feat: imt_mint/imt_burn intents

.github/workflows/ci.yml

@@ -162,7 +162,7 @@ jobs:
         with:
           cache: false
       - name: Install cargo-audit
-        run: cargo install cargo-audit --version "^0.21" --locked
+        run: cargo install cargo-audit --version "^0.22" --locked
       - uses: rustsec/audit-check@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -188,7 +188,8 @@ jobs:
       - name: Install Cargo Plugins
         run: cargo install cargo-audit --locked
       - name: Run security audit
-        run: cargo audit --deny unsound --deny yanked
+        # TODO: ignoring lru vulnerability in near-sdk, remove when fixed
+        run: cargo audit --deny unsound --deny yanked --ignore RUSTSEC-2026-0002
         # run: cargo audit --deny warnings  # Warnings include: unmaintained, unsound and yanked
 
   contract_analysis:

Makefile.toml

@@ -40,7 +40,7 @@ args = [
     "--manifest-path",
     "./defuse/Cargo.toml",
     "--features",
-    "abi,contract",
+    "abi,contract,imt",
     "--out-dir",
     "${TARGET_DIR}",
     "--no-embed-abi",

core/Cargo.toml

@@ -55,6 +55,7 @@ arbitrary = [
     "defuse-token-id/arbitrary",
     "defuse-ton-connect/arbitrary",
 ]
+imt = ["defuse-token-id/imt"]
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 chrono = { workspace = true, features = ["now"] }

core/src/engine/state/cached.rs

@@ -374,6 +374,21 @@ where
 
         Ok(())
     }
+
+    #[inline]
+    fn mint(&mut self, owner_id: AccountId, tokens: Amounts, _memo: Option<String>) -> Result<()> {
+        self.internal_add_balance(owner_id, tokens)
+    }
+
+    #[inline]
+    fn burn(
+        &mut self,
+        signer_id: &AccountIdRef,
+        tokens: Amounts,
+        _memo: Option<String>,
+    ) -> Result<()> {
+        self.internal_sub_balance(signer_id, tokens)
+    }
 }
 
 #[derive(Debug, Default)]

core/src/engine/state/deltas.rs

@@ -213,6 +213,21 @@ where
     fn auth_call(&mut self, signer_id: &AccountIdRef, auth_call: AuthCall) -> Result<()> {
         self.state.auth_call(signer_id, auth_call)
     }
+
+    #[inline]
+    fn mint(&mut self, owner_id: AccountId, tokens: Amounts, memo: Option<String>) -> Result<()> {
+        self.state.mint(owner_id, tokens, memo)
+    }
+
+    #[inline]
+    fn burn(
+        &mut self,
+        signer_id: &AccountIdRef,
+        tokens: Amounts,
+        memo: Option<String>,
+    ) -> Result<()> {
+        self.state.burn(signer_id, tokens, memo)
+    }
 }
 
 /// Accumulates internal deposits and withdrawals on different tokens

core/src/engine/state/mod.rs

@@ -127,4 +127,13 @@ pub trait State: StateView {
     fn set_auth_by_predecessor_id(&mut self, account_id: AccountId, enable: bool) -> Result<bool>;
 
     fn auth_call(&mut self, signer_id: &AccountIdRef, auth_call: AuthCall) -> Result<()>;
+
+    fn mint(&mut self, owner_id: AccountId, tokens: Amounts, memo: Option<String>) -> Result<()>;
+
+    fn burn(
+        &mut self,
+        signer_id: &AccountIdRef,
+        tokens: Amounts,
+        memo: Option<String>,
+    ) -> Result<()>;
 }

core/src/error.rs

@@ -1,5 +1,6 @@
 use crate::{
     engine::deltas::InvariantViolated,
+    intents::tokens::MAX_TOKEN_ID_LEN,
     token_id::{TokenId, TokenIdError, nep171::Nep171TokenId},
 };
 use defuse_crypto::PublicKey;
@@ -75,4 +76,7 @@ pub enum DefuseError {
 
     #[error("maximum attempts to generate a new salt reached")]
     SaltGenerationFailed,
+
+    #[error("token ID is too large: {0} bytes (maximum is {MAX_TOKEN_ID_LEN} bytes)")]
+    TokenIdTooLarge(usize),
 }

core/src/events.rs

@@ -54,6 +54,17 @@ pub enum DefuseEvent<'a> {
     #[event_version("0.3.0")]
     StorageDeposit(Cow<'a, [IntentEvent<AccountEvent<'a, Cow<'a, StorageDeposit>>>]>),
 
+    #[cfg(feature = "imt")]
+    #[event_version("0.3.0")]
+    ImtMint(
+        Cow<'a, [IntentEvent<AccountEvent<'a, Cow<'a, crate::intents::tokens::imt::ImtMint>>>]>,
+    ),
+
+    #[cfg(feature = "imt")]
+    #[event_version("0.3.0")]
+    ImtBurn(
+        Cow<'a, [IntentEvent<AccountEvent<'a, Cow<'a, crate::intents::tokens::imt::ImtBurn>>>]>,
+    ),
     #[event_version("0.3.0")]
     #[from(skip)]
     AccountLocked(AccountEvent<'a, ()>),

core/src/intents/mod.rs

@@ -68,6 +68,14 @@ pub enum Intent {
 
     /// See [`AuthCall`]
     AuthCall(AuthCall),
+
+    // See [`ImtMint`]
+    #[cfg(feature = "imt")]
+    ImtMint(crate::intents::tokens::imt::ImtMint),
+
+    // See [`ImtBurn`]
+    #[cfg(feature = "imt")]
+    ImtBurn(crate::intents::tokens::imt::ImtBurn),
 }
 
 pub trait ExecutableIntent {
@@ -125,6 +133,10 @@ impl ExecutableIntent for Intent {
                 intent.execute_intent(signer_id, engine, intent_hash)
             }
             Self::AuthCall(intent) => intent.execute_intent(signer_id, engine, intent_hash),
+            #[cfg(feature = "imt")]
+            Self::ImtMint(intent) => intent.execute_intent(signer_id, engine, intent_hash),
+            #[cfg(feature = "imt")]
+            Self::ImtBurn(intent) => intent.execute_intent(signer_id, engine, intent_hash),
         }
     }
 }

core/src/intents/token_diff.rs

@@ -206,9 +206,14 @@ impl TokenDiff {
         match token_id {
             TokenIdType::Nep141 => {}
             TokenIdType::Nep245 if amount > 1 => {}
-
             // do not take fees on NFTs and MTs with |delta| <= 1
             TokenIdType::Nep171 | TokenIdType::Nep245 => return Pips::ZERO,
+            #[cfg(feature = "imt")]
+            TokenIdType::Imt => {
+                if amount <= 1 {
+                    return Pips::ZERO;
+                }
+            }
         }
         fee
     }

core/src/intents/tokens.rs

@@ -17,6 +17,15 @@ use crate::{
 
 use super::{ExecutableIntent, IntentEvent};
 
+pub const MAX_TOKEN_ID_LEN: usize = 127;
+
+#[derive(thiserror::Error, Debug)]
+#[error("token_id is too long: max length is {MAX_TOKEN_ID_LEN}, got {0}")]
+pub struct TokenIdTooLarge(pub usize);
+
+const MT_ON_TRANSFER_GAS_MIN: Gas = Gas::from_tgas(5);
+const MT_ON_TRANSFER_GAS_DEFAULT: Gas = Gas::from_tgas(30);
+
 #[must_use]
 #[near(serializers = [borsh, json])]
 #[derive(Debug, Clone)]
@@ -73,17 +82,12 @@ pub struct Transfer {
     /// Optionally notify receiver_id via `mt_on_transfer()`
     ///
     /// NOTE: `min_gas` is adjusted with following values:
-    /// * default: 30TGas
     /// * minimum: 5TGas
+    /// * default: 30TGas
     #[serde(flatten, default, skip_serializing_if = "Option::is_none")]
     pub notification: Option<NotifyOnTransfer>,
 }
 
-impl Transfer {
-    pub const MT_ON_TRANSFER_GAS_MIN: Gas = Gas::from_tgas(5);
-    pub const MT_ON_TRANSFER_GAS_DEFAULT: Gas = Gas::from_tgas(30);
-}
-
 impl ExecutableIntent for Transfer {
     fn execute_intent<S, I>(
         self,
@@ -127,9 +131,10 @@ impl ExecutableIntent for Transfer {
             notification.min_gas = Some(
                 notification
                     .min_gas
-                    .unwrap_or(Self::MT_ON_TRANSFER_GAS_DEFAULT)
-                    .max(Self::MT_ON_TRANSFER_GAS_MIN),
+                    .unwrap_or(MT_ON_TRANSFER_GAS_DEFAULT)
+                    .max(MT_ON_TRANSFER_GAS_MIN),
             );
+
             engine
                 .state
                 .notify_on_transfer(sender_id, self.receiver_id, self.tokens, notification);
@@ -516,3 +521,171 @@ impl ExecutableIntent for StorageDeposit {
         engine.state.storage_deposit(owner_id, self)
     }
 }
+
+#[cfg(feature = "imt")]
+pub mod imt {
+    use super::{MT_ON_TRANSFER_GAS_DEFAULT, MT_ON_TRANSFER_GAS_MIN};
+    use crate::{Result, intents::tokens::MAX_TOKEN_ID_LEN};
+    use defuse_token_id::TokenId;
+    use near_sdk::{AccountId, AccountIdRef, CryptoHash, near};
+    use serde_with::{DisplayFromStr, serde_as};
+
+    use std::{borrow::Cow, collections::BTreeMap};
+
+    use crate::{
+        DefuseError,
+        accounts::AccountEvent,
+        amounts::Amounts,
+        engine::{Engine, Inspector, State},
+        events::DefuseEvent,
+        intents::{ExecutableIntent, IntentEvent, tokens::NotifyOnTransfer},
+    };
+
+    pub type ImtTokens = Amounts<BTreeMap<defuse_nep245::TokenId, u128>>;
+
+    impl ImtTokens {
+        #[inline]
+        fn into_generic_tokens(
+            self,
+            minter_id: &AccountIdRef,
+        ) -> Result<Amounts<BTreeMap<TokenId, u128>>> {
+            let tokens = self
+                .into_iter()
+                .map(|(token_id, amount)| {
+                    if token_id.len() > MAX_TOKEN_ID_LEN {
+                        return Err(DefuseError::TokenIdTooLarge(token_id.len()));
+                    }
+
+                    let token = defuse_token_id::imt::ImtTokenId::new(minter_id, token_id).into();
+
+                    Ok((token, amount))
+                })
+                .collect::<Result<_, _>>()?;
+
+            Ok(Amounts::new(tokens))
+        }
+    }
+
+    #[near(serializers = [borsh, json])]
+    #[derive(Debug, Clone)]
+    /// Mint a set of tokens from the signer to a specified account id, within the intents contract.
+    pub struct ImtMint {
+        pub receiver_id: AccountId,
+
+        // The tokens transferred in this call will be wrapped
+        // in such a way as to bind the token ID to the minter authority.
+        // The final string representation of the token
+        // will be as follows: `imt:<minter_id>:<token_id>`
+        #[serde_as(as = "Amounts<BTreeMap<_, DisplayFromStr>>")]
+        pub tokens: ImtTokens,
+
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        pub memo: Option<String>,
+
+        /// Optionally notify receiver_id via `mt_on_transfer()`
+        ///
+        /// NOTE: `min_gas` is adjusted with following values:
+        /// * minimum: 5TGas
+        /// * default: 30TGas
+        #[serde(flatten, default, skip_serializing_if = "Option::is_none")]
+        pub notification: Option<NotifyOnTransfer>,
+    }
+
+    impl ExecutableIntent for ImtMint {
+        #[inline]
+        fn execute_intent<S, I>(
+            self,
+            signer_id: &AccountIdRef,
+            engine: &mut Engine<S, I>,
+            intent_hash: CryptoHash,
+        ) -> Result<()>
+        where
+            S: State,
+            I: Inspector,
+        {
+            if self.tokens.is_empty() {
+                return Err(DefuseError::InvalidIntent);
+            }
+
+            engine
+                .inspector
+                .on_event(DefuseEvent::ImtMint(Cow::Borrowed(
+                    [IntentEvent::new(
+                        AccountEvent::new(signer_id, Cow::Borrowed(&self)),
+                        intent_hash,
+                    )]
+                    .as_slice(),
+                )));
+
+            let tokens = self.tokens.into_generic_tokens(signer_id)?;
+            engine
+                .state
+                .mint(self.receiver_id.clone(), tokens.clone(), self.memo)?;
+
+            if let Some(mut notification) = self.notification {
+                notification.min_gas = Some(
+                    notification
+                        .min_gas
+                        .unwrap_or(MT_ON_TRANSFER_GAS_DEFAULT)
+                        .max(MT_ON_TRANSFER_GAS_MIN),
+                );
+
+                engine
+                    .state
+                    .notify_on_transfer(signer_id, self.receiver_id, tokens, notification);
+            }
+
+            Ok(())
+        }
+    }
+
+    #[near(serializers = [borsh, json])]
+    #[derive(Debug, Clone)]
+    /// Burn a set of imt tokens, within the intents contract.
+    pub struct ImtBurn {
+        // The minter authority of the imt tokens
+        pub minter_id: AccountId,
+
+        // The tokens transferred in this call will be wrapped
+        // in such a way as to bind the token ID to the minter authority.
+        // The final string representation of the token
+        // will be as follows: `imt:<minter_id>:<token_id>`
+        #[serde_as(as = "Amounts<BTreeMap<_, DisplayFromStr>>")]
+        pub tokens: ImtTokens,
+
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        pub memo: Option<String>,
+    }
+
+    impl ExecutableIntent for ImtBurn {
+        #[inline]
+        fn execute_intent<S, I>(
+            self,
+            signer_id: &AccountIdRef,
+            engine: &mut Engine<S, I>,
+            intent_hash: CryptoHash,
+        ) -> Result<()>
+        where
+            S: State,
+            I: Inspector,
+        {
+            if self.tokens.is_empty() {
+                return Err(DefuseError::InvalidIntent);
+            }
+
+            engine
+                .inspector
+                .on_event(DefuseEvent::ImtBurn(Cow::Borrowed(
+                    [IntentEvent::new(
+                        AccountEvent::new(signer_id, Cow::Borrowed(&self)),
+                        intent_hash,
+                    )]
+                    .as_slice(),
+                )));
+
+            let tokens = self.tokens.into_generic_tokens(&self.minter_id)?;
+
+            engine.state.burn(signer_id, tokens, self.memo)
+        }
+    }
+}