diff --git a/src/mixins/ERC4626.sol b/src/mixins/ERC4626.sol index af56c156..aa3d6001 100644 --- a/src/mixins/ERC4626.sol +++ b/src/mixins/ERC4626.sol @@ -31,11 +31,7 @@ abstract contract ERC4626 is ERC20 { ERC20 public immutable asset; - constructor( - ERC20 _asset, - string memory _name, - string memory _symbol - ) ERC20(_name, _symbol, _asset.decimals()) { + constructor(ERC20 _asset, string memory _name, string memory _symbol) ERC20(_name, _symbol, _asset.decimals()) { asset = _asset; } @@ -70,17 +66,16 @@ abstract contract ERC4626 is ERC20 { afterDeposit(assets, shares); } - function withdraw( - uint256 assets, - address receiver, - address owner - ) public virtual returns (uint256 shares) { + function withdraw(uint256 assets, address receiver, address owner) public virtual returns (uint256 shares) { shares = previewWithdraw(assets); // No need to check for rounding error, previewWithdraw rounds up. if (msg.sender != owner) { uint256 allowed = allowance[owner][msg.sender]; // Saves gas for limited approvals. - if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares; + if (allowed != type(uint256).max) { + require(assets <= allowance[owner][msg.sender], "amount to be withdraw is more than allowed"); + allowance[owner][msg.sender] = allowed - shares; + } } beforeWithdraw(assets, shares); @@ -92,11 +87,7 @@ abstract contract ERC4626 is ERC20 { asset.safeTransfer(receiver, assets); } - function redeem( - uint256 shares, - address receiver, - address owner - ) public virtual returns (uint256 assets) { + function redeem(uint256 shares, address receiver, address owner) public virtual returns (uint256 assets) { if (msg.sender != owner) { uint256 allowed = allowance[owner][msg.sender]; // Saves gas for limited approvals.