ERC721Permit

.forge-snapshots/PositionManager_permit.snap

@@ -1 +1 @@
-79569
+79594

.forge-snapshots/PositionManager_permit_secondPosition.snap

@@ -1 +1 @@
-62481
+62506

.forge-snapshots/PositionManager_permit_twice.snap

@@ -1 +1 @@
-45381
+45406

src/base/UnorderedNonce.sol

@@ -1,53 +1,20 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 pragma solidity ^0.8.24;
 
+import {UnorderedNonceLibrary} from "../libraries/UnorderedNonceLibrary.sol";
+
 /// @title Unordered Nonce
 /// @notice Contract state and methods for using unordered nonces in signatures
 contract UnorderedNonce {
-    error NonceAlreadyUsed();
+    using UnorderedNonceLibrary for *;
 
     mapping(address owner => mapping(uint256 word => uint256 bitmap)) public nonces;
 
     /// @notice Consume a nonce, reverting if its already been used
     /// @param owner address, the owner/signer of the nonce
     /// @param nonce uint256, the nonce to consume
     function _useUnorderedNonce(address owner, uint256 nonce) internal {
-        // consume the bit by flipping it in storage
-        // reverts if the bit was already spent
-        _flipBit(nonces[owner], nonce);
-    }
-
-    function _flipBit(mapping(uint256 => uint256) storage bitmap, uint256 nonce) private {
-        // equivalent to:
-        //   uint256 wordPos = uint248(nonce >> 8);
-        //   uint256 bitPos = uint8(nonce);
-        //   uint256 bit = 1 << bitPos;
-        //   uint256 flipped = nonces[owner][wordPos] ^= bit;
-        //   if (flipped & bit == 0) revert NonceAlreadyUsed();
-
-        assembly ("memory-safe") {
-            // wordPos = uint248(nonce >> 8)
-            let wordPos := shr(8, nonce)
-
-            // bit = 1 << uint8(nonce)
-            let bit := shl(and(nonce, 0xFF), 1)
-
-            // slot of bitmap[wordPos] is keccak256(abi.encode(wordPos, bitmap.slot))
-            mstore(0, wordPos)
-            mstore(0x20, bitmap.slot)
-            let slot := keccak256(0, 0x40)
-
-            // uint256 previousBits = bitmap[wordPos]
-            let previousBits := sload(slot)
-
-            // revert if it's already been used
-            if eq(and(previousBits, bit), bit) {
-                mstore(0, 0x1fb09b80) // 4 bytes of NonceAlreadyUsed.selector
-                revert(0x1c, 0x04)
-            }
-
-            // bitmap[wordPos] = (previousBits | bit)
-            sstore(slot, or(previousBits, bit))
-        }
+        (uint256 wordPos, uint256 bitPos) = nonce.getBitmapPositions();
+        nonces[owner].flipBit(wordPos, bitPos);
     }
 }

src/libraries/UnorderedNonceLibrary.sol

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+pragma solidity ^0.8.24;
+
+/// @title Unordered Nonce
+/// @notice Contract state and methods for using unordered nonces in signatures
+library UnorderedNonceLibrary {
+    error NonceAlreadyUsed();
+
+    /// @notice Given an unordered nonce, return the word and bit position to set in a bitmap
+    function getBitmapPositions(uint256 nonce) internal pure returns (uint256 wordPos, uint256 bitPos) {
+        assembly {
+            wordPos := shr(8, nonce)
+            bitPos := and(nonce, 0xFF)
+        }
+    }
+
+    /// @notice Flip a bit in a bitmap, reverting if the bit was already set
+    function flipBit(mapping(uint256 => uint256) storage self, uint256 wordPos, uint256 bitPos) internal {
+        // equivalent to:
+        //   uint256 bit = 1 << bitPos;
+        //   uint256 flipped = nonces[owner][wordPos] ^= bit;
+        //   if (flipped & bit == 0) revert NonceAlreadyUsed();
+
+        assembly ("memory-safe") {
+            // slot of self[wordPos] is keccak256(abi.encode(wordPos, self.slot))
+            mstore(0, wordPos)
+            mstore(0x20, self.slot)
+            let slot := keccak256(0, 0x40)
+
+            // uint256 previousBits = self[wordPos]
+            let previousBits := sload(slot)
+
+            // bit = 1 << bitPos
+            let bit := shl(bitPos, 1)
+
+            // revert if it's already been used
+            if eq(and(previousBits, bit), bit) {
+                mstore(0, 0x1fb09b80) // 4 bytes of NonceAlreadyUsed.selector
+                revert(0x1c, 0x04)
+            }
+
+            // self[wordPos] = (previousBits | bit)
+            sstore(slot, or(previousBits, bit))
+        }
+    }
+}

test/ERC721Permit.t.sol

@@ -9,6 +9,7 @@ import {MockERC721Permit} from "./mocks/MockERC721Permit.sol";
 import {IERC721Permit} from "../src/interfaces/IERC721Permit.sol";
 import {IERC721} from "forge-std/interfaces/IERC721.sol";
 import {UnorderedNonce} from "../src/base/UnorderedNonce.sol";
+import {UnorderedNonceLibrary} from "../src/libraries/UnorderedNonceLibrary.sol";
 
 contract ERC721PermitTest is Test {
     MockERC721Permit erc721Permit;
@@ -165,7 +166,7 @@ contract ERC721PermitTest is Test {
         bytes memory signature = abi.encodePacked(r, s, v);
 
         vm.startPrank(alice);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
         erc721Permit.permit(bob, tokenIdAlice, block.timestamp, nonce, signature);
         vm.stopPrank();
     }
@@ -188,7 +189,7 @@ contract ERC721PermitTest is Test {
         bytes memory signature = abi.encodePacked(r, s, v);
 
         vm.startPrank(alice);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
         erc721Permit.permit(bob, tokenIdAlice2, block.timestamp, nonce, signature);
         vm.stopPrank();
     }

test/UnorderedNonce.t.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.8.20;
 
 import "forge-std/Test.sol";
 import {UnorderedNonce} from "../src/base/UnorderedNonce.sol";
+import {UnorderedNonceLibrary} from "../src/libraries/UnorderedNonceLibrary.sol";
 import {MockUnorderedNonce} from "./mocks/MockUnorderedNonce.sol";
 
 contract UnorderedNonceTest is Test {
@@ -13,66 +14,66 @@ contract UnorderedNonceTest is Test {
     }
 
     function testLowNonces() public {
-        unorderedNonce.batchSpendNonces(address(this), 5);
-        unorderedNonce.batchSpendNonces(address(this), 0);
-        unorderedNonce.batchSpendNonces(address(this), 1);
-
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 1);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 5);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 0);
-        unorderedNonce.batchSpendNonces(address(this), 4);
+        unorderedNonce.spendNonce(address(this), 5);
+        unorderedNonce.spendNonce(address(this), 0);
+        unorderedNonce.spendNonce(address(this), 1);
+
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 1);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 5);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 0);
+        unorderedNonce.spendNonce(address(this), 4);
     }
 
     function testNonceWordBoundary() public {
-        unorderedNonce.batchSpendNonces(address(this), 255);
-        unorderedNonce.batchSpendNonces(address(this), 256);
+        unorderedNonce.spendNonce(address(this), 255);
+        unorderedNonce.spendNonce(address(this), 256);
 
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 255);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 256);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 255);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 256);
     }
 
     function testHighNonces() public {
-        unorderedNonce.batchSpendNonces(address(this), 2 ** 240);
-        unorderedNonce.batchSpendNonces(address(this), 2 ** 240 + 1);
+        unorderedNonce.spendNonce(address(this), 2 ** 240);
+        unorderedNonce.spendNonce(address(this), 2 ** 240 + 1);
 
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 2 ** 240);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 2 ** 240 + 1);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 2 ** 240);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 2 ** 240 + 1);
 
-        unorderedNonce.batchSpendNonces(address(this), 2 ** 240 + 2);
+        unorderedNonce.spendNonce(address(this), 2 ** 240 + 2);
     }
 
     function testInvalidateFullWord() public {
-        unorderedNonce.invalidateUnorderedNonces(0, 2 ** 256 - 1);
-
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 0);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 1);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 254);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 255);
-        unorderedNonce.batchSpendNonces(address(this), 256);
+        unorderedNonce.batchSpendNonces(0, 2 ** 256 - 1);
+
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 0);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 1);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 254);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 255);
+        unorderedNonce.spendNonce(address(this), 256);
     }
 
     function testInvalidateNonzeroWord() public {
-        unorderedNonce.invalidateUnorderedNonces(1, 2 ** 256 - 1);
-
-        unorderedNonce.batchSpendNonces(address(this), 0);
-        unorderedNonce.batchSpendNonces(address(this), 254);
-        unorderedNonce.batchSpendNonces(address(this), 255);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 256);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), 511);
-        unorderedNonce.batchSpendNonces(address(this), 512);
+        unorderedNonce.batchSpendNonces(1, 2 ** 256 - 1);
+
+        unorderedNonce.spendNonce(address(this), 0);
+        unorderedNonce.spendNonce(address(this), 254);
+        unorderedNonce.spendNonce(address(this), 255);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 256);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), 511);
+        unorderedNonce.spendNonce(address(this), 512);
     }
 
     function test_fuzz_InvalidateNonzeroWord(uint256 word, uint256 nonce) public {
@@ -81,30 +82,30 @@ contract UnorderedNonceTest is Test {
         // word = 0, bits [0, 256)
         // word = 1, bits [256, 512)
         // word = 2, bits [512, 768), etc
-        unorderedNonce.invalidateUnorderedNonces(word, 2 ** 256 - 1);
+        unorderedNonce.batchSpendNonces(word, 2 ** 256 - 1);
 
         // bound the nonce to be from 0 to 256 bits after the word
         nonce = bound(nonce, 0, (word + 2) * 256);
 
         if ((word * 256) <= nonce && nonce < ((word + 1) * 256)) {
-            vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
+            vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
         }
-        unorderedNonce.batchSpendNonces(address(this), nonce);
+        unorderedNonce.spendNonce(address(this), nonce);
     }
 
     function test_fuzz_UsingNonceTwiceFails(uint256 nonce) public {
-        unorderedNonce.batchSpendNonces(address(this), nonce);
-        vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-        unorderedNonce.batchSpendNonces(address(this), nonce);
+        unorderedNonce.spendNonce(address(this), nonce);
+        vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+        unorderedNonce.spendNonce(address(this), nonce);
     }
 
     function test_fuzz_UseTwoRandomNonces(uint256 first, uint256 second) public {
-        unorderedNonce.batchSpendNonces(address(this), first);
+        unorderedNonce.spendNonce(address(this), first);
         if (first == second) {
-            vm.expectRevert(UnorderedNonce.NonceAlreadyUsed.selector);
-            unorderedNonce.batchSpendNonces(address(this), second);
+            vm.expectRevert(UnorderedNonceLibrary.NonceAlreadyUsed.selector);
+            unorderedNonce.spendNonce(address(this), second);
         } else {
-            unorderedNonce.batchSpendNonces(address(this), second);
+            unorderedNonce.spendNonce(address(this), second);
         }
     }
 }

test/libraries/UnorderedNonceLibrary.t.sol

@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import "forge-std/Test.sol";
+import {UnorderedNonceLibrary} from "../../src/libraries/UnorderedNonceLibrary.sol";
+
+contract UnorderedNonceLibraryTest is Test {
+    using UnorderedNonceLibrary for *;
+
+    mapping(uint256 word => uint256 bitmap) public nonces0;
+    mapping(uint256 word => uint256 bitmap) public nonces1;
+
+    /// @dev test getBitmapPositions() is returning the correct word and bit positions
+    function test_getBitmapPositions(uint256 nonce) public pure {
+        (uint256 wordPos, uint256 bitPos) = nonce.getBitmapPositions();
+
+        assertEq(wordPos, nonce >> 8);
+        assertEq(bitPos, nonce & 0xFF);
+    }
+
+    /// @dev test flipBit() is changing the bit as expected
+    function test_flipBit(uint256 nonce) public {
+        (uint256 wordPos, uint256 bitPos) = nonce.getBitmapPositions();
+        nonces0.flipBit(wordPos, bitPos);
+
+        uint256 bit = 1 << bitPos;
+        assertEq(nonces0[wordPos], bit);
+    }
+
+    /// @dev test flipBit()'s assembly is equivalent to manually flipping the bit
+    function test_flipBit_equivalence(uint256 nonce) public {
+        (uint256 wordPos0, uint256 bitPos0) = nonce.getBitmapPositions();
+        nonces0.flipBit(wordPos0, bitPos0);
+
+        // manually flip nonce without assembly
+        (uint256 wordPos1, uint256 bitPos1) = _flipNonce(nonce);
+
+        assertEq(wordPos0, wordPos1);
+        assertEq(bitPos0, bitPos1);
+        assertEq(nonces0[wordPos0], nonces1[wordPos1]);
+    }
+
+    function _flipNonce(uint256 nonce) internal returns (uint256 wordPos, uint256 bitPos) {
+        wordPos = nonce >> 8;
+        bitPos = uint8(nonce);
+
+        uint256 bit = 1 << bitPos;
+        nonces1[wordPos] ^= bit;
+    }
+}

test/mocks/MockUnorderedNonce.sol

@@ -4,12 +4,12 @@ pragma solidity ^0.8.20;
 import {UnorderedNonce} from "../../src/base/UnorderedNonce.sol";
 
 contract MockUnorderedNonce is UnorderedNonce {
-    function batchSpendNonces(address owner, uint256 nonce) external {
+    function spendNonce(address owner, uint256 nonce) external {
         _useUnorderedNonce(owner, nonce);
     }
 
     /// @dev Bulk-spend nonces on a single word. FOR TESTING ONLY
-    function invalidateUnorderedNonces(uint256 wordPos, uint256 mask) external {
+    function batchSpendNonces(uint256 wordPos, uint256 mask) external {
         nonces[msg.sender][wordPos] |= mask;
     }
 }