Marketplace V3 + Latest Plugin Pattern (#308)

* first pass at extension interfaces

* forge updates

* DirectListings extension WIP

* english auction

* wip Offers.sol

* getOffers

* getOffers update

* update DirectListings

* update interfaces

* optimize

* optimize

* Format DirectListings in library storage code pattern

* DirectListings timestamps

* Offers: library storage pattern

* EnglishAuctions: library storage pattern

* marketplace implementation

* forge update

* WIP Marketplace entrypoint

* Inherit relevant extensions in entrypoint

* Add fallback logic to entrypoint

* rename extensions -> extension

* Write funcSig -> ext address Map contract

* Fix compilation errors

* run prettier

* remove unused Context

* Cleanup extensions inherited by entrypoint

* replace IContext with ERC2771ContextConsumer

* Fix typos lisiting -> listing

* use platform fee extension in DirectListings

* add totalListings to IDirectListings

* Create DirectListings test

* Add totalAuctions view fn to EnglishAuctions

* remove redundant native token from Offers

* remove PlatformFee from marketplace extensions storage

* Marketplace tests scaffolding

* DirectListings: add createListing tests

* DirectListings: add updateListing tests

* DirectListings: add cancelListing tests

* Use modifier in approveCurrencyForListing

* DirectListings: add approveBuyerForListing tests

* DirectListings: add view fns for mappings in state

* DirectListings: add approveCurrencyForListing tests

* DirectListings fix: provide expected currency and total price in buyFromListing

* DirectListings fix: startTimestamps are inclusive

* DirectListings: add buyFromListing tests

* cannot fuzz view fns quick enough

* EnglishAuctions: add createAuction tests

* EnglishAuctions: cancel auctions only when no bids

* EnglishAuctions: correct timestamps

* EnglishAuctions: add tests for cancelAuction

* EnglishAuctions: add tests for bidInAuction

* EnglishAuctions: add tests for collectAuctionPayout and collectAuctionTokens

* EnglishAuctions: tests for view functions

* Offers: tests for makeOffer

* Offers: tests for cancelOffer

* Offers: change payout to currencyTransferWithWrapper

* Offers: tests for acceptOffer

* correct timestamps

* Offers: tests for view functions

* remove regular implementations of extensions

* Update require statement

* Give startTimestamp a 1 hour buffer

* Cleanup: createListing related logic

* cleanup require statments

* update comments for updateListing

* cleanup DirectListings

* Cleanup directlistings file

* Add rest of the code comments to IMarketplace

* remove updateAuction

* Cleanup EnglishAuctions

* DirectListings: use onlyExistingListing modifier in getListing

* consistent behavior of getAll.. functions

* wip cleanup Offers

* cleanup offers

* Fix DirectListings tests

* Fix EnglighAuctions test

* Fix Offers tests

* re-organize marketplace files

* docs update

* docs update

* pkg bump

* pkg release

* Fix: (C-1) Marketplace funds can be drained due to lack of auction payout accounting

* Fix: (C-4) Auction token collection not tracked enables stealing ERC-1155 tokens

* Already fixed: (C-3) Auction creator collecting payout causes buyer to lose their purchased tokens

* Fix: (C-2) Unsafe listing update allows seller front-run to buyer purchase

* patch tests

* update forge

* (M-1) setExtension allows selector clashes enables incorrect select→extension mapping

* (L-1), (L-2) - fix timestamps

* (L-3) Buyer can overpay when using buy out option

* (L-4) Off-chain application might block itself from buying listing

* (Q-1) _validateOwnershipAndApproval is not needed for creating auctions

* (Q-2) Unused state variable

* Nitpicks: Validate bid amounts inside _validateNewAuction()

* docs

* v3.3.0-1

* v3.3.0-2

* revised fix: (L-4) Off-chain application might block itself from buying listing

* test for fix: (M-1) setExtension allows selector clashes enables incorrect select→extension mapping

* update version

* setup lister and asset roles in initialize

* update marketplace-v3 with latest plugin pattern

* docs

* fix getters

* v3.3.1-0

* change contract-type to MarketplaceRouter

* v3.3.1-1

* forge update

* fix getters

* v3.3.1-2

* add a status flag, remove deletion

* update tests, fix bugs

* v3.3.1-3

* update event params

* rename status DNE -> UNSET

* docs

* v3.3.3-0

* update events

* rename to MarketplaceV3

---------

Co-authored-by: Krishang Nadgauda <[email protected]>
Co-authored-by: Krishang Nadgauda <[email protected]>
Co-authored-by: Krishang <[email protected]>

Author: 4 people

contracts/registry/extension/IContext.sol contracts/extension/interface/plugin/IContext.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+import "./ContractMetadataStorage.sol";
+import "../../extension/interface/IContractMetadata.sol";
+
+/**
+ *  @title   Contract Metadata
+ *  @notice  Thirdweb's `ContractMetadata` is a contract extension for any base contracts. It lets you set a metadata URI
+ *           for you contract.
+ *           Additionally, `ContractMetadata` is necessary for NFT contracts that want royalties to get distributed on OpenSea.
+ */
+
+abstract contract ContractMetadataLogic is IContractMetadata {
+    /// @dev Returns the metadata URI of the contract.
+    function contractURI() public view returns (string memory) {
+        ContractMetadataStorage.Data storage data = ContractMetadataStorage.contractMetadataStorage();
+        return data.contractURI;
+    }
+
+    /**
+     *  @notice         Lets a contract admin set the URI for contract-level metadata.
+     *  @dev            Caller should be authorized to setup contractURI, e.g. contract admin.
+     *                  See {_canSetContractURI}.
+     *                  Emits {ContractURIUpdated Event}.
+     *
+     *  @param _uri     keccak256 hash of the role. e.g. keccak256("TRANSFER_ROLE")
+     */
+    function setContractURI(string memory _uri) external override {
+        if (!_canSetContractURI()) {
+            revert("Not authorized");
+        }
+
+        _setupContractURI(_uri);
+    }
+
+    /// @dev Lets a contract admin set the URI for contract-level metadata.
+    function _setupContractURI(string memory _uri) internal {
+        ContractMetadataStorage.Data storage data = ContractMetadataStorage.contractMetadataStorage();
+        string memory prevURI = data.contractURI;
+        data.contractURI = _uri;
+
+        emit ContractURIUpdated(prevURI, _uri);
+    }
+
+    /// @dev Returns whether contract metadata can be set in the given execution context.
+    function _canSetContractURI() internal view virtual returns (bool);
+}

contracts/extension/plugin/ContractMetadataLogic.sol

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+library ContractMetadataStorage {
+    bytes32 public constant CONTRACT_METADATA_STORAGE_POSITION = keccak256("contract.metadata.storage");
+
+    struct Data {
+        string contractURI;
+    }
+
+    function contractMetadataStorage() internal pure returns (Data storage contractMetadataData) {
+        bytes32 position = CONTRACT_METADATA_STORAGE_POSITION;
+        assembly {
+            contractMetadataData.slot := position
+        }
+    }
+}

contracts/extension/plugin/ContractMetadataStorage.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+import "./ERC2771ContextStorage.sol";
+
+/**
+ * @dev Context variant with ERC2771 support.
+ */
+abstract contract ERC2771ContextUpgradeableLogic {
+    function __ERC2771Context_init(address[] memory trustedForwarder) internal {
+        __ERC2771Context_init_unchained(trustedForwarder);
+    }
+
+    function __ERC2771Context_init_unchained(address[] memory trustedForwarder) internal {
+        ERC2771ContextStorage.Data storage data = ERC2771ContextStorage.erc2771ContextStorage();
+
+        for (uint256 i = 0; i < trustedForwarder.length; i++) {
+            data._trustedForwarder[trustedForwarder[i]] = true;
+        }
+    }
+
+    function isTrustedForwarder(address forwarder) public view virtual returns (bool) {
+        ERC2771ContextStorage.Data storage data = ERC2771ContextStorage.erc2771ContextStorage();
+        return data._trustedForwarder[forwarder];
+    }
+
+    function _msgSender() internal view virtual returns (address sender) {
+        if (isTrustedForwarder(msg.sender)) {
+            // The assembly code is more direct than the Solidity version using `abi.decode`.
+            assembly {
+                sender := shr(96, calldataload(sub(calldatasize(), 20)))
+            }
+        } else {
+            return msg.sender;
+        }
+    }
+
+    function _msgData() internal view virtual returns (bytes calldata) {
+        if (isTrustedForwarder(msg.sender)) {
+            return msg.data[:msg.data.length - 20];
+        } else {
+            return msg.data;
+        }
+    }
+}

contracts/registry/extension/ERC2771ContextConsumer.sol contracts/extension/plugin/ERC2771ContextConsumer.sol

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+library ERC2771ContextUpgradeableStorage {
+    bytes32 public constant ERC2771_CONTEXT_UPGRADEABLE_STORAGE_POSITION =
+        keccak256("erc2771.context.upgradeable.storage");
+
+    struct Data {
+        mapping(address => bool) _trustedForwarder;
+    }
+
+    function erc2771ContextUpgradeableStorage() internal pure returns (Data storage erc2771ContextData) {
+        bytes32 position = ERC2771_CONTEXT_UPGRADEABLE_STORAGE_POSITION;
+        assembly {
+            erc2771ContextData.slot := position
+        }
+    }
+}

contracts/registry/extension/ERC2771ContextLogic.sol contracts/extension/plugin/ERC2771ContextLogic.sol

@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+import "./PlatformFeeStorage.sol";
+import "../../extension/interface/IPlatformFee.sol";
+
+/**
+ *  @title   Platform Fee
+ *  @notice  Thirdweb's `PlatformFee` is a contract extension to be used with any base contract. It exposes functions for setting and reading
+ *           the recipient of platform fee and the platform fee basis points, and lets the inheriting contract perform conditional logic
+ *           that uses information about platform fees, if desired.
+ */
+
+abstract contract PlatformFeeLogic is IPlatformFee {
+    /// @dev Returns the platform fee recipient and bps.
+    function getPlatformFeeInfo() public view override returns (address, uint16) {
+        PlatformFeeStorage.Data storage data = PlatformFeeStorage.platformFeeStorage();
+        return (data.platformFeeRecipient, uint16(data.platformFeeBps));
+    }
+
+    /**
+     *  @notice         Updates the platform fee recipient and bps.
+     *  @dev            Caller should be authorized to set platform fee info.
+     *                  See {_canSetPlatformFeeInfo}.
+     *                  Emits {PlatformFeeInfoUpdated Event}; See {_setupPlatformFeeInfo}.
+     *
+     *  @param _platformFeeRecipient   Address to be set as new platformFeeRecipient.
+     *  @param _platformFeeBps         Updated platformFeeBps.
+     */
+    function setPlatformFeeInfo(address _platformFeeRecipient, uint256 _platformFeeBps) external override {
+        if (!_canSetPlatformFeeInfo()) {
+            revert("Not authorized");
+        }
+        _setupPlatformFeeInfo(_platformFeeRecipient, _platformFeeBps);
+    }
+
+    /// @dev Lets a contract admin update the platform fee recipient and bps
+    function _setupPlatformFeeInfo(address _platformFeeRecipient, uint256 _platformFeeBps) internal {
+        PlatformFeeStorage.Data storage data = PlatformFeeStorage.platformFeeStorage();
+        if (_platformFeeBps > 10_000) {
+            revert("Exceeds max bps");
+        }
+
+        data.platformFeeBps = uint16(_platformFeeBps);
+        data.platformFeeRecipient = _platformFeeRecipient;
+
+        emit PlatformFeeInfoUpdated(_platformFeeRecipient, _platformFeeBps);
+    }
+
+    /// @dev Returns whether platform fee info can be set in the given execution context.
+    function _canSetPlatformFeeInfo() internal view virtual returns (bool);
+}

contracts/registry/extension/ERC2771ContextStorage.sol contracts/extension/plugin/ERC2771ContextStorage.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+library PlatformFeeStorage {
+    bytes32 public constant PLATFORM_FEE_STORAGE_POSITION = keccak256("platform.fee.storage");
+
+    struct Data {
+        /// @dev The address that receives all platform fees from all sales.
+        address platformFeeRecipient;
+        /// @dev The % of primary sales collected as platform fees.
+        uint16 platformFeeBps;
+    }
+
+    function platformFeeStorage() internal pure returns (Data storage platformFeeData) {
+        bytes32 position = PLATFORM_FEE_STORAGE_POSITION;
+        assembly {
+            platformFeeData.slot := position
+        }
+    }
+}

contracts/extension/plugin/ERC2771ContextUpgradeableLogic.sol

@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts v4.4.1 (security/ReentrancyGuard.sol)
+pragma solidity ^0.8.0;
+
+import "./ReentrancyGuardStorage.sol";
+
+/**
+ * @dev Contract module that helps prevent reentrant calls to a function.
+ *
+ * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
+ * available, which can be applied to functions to make sure there are no nested
+ * (reentrant) calls to them.
+ *
+ * Note that because there is a single `nonReentrant` guard, functions marked as
+ * `nonReentrant` may not call one another. This can be worked around by making
+ * those functions `private`, and then adding `external` `nonReentrant` entry
+ * points to them.
+ *
+ * TIP: If you would like to learn more about reentrancy and alternative ways
+ * to protect against it, check out our blog post
+ * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
+ */
+abstract contract ReentrancyGuardLogic {
+    // Booleans are more expensive than uint256 or any type that takes up a full
+    // word because each write operation emits an extra SLOAD to first read the
+    // slot's contents, replace the bits taken up by the boolean, and then write
+    // back. This is the compiler's defense against contract upgrades and
+    // pointer aliasing, and it cannot be disabled.
+
+    // The values being non-zero value makes deployment a bit more expensive,
+    // but in exchange the refund on every call to nonReentrant will be lower in
+    // amount. Since refunds are capped to a percentage of the total
+    // transaction's gas, it is best to keep them low in cases like this one, to
+    // increase the likelihood of the full refund coming into effect.
+    uint256 private constant _NOT_ENTERED = 1;
+    uint256 private constant _ENTERED = 2;
+
+    function __ReentrancyGuard_init() internal {
+        __ReentrancyGuard_init_unchained();
+    }
+
+    function __ReentrancyGuard_init_unchained() internal {
+        ReentrancyGuardStorage.Data storage data = ReentrancyGuardStorage.reentrancyGuardStorage();
+        data._status = _NOT_ENTERED;
+    }
+
+    /**
+     * @dev Prevents a contract from calling itself, directly or indirectly.
+     * Calling a `nonReentrant` function from another `nonReentrant`
+     * function is not supported. It is possible to prevent this from happening
+     * by making the `nonReentrant` function external, and making it call a
+     * `private` function that does the actual work.
+     */
+    modifier nonReentrant() {
+        ReentrancyGuardStorage.Data storage data = ReentrancyGuardStorage.reentrancyGuardStorage();
+        // On the first call to nonReentrant, _notEntered will be true
+        require(data._status != _ENTERED, "ReentrancyGuard: reentrant call");
+
+        // Any calls to nonReentrant after this point will fail
+        data._status = _ENTERED;
+
+        _;
+
+        // By storing the original value once again, a refund is triggered (see
+        // https://eips.ethereum.org/EIPS/eip-2200)
+        data._status = _NOT_ENTERED;
+    }
+}

contracts/extension/plugin/ERC2771ContextUpgradeableStorage.sol

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+library ReentrancyGuardStorage {
+    bytes32 public constant REENTRANCY_GUARD_STORAGE_POSITION = keccak256("reentrancy.guard.storage");
+
+    struct Data {
+        uint256 _status;
+    }
+
+    function reentrancyGuardStorage() internal pure returns (Data storage reentrancyGuardData) {
+        bytes32 position = REENTRANCY_GUARD_STORAGE_POSITION;
+        assembly {
+            reentrancyGuardData.slot := position
+        }
+    }
+}