Improve SafeERC20 allowance handling #1404

nventuro · 2018-10-10T13:28:47Z

Currently, SafeERC20's allowance-related functionality is restricted to a safeApprove function, which is vulnerable to the well-known non-zero approval issue in the ERC20 spec. We should:

add safeIncreaseAllowance and safeDecreaseAllowance, with require on the return value of the ERC20 functions
add extra requires to safeApprove so that it only works if the new or old allowance are 0 (i.e. it only sets an initial allowance, or sets it to 0, which are the only safe scenarios).

This way, we'll be guiding users to the best practices regarding ERC20 tokens.

Props to @cwhinfrey and the Level K team for suggesting this!

The text was updated successfully, but these errors were encountered:

nventuro · 2018-10-10T23:21:49Z

@Aniket-Engg this is a great one for you to take, if you're up to it :)

…g/zeppelin-solidity

* signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * allowance methods in library * Improved SafeERC20 tests. * Fixed test coverage.

* signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * allowance methods in library * Improved SafeERC20 tests. * Fixed test coverage. (cherry picked from commit 315f426)

…1481) * signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * conflict fixes * fixes #1456

* signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * conflict fixes * fixes #1386 * Update SafeMath.test.js

* signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * conflict fixes * fixes #1512 * Update test/token/ERC721/ERC721Full.test.js Co-Authored-By: Aniket-Engg <30843294+Aniket-Engg@users.noreply.github.com>

* signing prefix added * Minor improvement * Tests changed * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * conflict fixes * fixes #1205 * minor change * suggested changes * reviewed changes * final update

* signing prefix added * Minor improvement * Successfully tested * Minor improvements * Minor improvements * Revert "Dangling commas are now required. (#1359)" This reverts commit a688977. * updates * fixes #1404 * approve failing test * suggested changes done * ISafeERC20 removed * conflict fixes * added examples * fixes #706 * linting * fixes #204 * file fixing * deep bignumber comparison removed * Update SafeERC20Helper.sol * Update IERC20.sol * Update SafeERC20.sol * Update package-lock.json * Revert "deep bignumber comparison removed" This reverts commit 230b272.

nventuro added contracts Smart contract code. breaking change Changes that break backwards compatibility of the public API. labels Oct 10, 2018

nventuro added this to the v2.0 milestone Oct 10, 2018

nventuro added the help wanted label Oct 10, 2018

Aniket-Engg added a commit to Aniket-Engg/zeppelin-solidity that referenced this issue Oct 11, 2018

fixes OpenZeppelin#1404

23df893

Aniket-Engg mentioned this issue Oct 11, 2018

Improved SafeERC20 allowance handling #1407

Merged

Aniket-Engg added a commit to Aniket-Engg/zeppelin-solidity that referenced this issue Oct 16, 2018

Merge branch 'fix/OpenZeppelin#1404' of https://github.com/Aniket-Eng…

998dfd7

…g/zeppelin-solidity

nventuro closed this as completed in #1407 Oct 18, 2018

Aniket-Engg added a commit to Aniket-Engg/zeppelin-solidity that referenced this issue Dec 21, 2018

fixes OpenZeppelin#1404

9bb5670

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve SafeERC20 allowance handling #1404

Improve SafeERC20 allowance handling #1404

nventuro commented Oct 10, 2018 •

edited

nventuro commented Oct 10, 2018

Improve SafeERC20 allowance handling #1404

Improve SafeERC20 allowance handling #1404

Comments

nventuro commented Oct 10, 2018 • edited

nventuro commented Oct 10, 2018

nventuro commented Oct 10, 2018 •

edited