GitBross Acasă Explorează Ajutor
Înregistrare Autentificare
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

Document risk of `SafeERC20` and `ERC-7674` (#5262)

cairo 11 luni în urmă
părinte
fe6249ec2c
comite
3291252c86
2 a modificat fișierele cu 19 adăugiri și 0 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 5 0
      .changeset/yellow-tables-sell.md
  2. 14 0
      contracts/token/ERC20/utils/SafeERC20.sol

+ 5 - 0
.changeset/yellow-tables-sell.md
Vizualizați fișierul 

@@ -0,0 +1,5 @@
 
+---
 
+'openzeppelin-solidity': minor
 
+---
 
+
 
+`SafeERC20`: Document risks of `safeIncreaseAllowance` and `safeDecreaseAllowance` when associated with ERC-7674.

+ 14 - 0
contracts/token/ERC20/utils/SafeERC20.sol
Vizualizați fișierul 

@@ -46,6 +46,11 @@ library SafeERC20 {
 
     /**
 
      * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
 
      * non-reverting calls are assumed to be successful.
 
+     *
 
+     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
 
+     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
 
+     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
 
+     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
 
      */
 
     function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
 
         uint256 oldAllowance = token.allowance(address(this), spender);
 
@@ -55,6 +60,11 @@ library SafeERC20 {
 
     /**
 
      * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
 
      * value, non-reverting calls are assumed to be successful.
 
+     *
 
+     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
 
+     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
 
+     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
 
+     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
 
      */
 
     function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
 
         unchecked {
 
@@ -70,6 +80,10 @@ library SafeERC20 {
 
      * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
 
      * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
 
      * to be set to zero before setting it to a non-zero value, such as USDT.
 
+     *
 
+     * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
 
+     * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
 
+     * set here.
 
      */
 
     function forceApprove(IERC20 token, address spender, uint256 value) internal {
 
         bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));