Add tests for ERC20 as per pdaian's suggestions #616

spalladino · 2017-12-19T19:23:09Z

On his audit for Tether, @pdaian identified some code paths in the ERC20 token contract which did not have explicit unit tests to exercise them.

Add a test case for each of the following:

Testing the code path in approve that does not allow non-zero approval with an
existing non-zero allowance. Furthermore, the documentation does not sufficiently
warn contract implementers to use the "set to 0, check, then reset" pattern for more
than one approval operation.
transferFrom should also check for the ability to transfer more than balance when
allowance is correctly set.
Tests with zero values are generally missing, though manual inspection shows that
the class’s guarantees will not be violated with such values. Interestingly, the transferFrom
and transfer methods impose a payload size restriction representing such
a check, for which a test is missing. The allowance method does not feature this
modifier, allowing for the creation of transfer approvals that can never be executed.
This does not seem to be a substantial security risk in the contract.
Tests with zero-length (null) addresses are generally missing, though manual inspection
shows that the class’s guarantees will not be violated with such addresses.

facuspagnuolo · 2018-02-08T17:36:31Z

Fixed in #686

spalladino added the good first issue Low hanging fruit for new contributors to get involved! label Dec 19, 2017

theethernaut added backlog and removed backlog labels Jan 2, 2018

mancze mentioned this issue Jan 17, 2018

Add tests for ERC20 #686

Closed

facuspagnuolo mentioned this issue Jan 28, 2018

Improve ERC20 tests coverage #712

Merged

facuspagnuolo closed this as completed Feb 8, 2018

facuspagnuolo removed the backlog label Feb 8, 2018

Provide feedback