[Hacken 2022-11-25 High #3] Data Consistency #32
Labels
Milestone
Comments
zhongfu
changed the title
zlace0x
added a commit
that referenced
this issue
Dec 5, 2022
…ounts for transferFrom() and transfer()
Merged
Merged
|
should be fixed for as for |
zlace0x
added a commit
that referenced
this issue
Dec 12, 2022
* fix: addresses #32, allowance() amount should reflect transferable amounts for transferFrom() and transfer() * fix: comment contradition #43 * wip: added overflow test cases according to #30, identified area of overflow * fix: potential fix for #30 * refactor: adhere to checks-effects-interaction pattern #35 * fix: make allowance() external #45 * fix: dropped virtual from permit, permitRenewable #44 * refactor: added require reason * chore: added gas reports * fix: solidity compiler for deploy script * Chore/natspec (#53) * style: grouped functions * forge install: openzeppelin-contracts * chore: updates to lib * chore: natspec comments for contracts * chore: closes #39 and #40 * chore: removed unused solmate * refactor: moved saturatingAdd to mathUtil * chore: cleanup * Apply suggestions from code review Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * fix: resolve some comments * doc: generated docs under doc/ * chore: cleanups on comments * style: use custom errors instead (#56) * style: use custom errors instead * fix: structured files for custom errors * style: change INITIAL values to upper-case * Update src/Funnel.sol Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * chore: fix comments slashes * fix: apply linter version changes Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <zlace0x@gmail.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0xyz@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com>
zlace0x
added a commit
that referenced
this issue
Dec 12, 2022
* fix: resolves #48 resolves 45 resolves #44 resolves #41 resolves #38 * fix: closes #34 * fix: zero address validation and make functions external. Closes #42 closes #45 * fixed pragma. closes #36 * fix as 0.8.17 * fix: remove solmate * refactor: PR comments - reorder imports, fix qoutes - removed virtual for _checkOn* functions - added virtual to supportsInterface - fix compiler version to 0.8.17 * fix: addresses #32, allowance() amount should reflect transferable amounts for transferFrom() and transfer() * fix: comment contradition #43 * wip: added overflow test cases according to #30, identified area of overflow * fix: potential fix for #30 * refactor: adhere to checks-effects-interaction pattern #35 * fix: make allowance() external #45 * fix: dropped virtual from permit, permitRenewable #44 * refactor: added require reason * chore: added gas reports * fix: solidity compiler for deploy script * Chore/natspec (#53) * style: grouped functions * forge install: openzeppelin-contracts * chore: updates to lib * chore: natspec comments for contracts * chore: closes #39 and #40 * chore: removed unused solmate * refactor: moved saturatingAdd to mathUtil * chore: cleanup * Apply suggestions from code review Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * fix: resolve some comments * doc: generated docs under doc/ * chore: cleanups on comments * style: use custom errors instead (#56) * style: use custom errors instead * fix: structured files for custom errors * style: change INITIAL values to upper-case * Update src/Funnel.sol Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> * chore: fix comments slashes * fix: apply linter version changes Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: zlace0x <zlace0x@gmail.com> Co-authored-by: zlace0x <81418809+zlace0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0x@users.noreply.github.com> Co-authored-by: Edison <6057323+edison0xyz@users.noreply.github.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The approvals performed in the Funnel contract are not connected with the approvals done in the
_baseTokentokens.The
EIP-5827should check if it has enough allowance in_baseTokenin functionsallowance(),transferFrom(), andtransfer().In situations where the allowance in
_baseTokenis less than the allowance calculated by Funnel, there will be data inconsistency and denial of service in transfer functions.Path
./src/Funnel.sol : allowance(), transferFrom(), transfer()
Recommendation
Consider checking allowance from
_baseTokenand compare it with_ramainingAllowance. React to the result in a friendly user manner.Status
New
The text was updated successfully, but these errors were encountered: