Cutover from Truffle to Hardhat, fixes #27 fixes #30

Author: fulldecent

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Confirm Solidity merged
+        run: sh test/confirm-sol-merged.sh
+
+      - name: Run tests
+        run: npm test

.gitignore

@@ -1,2 +1,5 @@
 build/
 node_modules/
+artifacts/
+cache/
+types/

.nvmrc

@@ -0,0 +1 @@
+lts/*

.travis.yml

@@ -15,9 +15,9 @@ First, let's give credit to the security researchers that found issues!
 
 ## Sponsors
 
-**Sponsor this bug bounty if you support ERC-721**. This means you will commit to pay researchers that demonstrate a problem. Contact us at Su@TenThousandSu.com if interested. Thank you.
+**Sponsor this bug bounty if you support ERC-721**. This means you will commit to pay researchers that demonstrate a problem. Contact us at <Su@TenThousandSu.com> if interested. Thank you.
 
-**Now featured on GitCoin, you can check them out here https://twitter.com/GetGitcoin**
+**Now featured on GitCoin, you can check them out here <https://twitter.com/GetGitcoin>**
 
 ---
 
@@ -30,19 +30,19 @@ This bounty is open for an unlimited time. Previous limited-time bounty programs
 
 Help us find any problems with this contract and with ERC-721 in general. This bounty program's function scope includes:
 
-- Overflow or break parts of the program
-- Steal ownership of a square
-- Take over an admin account
-- Give a square to somebody else and double spend it or revert it back to your control
-- Any undocumented and unintuitive behavior
+* Overflow or break parts of the program
+* Steal ownership of a square
+* Take over an admin account
+* Give a square to somebody else and double spend it or revert it back to your control
+* Any undocumented and unintuitive behavior
 
 ## Rules and rewards
 
-- Issues that have already been published here or are already disclosed to the Su Squares team are not eligible for rewards
-- Social engineering, XKCD#538 attacks, bringing down Mainnet/Infura are not in scope and will NOT be paid a reward
-- Only the official mainnet contract is in scope, our website is not in scope
-- GitHub issues is the only way to report issues and request rewards
-- The Su Squares team has complete and final judgement on acceptability of issue reports
+* Issues that have already been published here or are already disclosed to the Su Squares team are not eligible for rewards
+* Social engineering, XKCD#538 attacks, bringing down Mainnet/Infura are not in scope and will NOT be paid a reward
+* Only the official mainnet contract is in scope, our website is not in scope
+* GitHub issues is the only way to report issues and request rewards
+* The Su Squares team has complete and final judgement on acceptability of issue reports
 
 Following is a risk threat model that judges the impact of an issue based on its likelihood and impact.
 
@@ -54,36 +54,36 @@ Following is a risk threat model that judges the impact of an issue based on its
 
 Rewards:
 
-- **High severity / highest severity** — you will received two Su Squares on the deployed website (worth $1000 USD)
-- **Low / medium / high / highest** — all of these reports will receive an honorable mention, which is also visible from [the Su Squares website](https://tenthousandsu.com)
-- Additional rewards may be announced by sponsors? See [sponsors section](#sponsors) above.
+* **High severity / highest severity** — you will received two Su Squares on the deployed website (worth $1000 USD)
+* **Low / medium / high / highest** — all of these reports will receive an honorable mention, which is also visible from [the Su Squares website](https://tenthousandsu.com)
+* Additional rewards may be announced by sponsors? See [sponsors section](#sponsors) above.
 
 Examples of impact:
 
-- High: Steal a square from someone else, impersonate an admin
-- Medium: Cause personalization to fail so that the wrong data goes on the blockchain
-- Low: Cause a transaction counterparty that carefully reads the contract documentation to make a mistake on some edge case type of transaction
+* High: Steal a square from someone else, impersonate an admin
+* Medium: Cause personalization to fail so that the wrong data goes on the blockchain
+* Low: Cause a transaction counterparty that carefully reads the contract documentation to make a mistake on some edge case type of transaction
 
 How to win:
 
-- Be descriptive and detailed when describing your issue
-- Fix it — recommend a way to solve the problem
-- Include a Truffle or detailed test case that we can reproduce
+* Be descriptive and detailed when describing your issue
+* Fix it — recommend a way to solve the problem
+* Include a Hardhat or detailed test case that we can reproduce
 
 Rules for bounty sponsor:
 
-- We will respond quickly to your questions (within 2 business days)
-- We will adjudicate all prizes quickly (within 5 business days)
-- Bounty sponsors are not eligible
+* We will respond quickly to your questions (within 2 business days)
+* We will adjudicate all prizes quickly (within 5 business days)
+* Bounty sponsors are not eligible
 
 ## More questions
 
-- Will things change during the bounty program?
-  - Yes, we are seeking sponsors and will add additional prizes here if that happens.
-  - Yes, we will update the code and redeploy the contract. So, click STAR and WATCH above on this repo for updates.
-- Taxes?
-  - If sponsors give us so much money that you will need to fill out a tax form, then we will ask you to fill out a tax form. This whole program is subject to the laws of Pennsylvania.
-- I read to the bottom of the file.
-  - That's not even a question. Good, you're the type of person we're seeking. Here's a hint, you can see the [CryptoKitties bounty program](https://github.com/axiomzen/cryptokitties-bounty) and everything that happened there. We stole lots of ideas from them, thank you. And see also [the Su Squares Gitter](https://gitter.im/Su-Squares/Lobby#).
+* Will things change during the bounty program?
+  * Yes, we are seeking sponsors and will add additional prizes here if that happens.
+  * Yes, we will update the code and redeploy the contract. So, click STAR and WATCH above on this repo for updates.
+* Taxes?
+  * If sponsors give us so much money that you will need to fill out a tax form, then we will ask you to fill out a tax form. This whole program is subject to the laws of Pennsylvania.
+* I read to the bottom of the file.
+  * That's not even a question. Good, you're the type of person we're seeking. Here's a hint, you can see the [CryptoKitties bounty program](https://github.com/axiomzen/cryptokitties-bounty) and everything that happened there. We stole lots of ideas from them, thank you. And see also [the Su Squares Gitter](https://gitter.im/Su-Squares/Lobby#).
 
-Copyright 2018 William & Su Entriken. All rights reserved.
+Copyright 2018 William & Su Entriken. All rights reserved.

BUG-BOUNTY.md

@@ -2,7 +2,7 @@
 
 *This is the full process for deploying a new version of the Su Squares smart contract. It costs money, it is painful. Measure twice, cut once!*
 
-1. :warning: Warn the public at https://tenthousandsu.com
+1. :warning: Warn the public at <https://tenthousandsu.com>
 2. Edit code in the contracts folder
 
    1. Recompile `ALLINONE.sol` file, make sure it matches (automated build test)
@@ -13,9 +13,9 @@
    1. Delete all storage, add ALLINONE.sol, select `SuMain`, enable optimization, compile
 
    1. Save code to Gist (workaround for Etherscan bug)
-   2. Save the bytecode to `bytecode.json`, this is a release artifact
-   3. Save the ABI to `abi.json`, this is a release artifact
-   4. Record the compiler version number
+   1. Save the bytecode to `bytecode.json`, this is a release artifact
+   1. Save the ABI to `abi.json`, this is a release artifact
+   1. Record the compiler version number
 4. Use Remix IDE with CEO account to deploy contract
    1. Record the deployed address
    2. `setFinancialOfficer` `"0x7Ca2Cf38e9dbB925e584398E5D63F1A8F0B731f9"`
@@ -39,8 +39,8 @@
    2. Update address in the white paper (NOTE OLD ADDRESS)
    3. Remove any (WE ARE UPGRADING) note on index.html
 9. Tell the world
-   1. Make a release on smart contract GitHub project / add release artifacts / update the project URL to new etherscan contract https://github.com/su-squares/ethereum-contract
-   2. Update address at https://github.com/MyEtherWallet/ethereum-lists/blob/master/contracts/contract-abi-eth.json
+   1. Make a release on smart contract GitHub project / add release artifacts / update the project URL to new etherscan contract <https://github.com/su-squares/ethereum-contract>
+   2. Update address at <https://github.com/MyEtherWallet/ethereum-lists/blob/master/contracts/contract-abi-eth.json>
    3. Relist opensea
    4. Relist coingecko
    5. Email anybody that bought squares, if I know them somehow

DEPLOY.md

@@ -31,7 +31,7 @@ Read the full [deployment process documentation](DEPLOY.md).
 
 You are somebody that reads documentation on smart contracts and understands how Su Squares works. So you have unique skills and your time is valuable. We will pay you for your contributions to Su Squares in the form of bug reports.
 
-If your project depends on ERC-721 or you want to help improve the assuarance of this project then you can pledge a bounty. This means you will commit to pay researchers that demonstrate a problem. Contact us at Su@TenThousandSu.com if interested. Thank you.
+If your project depends on ERC-721 or you want to help improve the assuarance of this project then you can pledge a bounty. This means you will commit to pay researchers that demonstrate a problem. Contact us at <Su@TenThousandSu.com> if interested. Thank you.
 
 Read the full [bug bounty program](BUG-BOUNTY.md).
 

README.md

@@ -0,0 +1,12 @@
+pragma solidity ^0.4.24;
+import "../AccessControl.sol";
+
+contract AccessControlTestMock is AccessControl {
+    constructor() public {}
+
+    function anExecutiveTask() external view onlyExecutiveOfficer {}
+
+    function anOperatingTask() external view onlyOperatingOfficer {}
+
+    function aFinancialTask() external view onlyFinancialOfficer {}
+}

contracts/Migrations.sol

@@ -0,0 +1,10 @@
+pragma solidity ^0.4.24;
+import "../SuNFT.sol";
+
+contract SuNFTStealableTestMock is SuNFT {
+    constructor() public {}
+
+    function stealSquare(uint256 nftId) external {
+        _transfer(nftId, msg.sender);
+    }
+}