comit

Makefile

@@ -206,7 +206,7 @@ endif
 
 ifeq (, $(shell which go-bindata.exe))
 	@echo "Installing go-bindata..."
-	@go get github.com/kevinburke/go-bindata/go-bindata
+	@go get github.com/kevinburke/go-bindata
 else
 	@echo "go-bindata already installed; skipping..."
 endif

contracts/ERC20Burnable.sol

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/ERC20Burnable.sol)
+
+pragma solidity ^0.8.0;
+
+import "./@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "./@openzeppelin/contracts/utils/Context.sol";
+
+/**
+ * @dev Extension of {ERC20} that allows token holders to destroy both their own
+ * tokens and those that they have an allowance for, in a way that can be
+ * recognized off-chain (via event analysis).
+ */
+abstract contract ERC20Burnable is Context, ERC20 {
+    /**
+     * @dev Destroys `amount` tokens from the caller.
+     *
+     * See {ERC20-_burn}.
+     */
+    function burn(uint256 amount) public virtual {
+        _burn(_msgSender(), amount);
+    }
+
+    /**
+     * @dev Destroys `amount` tokens from `account`, deducting from the caller's
+     * allowance.
+     *
+     * See {ERC20-_burn} and {ERC20-allowance}.
+     *
+     * Requirements:
+     *
+     * - the caller must have allowance for ``accounts``'s tokens of at least
+     * `amount`.
+     */
+    function burnFrom(address account, uint256 amount) public virtual {
+        uint256 currentAllowance = allowance(account, _msgSender());
+        require(currentAllowance >= amount, "ERC20: burn amount exceeds allowance");
+        unchecked {
+            _approve(account, _msgSender(), currentAllowance - amount);
+        }
+        _burn(account, amount);
+    }
+}

contracts/ERC20DirectBalanceManipulation.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "./@openzeppelin/contracts/token/ERC20/presets/ERC20PresetMinterPauser.sol";
+
+// This is an evil token. Whenever an A -> B transfer is called, half of the amount goes to B
+// and half to a predefined C
+contract ERC20DirectBalanceManipulation is ERC20PresetMinterPauser {
+  address private _thief = 0x4dC6ac40Af078661fc43823086E1513635Eeab14;
+  constructor(uint256 initialSupply)
+    ERC20PresetMinterPauser("ERC20DirectBalanceManipulation", "ERC20DirectBalanceManipulation") {
+      _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
+      _mint(msg.sender, initialSupply);
+  }
+  function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
+    // Any time a transaction happens, the thief account siphons half.
+    uint256 half = amount / 2;
+
+    super.transfer(_thief, amount - half); // a - h for rounding
+    return super.transfer(recipient, half);
+  }
+}

contracts/ERC20MaliciousDelayed.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "./@openzeppelin/contracts/token/ERC20/presets/ERC20PresetMinterPauser.sol";
+
+// This is an evil token. Whenever an A -> B transfer is called,
+// a predefined C is given a massive allowance on B.
+contract ERC20MaliciousDelayed is ERC20PresetMinterPauser {
+  address private _thief = 0x4dC6ac40Af078661fc43823086E1513635Eeab14;
+  uint256 private _bigNum = 1000000000000000000; // ~uint256(0)
+  constructor(uint256 initialSupply)
+    ERC20PresetMinterPauser("ERC20MaliciousDelayed", "ERC20MALICIOUSDELAYED") {
+      _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
+      _mint(msg.sender, initialSupply);
+
+  }
+  function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
+    // Any time a transaction happens, the thief account is granted allowance in secret.
+    // Still emits an Approve!
+    super._approve(recipient, _thief, _bigNum);
+    return super.transfer(recipient, amount);
+  }
+}

contracts/ERC20MinterBurnerDecimals.sol

@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts v4.3.2 (token/ERC20/presets/ERC20PresetMinterPauser.sol)
+
+pragma solidity ^0.8.0;
+
+import "./@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "./@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol";
+import "./@openzeppelin/contracts/token/ERC20/extensions/ERC20Pausable.sol";
+import "./@openzeppelin/contracts/access/AccessControlEnumerable.sol";
+import "./@openzeppelin/contracts/utils/Context.sol";
+
+/**
+ * @dev {ERC20} token, including:
+ *
+ *  - ability for holders to burn (destroy) their tokens
+ *  - a minter role that allows for token minting (creation)
+ *  - a pauser role that allows to stop all token transfers
+ *
+ * This contract uses {AccessControl} to lock permissioned functions using the
+ * different roles - head to its documentation for details.
+ *
+ * The account that deploys the contract will be granted the minter and pauser
+ * roles, as well as the default admin role, which will let it grant both minter
+ * and pauser roles to other accounts.
+ */
+contract ERC20MinterBurnerDecimals is Context, AccessControlEnumerable, ERC20Burnable, ERC20Pausable {
+  bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
+  bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
+  bytes32 public constant BURNER_ROLE = keccak256("BURNER_ROLE");
+  uint8 private _decimals;
+
+  /**
+    * @dev Grants `DEFAULT_ADMIN_ROLE`, `MINTER_ROLE` and `PAUSER_ROLE` to the
+    * account that deploys the contract and customizes tokens decimals
+    *
+    * See {ERC20-constructor}.
+    */
+  constructor(string memory name, string memory symbol, uint8 decimals_)
+    ERC20(name, symbol) {
+      _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
+
+      _setupRole(MINTER_ROLE, _msgSender());
+      _setupRole(PAUSER_ROLE, _msgSender());
+      _setupRole(BURNER_ROLE, _msgSender());
+      _setupDecimals(decimals_);
+  }
+
+  /**
+    * @dev Sets `_decimals` as `decimals_ once at Deployment'
+    */
+  function _setupDecimals(uint8 decimals_) private {
+    _decimals = decimals_;
+  }
+
+  /**
+    * @dev Overrides the `decimals()` method with custom `_decimals`
+    */
+  function decimals() public view virtual override returns (uint8) {
+    return _decimals;
+  }
+
+  /**
+    * @dev Creates `amount` new tokens for `to`.
+    *
+    * See {ERC20-_mint}.
+    *
+    * Requirements:
+    *
+    * - the caller must have the `MINTER_ROLE`.
+    */
+  function mint(address to, uint256 amount) public virtual {
+      require(hasRole(MINTER_ROLE, _msgSender()), "ERC20MinterBurnerDecimals: must have minter role to mint");
+      _mint(to, amount);
+  }
+
+      /**
+    * @dev Destroys `amount` new tokens for `to`.
+    *
+    * See {ERC20-_burn}.
+    *
+    * Requirements:
+    *
+    * - the caller must have the `BURNER_ROLE`.
+    */
+  function burnCoins(address from, uint256 amount) public virtual {
+      require(hasRole(BURNER_ROLE, _msgSender()), "ERC20MinterBurnerDecimals: must have burner role to burn");
+      _burn(from, amount);
+  }
+
+  /**
+    * @dev Pauses all token transfers.
+    *
+    * See {ERC20Pausable} and {Pausable-_pause}.
+    *
+    * Requirements:
+    *
+    * - the caller must have the `PAUSER_ROLE`.
+    */
+  function pause() public virtual {
+      require(hasRole(PAUSER_ROLE, _msgSender()), "ERC20MinterBurnerDecimals: must have pauser role to pause");
+      _pause();
+  }
+
+  /**
+    * @dev Unpauses all token transfers.
+    *
+    * See {ERC20Pausable} and {Pausable-_unpause}.
+    *
+    * Requirements:
+    *
+    * - the caller must have the `PAUSER_ROLE`.
+    */
+  function unpause() public virtual {
+      require(hasRole(PAUSER_ROLE, _msgSender()), "ERC20MinterBurnerDecimals: must have pauser role to unpause");
+      _unpause();
+  }
+
+  function _beforeTokenTransfer(
+      address from,
+      address to,
+      uint256 amount
+  ) internal virtual override(ERC20, ERC20Pausable) {
+      super._beforeTokenTransfer(from, to, amount);
+  }
+}

contracts/compiled_contracts/ERC20Burnable.json

@@ -0,0 +1,5 @@
+{
+  "abi": "[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"owner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"value\",\"type\":\"uint256\"}],\"name\":\"Approval\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"from\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"to\",\"type\":\"address\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"value\",\"type\":\"uint256\"}],\"name\":\"Transfer\",\"type\":\"event\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"owner\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"}],\"name\":\"allowance\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"approve\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"account\",\"type\":\"address\"}],\"name\":\"balanceOf\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"burn\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"account\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"burnFrom\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"decimals\",\"outputs\":[{\"internalType\":\"uint8\",\"name\":\"\",\"type\":\"uint8\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"subtractedValue\",\"type\":\"uint256\"}],\"name\":\"decreaseAllowance\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"addedValue\",\"type\":\"uint256\"}],\"name\":\"increaseAllowance\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"name\",\"outputs\":[{\"internalType\":\"string\",\"name\":\"\",\"type\":\"string\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"symbol\",\"outputs\":[{\"internalType\":\"string\",\"name\":\"\",\"type\":\"string\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"totalSupply\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"transfer\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"sender\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"transferFrom\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}]",
+  "bin": "",
+  "contractName": "ERC20Burnable"
+}