Audit fixes 2 (#51)

* fix: addresses #32, allowance() amount should reflect transferable amounts for transferFrom() and transfer() * fix: comment contradition #43 * wip: added overflow test cases according to #30, identified area of overflow * fix: potential fix for #30 * refactor: adhere to checks-effects-interaction pattern #35 * fix: make allowance() external #45 * fix: dropped virtual from permit, permitRenewable #44 * refactor: added require reason * chore: added gas reports * fix: solidity compiler for deploy script * Chore/natspec (#53) * style: grouped functions * forge install: openzeppelin-contracts * chore: updates to lib * chore: natspec comments for contracts * chore: closes #39 and #40 * chore: removed unused solmate * refactor: moved saturatingAdd to mathUtil * chore: cleanup * Apply suggestions from code review Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * fix: resolve some comments * doc: generated docs under doc/ * chore: cleanups on comments * style: use custom errors instead (#56) * style: use custom errors instead * fix: structured files for custom errors * style: change INITIAL values to upper-case * Update src/Funnel.sol Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * chore: fix comments slashes * fix: apply linter version changes Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <zlace0x@gmail.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0xyz@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com>
suberra · Dec 12, 2022 · 9b97efa · 9b97efa
1 parent fb18570
commit 9b97efa
Show file tree

Hide file tree

Showing 34 changed files with 2,982 additions and 2,496 deletions.
diff --git a/.gitignore b/.gitignore
@@ -15,4 +15,5 @@ node_modules/
 
 artifacts/
 cache_hardhat/
-typechain-types/
+typechain-types/
+.gas-snapshot
diff --git a/.gitmodules b/.gitmodules
@@ -3,4 +3,4 @@
 	url = https://github.com/foundry-rs/forge-std
 [submodule "lib/openzeppelin-contracts"]
 	path = lib/openzeppelin-contracts
-	url = https://github.com/Openzeppelin/openzeppelin-contracts
+	url = https://github.com/openzeppelin/openzeppelin-contracts
diff --git a/.prettierrc b/.prettierrc
@@ -3,7 +3,7 @@
         {
             "files": "*.sol",
             "options": {
-                "printWidth": 90,
+                "printWidth": 120,
                 "tabWidth": 4,
                 "useTabs": false,
                 "singleQuote": false,

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ Each funnel contract is a proxy/wrapper for an underlying ERC20 token, funneling
 By using this funnel contract, a sender can approve a spender a spending limit every periodic interval. For example, a subscriber can approve a merchant to deduct up to 100 USDC from his account every month.
 
 1. User first approves the funnel contract to spend using ERC20 approvals
-2. User can set renewable allowance on the funnel contract for a given period for an address (spender), approving up to a max limit with a recovery rate. 
+2. User can set renewable allowance on the funnel contract for a given period for an address (spender), approving up to a max limit with a recovery rate.
 3. The spender can then withdraw money out of the user's account up to the available allowance on the account.
 
 What is recovery rate? Recovery rate (amount per second) specifies the rate at which the allowance recovers over time. Once a spender spends the money, the available balance first decreases and slowly restores back to the max limit. Unlike conventional finance apps which performs discrete "resets" of spending limit, we implement renewable allowance using a continuous `recoveryRate` as it allows for more flexible usecases no bound by reset cycles and can be implemented more simply.
@@ -20,7 +20,7 @@ What is recovery rate? Recovery rate (amount per second) specifies the rate at w
 
 The funnel factory is a contract that deploys new funnel contracts, it is the only contract that can create new funnels.
 
-Goal is to deploy a factory onto all supported chains at the same address, and **every chain will produce the same funnel address for the same token address**. 
+Goal is to deploy a factory onto all supported chains at the same address, and **every chain will produce the same funnel address for the same token address**.
 
 ## Contracts
 
@@ -36,12 +36,11 @@ Goal is to deploy a factory onto all supported chains at the same address, and *
 
 `baseToken()` - Returns the address of the underlying token
 
-
 # Usage
 
 ## Testing
 
-Our tests consist of both Foundry tests and hardhat tests. 
+Our tests consist of both Foundry tests and hardhat tests.
 
 `forge test` - Runs the Foundry tests
 
@@ -62,10 +61,18 @@ Deploy to local fork
 
 Deploy factory to goerli
 
-`forge script script/FunnelFactoryDeployer.sol:FunnelFactoryDeployer --rpc-url $GOERLI_RPC_URL --broadcast --verify --etherscan-api-key $ETHERSCAN_API_KEY`  
+`forge script script/FunnelFactoryDeployer.sol:FunnelFactoryDeployer --rpc-url $GOERLI_RPC_URL --broadcast --verify --etherscan-api-key $ETHERSCAN_API_KEY`
 
 Note: Deployment addresses are dependent on deployer's private key, FunnelFactory bytecode and salt used. Multiple deployments will fail.
 
+## Misc
+
+Run prettier to format the code
+
+```sh
+npx prettier --write 'src/**/*.sol'
+```
+
 # Deployments
 
 | Network | Contract      | Address                                    |
@@ -74,7 +81,6 @@ Note: Deployment addresses are dependent on deployer's private key, FunnelFactor
 | Goerli  | FunnelFactory | 0xDd3e9D430D0681Eaa833DbD6B186E7f031f71837 |
 | Goerli  | USDC (funnel) | 0x3d5499808F8082d239a62B5c4876B6ffD23526d5 |
 
+# License
 
-# License 
-
-MIT @ 2022 Suberra
+MIT @ 2022 Suberra