update allowlist

Signed-off-by: Adam Wolf <wolfynft@gmail.com>

Author: wolfy-nft

contracts/nft/erc1155m/clones/ERC1155MagicDropCloneable.sol

@@ -197,7 +197,7 @@ contract ERC1155MagicDropCloneable is ERC1155MagicDropMetadataCloneable {
             revert AllowlistStageNotActive();
         }
 
-        if (!MerkleProofLib.verify(proof, stage.merkleRoot, keccak256(abi.encodePacked(to)))) {
+        if (!MerkleProofLib.verify(proof, stage.merkleRoot, keccak256(bytes.concat(keccak256(abi.encode(to)))))) {
             revert InvalidProof();
         }
 

test/erc1155m/clones/ERC1155MagicDropCloneable.t.sol

@@ -35,8 +35,13 @@ contract ERC1155MagicDropCloneableTest is Test {
     SetupConfig internal config;
 
     function setUp() public {
+        // Prepare an array of addresses for testing allowlist
+        address[] memory addresses = new address[](1);
+        addresses[0] = allowedAddr;
+        // Deploy the new MerkleTestHelper with multiple addresses
+        merkleHelper = new MerkleTestHelper(addresses);
+
         token = ERC1155MagicDropCloneable(LibClone.deployERC1967(address(new ERC1155MagicDropCloneable())));
-        merkleHelper = new MerkleTestHelper(allowedAddr);
 
         // Initialize token
         token.initialize("TestToken", "TT", owner);
@@ -167,19 +172,20 @@ contract ERC1155MagicDropCloneableTest is Test {
         // Move time to allowlist
         vm.warp(allowlistStart + 1);
 
-        vm.deal(merkleHelper.getAllowedAddress(), 1 ether);
-        vm.prank(merkleHelper.getAllowedAddress());
-        token.mintAllowlist{value: 0.005 ether}(
-            merkleHelper.getAllowedAddress(), tokenId, 1, merkleHelper.getProofFor(merkleHelper.getAllowedAddress()), ""
-        );
+        vm.deal(allowedAddr, 1 ether);
+        vm.prank(allowedAddr);
 
-        assertEq(token.balanceOf(merkleHelper.getAllowedAddress(), tokenId), 1);
+        // Generate a proof for the allowedAddr from our new MerkleTestHelper
+        bytes32[] memory proof = merkleHelper.getProofFor(allowedAddr);
+
+        token.mintAllowlist{value: 0.005 ether}(allowedAddr, tokenId, 1, proof, "");
+
+        assertEq(token.balanceOf(allowedAddr, tokenId), 1);
     }
 
     function testMintAllowlistInvalidProofReverts() public {
         vm.warp(allowlistStart + 1);
 
-        address allowedAddr = merkleHelper.getAllowedAddress();
         bytes32[] memory proof = merkleHelper.getProofFor(allowedAddr);
 
         vm.deal(allowedAddr, 1 ether);
@@ -193,7 +199,6 @@ contract ERC1155MagicDropCloneableTest is Test {
         // Before allowlist start
         vm.warp(allowlistStart - 10);
 
-        address allowedAddr = merkleHelper.getAllowedAddress();
         bytes32[] memory proof = merkleHelper.getProofFor(allowedAddr);
         vm.deal(allowedAddr, 1 ether);
         vm.prank(allowedAddr);
@@ -205,7 +210,6 @@ contract ERC1155MagicDropCloneableTest is Test {
     function testMintAllowlistNotEnoughValueReverts() public {
         vm.warp(allowlistStart + 1);
 
-        address allowedAddr = merkleHelper.getAllowedAddress();
         bytes32[] memory proof = merkleHelper.getProofFor(allowedAddr);
         vm.deal(allowedAddr, 0.001 ether);
         vm.prank(allowedAddr);
@@ -217,7 +221,6 @@ contract ERC1155MagicDropCloneableTest is Test {
     function testMintAllowlistWalletLimitExceededReverts() public {
         vm.warp(allowlistStart + 1);
 
-        address allowedAddr = merkleHelper.getAllowedAddress();
         bytes32[] memory proof = merkleHelper.getProofFor(allowedAddr);
         vm.deal(allowedAddr, 1 ether);
 
@@ -238,7 +241,6 @@ contract ERC1155MagicDropCloneableTest is Test {
         // unlimited wallet limit for the purpose of this test
         token.setWalletLimit(tokenId, 0);
 
-        address allowedAddr = merkleHelper.getAllowedAddress();
         vm.deal(allowedAddr, 11 ether);
         vm.prank(allowedAddr);
 
@@ -517,10 +519,10 @@ contract ERC1155MagicDropCloneableTest is Test {
         uint256 initialProtocolBalance = token.PROTOCOL_FEE_RECIPIENT().balance;
         uint256 initialPayoutBalance = payoutRecipient.balance;
 
-        vm.deal(merkleHelper.getAllowedAddress(), 1 ether);
-        vm.prank(merkleHelper.getAllowedAddress());
+        vm.deal(allowedAddr, 1 ether);
+        vm.prank(allowedAddr);
         token.mintAllowlist{value: 0.005 ether}(
-            merkleHelper.getAllowedAddress(), tokenId, 1, merkleHelper.getProofFor(merkleHelper.getAllowedAddress()), ""
+            allowedAddr, tokenId, 1, merkleHelper.getProofFor(allowedAddr), ""
         );
 
         uint256 expectedProtocolFee = (0.005 ether * token.PROTOCOL_FEE_BPS()) / token.BPS_DENOMINATOR();

test/helpers/MerkleTestHelper.sol

@@ -1,37 +1,185 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.22;
 
-// Dummy merkle proof generation utilities for testing
+/**
+ * @title MerkleTestHelper
+ * @dev This contract builds a Merkle tree from a list of addresses, stores the root,
+ *      and provides a function to retrieve a Merkle proof for a given address.
+ *
+ *      NOTE: Generating Merkle trees on-chain is gas-expensive, so this is typically
+ *      done only in testing scenarios or for very short lists.
+ */
 contract MerkleTestHelper {
-    // This is a placeholder helper. In a real test, you'd generate a real merkle tree offline.
-    // Here we hardcode a single allowlisted address and its proof.
-    bytes32[] internal _proof;
+    address[] internal _allowedAddrs;
     bytes32 internal _root;
-    address internal _allowedAddr;
 
-    constructor(address allowedAddr) {
-        _allowedAddr = allowedAddr;
-        // For simplicity, root = keccak256(abi.encodePacked(_allowedAddr))
-        // Proof is empty since this is a single-leaf tree.
-        _root = keccak256(abi.encodePacked(_allowedAddr));
+    /**
+     * @dev Constructor that takes in an array of addresses, builds a Merkle tree, and stores the root.
+     */
+    constructor(address[] memory allowedAddresses) {
+        // Copy addresses to storage
+        for (uint256 i = 0; i < allowedAddresses.length; i++) {
+            _allowedAddrs.push(allowedAddresses[i]);
+        }
+
+        // Build leaves from the addresses
+        bytes32[] memory leaves = _buildLeaves(_allowedAddrs);
+
+        // Compute merkle root
+        _root = _computeMerkleRoot(leaves);
     }
 
+    /**
+     * @notice Returns the Merkle root of the addresses list.
+     */
     function getRoot() external view returns (bytes32) {
         return _root;
     }
 
+    /**
+     * @notice Returns the Merkle proof for a given address.
+     * @dev If the address is not found or is not part of the _allowedAddrs array,
+     *      this will return an empty array.
+     */
     function getProofFor(address addr) external view returns (bytes32[] memory) {
-        if (addr == _allowedAddr) {
-            // Single-leaf tree: no proof necessary except empty array
+        // Find the index of the address in our stored list
+        (bool isInList, uint256 index) = _findAddressIndex(addr);
+        if (!isInList) {
+            // Return empty proof if address doesn't exist in the allowed list
             return new bytes32[](0);
-        } else {
-            // No valid proof
-            bytes32[] memory emptyProof;
-            return emptyProof;
         }
+
+        // Build leaves in memory
+        bytes32[] memory leaves = _buildLeaves(_allowedAddrs);
+
+        // Build the proof for the leaf at the found index
+        return _buildProof(leaves, index);
+    }
+
+    /**
+     * @dev Creates an array of leaves by double hashing each address:
+     *      keccak256(bytes.concat(keccak256(abi.encodePacked(address))))
+     */
+    function _buildLeaves(address[] memory addrs) internal pure returns (bytes32[] memory) {
+        bytes32[] memory leaves = new bytes32[](addrs.length);
+        for (uint256 i = 0; i < addrs.length; i++) {
+            leaves[i] = keccak256(bytes.concat(keccak256(abi.encode(addrs[i]))));
+        }
+        return leaves;
+    }
+
+    /**
+     * @dev Computes the Merkle root from an array of leaves.
+     *      Pairs each leaf, hashing them together until only one root remains.
+     *      If there is an odd number of leaves at a given level, the last leaf is "promoted" (copied up).
+     */
+    function _computeMerkleRoot(bytes32[] memory leaves) internal pure returns (bytes32) {
+        require(leaves.length > 0, "No leaves to build a merkle root");
+
+        uint256 n = leaves.length;
+        while (n > 1) {
+            for (uint256 i = 0; i < n / 2; i++) {
+                // Sort the pair before hashing
+                (bytes32 left, bytes32 right) = leaves[2 * i] < leaves[2 * i + 1]
+                    ? (leaves[2 * i], leaves[2 * i + 1])
+                    : (leaves[2 * i + 1], leaves[2 * i]);
+                leaves[i] = keccak256(abi.encodePacked(left, right));
+            }
+            // If odd, promote last leaf
+            if (n % 2 == 1) {
+                leaves[n / 2] = leaves[n - 1];
+                n = (n / 2) + 1;
+            } else {
+                n = n / 2;
+            }
+        }
+
+        // The first element is now the root
+        return leaves[0];
+    }
+
+    /**
+     * @dev Builds a Merkle proof for the leaf at the given index.
+     *      We recompute the pairing tree on the fly, capturing the "sibling" each time.
+     */
+    function _buildProof(bytes32[] memory leaves, uint256 targetIndex) internal pure returns (bytes32[] memory) {
+        bytes32[] memory proof = new bytes32[](_proofLength(leaves.length));
+        uint256 proofPos = 0;
+        uint256 n = leaves.length;
+        uint256 index = targetIndex;
+
+        while (n > 1) {
+            bool isIndexEven = (index % 2) == 0;
+            uint256 pairIndex = isIndexEven ? index + 1 : index - 1;
+
+            if (pairIndex < n) {
+                // Add the sibling to the proof without sorting
+                proof[proofPos] = leaves[pairIndex];
+                proofPos++;
+            }
+
+            // Move up to the next level
+            for (uint256 i = 0; i < n / 2; i++) {
+                // Sort pairs when building the next level
+                (bytes32 left, bytes32 right) = leaves[2 * i] < leaves[2 * i + 1]
+                    ? (leaves[2 * i], leaves[2 * i + 1])
+                    : (leaves[2 * i + 1], leaves[2 * i]);
+                leaves[i] = keccak256(abi.encodePacked(left, right));
+            }
+
+            // Handle odd number of leaves
+            if (n % 2 == 1) {
+                leaves[n / 2] = leaves[n - 1];
+                n = (n / 2) + 1;
+            } else {
+                n = n / 2;
+            }
+
+            index = index / 2;
+        }
+
+        // Trim unused proof elements
+        uint256 trimSize = 0;
+        for (uint256 i = proof.length; i > 0; i--) {
+            if (proof[i - 1] != 0) {
+                break;
+            }
+            trimSize++;
+        }
+
+        bytes32[] memory trimmedProof = new bytes32[](proof.length - trimSize);
+        for (uint256 i = 0; i < trimmedProof.length; i++) {
+            trimmedProof[i] = proof[i];
+        }
+
+        return trimmedProof;
     }
 
-    function getAllowedAddress() external view returns (address) {
-        return _allowedAddr;
+    /**
+     * @dev Helper to find the index of a given address in the _allowedAddrs array.
+     */
+    function _findAddressIndex(address addr) internal view returns (bool, uint256) {
+        for (uint256 i = 0; i < _allowedAddrs.length; i++) {
+            if (_allowedAddrs[i] == addr) {
+                return (true, i);
+            }
+        }
+        return (false, 0);
+    }
+
+    /**
+     * @dev Computes an upper bound for the proof length (worst-case).
+     *      For n leaves, the maximum proof length is ~log2(n).
+     *      Here we just do a simple upper bound for clarity.
+     */
+    function _proofLength(uint256 n) internal pure returns (uint256) {
+        // If n=1, no proof. Otherwise, each tree level can contribute 1 node in the proof path.
+        // A simplistic approach: log2(n) <= 256 bits for typical usage, but we do this in-line:
+        uint256 count = 0;
+        while (n > 1) {
+            n = (n + 1) / 2; // integer division round up
+            count++;
+        }
+        return count;
     }
 }