Michael.W基于Foundry精读Openzeppelin第47期——SafeERC20.sol

最新推荐文章于 2024-06-12 09:46:11 发布
最新推荐文章于 2024-06-12 09:46:11 发布
阅读量1.2k 收藏 19
点赞数 19
分类专栏: Michael基于Foundry精读Openzeppelin 文章标签: SafeERC20 safeTransfer safePermit openzeppelin foundry solidity ERC20
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/michael_wgy_/article/details/135660120
版权

Michael.W基于Foundry精读Openzeppelin第47期——SafeERC20.sol

0. 版本

[openzeppelin]:v4.8.3,[forge-std]:v1.5.6

0.1 SafeERC20.sol

Github: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.8.3/contracts/token/ERC20/utils/SafeERC20.sol

SafeERC20库封装了ERC20的操作,使各操作执行失败时触发revert。因为标准IERC20的转账和授权等需通过一个bool返回值来表示操作是否成功,可能实现合约内部没有设置revert机制。有的ERC20合约的授权或转账的实现并无返回值(以太坊上的USDT合约),此时可通过本库与其交互。

注:通过using SafeERC20 for IERC20使用本库。

1. 目标合约

封装SafeERC20 library成为一个可调用合约:

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/src/token/ERC20/utils/MockSafeERC20.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";
import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";
import "openzeppelin-contracts/contracts/token/ERC20/extensions/draft-IERC20Permit.sol";

contract MockSafeERC20 {
    using SafeERC20 for IERC20;
    using SafeERC20 for IERC20Permit;

    function safeTransfer(
        IERC20 token,
        address to,
        uint value
    ) external {
        token.safeTransfer(to, value);
    }

    function safeTransferFrom(
        IERC20 token,
        address from,
        address to,
        uint value
    ) external {
        token.safeTransferFrom(from, to, value);
    }

    function safeApprove(
        IERC20 token,
        address spender,
        uint value
    ) external {
        token.safeApprove(spender, value);
    }

    function safeIncreaseAllowance(
        IERC20 token,
        address spender,
        uint value
    ) external {
        token.safeIncreaseAllowance(spender, value);
    }

    function safeDecreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) external {
        token.safeDecreaseAllowance(spender, value);
    }

    function safePermit(
        IERC20Permit token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external {
        token.safePermit(owner, spender, value, deadline, v, r, s);
    }
}

全部foundry测试合约:

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/SafeERC20.t.sol

测试使用的物料合约:

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20ReturnTrue.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";

contract MockERC20ReturnTrue is IERC20 {
    // avoid compiling warnings
    uint private _slotValue;

    function transfer(address to, uint amount) external returns (bool){
        emit Transfer(msg.sender, to, amount);
        return true;
    }

    function approve(address spender, uint amount) external returns (bool){
        emit Approval(msg.sender, spender, amount);
        return true;
    }

    function transferFrom(
        address from,
        address to,
        uint amount
    ) external returns (bool){
        emit Transfer(from, to, amount);
        return true;
    }

    function allowance(address, address spender) external view returns (uint){
        if (spender == address(1024)) {
            // return non-zero
            return _slotValue + 1;
        }

        return 0;
    }

    function totalSupply() external view returns (uint){
        return _slotValue;
    }

    function balanceOf(address) external view returns (uint){
        return _slotValue;
    }
}

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20ReturnFalse.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";

contract MockERC20ReturnFalse is IERC20 {
    // avoid compiling warnings
    uint private _slotValue;

    function transfer(address to, uint amount) external returns (bool){
        emit Transfer(msg.sender, to, amount);
        return false;
    }

    function approve(address spender, uint amount) external returns (bool){
        emit Approval(msg.sender, spender, amount);
        return false;
    }

    function transferFrom(
        address from,
        address to,
        uint amount
    ) external returns (bool){
        emit Transfer(from, to, amount);
        return false;
    }

    function allowance(address, address spender) external view returns (uint){
        if (spender == address(1024)) {
            // return non-zero
            return _slotValue + 1;
        }

        return 0;
    }

    function totalSupply() external view returns (uint){
        return _slotValue;
    }

    function balanceOf(address) external view returns (uint){
        return _slotValue;
    }
}

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20ReturnNone.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

contract MockERC20ReturnNone {
    // avoid compiling warnings
    uint private _slotValue;

    event Transfer(address indexed from, address indexed to, uint256 value);
    event Approval(address indexed owner, address indexed spender, uint256 value);

    function transfer(address to, uint amount) external {
        emit Transfer(msg.sender, to, amount);
    }

    function approve(address spender, uint amount) external {
        emit Approval(msg.sender, spender, amount);
    }

    function transferFrom(
        address from,
        address to,
        uint amount
    ) external {
        emit Transfer(from, to, amount);
    }

    function allowance(address, address spender) external view returns (uint){
        if (spender == address(1024)) {
            // return non-zero
            return _slotValue + 1;
        }

        return 0;
    }

    function totalSupply() external view returns (uint){
        return _slotValue;
    }

    function balanceOf(address) external view returns (uint){
        return _slotValue;
    }
}

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20ReturnNonBool.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

contract MockERC20ReturnNonBool {
    // avoid compiling warnings
    uint private _slotValue;

    function transfer(address, uint) external returns (address){
        _slotValue = 1024;
        // neither 0 nor 1
        return address(2);
    }

    function approve(address, uint) external returns (uint){
        _slotValue = 1024;
        // neither 0 nor 1
        return 2;
    }

    function transferFrom(
        address,
        address,
        uint
    ) external returns (string memory){
        _slotValue = 1024;
        return "MockERC20ReturnNonBool: transferFrom";
    }

    function allowance(address, address spender) external view returns (uint){
        if (spender == address(1024)) {
            // return non-zero
            return _slotValue + 1;
        }

        return 0;
    }

    function totalSupply() external view returns (uint){
        return _slotValue;
    }

    function balanceOf(address) external view returns (uint){
        return _slotValue;
    }
}

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20Revert.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";

contract MockERC20Revert is IERC20 {
    address private constant _REVERT_FLAG = address(1024);
    // avoid compiling warnings
    uint private _slotValue;

    function transfer(address to, uint amount) external returns (bool){
        require(to != _REVERT_FLAG, "MockERC20ReturnRevert: transfer");
        emit Transfer(msg.sender, to, amount);
        return true;
    }

    function approve(address spender, uint amount) external returns (bool){
        require(spender != _REVERT_FLAG, "MockERC20ReturnRevert: approve");
        emit Approval(msg.sender, spender, amount);
        return true;
    }

    function transferFrom(
        address from,
        address to,
        uint amount
    ) external returns (bool){
        emit Transfer(from, to, amount);
        require(from != _REVERT_FLAG, "MockERC20ReturnRevert: transferFrom");
        return true;
    }

    function allowance(address, address) external view returns (uint){
        return _slotValue + 1;
    }

    function totalSupply() external view returns (uint){
        return _slotValue;
    }

    function balanceOf(address) external view returns (uint){
        return _slotValue;
    }
}

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/token/ERC20/utils/SafeERC20/MockERC20Permit.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/token/ERC20/extensions/draft-IERC20Permit.sol";

contract MockERC20Permit is IERC20Permit {
    uint private _nonce;
    bool private _nonceIncreases = true;
    bool private _revertInPermit;
    bool private _revertInNonces;

    event Approval(address indexed owner, address indexed spender, uint256 value);

    function permit(
        address owner,
        address spender,
        uint value,
        uint,
        uint8,
        bytes32,
        bytes32
    ) external {
        require(!_revertInPermit, "MockERC20Permit: permit");
        if (_nonceIncreases) {
            _nonce += 1;
        }

        emit Approval(owner, spender, value);
    }

    function nonces(address) external view returns (uint){
        require(!_revertInNonces, "MockERC20Permit: nonces");
        return _nonce;
    }

    function setNonceIncreases(bool b) external {
        _nonceIncreases = b;
    }

    function setRevertInNonces(bool b) external {
        _revertInNonces = b;
    }

    function setRevertInPermit(bool b) external {
        _revertInPermit = b;
    }

    function DOMAIN_SEPARATOR() external view returns (bytes32){
        return bytes32(_nonce);
    }
}

2. 代码精读

2.1 safeTransfer(IERC20 token, address to, uint256 value) internal

ERC20的安全转账。

	// 对address类型使用utils/Address库
    using Address for address;

    function safeTransfer(
        IERC20 token,
        address to,
        uint256 value
    ) internal {
    	// 调用_callOptionalReturn()方法进行call及返回值检查。
    	// call对象为token合约,calldata为IERC20.transfer(to, value)的calldata
        _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
    }
    
    // 参数data作为calldata来call ERC20合约token。该函数会做两个检查:
    // 1. call过程不能发生revert;
    // 2. 如果call有返回值,要求decode后为true
    // 如果不通过检查,直接revert。
    // 注:函数内部是通过底层call的方式模拟solidity的high-level调用
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
		// 使用Address库的functionCall()方法,使用data作为calldata来call合约token。如果call的过程revert或token地址为EOA地址(即地址下没有code)会触发revert
		// Address库的functionCall()方法详解参见:https://learnblockchain.cn/article/6098
        bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
        if (returndata.length > 0) {
        	// 如果call存在返回值
            // 要求该返回值必须为true,否则revert
            require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
        }
    }

foundry代码验证:

contract SafeERC20Test is Test {
    address private constant _REVERT_FLAG = address(1024);

    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20ReturnTrue private _mockERC20ReturnTrue = new MockERC20ReturnTrue();
    MockERC20ReturnFalse private _mockERC20ReturnFalse = new MockERC20ReturnFalse();
    IERC20 private _mockERC20ReturnNonBool = IERC20(address(new MockERC20ReturnNonBool()));
    IERC20 private _mockERC20ReturnNone = IERC20(address(new MockERC20ReturnNone()));
    MockERC20Revert private _mockERC20Revert = new MockERC20Revert();
    IERC20 private _mockERC20NoCode = IERC20(address(0));

    event Transfer(address indexed from, address indexed to, uint value);

    function test_SafeTransfer() external {
        address to = address(this);

        // case 1: pass if token returns true
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Transfer(address(_testing), to, 1);
        _testing.safeTransfer(_mockERC20ReturnTrue, to, 1);

        // case 2: pass if token has no return
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Transfer(address(_testing), to, 1);
        _testing.safeTransfer(_mockERC20ReturnNone, to, 1);

        // case 3: revert if token returns false
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeTransfer(_mockERC20ReturnFalse, to, 1);

        // case 4: revert if token returns non-bool
        vm.expectRevert();
        _testing.safeTransfer(_mockERC20ReturnNonBool, to, 1);

        // case 5: revert if reverts in token
        vm.expectRevert("MockERC20ReturnRevert: transfer");
        _testing.safeTransfer(_mockERC20Revert, _REVERT_FLAG, 1);

        // case 6: revert if token has no code
        vm.expectRevert("Address: call to non-contract");
        _testing.safeTransfer(_mockERC20NoCode, to, 1);
    }
}
2.2 safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal

ERC20的安全授权转账。

    function safeTransferFrom(
        IERC20 token,
        address from,
        address to,
        uint256 value
    ) internal {
    	// 调用_callOptionalReturn()方法进行call及返回值检查。
    	// call对象为token合约,calldata为IERC20.transferFrom(from, to, value)的calldata
        _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
    }

foundry代码验证:

contract SafeERC20Test is Test {
    address private constant _REVERT_FLAG = address(1024);

    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20ReturnTrue private _mockERC20ReturnTrue = new MockERC20ReturnTrue();
    MockERC20ReturnFalse private _mockERC20ReturnFalse = new MockERC20ReturnFalse();
    IERC20 private _mockERC20ReturnNonBool = IERC20(address(new MockERC20ReturnNonBool()));
    IERC20 private _mockERC20ReturnNone = IERC20(address(new MockERC20ReturnNone()));
    MockERC20Revert private _mockERC20Revert = new MockERC20Revert();
    IERC20 private _mockERC20NoCode = IERC20(address(0));

    event Transfer(address indexed from, address indexed to, uint value);

    function test_SafeTransferFrom() external {
        address from = address(1);
        address to = address(this);

        // case 1: pass if token returns true
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Transfer(from, to, 1);
        _testing.safeTransferFrom(_mockERC20ReturnTrue, from, to, 1);

        // case 2: pass if token has no return
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Transfer(from, to, 1);
        _testing.safeTransferFrom(_mockERC20ReturnNone, from, to, 1);

        // case 3: revert if token returns false
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeTransferFrom(_mockERC20ReturnFalse, from, to, 1);

        // case 4: revert if token returns non-bool
        vm.expectRevert();
        _testing.safeTransferFrom(_mockERC20ReturnNonBool, from, to, 1);

        // case 5: revert if reverts in token
        vm.expectRevert("MockERC20ReturnRevert: transferFrom");
        _testing.safeTransferFrom(_mockERC20Revert, _REVERT_FLAG, to, 1);

        // case 6: revert if token has no code
        vm.expectRevert("Address: call to non-contract");
        _testing.safeTransferFrom(_mockERC20NoCode, from, to, 1);
    }
}
2.3 safeApprove(IERC20 token, address spender, uint256 value) internal

ERC20的安全授权。本方法同样存在IERC20-approve的授权额度覆盖问题,目前已弃用。如有需求,请使用本库的safeIncreaseAllowance()safeDecreaseAllowance()

注:如果想为一个地址设置初始授权额度或授权额度清零可以使用本方法。

    function safeApprove(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        // 要求value值为0(授权额度清0)或本合约地址在token上没有授予spender任何额度(设置初始授权额度),否则revert
        require(
            (value == 0) || (token.allowance(address(this), spender) == 0),
            "SafeERC20: approve from non-zero to non-zero allowance"
        );
    	// 调用_callOptionalReturn()方法进行call及返回值检查。
    	// call对象为token合约,calldata为IERC20.approve(spender, value)的calldata
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
    }

foundry代码验证:

contract SafeERC20Test is Test {
    address private constant _REVERT_FLAG = address(1024);

    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20ReturnTrue private _mockERC20ReturnTrue = new MockERC20ReturnTrue();
    MockERC20ReturnFalse private _mockERC20ReturnFalse = new MockERC20ReturnFalse();
    IERC20 private _mockERC20ReturnNonBool = IERC20(address(new MockERC20ReturnNonBool()));
    IERC20 private _mockERC20ReturnNone = IERC20(address(new MockERC20ReturnNone()));
    MockERC20Revert private _mockERC20Revert = new MockERC20Revert();
    IERC20 private _mockERC20NoCode = IERC20(address(0));

    event Approval(address indexed owner, address indexed spender, uint value);

    function test_SafeApprove() external {
        address spenderSomeAllowance = address(1024);
        address spenderZeroAllowance = address(2048);

        // 1. token returns true
        // case 1: pass if clear allowance && token returns true
        assertNotEq(_mockERC20ReturnTrue.allowance(address(_testing), spenderSomeAllowance), 0);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Approval(address(_testing), spenderSomeAllowance, 0);
        _testing.safeApprove(_mockERC20ReturnTrue, spenderSomeAllowance, 0);

        // case 2: pass if initial allowance setting && token returns true
        assertEq(_mockERC20ReturnTrue.allowance(address(_testing), spenderZeroAllowance), 0);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Approval(address(_testing), spenderZeroAllowance, 1);
        _testing.safeApprove(_mockERC20ReturnTrue, spenderZeroAllowance, 1);

        // case 3: revert if some allowance && non-zero value && token returns true
        vm.expectRevert("SafeERC20: approve from non-zero to non-zero allowance");
        _testing.safeApprove(_mockERC20ReturnTrue, spenderSomeAllowance, 1);

        // 2. token returns false
        // case 1: revert if clear allowance && token returns false
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeApprove(_mockERC20ReturnFalse, spenderSomeAllowance, 0);

        // case 2: revert if initial allowance setting && token returns false
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeApprove(_mockERC20ReturnFalse, spenderZeroAllowance, 1);

        // case 3: revert if some allowance && non-zero value && token returns false
        vm.expectRevert("SafeERC20: approve from non-zero to non-zero allowance");
        _testing.safeApprove(_mockERC20ReturnFalse, spenderSomeAllowance, 1);

        // 3. token returns None
        // case 1: pass if clear allowance && token returns none
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Approval(address(_testing), spenderSomeAllowance, 0);
        _testing.safeApprove(_mockERC20ReturnNone, spenderSomeAllowance, 0);

        // case 2: pass if initial allowance setting && token returns none
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Approval(address(_testing), spenderZeroAllowance, 1);
        _testing.safeApprove(_mockERC20ReturnNone, spenderZeroAllowance, 1);

        // case 3: revert if some allowance && non-zero value && token returns none
        vm.expectRevert("SafeERC20: approve from non-zero to non-zero allowance");
        _testing.safeApprove(_mockERC20ReturnNone, spenderSomeAllowance, 1);

        // 4. token returns non-bool
        // case 1: revert if clear allowance && token returns non-bool
        vm.expectRevert();
        _testing.safeApprove(_mockERC20ReturnNonBool, spenderSomeAllowance, 0);

        // case 2: revert if initial allowance setting && token returns non-bool
        vm.expectRevert();
        _testing.safeApprove(_mockERC20ReturnNonBool, spenderZeroAllowance, 1);

        // case 3: revert if some allowance && non-zero value && token returns non-bool
        vm.expectRevert("SafeERC20: approve from non-zero to non-zero allowance");
        _testing.safeApprove(_mockERC20ReturnNonBool, spenderSomeAllowance, 1);

        // 5. token reverts
        // case 1: revert if pass allowance && value check && token reverts
        vm.expectRevert("MockERC20ReturnRevert: approve");
        _testing.safeApprove(_mockERC20Revert, _REVERT_FLAG, 0);

        // case 2: revert if not pass allowance && value check
        vm.expectRevert("SafeERC20: approve from non-zero to non-zero allowance");
        _testing.safeApprove(_mockERC20ReturnNonBool, spenderSomeAllowance, 1);

        // 6. token has no code
        // revert via allowance's check
        vm.expectRevert();
        _testing.safeApprove(_mockERC20NoCode, spenderSomeAllowance, 1);
    }
}
2.4 safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal

ERC20的安全增加授权额度,增量为value。

    function safeIncreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
    	// 计算增加授权后的额度:本合约授予spender的当前剩余额度 + 增量value
        uint256 newAllowance = token.allowance(address(this), spender) + value;
        // 调用_callOptionalReturn()方法进行call及返回值检查。
    	// call对象为token合约,calldata为IERC20.approve(spender, newAllowance)的calldata
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
    }

foundry代码验证:

contract SafeERC20Test is Test {
    address private constant _REVERT_FLAG = address(1024);

    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20ReturnTrue private _mockERC20ReturnTrue = new MockERC20ReturnTrue();
    MockERC20ReturnFalse private _mockERC20ReturnFalse = new MockERC20ReturnFalse();
    IERC20 private _mockERC20ReturnNonBool = IERC20(address(new MockERC20ReturnNonBool()));
    IERC20 private _mockERC20ReturnNone = IERC20(address(new MockERC20ReturnNone()));
    MockERC20Revert private _mockERC20Revert = new MockERC20Revert();
    IERC20 private _mockERC20NoCode = IERC20(address(0));

    event Approval(address indexed owner, address indexed spender, uint value);

    function test_SafeIncreaseAllowance() external {
        address spender = address(this);

        // case 1: pass if token returns true
        assertEq(_mockERC20ReturnTrue.allowance(address(_testing), spender), 0);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Approval(address(_testing), spender, 0 + 1);
        _testing.safeIncreaseAllowance(_mockERC20ReturnTrue, spender, 1);

        // case 2: revert if token returns false
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeIncreaseAllowance(_mockERC20ReturnFalse, spender, 1);

        // case 3: pass if token returns none
        assertEq(_mockERC20ReturnNone.allowance(address(_testing), spender), 0);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Approval(address(_testing), spender, 0 + 1);
        _testing.safeIncreaseAllowance(_mockERC20ReturnNone, spender, 1);

        // case 4: revert if token returns non-bool
        vm.expectRevert();
        _testing.safeIncreaseAllowance(_mockERC20ReturnNonBool, spender, 1);

        // case 5: revert if token reverts
        vm.expectRevert("MockERC20ReturnRevert: approve");
        _testing.safeIncreaseAllowance(_mockERC20Revert, _REVERT_FLAG, 1);

        // case 6: revert if token has no code
        vm.expectRevert();
        _testing.safeIncreaseAllowance(_mockERC20NoCode, spender, 1);
    }
}
2.5 safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal

ERC20的安全减少授权额度,减量为value。

    function safeDecreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
    	// 关闭solidity 0.8的整数运算溢出检查
        unchecked {
        	// 本合约授予spender的当前剩余额度
            uint256 oldAllowance = token.allowance(address(this), spender);
            // 要求减量够减,否则revert 
            require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
            // 计算减后的授权额度
            uint256 newAllowance = oldAllowance - value;
            // 调用_callOptionalReturn()方法进行call及返回值检查。
    		// call对象为token合约,calldata为IERC20.approve(spender, newAllowance)的calldata
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
        }
    }

foundry代码验证:

contract SafeERC20Test is Test {
    address private constant _REVERT_FLAG = address(1024);

    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20ReturnTrue private _mockERC20ReturnTrue = new MockERC20ReturnTrue();
    MockERC20ReturnFalse private _mockERC20ReturnFalse = new MockERC20ReturnFalse();
    IERC20 private _mockERC20ReturnNonBool = IERC20(address(new MockERC20ReturnNonBool()));
    IERC20 private _mockERC20ReturnNone = IERC20(address(new MockERC20ReturnNone()));
    MockERC20Revert private _mockERC20Revert = new MockERC20Revert();
    IERC20 private _mockERC20NoCode = IERC20(address(0));

    event Approval(address indexed owner, address indexed spender, uint value);

    function test_SafeDecreaseAllowance() external {
        address spenderSomeAllowance = address(1024);

        // 1. token returns true
        // case 1: pass if token returns true && value <= old allowance
        assertEq(_mockERC20ReturnTrue.allowance(address(_testing), spenderSomeAllowance), 1);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnTrue));
        emit Approval(address(_testing), spenderSomeAllowance, 1 - 1);
        _testing.safeDecreaseAllowance(_mockERC20ReturnTrue, spenderSomeAllowance, 1);

        // case 2: revert if token returns true && value > old allowance
        vm.expectRevert("SafeERC20: decreased allowance below zero");
        _testing.safeDecreaseAllowance(_mockERC20ReturnTrue, spenderSomeAllowance, 1 + 1);

        // 2. token returns false
        // case 1: revert if token returns false && value <= old allowance
        assertEq(_mockERC20ReturnFalse.allowance(address(_testing), spenderSomeAllowance), 1);
        vm.expectRevert("SafeERC20: ERC20 operation did not succeed");
        _testing.safeDecreaseAllowance(_mockERC20ReturnFalse, spenderSomeAllowance, 1);

        // case 2: revert if token returns false && value > old allowance
        vm.expectRevert("SafeERC20: decreased allowance below zero");
        _testing.safeDecreaseAllowance(_mockERC20ReturnFalse, spenderSomeAllowance, 1 + 1);

        // 3. token returns none
        // case 1: pass if token returns none && value <= old allowance
        assertEq(_mockERC20ReturnNone.allowance(address(_testing), spenderSomeAllowance), 1);
        vm.expectEmit(true, true, false, true, address(_mockERC20ReturnNone));
        emit Approval(address(_testing), spenderSomeAllowance, 1 - 1);
        _testing.safeDecreaseAllowance(_mockERC20ReturnNone, spenderSomeAllowance, 1);

        // case 2: revert if token returns none && value > old allowance
        vm.expectRevert("SafeERC20: decreased allowance below zero");
        _testing.safeDecreaseAllowance(_mockERC20ReturnNone, spenderSomeAllowance, 1 + 1);

        // 4. token returns non-bool
        // case 1: revert if token returns non-bool && value <= old allowance
        assertEq(_mockERC20ReturnNonBool.allowance(address(_testing), spenderSomeAllowance), 1);
        vm.expectRevert();
        _testing.safeDecreaseAllowance(_mockERC20ReturnNonBool, spenderSomeAllowance, 1);

        // case 2: revert if token returns non-bool && value > old allowance
        vm.expectRevert("SafeERC20: decreased allowance below zero");
        _testing.safeDecreaseAllowance(_mockERC20ReturnNonBool, spenderSomeAllowance, 1 + 1);

        // 5. token reverts
        // case 1: revert if token reverts && value <= old allowance
        assertEq(_mockERC20Revert.allowance(address(_testing), _REVERT_FLAG), 1);
        vm.expectRevert("MockERC20ReturnRevert: approve");
        _testing.safeDecreaseAllowance(_mockERC20Revert, _REVERT_FLAG, 1);

        // case 2: revert if token reverts && value > old allowance
        vm.expectRevert("SafeERC20: decreased allowance below zero");
        _testing.safeDecreaseAllowance(_mockERC20Revert, _REVERT_FLAG, 1 + 1);

        // 6. token has no code
        // revert via getting allowance
        vm.expectRevert();
        _testing.safeDecreaseAllowance(_mockERC20NoCode, spenderSomeAllowance, 1);
    }
}
2.6 safePermit(IERC20Permit token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) internal

ERC20Permit的安全permit授权。

注:IERC20Permit.permit授权详解参见:https://learnblockchain.cn/article/7085

    function safePermit(
        IERC20Permit token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
    	// 获取目标ERC20Permit合约中owner的当前nonce值
        uint256 nonceBefore = token.nonces(owner);
        // 调用目标ERC20Permit合约的permit的方法
        token.permit(owner, spender, value, deadline, v, r, s);
        // 调用后,获取目标ERC20Permit合约中owner的nonce值
        uint256 nonceAfter = token.nonces(owner);
        // 要求目标ERC20Permit合约中,owner的nonce值在permit()调用前后有递增1,否则revert
        require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
    }

foundry代码验证:

contract SafeERC20Test is Test {
    MockSafeERC20 private _testing = new MockSafeERC20();
    MockERC20Permit private _mockERC20Permit = new MockERC20Permit();

    event Approval(address indexed owner, address indexed spender, uint value);

    function test_SafePermit() external {
        address owner = address(1);
        address spender = address(2);
        uint value = 1024;

        // case 1: pass if nonce increases && no revert in {permit} and {nonces}
        vm.expectEmit(true, true, false, true, address(_mockERC20Permit));
        emit Approval(owner, spender, value);
        _testing.safePermit(
            _mockERC20Permit,
            owner,
            spender,
            value,
            0,
            0,
            0,
            0
        );

        // case 2: revert if nonce not increases
        _mockERC20Permit.setNonceIncreases(false);
        vm.expectRevert("SafeERC20: permit did not succeed");
        _testing.safePermit(
            _mockERC20Permit,
            owner,
            spender,
            value,
            0,
            0,
            0,
            0
        );

        // case 3: revert if reverts in token's {nonces}
        _mockERC20Permit.setNonceIncreases(true);
        _mockERC20Permit.setRevertInNonces(true);
        vm.expectRevert("MockERC20Permit: nonces");
        _testing.safePermit(
            _mockERC20Permit,
            owner,
            spender,
            value,
            0,
            0,
            0,
            0
        );

        // case 4: revert if reverts in token's {permit}
        _mockERC20Permit.setRevertInNonces(false);
        _mockERC20Permit.setRevertInPermit(true);
        vm.expectRevert("MockERC20Permit: permit");
        _testing.safePermit(
            _mockERC20Permit,
            owner,
            spender,
            value,
            0,
            0,
            0,
            0
        );
    }
}

ps:
本人热爱图灵,热爱中本聪,热爱V神。
以下是我个人的公众号,如果有技术问题可以关注我的公众号来跟我交流。
同时我也会在这个公众号上每周更新我的原创文章,喜欢的小伙伴或者老伙计可以支持一下!
如果需要转发,麻烦注明作者。十分感谢!

在这里插入图片描述
公众号名称:后现代泼痞浪漫主义奠基人

Revelation_of_Turing
关注
  • 19
    点赞
  • 19
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
zetta-cloudfoundry-sample:zettajs.org CloudFoundry 演示项目
06-25
介绍关于 zettajs ( ) 可以轻松部署在 CloudFoundry 兼容云(如 Swisscom ;) 上的简单示例应用程序)。 可以使用 zetta 浏览器进行测试: : 代码示例检查以获取其他插件/示例安装克隆回购使用简单的 {code}cf push{...
cb.deploy.cloudfoundry:CloudFoundry 的部署插件
07-03
Hello World(CodeBox 插件) CodeBox 的 HelloWorld 插件( )。
解决“Could not find @openzeppelin/contracts/token/ERC20/ERC20Detailed.sol“问题
sanqima的专栏
11-15 3435
    今天使用openzepplin进行编译时,弹出如下Error:     该Error的含义是,找不到ERC20Detailed.sol文件。     出现该问题的原因是 @openzeppelin v3.x已经把ERC20Detailed.sol文件删除了,但它把ERC20Detailed里的功能迁移到了ERC20.sol里,所以需要重新安装一个低版本的,比如 v2.x版本的@openzeppelin,解决方法如下:     1)卸载当前Module里的openzeppelin依赖包,命令
Michael.W基于Foundry精读Openzeppelin第56——VestingWallet.sol
Revelation_of_Turing
06-04 1063
VestingWallet库可以给指定的受益人地址按照时间线性释放锁在合约内的Eth和Erc20 token。任何转移至本合约的token都必须遵循释放模型。开发者可通过重写函数`vestedAmount(uint64 timestamp)`或`vestedAmount(address token, uint64 timestamp)`来自定义token释放模型。
Michael.W基于Foundry精读Openzeppelin第11——Math.sol
Revelation_of_Turing
07-22 109
Math库为合约开发提供了solidity内置的uint256运算以外的其他整形运算方法。solidity内置的整形运算,每一步都会做overflow revert(除非unchecked{}),而Math库会在不影响结果准确性的前提下利用位溢出进行更加tricky的操作。
Michael.W基于Foundry精读Openzeppelin第57——ReentrancyGuard.sol
Revelation_of_Turing
06-12 737
ReentrancyGuard库是一个用来防御函数重入的工具库。函数被修饰器`nonReentrant`修饰可确保其无法被嵌套(重入)调用。本库的代码逻辑上只实现了一个重入锁,所以被`nonReentrant`修饰的函数之间也是无法相互调用的。
Michael.W基于Foundry精读Openzeppelin第33——EIP712.sol
Revelation_of_Turing
08-29 327
EIP-712是一个专门用于对结构化数据求hash值以及签名的标准,主要解决了数据“链下签名+链上验证”并提高了链上消息签名的可用性。EIP712合约提供了EIP 712 domain separator的定义与获取——是结构化数据完整编码的一部分。
Michael.W基于Foundry精读Openzeppelin第55——PaymentSplitter.sol
Revelation_of_Turing
05-31 865
PaymentSplitter库可以在一组领取地址无感知的情况下,将定量eth或某ERC20 token按照shares占比释放给该组中的某地址。当eth或ERC20 token被转入该合约后,在册的领取地址就可以来领取属于自己占比的那部分。各领取人的shares数量只能在该合约部署时被设置。领取eth和ERC20 token需要通过触发release函数完成。
Michael.W基于Foundry精读Openzeppelin第34——MerkleProof.sol
Revelation_of_Turing
09-16 159
MerkleProof库提供了用于验证merkle树proof的工具函数。在生成merkle树和对应proof时,应当避免使用64字节长度的leaf(进行hash之前)或避免使用非keccak256的哈希函数(进行leaf的hash计算)。这是因为merkle树中经过排序的内部节点的拼接可以被重新解释为leaf值。
Michael.W基于Foundry精读Openzeppelin第21——ERC165.sol
Revelation_of_Turing
08-07 255
ERC165合约是IERC165的标准实现。ERC165提供了本合约是否实现了IERC165接口的查询。如果需要额外支持其他interface,可在目标合约内重写supportsInterface(bytes4)方法。
Michael.W基于Foundry精读Openzeppelin第20——EnumerableMap.sol
Revelation_of_Turing
08-06 198
EnumerableMap库提供了Bytes32ToBytes32Map、UintToUintMap、UintToAddressMap、AddressToUintMap和Bytes32ToUintMap五种可迭代元素的map,分别适用于(bytes32, bytes32)、(uint256, uint256)、(uint256, address)、(address, uint256)和(bytes32, uint256)类型的键值对。每种map都提供了增添/更新键值及查询等操作且操作的时间复杂度为O(1)。
基于EdgeX Foundry的新型智能家居架构设计与实现.pdf
07-15
基于EdgeX Foundry的新型智能家居架构设计与实现.pdf
基于CloudFoundry的云计算PaaS平台拓扑展示设计及实现探究.pdf
07-18
基于CloudFoundry的云计算PaaS平台拓扑展示设计及实现探究.pdf
基于EdgeX Foundry构建开放中立的边缘计算生态.pdf
10-16
"基于EdgeX Foundry构建开放中立的边缘计算生态" 本文主要介绍了基于EdgeX Foundry构建开放中立的边缘计算生态系统。EdgeX Foundry是Linux基金会运营的、厂商中立的开源软件项目,旨在提供一个通用的开放框架,支持...
一段基于Rust语言的计算斐波那契数列的代码
06-16
一段基于Rust语言的计算斐波那契数列的代码
神经网络详细介绍.docx
06-16
神经网络(Neural Network)是一种模仿生物神经系统结构和功能的计算模型。它由大量的神经元(或称为节点)组成,这些神经元通过突触(或称为连接)相互连接。神经网络可以用于各种人工智能任务,如图像识别、语音识别、自然语言处理等。 神经网络的基本结构包括输入层、隐藏层和输出层。其中,输入层接收外界的输入信息,隐藏层通过各种激活函数对输入信息进行处理和转换,输出层则将处理后的信息输出给外界。此外,神经网络还包括权重和偏置等参数,它们用于控制神经元之间的连接强度和偏移量。 神经网络的训练过程通常采用反向传播算法,即从输出层开始,根据输出误差向后传递并计算每个神经元的误差,然后根据误差调整神经元的权重和偏置,直到整个网络的输出误差达到最小值。 神经网络的应用非常广泛,如人脸识别、语音识别、自然语言处理、医疗诊断、金融预测等领域。随着深度学习技术的发展,神经网络的层数也越来越深,处理的信息也越来越复杂。
基于matlab 9 电平 H 桥逆变器.zip
06-16
代码下载:完整代码,可直接运行 ;运行版本:2022a或2019b或2014a;若运行有问题,可私信博主; **仿真咨询 1 各类智能优化算法改进及应用** 生产调度、经济调度、装配线调度、充电优化、车间调度、发车优化、水库调度、三维装箱、物流选址、货位优化、公交排班优化、充电桩布局优化、车间布局优化、集装箱船配载优化、水泵组合优化、解医疗资源分配优化、设施布局优化、可视域基站和无人机选址优化 **2 机器学习和深度学习方面** 卷积神经网络(CNN)、LSTM、支持向量机(SVM)、最小二乘支持向量机(LSSVM)、极限学习机(ELM)、核极限学习机(KELM)、BP、RBF、宽度学习、DBN、RF、RBF、DELM、XGBOOST、TCN实现风电预测、光伏预测、电池寿命预测、辐射源识别、交通流预测、负荷预测、股价预测、PM2.5浓度预测、电池健康状态预测、水体光学参数反演、NLOS信号识别、地铁停车精准预测、变压器故障诊断 **3 图像处理方面** 图像识别、图像分割、图像检测、图像隐藏、图像配准、图像拼接、图像融合、图像增强、图像压缩感知 **4 路径规划方面** 旅行商问题(TSP)、车辆路径问题(VRP、MVRP、CVRP、VRPTW等)、无人机三维路径规划、无人机协同、无人机编队、机器人路径规划、栅格地图路径规划、多式联运运输问题、车辆协同无人机路径规划、天线线性阵列分布优化、车间布局优化 **5 无人机应用方面** 无人机路径规划、无人机控制、无人机编队、无人机协同、无人机任务分配 **6 无线传感器定位及布局方面** 传感器部署优化、通信协议优化、路由优化、目标定位优化、Dv-Hop定位优化、Leach协议优化、WSN覆盖优化、组播优化、RSSI定位优化 **7 信号处理方面** 信号识别、信号加密、信号去噪、信号增强、雷达信号处理、信号水印嵌入提取、肌电信号、脑电信号、信号配时优化 **8 电力系统方面** 微电网优化、无功优化、配电网重构、储能配置 **9 元胞自动机方面** 交通流 人群疏散 病毒扩散 晶体生长 **10 雷达方面** 卡尔曼滤波跟踪、航迹关联、航迹融合
pyzmq-16.0.4.tar.gz
最新发布
06-16
Python库是一组预先编写的代码模块,旨在帮助开发者实现特定的编程任务,无需从零开始编写代码。这些库可以包括各种功能,如数学运算、文件操作、数据分析和网络编程等。Python社区提供了大量的第三方库,如NumPy、Pandas和Requests,极大地丰富了Python的应用领域,从数据科学到Web开发。Python库的丰富性是Python成为最受欢迎的编程语言之一的关键原因之一。这些库不仅为初学者提供了快速入门的途径,而且为经验丰富的开发者提供了强大的工具,以高效率、高质量地完成复杂任务。例如,Matplotlib和Seaborn库在数据可视化领域内非常受欢迎,它们提供了广泛的工具和技术,可以创建高度定制化的图表和图形,帮助数据科学家和分析师在数据探索和结果展示中更有效地传达信息。
赖春华.cloud foundry云平台研究一
07-20
### 回答1: 赖春华是一位专注于Cloud Foundry云平台研究的学者。Cloud Foundry是一种开放源代码的云平台,旨在简化开发、部署和运维应用程序。赖春华通过对Cloud Foundry进行研究,可以得出以下几点结论。 首先,Cloud Foundry具有很高的灵活性和可扩展性。它可以支持多种编程语言和框架,并且可以运行于多个云提供商的基础设施上。这意味着开发人员可以选择自己喜欢的工具和环境来构建和部署应用程序,而不受限于特定的技术栈或云服务提供商。 其次,Cloud Foundry提供了完整的开发、部署和运维工具链。它包括了一套完整的命令行工具和用户界面,可以帮助开发人员快速创建、部署和管理应用程序。这些工具提供了自动化的部署过程、监控和日志记录功能,使得应用程序开发和运维变得更加简单和高效。 另外,Cloud Foundry还具有高可靠性和弹性。它使用容器化技术来隔离应用程序,确保它们能够在不同的环境中平稳运行。同时,它具有自动扩展功能,可以根据应用程序的负载情况来自动调整资源的分配,以保证应用程序的性能和稳定性。 最后,通过研究Cloud Foundry,赖春华发现它可以在多个行业和场景中应用。无论是企业内部的应用程序还是公有云上的应用程序,Cloud Foundry都可以为其提供可靠的支持和高效的运维。它的开放性和灵活性使得开发人员能够快速响应市场变化和用户需求。 总之,赖春华的Cloud Foundry云平台研究表明,Cloud Foundry是一种强大而灵活的云平台,可以帮助开发人员简化应用程序的开发、部署和运维过程,并提供高可靠性和弹性的支持。它具有广泛的适用性,对于各种规模和行业的应用程序都能够提供有效的解决方案。 ### 回答2: 赖春华云平台研究一主要涉及cloud foundry云平台的研究。Cloud Foundry是一种开源的云平台,它为应用程序开发人员提供了一种简单、高效、灵活的方式来部署、运行和管理应用程序。这种平台具有很多优点,使得它成为各种企业和组织的首选。 首先,Cloud Foundry提供了一种容器化的方法来打包和部署应用程序。它使用容器技术,如Docker,将应用程序与其依赖项隔离开来,并提供了一种可移植和可扩展的部署方式。这使得应用程序的部署变得简单而高效。 其次,Cloud Foundry具有高度的自动化和可编程性。它提供了丰富的API和命令行工具,使得开发人员能够通过代码来管理和配置整个平台。这种可编程性带来了更高的灵活性和可扩展性,使得开发人员能够根据自己的需求自定义和扩展平台功能。 另外,Cloud Foundry提供了强大的监控和日志管理功能。开发人员可以通过平台的监控工具来实时监测应用程序的性能和健康状态,及时发现问题并作出调整。同时,平台还提供了日志管理功能,帮助开发人员跟踪和分析应用程序的日志信息,以便定位和解决问题。 最后,Cloud Foundry具有良好的可扩展性和可靠性。它支持多种云服务提供商,如AWS、Azure和Google Cloud,使得开发人员能够根据自己的需求选择合适的云环境。同时,平台还支持多个应用程序实例的部署和自动负载均衡,以确保应用程序的高可用性和弹性扩展性。 总之,赖春华云平台研究一主要关注cloud foundry云平台的各种功能和优势。这种平台提供了简单、高效、灵活的应用程序部署和管理方式,支持容器化技术、自动化和可编程性,具有强大的监控和日志管理功能,以及良好的可扩展性和可靠性。 ### 回答3: 赖春华是一位研究Cloud Foundry云平台的专家。Cloud Foundry是一个开源的云平台,支持开发人员在云中构建、部署和扩展应用程序。它提供了一个统一的平台,可以简化应用程序的生命周管理,并提供了一致性和可靠性。 赖春华研究Cloud Foundry云平台主要是为了探索其在实际应用中的优势和挑战。该云平台具有许多优点,比如可扩展性、灵活性和安全性。它可以自动处理应用程序的部署和扩展,减轻了开发人员的负担。此外,Cloud Foundry还支持多种编程语言和框架,使开发人员能够使用自己最熟悉的工具开发应用程序。 然而,赖春华也认识到Cloud Foundry云平台存在一些挑战。首先,它需要一定的学习和理解成本,开发人员需要掌握其相关概念和工具。其次,云平台的集成和部署可能需要一些时间和资源。此外,由于云平台中涉及到多个组件和服务,确保其稳定性和性能也是一个挑战。 为了解决这些挑战,赖春华提出了一些建议。首先,他建议开发人员在使用Cloud Foundry之前应该进行充分的学习和了解,并提供适当的培训和支持。其次,他建议云平台的部署和集成应该进行良好的规划和测试,确保其稳定性和可靠性。最后,他还建议云平台的使用应该与其他开发人员进行交流和分享经验,从而共同解决问题和改进。 总的来说,赖春华的研究主要关注于Cloud Foundry云平台的优势和挑战,并提供了一些解决方案和建议。通过研究云平台,他希望能够为开发人员提供更好的工具和平台,从而加快应用程序的开发和部署。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值