Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix SafeERC20.safeApprove bug #1647
This fixes a bug reported by @nikeshnazareth (thanks a lot!), where
This check was added in v2.0 (see #1407) as a recommendation from @cwhinfrey and the LevelK team during their audit of OpenZeppelin v2.0 (which was unreleased at the time). As such, we consider this to be a minor bug, since the safety check's purpose was discouraging unsafe use of
We will be releasing a hotfix for both v2.1 and v2.0 (to support both Solidity v0.5.x and v0.4.25).
* Release candidate v2.1.0-rc.1 * Release v2.1.0 solc 0.5.x (OpenZeppelin#1568) * Now compiling in a separate directory using truffle 5. * Ported to 0.5.1, now compiling using 0.5.1. * test now also compiles using the truffle 5 hack. * Downgraded to 0.5.0. * Sorted scripts. * Cleaned up the compile script a bit. * remove linux-specific mktemp usage (OpenZeppelin#1571) (cherry picked from commit 7361ffd) * remove note about 2.0 being experimental (OpenZeppelin#1565) (cherry picked from commit 5036741) * Updated PausableCrowdsale to require solc ^0.4.24 (OpenZeppelin#1567) (cherry picked from commit 73cbad2) * Updated changelog to reflect 0.5 support. * Release candidate v2.1.0-rc.2 * Separate unsigned and signed safemath libraries (OpenZeppelin#1588) * separate unsigned and signed safemath libraries * update changelog entry for SignedSafeMath * Rename WhitelisterRole to WhitelistAdminRole. (OpenZeppelin#1589) * Rename WhitelisterRole to WhitelistAdminRole. * Update WhitelistAdmin changelog entry. * Replaced Solium in favor of Solhint (OpenZeppelin#1575) * Adding solhint, working on style fixes. * Upgraded to solhint 1.5.0. * Removed all references to Solium * Updated mocks to make the pass the new linter rules. * Reformatted the .solhint.json file a bit. * Removed Solium configuration files. * Remove Solium dependency. * Add comment explaing disabled time rule in TokenVesting. * Revert to the old (ugly?) style. * Revert SignatureBouncerMock style. * Fix ERC165InterfacesSupported interface. * silence npm output (OpenZeppelin#1590) * Updated 2.1 release date. * Release v2.1.0 * Added 2.1.1 changelog entry. * Release v2.1.1 * Add 2.2.0 changelog entry. * Migration to truffle 5 (and web3 1.0 (and BN)) (OpenZeppelin#1601) * Now compiling using truffle 5. * Migrated some test files, missing BN scientific notation usage. * Now using BN time values. * Migrate ERC20 tests. * Migrate all ERC20 tests. * Migrate utils, payment and ownership tests. * All tests save ERC721 migrated. * Migrated ERC721 tests. * Fix lint errors. * Delete old test helpers. * Fix remaining crowdsale tests. * Fix signature bouncer tests. * Update how constants is used. * Compile script pre-removes the build dir. * Fix SafeMath tests. * Revert "Compile script pre-removes the build dir." This reverts commit 247e745. * Fix linter errors. * Upgrade openzeppelin-test-helpers dependency. * Update openzeppelin-test-helpers dependency. * Define math constants globally. * Remove unnecessary ether unit. * Roll back reduced ether amounts in tests. * Remove unnecessary toNumber conversions. * Delete compile script. * Fixed failing test. * Temporarily disable solidity-coverage Travis job. * Update readme example to use 0.5.0. * Fix warnings (OpenZeppelin#1606) * Bump required compiler version to 0.5.2. * Fix shadowed variable warning in ERC20Migrator. * Rename Counter to Counters. * Add dummy state variable to SafeERC20Helper. * Update changelog entry. * Fix CountersImpl name. * Improve changelog entry. * Only publish the test suite behavior subdirectory * Move PublicRole.behavior to behavior directory. * Add some barebones PublicRole.behavior documentation. * Add changelog entry for PublicRole behavior. * Renamed test/behavior to test/behaviors. * Release v2.1.2 * ERC20._approve (OpenZeppelin#1609) * Add ERC20._approve. * Add ERC20._approve tests. * Fix linter error. * Require owner in _approve to be non-zero. * Remove unnecessary SafeMath call (OpenZeppelin#1610) * Refactor Counter to support increment and decrement. * Move Counter out of drafts. * Refactor ERC721 to use Counter. * Rollback Counter returning the current value in increment and decrement. * Update test/drafts/Counter.test.js Co-Authored-By: nventuro <email@example.com> * Improve Counter documentation. * Move Counter.test to utils. * Move back Counter to drafts. * Improve SafeMath test coverage. (OpenZeppelin#1611) * Improve SafeMath test coverage. * Fix linter error. * Split testCommutative into something more sane. * Bring back coverage report. (OpenZeppelin#1620) * Add back solidity-coverage (using fork). * Pin fork version. * Unify code comments style. (OpenZeppelin#1603) * Updated code style to no more than120 characters per line. * Unify code comments style with Doxygen-style tags. * Add ERC20 _setTokenURI (OpenZeppelin#1618) * Add _setTokenURI internal. * Rename TokenMetadata to ERC20Metadata. * Add changelog entry for ERC20Metadata. * Fix linter error. * Add breaking change changelog notice. * Fix typo in README (OpenZeppelin#1624) * ERC20 Snapshot Impl #2 (OpenZeppelin#1617) *
✏️Refactor code & Refork OZ Repo * Refactor ERC20Snapshot to use on-demand snapshots. * Add ERC20Snapshot changelog entry. * Move ERC20Snapshot to drafts. * Improve changelog entry. * Make snapshot tests clearer. * Refactor ERC20Snapshots to use Counters. * Refactor snapshot arrays into a struct. * Remove .DS_Store files. * Delete yarn.lock * Fix linter error. * simplify gitignore entry * Add a link to the minime token * Add the @dev tag * Fix typo: snapshoted * Fix typo: grater * Fix typo: to be find (OpenZeppelin#1642) * Update to preferred citation formation for ERC-721 * Use canonical EIP reference format * Clarify the ERC20Snapshot contract comment (OpenZeppelin#1638) * Add usage docs to ERC20 Snapshot (OpenZeppelin#1639) * Fix SafeERC20.safeApprove bug, improve test coverage. * Added PR links for 2.2.0 changelog entries. * Add SafeERC20 bugfix changelog entry. * Merge pull request OpenZeppelin#1647 from nventuro/safeerc20-bugfix Fix SafeERC20.safeApprove bug (cherry picked from commit 3111291) * Add bugfix backport changelog entry. * Release v2.1.3 * Merge pull request OpenZeppelin#1647 from nventuro/safeerc20-bugfix Fix SafeERC20.safeApprove bug (cherry picked from commit 3111291) * Release v2.0.1 * Add the solidity linter command to the PR template (OpenZeppelin#1653) * Add the solidity linter command to the PR template The PR template states that a contributor should run the Solidity/JS linters before submission. However, it only states the command for the JS linter. This commit adds the Solidity linter command explicitly. * Use past tense in the list of prerequisites * Nonfunctional typos OpenZeppelin#1643 (OpenZeppelin#1652) * Add IntelliJ IDE config to .gitignore * Fix variable name in ERC20 function comments * Fix typos in Arrays function comment * Fix typos in ownership test names * Fix typo in Pausable test name * Fix grammar in Ownable function comment * Fix grammar in Crowdsale contract comment * Fix typo in Counters contract comment * Fix typo in ERC721Enumerable comment * Fix typo in ERC721PausedToken test name * Fix typo in Crowdsale function comment * Fix typo in IncreasingPriceCrowdsale function comment * Fix grammar in IncreasingPriceCrowdsale test name * Fix typo in AllowanceCrowdsale test name * Fix typo in RefundEscrow function comment * Fix typo in ERC20Migrator contract comment * Fix typos in SignatureBouncer comments * Fix typo in SignedSafeMath test name * Fix typo in TokenVesting contract comment * Move Ownable comment from @notice section to @dev The Ownable contract has a comment explaining that renouncing ownership will prevent execution of functions with the onlyOwner modifier. This commit moves that comment to the @dev section and replaces it with a description suitable for a generic user. * Clarify purpose of ERC20 transfer function * Clarify registration of ERC721Enumerable interface * Clarify purpose of AllowanceCrowdsale test * Increase specificity of inheritance comments FinalizableCrowdsale and RefundableCrowsale both have comments indicating that they are extensions of the Crowdsale contract. This commit refines those comments to the most immediate ancestor ( TimedCrowdsale and RefundableCrowdsale respectively ) * Remove unused parameter in PaymentSplitter test * Rename parameter in SignatureBouncer functions The SignatureBouncer contract has modifiers to validate the message sender is authorised to perform an action. They pass msg.sender to internal functions as the variable `account`, but the function comments refer to the variable as `sender` This commit changes the variable name to `sender` * Clarify comments in SignatureBouncer functions The SignatureBouncer has comments that use the description `sender` to refer to the variable `account`. This commit updates the comments for consistency. Maintainer Note: this reverts changes in the previous commit, which renamed the variable `account` instead. * Add no-return-data ERC20 support to SafeERC20. (OpenZeppelin#1655) * Add no-return-data ERC20 support to SafeERC20. * Add changelog entry. * Replace abi.encodeWithSignature for encodeWithSelector. * Remove SafeERC20 test code duplication. * Replace assembly for abi.decode. * Fix linter errors. * Fix typo: "an uint256" -> "a uint256" (OpenZeppelin#1658) Using "a" instead of "an" makes this consistent with the comment on `allowance`. * fix weird date format (OpenZeppelin#1663) * remove .node-version file (OpenZeppelin#1665) * Add latest audit to repository (OpenZeppelin#1664) * rename previous audit to date it was performed * add latest audit * add note about latest audit in README * Add guard to ERC20Migrator migrate function (OpenZeppelin#1659) * Add guard to ERC20Migrator migrate function * Add tests for premature migration in ERC20Migrator These tests apply to the new guard condition, but they don't fail without it, since the functions revert anyway. They are added for completeness and to ensure full code coverage. * Use context block around premature migration tests We should use context blocks for situational details and describe for features or functions. * Add TimedCrowdsale::_extendTime (OpenZeppelin#1636) * Add TimedCrowdsale::_extendTime * Add tests for TimedCrowdsale extending method * Reverse event arguments order * Rename method argument * Refactor TimedCrowdsale test * Simplify TimedCrowdsaleImpl * Fix extendTime method behaviour to deny TimedCrowdsale re-opening after it was ended * Append chengelog * Update CHANGELOG.md Co-Authored-By: k06a <firstname.lastname@example.org> * Update contracts/crowdsale/validation/TimedCrowdsale.sol Co-Authored-By: k06a <email@example.com> * Improve tests * Add extcodesize check to SafeERC20. (OpenZeppelin#1662) * Add extcodesize check to SafeERC20. * Clarify some comments. * Replace inline assembly with Address.sol. * Signature Malleability: (OpenZeppelin#1622) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test. * Reorder 2.2.0 changelog entries. * Release candidate v2.2.0-rc.1 * Fix changelog entry. * Improve erc165 testing OpenZeppelin#1203 (OpenZeppelin#1666) * Rename variable from thing to contractUnderTest * Compute function signatures in ERC165 interfaces The ERC165 tests currently precompute some known interface ids. This commit extracts the interfaces into a separate object and precomputes the individual function signatures. This will be useful to identify contracts that support an interface but do not implement all of the corresponding functions. * Add tests for ERC165 interface implementations The ERC165 tests confirm that contracts claim to support particular interfaces ( using the supportsInterface method ) This commit extends those tests to confirm that the corresponding functions are included in the contract ABI. It also rewords the existing test names in order to group the implementation tests with the corresponding interface tests. * Remove obsolete ERC721Exists interface constant * Fix typo in ERC20Snapshot. (OpenZeppelin#1670) * Replace mentions of Slack for forum links. (OpenZeppelin#1671) * Replace mentions of Slack for forum links. * make forum lowercase * Add API stability doc link. (OpenZeppelin#1672) * Add API stability doc link. * Update README.md Co-Authored-By: nventuro <firstname.lastname@example.org> * Improve test script. (OpenZeppelin#1675) * Add v2.2.0 release date. * Release v2.2.0 * Make waiting for ganache to launch more robust. (OpenZeppelin#1683) * Add probot/stale to the repo. (OpenZeppelin#1681) * Remove unused return variables. (OpenZeppelin#1686) * Draft EIP 1820 (OpenZeppelin#1677) * Add barebones EIP1820 support. * Update openzeppelin-test-helpers dependency to have ERC1820 support. * Add tests for ERC1820. * Improve inline documentation. * Add changelog entry. * Update test-helpers, refactor tests to use new helpers. * Rename ERC1820 to ERC1820Implementer. * Improve implementer docstring. * Remove _implementsInterfaceForAddress. * update openzeppelin-test-helpers to 0.2.0 * Update contracts/drafts/ERC1820Implementer.sol Co-Authored-By: nventuro <email@example.com> * Fix how solidity coverage is run to allow for free events. * Fix coverage testing script. * Update openzeppelin-test-helpers dependency. * Update SafeERC20.sol (OpenZeppelin#1693) * Edit Ethereum dev framework links in README. (OpenZeppelin#1695) Added Buidler. * Exclude on-hold PRs and issues on stalebot. (OpenZeppelin#1696) * Added basic punctuation to @dev docs (OpenZeppelin#1697) (OpenZeppelin#1700) * Added basic punctuation to @dev docs (OpenZeppelin#1697) * add missing uppercase * add note about Counters rename in changelog (OpenZeppelin#1703) * Remove unused files (OpenZeppelin#1698) * Remove unused dependencies. * Remove unused mock contracts. * Fix from account in remove public role behaviors (OpenZeppelin#1710) * Add WIP bot. * Revert "Add WIP bot." This reverts commit 07fc8c7. * Add more extensive documentation to PaymentSplitter (OpenZeppelin#1713) * Update PaymentSplitter.sol * add back private function docs * add non-zero address requirement * add comprehensive contract-level docs * use capital E for Ether * Remove unnecessary SLOAD. (OpenZeppelin#1715) * Update copyright notice * Fix/rename anyone account OpenZeppelin#1357 (OpenZeppelin#1718) * replacing all instances of from: anyone with from: other * replacing all instances of from: anyone with from: other * replacing all instances of from: anyone with from: other * changing anyone to other * changing anyone to other * removing unused variables (OpenZeppelin#1719) * removing unused variables * undeleting the _ * removed unnecessary require and renaming of null to zero (OpenZeppelin#1717) * removed unnecessary require * build pipeline fix * kept as it is * Added require * Feature/erc777 OpenZeppelin#1159 (OpenZeppelin#1684) * IERC777 from specs, constants returned, up to defaultOperators. (OpenZeppelin#1159) * IERC777 oprarator approvals (OpenZeppelin#1159) * ERC777 oprarator approvals fixes and tests * IERC777 send and receive with ERC820 (OpenZeppelin#1159) * ERC777 Add burn functions and fix send functions (OpenZeppelin#1159) * ERC777 Make expectEvent compatible with web3.js 1.0 (OpenZeppelin#1159) * ERC777 Add ERC820 deploy script (OpenZeppelin#1159) * ERC777 Complete implementation of ERC777 (OpenZeppelin#1159) This implementation conforms to the current EIP * ERC777 Update ERC820 Registry contract to final version (OpenZeppelin#1159) * ERC777 Move contracts to 'drafts' folder (OpenZeppelin#1159) * ERC777: Update to ERC1820 registry and linter error fix (OpenZeppelin#1159) * ERC777: implement recent changes of EIP777 (OpenZeppelin#1159) * ERC777 Fix formatting (OpenZeppelin#1159) * ERC777 Update to solc 0.5.2 (OpenZeppelin#1159) * ERC777 Fix travis CI errors (OpenZeppelin#1159) * ERC777 Fix linter errors again... (OpenZeppelin#1159) * ERC777 Fix unit test (OpenZeppelin#1159) * ERC777 Fix unit test again (OpenZeppelin#1159) * Remove extra newlines. * Rename ERC777Base to ERC777. * Remove 'Token' from contract names. * Replace ops for operators. * Move operator check out of _send. * Remove ERC777Burnable. * Remove ERC1820Client, now using the interface directly. * Minor internal refactors in contracts. * Delete extra test helpers. * Simplified tests. * Add basic 777 tests. * Add granularity send test. * Add first operator send tests. * Add burn tests. * Refactor send and burn tests. * Improve send burn refactor. * Greatly improve test module. * Burn instead of send removed tokens. * Add operator tests. * Improve send tests under changing operators. * Refactor and merge send and burn tests. * Add missing and not-implemented tests. * Make _burn private. * Fix typo. * Greatly improve tokensToSend tests. * Refactor hook tests. * Fix hook tests. * Update openzeppelin-test-helpers and ERC1820 address. * Fix natspec indentation. * Make interface functions external. * Remove redundant private revoke and authorize functions. * Improved readability of if statement. * Remove unnecessary asserts. * Add non-one granularity test. * Fix hook call order in _mint. * Fix _mint not reverting on failure to implement tokensReceived. * Remove special case in operatorFn when from is 0. * Refactor ERC777SenderMock. * Add tokensReceived tests. * switch to updated ganache-cli-coverage fork * Fix linter errors. * Add mint tests. * Fix linter errors. * Fix tests. * Update test/drafts/ERC777/ERC777.test.js Co-Authored-By: nventuro <firstname.lastname@example.org> * Add changelog entry. * Fixes/Improves constants inline documentation. (OpenZeppelin#1707) * Fixes/Improves constants inline documentation. * Fixed solhint error. * Moved the comment before the variable * Update stalebot wording and timing. (OpenZeppelin#1722) * Fix stalebot exempt labels * Release automation (OpenZeppelin#1720) * Create autoamtic release script. * Add changelog update date script. * Improve release scripts. * Apply suggestions from code review Co-Authored-By: nventuro <email@example.com> * Apply suggestions from code review Co-Authored-By: nventuro <firstname.lastname@example.org> * Remove moment dependency. * New documentation setup (OpenZeppelin#1708) * initial docsite setup * switch from pushd to cd * install and set up solidity-docgen * use the docsite branch next for now * make it clear that env var is a repository * add a clarifying comment about a relative path * change relative to absolute path in docsite script * add docgen script * add first few READMEs for contract documentation * update solidity-docgen * add docsite as dependency and adjust script * update openzeppelin-docsite * update solidity-docgen * remove dummy text * update docgen and docsite * update openzeppelin-docsite * add netlify.toml * udpate tokens guide for 2.2 * add DOCUMENTATION.md * Update docs/learn-about-utilities.md Co-Authored-By: frangio <email@example.com> * fix PaymentSplitter docs wording * update solidity-docgen * add missing ERC20 contracts * update solidity-docgen * trigger deploy with cleared cache * update solidity-docgen * update openzeppelin-docsite * remove travis docs setup * update openzeppelin-docsite * switch to published solidity-docgen * Fix linter error. * Bump minimum Solidity version to 0.5.7 (OpenZeppelin#1724) * Bump Solidity version to 0.5.7 * Add changelog entry. * Add a vault to PostDeliveryCrowdsale. (OpenZeppelin#1721) * Add a vault to PostDeliveryCrowdsale. * Add changelog entry. * Apply suggestions from code review Co-Authored-By: nventuro <firstname.lastname@example.org> * Rename TokenVault. * add solhint ignore directive * make some updates on the get started guide (OpenZeppelin#1725) * Added message string for require() (OpenZeppelin#1704) * Error handling in ERC20 and ERC721 * Added message string for require. * Fixed solhint errors. * Updated PR as per issue OpenZeppelin#1709 * changes as per OpenZeppelin#1709 and openzeppelin forum. * Changes in require statement * Changes in require statement * build pipeline fix * Changes as per @nventuro's comment. * Update revert reason strings. * Fianal update of revert reason strings. * WIP: Updating reason strings in test cases * WIP: Added changes to ERC20 and ERC721 * Fixes linting errors in *.tes.js files * Achieved 100% code coverage * Updated the test cases with shouldFail.reverting.withMessage() * Fix package-lock. * address review comments * fix linter issues * fix remaining revert reasons * Fix remaining revert reasons. * Add revert reasons changelog entry. * update links in documentation setup description * Revert Solidity version bump. (OpenZeppelin#1729) * fix pr number in changelog * Fix solc-nightly job (OpenZeppelin#1732) * update truffle to 5.0.14 * fix setup to test with solc-nightly * switch to npx in script/test.sh * please the linter * rename build to prepack * move download of nightly build to a compile script * make compile script executable * Update vulnerable dependencies. * make nightly job conditional (OpenZeppelin#1737) * update openzeppelin-docsite to fix windows issues * Hardcode ERC777 granularity to 1, remove tests. (OpenZeppelin#1739) * Hardcode ERC777 granularity to 1, remove tests. * Add clarifying title comment. * update openzeppelin-docsite to fix windows issues (part 2) * Add ERC20 compatibility to ERC777. (OpenZeppelin#1735) * Add ERC20 compatibility. * Reusing ERC20 tests for ERC777. * Improve documentation. * Add changelog entry. * Improved ERC20 behavior tests. * Add revert reasons to ERC777. * ERC20 methods allow sending tokens to contracts with no interface. * Register ERC20 interface. * Add comment about avoidLockingTokens. * Improve revert reason string. * Make ERC777 implement IERC20. * Fix test revert string. * Remove unnecesary require. * Add private _transfer. * Update contracts/drafts/ERC777/ERC777.sol Co-Authored-By: nventuro <email@example.com> * Update private helper names. * Inline keccak256 result (OpenZeppelin#1741) * inline keccak256 result * Update ERC777.sol * switch hex constant style * Update ERC777.sol * Fix linter. * Move ERC1820 and ERC777 out of drafts (OpenZeppelin#1742) * Moved ERC1820 related contracts out of drafts and into introspection. * Moved ERC777 related contracts out of drafts and into token. * Remove broken linter rule. * Move ERC1820 and ERC777 tests out of drafts. * Add RSK support to latests OZ