-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #287 from VenusProtocol/fix/funds-certik-2023-08
[VEN-1798]: Fix Certik 2023-08 findings for PSR/RiskFund/Shortfall contracts
- Loading branch information
Showing
8 changed files
with
223 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// SPDX-License-Identifier: MIT | ||
|
||
pragma solidity 0.8.13; | ||
|
||
import { IERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol"; | ||
|
||
library ApproveOrRevert { | ||
/// @notice Thrown if a contract is unable to approve a transfer | ||
error ApproveFailed(); | ||
|
||
/// @notice Approves a transfer, ensuring that it is successful. This function supports non-compliant | ||
/// tokens like the ones that don't return a boolean value on success. Thus, such approve call supports | ||
/// three different kinds of tokens: | ||
/// * Compliant tokens that revert on failure | ||
/// * Compliant tokens that return false on failure | ||
/// * Non-compliant tokens that don't return a value | ||
/// @param token The contract address of the token which will be transferred | ||
/// @param spender The spender contract address | ||
/// @param amount The value of the transfer | ||
function approveOrRevert( | ||
IERC20Upgradeable token, | ||
address spender, | ||
uint256 amount | ||
) internal { | ||
bytes memory callData = abi.encodeCall(token.approve, (spender, amount)); | ||
|
||
// solhint-disable-next-line avoid-low-level-calls | ||
(bool success, bytes memory result) = address(token).call(callData); | ||
|
||
if (!success || (result.length != 0 && !abi.decode(result, (bool)))) { | ||
revert ApproveFailed(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
// SPDX-License-Identifier: MIT | ||
|
||
pragma solidity 0.8.13; | ||
|
||
import { IERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol"; | ||
import { ApproveOrRevert } from "../../lib/ApproveOrRevert.sol"; | ||
|
||
contract ApproveOrRevertHarness { | ||
using ApproveOrRevert for IERC20Upgradeable; | ||
|
||
function approve( | ||
IERC20Upgradeable token, | ||
address spender, | ||
uint256 amount | ||
) external { | ||
token.approveOrRevert(spender, amount); | ||
} | ||
} |
Oops, something went wrong.