Uniswap · saucepoint · Jun 28, 2024 · Jun 28, 2024 · Jun 28, 2024 · Jun 28, 2024
diff --git a/.forge-snapshots/autocompound_exactUnclaimedFees.snap b/.forge-snapshots/autocompound_exactUnclaimedFees.snap
@@ -1 +1 @@
-291244
+293396
diff --git a/.forge-snapshots/autocompound_exactUnclaimedFees_exactCustodiedFees.snap b/.forge-snapshots/autocompound_exactUnclaimedFees_exactCustodiedFees.snap
@@ -1 +1 @@
-223603
+225755
diff --git a/.forge-snapshots/autocompound_excessFeesCredit.snap b/.forge-snapshots/autocompound_excessFeesCredit.snap
@@ -1 +1 @@
-311783
+313935
diff --git a/.forge-snapshots/decreaseLiquidity_erc20.snap b/.forge-snapshots/decreaseLiquidity_erc20.snap
@@ -1 +1 @@
-209314
+211447
diff --git a/.forge-snapshots/decreaseLiquidity_erc6909.snap b/.forge-snapshots/decreaseLiquidity_erc6909.snap
@@ -1 +1 @@
-209326
+211459
diff --git a/.forge-snapshots/increaseLiquidity_erc20.snap b/.forge-snapshots/increaseLiquidity_erc20.snap
@@ -1 +1 @@
-194862
+197014
diff --git a/.forge-snapshots/increaseLiquidity_erc6909.snap b/.forge-snapshots/increaseLiquidity_erc6909.snap
@@ -1 +1 @@
-194874
+197026
diff --git a/.forge-snapshots/mint.snap b/.forge-snapshots/mint.snap
@@ -1 +1 @@
-493163
+490008
diff --git a/.forge-snapshots/mintWithLiquidity.snap b/.forge-snapshots/mintWithLiquidity.snap
@@ -0,0 +1 @@
+490196
diff --git a/.forge-snapshots/permit.snap b/.forge-snapshots/permit.snap
@@ -0,0 +1 @@
+75071
diff --git a/.forge-snapshots/permit_secondPosition.snap b/.forge-snapshots/permit_secondPosition.snap
@@ -0,0 +1 @@
+57971
diff --git a/.forge-snapshots/permit_twice.snap b/.forge-snapshots/permit_twice.snap
@@ -0,0 +1 @@
+40871
diff --git a/contracts/NonfungiblePositionManager.sol b/contracts/NonfungiblePositionManager.sol
@@ -113,7 +113,7 @@ contract NonfungiblePositionManager is INonfungiblePositionManager, BaseLiquidit
 
         // mint receipt token
         _mint(owner, (tokenId = nextTokenId++));
-        tokenPositions[tokenId] = TokenPosition({owner: owner, range: range});
+        tokenPositions[tokenId] = TokenPosition({owner: owner, range: range, operator: address(0x0)});
     }
 
     function increaseLiquidity(uint256 tokenId, uint256 liquidity, bytes memory hookData, bool claims, address sender)
@@ -166,19 +166,24 @@ contract NonfungiblePositionManager is INonfungiblePositionManager, BaseLiquidit
         TokenPosition storage tokenPosition = tokenPositions[tokenId];
         LiquidityRangeId rangeId = tokenPosition.range.toId();
         Position storage position = positions[from][rangeId];
-        position.operator = address(0x0);
 
         // transfer position data to destination
         positions[to][rangeId] = position;
         delete positions[from][rangeId];
 
         // update token position
-        tokenPositions[tokenId] = TokenPosition({owner: to, range: tokenPosition.range});
+        tokenPositions[tokenId] = TokenPosition({owner: to, range: tokenPosition.range, operator: address(0x0)});
     }
 
-    function _getAndIncrementNonce(uint256 tokenId) internal override returns (uint256) {
-        TokenPosition memory tokenPosition = tokenPositions[tokenId];
-        return uint256(positions[tokenPosition.owner][tokenPosition.range.toId()].nonce++);
+    // override ERC721 approval by setting operator
+    function _approve(address spender, uint256 tokenId) internal override {
+        tokenPositions[tokenId].operator = spender;
+    }
+
+    function getApproved(uint256 tokenId) public view override returns (address) {
+        require(_exists(tokenId), "ERC721: approved query for nonexistent token");
+
+        return tokenPositions[tokenId].operator;
     }
 
     modifier isAuthorizedForToken(uint256 tokenId, address sender) {

diff --git a/contracts/base/ERC721Permit.sol b/contracts/base/ERC721Permit.sol
@@ -11,8 +11,7 @@ import {IERC1271} from "../interfaces/external/IERC1271.sol";
 /// @title ERC721 with permit
 /// @notice Nonfungible tokens that support an approve via signature, i.e. permit
 abstract contract ERC721Permit is ERC721, IERC721Permit {
-    /// @dev Gets the current nonce for a token ID and then increments it, returning the original value
-    function _getAndIncrementNonce(uint256 tokenId) internal virtual returns (uint256);
+    mapping(address owner => mapping(uint256 word => uint256 bitmap)) public nonces;
 
     /// @dev The hash of the name used in the permit signature verification
     bytes32 private immutable nameHash;
@@ -46,23 +45,18 @@ abstract contract ERC721Permit is ERC721, IERC721Permit {
         0x49ecf333e5b8c95c40fdafc95c1ad136e8914a8fb55e9dc8bb01eaa83a2df9ad;
 
     /// @inheritdoc IERC721Permit
-    function permit(address spender, uint256 tokenId, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
+    function permit(address spender, uint256 tokenId, uint256 deadline, uint256 nonce, uint8 v, bytes32 r, bytes32 s)
         external
         payable
         override
     {
         require(block.timestamp <= deadline, "Permit expired");
 
-        bytes32 digest = keccak256(
-            abi.encodePacked(
-                "\x19\x01",
-                DOMAIN_SEPARATOR(),
-                keccak256(abi.encode(PERMIT_TYPEHASH, spender, tokenId, _getAndIncrementNonce(tokenId), deadline))
-            )
-        );
         address owner = ownerOf(tokenId);
         require(spender != owner, "ERC721Permit: approval to current owner");
 
+        bytes32 digest = getDigest(spender, tokenId, nonce, deadline);
+
         if (Address.isContract(owner)) {
             require(IERC1271(owner).isValidSignature(digest, abi.encodePacked(r, s, v)) == 0x1626ba7e, "Unauthorized");
         } else {
@@ -71,6 +65,40 @@ abstract contract ERC721Permit is ERC721, IERC721Permit {
             require(recoveredAddress == owner, "Unauthorized");
         }
 
+        _useUnorderedNonce(owner, nonce);
         approve(spender, tokenId);
     }
+
+    function getDigest(address spender, uint256 tokenId, uint256 _nonce, uint256 deadline)
+        public
+        view
+        returns (bytes32 digest)
+    {
+        digest = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(PERMIT_TYPEHASH, spender, tokenId, _nonce, deadline))
+            )
+        );
+    }
+
+    /// @notice Returns the index of the bitmap and the bit position within the bitmap. Used for unordered nonces
+    /// @param nonce The nonce to get the associated word and bit positions
+    /// @return wordPos The word position or index into the nonceBitmap
+    /// @return bitPos The bit position
+    /// @dev The first 248 bits of the nonce value is the index of the desired bitmap
+    /// @dev The last 8 bits of the nonce value is the position of the bit in the bitmap
+    function bitmapPositions(uint256 nonce) private pure returns (uint256 wordPos, uint256 bitPos) {
+        wordPos = uint248(nonce >> 8);
+        bitPos = uint8(nonce);
+    }
+
+    function _useUnorderedNonce(address from, uint256 nonce) internal {
+        (uint256 wordPos, uint256 bitPos) = bitmapPositions(nonce);
+        uint256 bit = 1 << bitPos;
+        uint256 flipped = nonces[from][wordPos] ^= bit;
+
+        if (flipped & bit == 0) revert NonceAlreadyUsed();
+    }
 }
diff --git a/contracts/interfaces/IBaseLiquidityManagement.sol b/contracts/interfaces/IBaseLiquidityManagement.sol
@@ -11,10 +11,6 @@ interface IBaseLiquidityManagement {
 
     // details about the liquidity position
     struct Position {
-        // the nonce for permits
-        uint96 nonce;
-        // the address that is approved for spending this token
-        address operator;
         uint256 liquidity;
         // the fee growth of the aggregate position as of the last action on the individual position
         uint256 feeGrowthInside0LastX128;

diff --git a/contracts/interfaces/IERC721Permit.sol b/contracts/interfaces/IERC721Permit.sol
@@ -4,6 +4,8 @@ pragma solidity >=0.7.5;
 /// @title ERC721 with permit
 /// @notice Extension to ERC721 that includes a permit function for signature based approvals
 interface IERC721Permit {
+    error NonceAlreadyUsed();
+
     /// @notice The permit typehash used in the permit signature
     /// @return The typehash for the permit
     function PERMIT_TYPEHASH() external pure returns (bytes32);
@@ -19,7 +21,7 @@ interface IERC721Permit {
     /// @param v Must produce valid secp256k1 signature from the holder along with `r` and `s`
     /// @param r Must produce valid secp256k1 signature from the holder along with `v` and `s`
     /// @param s Must produce valid secp256k1 signature from the holder along with `r` and `v`
-    function permit(address spender, uint256 tokenId, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
+    function permit(address spender, uint256 tokenId, uint256 deadline, uint256 nonce, uint8 v, bytes32 r, bytes32 s)
         external
         payable;
 }
diff --git a/contracts/interfaces/INonfungiblePositionManager.sol b/contracts/interfaces/INonfungiblePositionManager.sol
@@ -20,6 +20,7 @@ interface INonfungiblePositionManager {
     struct TokenPosition {
         address owner;
         LiquidityRange range;
+        address operator;
     }
 
     error MustBeUnlockedByThisContract();

diff --git a/test/position-managers/Execute.t.sol b/test/position-managers/Execute.t.sol
@@ -88,7 +88,7 @@ contract ExecuteTest is Test, Deployers, GasSnapshot, LiquidityFuzzers, Liquidit
 
         _increaseLiquidity(tokenId, liquidityToAdd, ZERO_BYTES, false);
 
-        (,, uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
+        (uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
         assertEq(liquidity, initialLiquidity + liquidityToAdd);
     }
 
@@ -117,7 +117,7 @@ contract ExecuteTest is Test, Deployers, GasSnapshot, LiquidityFuzzers, Liquidit
         currencies[1] = currency1;
         lpm.modifyLiquidities(abi.encode(planner.actions, planner.params, currencies));
 
-        (,, uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
+        (uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
         assertEq(liquidity, initialiLiquidity + liquidityToAdd + liquidityToAdd2);
     }
 
@@ -140,7 +140,7 @@ contract ExecuteTest is Test, Deployers, GasSnapshot, LiquidityFuzzers, Liquidit
         currencies[1] = currency1;
         lpm.modifyLiquidities(abi.encode(planner.actions, planner.params, currencies));
 
-        (,, uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
+        (uint256 liquidity,,,,) = lpm.positions(address(this), range.toId());
         assertEq(liquidity, initialLiquidity + liquidityToAdd);
     }
 

diff --git a/test/position-managers/FeeCollection.t.sol b/test/position-managers/FeeCollection.t.sol
@@ -172,8 +172,8 @@ contract FeeCollectionTest is Test, Deployers, GasSnapshot, LiquidityFuzzers, Li
         uint256 tokenIdBob = lpm.nextTokenId() - 1;
 
         // confirm the positions are same range
-        (, LiquidityRange memory rangeAlice) = lpm.tokenPositions(tokenIdAlice);
-        (, LiquidityRange memory rangeBob) = lpm.tokenPositions(tokenIdBob);
+        (, LiquidityRange memory rangeAlice,) = lpm.tokenPositions(tokenIdAlice);
+        (, LiquidityRange memory rangeBob,) = lpm.tokenPositions(tokenIdBob);
         assertEq(rangeAlice.tickLower, rangeBob.tickLower);
         assertEq(rangeAlice.tickUpper, rangeBob.tickUpper);
 

diff --git a/test/position-managers/Gas.t.sol b/test/position-managers/Gas.t.sol
@@ -35,8 +35,10 @@ contract GasTest is Test, Deployers, GasSnapshot, LiquidityOperations {
     using Planner for Planner.Plan;
 
     PoolId poolId;
-    address alice = makeAddr("ALICE");
-    address bob = makeAddr("BOB");
+    address alice;
+    uint256 alicePK;
+    address bob;
+    uint256 bobPK;
 
     uint256 constant STARTING_USER_BALANCE = 10_000_000 ether;
 
@@ -46,6 +48,9 @@ contract GasTest is Test, Deployers, GasSnapshot, LiquidityOperations {
     LiquidityRange range;
 
     function setUp() public {
+        (alice, alicePK) = makeAddrAndKey("ALICE");
+        (bob, bobPK) = makeAddrAndKey("BOB");
+
         Deployers.deployFreshManagerAndRouters();
         Deployers.deployMintAndApprove2Currencies();
 
@@ -298,4 +303,79 @@ contract GasTest is Test, Deployers, GasSnapshot, LiquidityOperations {
     function test_gas_burn() public {}
     function test_gas_burnEmpty() public {}
     function test_gas_collect() public {}
+
+    function test_gas_permit() public {
+        // alice permits for the first time
+        uint256 liquidityAlice = 1e18;
+        vm.prank(alice);
+        _mint(range, liquidityAlice, block.timestamp + 1, alice, ZERO_BYTES);
+        uint256 tokenIdAlice = lpm.nextTokenId() - 1;
+
+        // alice gives operator permission to bob
+        uint256 nonce = 1;
+        bytes32 digest = lpm.getDigest(bob, tokenIdAlice, nonce, block.timestamp + 1);
+
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(alicePK, digest);
+
+        vm.prank(alice);
+        lpm.permit(bob, tokenIdAlice, block.timestamp + 1, nonce, v, r, s);
+        snapLastCall("permit");
+    }
+
+    function test_gas_permit_secondPosition() public {
+        // alice permits for her two tokens, benchmark the 2nd permit
+        uint256 liquidityAlice = 1e18;
+        vm.prank(alice);
+        _mint(range, liquidityAlice, block.timestamp + 1, alice, ZERO_BYTES);
+        uint256 tokenIdAlice = lpm.nextTokenId() - 1;
+
+        // alice gives operator permission to bob
+        uint256 nonce = 1;
+        bytes32 digest = lpm.getDigest(bob, tokenIdAlice, nonce, block.timestamp + 1);
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(alicePK, digest);
+
+        vm.prank(alice);
+        lpm.permit(bob, tokenIdAlice, block.timestamp + 1, nonce, v, r, s);
+
+        // alice creates another position
+        vm.prank(alice);
+        _mint(range, liquidityAlice, block.timestamp + 1, alice, ZERO_BYTES);
+        tokenIdAlice = lpm.nextTokenId() - 1;
+
+        // alice gives operator permission to bob
+        nonce = 2;
+        digest = lpm.getDigest(bob, tokenIdAlice, nonce, block.timestamp + 1);
+        (v, r, s) = vm.sign(alicePK, digest);
+
+        vm.prank(alice);
+        lpm.permit(bob, tokenIdAlice, block.timestamp + 1, nonce, v, r, s);
+        snapLastCall("permit_secondPosition");
+    }
+
+    function test_gas_permit_twice() public {
+        // alice permits the same token, twice
+        address charlie = makeAddr("CHARLIE");
+
+        uint256 liquidityAlice = 1e18;
+        vm.prank(alice);
+        _mint(range, liquidityAlice, block.timestamp + 1, alice, ZERO_BYTES);
+        uint256 tokenIdAlice = lpm.nextTokenId() - 1;
+
+        // alice gives operator permission to bob
+        uint256 nonce = 1;
+        bytes32 digest = lpm.getDigest(bob, tokenIdAlice, nonce, block.timestamp + 1);
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(alicePK, digest);
+
+        vm.prank(alice);
+        lpm.permit(bob, tokenIdAlice, block.timestamp + 1, nonce, v, r, s);
+
+        // alice gives operator permission to charlie
+        nonce = 2;
+        digest = lpm.getDigest(charlie, tokenIdAlice, nonce, block.timestamp + 1);
+        (v, r, s) = vm.sign(alicePK, digest);
+
+        vm.prank(alice);
+        lpm.permit(charlie, tokenIdAlice, block.timestamp + 1, nonce, v, r, s);
+        snapLastCall("permit_twice");
+    }
 }