Skip to content

Issue K: Unsafe ERC20 Token Transfer #762

New issue

Have a question about this project? Sign up for a free account to open an issue and contact its maintainers and the community.

Sign up for

By clicking “Sign up for ”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on ? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 23, 2022
Merged

Issue K: Unsafe ERC20 Token Transfer #762

merged 2 commits into from
Jun 23, 2022

Conversation

daveroga
Copy link
Contributor

@daveroga daveroga commented Jun 14, 2022
edited
Loading

Fix issue #133

Location

/nightfall-deployer/contracts/Shield.sol

Synopsis

ERC20 tokens transfer and transferFrom are unsafe methods for token transfers that do not adhere to the IERC20 standard of reverting in the case of failure. In some cases, these methods may cause tokens to be locked in the contract.

Impact

User funds may potentially get locked in the contract.

Remediation

We recommend the use of the standard safe transfer wrapper by OpenZeppelin.

Done

  • Use of SafeERC20Upgradeable from OpenZeppelin as it's compatible with our upgradeable contracts.
  • Replaced all transfers in the contract with safeTransfer and safeTransferFrom.

Refactor

  • Added IERC721 and IERC1155 in order to follow also OpenZeppelin recommendations.
  • Removed unused ERCInterface.sol contract.
  • Removed unused ERCStub.sol, ERC721_2Mock.sol and ERC1155_2Mock.sol mocks contracts.
  • Mocks in mocks folder in contracts in nightfall-developer.

@daverogadaveroga marked this pull request as ready for review June 14, 2022 10:42
@daverogadaveroga force-pushed the daveroga/safe-erc20 branch from 61f0075 to 822122c Compare June 20, 2022 10:30
@druiz0992druiz0992 added the One more approval neededOne reviewer has approved this PR but another is neededlabel Jun 22, 2022
@IlyasRidhuanIlyasRidhuan merged commit 3a54476 into master Jun 23, 2022
@IlyasRidhuanIlyasRidhuan deleted the daveroga/safe-erc20 branch June 23, 2022 08:13
Sign up for free to join this conversation on . Already have an account? Sign in to comment
Reviewers

@IlyasRidhuan IlyasRidhuan IlyasRidhuan approved these changes

@druiz0992 druiz0992 druiz0992 approved these changes

Assignees
No one assigned
Labels
One more approval neededOne reviewer has approved this PR but another is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

3 participants
@daveroga @IlyasRidhuan @druiz0992