-
Notifications
You must be signed in to change notification settings - Fork 546
/
Copy pathDelayedReveal.sol
111 lines (95 loc) · 4.39 KB
/
DelayedReveal.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.0;
/// @author thirdweb
import "./interface/IDelayedReveal.sol";
/**
* @title Delayed Reveal
* @notice Thirdweb's `DelayedReveal` is a contract extension for base NFT contracts. It lets you create batches of
* 'delayed-reveal' NFTs. You can learn more about the usage of delayed reveal NFTs here - https://blog.thirdweb.com/delayed-reveal-nfts
*/
abstract contract DelayedReveal is IDelayedReveal {
/// @dev The contract doesn't have any url to be delayed revealed
error DelayedRevealNothingToReveal();
/// @dev The result of the returned an incorrect hash
error DelayedRevealIncorrectResultHash(bytes32 expected, bytes32 actual);
/// @dev Mapping from tokenId of a batch of tokens => to delayed reveal data.
mapping(uint256 => bytes) public encryptedData;
/// @dev Sets the delayed reveal data for a batchId.
function _setEncryptedData(uint256 _batchId, bytes memory _encryptedData) internal {
encryptedData[_batchId] = _encryptedData;
}
/**
* @notice Returns revealed URI for a batch of NFTs.
* @dev Reveal encrypted base URI for `_batchId` with caller/admin's `_key` used for encryption.
* Reverts if there's no encrypted URI for `_batchId`.
* See {encryptDecrypt}.
*
* @param _batchId ID of the batch for which URI is being revealed.
* @param _key Secure key used by caller/admin for encryption of baseURI.
*
* @return revealedURI Decrypted base URI.
*/
function getRevealURI(uint256 _batchId, bytes calldata _key) public view returns (string memory revealedURI) {
bytes memory data = encryptedData[_batchId];
if (data.length == 0) {
revert DelayedRevealNothingToReveal();
}
(bytes memory encryptedURI, bytes32 provenanceHash) = abi.decode(data, (bytes, bytes32));
revealedURI = string(encryptDecrypt(encryptedURI, _key));
if (keccak256(abi.encodePacked(revealedURI, _key, block.chainid)) != provenanceHash) {
revert DelayedRevealIncorrectResultHash(
provenanceHash,
keccak256(abi.encodePacked(revealedURI, _key, block.chainid))
);
}
}
/**
* @notice Encrypt/decrypt data on chain.
* @dev Encrypt/decrypt given `data` with `key`. Uses inline assembly.
* See: https://ethereum.stackexchange.com/questions/69825/decrypt-message-on-chain
*
* @param data Bytes of data to encrypt/decrypt.
* @param key Secure key used by caller for encryption/decryption.
*
* @return result Output after encryption/decryption of given data.
*/
function encryptDecrypt(bytes memory data, bytes calldata key) public pure override returns (bytes memory result) {
// Store data length on stack for later use
uint256 length = data.length;
// solhint-disable-next-line no-inline-assembly
assembly {
// Set result to free memory pointer
result := mload(0x40)
// Increase free memory pointer by length + 32
mstore(0x40, add(add(result, length), 32))
// Set result length
mstore(result, length)
}
// Iterate over the data stepping by 32 bytes
for (uint256 i = 0; i < length; i += 32) {
// Generate hash of the key and offset
bytes32 hash = keccak256(abi.encodePacked(key, i));
bytes32 chunk;
// solhint-disable-next-line no-inline-assembly
assembly {
// Read 32-bytes data chunk
chunk := mload(add(data, add(i, 32)))
}
// XOR the chunk with hash
chunk ^= hash;
// solhint-disable-next-line no-inline-assembly
assembly {
// Write 32-byte encrypted chunk
mstore(add(result, add(i, 32)), chunk)
}
}
}
/**
* @notice Returns whether the relvant batch of NFTs is subject to a delayed reveal.
* @dev Returns `true` if `_batchId`'s base URI is encrypted.
* @param _batchId ID of a batch of NFTs.
*/
function isEncryptedBatch(uint256 _batchId) public view returns (bool) {
return encryptedData[_batchId].length > 0;
}
}