Truncate approve request out of value bounds

2023-10-05 17:41:52 +01:00 · 2023-10-05 17:41:52 +01:00 · a40385a5a0
parent d7051b26c0
commit a40385a5a0
5 changed files with 37 additions and 4 deletions
--- a/python/erc20_demurrage_token/data/DemurrageTokenSingleNocap.bin
+++ b/python/erc20_demurrage_token/data/DemurrageTokenSingleNocap.bin
--- a/python/erc20_demurrage_token/data/DemurrageTokenSingleNocap.metadata.json
+++ b/python/erc20_demurrage_token/data/DemurrageTokenSingleNocap.metadata.json
--- a/python/setup.cfg
+++ b/python/setup.cfg
@ -1,6 +1,6 @@
 [metadata]
 name = erc20-demurrage-token
-version = 0.5.5
+version = 0.5.6
 description = ERC20 token with redistributed continual demurrage
 author = Louis Holbrook
 author_email = dev@holbrook.no
--- a/python/tests/test_basic.py
+++ b/python/tests/test_basic.py
@ -308,6 +308,30 @@ class TestBasic(TestDemurrageDefault):
        self.assertEqual(r['status'], 1)


+    def test_approve_max(self):
+        nonce_oracle = RPCNonceOracle(self.accounts[0], self.rpc)
+        c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)
+        (tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], int.from_bytes(b'\xff' * 32, byteorder='big'))
+        self.rpc.do(o)
+        o = receipt(tx_hash)
+        r = self.rpc.do(o)
+        self.assertEqual(r['status'], 1)
+
+        (tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], 0)
+        self.rpc.do(o)
+        o = receipt(tx_hash)
+        r = self.rpc.do(o)
+        self.assertEqual(r['status'], 1)
+
+        self.backend.time_travel(self.start_time + (60 * 60 * 24 * 365 * 10))
+        c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)
+        (tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], int.from_bytes(b'\xff' * 32, byteorder='big'))
+        self.rpc.do(o)
+        o = receipt(tx_hash)
+        r = self.rpc.do(o)
+        self.assertEqual(r['status'], 1)
+
+
    def test_transfer_from(self):
        nonce_oracle = RPCNonceOracle(self.accounts[0], self.rpc)
        c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)
--- a/solidity/DemurrageTokenSingleNocap.sol
+++ b/solidity/DemurrageTokenSingleNocap.sol
@ -6,6 +6,8 @@ import "aux/ABDKMath64x64.sol";

 contract DemurrageTokenSingleNocap {

+	uint256 constant VALUE_LIMIT = 1 << 63;
+
 	struct redistributionItem {
 		uint32 period;
 		uint72 value;
@ -597,7 +599,14 @@ contract DemurrageTokenSingleNocap {
 		
 		changePeriod();

-		baseValue = toBaseAmount(_value);
+		// dex code will attempt uint256max approve, but contract cannot handle that size
+		// truncate to biggest possible value
+		if (_value <= VALUE_LIMIT) {
+			baseValue = toBaseAmount(_value);
+		} else {
+			baseValue = VALUE_LIMIT;
+		}
+
 		allowance[msg.sender][_spender] = baseValue;
 		emit Approval(msg.sender, _spender, _value);
 		return true;