BCDV 1010 : Lab - 8 ======================= **Attack Scenario** * Alice allows Bob to transfer N of Alice's tokens (N>0) by calling approve method on Token smart contract passing Bob's address and N as method arguments * After some time, Alice decides to change from N to M (M>0) the number of Alice's tokens Bob is allowed to transfer, so she calls approve method again, this time passing Bob's address and M as method arguments * Bob notices Alice's second transaction before it was mined and quickly sends another transaction that calls transferFrom method to transfer N Alice's tokens somewhere * If Bob's transaction will be executed before Alice's transaction, then Bob will successfully transfer N Alice's tokens and will gain an ability to transfer another M tokens * Before Alice noticed that something went wrong, Bob calls transferFrom method again, this time to transfer M Alice's tokens. * So, Alice's attempt to change Bob's allowance from N to M (N>0 and M>0) made it possible for Bob to transfer N+M of Alice's tokens, while Alice never wanted to allow so many of her tokens to be transferred by Bob. **Attack Analysis** The attack described above is possible because approve method overrides current allowance regardless of whether spender already used it or not, so there is no way to increase or decrease allowance by certain value atomically, unless token owner is a smart contract, not an account. Note that unlike accounts, smart contracts may perform several operations atomically, i.e. check current allowance and then set new one. **Write an ERC20 compliant contract with two additional functionalities as follows:** 1. increaseAllowance(address spender, uint256 addedValue) - Atomatically increases the allowance granted by spender to caller 2. decreaseAllowance(address spender, uint256 addedValue)- Atomatically decreases the allowance granted by spender to caller Use this contract as a starting point. Hint : Use approve() function to solve. Solution -------- .. code-block:: javascript :linenos: :emphasize-lines: 139, 140, 141, 142, 143, 144, 145, 146, 147 // SPDX-License-Identifier: MIT pragma solidity ^0.6.10; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `recipient`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `sender` to `recipient` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); } contract StandardERC20 is IERC20 { // state variables mapping (address => uint256) private _balances; mapping (address => mapping (address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; uint8 private _decimals; constructor (string memory name, string memory symbol, uint256 totalSupply) public { _name = name; _symbol = symbol; _decimals = 18; // 1 ether = 10^18 wei _totalSupply = totalSupply; _balances[msg.sender] = _balances[msg.sender] + totalSupply; } function name() public view returns (string memory) { return _name; } function symbol() public view returns (string memory){ return _symbol; } function decimals() public view returns(uint8) { return _decimals; } function totalSupply() public view override returns (uint256) { return _totalSupply; } function balanceOf(address account) public view override returns (uint256) { return _balances[account]; } function transfer(address recipient, uint256 amount) public override returns (bool) { _transfer(msg.sender, recipient,amount); return true; } function approve(address spender, uint256 amount) public override returns (bool) { _approve(msg.sender, spender, amount); return true; } function allowance(address owner, address spender) public override view returns(uint256) { return _allowances[owner][spender]; } function transferFrom(address sender, address recipient, uint256 amount) public override returns(bool) { _transfer(sender, recipient, amount); _approve(sender, msg.sender, _allowances[sender][msg.sender] - amount); return true; } function increaseAllowance(address spender, uint256 addedValue) public returns(bool) { _approve(msg.sender, spender, _allowances[msg.sender][spender] + addedValue); return true; } function decreaseAllowance(address spender, uint256 addedValue) public returns(bool) { _approve(msg.sender, spender, _allowances[msg.sender][spender] - addedValue); return true; } function _transfer(address sender, address recipient, uint256 amount) internal { require(recipient != address(0),"ERC20: transfer from zero transfer"); require(sender != address(0),"ERC20: transfer from zero transfer"); require(_balances[sender] >= amount, "ERC20: sender does not have enough amount"); _balances[sender] = _balances[sender] - amount; _balances[recipient] = _balances[recipient] + amount; emit Transfer(sender, recipient, amount); } function _approve(address owner, address spender, uint256 amount) internal { require(spender != address(0),"ERC20: transfer from zero transfer"); require(owner != address(0),"ERC20: transfer from zero transfer"); require(_balances[owner] >= amount, "ERC20: owner does not have enough amount"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } }