From a3446507ec44d75d57dcfe0f9a971e2160c9709c Mon Sep 17 00:00:00 2001 From: Mikko Ohtamaa Date: Wed, 17 May 2017 01:33:13 +0300 Subject: [PATCH 1/2] Add fix for the approve() mitigation. --- contracts/token/StandardToken.sol | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index ee499b964..1eb4e114a 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -29,6 +29,13 @@ contract StandardToken is BasicToken, ERC20 { } function approve(address _spender, uint _value) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender,0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + if ((_amount!=0) && (allowed[msg.sender][_spender] !=0)) throw; + allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); } From e1cf60248756a30cfd2fe74be1120d868b514425 Mon Sep 17 00:00:00 2001 From: Mikko Ohtamaa Date: Wed, 17 May 2017 01:41:43 +0300 Subject: [PATCH 2/2] Fix variable naming. --- contracts/token/StandardToken.sol | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index 1eb4e114a..dcb40053b 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -31,10 +31,10 @@ contract StandardToken is BasicToken, ERC20 { function approve(address _spender, uint _value) { // To change the approve amount you first have to reduce the addresses` - // allowance to zero by calling `approve(_spender,0)` if it is not + // allowance to zero by calling `approve(_spender, 0)` if it is not // already 0 to mitigate the race condition described here: // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 - if ((_amount!=0) && (allowed[msg.sender][_spender] !=0)) throw; + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value);