New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add internal _flashFee without validation to ERC20FlashMint #3331
Comments
A fix for this would be to define an internal function |
Is it ok to make a major change? Adding |
Just seeing the question in the last comment.
The override modifier shouldn't be removed. |
Hey @frangio I would like to work on this issue, can I start working on it? |
Yes go ahead. |
ok |
Hey @frangio do I need to write the tests or is it fine if I push the code directly? |
the new code need to be covered by test. Existing one may or may not be enough. In this case, we will probably want some small tests. |
What type of test will be needed? |
@nirban256 Please just do your best effort to test it and open a PR, we will leave feedback in the PR. |
ok @frangio |
馃 Motivation
I have came across the below function where implementers can to override to customize the functionality.
The thing is the validation within the base implementation. Basically as a developer, I would expect the function to act as getter returning the fee amount while keeping all validations in place. But overriding this function leads to overriding the default validations as well.
Similar case can be seen in the below function. But this time the base implementation has assumption than can be overloaded as well.
I believe such flow (validation/assumption within override functions) is dangerous and should be addressed to mitigate the risks that could arise in implementation contracts.
The text was updated successfully, but these errors were encountered: