NFT & Fungible token contracts

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @fadeev @skosito

.github/workflows/slither.yaml

@@ -0,0 +1,62 @@
+name: Slither
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - "*"
+    types:
+      - synchronize
+      - opened
+      - reopened
+      - ready_for_review
+
+jobs:
+  slither:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - project: "contracts/nft"
+            file: "nft.sarif"
+          - project: "contracts/token"
+            file: "token.sarif"
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: "18"
+
+      - name: Install Dependencies
+        run: yarn install
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Build projects
+        continue-on-error: true
+        run: yarn build
+
+      - name: Run Slither on ${{ matrix.project}}
+        uses: crytic/slither-action@main
+        continue-on-error: true
+        with:
+          ignore-compile: true
+          sarif: ${{ matrix.file}}
+          node-version: "18"
+          target: ${{ matrix.project}}
+          fail-on: none
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ matrix.file}}

.github/workflows/test.yaml

@@ -0,0 +1,43 @@
+name: Run Tests
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Test Matrix
+        id: set-matrix
+        run: |
+          test_dirs=$(find contracts/*/scripts -type f -name 'localnet.sh' -exec dirname {} \; | xargs dirname)
+          matrix_json=$(echo "$test_dirs" | jq -R '{"example-dir": .}' | jq -s . | jq -c .)
+          echo "matrix=$matrix_json" >> $GITHUB_OUTPUT
+
+  test:
+    needs: setup-matrix
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include: ${{ fromJSON(needs.setup-matrix.outputs.matrix) }}
+      fail-fast: false
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Run Test Script
+        run: |
+          cd "${{ matrix.example-dir }}"
+          yarn
+          chmod +x ./scripts/localnet.sh
+          ./scripts/localnet.sh start

contracts/nft/.eslintignore

@@ -0,0 +1,6 @@
+.yarn
+artifacts
+cache
+coverage
+node_modules
+typechain-types

contracts/nft/.eslintrc.js

@@ -0,0 +1,47 @@
+const path = require("path");
+
+/**
+ * @type {import("eslint").Linter.Config}
+ */
+module.exports = {
+  env: {
+    browser: false,
+    es2021: true,
+    mocha: true,
+    node: true,
+  },
+  extends: ["plugin:prettier/recommended"],
+  parser: "@typescript-eslint/parser",
+  parserOptions: {
+    ecmaVersion: 12,
+  },
+  plugins: [
+    "@typescript-eslint",
+    "prettier",
+    "simple-import-sort",
+    "sort-keys-fix",
+    "typescript-sort-keys",
+  ],
+  rules: {
+    "@typescript-eslint/sort-type-union-intersection-members": "error",
+    camelcase: "off",
+    "simple-import-sort/exports": "error",
+    "simple-import-sort/imports": "error",
+    "sort-keys-fix/sort-keys-fix": "error",
+    "typescript-sort-keys/interface": "error",
+    "typescript-sort-keys/string-enum": "error",
+  },
+  settings: {
+    "import/parsers": {
+      "@typescript-eslint/parser": [".js", ".jsx", ".ts", ".tsx", ".d.ts"],
+    },
+    "import/resolver": {
+      node: {
+        extensions: [".js", ".jsx", ".ts", ".tsx", ".d.ts"],
+      },
+      typescript: {
+        project: path.join(__dirname, "tsconfig.json"),
+      },
+    },
+  },
+};

contracts/nft/.gitignore

@@ -0,0 +1,19 @@
+node_modules
+.env
+coverage
+coverage.json
+typechain
+typechain-types
+dependencies
+
+# Hardhat files
+cache
+artifacts
+
+# Foundry files
+out
+cache_forge
+
+access_token
+
+localnet.json

contracts/nft/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 ZetaChain
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

contracts/nft/README.md

@@ -0,0 +1,4 @@
+# NFT Example
+
+This example currently only works with localnet `v4.0.0-rc*`, which supports
+authenticated calls and multiple EVM chains.

contracts/nft/contracts/evm/UniversalNFT.sol

@@ -0,0 +1,173 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
+import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol";
+import "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
+import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol";
+import "@openzeppelin/contracts/access/Ownable2Step.sol";
+import "@zetachain/protocol-contracts/contracts/evm/GatewayEVM.sol";
+import {RevertContext} from "@zetachain/protocol-contracts/contracts/Revert.sol";
+import "../shared/Events.sol";
+
+abstract contract UniversalNFT is
+    ERC721,
+    ERC721Enumerable,
+    ERC721URIStorage,
+    Ownable2Step,
+    Events
+{
+    GatewayEVM public immutable gateway;
+    uint256 private _nextTokenId;
+    address public universal;
+    uint256 public immutable gasLimit;
+
+    error InvalidAddress();
+    error Unauthorized();
+    error InvalidGasLimit();
+    error GasTokenTransferFailed();
+
+    function setUniversal(address contractAddress) external onlyOwner {
+        if (contractAddress == address(0)) revert InvalidAddress();
+        universal = contractAddress;
+        emit SetUniversal(contractAddress);
+    }
+
+    modifier onlyGateway() {
+        if (msg.sender != address(gateway)) revert Unauthorized();
+        _;
+    }
+
+    constructor(address payable gatewayAddress, uint256 gas) {
+        if (gatewayAddress == address(0)) revert InvalidAddress();
+        if (gas == 0) revert InvalidGasLimit();
+        gasLimit = gas;
+        gateway = GatewayEVM(gatewayAddress);
+    }
+
+    function safeMint(address to, string memory uri) public onlyOwner {
+        uint256 hash = uint256(
+            keccak256(
+                abi.encodePacked(address(this), block.number, _nextTokenId++)
+            )
+        );
+
+        uint256 tokenId = hash & 0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
+
+        _safeMint(to, tokenId);
+        _setTokenURI(tokenId, uri);
+        emit TokenMinted(to, tokenId, uri);
+    }
+
+    function transferCrossChain(
+        uint256 tokenId,
+        address receiver,
+        address destination
+    ) external payable {
+        if (receiver == address(0)) revert InvalidAddress();
+
+        string memory uri = tokenURI(tokenId);
+        _burn(tokenId);
+        bytes memory message = abi.encode(
+            destination,
+            receiver,
+            tokenId,
+            uri,
+            msg.sender
+        );
+        if (destination == address(0)) {
+            gateway.call(
+                universal,
+                message,
+                RevertOptions(address(this), false, address(0), message, 0)
+            );
+        } else {
+            gateway.depositAndCall{value: msg.value}(
+                universal,
+                message,
+                RevertOptions(
+                    address(this),
+                    true,
+                    address(0),
+                    abi.encode(receiver, tokenId, uri, msg.sender),
+                    gasLimit
+                )
+            );
+        }
+
+        emit TokenTransfer(destination, receiver, tokenId, uri);
+    }
+
+    function onCall(
+        MessageContext calldata context,
+        bytes calldata message
+    ) external payable onlyGateway returns (bytes4) {
+        if (context.sender != universal) revert Unauthorized();
+
+        (
+            address receiver,
+            uint256 tokenId,
+            string memory uri,
+            uint256 gasAmount,
+            address sender
+        ) = abi.decode(message, (address, uint256, string, uint256, address));
+
+        _safeMint(receiver, tokenId);
+        _setTokenURI(tokenId, uri);
+        if (gasAmount > 0) {
+            (bool success, ) = sender.call{value: gasAmount}("");
+            if (!success) revert GasTokenTransferFailed();
+        }
+        emit TokenTransferReceived(receiver, tokenId, uri);
+        return "";
+    }
+
+    function onRevert(RevertContext calldata context) external onlyGateway {
+        (, uint256 tokenId, string memory uri, address sender) = abi.decode(
+            context.revertMessage,
+            (address, uint256, string, address)
+        );
+
+        _safeMint(sender, tokenId);
+        _setTokenURI(tokenId, uri);
+        emit TokenTransferReverted(sender, tokenId, uri);
+    }
+
+    receive() external payable {}
+
+    fallback() external payable {}
+
+    // The following functions are overrides required by Solidity.
+
+    function _update(
+        address to,
+        uint256 tokenId,
+        address auth
+    ) internal override(ERC721, ERC721Enumerable) returns (address) {
+        return super._update(to, tokenId, auth);
+    }
+
+    function _increaseBalance(
+        address account,
+        uint128 value
+    ) internal override(ERC721, ERC721Enumerable) {
+        super._increaseBalance(account, value);
+    }
+
+    function tokenURI(
+        uint256 tokenId
+    ) public view override(ERC721, ERC721URIStorage) returns (string memory) {
+        return super.tokenURI(tokenId);
+    }
+
+    function supportsInterface(
+        bytes4 interfaceId
+    )
+        public
+        view
+        override(ERC721, ERC721Enumerable, ERC721URIStorage)
+        returns (bool)
+    {
+        return super.supportsInterface(interfaceId);
+    }
+}