Skip to content

O
openzeppelin-contracts-upgradeable
Unverified Commit 547a5f24 by Nicolás Venturo Committed by GitHub
Options

Add extcodesize check to SafeERC20. (#1662) 

* Add extcodesize check to SafeERC20.

* Clarify some comments.

* Replace inline assembly with Address.sol.
parent 352ec945
Showing with 40 additions and 19 deletions
contracts/token/ERC20/SafeERC20.sol
...@@ -2,6 +2,7 @@ pragma solidity ^0.5.2; ...@@ -2,6 +2,7 @@ pragma solidity ^0.5.2;
import "./IERC20.sol"; import "./IERC20.sol";
import "../../math/SafeMath.sol"; import "../../math/SafeMath.sol";
import "../../utils/Address.sol";
/** /**
* @title SafeERC20 * @title SafeERC20
...@@ -14,6 +15,7 @@ import "../../math/SafeMath.sol"; ...@@ -14,6 +15,7 @@ import "../../math/SafeMath.sol";
*/ */
library SafeERC20 { library SafeERC20 {
using SafeMath for uint256; using SafeMath for uint256;
using Address for address;
function safeTransfer(IERC20 token, address to, uint256 value) internal { function safeTransfer(IERC20 token, address to, uint256 value) internal {
callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
...@@ -51,11 +53,18 @@ library SafeERC20 { ...@@ -51,11 +53,18 @@ library SafeERC20 {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. // we're implementing it ourselves.
// A Solidity high level call has three parts:
// 1. The target address is checked to verify it contains contract code
// 2. The call itself is made, and success asserted
// 3. The return value is decoded, which in turn checks the size of the returned data.
require(address(token).isContract());
// solhint-disable-next-line avoid-low-level-calls // solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = address(token).call(data); (bool success, bytes memory returndata) = address(token).call(data);
require(success); require(success);
if (returndata.length > 0) { if (returndata.length > 0) { // Return data is optional
require(abi.decode(returndata, (bool))); require(abi.decode(returndata, (bool)));
} }
} }
......
test/token/ERC20/SafeERC20.test.js
...@@ -5,31 +5,21 @@ const ERC20ReturnTrueMock = artifacts.require('ERC20ReturnTrueMock'); ...@@ -5,31 +5,21 @@ const ERC20ReturnTrueMock = artifacts.require('ERC20ReturnTrueMock');
const ERC20NoReturnMock = artifacts.require('ERC20NoReturnMock'); const ERC20NoReturnMock = artifacts.require('ERC20NoReturnMock');
const SafeERC20Wrapper = artifacts.require('SafeERC20Wrapper'); const SafeERC20Wrapper = artifacts.require('SafeERC20Wrapper');
contract('SafeERC20', function () { contract('SafeERC20', function ([_, hasNoCode]) {
describe('with token that returns false on all calls', function () { describe('with address that has no contract code', function () {
beforeEach(async function () { beforeEach(async function () {
this.wrapper = await SafeERC20Wrapper.new((await ERC20ReturnFalseMock.new()).address); this.wrapper = await SafeERC20Wrapper.new(hasNoCode);
}); });
it('reverts on transfer', async function () { shouldRevertOnAllCalls();
await shouldFail.reverting(this.wrapper.transfer());
}); });
it('reverts on transferFrom', async function () { describe('with token that returns false on all calls', function () {
await shouldFail.reverting(this.wrapper.transferFrom()); beforeEach(async function () {
}); this.wrapper = await SafeERC20Wrapper.new((await ERC20ReturnFalseMock.new()).address);
it('reverts on approve', async function () {
await shouldFail.reverting(this.wrapper.approve(0));
});
it('reverts on increaseAllowance', async function () {
await shouldFail.reverting(this.wrapper.increaseAllowance(0));
}); });
it('reverts on decreaseAllowance', async function () { shouldRevertOnAllCalls();
await shouldFail.reverting(this.wrapper.decreaseAllowance(0));
});
}); });
describe('with token that returns true on all calls', function () { describe('with token that returns true on all calls', function () {
...@@ -49,6 +39,28 @@ contract('SafeERC20', function () { ...@@ -49,6 +39,28 @@ contract('SafeERC20', function () {
}); });
}); });
function shouldRevertOnAllCalls () {
it('reverts on transfer', async function () {
await shouldFail.reverting(this.wrapper.transfer());
});
it('reverts on transferFrom', async function () {
await shouldFail.reverting(this.wrapper.transferFrom());
});
it('reverts on approve', async function () {
await shouldFail.reverting(this.wrapper.approve(0));
});
it('reverts on increaseAllowance', async function () {
await shouldFail.reverting(this.wrapper.increaseAllowance(0));
});
it('reverts on decreaseAllowance', async function () {
await shouldFail.reverting(this.wrapper.decreaseAllowance(0));
});
}
function shouldOnlyRevertOnErrors () { function shouldOnlyRevertOnErrors () {
it('doesn\'t revert on transfer', async function () { it('doesn\'t revert on transfer', async function () {
await this.wrapper.transfer(); await this.wrapper.transfer();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment