Pascal - Non fungible token with FA2 (Operator) - Learn to write Tezos Smart Contracts the fun way

Chapter 29 : FA 2.0 – Operators and Permissions

When we started our space expedition, you chose a ship that was unique, there is no other like it, treat it well!

Definition

The FA2 standard proposes a unified token contract interface that accommodates fungibility and multiple asset concerns. It aims to provide significant expressivity to contract developers to create new types of tokens while maintaining a common interface standard for wallet integrators and external developers.

In this chapter we will focus on Operators and Permissions.

Entry points

Token contract implementing the FA2 standard MUST have the following entry points.

type fa2_entry_points is
Transfer of transfer_params
| Balance_of of balance_of_params
| Token_metadata_registry of token_metadata_registry_params
| Permissions_descriptor of permissions_descriptor_params
| Update_operators of update_operator_params
| Is_operator of is_operator_params

Operators

Definition

An Operator can be seen as a delegate role.

An Operator is a Tezos address that initiates token transfer operation on behalf of the owner. An Owner is a Tezos address which can hold tokens. An operator, other than the owner, MUST be approved to manage particular token types held by the owner to make a transfer from the owner account. The Operator relation is not transitive. If C is an operator of B , and if B is an operator of A, C cannot transfer tokens that are owned by A, on behalf of B.

An operator is defined as a relationship between two address (owner address and operator address) and can be understood as an operator address which can operate tokens held by a owner.

FA2 interface operator

The FA2 interface specifies two entry points to update and inspect operators. Once permitted for the specific token owner, an operator can transfer any tokens belonging to the owner.

| Update_operators of update_operator_params
| Is_operator of is_operator_params

where parameter type update_operator_params and is_operator_params are :

type operator_param_ is record
owner : address
; operator : address
end

type operator_param is michelson_pair_right_comb(operator_param_)

type update_operator_param is
| Add_operator of operator_param
| Remove_operator of operator_param

type update_operator_params is list (update_operator_param)

type is_operator_response_ is record
operator : operator_param
; is_operator : bool
end

type is_operator_response is michelson_pair_right_comb(is_operator_response_)

type is_operator_params_ is record
operator : operator_param
; callback : contract (is_operator_response)
end

type is_operator_params is michelson_pair_right_comb(is_operator_params_)

Notice that the update_operator can only Add or Remove an operator (an allowance between an operator address and a token owner address).

Notice that the parameter is\operator_params given to *Is\operator entry point contains a callback* property used to send back a response to the calling contract.

Notice that the entry point Update_operators expects a list of update_operator_param.

FA2 standard operator library

Some helper functions has been implemented in the FA2 library which help manipulating operator relationship. This library contains following functions and type alias :

an operator is a relationship between two address (owner address and operator address)

function update_operators allows to Add or Remove an operator in the list of operators.

function validate_operator validates operators for all transfers in the batch at once, depending on given operator_transfer_policy

FA2 Permission Policies and Configuration

Most token standards specify the logic that validates a transfer transaction and that can either approve or reject a transfer. Such logic (called Permission Policy) could validate who initiates a transfer, the transfer amount, and who can receive tokens.

This FA2 standard defines a framework to compose and configure such permission policies.

The FA2 standard defines :

the default core transfer behavior, that MUST always be implemented
a set of predefined permission policies that are optional

Permissions descriptor

The FA2 standard specifies an interface permissionsdescriptor allowing external contracts to discover an FA2 contract’s permission policy and to configure it. *permissions\descriptor* serves as a modular approach to define consistent and non-self-contradictory policies.

The permission descriptor indicates which standard permission policies are implemented by the FA2 contract and can be used by off-chain and on-chain tools to discover the properties of the particular FA2 contract implementation.

The FA2 standard defines a special metadata entry point permission descriptor containing standard permission policies.

type permissions_descriptor_ is record
operator : operator_transfer_policy
; receiver : owner_hook_policy
; sender : owner_hook_policy
; custom : option (custom_permission_policy)
end

Interface

FA2 token contract MUST implement the Permissions_descriptor entry point which provides token policies.

| Permissions_descriptor of permissions_descriptor_params

The expected parameter permissions_descriptor_params for this entry point is a callback function sending back a permissions_descriptor to calling contract. Those calling contract are considered as “Fa2 client contract”.

type permissions_descriptor is michelson_pair_right_comb(permissions_descriptor_)

type permissions_descriptor_params is

contract (permissions_descriptor)

Operator transfer policy

operator_transfer_policy – defines who can transfer tokens. Tokens can be transferred by the token owner or an operator (some address that is authorized to transfer tokens on behalf of the token owner). A special case is when neither owner nor operator can transfer tokens (can be used for non-transferable tokens).

The FA2 standard defines two entry points to manage and inspect operators associated with the token owner address (update_operators, is_operator). Once an operator is added, it can manage all of its associated owner’s tokens.

type operator_transfer_policy =

| No_transfer

| Owner_transfer

| Owner_or_operator_transfer

Owner hook policy

owner_hook_policy – defines if sender/receiver hooks should be called or not. Each token owner contract MAY implement either an fa2_token_sender or fa2_token_receiver hook interface. Those hooks MAY be called when a transfer sends tokens from the owner account or the owner receives tokens. The hook can either accept a transfer transaction or reject it by failing.

type owner_hook_policy =

| Owner_no_hook

| Optional_owner_hook

| Required_owner_hook

Custom permission policy

It is possible to extend a permission policy with a custom behavior, which does not overlap with already existing standard policies. This standard does not specify exact types for custom config entry points. FA2 token contract clients that support custom config entry points must know their types a priori and/or use a tag hint of custom_permission_policy.

type custom_permission_policy = {

tag : string;

config_api: address option;

}

Permission Policy Formulae

Each concrete implementation of the permission policy can be described by a formula which combines permission behaviors in the following form:

Operator(?) * Receiver(?) * Sender(?)

This formula describes the policy which allows only token owners to transfer their own tokens :

Operator(Owner_transfer) * Receiver(Owner_no_hook) * Sender(Owner_no_hook)

Your mission

We are working on a non_fungible/single-asset token. Our NFT “token” is almost ready but to allow a new rule. We need Bob to transfer a token taken from Vera account and send it to alice’s account.

Alice’s account address is “tz1gjaF81ZRRvdzjobyfVNsAeSC6PScjfQwN”
Bob’s account address is “tz1faswCTDciRzE4oJ9jn2Vm2dvjeyA9fUzU”
Vera’s account address is “tz1b7tUupMgCNw2cCLpKTkSD1NZzB5TkP2sv”

1- First we want you to prepare the initial state of storage. Modify the ligo compile-storage command for the token contract with following recommandations :

Vera account is owner of the token 1

2- Complete the ligo dry-run command for authorizing Bob to transfer tokens taken from Vera account, transaction emitted by Vera. (reuse the storage you made on step 1). You can use Layout.convert_to_right_comb function to convert your parameters into the format expected by Update_operators entry point. Don’t forget to refer to fa2interface to know the the expected type of *Update\operators* entry point.

3- Complete the ligo dry-run command for simulating the transfer of 1 token from Vera’account to Alice’s account, transaction emitted by Bob. The transferred token id is number 1 (token_id and and amount must be 1). You can use the Layout.convert_to_right_comb function to convert your parameters into the format expected by Transfer entry point.

You will have to modify the storage accordingly:

“Vera account is owner of the token 1” (step 1)
“Bob is authorized to transfer tokens taken from Vera account” (step 2).

Exercise
fa2_operator_lib.ligo
fa2_interface.ligo
non_fungible_token.ligo

// SPDX-FileCopyrightText: 2020 tqtezos
// SPDX-License-Identifier: MIT

(*
 * Operator library for stablecoin smart-contract
 *)

#if !FA2_OPERATOR_LIB
#define FA2_OPERATOR_LIB

#include “../fa2_interface.ligo”
#include “fa2_hooks_lib.ligo”

(*
 * Validates whether the given operator parameter is equal to `SENDER`
 *)
function validate_operator_owner_is_sender
  ( const param : operator_param
  ) : unit is if param.0 = Tezos.sender
  then unit else failwith (“NOT_TOKEN_OWNER”)

(*
 * Validates operators for the given tranfser batch
 * and operator storage
 *)
function validate_operators
  ( const transfer_param         : transfer_param
  ; const operators              : operators
  ) : unit is block
{ const operator : address = Tezos.sender
; const owner : address = transfer_param.0
} with if owner = operator or Big_map.mem ((owner, operator), operators)
  then unit else failwith (“FA2_NOT_OPERATOR”)

(*
 * Add operator from the given parameter and operator storage
 *)
function add_operator
  ( const param     : operator_param
  ; const operators : operators
  ) : operators is block
{ validate_operator_owner_is_sender (param)
; const operator_key : (owner * operator) = (param.0, param.1)
} with Big_map.update (operator_key, Some (unit), operators)

(*
 * Remove operator from the given storage
 *)
function remove_operator
  ( const param     : operator_param
  ; const operators : operators
  ) : operators is block
{ validate_operator_owner_is_sender (param)
; const operator_key : (owner * operator) = (param.0, param.1)
} with Big_map.remove (operator_key, operators)

(*
 * Adds or removes operators from a provided list of instructions
 * accordingly for the given storage
 *)
function update_operators
  ( const params    : update_operator_params
  ; const operators : operators
  ) : operators is List.fold
    ( function
        ( const operators             : operators
        ; const update_operator_param : update_operator_param
        ) : operators is case update_operator_param of
          Add_operator    (param) -> add_operator    (param, operators)
        | Remove_operator (param) -> remove_operator (param, operators)
        end
    , params
    , operators
    )

#endif

// SPDX-FileCopyrightText: 2020 tqtezos
// SPDX-License-Identifier: MIT

#if ! FA2_INTERFACE
#define FA2_INTERFACE

type token_id is nat

const default_token_id : token_id = 0n;

(*
 * This function fails if provided token_id is not equal to
 * default one, restricting all operations to be one-token
 * (that are allowed for `default_token_id`)
 *)
function validate_token_type
  ( const token_id : token_id
  ) : unit is
    if token_id =/= default_token_id
    then failwith (“FA2_TOKEN_UNDEFINED”)
    else unit

(*
 * Same as above but for a list of token ids
 *)
function validate_token_types
  ( const token_ids : list (token_id)
  ) : unit is List.fold
    ( function
        ( const u        : unit
        ; const token_id : token_id
        ) : unit is validate_token_type (token_id)
    , token_ids
    , unit
    )

type transfer_destination_ is record
  to_      : address
; token_id : token_id
; amount   : nat
end

type transfer_destination is michelson_pair_right_comb(transfer_destination_)

type transfer_param_ is record
  from_ : address
; txs : list (transfer_destination)
end

type transfer_param is michelson_pair_right_comb(transfer_param_)

type transfer_params is list (transfer_param)

type balance_of_request is record
   owner    :  address
;  token_id : token_id
end

type balance_of_response_ is record
  request : balance_of_request
; balance : nat
end

type balance_of_response is michelson_pair_right_comb(balance_of_response_)

type balance_of_params_ is record
  requests : list (balance_of_request)
; callback : contract (list (balance_of_response))
end

type balance_of_params is michelson_pair_right_comb(balance_of_params_)

type token_metadata_ is record
  token_id  : token_id
; symbol    : string
; name      : string
; decimals  : nat
; extras    : map (string, string)
end

type token_metadata is michelson_pair_right_comb(token_metadata_)

type token_metadata_registry_params is contract (address)

type owner is address
type operator is address

type operators is
  big_map ((owner * operator), unit)

type operator_param_ is record
  owner    : address
; operator : address
end

type operator_param is michelson_pair_right_comb(operator_param_)

type update_operator_param is
| Add_operator    of operator_param
| Remove_operator of operator_param

type update_operator_params is list (update_operator_param)

type is_operator_response_ is record
  operator    : operator_param
; is_operator : bool
end

type is_operator_response is michelson_pair_right_comb(is_operator_response_)

type is_operator_params_ is record
  operator : operator_param
; callback : contract (is_operator_response)
end

type is_operator_params is michelson_pair_right_comb(is_operator_params_)

(* ————————————————————- *)

type operator_transfer_policy_ is
| No_transfer
| Owner_transfer
| Owner_or_operator_transfer

type operator_transfer_policy is michelson_or_right_comb(operator_transfer_policy_)

type owner_hook_policy_ is
| Owner_no_hook
| Optional_owner_hook
| Required_owner_hook

type owner_hook_policy is michelson_or_right_comb(owner_hook_policy_)

type custom_permission_policy_ is record
  tag        : string
; config_api : option (address)
end

type custom_permission_policy is michelson_pair_right_comb(custom_permission_policy_)

type permissions_descriptor_ is record
  operator : operator_transfer_policy
; receiver : owner_hook_policy
; sender   : owner_hook_policy
; custom   : option (custom_permission_policy)
end

type permissions_descriptor is michelson_pair_right_comb(permissions_descriptor_)

type permissions_descriptor_params is
  contract (permissions_descriptor)

type fa2_entry_points is
  Transfer                of transfer_params
| Balance_of              of balance_of_params
| Token_metadata_registry of token_metadata_registry_params
| Permissions_descriptor  of permissions_descriptor_params
| Update_operators        of update_operator_params
| Is_operator             of is_operator_params

(* ————————————————————- *)

(*
 * Hooks
 *)

// Currently it has the same structure as `transfer_param` but
// with optional participants
type transfer_destination_descriptor_ is record
  to_      : option (address)
; token_id : token_id
; amount   : nat
end

type transfer_destination_descriptor is michelson_pair_right_comb(transfer_destination_descriptor_)

type transfer_descriptor_ is record
  from_ : option (address)
; txs   : list (transfer_destination_descriptor)
end

type transfer_descriptor is michelson_pair_right_comb(transfer_descriptor_)

type transfer_descriptor_param_ is record
   fa2      : address
;  batch    : list(transfer_descriptor)
;  operator : address
end

type transfer_descriptor_param is michelson_pair_right_comb(transfer_descriptor_param_)

#endif

#include “tzip-12/fa2_interface.ligo”
#include “tzip-12/lib/fa2_operator_lib.ligo”

type ledger is big_map(token_id, address);

type storage is record
  ledger             : ledger
; operators          : operators
end

type entrypoint is list (operation) * storage

// Custom
type mint_param_ is record
  to_    : address
; amount : nat
end
type mint_param is michelson_pair_right_comb (mint_param_)
type mint_params is list (mint_param)
type burn_params is list (nat)

function fail_on( const condition : bool; const message : string) : unit is if condition then failwith (message) else unit

(*
 * FA2-specific entrypoints
 *)
function transfer( const params : transfer_params; const store  : storage) : entrypoint is 
  block { 
    const sender_addr : address = Tezos.sender;

function make_transfer( const acc : entrypoint; const parameter : transfer_param) : entrypoint is 
      block { 
        validate_operators (parameter, acc.1.operators);

function transfer_tokens( const accumulator : storage; const destination : transfer_destination) : storage is 
          block { 
            validate_token_type (destination.1.0);
            const tok_id : nat = destination.1.1;
            const updated_ledger : ledger = Big_map.update(tok_id, Some (destination.0), store.ledger);
          } with accumulator with record [ ledger = updated_ledger ];

const operator : address = parameter.0;
        const txs : list (transfer_destination) = parameter.1;

const upd : list (operation) = (nil : list (operation)); 
        const ups : storage = List.fold (transfer_tokens, txs, acc.1)
      } with (merge_operations (upd, acc.0), ups)

} with List.fold (make_transfer, params, ((nil : list (operation)), store))

function balance_of ( const parameter : balance_of_params; const store : storage) : entrypoint is 
block { 
  function retreive_balance( const request : balance_of_request) : balance_of_response is 
  block { 
    validate_token_type (request.token_id);
    var retreived_balance : nat := case Big_map.find_opt (request.token_id, store.ledger) of
      Some (current_owner) -> if (request.owner =/= current_owner) then 0n else 1n
    | None -> 0n
    end
  } with (request, retreived_balance);

const responses : list (balance_of_response) = List.map (retreive_balance, parameter.0);
  const transfer_operation : operation = Tezos.transaction (responses, 0mutez, parameter.1);
} with (list [transfer_operation], store)

function token_metadata_registry( const parameter : token_metadata_registry_params; const store : storage) : entrypoint is
  ( list [Tezos.transaction( Tezos.self_address, 0mutez, parameter)], store )

function permission_descriptor( const parameter : permissions_descriptor_params; const store : storage) : entrypoint is 
  block  { 
    const operator_permissions : operator_transfer_policy = Layout.convert_to_right_comb((Owner_or_operator_transfer : operator_transfer_policy_));
    const owner_hook_policy : owner_hook_policy = Layout.convert_to_right_comb((Optional_owner_hook : owner_hook_policy_));
    const permissions : permissions_descriptor = (operator_permissions, (owner_hook_policy, (owner_hook_policy, (None : option (custom_permission_policy)))));
  } with ( list [Tezos.transaction( permissions, 0mutez, parameter)], store )

function update_operators_action( const parameter : update_operator_params; const store : storage) : entrypoint is 
  block { 
    const updated_operators : operators = update_operators (parameter, store.operators)
  } with ( (nil : list (operation)), store with record [ operators = updated_operators ] )

function is_operator( const param  : is_operator_params; const operators : operators) : operation is 
block { 
  const operator_param : operator_param_ = Layout.convert_from_right_comb ((param.0 : operator_param));
  const operator_key : (owner * operator) = (operator_param.owner, operator_param.operator);
  const is_present : bool = Big_map.mem (operator_key, operators);
  const response : is_operator_response = (param.0, is_present);
} with Tezos.transaction (response, 0mutez, param.1)

function is_operator_action( const parameter : is_operator_params; const store : storage) : entrypoint is
  ( list [is_operator (parameter, store.operators)]
  , store
  )

type custom_entry_points is 
| Mint of mint_params
| Burn of burn_params

(* NFT parameter *)
type closed_parameter is
| Fa2              of fa2_entry_points
| Asset            of custom_entry_points

function custom_main( const action : custom_entry_points; const store  : storage) : entrypoint is 
    case action of
      Mint                  (params) -> ((nil: list(operation)), store)
    | Burn                  (params) -> ((nil: list(operation)), store)
    end

function fa2_main( const action : fa2_entry_points; const store  : storage) : entrypoint is 
    case action of
      Transfer                (params) -> transfer                (params, store)
    | Balance_of              (params) -> balance_of              (params, store)
    | Token_metadata_registry (params) -> token_metadata_registry (params, store)
    | Permissions_descriptor  (params) -> permission_descriptor   (params, store)
    | Update_operators        (params) -> update_operators_action (params, store)
    | Is_operator             (params) -> is_operator_action      (params, store)
    end

function main( const action : closed_parameter; const store  : storage) : entrypoint is 
block { fail_on (Tezos.amount =/= 0tz, “XTZ_RECEIVED”) // Validate whether the contract receives non-zero amount of tokens
} with case action of
    Fa2                   (params) -> fa2_main              (params, store)
  | Asset                 (params) -> custom_main           (params, store)
  end

AWAITING VALIDATION

Type your solution above and validate your answer

VALIDATE MISSION