pull from origin

Author: Krishang Nadgauda

contracts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@thirdweb-dev/contracts",
   "description": "Collection of smart contracts deployable via the thirdweb SDK, dashboard and CLI",
-  "version": "3.1.8-0",
+  "version": "3.1.8",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

contracts/token/TokenERC1155.sol

@@ -71,9 +71,6 @@ contract TokenERC1155 is
     /// @dev Max bps in the thirdweb system
     uint256 private constant MAX_BPS = 10_000;
 
-    /// @dev The address interpreted as native token of the chain.
-    address private constant NATIVE_TOKEN = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
-
     /// @dev Owner of the contract (purpose: OpenSea compatibility, etc.)
     address private _owner;
 
@@ -93,7 +90,7 @@ contract TokenERC1155 is
     uint128 private royaltyBps;
 
     /// @dev The % of primary sales collected by the contract as fees.
-    uint128 public platformFeeBps;
+    uint128 private platformFeeBps;
 
     /// @dev Contract level metadata.
     string public contractURI;
@@ -141,6 +138,8 @@ contract TokenERC1155 is
         platformFeeRecipient = _platformFeeRecipient;
         primarySaleRecipient = _primarySaleRecipient;
         contractURI = _contractURI;
+
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
         platformFeeBps = _platformFeeBps;
 
         _owner = _defaultAdmin;
@@ -217,7 +216,7 @@ contract TokenERC1155 is
     /// @dev Mints an NFT according to the provided mint request.
     function mintWithSignature(MintRequest calldata _req, bytes calldata _signature) external payable nonReentrant {
         address signer = verifyRequest(_req, _signature);
-        address receiver = _req.to == address(0) ? _msgSender() : _req.to;
+        address receiver = _req.to;
 
         uint256 tokenIdToMint;
         if (_req.tokenId == type(uint256).max) {
@@ -281,7 +280,7 @@ contract TokenERC1155 is
         external
         onlyRole(DEFAULT_ADMIN_ROLE)
     {
-        require(_platformFeeBps <= MAX_BPS, "bps <= 10000.");
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
 
         platformFeeBps = uint64(_platformFeeBps);
         platformFeeRecipient = _platformFeeRecipient;
@@ -378,23 +377,27 @@ contract TokenERC1155 is
             _req.validityStartTimestamp <= block.timestamp && _req.validityEndTimestamp >= block.timestamp,
             "request expired"
         );
+        require(_req.to != address(0), "recipient undefined");
+        require(_req.quantity > 0, "zero quantity");
 
         minted[_req.uid] = true;
 
         return signer;
     }
 
     /// @dev Collects and distributes the primary sale value of tokens being claimed.
-    function collectPrice(MintRequest memory _req) internal {
+    function collectPrice(MintRequest calldata _req) internal {
         if (_req.pricePerToken == 0) {
             return;
         }
 
         uint256 totalPrice = _req.pricePerToken * _req.quantity;
         uint256 platformFees = (totalPrice * platformFeeBps) / MAX_BPS;
 
-        if (_req.currency == NATIVE_TOKEN) {
+        if (_req.currency == CurrencyTransferLib.NATIVE_TOKEN) {
             require(msg.value == totalPrice, "must send total price.");
+        } else {
+            require(msg.value == 0, "msg value not zero");
         }
 
         address saleRecipient = _req.primarySaleRecipient == address(0)

contracts/token/TokenERC20.sol

@@ -10,7 +10,6 @@ import "../extension/interface/IPrimarySale.sol";
 
 // Token
 import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20BurnableUpgradeable.sol";
-import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PausableUpgradeable.sol";
 import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20VotesUpgradeable.sol";
 
 // Security
@@ -38,7 +37,6 @@ contract TokenERC20 is
     ERC2771ContextUpgradeable,
     MulticallUpgradeable,
     ERC20BurnableUpgradeable,
-    ERC20PausableUpgradeable,
     ERC20VotesUpgradeable,
     ITokenERC20,
     AccessControlEnumerableUpgradeable
@@ -54,7 +52,6 @@ contract TokenERC20 is
         );
 
     bytes32 internal constant MINTER_ROLE = keccak256("MINTER_ROLE");
-    bytes32 internal constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
     bytes32 internal constant TRANSFER_ROLE = keccak256("TRANSFER_ROLE");
 
     /// @dev Returns the URI for the storefront-level metadata of the contract.
@@ -64,7 +61,7 @@ contract TokenERC20 is
     uint128 internal constant MAX_BPS = 10_000;
 
     /// @dev The % of primary sales collected by the contract as fees.
-    uint128 internal platformFeeBps;
+    uint128 private platformFeeBps;
 
     /// @dev The adress that receives all primary sales value.
     address internal platformFeeRecipient;
@@ -88,19 +85,21 @@ contract TokenERC20 is
         address _platformFeeRecipient,
         uint256 _platformFeeBps
     ) external initializer {
+        __ReentrancyGuard_init();
         __ERC2771Context_init_unchained(_trustedForwarders);
         __ERC20Permit_init(_name);
         __ERC20_init_unchained(_name, _symbol);
 
         contractURI = _contractURI;
         primarySaleRecipient = _primarySaleRecipient;
         platformFeeRecipient = _platformFeeRecipient;
+
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
         platformFeeBps = uint128(_platformFeeBps);
 
         _setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
         _setupRole(TRANSFER_ROLE, _defaultAdmin);
         _setupRole(MINTER_ROLE, _defaultAdmin);
-        _setupRole(PAUSER_ROLE, _defaultAdmin);
         _setupRole(TRANSFER_ROLE, address(0));
     }
 
@@ -127,7 +126,7 @@ contract TokenERC20 is
         address from,
         address to,
         uint256 amount
-    ) internal override(ERC20Upgradeable, ERC20PausableUpgradeable) {
+    ) internal override {
         super._beforeTokenTransfer(from, to, amount);
 
         if (!hasRole(TRANSFER_ROLE, address(0)) && from != address(0) && to != address(0)) {
@@ -166,12 +165,9 @@ contract TokenERC20 is
     /// @dev Mints tokens according to the provided mint request.
     function mintWithSignature(MintRequest calldata _req, bytes calldata _signature) external payable nonReentrant {
         address signer = verifyRequest(_req, _signature);
-        address receiver = _req.to == address(0) ? _msgSender() : _req.to;
-        address saleRecipient = _req.primarySaleRecipient == address(0)
-            ? primarySaleRecipient
-            : _req.primarySaleRecipient;
+        address receiver = _req.to;
 
-        collectPrice(saleRecipient, _req.currency, _req.price);
+        collectPrice(_req);
 
         _mintTo(receiver, _req.quantity);
 
@@ -189,7 +185,7 @@ contract TokenERC20 is
         external
         onlyRole(DEFAULT_ADMIN_ROLE)
     {
-        require(_platformFeeBps <= MAX_BPS, "bps <= 10000.");
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
 
         platformFeeBps = uint64(_platformFeeBps);
         platformFeeRecipient = _platformFeeRecipient;
@@ -203,23 +199,25 @@ contract TokenERC20 is
     }
 
     /// @dev Collects and distributes the primary sale value of tokens being claimed.
-    function collectPrice(
-        address _primarySaleRecipient,
-        address _currency,
-        uint256 _price
-    ) internal {
-        if (_price == 0) {
+    function collectPrice(MintRequest calldata _req) internal {
+        if (_req.price == 0) {
             return;
         }
 
-        uint256 platformFees = (_price * platformFeeBps) / MAX_BPS;
+        uint256 platformFees = (_req.price * platformFeeBps) / MAX_BPS;
 
-        if (_currency == CurrencyTransferLib.NATIVE_TOKEN) {
-            require(msg.value == _price, "must send total price.");
+        if (_req.currency == CurrencyTransferLib.NATIVE_TOKEN) {
+            require(msg.value == _req.price, "must send total price.");
+        } else {
+            require(msg.value == 0, "msg value not zero");
         }
 
-        CurrencyTransferLib.transferCurrency(_currency, _msgSender(), platformFeeRecipient, platformFees);
-        CurrencyTransferLib.transferCurrency(_currency, _msgSender(), _primarySaleRecipient, _price - platformFees);
+        address saleRecipient = _req.primarySaleRecipient == address(0)
+            ? primarySaleRecipient
+            : _req.primarySaleRecipient;
+
+        CurrencyTransferLib.transferCurrency(_req.currency, _msgSender(), platformFeeRecipient, platformFees);
+        CurrencyTransferLib.transferCurrency(_req.currency, _msgSender(), saleRecipient, _req.price - platformFees);
     }
 
     /// @dev Mints `amount` of tokens to `to`
@@ -237,6 +235,8 @@ contract TokenERC20 is
             _req.validityStartTimestamp <= block.timestamp && _req.validityEndTimestamp >= block.timestamp,
             "request expired"
         );
+        require(_req.to != address(0), "recipient undefined");
+        require(_req.quantity > 0, "zero quantity");
 
         minted[_req.uid] = true;
 
@@ -264,34 +264,6 @@ contract TokenERC20 is
             );
     }
 
-    /**
-     * @dev Pauses all token transfers.
-     *
-     * See {ERC20Pausable} and {Pausable-_pause}.
-     *
-     * Requirements:
-     *
-     * - the caller must have the `PAUSER_ROLE`.
-     */
-    function pause() public virtual {
-        require(hasRole(PAUSER_ROLE, _msgSender()), "not pauser.");
-        _pause();
-    }
-
-    /**
-     * @dev Unpauses all token transfers.
-     *
-     * See {ERC20Pausable} and {Pausable-_unpause}.
-     *
-     * Requirements:
-     *
-     * - the caller must have the `PAUSER_ROLE`.
-     */
-    function unpause() public virtual {
-        require(hasRole(PAUSER_ROLE, _msgSender()), "not pauser.");
-        _unpause();
-    }
-
     /// @dev Sets contract URI for the storefront-level metadata of the contract.
     function setContractURI(string calldata _uri) external onlyRole(DEFAULT_ADMIN_ROLE) {
         contractURI = _uri;

contracts/token/TokenERC721.sol

@@ -67,9 +67,6 @@ contract TokenERC721 is
     /// @dev Max bps in the thirdweb system
     uint256 private constant MAX_BPS = 10_000;
 
-    /// @dev The address interpreted as native token of the chain.
-    address private constant NATIVE_TOKEN = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
-
     /// @dev Owner of the contract (purpose: OpenSea compatibility, etc.)
     address private _owner;
 
@@ -89,7 +86,7 @@ contract TokenERC721 is
     uint128 private royaltyBps;
 
     /// @dev The % of primary sales collected by the contract as fees.
-    uint128 public platformFeeBps;
+    uint128 private platformFeeBps;
 
     /// @dev Contract level metadata.
     string public contractURI;
@@ -130,6 +127,8 @@ contract TokenERC721 is
         platformFeeRecipient = _platformFeeRecipient;
         primarySaleRecipient = _saleRecipient;
         contractURI = _contractURI;
+
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
         platformFeeBps = _platformFeeBps;
 
         _owner = _defaultAdmin;
@@ -197,7 +196,7 @@ contract TokenERC721 is
         returns (uint256 tokenIdMinted)
     {
         address signer = verifyRequest(_req, _signature);
-        address receiver = _req.to == address(0) ? _msgSender() : _req.to;
+        address receiver = _req.to;
 
         tokenIdMinted = _mintTo(receiver, _req.uri);
 
@@ -252,7 +251,7 @@ contract TokenERC721 is
         external
         onlyRole(DEFAULT_ADMIN_ROLE)
     {
-        require(_platformFeeBps <= MAX_BPS, "bps <= 10000.");
+        require(_platformFeeBps <= MAX_BPS, "exceeds MAX_BPS");
 
         platformFeeBps = uint64(_platformFeeBps);
         platformFeeRecipient = _platformFeeRecipient;
@@ -303,9 +302,10 @@ contract TokenERC721 is
         tokenIdToMint = nextTokenIdToMint;
         nextTokenIdToMint += 1;
 
+        require(bytes(_uri).length > 0, "empty uri.");
         uri[tokenIdToMint] = _uri;
 
-        _mint(_to, tokenIdToMint);
+        _safeMint(_to, tokenIdToMint);
 
         emit TokensMinted(_to, tokenIdToMint, _uri);
     }
@@ -342,23 +342,26 @@ contract TokenERC721 is
             _req.validityStartTimestamp <= block.timestamp && _req.validityEndTimestamp >= block.timestamp,
             "request expired"
         );
+        require(_req.to != address(0), "recipient undefined");
 
         minted[_req.uid] = true;
 
         return signer;
     }
 
     /// @dev Collects and distributes the primary sale value of tokens being claimed.
-    function collectPrice(MintRequest memory _req) internal {
+    function collectPrice(MintRequest calldata _req) internal {
         if (_req.price == 0) {
             return;
         }
 
         uint256 totalPrice = _req.price;
         uint256 platformFees = (totalPrice * platformFeeBps) / MAX_BPS;
 
-        if (_req.currency == NATIVE_TOKEN) {
+        if (_req.currency == CurrencyTransferLib.NATIVE_TOKEN) {
             require(msg.value == totalPrice, "must send total price.");
+        } else {
+            require(msg.value == 0, "msg value not zero");
         }
 
         address saleRecipient = _req.primarySaleRecipient == address(0)

contracts/token/signatureMint.md

@@ -66,7 +66,7 @@ struct MintRequest {
 | tokenId | The tokenId of the token to mint. (Only applicable for ERC1155 tokens)|
 | uri | The metadata URI of the token to mint. (Not applicable for ERC20 tokens)|
 | quantity | The quantity of tokens to mint.|
-| pricePerToken | The price to pay per quantity of tokens minted.|
+| pricePerToken | The price to pay per quantity of tokens minted. (For TokenERC20, this parameter is `price`, indicating the total price of all tokens)|
 | currency | The currency in which to pay the price per token minted.|
 | validityStartTimestamp | The unix timestamp after which the payload is valid.|
 | validityEndTimestamp | The unix timestamp at which the payload expires.|