ERC20BaseModule improvement + doc

CMTA · Jul 31, 2023 · a004795 · a004795
1 parent 85151a0
commit a004795
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol b/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol
@@ -121,11 +121,14 @@ abstract contract ERC20BaseModule is ERC20Upgradeable {
         uint256 value,
         uint256 currentAllowance
     ) public virtual returns (bool) {
+        address owner = _msgSender();
         require(
-            allowance(_msgSender(), spender) == currentAllowance,
+            allowance(owner, spender) == currentAllowance,
             "CMTAT: current allowance is not right"
         );
-        ERC20Upgradeable.approve(spender, value);
+        // We call directly the internal function _approve
+        // The reason is that the public function adds only the owner address recovery
+        ERC20Upgradeable._approve(owner, spender, value);
         return true;
     }
 

diff --git a/doc/modules/presentation/mandatory/erc20base.md b/doc/modules/presentation/mandatory/erc20base.md
@@ -112,6 +112,11 @@ returns (bool)
 Transfer the given `amount` of tokens from the caller to the given `destination` address.
 The function returns `true` on success and reverts on error.
 
+###### Requirements
+
+ * `to` cannot be the zero address.
+ * the caller must have a balance of at least `value`.
+
 ##### `approve(address,uint256)`
 
 Origin: OpenZeppelin (ERC20Upgradeable)
@@ -181,6 +186,11 @@ So, Bob got 210 tokens in total, while Alice never means to allow him to transfe
 
 In order to mitigate this kind of attack, Alice at step 3 calls `approve (bob, 110, 100)`.  Such call could only succeed if the allowance is still 100, i.e. Bob's attempt to front run the transaction will make Alice's transaction to fail.
 
+###### Requirement
+
+- The given `currentAllowance` value has to be equal to the amount of token the spender is currently allowed to transfer from the caller.
+-  `spender`and the sender cannot be the zero address (check made by `OpenZeppelin-_approve`).
+
 ##### `transferFrom(address,address,uint256)`
 
 This function overrides the function `transferFrom`from OpenZeppelin

diff --git a/doc/modules/presentation/mandatory/mint.md b/doc/modules/presentation/mandatory/mint.md
@@ -120,6 +120,6 @@ event Mint(address indexed account, uint256 value)
 
 ##### Description
 
-Emitted when the specified  `value` amount of new tokens were created and
+Emitted when the specified  `value` amount of new tokens are created and
 allocated to the specified `account`.