BCDV 1010 : Lab - 8¶
Attack Scenario
Alice allows Bob to transfer N of Alice’s tokens (N>0) by calling approve method on Token smart contract passing Bob’s address and N as method arguments
After some time, Alice decides to change from N to M (M>0) the number of Alice’s tokens Bob is allowed to transfer, so she calls approve method again, this time passing Bob’s address and M as method arguments
Bob notices Alice’s second transaction before it was mined and quickly sends another transaction that calls transferFrom method to transfer N Alice’s tokens somewhere
If Bob’s transaction will be executed before Alice’s transaction, then Bob will successfully transfer N Alice’s tokens and will gain an ability to transfer another M tokens
Before Alice noticed that something went wrong, Bob calls transferFrom method again, this time to transfer M Alice’s tokens.
So, Alice’s attempt to change Bob’s allowance from N to M (N>0 and M>0) made it possible for Bob to transfer N+M of Alice’s tokens, while Alice never wanted to allow so many of her tokens to be transferred by Bob.
Attack Analysis
The attack described above is possible because approve method overrides current allowance regardless of whether spender already used it or not, so there is no way to increase or decrease allowance by certain value atomically, unless token owner is a smart contract, not an account. Note that unlike accounts, smart contracts may perform several operations atomically, i.e. check current allowance and then set new one.
Write an ERC20 compliant contract with two additional functionalities as follows:
increaseAllowance(address spender, uint256 addedValue) - Atomatically increases the allowance granted by spender to caller
decreaseAllowance(address spender, uint256 addedValue)- Atomatically decreases the allowance granted by spender to caller
Use this contract as a starting point.
Hint : Use approve() function to solve.
Solution¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 | // SPDX-License-Identifier: MIT
pragma solidity ^0.6.10;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
contract StandardERC20 is IERC20 {
// state variables
mapping (address => uint256) private _balances;
mapping (address => mapping (address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
uint8 private _decimals;
constructor (string memory name, string memory symbol, uint256 totalSupply) public {
_name = name;
_symbol = symbol;
_decimals = 18; // 1 ether = 10^18 wei
_totalSupply = totalSupply;
_balances[msg.sender] = _balances[msg.sender] + totalSupply;
}
function name() public view returns (string memory) {
return _name;
}
function symbol() public view returns (string memory){
return _symbol;
}
function decimals() public view returns(uint8) {
return _decimals;
}
function totalSupply() public view override returns (uint256) {
return _totalSupply;
}
function balanceOf(address account) public view override returns (uint256) {
return _balances[account];
}
function transfer(address recipient, uint256 amount) public override returns (bool) {
_transfer(msg.sender, recipient,amount);
return true;
}
function approve(address spender, uint256 amount) public override returns (bool) {
_approve(msg.sender, spender, amount);
return true;
}
function allowance(address owner, address spender) public override view returns(uint256) {
return _allowances[owner][spender];
}
function transferFrom(address sender, address recipient, uint256 amount) public override returns(bool) {
_transfer(sender, recipient, amount);
_approve(sender, msg.sender, _allowances[sender][msg.sender] - amount);
return true;
}
function increaseAllowance(address spender, uint256 addedValue) public returns(bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender] + addedValue);
return true;
}
function decreaseAllowance(address spender, uint256 addedValue) public returns(bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender] - addedValue);
return true;
}
function _transfer(address sender, address recipient, uint256 amount) internal {
require(recipient != address(0),"ERC20: transfer from zero transfer");
require(sender != address(0),"ERC20: transfer from zero transfer");
require(_balances[sender] >= amount, "ERC20: sender does not have enough amount");
_balances[sender] = _balances[sender] - amount;
_balances[recipient] = _balances[recipient] + amount;
emit Transfer(sender, recipient, amount);
}
function _approve(address owner, address spender, uint256 amount) internal {
require(spender != address(0),"ERC20: transfer from zero transfer");
require(owner != address(0),"ERC20: transfer from zero transfer");
require(_balances[owner] >= amount, "ERC20: owner does not have enough amount");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
}
|