization check logic in ERC1155.sol to eliminate code duplication between safeTransferFrom and safeBatchTransferFrom functions.

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@letmehateu letmehateu requested a review from a team as a code owner November 21, 2025 09:40
@changeset-bot
Copy link

changeset-bot bot commented Nov 21, 2025

⚠️ No Changeset found

Latest commit: 4f37c04

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 21, 2025

Walkthrough

The changes refactor the ERC1155 contract to introduce an internal _checkAuthorized(from) helper function that centralizes approval checks. The safeTransferFrom and safeBatchTransferFrom methods now delegate authorization verification to this new helper instead of performing the checks inline. The refactoring maintains the same public and external API signatures without modifying contract behavior.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: refactoring authorization checks in ERC1155 to reduce code duplication, which aligns with the raw summary showing a new _checkAuthorized helper function.
Description check ✅ Passed The description directly relates to the changeset, explaining the refactoring of authorization check logic in ERC1155.sol to eliminate duplication between safeTransferFrom and safeBatchTransferFrom functions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

  • Provide your own instructions using the high_level_summary_instructions setting.
  • Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
  • Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

  1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
  2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
  3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
  4. 📊 Contributor Summary — Include a Markdown table showing contributions:
    | Contributor | Lines Added | Lines Removed | Files Changed |
  5. ✔️ Additional Notes — Add any extra reviewer context.
    Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0de8004 and 4f37c04.

📒 Files selected for processing (1)
  • contracts/token/ERC1155/ERC1155.sol (2 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings 
Learnt from: Amxx
Repo: OpenZeppelin/openzeppelin-contracts PR: 5914
File: contracts/crosschain/bridges/BridgeERC20.sol:57-58
Timestamp: 2025-10-03T13:14:57.679Z
Learning: In cross-chain bridge contracts like BridgeERC20, when processing incoming messages in _processMessage, avoid validation checks that revert on malformed addresses. Reverting would create cross-chain inconsistency where tokens are locked/burned on the source chain but never minted on the destination. Instead, use best-effort address extraction (e.g., address(bytes20(toBinary))) to maintain atomicity across chains. If tokens are minted to an incorrect address due to user error, recovery may be possible through admin controls rather than leaving funds permanently locked.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
  • GitHub Check: Redirect rules - solidity-contracts
  • GitHub Check: Header rules - solidity-contracts
  • GitHub Check: Pages changed - solidity-contracts
  • GitHub Check: slither
  • GitHub Check: tests-foundry
  • GitHub Check: tests
  • GitHub Check: halmos
  • GitHub Check: coverage
  • GitHub Check: tests-upgradeable
🔇 Additional comments (2)
contracts/token/ERC1155/ERC1155.sol (2)

105-109: LGTM - Clean refactoring.

The delegation to _checkAuthorized(from) successfully eliminates code duplication while maintaining the same authorization semantics.

112-121: LGTM - Consistent refactoring.

The change mirrors the refactoring in safeTransferFrom, successfully consolidating the authorization check through the shared helper function.

contracts/token/ERC1155/ERC1155.sol
Comment on lines +98 to +103
function _checkAuthorized(address from) internal view {
address sender = _msgSender();
if (from != sender && !isApprovedForAll(from, sender)) {
revert ERC1155MissingApprovalForAll(sender, from);
}
}
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Consider making the function virtual and add NatSpec documentation.

The refactoring successfully consolidates the authorization logic. However, consider two improvements:

  1. Add the virtual modifier: OpenZeppelin contracts are designed for inheritance, and marking internal helper functions as virtual allows derived contracts to customize authorization behavior if needed.

  2. Add NatSpec documentation: OpenZeppelin maintains comprehensive documentation standards. Consider adding a docstring like:

/**
 * @dev Checks whether `_msgSender()` is authorized to transfer tokens from `from`.
 * 
 * Requirements:
 * 
 * - `_msgSender()` must be either `from` or approved for all transfers from `from`.
 */

Apply this diff to add the virtual modifier:

-    function _checkAuthorized(address from) internal view {
+    function _checkAuthorized(address from) internal view virtual {
         address sender = _msgSender();
         if (from != sender && !isApprovedForAll(from, sender)) {
             revert ERC1155MissingApprovalForAll(sender, from);
         }
     }
🤖 Prompt for AI Agents 
In contracts/token/ERC1155/ERC1155.sol around lines 98 to 103, the internal
helper _checkAuthorized lacks NatSpec and is not overridable; add a NatSpec
docblock describing that it checks whether _msgSender() is authorized to
transfer tokens from `from` and the requirement that sender must be `from` or
approved for all, then add the `virtual` modifier to the function signature so
derived contracts can override the authorization behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@letmehateu