Implement recommendations from 5.0 audit Phase 1A (#4398)

Co-authored-by: Francisco Giordano <fg@frang.io>
Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>

contracts/token/ERC20/extensions/ERC20Burnable.sol

@@ -13,27 +13,27 @@ import {Context} from "../../../utils/Context.sol";
  */
 abstract contract ERC20Burnable is Context, ERC20 {
     /**
-     * @dev Destroys `amount` tokens from the caller.
+     * @dev Destroys a `value` amount of tokens from the caller.
      *
      * See {ERC20-_burn}.
      */
-    function burn(uint256 amount) public virtual {
-        _burn(_msgSender(), amount);
+    function burn(uint256 value) public virtual {
+        _burn(_msgSender(), value);
     }
 
     /**
-     * @dev Destroys `amount` tokens from `account`, deducting from the caller's
-     * allowance.
+     * @dev Destroys a `value` amount of tokens from `account`, deducting from
+     * the caller's allowance.
      *
      * See {ERC20-_burn} and {ERC20-allowance}.
      *
      * Requirements:
      *
      * - the caller must have allowance for ``accounts``'s tokens of at least
-     * `amount`.
+     * `value`.
      */
-    function burnFrom(address account, uint256 amount) public virtual {
-        _spendAllowance(account, _msgSender(), amount);
-        _burn(account, amount);
+    function burnFrom(address account, uint256 value) public virtual {
+        _spendAllowance(account, _msgSender(), value);
+        _burn(account, value);
     }
 }

contracts/token/ERC20/extensions/ERC20Capped.sol

@@ -42,8 +42,8 @@ abstract contract ERC20Capped is ERC20 {
     /**
      * @dev See {ERC20-_update}.
      */
-    function _update(address from, address to, uint256 amount) internal virtual override {
-        super._update(from, to, amount);
+    function _update(address from, address to, uint256 value) internal virtual override {
+        super._update(from, to, value);
 
         if (from == address(0)) {
             uint256 maxSupply = cap();

contracts/token/ERC20/extensions/ERC20FlashMint.sol

@@ -14,6 +14,10 @@ import {ERC20} from "../ERC20.sol";
  * Adds the {flashLoan} method, which provides flash loan support at the token
  * level. By default there is no fee, but this can be changed by overriding {flashFee}.
  *
+ * NOTE: When this extension is used along with the {ERC20Capped} or {ERC20Votes} extensions,
+ * {maxFlashLoan} will not correctly reflect the maximum that can be flash minted. We recommend
+ * overriding {maxFlashLoan} so that it correctly reflects the supply cap.
+ *
  * _Available since v4.1._
  */
 abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
@@ -25,7 +29,7 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
     error ERC3156UnsupportedToken(address token);
 
     /**
-     * @dev The requested loan exceeds the max loan amount for `token`.
+     * @dev The requested loan exceeds the max loan value for `token`.
      */
     error ERC3156ExceededMaxLoan(uint256 maxLoan);
 
@@ -38,6 +42,10 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
      * @dev Returns the maximum amount of tokens available for loan.
      * @param token The address of the token that is requested.
      * @return The amount of token that can be loaned.
+     *
+     * NOTE: This function does not consider any form of supply cap, so in case
+     * it's used in a token with a cap like {ERC20Capped}, make sure to override this
+     * function to integrate the cap instead of `type(uint256).max`.
      */
     function maxFlashLoan(address token) public view virtual returns (uint256) {
         return token == address(this) ? type(uint256).max - totalSupply() : 0;
@@ -48,14 +56,14 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
      * the {_flashFee} function which returns the fee applied when doing flash
      * loans.
      * @param token The token to be flash loaned.
-     * @param amount The amount of tokens to be loaned.
+     * @param value The amount of tokens to be loaned.
      * @return The fees applied to the corresponding flash loan.
      */
-    function flashFee(address token, uint256 amount) public view virtual returns (uint256) {
+    function flashFee(address token, uint256 value) public view virtual returns (uint256) {
         if (token != address(this)) {
             revert ERC3156UnsupportedToken(token);
         }
-        return _flashFee(token, amount);
+        return _flashFee(token, value);
     }
 
     /**
@@ -63,13 +71,13 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
      * implementation has 0 fees. This function can be overloaded to make
      * the flash loan mechanism deflationary.
      * @param token The token to be flash loaned.
-     * @param amount The amount of tokens to be loaned.
+     * @param value The amount of tokens to be loaned.
      * @return The fees applied to the corresponding flash loan.
      */
-    function _flashFee(address token, uint256 amount) internal view virtual returns (uint256) {
+    function _flashFee(address token, uint256 value) internal view virtual returns (uint256) {
         // silence warning about unused variable without the addition of bytecode.
         token;
-        amount;
+        value;
         return 0;
     }
 
@@ -87,13 +95,13 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
      * @dev Performs a flash loan. New tokens are minted and sent to the
      * `receiver`, who is required to implement the {IERC3156FlashBorrower}
      * interface. By the end of the flash loan, the receiver is expected to own
-     * amount + fee tokens and have them approved back to the token contract itself so
+     * value + fee tokens and have them approved back to the token contract itself so
      * they can be burned.
      * @param receiver The receiver of the flash loan. Should implement the
      * {IERC3156FlashBorrower-onFlashLoan} interface.
      * @param token The token to be flash loaned. Only `address(this)` is
      * supported.
-     * @param amount The amount of tokens to be loaned.
+     * @param value The amount of tokens to be loaned.
      * @param data An arbitrary datafield that is passed to the receiver.
      * @return `true` if the flash loan was successful.
      */
@@ -103,24 +111,24 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
     function flashLoan(
         IERC3156FlashBorrower receiver,
         address token,
-        uint256 amount,
+        uint256 value,
         bytes calldata data
     ) public virtual returns (bool) {
         uint256 maxLoan = maxFlashLoan(token);
-        if (amount > maxLoan) {
+        if (value > maxLoan) {
             revert ERC3156ExceededMaxLoan(maxLoan);
         }
-        uint256 fee = flashFee(token, amount);
-        _mint(address(receiver), amount);
-        if (receiver.onFlashLoan(msg.sender, token, amount, fee, data) != _RETURN_VALUE) {
+        uint256 fee = flashFee(token, value);
+        _mint(address(receiver), value);
+        if (receiver.onFlashLoan(_msgSender(), token, value, fee, data) != _RETURN_VALUE) {
             revert ERC3156InvalidReceiver(address(receiver));
         }
         address flashFeeReceiver = _flashFeeReceiver();
-        _spendAllowance(address(receiver), address(this), amount + fee);
+        _spendAllowance(address(receiver), address(this), value + fee);
         if (fee == 0 || flashFeeReceiver == address(0)) {
-            _burn(address(receiver), amount + fee);
+            _burn(address(receiver), value + fee);
         } else {
-            _burn(address(receiver), amount);
+            _burn(address(receiver), value);
             _transfer(address(receiver), flashFeeReceiver, fee);
         }
         return true;

contracts/token/ERC20/extensions/ERC20Pausable.sol

@@ -17,7 +17,7 @@ import {Pausable} from "../../../security/Pausable.sol";
  * addition to inheriting this contract, you must define both functions, invoking the
  * {Pausable-_pause} and {Pausable-_unpause} internal functions, with appropriate
  * access control, e.g. using {AccessControl} or {Ownable}. Not doing so will
- * make the contract unpausable.
+ * make the contract pause mechanism of the contract unreachable, and thus unusable.
  */
 abstract contract ERC20Pausable is ERC20, Pausable {
     /**
@@ -27,7 +27,7 @@ abstract contract ERC20Pausable is ERC20, Pausable {
      *
      * - the contract must not be paused.
      */
-    function _update(address from, address to, uint256 amount) internal virtual override whenNotPaused {
-        super._update(from, to, amount);
+    function _update(address from, address to, uint256 value) internal virtual override whenNotPaused {
+        super._update(from, to, value);
     }
 }

contracts/token/ERC20/extensions/ERC20Votes.sol

@@ -41,8 +41,8 @@ abstract contract ERC20Votes is ERC20, Votes {
      *
      * Emits a {IVotes-DelegateVotesChanged} event.
      */
-    function _update(address from, address to, uint256 amount) internal virtual override {
-        super._update(from, to, amount);
+    function _update(address from, address to, uint256 value) internal virtual override {
+        super._update(from, to, value);
         if (from == address(0)) {
             uint256 supply = totalSupply();
             uint256 cap = _maxSupply();
@@ -50,11 +50,14 @@ abstract contract ERC20Votes is ERC20, Votes {
                 revert ERC20ExceededSafeSupply(supply, cap);
             }
         }
-        _transferVotingUnits(from, to, amount);
+        _transferVotingUnits(from, to, value);
     }
 
     /**
-     * @dev Returns the balance of `account`.
+     * @dev Returns the voting units of an `account`.
+     *
+     * WARNING: Overriding this function may compromise the internal vote accounting.
+     * `ERC20Votes` assumes tokens map to voting units 1:1 and this is not easy to change.
      */
     function _getVotingUnits(address account) internal view virtual override returns (uint256) {
         return balanceOf(account);

contracts/token/ERC20/extensions/ERC20Wrapper.sol

@@ -51,22 +51,28 @@ abstract contract ERC20Wrapper is ERC20 {
     /**
      * @dev Allow a user to deposit underlying tokens and mint the corresponding number of wrapped tokens.
      */
-    function depositFor(address account, uint256 amount) public virtual returns (bool) {
+    function depositFor(address account, uint256 value) public virtual returns (bool) {
         address sender = _msgSender();
         if (sender == address(this)) {
             revert ERC20InvalidSender(address(this));
         }
-        SafeERC20.safeTransferFrom(_underlying, sender, address(this), amount);
-        _mint(account, amount);
+        if (account == address(this)) {
+            revert ERC20InvalidReceiver(account);
+        }
+        SafeERC20.safeTransferFrom(_underlying, sender, address(this), value);
+        _mint(account, value);
         return true;
     }
 
     /**
      * @dev Allow a user to burn a number of wrapped tokens and withdraw the corresponding number of underlying tokens.
      */
-    function withdrawTo(address account, uint256 amount) public virtual returns (bool) {
-        _burn(_msgSender(), amount);
-        SafeERC20.safeTransfer(_underlying, account, amount);
+    function withdrawTo(address account, uint256 value) public virtual returns (bool) {
+        if (account == address(this)) {
+            revert ERC20InvalidReceiver(account);
+        }
+        _burn(_msgSender(), value);
+        SafeERC20.safeTransfer(_underlying, account, value);
         return true;
     }