test(compliance): add full batch bind/unbind behavior coverage and document

IERC3643ComplianceExtended interface split

Author: rya-sge

CHANGELOG.md

@@ -84,6 +84,9 @@ forge lint
 - `supportsInterface` advertisement now explicitly includes `IERC1404` in addition to `IERC1404Extend`.
 - `RuleEngineOwnable2Step.supportsInterface` now advertises the Ownable2Step-specific interface ID in addition to inherited RuleEngine/Ownable interfaces.
 - `ERC3643ComplianceModule` authorization logic now requires explicit per-token approval for token-driven self-bind/self-unbind flows.
+- Split compliance interfaces between standard and extensions:
+  - `IERC3643Compliance` now contains the base ERC-3643 compliance surface.
+  - supplementary functions are grouped in `IERC3643ComplianceExtended` and advertised through a dedicated ERC-165 extension interface ID.
 
 ### Testing
 

src/RuleEngineBase.sol

@@ -14,11 +14,12 @@ import {IERC3643ComplianceRead, IERC3643IComplianceContract} from "CMTAT/interfa
 import {IERC7551Compliance} from "CMTAT/interfaces/tokenization/draft-IERC7551.sol";
 
 /* ==== Modules === */
-import {ERC3643ComplianceModule, IERC3643Compliance} from "./modules/ERC3643ComplianceModule.sol";
+import {ERC3643ComplianceModule} from "./modules/ERC3643ComplianceModule.sol";
 import {VersionModule} from "./modules/VersionModule.sol";
 import {RulesManagementModule} from "./modules/RulesManagementModule.sol";
 
 /* ==== Interface and other library === */
+import {IERC3643Compliance} from "./interfaces/IERC3643Compliance.sol";
 import {IRule} from "./interfaces/IRule.sol";
 import {ComplianceInterfaceId} from "./modules/library/ComplianceInterfaceId.sol";
 import {ERC1404InterfaceId} from "./modules/library/ERC1404InterfaceId.sol";
@@ -207,6 +208,7 @@ abstract contract RuleEngineBase is
             || interfaceId == ERC1404InterfaceId.IERC1404_INTERFACE_ID
             || interfaceId == ERC1404ExtendInterfaceId.ERC1404EXTEND_INTERFACE_ID
             || interfaceId == ComplianceInterfaceId.ERC3643_COMPLIANCE_INTERFACE_ID
+            || interfaceId == ComplianceInterfaceId.ERC3643_COMPLIANCE_EXTENDED_INTERFACE_ID
             || interfaceId == ComplianceInterfaceId.IERC7551_COMPLIANCE_INTERFACE_ID;
     }
 }

src/interfaces/IERC3643Compliance.sol

@@ -18,12 +18,6 @@ interface IERC3643Compliance is IERC3643ComplianceRead, IERC3643IComplianceContr
      * @param token The address of the token that was unbound.
      */
     event TokenUnbound(address token);
-    /**
-     * @notice Emitted when self-binding permission is updated for a token.
-     * @param token The token address whose self-binding permission changed.
-     * @param approved True if token self-bind/unbind is allowed, false otherwise.
-     */
-    event TokenSelfBindingApprovalSet(address token, bool approved);
 
     /* ============ Functions ============ */
     /**
@@ -53,29 +47,6 @@ interface IERC3643Compliance is IERC3643ComplianceRead, IERC3643IComplianceContr
      */
     function unbindToken(address token) external;
 
-    /**
-     * @notice Sets whether a token is allowed to self-bind and self-unbind.
-     * @dev Must be restricted by implementation-specific compliance manager access control.
-     * @param token The token address to configure.
-     * @param approved Whether self-binding is approved for `token`.
-     */
-    function setTokenSelfBindingApproval(address token, bool approved) external;
-
-    /**
-     * @notice Sets self-binding approval for multiple tokens in one transaction.
-     * @dev Must be restricted by implementation-specific compliance manager access control.
-     * Reverts if any token in `tokens` is the zero address.
-     * @param tokens The token addresses to configure.
-     * @param approved Whether self-binding is approved for all provided tokens.
-     */
-    function setTokenSelfBindingApprovalBatch(address[] calldata tokens, bool approved) external;
-
-    /**
-     * @notice Returns whether a token is approved to self-bind and self-unbind.
-     * @param token The token address to query.
-     * @return approved True if self-binding is approved for `token`, false otherwise.
-     */
-    function isTokenSelfBindingApproved(address token) external view returns (bool approved);
 
     /**
      * @notice Checks whether a token is currently bound to this compliance contract.
@@ -95,16 +66,6 @@ interface IERC3643Compliance is IERC3643ComplianceRead, IERC3643IComplianceContr
      */
     function getTokenBound() external view returns (address token);
 
-    /**
-     * @notice Returns all tokens currently bound to this compliance contract.
-     * @dev This is a view-only function and does not modify state.
-     * This function is not part of the original ERC-3643 specification
-     * This operation will copy the entire storage to memory, which can be quite expensive.
-     * This is designed to mostly be used by view accessors that are queried without any gas fees.
-     * @return tokens An array of addresses of bound token contracts.
-     */
-    function getTokenBounds() external view returns (address[] memory tokens);
-
     /**
      * @notice Updates the compliance contract state when tokens are created (minted).
      * @dev Called by the token contract when new tokens are issued to an account.

src/interfaces/IERC3643ComplianceExtended.sol

@@ -0,0 +1,67 @@
+//SPDX-License-Identifier: MPL-2.0
+
+pragma solidity ^0.8.20;
+
+import {IERC3643Compliance} from "./IERC3643Compliance.sol";
+
+interface IERC3643ComplianceExtended is IERC3643Compliance {
+    /**
+     * @notice Emitted when self-binding permission is updated for a token.
+     * @param token The token address whose self-binding permission changed.
+     * @param approved True if token self-bind/unbind is allowed, false otherwise.
+     */
+    event TokenSelfBindingApprovalSet(address token, bool approved);
+
+    /**
+     * @notice Associates multiple token contracts with this compliance contract.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * Must be restricted by implementation-specific compliance manager access control.
+     * Reverts if any token is invalid or already bound.
+     * @param tokens The token addresses to bind.
+     */
+    function bindTokens(address[] calldata tokens) external;
+
+    /**
+     * @notice Removes the association of multiple token contracts from this compliance contract.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * Must be restricted by implementation-specific compliance manager access control.
+     * Reverts if any token is not currently bound.
+     * @param tokens The token addresses to unbind.
+     */
+    function unbindTokens(address[] calldata tokens) external;
+
+    /**
+     * @notice Sets whether a token is allowed to self-bind and self-unbind.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * Must be restricted by implementation-specific compliance manager access control.
+     * @param token The token address to configure.
+     * @param approved Whether self-binding is approved for `token`.
+     */
+    function setTokenSelfBindingApproval(address token, bool approved) external;
+
+    /**
+     * @notice Sets self-binding approval for multiple tokens in one transaction.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * Must be restricted by implementation-specific compliance manager access control.
+     * Reverts if any token in `tokens` is the zero address.
+     * @param tokens The token addresses to configure.
+     * @param approved Whether self-binding is approved for all provided tokens.
+     */
+    function setTokenSelfBindingApprovalBatch(address[] calldata tokens, bool approved) external;
+
+    /**
+     * @notice Returns whether a token is approved to self-bind and self-unbind.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * @param token The token address to query.
+     * @return approved True if self-binding is approved for `token`, false otherwise.
+     */
+    function isTokenSelfBindingApproved(address token) external view returns (bool approved);
+
+    /**
+     * @notice Returns all tokens currently bound to this compliance contract.
+     * @dev This function is not part of the original ERC-3643 compliance interface.
+     * This operation copies the entire storage set to memory and is mainly intended for off-chain reads.
+     * @return tokens An array of bound token addresses.
+     */
+    function getTokenBounds() external view returns (address[] memory tokens);
+}

src/mocks/IERC3643ComplianceExtendedSubset.sol

@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity ^0.8.20;
+
+interface IERC3643ComplianceExtendedSubset {
+    function bindTokens(address[] calldata tokens) external;
+    function unbindTokens(address[] calldata tokens) external;
+    function setTokenSelfBindingApproval(address token, bool approved) external;
+    function setTokenSelfBindingApprovalBatch(address[] calldata tokens, bool approved) external;
+    function isTokenSelfBindingApproved(address token) external view returns (bool approved);
+    function getTokenBounds() external view returns (address[] memory tokens);
+}

src/modules/ERC3643ComplianceModule.sol

@@ -7,8 +7,9 @@ import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet
 import {Context} from "@openzeppelin/contracts/utils/Context.sol";
 /* ==== Interface and other library === */
 import {IERC3643Compliance} from "../interfaces/IERC3643Compliance.sol";
+import {IERC3643ComplianceExtended} from "../interfaces/IERC3643ComplianceExtended.sol";
 
-abstract contract ERC3643ComplianceModule is Context, IERC3643Compliance {
+abstract contract ERC3643ComplianceModule is Context, IERC3643ComplianceExtended {
     /* ==== Type declaration === */
     using EnumerableSet for EnumerableSet.AddressSet;
     /* ==== State Variables === */
@@ -58,6 +59,13 @@ abstract contract ERC3643ComplianceModule is Context, IERC3643Compliance {
         _bindToken(token);
     }
 
+    /// @inheritdoc IERC3643ComplianceExtended
+    function bindTokens(address[] calldata tokens) public virtual override onlyComplianceManager {
+        for (uint256 i = 0; i < tokens.length; ++i) {
+            _bindToken(tokens[i]);
+        }
+    }
+
     /**
      * @inheritdoc IERC3643Compliance
      * @dev Operator warning: unbinding is an administrative operation and does not
@@ -72,14 +80,21 @@ abstract contract ERC3643ComplianceModule is Context, IERC3643Compliance {
         _unbindToken(token);
     }
 
-    /// @inheritdoc IERC3643Compliance
+    /// @inheritdoc IERC3643ComplianceExtended
+    function unbindTokens(address[] calldata tokens) public virtual override onlyComplianceManager {
+        for (uint256 i = 0; i < tokens.length; ++i) {
+            _unbindToken(tokens[i]);
+        }
+    }
+
+    /// @inheritdoc IERC3643ComplianceExtended
     function setTokenSelfBindingApproval(address token, bool approved) public virtual override onlyComplianceManager {
         require(token != address(0), RuleEngine_ERC3643Compliance_InvalidTokenAddress());
         _tokenSelfBindingApproval[token] = approved;
         emit TokenSelfBindingApprovalSet(token, approved);
     }
 
-    /// @inheritdoc IERC3643Compliance
+    /// @inheritdoc IERC3643ComplianceExtended
     function setTokenSelfBindingApprovalBatch(address[] calldata tokens, bool approved)
         public
         virtual
@@ -94,7 +109,7 @@ abstract contract ERC3643ComplianceModule is Context, IERC3643Compliance {
         }
     }
 
-    /// @inheritdoc IERC3643Compliance
+    /// @inheritdoc IERC3643ComplianceExtended
     function isTokenSelfBindingApproved(address token) public view virtual override returns (bool) {
         return _tokenSelfBindingApproval[token];
     }
@@ -115,7 +130,7 @@ abstract contract ERC3643ComplianceModule is Context, IERC3643Compliance {
         }
     }
 
-    /// @inheritdoc IERC3643Compliance
+    /// @inheritdoc IERC3643ComplianceExtended
     function getTokenBounds() public view override returns (address[] memory) {
         return _boundTokens.values();
     }

src/modules/library/ComplianceInterfaceId.sol

@@ -8,5 +8,6 @@ pragma solidity ^0.8.20;
  */
 library ComplianceInterfaceId {
     bytes4 public constant ERC3643_COMPLIANCE_INTERFACE_ID = 0x3144991c;
+    bytes4 public constant ERC3643_COMPLIANCE_EXTENDED_INTERFACE_ID = 0x646ba2be;
     bytes4 public constant IERC7551_COMPLIANCE_INTERFACE_ID = 0x7157797f;
 }

test/RuleEngine/ERC3643Compliance.t.sol

@@ -319,6 +319,101 @@ contract RuleEngineTest is Test, HelperContract {
         ruleEngine.setTokenSelfBindingApprovalBatch(tokens, true);
     }
 
+    function testCanBindTokensBatch() public {
+        address[] memory tokens = new address[](2);
+        tokens[0] = address(token1);
+        tokens[1] = address(token2);
+
+        vm.prank(operator);
+        ruleEngine.bindTokens(tokens);
+
+        assertTrue(ruleEngine.isTokenBound(address(token1)));
+        assertTrue(ruleEngine.isTokenBound(address(token2)));
+    }
+
+    function testCanUnbindTokensBatch() public {
+        address[] memory tokens = new address[](2);
+        tokens[0] = address(token1);
+        tokens[1] = address(token2);
+
+        vm.startPrank(operator);
+        ruleEngine.bindTokens(tokens);
+        ruleEngine.unbindTokens(tokens);
+        vm.stopPrank();
+
+        assertFalse(ruleEngine.isTokenBound(address(token1)));
+        assertFalse(ruleEngine.isTokenBound(address(token2)));
+    }
+
+    function testOnlyComplianceManagerCanBindTokensBatch() public {
+        address[] memory tokens = new address[](1);
+        tokens[0] = address(token1);
+
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                ACCESS_CONTROL_UNAUTHORIZED_ACCOUNT_SELECTOR,
+                user1,
+                ruleEngine.COMPLIANCE_MANAGER_ROLE()
+            )
+        );
+        vm.prank(user1);
+        ruleEngine.bindTokens(tokens);
+    }
+
+    function testOnlyComplianceManagerCanUnbindTokensBatch() public {
+        address[] memory tokens = new address[](1);
+        tokens[0] = address(token1);
+
+        vm.prank(operator);
+        ruleEngine.bindTokens(tokens);
+
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                ACCESS_CONTROL_UNAUTHORIZED_ACCOUNT_SELECTOR,
+                user1,
+                ruleEngine.COMPLIANCE_MANAGER_ROLE()
+            )
+        );
+        vm.prank(user1);
+        ruleEngine.unbindTokens(tokens);
+    }
+
+    function testCannotBindTokensBatchWithZeroAddress() public {
+        address[] memory tokens = new address[](2);
+        tokens[0] = address(token1);
+        tokens[1] = address(0);
+
+        vm.expectRevert(ERC3643ComplianceModule.RuleEngine_ERC3643Compliance_InvalidTokenAddress.selector);
+        vm.prank(operator);
+        ruleEngine.bindTokens(tokens);
+    }
+
+    function testCannotBindTokensBatchWithAlreadyBoundToken() public {
+        address[] memory tokens = new address[](2);
+        tokens[0] = address(token1);
+        tokens[1] = address(token2);
+
+        vm.prank(operator);
+        ruleEngine.bindToken(address(token1));
+
+        vm.expectRevert(ERC3643ComplianceModule.RuleEngine_ERC3643Compliance_TokenAlreadyBound.selector);
+        vm.prank(operator);
+        ruleEngine.bindTokens(tokens);
+    }
+
+    function testCannotUnbindTokensBatchWithTokenNotBound() public {
+        address[] memory tokens = new address[](2);
+        tokens[0] = address(token1);
+        tokens[1] = address(token2);
+
+        vm.prank(operator);
+        ruleEngine.bindToken(address(token1));
+
+        vm.expectRevert(ERC3643ComplianceModule.RuleEngine_ERC3643Compliance_TokenNotBound.selector);
+        vm.prank(operator);
+        ruleEngine.unbindTokens(tokens);
+    }
+
     function testCannotCreatedIfNotBound() public {
         vm.expectRevert(ERC3643ComplianceModule.RuleEngine_ERC3643Compliance_UnauthorizedCaller.selector);
         ruleEngine.created(user1, 100);

test/RuleEngine/RuleEngineCoverage.t.sol

@@ -8,8 +8,10 @@ import "../HelperContract.sol";
 import {RuleEngineExposed} from "src/mocks/RuleEngineExposed.sol";
 import {RuleInvalidMock} from "src/mocks/RuleInvalidMock.sol";
 import {ICompliance} from "src/mocks/ICompliance.sol";
+import {IERC3643ComplianceExtendedSubset} from "src/mocks/IERC3643ComplianceExtendedSubset.sol";
 import {IERC1404Subset} from "src/mocks/IERC1404Subset.sol";
 import {IERC7551ComplianceSubset} from "src/mocks/IERC7551ComplianceSubset.sol";
+import {ComplianceInterfaceId} from "src/modules/library/ComplianceInterfaceId.sol";
 import {ERC1404InterfaceId} from "src/modules/library/ERC1404InterfaceId.sol";
 
 /**
@@ -50,6 +52,11 @@ contract RuleEngineCoverageTest is Test, HelperContract {
         assertTrue(ruleEngineMock.supportsInterface(type(ICompliance).interfaceId));
     }
 
+    function testSupportsERC3643ComplianceExtendedSubsetInterface() public view {
+        assertTrue(ruleEngineMock.supportsInterface(ComplianceInterfaceId.ERC3643_COMPLIANCE_EXTENDED_INTERFACE_ID));
+        assertTrue(ruleEngineMock.supportsInterface(type(IERC3643ComplianceExtendedSubset).interfaceId));
+    }
+
     function testSupportsIERC7551ComplianceSubsetInterface() public view {
         assertTrue(ruleEngineMock.supportsInterface(type(IERC7551ComplianceSubset).interfaceId));
     }

test/RuleEngine/RuleEngineDeployment.t.sol

@@ -11,8 +11,10 @@ import {IAccessControlEnumerable} from "@openzeppelin/contracts/access/extension
 import {ERC1404ExtendInterfaceId} from "CMTAT/library/ERC1404ExtendInterfaceId.sol";
 import {RuleEngineInterfaceId} from "CMTAT/library/RuleEngineInterfaceId.sol";
 import {ICompliance} from "src/mocks/ICompliance.sol";
+import {IERC3643ComplianceExtendedSubset} from "src/mocks/IERC3643ComplianceExtendedSubset.sol";
 import {IERC7551ComplianceSubset} from "src/mocks/IERC7551ComplianceSubset.sol";
 import {IERC1404Subset} from "src/mocks/IERC1404Subset.sol";
+import {ComplianceInterfaceId} from "src/modules/library/ComplianceInterfaceId.sol";
 import {ERC1404InterfaceId} from "src/modules/library/ERC1404InterfaceId.sol";
 
 /**
@@ -68,6 +70,8 @@ contract RuleEngineTest is Test, HelperContract {
         assertTrue(ruleEngineMock.supportsInterface(type(IERC1404Subset).interfaceId));
         assertTrue(ruleEngineMock.supportsInterface(ERC1404ExtendInterfaceId.ERC1404EXTEND_INTERFACE_ID));
         assertTrue(ruleEngineMock.supportsInterface(type(ICompliance).interfaceId));
+        assertTrue(ruleEngineMock.supportsInterface(ComplianceInterfaceId.ERC3643_COMPLIANCE_EXTENDED_INTERFACE_ID));
+        assertTrue(ruleEngineMock.supportsInterface(type(IERC3643ComplianceExtendedSubset).interfaceId));
         assertTrue(ruleEngineMock.supportsInterface(type(IERC7551ComplianceSubset).interfaceId));
     }