chore: refactor, add guides

CODE_OF_CONDUCT.md

@@ -0,0 +1,150 @@
+# Tokenbound Code of Conduct
+
+## Preamble
+
+The Tokenbound Community was created to foster an open, innovative and inclusive community around open source development.
+To clarify expected behaviour in our community we have adopted the Contributor Covenant. This code of conduct
+has been adopted by many other open source communities and we feel it expresses our values well.
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+- Be friendly and patient
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Contributing
+
+Read carefully our Contributing Guidelines to know how to contribute properly in our
+project. Members and maintainers must adhere to some rules regarding to pull requests
+reviews and creation of issues and pull requests:
+
+- During code reviews do not comment on coding standards and styles -focus on algorithmical,
+  structural or naming issues-, help to solve problem.
+- When creating an issue or a pull request, follow the templates provided by the repository and
+  fill in the indicated items correctly. If you do not want to use a template, open a blank issue/PR
+  and make sure that in its description is not missing any information requested by the templates. Help
+  the community to get to know your work better.
+
+make sure your description is not missing any information requested by the templates
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[email protected]
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

SECURITY.md

@@ -0,0 +1,10 @@
+# Security policy
+
+If you believe you have found a security vulnerability in our code, we encourage you to report it to us as soon as possible.
+We ask that you do not publicly disclose any details of the vulnerability until we have had an opportunity to investigate and address it. 
+
+## Reporting a vulnerability
+
+To report a security vulnerability, go to [Report a vulnerability]([email protected]). This will create a draft advisory. Please provide as much detail as possible including steps to reproduce the issue and any potential impact it may have.
+
+Alternatively, you can also send an email to [email protected]. We will work to acknowledge your report within 24 hours and will keep you informed throughout our investigation and resolution process. 

src/components/account/account.cairo

@@ -90,6 +90,15 @@ pub mod AccountComponent {
             self._get_owner(token_contract, token_id)
         }
 
+        /// @notice returns the root owner for nested tokenbound accounts
+        /// @param token_contract the contract address of the NFT
+        /// @param token_id the token ID of the NFT
+        fn get_root_owner(
+            self: @ComponentState<TContractState>, token_contract: ContractAddress, token_id: u256
+        ) -> ContractAddress {
+            self._get_root_owner(token_contract, token_id)
+        }
+
         /// @notice returns the contract address and token ID of the associated NFT
         fn token(self: @ComponentState<TContractState>) -> (ContractAddress, u256, felt252) {
             self._get_token()
@@ -111,12 +120,6 @@ pub mod AccountComponent {
                 return false;
             }
         }
-
-        fn get_root_owner(
-            self: @ComponentState<TContractState>, token_contract: ContractAddress, token_id: u256
-        ) -> ContractAddress {
-            self._get_root_owner(token_contract, token_id)
-        }
     }
 
     // *************************************************************************

src/interfaces/IAccount.cairo

@@ -13,9 +13,9 @@ pub const TBA_INTERFACE_ID: felt252 =
 pub trait IAccount<TContractState> {
     fn token(self: @TContractState) -> (ContractAddress, u256, felt252);
     fn owner(self: @TContractState) -> ContractAddress;
-    fn state(self: @TContractState) -> u256;
-    fn supports_interface(self: @TContractState, interface_id: felt252) -> bool;
     fn get_root_owner(
         self: @TContractState, token_contract: ContractAddress, token_id: u256
     ) -> ContractAddress;
+    fn state(self: @TContractState) -> u256;
+    fn supports_interface(self: @TContractState, interface_id: felt252) -> bool;
 }

tests/test_account_component.cairo

@@ -28,25 +28,6 @@ const ACCOUNT: felt252 = 1234;
 const ACCOUNT2: felt252 = 5729;
 const SALT: felt252 = 123;
 
-#[derive(Drop)]
-struct SignedTransactionData {
-    private_key: felt252,
-    public_key: felt252,
-    transaction_hash: felt252,
-    r: felt252,
-    s: felt252
-}
-
-fn SIGNED_TX_DATA() -> SignedTransactionData {
-    SignedTransactionData {
-        private_key: 1234,
-        public_key: 883045738439352841478194533192765345509759306772397516907181243450667673002,
-        transaction_hash: 2717105892474786771566982177444710571376803476229898722748888396642649184538,
-        r: 3068558690657879390136740086327753007413919701043650133111397282816679110801,
-        s: 3355728545224320878895493649495491771252432631648740019139167265522817576501
-    }
-}
-
 // *************************************************************************
 //                              SETUP
 // *************************************************************************
@@ -136,29 +117,6 @@ fn test_event_is_emitted_on_initialization() {
         );
 }
 
-// #[test]
-// fn test_is_valid_signature() {
-//     let (contract_address, erc721_contract_address) = __setup__();
-//     let dispatcher = IAccountDispatcher { contract_address };
-//     let data = SIGNED_TX_DATA();
-//     let hash = data.transaction_hash;
-
-//     let token_dispatcher = IERC721Dispatcher { contract_address: erc721_contract_address };
-//     let token_owner = token_dispatcher.ownerOf(1.try_into().unwrap());
-
-//     start_cheat_caller_address(contract_address, token_owner);
-//     let mut good_signature = array![data.r, data.s];
-//     let is_valid = dispatcher.is_valid_signature(hash, good_signature.span());
-//     assert(is_valid == 'VALID', 'should accept valid signature');
-//     stop_cheat_caller_address(contract_address);
-
-//     start_cheat_caller_address(contract_address, ACCOUNT2.try_into().unwrap());
-//     let mut bad_signature = array![0x284, 0x492];
-//     let is_valid = dispatcher.is_valid_signature(hash, bad_signature.span());
-//     assert(is_valid == 0, 'should reject invalid signature');
-//     stop_cheat_caller_address(contract_address);
-// }
-
 #[test]
 fn test_execute() {
     let (contract_address, erc721_contract_address) = __setup__();

tests/test_lockable_component.cairo

@@ -66,7 +66,9 @@ fn __setup__() -> (ContractAddress, ContractAddress) {
     (account_contract_address, erc721_contract_address)
 }
 
-
+// *************************************************************************
+//                              TESTS
+// *************************************************************************
 #[test]
 fn test_lockable_owner() {
     let (contract_address, erc721_contract_address) = __setup__();
@@ -81,6 +83,7 @@ fn test_lockable_owner() {
     assert(owner == token_owner, 'invalid owner');
     stop_cheat_caller_address(contract_address);
 }
+
 #[test]
 fn test_lockable() {
     let (contract_address, _) = __setup__();

tests/test_permissionable_component.cairo

@@ -1,5 +1,5 @@
 // *************************************************************************
-//                              COMPONENT COMPONENT TEST
+//                              PERMISSIONABLE COMPONENT TEST
 // *************************************************************************
 use starknet::{ContractAddress, account::Call, get_block_timestamp};
 use snforge_std::{
@@ -73,9 +73,12 @@ fn __setup__() -> (ContractAddress, ContractAddress) {
     (account_contract_address, erc721_contract_address)
 }
 
+// *************************************************************************
+//                              TESTS
+// *************************************************************************
 #[test]
 #[should_panic(expected: ('Account: invalid length',))]
-fn test_when_permissioned_addresses_and_permissions_not_equal() {
+fn test_should_fail_if_unequal_permissioned_addresses_and_permissions() {
     let (contract_address, _) = __setup__();
     let acct_dispatcher = IAccountDispatcher { contract_address: contract_address };
 
@@ -98,7 +101,7 @@ fn test_when_permissioned_addresses_and_permissions_not_equal() {
 
 
 #[test]
-fn test_permissionable() {
+fn test_set_permissions() {
     let (contract_address, _) = __setup__();
     let acct_dispatcher = IAccountDispatcher { contract_address: contract_address };
 
@@ -150,23 +153,19 @@ fn test_has_permissions() {
 
     let has_permission2 = permissionable_dispatcher
         .has_permission(owner, ACCOUNT2.try_into().unwrap());
-
     assert(has_permission2 == true, 'Account: permitted');
 
     let has_permission3 = permissionable_dispatcher
         .has_permission(owner, ACCOUNT3.try_into().unwrap());
-
     assert(has_permission3 == true, 'Account: permitted');
 
     let has_permission4 = permissionable_dispatcher
         .has_permission(owner, ACCOUNT4.try_into().unwrap());
-
     assert(has_permission4 == false, 'Account: permitted');
 
     stop_cheat_caller_address(contract_address);
 }
 
-
 #[test]
 fn test_set_permission_emits_event() {
     let (contract_address, _) = __setup__();