Truncate approve request out of value bounds

This commit is contained in:
lash 2023-10-05 17:41:52 +01:00
parent d7051b26c0
commit a40385a5a0
Signed by: lash
GPG Key ID: 21D2E7BB88C2A746
5 changed files with 37 additions and 4 deletions

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,6 @@
[metadata]
name = erc20-demurrage-token
version = 0.5.5
version = 0.5.6
description = ERC20 token with redistributed continual demurrage
author = Louis Holbrook
author_email = dev@holbrook.no

View File

@ -308,6 +308,30 @@ class TestBasic(TestDemurrageDefault):
self.assertEqual(r['status'], 1)
def test_approve_max(self):
nonce_oracle = RPCNonceOracle(self.accounts[0], self.rpc)
c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)
(tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], int.from_bytes(b'\xff' * 32, byteorder='big'))
self.rpc.do(o)
o = receipt(tx_hash)
r = self.rpc.do(o)
self.assertEqual(r['status'], 1)
(tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], 0)
self.rpc.do(o)
o = receipt(tx_hash)
r = self.rpc.do(o)
self.assertEqual(r['status'], 1)
self.backend.time_travel(self.start_time + (60 * 60 * 24 * 365 * 10))
c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)
(tx_hash, o) = c.approve(self.address, self.accounts[0], self.accounts[1], int.from_bytes(b'\xff' * 32, byteorder='big'))
self.rpc.do(o)
o = receipt(tx_hash)
r = self.rpc.do(o)
self.assertEqual(r['status'], 1)
def test_transfer_from(self):
nonce_oracle = RPCNonceOracle(self.accounts[0], self.rpc)
c = DemurrageToken(self.chain_spec, signer=self.signer, nonce_oracle=nonce_oracle)

View File

@ -6,6 +6,8 @@ import "aux/ABDKMath64x64.sol";
contract DemurrageTokenSingleNocap {
uint256 constant VALUE_LIMIT = 1 << 63;
struct redistributionItem {
uint32 period;
uint72 value;
@ -597,7 +599,14 @@ contract DemurrageTokenSingleNocap {
changePeriod();
baseValue = toBaseAmount(_value);
// dex code will attempt uint256max approve, but contract cannot handle that size
// truncate to biggest possible value
if (_value <= VALUE_LIMIT) {
baseValue = toBaseAmount(_value);
} else {
baseValue = VALUE_LIMIT;
}
allowance[msg.sender][_spender] = baseValue;
emit Approval(msg.sender, _spender, _value);
return true;