Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ENG 377 Delayed malicious effects #192

Merged
merged 12 commits into from
Jan 6, 2022
Merged

ENG 377 Delayed malicious effects #192

merged 12 commits into from
Jan 6, 2022

Conversation

danburck
Copy link
Contributor

@danburck danburck commented Jan 4, 2022
edited
Loading

Description

Closes: https://linear.app/tharsis/issue/ENG-377/if-ethermint-06-delayed-malicious-effects-via-the-erc20sol

This PR adds the monitorApprovalEvent checks for nativeToken conversions in order to prevent malicious contracts to change the balances differently than expected by using the approve method.

  • bug(erc20): Add monitorApprovalEvent to conversion methods
  • check for approve event on for native ERC20' '
  • Update Spec

@linear
Copy link

linear bot commented Jan 4, 2022

ENG-377 IF-ETHERMINT-06: Delayed malicious effects via the ERC20.sol implementation

  • Check that the event doesn't execute Approve event for delayed allowances
  • Update spec

@github-actions github-actions bot added the docs label Jan 4, 2022
@codecov
Copy link

codecov bot commented Jan 4, 2022
edited
Loading

Codecov Report

Merging #192 (9c4477e) into main (f2dec8e) will increase coverage by 0.06%.
The diff coverage is 76.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #192      +/-   ##
==========================================
+ Coverage   70.89%   70.95%   +0.06%     
==========================================
  Files          32       32              
  Lines        2065     2090      +25     
==========================================
+ Hits         1464     1483      +19     
- Misses        531      535       +4     
- Partials       70       72       +2
Impacted Files Coverage Δ
x/erc20/keeper/msg_server.go 69.33% <76.00%> (+0.60%) ⬆️

@danburck danburck marked this pull request as ready for review January 5, 2022 15:17
fedekunze
fedekunze approved these changes Jan 5, 2022
View reviewed changes
Copy link
Contributor

@fedekunze fedekunze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, minor comment

x/erc20/keeper/msg_server.go Outdated Show resolved Hide resolved
x/erc20/keeper/msg_server.go Outdated Show resolved Hide resolved
@danburck danburck merged commit a6d52d5 into main Jan 6, 2022
@danburck danburck deleted the ENG-377-Delayed-malicious-effects branch January 6, 2022 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fedekunze fedekunze fedekunze approved these changes

@jolube jolube Awaiting requested review from jolube

@khoslaventures khoslaventures Awaiting requested review from khoslaventures

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danburck @fedekunze