From a0047953548a9f91209dff7dd300423fefbe0650 Mon Sep 17 00:00:00 2001
From: Ryan Sauge <ryan.sauge@protonmail.com>
Date: Mon, 31 Jul 2023 10:32:37 +0200
Subject: [PATCH] ERC20BaseModule improvement + doc

---
 .../modules/wrapper/mandatory/ERC20BaseModule.sol      |  7 +++++--
 doc/modules/presentation/mandatory/erc20base.md        | 10 ++++++++++
 doc/modules/presentation/mandatory/mint.md             |  2 +-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol b/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol
index f11a9004..be7ace73 100644
--- a/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol
+++ b/contracts/modules/wrapper/mandatory/ERC20BaseModule.sol
@@ -121,11 +121,14 @@ abstract contract ERC20BaseModule is ERC20Upgradeable {
         uint256 value,
         uint256 currentAllowance
     ) public virtual returns (bool) {
+        address owner = _msgSender();
         require(
-            allowance(_msgSender(), spender) == currentAllowance,
+            allowance(owner, spender) == currentAllowance,
             "CMTAT: current allowance is not right"
         );
-        ERC20Upgradeable.approve(spender, value);
+        // We call directly the internal function _approve
+        // The reason is that the public function adds only the owner address recovery
+        ERC20Upgradeable._approve(owner, spender, value);
         return true;
     }
 
diff --git a/doc/modules/presentation/mandatory/erc20base.md b/doc/modules/presentation/mandatory/erc20base.md
index d769ebff..94c35924 100644
--- a/doc/modules/presentation/mandatory/erc20base.md
+++ b/doc/modules/presentation/mandatory/erc20base.md
@@ -112,6 +112,11 @@ returns (bool)
 Transfer the given `amount` of tokens from the caller to the given `destination` address.
 The function returns `true` on success and reverts on error.
 
+###### Requirements
+
+ * `to` cannot be the zero address.
+ * the caller must have a balance of at least `value`.
+
 ##### `approve(address,uint256)`
 
 Origin: OpenZeppelin (ERC20Upgradeable)
@@ -181,6 +186,11 @@ So, Bob got 210 tokens in total, while Alice never means to allow him to transfe
 
 In order to mitigate this kind of attack, Alice at step 3 calls `approve (bob, 110, 100)`.  Such call could only succeed if the allowance is still 100, i.e. Bob's attempt to front run the transaction will make Alice's transaction to fail.
 
+###### Requirement
+
+- The given `currentAllowance` value has to be equal to the amount of token the spender is currently allowed to transfer from the caller.
+-  `spender`and the sender cannot be the zero address (check made by `OpenZeppelin-_approve`).
+
 ##### `transferFrom(address,address,uint256)`
 
 This function overrides the function `transferFrom`from OpenZeppelin
diff --git a/doc/modules/presentation/mandatory/mint.md b/doc/modules/presentation/mandatory/mint.md
index 854c9d7e..af3f3474 100644
--- a/doc/modules/presentation/mandatory/mint.md
+++ b/doc/modules/presentation/mandatory/mint.md
@@ -120,6 +120,6 @@ event Mint(address indexed account, uint256 value)
 
 ##### Description
 
-Emitted when the specified  `value` amount of new tokens were created and
+Emitted when the specified  `value` amount of new tokens are created and
 allocated to the specified `account`.