fix: misinterpretation of requirement, now each poaps give access to tickets

Author: stabastian

contracts/POAPVerifier.sol

@@ -4,65 +4,68 @@ pragma solidity 0.8.28;
 import "@openzeppelin/contracts/access/Ownable.sol";
 
 interface IPOAP {
-    function balanceOf(address account, uint256 id) external view returns (uint256);
+    function balanceOf(
+        address account,
+        uint256 id
+    ) external view returns (uint256);
 }
 
 contract POAPVerifier is Ownable {
     address public poapContract;
     uint256[] public requiredPoapIds;
 
-    mapping(address => bool) public verifiedUsers;
+    mapping(address => uint256) public userTickets; // Maps users to their ticket count
     address[] public verifiedUserList;
 
-    event UserVerified(address indexed user);
+    event UserVerified(address indexed user, uint256 ticketCount);
     event PoapIdsUpdated(uint256[] newPoapIds);
 
-    constructor(uint256[] memory _initialPoapIds, address _poapContract) Ownable(msg.sender) {
+    constructor(
+        uint256[] memory _requiredPoapIds,
+        address _poapContract
+    ) Ownable(msg.sender) {
         poapContract = _poapContract;
-        requiredPoapIds = _initialPoapIds;
+        requiredPoapIds = _requiredPoapIds;
     }
 
     /**
-     * @dev Updates the list of required POAP IDs. Can only be called by the owner.
-     * @param _newPoapIds The new array of required POAP IDs.
-     */
-    function updatePoapIds(uint256[] memory _newPoapIds) public onlyOwner {
-        requiredPoapIds = _newPoapIds;
-        emit PoapIdsUpdated(_newPoapIds);
-    }
-
-    /**
-     * @dev Checks if a user holds all required POAPs and registers them if eligible.
+     * @dev Checks how many POAPs a user has and updates their ticket count.
      * @param _user The address of the user to verify.
      */
     function checkAndRegister(address _user) public {
-        require(!verifiedUsers[_user], "User already verified");
-        require(checkEligibility(_user), "User does not have all required POAPs");
+        require(
+            userTickets[_user] < requiredPoapIds.length,
+            "Already have all tickets"
+        );
+        uint256 ticketCount = calculateTickets(_user);
+        require(ticketCount > 0, "Has no eligible POAPs");
 
-        verifiedUsers[_user] = true;
+        userTickets[_user] = ticketCount;
         verifiedUserList.push(_user);
-        emit UserVerified(_user);
+        emit UserVerified(_user, ticketCount);
     }
 
     /**
-     * @dev Checks if a user meets the POAP requirements without registering them.
+     * @dev Calculates the number of raffle tickets a user has based on POAP ownership.
      * @param _user The address of the user to check.
-     * @return true if the user has all required POAPs, false otherwise.
+     * @return The number of raffle tickets the user has.
      */
-    function checkEligibility(address _user) public view returns (bool) {
+    function calculateTickets(address _user) public view returns (uint256) {
         IPOAP poap = IPOAP(poapContract);
+        uint256 ticketCount = 0;
         for (uint256 i = 0; i < requiredPoapIds.length; i++) {
-            if (poap.balanceOf(_user, requiredPoapIds[i]) == 0) {
-                return false;
+            if (poap.balanceOf(_user, requiredPoapIds[i]) > 0) {
+                ticketCount++;
             }
         }
-        return true;
+        return ticketCount;
     }
 
     /**
      * @dev Returns the list of verified users.
+     * @return verifiedUserList public variable.
      */
     function getVerifiedUsers() public view returns (address[] memory) {
         return verifiedUserList;
     }
-}
+}

test/POAPVerifierTest.t.sol

@@ -2,132 +2,100 @@
 pragma solidity 0.8.28;
 
 import "forge-std/Test.sol";
-import "../contracts/MockPOAP.sol";
 import "../contracts/POAPVerifier.sol";
+import "../contracts/MockPOAP.sol";
 
 contract POAPVerifierTest is Test {
-    MockPOAP mockPoap;
     POAPVerifier poapVerifier;
-    address owner = address(this);
-    address addr1 = address(0x1);
-    address addr2 = address(0x2);
-    address addr3 = address(0x3);
-    address addr4 = address(0x4);
+    MockPOAP mockPOAP;
+    address owner;
+    address user1;
+    address user2;
 
     function setUp() public {
-        // Deploy a mock POAP contract
-        mockPoap = new MockPOAP();
-
-        // Declare a dynamic uint256 array in memory
-        uint256[] memory poapIds = new uint256[](4);
-        poapIds[0] = 1;
-        poapIds[1] = 2;
-        poapIds[2] = 3;
-        poapIds[3] = 4;
-
-        // Deploy the POAPVerifier contract with the correctly formatted array
-        poapVerifier = new POAPVerifier(poapIds, address(mockPoap));
+        // Deploy the MockPOAP contract
+        mockPOAP = new MockPOAP();
+        owner = address(this); // The test contract is the owner of MockPOAP
+
+        // Initialize the POAPVerifier contract with required POAP IDs and the MockPOAP address
+        uint256[] memory requiredPoapIds = new uint256[](3);
+        requiredPoapIds[0] = 1;
+        requiredPoapIds[1] = 2;
+        requiredPoapIds[2] = 3;
+
+        poapVerifier = new POAPVerifier(requiredPoapIds, address(mockPOAP));
+
+        // Create some test users
+        user1 = address(0x1);
+        user2 = address(0x2);
     }
 
-    function testMintPoaps() public {
-        // Mint POAPs to different addresses and verify balances
+    function testUserVerification() public {
+        // Mint POAPs for user1
+        mockPOAP.mint(user1, 1); // user1 gets POAP ID 1
+        mockPOAP.mint(user1, 2); // user1 gets POAP ID 2
 
-        // Address 1 receives 1 type of POAP
-        mockPoap.mint(addr1, 1);
-        assertEq(mockPoap.balanceOf(addr1, 1), 1);
+        // Verify user1
+        poapVerifier.checkAndRegister(user1);
 
-        // Address 2 receives 2 types of POAPs
-        mockPoap.mint(addr2, 1);
-        mockPoap.mint(addr2, 2);
-        assertEq(mockPoap.balanceOf(addr2, 1), 1);
-        assertEq(mockPoap.balanceOf(addr2, 2), 1);
+        // Check that user1 has 2 tickets
+        uint256 ticketCount = poapVerifier.calculateTickets(user1);
+        assertEq(ticketCount, 2);
 
-        // Address 3 receives 2 types of POAPs, 2 of each
-        uint256[] memory ids = new uint256[](2);
-        ids[0] = 2;
-        ids[1] = 3;
-        uint256[] memory amounts = new uint256[](2);
-        amounts[0] = 2;
-        amounts[1] = 2;
-        mockPoap.mintBatch(addr3, ids, amounts, "");
-
-        assertEq(mockPoap.balanceOf(addr3, 2), 2);
-        assertEq(mockPoap.balanceOf(addr3, 3), 2);
-
-        // Address 4 receives 4 different POAPs
-        uint256[] memory allIds = new uint256[](4);
-        allIds[0] = 1;
-        allIds[1] = 2;
-        allIds[2] = 3;
-        allIds[3] = 4;
-        uint256[] memory allAmounts = new uint256[](4);
-        allAmounts[0] = 1;
-        allAmounts[1] = 1;
-        allAmounts[2] = 1;
-        allAmounts[3] = 1;
-        mockPoap.mintBatch(addr4, allIds, allAmounts, "");
-
-        assertEq(mockPoap.balanceOf(addr4, 1), 1);
-        assertEq(mockPoap.balanceOf(addr4, 2), 1);
-        assertEq(mockPoap.balanceOf(addr4, 3), 1);
-        assertEq(mockPoap.balanceOf(addr4, 4), 1);
+        // Check that user1 is in the verified user list
+        address[] memory verifiedUsers = poapVerifier.getVerifiedUsers();
+        assertEq(verifiedUsers.length, 1);
+        assertEq(verifiedUsers[0], user1);
     }
 
-    function testVerifyUsers() public {
-        // Mint all required POAPs to addr4 to make them eligible
-        uint256[] memory ids = new uint256[](4);
-        ids[0] = 1;
-        ids[1] = 2;
-        ids[2] = 3;
-        ids[3] = 4;
-        uint256[] memory amounts = new uint256[](4);
-        amounts[0] = 1;
-        amounts[1] = 1;
-        amounts[2] = 1;
-        amounts[3] = 1;
-        mockPoap.mintBatch(addr4, ids, amounts, "");
+    function testUserCannotGetMoreTicketsThanAvailable() public {
+        // Mint all required POAPs for user2
+        mockPOAP.mint(user2, 1); // user2 gets POAP ID 1
+        mockPOAP.mint(user2, 2); // user2 gets POAP ID 2
+        mockPOAP.mint(user2, 3); // user2 gets POAP ID 3
 
-        // The user should pass the verification
-        poapVerifier.checkAndRegister(addr4);
-        assertTrue(poapVerifier.verifiedUsers(addr4));
+        // Verify user2
+        poapVerifier.checkAndRegister(user2);
 
-        // Address 1 does not have all required POAPs, should revert
-        vm.expectRevert("User does not have all required POAPs");
-        poapVerifier.checkAndRegister(addr1);
+        // Check that user2 has 3 tickets
+        uint256 ticketCount = poapVerifier.calculateTickets(user2);
+        assertEq(ticketCount, 3);
+
+        // Try to verify user2 again, should fail
+        vm.expectRevert("Already have all tickets");
+        poapVerifier.checkAndRegister(user2);
+    }
+
+    function testUserWithNoEligiblePOAPs() public {
+        // Do not mint any POAPs for user1
+
+        // Try to verify user1, should fail
+        vm.expectRevert("Has no eligible POAPs");
+        poapVerifier.checkAndRegister(user1);
     }
 
-    function testCannotRegisterTwice() public {
-        // Mint all required POAPs to addr4
-        uint256[] memory ids = new uint256[](4);
-        ids[0] = 1;
-        ids[1] = 2;
-        ids[2] = 3;
-        ids[3] = 4;
-        uint256[] memory amounts = new uint256[](4);
+    function testBatchMintingAndVerification() public {
+        // Mint multiple POAPs in a batch for user1
+        uint256[] memory tokenIds = new uint256[](2);
+        tokenIds[0] = 1;
+        tokenIds[1] = 2;
+
+        uint256[] memory amounts = new uint256[](2);
         amounts[0] = 1;
         amounts[1] = 1;
-        amounts[2] = 1;
-        amounts[3] = 1;
-        mockPoap.mintBatch(addr4, ids, amounts, "");
 
-        // First registration should succeed
-        poapVerifier.checkAndRegister(addr4);
+        mockPOAP.mintBatch(user1, tokenIds, amounts, "");
 
-        // Second registration should revert
-        vm.expectRevert("User already verified");
-        poapVerifier.checkAndRegister(addr4);
-    }
+        // Verify user1
+        poapVerifier.checkAndRegister(user1);
+
+        // Check that user1 has 2 tickets
+        uint256 ticketCount = poapVerifier.calculateTickets(user1);
+        assertEq(ticketCount, 2);
 
-    function testOnlyOwnerCanUpdatePoaps() public {
-        // Only the owner should be able to update the required POAP IDs
-        uint256[] memory newPoaps = new uint256[](2);
-        newPoaps[0] = 1;
-        newPoaps[1] = 3;
-        poapVerifier.updatePoapIds(newPoaps);
-
-        // A non-owner should not be able to update POAP IDs
-        vm.prank(addr1);
-        vm.expectRevert();
-        poapVerifier.updatePoapIds(newPoaps);
+        // Check that user1 is in the verified user list
+        address[] memory verifiedUsers = poapVerifier.getVerifiedUsers();
+        assertEq(verifiedUsers.length, 1);
+        assertEq(verifiedUsers[0], user1);
     }
-}
+}