You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On his audit for Tether, @pdaian identified some code paths in the ERC20 token contract which did not have explicit unit tests to exercise them.
Add a test case for each of the following:
Testing the code path in approve that does not allow non-zero approval with an
existing non-zero allowance. Furthermore, the documentation does not sufficiently
warn contract implementers to use the "set to 0, check, then reset" pattern for more
than one approval operation.
transferFrom should also check for the ability to transfer more than balance when
allowance is correctly set.
Tests with zero values are generally missing, though manual inspection shows that
the class’s guarantees will not be violated with such values. Interestingly, the transferFrom
and transfer methods impose a payload size restriction representing such
a check, for which a test is missing. The allowance method does not feature this
modifier, allowing for the creation of transfer approvals that can never be executed.
This does not seem to be a substantial security risk in the contract.
Tests with zero-length (null) addresses are generally missing, though manual inspection
shows that the class’s guarantees will not be violated with such addresses.
The text was updated successfully, but these errors were encountered:
On his audit for Tether, @pdaian identified some code paths in the ERC20 token contract which did not have explicit unit tests to exercise them.
Add a test case for each of the following:
existing non-zero allowance. Furthermore, the documentation does not sufficiently
warn contract implementers to use the "set to 0, check, then reset" pattern for more
than one approval operation.
allowance is correctly set.
the class’s guarantees will not be violated with such values. Interestingly, the transferFrom
and transfer methods impose a payload size restriction representing such
a check, for which a test is missing. The allowance method does not feature this
modifier, allowing for the creation of transfer approvals that can never be executed.
This does not seem to be a substantial security risk in the contract.
shows that the class’s guarantees will not be violated with such addresses.
The text was updated successfully, but these errors were encountered: