* Adding solhint, working on style fixes.
* Upgraded to solhint 1.5.0.
* Removed all references to Solium
* Updated mocks to make the pass the new linter rules.
* Reformatted the .solhint.json file a bit.
* Removed Solium configuration files.
* Remove Solium dependency.
* Add comment explaing disabled time rule in TokenVesting.
* Revert to the old (ugly?) style.
* Revert SignatureBouncerMock style.
* Fix ERC165InterfacesSupported interface.
* Now compiling in a separate directory using truffle 5.
* Ported to 0.5.1, now compiling using 0.5.1.
* test now also compiles using the truffle 5 hack.
* Downgraded to 0.5.0.
* Sorted scripts.
* Cleaned up the compile script a bit.
* signed safe math
* fix lint errors
* refactor overflow checks and add descriptions
* remove incorrect description
* add test for reversed arguments in multiplication test
* fix power operator
* improve multiplication test descriptions
* Update SafeMath.test.js
* add feature to changelog
* Added PausableCrowdsale contract
* Changed inheritance order to prevent "Linearization of inheritance graph impossible" error
* Updated mock PausableCrowdsaleImpl to new constructor syntax
* Broke function definition to multiple lines
Comply with new max line length
* Rename events to past-tense in PausableCrowdsale test
* Removed should.be.fullfilled from PausableCrowdsale tests
* Change import assertRevert to require in PausableCrowdsale tests
* Remove dependency on chai-as-promised and added BigNumber support in PausableCrowdsale tests
* reindent solidity with 4 spaces
* add missing view modifier in _preValidatePurchase
* convert assertRevert to new shoulFail helper
* add new setup helper
* use expectEvent
* convert to assert to chai should style
* add description to beforeEach blocks
* extract common step to beforeEach
* improve documentation
* revert inheritance error
* move PausableCrowdsale into crowdsale/validation
* make documentation more specific
* put whitespace in line with convention
* improve test suite account names
* undo beforeEach descriptions
* simplify tests
* fix transaction senders to be the anyone account
* make transaction senders more explicit
* remove mocha only
* Now only swapping when needed.
* Removed _addTokenTo and _removeTokenFrom
* Removed removeTokenFrom test.
* Added tests for ERC721 _mint and _burn
* _burn now uses the same swap and pop mechanism as _removeFromOwner
* Gas optimization on burn
* Added WhitelisterRole.
* Added WhitelisteeRole and WhitelistedCrowdsale.
* Added WhitelistedCrowdsale tests.
* Whitelisters can now remove Whitelistees.
* PublicRole.behavior now supports a manager account, added Whitelistee tests.
* Rephrased tests, added test for whitelistees doing invalid purchases.
* Fixed linter error.
* Fixed typos
Co-Authored-By: nventuro <nicolas.venturo@gmail.com>
* Working around JS quirks
Co-Authored-By: nventuro <nicolas.venturo@gmail.com>
* Update PublicRole.behavior.js
* Renamed WhitelisteeRole to WhitelistedRole.
* Renamed WhitelistedCrowdsale to WhitelistCrowdsale.
* Now using the new test helper.
* Added basic documentation.
* Added advanceBlock to time, moved tests around.
* Removed the standalone advanceBlock.
* Removed the 'id' field
* Fixed linter error.
* Removed the 'latest' test, since it only works if time hasn't been fast-forwarded.
* Removed .only directive.
* transferFrom now emits an Approval event, indicating the updated allowance.
* Updated burnFrom to also emit Approval.
* Added notices about the extra Approval events.
* Added inTransaction tests.
* Added expectEvent.inConstructor.
* Changed inTransaction, removed decodeLogs.
* Flipped comparison to improve the error message.
* Improved expectEvent tests.
* Migrated tests to use expectEvent.
* Added roles constructor tests.
* Fixed linter errors.
* Made lodash a dev dependency.
* Added more inLogs tests.
* Update expectEvent.test.js
* Removed lodash.
* Moved role constructor tests to public role behavior.
* Revert "Flipped comparison to improve the error message."
This reverts commit 438c57833d.
* Replaced chai-as-promised with shouldFail.
* Rolled back Travis stages
* Rolled back the rolled-back changes.
* Renamed jobs, coverage can no longer fail.
* Cleaned up the yaml file a bit.
* Updated coveralls badge.
Small change in test description, should be "allows to approve..." instead of "allow to transfer..." in approve section, where test actualy try to approve, not to transfer.
* Remove redundant require statements
Now that SafeMath uses require, the require statements are redundant. They were also previously inconsistent because they were only included in some functions, but not others
* Update ERC20.sol
* Made _clearApproval private, added clarifying comments in _addTokenTo and _removeTokenFrom.
* Added approval information.
(cherry picked from commit 8204f6a71f)
* Improved TokenVesting events.
* Added extra checks to TokenVesting.
* Renamed the events.
* Fixed linter error.
* Fixed a test that failed to cover a require.
* Renamed TokensRevoked to TokenVestingRevoked.
(cherry picked from commit 67dac7ae99)
* Replaced assertJump, assertRevert and expectThrow with shouldFail.
* Fixed linter errors.
* Fixed typo.
* Made the helpers async.
(cherry picked from commit b0da0fded0)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Use expectEvent to test logs (#1232)
* Removed trailing space
(cherry picked from commit 536262f2ec)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Destructure transaction object to extract logs field
(cherry picked from commit 947de54cee)
* Add Arrays library with unit tests (#1209)
* prepared due to snapshot token requirements
* add library with method to find upper bound
* add unit test for basic and edge cases
* Imporove documentation for Arrays library
Simplify Arrays.test.js to use short arrays as test date
* Added comment for uint256 mid variable.
* Explaned why uint256 mid variable calculated as Math.average is safe to use as index of array.
(cherry picked from commit f7e53d90fa)
* Improved TokenVesting events.
* Added extra checks to TokenVesting.
* Renamed the events.
* Fixed linter error.
* Fixed a test that failed to cover a require.
* Renamed TokensRevoked to TokenVestingRevoked.
* Add Arrays library with unit tests (#1209)
* prepared due to snapshot token requirements
* add library with method to find upper bound
* add unit test for basic and edge cases
* Imporove documentation for Arrays library
Simplify Arrays.test.js to use short arrays as test date
* Added comment for uint256 mid variable.
* Explaned why uint256 mid variable calculated as Math.average is safe to use as index of array.
* separate part of ERC721Mintable into ERC721MetadataMintable
* remove mint and burn from 721 tests
* Fixed linter error.
* fix ERC721 mint tests
* Minor fixes.
(cherry picked from commit 744f567f40)
* separate part of ERC721Mintable into ERC721MetadataMintable
* remove mint and burn from 721 tests
* Fixed linter error.
* fix ERC721 mint tests
* Minor fixes.
* Fixed a broken payment test
* In PR template, npm run lint:fix, not lint:all:fix
* In SplitPayment test, replaced an await-in-loop with Promise.all
(cherry picked from commit b79196f911)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Use expectEvent to test logs (#1232)
* Removed trailing space
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Destructure transaction object to extract logs field
* release candidate v2.0.0-rc.1
* fix linter error
(cherry picked from commit c12a1c6898)
* Roles now emit events in construction and when renouncing.
(cherry picked from commit 21198bf1c1)
* rename Index.currentId to current
* use += operator for clarity
* rename Counter.Index to Counter.Counter
* move Counter to drafts
(cherry picked from commit 3e55408cb5)
* Extract standard token behaviuor to reuse it in other tests
* Add opt in ERC20 migration contract
* Make migration contract not to depend from standard token
* Changes based on feedback
* Improve MigratableERC20 inline documentation
* move behaviors to behaviors directory
* refactor MigratableERC20 into ERC20Migrator
* fix errors
* change expectEvent to support multiple events with same name
* fix tests
* update documentation
* rename MigratableERC20 files to ERC20Migrator
* move to drafts
* test beginMigration
* rename to ERC20Migrator
* missing semicolon (╯°□°)╯︵ ┻━┻
* add non-zero check
* improve documentation based on review comments
* improve test descriptions
* improve docs
* add getters
* fix contract
* improve tests
* The role library now requires non-zero addresses.
* Fixed SignatureBouncer checks with null address.
* change ternary operator for or operator
* adapt to new variable name convention
* Update Roles.sol
* Role tests (#1228)
* Moved RBAC tests to access.
* Added Roles.addMany and tests.
* Fixed linter error.
* Now using uint256 indexes.
* Removed RBAC tokens (#1229)
* Deleted RBACCappedTokenMock.
* Removed RBACMintableToken.
* Removed RBACMintableToken from the MintedCrowdsale tests.
* Roles can now be transfered. (#1235)
* Roles can now be transfered.
* Now explicitly checking support for the null address.
* Now rejecting transfer to a role-haver.
* Added renounce, roles can no longer be transfered to 0.
* Fixed linter errors.
* Fixed a Roles test.
* True Ownership (#1247)
* Added barebones Secondary.
* Added transferPrimary
* Escrow is now Secondary instead of Ownable.
* Now reverting on transfers to 0.
* The Secondary's primary is now private.
* Improve encapsulation on ERC165
* Improve encapsulation on ERC20
* Improve encapsulation on ERC721
* Add tests, use standard getters
* fix tests
* Fix lint
* MintableToken using Roles (#1236)
* Minor test style improvements (#1219)
* Changed .eq to .equal
* Changed equal(bool) to .to.be.bool
* Changed be.bool to equal(bool), disallowed unused expressions.
* Add ERC165Query library (#1086)
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* Added mint and burn tests for zero amounts. (#1230)
* Changed .eq to .equal. (#1231)
* ERC721 pausable token (#1154)
* ERC721 pausable token
* Reuse of ERC721 Basic behavior for Pausable, split view checks in paused state & style fixes
* [~] paused token behavior
* Add some detail to releasing steps (#1190)
* add note about pulling upstream changes to release branch
* add comment about upstream changes in merging section
* Increase test coverage (#1237)
* Fixed a SplitPayment test
* Deleted unnecessary function.
* Improved PostDeliveryCrowdsale tests.
* Improved RefundableCrowdsale tests.
* Improved MintedCrowdsale tests.
* Improved IncreasingPriceCrowdsale tests.
* Fixed a CappedCrowdsale test.
* Improved TimedCrowdsale tests.
* Improved descriptions of added tests.
* ci: trigger docs update on tag (#1186)
* MintableToken now uses Roles.
* Fixed FinalizableCrowdsale test.
* Roles can now be transfered.
* Fixed tests related to MintableToken.
* Removed Roles.check.
* Renamed transferMintPermission.
* Moved MinterRole
* Fixed RBAC.
* Adressed review comments.
* Addressed review comments
* Fixed linter errors.
* Added Events tests of Pausable contract (#1207)
* Fixed roles tests.
* Rename events to past-tense (#1181)
* fix: refactor sign.js and related tests (#1243)
* fix: refactor sign.js and related tests
* fix: remove unused dep
* fix: update package.json correctly
* Added "_" sufix to internal variables (#1171)
* Added PublicRole test.
* Fixed crowdsale tests.
* Rename ERC interfaces to I prefix (#1252)
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* added explicit visibility (#1261)
* Remove underscores from event parameters. (#1258)
* Remove underscores from event parameters.
Fixes#1175
* Add comment about ERC
* Move contracts to subdirectories (#1253)
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* Remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner (#1254)
* remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner
* remove unused ERC223TokenMock
* remove Contactable
* remove TokenDestructible
* remove DeprecatedERC721
* inline Destructible#destroy in Bounty
* remove Destructible
* Functions in interfaces changed to "external" (#1263)
* Add a leading underscore to internal and private functions. (#1257)
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Improve encapsulation on SignatureBouncer, Whitelist and RBAC example (#1265)
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Addressed review comments.
* Fixed build error.
* move interface ids to implementation contracts
* Do not prefix getters
* Improve encapsulation on Crowdsales
* add missing tests
* remove only
* Improve encapsulation on Pausable
* add the underscore
* Improve encapsulation on ownership
* fix rebase
* fix ownership
* Improve encapsulation on payments
* Add missing tests
* add missing test
* Do not prefix getters
* Do not prefix getters
* Fix tests.
* Update modifiers to call public view functions.
Fixes#1179.
* Improve encapsulation on BreakInvariantBounty
* Make researchers private
* Improve encapsulation on Crowdsales
* add missing tests
* remove only
* Improve encapsulation on Pausable
* add the underscore
* Improve encapsulation on ownership
* fix rebase
* fix ownership
* Improve encapsulation on payments
* Add missing tests
* add missing test
* Do not prefix getters
* Do not prefix getters
* Do not prefix getters
* Fix tests.
* tmp
* remove isMinter
* fix is owner call
* fix isOpen
* Fix merge
* tmp
* Improve encapsulation on TimedCrowdsale
* Add missing parentheses
* Use prefix underscore for state variables and no underscore for parameters
* Improved Roles API. (#1280)
* Improved Roles API.
* fix linter error
* Added PauserRole. (#1283)
* remove duplicate function definition
* Remove Claimable, DelayedClaimable, Heritable (#1274)
* remove Claimable, DelayedClaimable, Heritable
* remove SimpleSavingsWallet example which used Heritable
(cherry picked from commit 0dc711732a)
* Role behavior tests (#1285)
* Added role tests.
* Added PauserRole tests to contracts that have that role.
* Added MinterRole tests to contracts that have that role.
* Fixed linter errors.
* Migrate Ownable to Roles (#1287)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Remove RBAC, SignatureBouncer refactor (#1289)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Moved SignatureBouncer tests.
* Deleted RBAC and Superuser.
* Deleted rbac directory.
* Updated readme.
* SignatureBouncer now uses SignerRole, renamed bouncer to signer.
* feat: implement ERC721Mintable and ERC721Burnable (#1276)
* feat: implement ERC721Mintable and ERC721Burnable
* fix: linting errors
* fix: remove unused mintable mock for ERC721BasicMock
* fix: add finishMinting tests
* fix: catch MintFinished typo
* inline ERC721Full behavior
* undo pretty formatting
* fix lint errors
* rename canMint to onlyBeforeMintingFinished for consistency with ERC20Mintable
* Fix the merge with the privatization branch
* fix lint
* Remove underscore
* Delete CapperRole.test.js
* fix increaseApproval
* rename {increase,decrease}Approval to {increase,decrease}Allowance
* add non-zero spender check to approve and {increase,decrease}Allowance
* Updated tests to reflect the new behavior.
* fix wrong test description
* fix old function names
* Fixed linter error.
* Fixed typo.
* Role tests (#1228)
* Moved RBAC tests to access.
* Added Roles.addMany and tests.
* Fixed linter error.
* Now using uint256 indexes.
* Removed RBAC tokens (#1229)
* Deleted RBACCappedTokenMock.
* Removed RBACMintableToken.
* Removed RBACMintableToken from the MintedCrowdsale tests.
* Roles can now be transfered. (#1235)
* Roles can now be transfered.
* Now explicitly checking support for the null address.
* Now rejecting transfer to a role-haver.
* Added renounce, roles can no longer be transfered to 0.
* Fixed linter errors.
* Fixed a Roles test.
* True Ownership (#1247)
* Added barebones Secondary.
* Added transferPrimary
* Escrow is now Secondary instead of Ownable.
* Now reverting on transfers to 0.
* The Secondary's primary is now private.
* MintableToken using Roles (#1236)
* Minor test style improvements (#1219)
* Changed .eq to .equal
* Changed equal(bool) to .to.be.bool
* Changed be.bool to equal(bool), disallowed unused expressions.
* Add ERC165Query library (#1086)
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* Added mint and burn tests for zero amounts. (#1230)
* Changed .eq to .equal. (#1231)
* ERC721 pausable token (#1154)
* ERC721 pausable token
* Reuse of ERC721 Basic behavior for Pausable, split view checks in paused state & style fixes
* [~] paused token behavior
* Add some detail to releasing steps (#1190)
* add note about pulling upstream changes to release branch
* add comment about upstream changes in merging section
* Increase test coverage (#1237)
* Fixed a SplitPayment test
* Deleted unnecessary function.
* Improved PostDeliveryCrowdsale tests.
* Improved RefundableCrowdsale tests.
* Improved MintedCrowdsale tests.
* Improved IncreasingPriceCrowdsale tests.
* Fixed a CappedCrowdsale test.
* Improved TimedCrowdsale tests.
* Improved descriptions of added tests.
* ci: trigger docs update on tag (#1186)
* MintableToken now uses Roles.
* Fixed FinalizableCrowdsale test.
* Roles can now be transfered.
* Fixed tests related to MintableToken.
* Removed Roles.check.
* Renamed transferMintPermission.
* Moved MinterRole
* Fixed RBAC.
* Adressed review comments.
* Addressed review comments
* Fixed linter errors.
* Added Events tests of Pausable contract (#1207)
* Fixed roles tests.
* Rename events to past-tense (#1181)
* fix: refactor sign.js and related tests (#1243)
* fix: refactor sign.js and related tests
* fix: remove unused dep
* fix: update package.json correctly
* Added "_" sufix to internal variables (#1171)
* Added PublicRole test.
* Fixed crowdsale tests.
* Rename ERC interfaces to I prefix (#1252)
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* added explicit visibility (#1261)
* Remove underscores from event parameters. (#1258)
* Remove underscores from event parameters.
Fixes#1175
* Add comment about ERC
* Move contracts to subdirectories (#1253)
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* Remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner (#1254)
* remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner
* remove unused ERC223TokenMock
* remove Contactable
* remove TokenDestructible
* remove DeprecatedERC721
* inline Destructible#destroy in Bounty
* remove Destructible
* Functions in interfaces changed to "external" (#1263)
* Add a leading underscore to internal and private functions. (#1257)
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Improve encapsulation on SignatureBouncer, Whitelist and RBAC example (#1265)
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Addressed review comments.
* Fixed build error.
* Improved Roles API. (#1280)
* Improved Roles API.
* fix linter error
* Added PauserRole. (#1283)
* Remove Claimable, DelayedClaimable, Heritable (#1274)
* remove Claimable, DelayedClaimable, Heritable
* remove SimpleSavingsWallet example which used Heritable
(cherry picked from commit 0dc711732a)
* Role behavior tests (#1285)
* Added role tests.
* Added PauserRole tests to contracts that have that role.
* Added MinterRole tests to contracts that have that role.
* Fixed linter errors.
* Migrate Ownable to Roles (#1287)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Remove RBAC, SignatureBouncer refactor (#1289)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Moved SignatureBouncer tests.
* Deleted RBAC and Superuser.
* Deleted rbac directory.
* Updated readme.
* SignatureBouncer now uses SignerRole, renamed bouncer to signer.
* feat: implement ERC721Mintable and ERC721Burnable (#1276)
* feat: implement ERC721Mintable and ERC721Burnable
* fix: linting errors
* fix: remove unused mintable mock for ERC721BasicMock
* fix: add finishMinting tests
* fix: catch MintFinished typo
* inline ERC721Full behavior
* undo pretty formatting
* fix lint errors
* rename canMint to onlyBeforeMintingFinished for consistency with ERC20Mintable
* Fix the merge with the privatization branch
* remove duplicate CapperRole test
* Improve encapsulation on ERC165
* Improve encapsulation on ERC20
* Improve encapsulation on ERC721
* Add tests, use standard getters
* fix tests
* Fix lint
* move interface ids to implementation contracts
* Do not prefix getters
* rename proposals directory to drafts directory
* move TokenVesting and SignatureBouncer to drafts/
* rename BouncerMock.sol to SignatureBouncerMock.sol
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* tests: use stages for the travis execution
Fixes#694
* add comments as suggested by @nventuro
* move the unit tests first, as suggested by @frangio
* make stages clearer as suggested by @nventuro
* tests: use stages for the travis execution
Fixes#694
* add comments as suggested by @nventuro
* move the unit tests first, as suggested by @frangio
* make stages clearer as suggested by @nventuro
* update the stage names as suggested by @frangio
* Run all tests in parallel
* added names
* make StandardToken state variables private
* simplify mocks
* document new internal functions
* fix link to ERC20 document
* revert order of Transfer and Mint events
* Revert "simplify mocks"
This reverts commit 371fe3e567.
* add tests for new internal functions
* add check for null account
* add checks for balances and allowance
* add inline docs to BurnableToken._burn
* remove redundant checks and clarify why
* Consolidted ERC20 Interface and Implementation Files
* Fixed CanReclaimToken's tests to use StandardTokenMock instead of BasicTokenMock
* Changed token's variable type in TokenTimelock to ERC20
* Merged the StandardBurnableToken with BurnableToken since it now inherits from StandardToken; Fixed TokenTimelock so it uses SafeERC20 for ERC20
* Fixed variable type for _token in TokenTimelock constructor
* Fixed linting warning in BurnableToken
* Added back burnFrom tests.
* Add an initial document for our release process
* add more detail and explanation to releasing guide
* fix details of the RELEASING.md document
* Update RELEASING.md
* Update RELEASING.md
* Update RELEASING.md
* Update RELEASING.md
* fixed visibility warnings
* solved visibility and line length warning
* change a test assertion that fails due to chai dependence update
* linter, constructor style and solved visibility warnings
* Changed Windows line endings to Unix.
* Add EditorConfig file.
This allows users with a wide variety of editors to easily code in
OpenZeppelin's preferred 2 space indentation code style.
See https://editorconfig.org for more information.
* Eslint: Always disallow trailing space
* Eslint: Error on missing EOL at file end
* Added an Architecture section that speaks to the different types of contracts
* Added a Tests section that provides high-level visibility into what is used for unit testing
* Added a How To Use and Modify OpenZeppelin Contracts section
* Added development principles to the existing Security section
We now ensure that if an exception is thrown while awaiting the promise,
the exception _has_ to be a revert. We throw 'Expected revert not
received' only afterwards. This solves any problems with confusing the
word 'revert'.
Fix#775
* Update StandardToken.sol
* Slight improvement in gas efficiency
Users tend to attempt to over-spend more than they attempt to burn non-burnable tokens. If the contract checks for overspending before assuring tokens are not being burnt a slight amount of gas might be saved in the long term.
* Assume that token is mintable.
* ECRecover test should revert because of wrong calldata size
* fix: use expectThrow
* fix: ignore failing test until solc^0.5.0
* Added basic Escrow
* PullPayment now uses an Escrow, removing all trust from the contract
* Abstracted the Escrow tests to a behaviour
* Added ConditionalEscrow
* Added RefundableEscrow.
* RefundableCrowdsale now uses a RefundEscrow, removed RefundVault.
* Renaming after code review.
* Added log test helper.
* Now allowing empty deposits and withdrawals.
* Style fixes.
* Minor review comments.
* Add Deposited and Withdrawn events, removed Refunded
* The base Escrow is now Ownable, users of it (owners) must provide methods to access it.
* Align ERC721 Receiver with current ERC721 standard.
Adds a second address field to onERC721Received
onERC721Received(address,address,uint256,bytes)
Updates the function signature to 0x150b7a02 from 0xf0b9e5ba
* Add _operator to onERC721Received
* Fix error caused by formatOnSave
* Fixed comments on ERC721Receiver
Removed "Must use 50,000 gas or less"
Corrected the function signature
* make _tokenId indexed in Transfer and Approval events
via: https://github.com/ethereum/EIPs/pull/1124/files
* fix: make name() and symbol() external instead of public
* feat: implement ERC721's ERC165
* feat: erc165 tests
* fix: don't use chai-as-promised in direct await
* fix: reorganize to /introspection
* feat: abstract all erc165 tests to a behavior
* feat: disallow registering 0xffffffff
* Refactoring Superuser contract to allow Owners to transfer ownership when they are not superusers #50
* Refactoring tests to create a contract instance for each of them #50
* update sha3 1.2.0 -> 1.2.2 for node 10 compatibility
* update nan 2.6.2 -> 2.10.0 for node 10 compatibility
* commit new package-lock.json format generated by npm 6
* added the RBACMintableToken
* added MintedCrowdsale with RBACMintableToken test
* added a mintable behaviour for tests
* moved minting tests in behaviour
* created a minted crowdsale behaviour to be tested with both mintable and rbacmintable token
* Update ERC827.sol to not use function overloading
* updated tests for erc827 function name changes
* fixed broken test
* removed findMethod from erc827 tests that is no longer necessary
* Add StandardBurnableToken implementation
BurnableToken that extends from StandardToken and adds a
burnFrom method that decrements allowance. Equivalent to
a transferFrom plus burn in a single operation.
* Return event object from expectEvent helper
* Add comment on Approval event in burnFrom function
* Improvements on burnable token tests
- Inject initial balance as a parameter to the behaviour
- Use expectEvent helper for assertions on events
- Use chai bignumber for numbers
- Change to bdd-style assertions
* fix: clean up solium linting errors
* fix: make various contracts natspec compliant
* fix: this.balance deprecated; convert to address(this).balance
* fix: contract.call deprecated and switch to gasleft()
* fix: ignore empty block rule project-wide
* fix: add ignore cases for the rest of the linting warnings
* Update to ganache-cli v6.1.0 and truffle v4.1.0
* Update to stable version of ganache-cli
* fix: update event emission warning
- Fix event emission warnings for solidity 4.21 after truffle has been
updated to use this version
* fix pr review comments
* update to truffle v4.1.5
* update package-lock
* add additional emit keywords
* update solidity-coverage to 0.4.15
* update to solium 1.1.6
* fix MerkleProof coverage analysis by testing through wrapper
* change version pragma to ^0.4.21
* fix solium linting errors
* Rename current ERC721 implementation to BaseERC721
* Implement ERC721 optional & approveAll functionality
* Support for new ERC721 interface
- Tests for new features are pending
- ERC721 is abstract, since it requires metadata implementation
- Move some methods into DeprecatedERC721 contract
- Reorganise base vs full implementation
- Pending tokenByIndex
* Add more tests for ERC721
* Implement suggestions by @dekz
* Update comments in ERC721 contracts
* Implement tokensByIndex extension
- Remove restrictions from mock mint and burn calls
* Add default implementation for metadata URI
This allows token implementation to be non-abstract
* Allow operators to call approve on a token
* Remove gas stipend restriction in call to 721 receiver
* Remove deprecated implementation
We only want to keep the interface, for interacting with already deployed contracts
* Add notice to isContract helper on constract constructors
* Change natspec delimiters for consistency
* Minor linting fixes
* Add constant modifier to ERC721_RECEIVED magic value
* Use 4-params safeTransferFrom for implementing the 3-params overload
* Minor text changes in natspec comments
* Use address(0) instead of 0 or 0x0
* Use if-statements instead of boolean one-liners for clarity
:-(
* Keep ownedTokensCount state var in sync in full ERC721 implementation
* Fix incorrect comparison when burning ERC721 tokens with metadata
* Use address(0) instead of 0 in one more place in ERC721
* Throw when querying balance for the zero address
Required by the spec
* Update links to approved version of EIP721
* Use explicit size for uint
* Remove unneeded internal function in ERC721
Also rename addToken and removeToken for added clarity
* Use underscore instead of 'do' prefix for internal methods in ERC721
* Fix failing test due to events reordering in ERC721 safe transfer
* Fix bug introduced in 74db03ba06
* Remove do prefix for internal setTokenUri method
* Allow transfers to self in ERC721
* Basic idea
* Fine tuning idea
* Add comments / tidy up Crowdsale base class
* fixed TimedCrowdsale constructor
* added simple crowdsale test
* added HODL directory under home to store unused contracts. ugly hack to solve Crowdsale selection in tests, better way?
* Capped no longer inherits from Timed, added capReached() method (replacing hasEnded())
* added SafeMath in TimedCrowdsale for safety, CHECK whether it is inherited from Crowdsale
* several fixes related to separating Capped from Timed. functions renamed, mocks changed. Capped tests passing
* added TimedCrowdsaleImpl.sol, TimedCrowdsale tests, passed
* added Whitelisted implementation and test, passed.
* removed unnecessary super constructor call in WhitelistedCrowdsale, removed unused dependencies in tests
* renamed UserCappedCrowdsale to IndividuallyCappedCrowdsale, implemented IndividuallyCappedCrowdsaleImpl.sol and corresponding tests, passed.
* homogeneized use of using SafeMath for uint256 across validation crowdsales. checked that it IS indeed inherited, but leaving it there as per Frans suggestion.
* adding questions.md where I track questions, bugs and progress
* modified VariablePriceCrowdsale, added Impl.
* finished VariablePrice, fixed sign, added test, passing.
* changed VariablePrice to IncreasingPrice, added corresponding require()
* MintedCrowdsale done, mock implemented, test passing
* PremintedCrowdsale done, mocks, tests passing
* checked FinalizableCrowdsale
* PostDeliveryCrowdsale done, mock, tests passing.
* RefundableCrowdsale done. Detached Vault. modified mock and test, passing
* renamed crowdsale-refactor to crowdsale in contracts and test
* deleted HODL old contracts
* polished variable names in tests
* fixed typos and removed comments in tests
* Renamed 'crowdsale-refactor' to 'crowdsale' in all imports
* Fix minor param naming issues in Crowdsale functions and added documentation to Crowdsale.sol
* Added documentation to Crowdsale extensions
* removed residual comments and progress tracking files
* added docs for validation crowdsales
* Made user promises in PostDeliveryCrowdsale public so that users can query their promised token balance.
* added docs for distribution crowdsales
* renamed PremintedCrowdsale to AllowanceCrowdsale
* added allowance check function and corresponding test. fixed filename in AllowanceCrowdsale mock.
* spilt Crowdsale _postValidatePurchase in _postValidatePurchase and _updatePurchasingState. changed IndividuallyCappedCrowdsale accordingly.
* polished tests for linter, salve Travis
* polished IncreasingPriceCrowdsale.sol for linter.
* renamed and polished for linter WhitelistedCrowdsale test.
* fixed indentation in IncreasingPriceCrowdsaleImpl.sol for linter
* fixed ignoring token.mint return value in MintedCrowdsale.sol
* expanded docs throughout, fixed minor issues
* extended test coverage for IndividuallyCappedCrowdsale
* Extended WhitelistedCrwodsale test coverage
* roll back decoupling of RefundVault in RefundableCrowdsale
* moved cap exceedance checks in Capped and IndividuallyCapped crowdsales to _preValidatePurchase to save gas
* revert name change, IndividuallyCapped to UserCapped
* extended docs.
* added crowd whitelisting with tests
* added group capping, plus tests
* added modifiers in TimedCrowdsale and WhitelistedCrowdsale
* polished tests for linter
* moved check of whitelisted to modifier, mainly for testing coverage
* fixed minor ordering/polishingafter review
* modified TimedCrowdsale modifier/constructor ordering
* unchanged truffle-config.js
* changed indentation of visibility modifier in mocks
* changed naming of modifier and function to use Open/Closed for TimedCrowdsale
* changed ordering of constructor calls in SampleCrowdsale
* changed startTime and endTime to openingTime and closingTime throughout
* fixed exceeding line lenght for linter
* renamed _emitTokens to _deliverTokens
* renamed addCrowdToWhitelist to addManyToWhitelist
* renamed UserCappedCrowdsale to IndividuallyCappedCrowdsale
* Modified Gitignore for Sublime
* Added getter functions for public variables
* Added encapsulation to Heritable public variables.
* Added encapsulation to Heritable public variables.
* Added encapsulation to Heritable public variables.
* Updated tests to use getter methods instead of, now, private variables.
* Conformed variable names to current conventions.
* Requested changes
* revert package-lock.json changes
add missing public identifier in approveData in SmartToken contract
remove constact from showMessage function in message helper contract
move Message helper contract to mocks folder
move SmartTokenMock contract to mocks folder
Throwing when trying to burn 0 tokens is an unnecessary special case.
If another contract wants to burn() a variable amount, it should not be forced to deal with this special case of burning 0.
If you don't do this, you'll receive this error:
```
❯ zeppelin npm install zeppelin-solidity
npm WARN saveError ENOENT: no such file or directory, open '/Users/et/package.json'
npm WARN enoent ENOENT: no such file or directory, open '/Users/et/package.json'
npm WARN et No description
npm WARN et No repository field.
npm WARN et No README data
npm WARN et No license field.
+ zeppelin-solidity@1.3.0
updated 1 package in 0.677s
```
The latest test case is not affected since the aproval is for
accounts[1], which does the transaction, and it is independent of
the amount of tokens that accounts[0] might have.
<!-- Briefly describe the issue you're experiencing. Tell us what you were trying to do and what happened instead. -->
<!-- Remember, this is not a place to ask for help debugging code. For that, we welcome you in the OpenZeppelin Slack channel: https://slack.openzeppelin.org/. -->
**💻 Environment**
<!-- Tell us what version of OpenZeppelin you're using, and how you're using it: Truffle, Remix, etc. -->
**📝 Details**
<!-- Describe the problem you have been experiencing in more detail. Include as much information as you think is relevant. Keep in mind that transactions can fail for many reasons; context is key here. -->
**🔢 Code to reproduce bug**
<!-- We will be able to better help if you provide a minimal example that triggers the bug. -->
* Removed most of the test suite from the npm package, except `PublicRole.behavior.js`, which may be useful to users testing their own `Roles`.
## 2.1.1 (2019-04-01)
* Version bump to avoid conflict in the npm registry.
## 2.1.0 (2019-04-01)
### New features:
* Now targeting the 0.5.x line of Solidity compilers. For 0.4.24 support, use version 2.0 of OpenZeppelin.
*`WhitelistCrowdsale`: a crowdsale where only whitelisted accounts (`WhitelistedRole`) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelist admins (`WhitelistAdminRole`). Similar to the pre-2.0 `WhitelistedCrowdsale`. ([#1525](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1525), [#1589](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1589))
*`RefundablePostDeliveryCrowdsale`: replacement for `RefundableCrowdsale` (deprecated, see below) where tokens are only granted once the crowdsale ends (if it meets its goal). ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))
*`PausableCrowdsale`: allows for pausers (`PauserRole`) to pause token purchases. Other crowdsale operations (e.g. withdrawals and refunds, if applicable) are not affected. ([#832](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/832))
*`ERC20`: `transferFrom` and `_burnFrom ` now emit `Approval` events, to represent the token's state comprehensively through events. ([#1524](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1524))
*`ERC721`: added `_burn(uint256 tokenId)`, replacing the similar deprecated function (see below). ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
*`ERC721`: added `_tokensOfOwner(address owner)`, allowing to internally retrieve the array of an account's owned tokens. ([#1522](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1522))
* Crowdsales: all constructors are now `public`, meaning it is not necessary to extend these contracts in order to deploy them. The exception is `FinalizableCrowdsale`, since it is meaningless unless extended. ([#1564](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1564))
*`SignedSafeMath`: added overflow-safe operations for signed integers (`int256`). ([#1559](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1559), [#1588](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1588))
### Improvements:
* The compiler version required by `Array` was behind the rest of the libray so it was updated to `v0.4.24`. ([#1553](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1553))
* Now conforming to a 4-space indentation code style. ([1508](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1508))
*`ERC20`: more gas efficient due to removed redundant `require`s. ([#1409](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1409))
*`ERC721`: fixed a bug that prevented internal data structures from being properly cleaned, missing potential gas refunds. ([#1539](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1539) and [#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
*`ERC721`: general gas savings on `transferFrom`, `_mint` and `_burn`, due to redudant `require`s and `SSTORE`s. ([#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
### Bugfixes:
### Breaking changes:
### Deprecations:
*`ERC721._burn(address owner, uint256 tokenId)`: due to the `owner` parameter being unnecessary. ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
*`RefundableCrowdsale`: due to trading abuse potential on crowdsales that miss their goal. ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))
We really appreciate and value contributions to OpenZeppelin. Please take 5' to review the items listed below to make sure that your contributions are merged as soon as possible.
These are some global design goals in Zeppelin.
## Contribution guidelines
### D0 - Security in Depth
We strive to provide secure, tested, audited code. To achieve this, we need to match intention with function. Thus, documentation, code clarity, community review and security discussions are fundamental.
Smart contracts manage value and are highly vulnerable to errors and attacks. We have very strict guidelines, please make sure to review them: ["Contribution guidelines wiki entry"](https://github.com/OpenZeppelin/openzeppelin-solidity/wiki/Contribution-guidelines).
### D1 - Simple and Modular
Simpler code means easier audits, and better understanding of what each component does. We look for small files, small contracts, and small functions. If you can separate a contract into two independent functionalities you should probably do it.
## Creating Pull Requests (PRs)
### D2 - Naming Matters
As a contributor, you are expected to fork this repository, work on your own fork and then submit pull requests. The pull requests will be reviewed and eventually merged into the main repo. See ["Fork-a-Repo"](https://help.github.com/articles/fork-a-repo/) for how this works.
We take our time with picking names. Code is going to be written once, and read hundreds of times. Renaming for clarity is encouraged.
*IMPORTANT*
* Please see ["Git flow wiki entry"](https://github.com/OpenZeppelin/openzeppelin-solidity/wiki/Git-flow) for understanding how to use branches in this repository.
### D3 - Tests
## A typical workflow
Write tests for all your code. We encourage Test Driven Development so we know when our code is right. Even though not all code in the repository is tested at the moment, we aim to test every line of code in the future.
1) Make sure your fork is up to date with the main repository:
NOTE: The directory `openzeppelin-solidity` represents your fork's local copy.
A very important way to prevent vulnerabilities is to catch a contract’s inconsistent state as early as possible. This is why we want functions to check pre- and post-conditions for executing its logic. When writing code, ask yourself what you are expecting to be true before and after the function runs, and express it in code.
### D5 - Code Consistency
Consistency on the way classes are used is paramount to an easier understanding of the library. The codebase should be as unified as possible. Read existing code and get inspired before you write your own. Follow the style guidelines. Don’t hesitate to ask for help on how to best write a specific piece of code.
### D6 - Regular Audits
Following good programming practices is a way to reduce the risk of vulnerabilities, but professional code audits are still needed. We will perform regular code audits on major releases, and hire security professionals to provide independent review.
## Style Guidelines
The design guidelines have quite a high abstraction level. These style guidelines are more concrete and easier to apply, and also more opinionated.
### General
#### G0 - Default to Solidity's official style guide.
Follow the official Solidity style guide: http://solidity.readthedocs.io/en/latest/style-guide.html
#### G1 - No Magic Constants
Avoid constants in the code as much as possible. Magic strings are also magic constants.
#### G2 - Code that Fails Early
We ask our code to fail as soon as possible when an unexpected input was provided or unexpected state was found.
#### G3 - Internal Amounts Must be Signed Integers and Represent the Smallest Units.
Avoid representation errors by always dealing with weis when handling ether. GUIs can convert to more human-friendly representations. Use Signed Integers (int) to prevent underflow problems.
### Testing
#### T1 - Tests Must be Written Elegantly
Style guidelines are not relaxed for tests. Tests are a good way to show how to use the library, and maintaining them is extremely necessary.
Don't write long tests, write helper functions to make them be as short and concise as possible (they should take just a few lines each), and use good variable names.
#### T2 - Tests Must not be Random
Inputs for tests should not be generated randomly. Accounts used to create test contracts are an exception, those can be random. Also, the type and structure of outputs should be checked.
### Documentation
TODO
## Pull Request Workflow
Our workflow is based on GitHub's pull requests. We use feature branches, prepended with: `test`, `feature`, `fix`, `refactor`, or `remove` according to the change the branch introduces. Some examples for such branches are:
```sh
git checkout -b test/some-module
git checkout -b feature/some-new-stuff
git checkout -b fix/some-bug
git checkout -b remove/some-file
2) Branch out from `master` into `fix/some-bug-#123`:
(Postfixing #123 will associate your PR with the issue #123 and make everyone's life easier =D)
```
git checkout -b fix/some-bug-#123
```
We expect pull requests to be rebased to the master branch before merging:
3) Make your changes, add your files, commit and push to your fork.
```
git add SomeFile.js
git commit "Fix some bug #123"
git push origin fix/some-bug-#123
```
Note that we require rebasing your branch instead of merging it, for commit readability reasons.
4) Go to [github.com/OpenZeppelin/openzeppelin-solidity](https://github.com/OpenZeppelin/zeppelin-solidity) in your web browser and issue a new pull request.
After that, you can push the changes to your fork, by doing:
```sh
git push origin your_branch_name
git push origin feature/some-new-stuff
git push origin fix/some-bug
```
*IMPORTANT* Read the PR template very carefully and make sure to follow all the instructions. These instructions
refer to some very important conditions that your PR must meet in order to be accepted, such as making sure that all tests pass, JS linting tests pass, solidity linting tests pass, etc.
Finally go to [github.com/OpenZeppelin/zeppelin-solidity](https://github.com/OpenZeppelin/zeppelin-solidity) in your web browser and issue a new pull request.
5) Maintainers will review your code and possibly ask for changes before your code is pulled in to the main repository. We'll check that all tests pass, review the coding style, and check for general code correctness. If everything is OK, we'll merge your pull request and your code will be part of OpenZeppelin.
Main contributors will review your code and possibly ask for changes before your code is pulled in to the main repository. We'll check that all tests pass, review the coding style, and check for general code correctness. If everything is OK, we'll merge your pull requestand your code will be part of Zeppelin.
*IMPORTANT* Please pay attention to the maintainer's feedback, since its a necessary step to keep up with the standards OpenZeppelin attains to.
If you have any questions feel free to post them to
Finally, if you're looking to collaborate and want to find easy tasks to start, [look at the issues we marked as easy](https://github.com/OpenZeppelin/zeppelin-solidity/labels/easy).
If you have any questions feel free to post them to github.com/OpenZeppelin/openzeppelin-solidity/issues.
Finally, if you're looking to collaborate and want to find easy tasks to start, look at the issues we marked as ["Good first issue"](https://github.com/OpenZeppelin/openzeppelin-solidity/labels/good%20first%20issue).
With Zeppelin, you can build distributed applications, protocols and organizations:
- using common contract security patterns (See [Onward with Ethereum Smart Contract Security](https://medium.com/bitcorps-blog/onward-with-ethereum-smart-contract-security-97a827e47702#.y3kvdetbz))
- in the [Solidity language](http://solidity.readthedocs.io/en/develop/).
**OpenZeppelin is a library for secure smart contract development.** It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems.
> NOTE: New to smart contract development? Check our [introductory guide](https://medium.com/zeppelin-blog/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05#.cox40d2ut).
## Install
## Getting Started
Zeppelin integrates with [Truffle](https://github.com/ConsenSys/truffle), an Ethereum development environment. Please install Truffle and initialize your project with `truffle init`.
```sh
npm install -g truffle
mkdir myproject &&cd myproject
truffle init
```
npm install openzeppelin-solidity
```
To install the Zeppelin library, run:
```sh
npm i zeppelin-solidity
```
## Usage
After that, you'll get all the library's contracts in the `contracts/zeppelin` folder. You can use the contracts in the library like so:
To write your custom contracts, import ours and extend them through inheritance.
> NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome.
#### Truffle Beta Support
We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so:
```js
import"zeppelin-solidity/contracts/Ownable.sol";
contractMyContractisOwnable{
...
}
```
For more info see [the Truffle Beta package management tutorial](http://truffleframework.com/tutorials/package-management).
> You need an ethereum development framework for the above import statements to work! Check out these guides for [Truffle] or [Embark].
On our site you will find a few [guides] to learn about the diferent parts of OpenZeppelin, as well as [documentation for the API][API docs]. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in [our Slack][Slack].
## Security
Zeppelin is meant to provide secure, tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problem you might experience.
If you find a security issue, please email [security@openzeppelin.org](mailto:security@openzeppelin.org).
OpenZeppelin the project is maintained by [Zeppelin] the company, and developed following our high standards for code quality and security. OpenZeppelin is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.
## Developer Resources
The core development principles and strategies that OpenZeppelin is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.
Building a distributed application, protocol or organization with Zeppelin?
Please report any security issues you find to security@openzeppelin.org.
## Collaborating organizations and audits by Zeppelin
- [Golem](https://golem.network/)
- [Mediachain](http://www.mediachain.io/)
- [Truffle](http://truffleframework.com/)
- [Firstblood](http://firstblood.io/)
- [Rootstock](http://www.rsk.co/)
- [Consensys](https://consensys.net/)
- [DigixGlobal](https://www.dgx.io/)
- [Coinfund](https://coinfund.io/)
- [DemocracyEarth](http://democracy.earth/)
- [Signatura](https://signatura.co/)
- [Ether.camp](http://www.ether.camp/)
- [Aragon](https://aragon.one/)
among others...
## Contribute
OpenZeppelin exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the [contribution guide]!
## License
Code released under the [MIT License](https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/LICENSE).
OpenZeppelin is released under the [MIT License](LICENSE).
This document describes our release process, and contains the steps to be followed by an OpenZeppelin maintainer at the several stages of a release.
We release a new version of OpenZeppelin monthly. Release cycles are tracked in the [issue milestones](https://github.com/OpenZeppelin/openzeppelin-solidity/milestones).
Each release has at least one release candidate published first, intended for community review and any critical fixes that may come out of it. At the moment we leave 1 week between the first release candidate and the final release.
Before starting make sure to verify the following items.
* Your local `master` branch is in sync with your `upstream` remote (it may have another name depending on your setup).
* Your repo is clean, particularly with no untracked files in the contracts and tests directories. Verify with `git clean -n`.
## Creating the release branch
We'll refer to a release `vX.Y.Z`.
```
git checkout master
git checkout -b release-vX.Y.Z
```
## Creating a release candidate
Once in the release branch, change the version string in `package.json`, `package-lock.json` and `ethpm.json` to `X.Y.Z-rc.R`. (This will be `X.Y.Z-rc.1` for the first release candidate.) Commit these changes and tag the commit as `vX.Y.Z-rc.R`.
```
git add package.json package-lock.json ethpm.json
git commit -m "Release candidate vX.Y.Z-rc.R"
git tag -a vX.Y.Z-rc.R
git push upstream release-vX.Y.Z
git push upstream vX.Y.Z-rc.R
```
Draft the release notes in our [GitHub releases](https://github.com/OpenZeppelin/openzeppelin-solidity/releases). Make sure to mark it as a pre-release! Try to be consistent with our previous release notes in the title and format of the text. Release candidates don't need a detailed changelog, but make sure to include a link to GitHub's compare page.
Once the CI run for the new tag is green, publish on npm under the `next` tag. You should see the contracts compile automatically.
```
npm publish --tag next
```
Publish the release notes on GitHub and ask our community manager to announce the release candidate on at least Slack and Twitter.
## Creating the final release
Make sure to have the latest changes from `upstream` in your local release branch.
```
git checkout release-vX.Y.Z
git pull upstream
```
Change the version string in `package.json`, `package-lock.json` and `ethpm.json` removing the "-rc.R" suffix. Commit these changes and tag the commit as `vX.Y.Z`.
```
git add package.json package-lock.json ethpm.json
git commit -m "Release vX.Y.Z"
git tag -a vX.Y.Z
git push upstream vX.Y.Z
```
Draft the release notes in GitHub releases. Try to be consistent with our previous release notes in the title and format of the text. Make sure to include a detailed changelog.
Once the CI run for the new tag is green, publish on npm. You should see the contracts compile automatically.
```
npm publish
```
Publish the release notes on GitHub and ask our community manager to announce the release!
Delete the `next` tag in the npm package as there is no longer a release candidate.
```
npm dist-tag rm --otp $2FA_CODE openzeppelin-solidity next
```
## Merging the release branch
After the final release, the release branch should be merged back into `master`. This merge must not be squashed because it would lose the tagged release commit. Since the GitHub repo is set up to only allow squashed merges, the merge should be done locally and pushed.
Make sure to have the latest changes from `upstream` in your local release branch.
Zeppelin requested that New Alchemy perform an audit of the contracts in their OpenZeppelin library. The OpenZeppelin contracts are a set of contracts intended to be a safe building block for a variety of uses by parties that may not be as sophisticated as the OpenZeppelin team. It is a design goal that the contracts be deployable safely and "as-is".
The contracts are hosted at:
https://github.com/OpenZeppelin/zeppelin-solidity
All the contracts in the "contracts" folder are in scope.
The git commit hash we evaluated is:
9c5975a706b076b7000e8179f8101e0c61024c87
# Disclaimer
The audit makes no statements or warrantees about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about fitness of the contracts to purpose, or their bugfree status. The audit documentation is for discussion purposes only.
# Executive Summary
Overall the OpenZeppelin codebase is of reasonably high quality -- it is clean, modular and follows best practices throughout.
It is still in flux as a codebase, and needs better documentation per file as to expected behavior and future plans. It probably needs more comprehensive and aggressive tests written by people less nice than the current OpenZeppelin team.
We identified two critical errors and one moderate issue, and would not recommend this commit hash for public use until these bugs are remedied.
The repository includes a set of Truffle unit tests, a requirement and best practice for smart contracts like these; we recommend these be bulked up.
# Discussion
## Big Picture: Is This A Worthwhile Project?
As soon as a developer touches OpenZeppelin contracts, they will modify something, leaving them in an un-audited state. We do not recommend developers deploy any unaudited code to the Blockchain if it will handle money, information or other things of value.
> "In accordance with Unix philosophy, Perl gives you enough rope to hang yourself"
> --Larry Wall
We think this is an incredibly worthwhile project -- aided by the high code quality. Creating a framework that can be easily extended helps increase the average code quality on the Blockchain by charting a course for developers and encouraging containment of modifications to certain sections.
> "Rust: The language that makes you take the safety off before shooting yourself in the foot"
> -- (@mbrubeck)
We think much more could be done here, and recommend the OpenZeppelin team keep at this and keep focusing on the design goal of removing rope and adding safety.
## Solidity Version Updates Recommended
Most of the code uses Solidity 0.4.11, but some files under `Ownership` are marked 0.4.0. These should be updated.
Solidity 0.4.10 will add several features which could be useful in these contracts:
-`assert(condition)`, which throws if the condition is false
-`revert()`, which rolls back without consuming all remaining gas.
-`address.transfer(value)`, which is like `send` but automatically propagates exceptions, and supports `.gas()`. See https://github.com/ethereum/solidity/issues/610 for more on this.
## Error Handling: Throw vs Return False
Solidity standards allow two ways to handle an error -- either calling `throw` or returning `false`. Both have benefits. In particular, a `throw` guarantees a complete wipe of the call stack (up to the preceding external call), whereas `false` allows a function to continue.
In general we prefer `throw` in our code audits, because it is simpler -- it's less for an engineer to keep track of. Returning `false` and using logic to check results can quickly become a poorly-tracked state machine, and this sort of complexity can cause errors.
In the OpenZeppelin contracts, both styles are used in different parts of the codebase. `SimpleToken` transfers throw upon failure, while the full ERC20 token returns `false`. Some modifiers `throw`, others just wrap the function body in a conditional, effectively allowing the function to return false if the condition is not met.
We don't love this, and would usually recommend you stick with one style or the other throughout the codebase.
In at least one case, these different techniques are combined cleverly (see the Multisig comments, line 65). As a set of contracts intended for general use, we recommend you either strive for more consistency or document explicit design criteria that govern which techniques are used where.
Note that it may be impossible to use either one in all situations. For example, SafeMath functions pretty much have to throw upon failure, but ERC20 specifies returning booleans. Therefore we make no particular recommendations, but simply point out inconsistencies to consider.
# Critical Issues
## Stuck Ether in Crowdsale contract
CrowdsaleToken.sol has no provision for withdrawing the raised ether. We *strongly* recommend a standard `withdraw` function be added. There is no scenario in which someone should deploy this contract as is, whether for testing or live.
## Recursive Call in MultisigWallet
Line 45 of `MultisigWallet.sol` checks if the amount being sent by `execute` is under a daily limit.
This function can only be called by the "Owner". As a first angle of attack, it's worth asking what will happen if the multisig wallet owners reset the daily limit by approving a call to `resetSpentToday`.
If a chain of calls can be constructed in which the owner confirms the `resetSpentToday` function and then withdraws through `execute` in a recursive call, the contract can be drained. In fact, this could be done without a recursive call, just through repeated `execute` calls alternating with the `confirm` calls.
We are still working through the confirmation protocol in `Shareable.sol`, but we are not convinced that this is impossible, in fact it looks possible. The flexibility any shared owner has in being able to revoke confirmation later is another worrisome angle of approach even if some simple patches are included.
This bug has a number of causes that need to be addressed:
1.`resetSpentToday` and `confirm` together do not limit the days on which the function can be called or (it appears) the number of times it can be called.
1. Once a call has been confirmed and `execute`d it appears that it can be re-executed. This is not good.
3.`confirmandCheck` doesn't seem to have logic about whether or not the function in question has been called.
4. Even if it did, `revoke` would need updates and logic to deal with revocation requests after a function call had been completed.
We do not recommend using the MultisigWallet until these issues are fixed.
# Moderate to Minor Issues
## PullPayment
PullPayment.sol needs some work. It has no explicit provision for cancelling a payment. This would be desirable in a number of scenarios; consider a payee losing their wallet, or giving a griefing address, or just an address that requires more than the default gas offered by `send`.
`asyncSend` has no overflow checking. This is a bad plan. We recommend overflow and underflow checking at the layer closest to the data manipulation.
`asyncSend` allows more balance to be queued up for sending than the contract holds. This is probably a bad idea, or at the very least should be called something different. If the intent is to allow this, it should have provisions for dealing with race conditions between competing `withdrawPayments` calls.
It would be nice to see how many payments are pending. This would imply a bit of a rewrite; we recommend this contract get some design time, and that developers don't rely on it in its current state.
## Shareable Contract
We do not believe the `Shareable.sol` contract is ready for primetime. It is missing functions, and as written may be vulnerable to a reordering attack -- an attack in which a miner or other party "racing" with a smart contract participant inserts their own information into a list or mapping.
The confirmation and revocation code needs to be looked over with a very careful eye imagining extraordinarily bad behavior by shared owners before this contract can be called safe.
No sanity checks on the initial constructor's `required` argument are worrisome as well.
# Line by Line Comments
## Lifecycle
### Killable
Very simple, allows owner to call selfdestruct, sending funds to owner. No issues. However, note that `selfdestruct` should typically not be used; it is common that a developer may want to access data in a former contract, and they may not understand that `selfdestruct` limits access to the contract. We recommend better documentation about this dynamic, and an alternate function name for `kill` like `completelyDestroy` while `kill` would perhaps merely send funds to the owner.
Also note that a killable function allows the owner to take funds regardless of other logic. This may be desirable or undesirable depending on the circumstances. Perhaps `Killable` should have a different name as well.
### Migrations
I presume that the goal of this contract is to allow and annotate a migration to a new smart contract address. We are not clear here how this would be accomplished by the code; we'd like to review with the OpenZeppelin team.
### Pausable
We like these pauses! Note that these allow significant griefing potential by owners, and that this might not be obvious to participants in smart contracts using the OpenZeppelin framework. We would recommend that additional sample logic be added to for instance the TokenContract showing safer use of the pause and resume functions. In particular, we would recommend a timelock after which anyone could unpause the contract.
The modifers use the pattern `if(bool){_;}`. This is fine for functions that return false upon failure, but could be problematic for functions expected to throw upon failure. See our comments above on standardizing on `throw` or `return(false)`.
## Ownership
### Ownable
Line 19: Modifier throws if doesn't meet condition, in contrast to some other inheritable modifiers (e.g. in Pausable) that use `if(bool){_;}`.
### Claimable
Inherits from Ownable but the existing owner sets a pendingOwner who has to claim ownership.
Line 17: Another modifier that throws.
### DelayedClaimable
Is there any reason to descend from Ownable directly, instead of just Claimable, which descends from Ownable? If not, descending from both just adds confusion.
### Contactable
Allows owner to set a public string of contract information. No issues.
### Shareable
This needs some work. Doesn't check if `_required <= len(_owners)` for instance, that would be a bummer. What if _required were like `MAX - 1`?
I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recomment single character differences in variable names, although a preceding underscore is not uncommon in Solidity code.
Line 34: "this contract only has six types of events"...actually only two.
Line 61: Why is `ownerIndex` keyed by addresses hashed to `uint`s? Why not use the addresses directly, so `ownerIndex` is less obscure, and so there's stronger typing?
Line 62: Do not love `++i) ... owners[2+ i]`. Makes me do math, which is not what I want to do. I want to not have to do math.
There should probably be a function for adding a new operation, so the developer doesn't have to work directly with the internal data. (This would make the multisig contract even shorter.)
There's a `revoke` function but not a `propose` function that we can see.
Beware reordering. If `propose` allows the user to choose a bytes string for their proposal, bad things(TM) will happen as currently written.
### Multisig
Just an interface. Note it allows changing an owner address, but not changing the number of owners. This is somewhat limiting but also simplifies implementation.
## Payment
### PullPayment
Safe from reentrance attack since ether send is at the end, plus it uses `.send()` rather than `.call.value()`.
There's an argument to be made that `.call.value()` is a better option *if* you're sure that it will be done after all state updates, since `.send` will fail if the recipient has an expensive fallback function. However, in the context of a function meant to be embedded in other contracts, it's probably better to use `.send`. One possible compromise is to add a function which allows only the owner to send ether via `.call.value`.
If you don't use `call.value` you should implement a `cancel` function in case some value is pending here.
Line 14:
Doesn't use safeAdd. Although it appears that payout amounts can only be increased, in fact the payer could lower the payout as much as desired via overflow. Also, the payer could add a large non-overflowing amount, causing the payment to exceed the contract balance and therefore fail when withdraw is attempted.
Recommendation: track the sum of non-withdrawn asyncSends, and don't allow a new one which exceeds the leftover balance. If it's ever desirable to make payments revocable, it should be done explicitly.
## Tokens
### ERC20
Standard ERC20 interface only.
There's a security hole in the standard, reported at Edcon: `approve` does not protect against race conditions and simply replaces the current value. An approved spender could wait for the owner to call `approve` again, then attempt to spend the old limit before the new limit is applied. If successful, this attacker could successfully spend the sum of both limits.
This could be fixed by either (1) including the old limit as a parameter, so the update will fail if some gets spent, or (2) using the value parameter as a delta instead of replacement value.
This is not fixable while adhering to the current full ERC20 standard, though it would be possible to add a "secureApprove" function. The impact isn't extreme since at least you can only be attacked by addresses you approved. Also, users could mitigate this by always setting spending limits to zero and checking for spends, before setting the new limit.
Simpler interface skipping the Approve function. Note this departs from ERC20 in another way: transfer throws instead of returning false.
### BasicToken
Uses `SafeSub` and `SafeMath`, so transfer `throw`s instead of returning false. This complies with ERC20Basic but not the actual ERC20 standard.
### StandardToken
Implementation of full ERC20 token.
Transfer() and transferFrom() use SafeMath functions, which will cause them to throw instead of returning false. Not a security issue but departs from standard.
### SimpleToken
Sample instantiation of StandardToken. Note that in this sample, decimals is 18 and supply only 10,000, so the supply is a small fraction of a single nominal token.
### CrowdsaleToken
StandardToken which mints tokens at a fixed price when sent ether.
There's no provision for owner withdrawing the ether. As a sample for crowdsales it should be Ownable and allow the owner to withdraw ether, rather than stranding the ether in the contract.
Note: an alternative pattern is a mint() function which is only callable from a separate crowdsale contract, so any sort of rules can be added without modifying the token itself.
### VestedToken
Lines 23, 27:
Functions `transfer()` and `transferFrom()` have a modifier canTransfer which throws if not enough tokens are available. However, transfer() returns a boolean success. Inconsistent treatment of failure conditions may cause problems for other contracts using the token. (Note that transferableTokens() relies on safeSub(), so will also throw if there's insufficient balance.)
Line 64:
Delete not actually necessary since the value is overwritten in the next line anyway.
## Root level
### Bounty
Avoids potential race condition by having each researcher deploy a separate contract for attack; if a research manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts.
A developer could subvert this intent by implementing `deployContract()` to always return the same address. However, this would break the `researchers` mapping, updating the researcher address associated with the contract. This could be prevented by blocking rewrites in `researchers`.
### DayLimit
The modifier `limitedDaily` calls `underLimit`, which both checks that the spend is below the daily limit, and adds the input value to the daily spend. This is fine if all functions throw upon failure. However, not all OpenZeppelin functions do this; there are functions that returns false, and modifiers that wrap the function body in `if (bool) {_;}`. In these cases, `_value` will be added to `spentToday`, but ether may not actually be sent because other preconditions were not met. (However in the OpenZeppelin multisig this is not a problem.)
Lines 4, 11:
Comment claims that `DayLimit` is multiowned, and Shareable is imported, but DayLimit does not actually inherit from Shareable. The intent may be for child contracts to inherit from Shareable (as Multisig does); in this case the import should be removed and the comment altered.
Line 46:
Manual overflow check instead of using safeAdd. Since this is called from a function that throws upon failure anyway, there's no real downside to using safeAdd.
### LimitBalance
No issues.
### MultisigWallet
Lines 28, 76, 80:
`kill`, `setDailyLimit`, and `resetSpentToday` only happen with multisig approval, and hashes for these actions are logged by Shareable. However, they should probably post their own events for easy reading.
Line 45:
This call to underLimit will reduce the daily limit, and then either throw or return 0. So in this case there's no danger that the limit will be reduced without the operation going through.
Line 65:
Shareable's onlyManyOwners will take the user's confirmation, and execute the function body if and only if enough users have confirmed. Whole thing throws if the send fails, which will roll back the confirmation. Confirm returns false if not enough have confirmed yet, true if the whole thing succeeds, and throws only in the exceptional circumstance that the designated transaction unexpectedly fails. Elegant design.
Line 68:
Throw here is good but note this function can fail either by returning false or by throwing.
Line 92:
A bit odd to split `clearPending()` between this contract and Shareable. However this does allow contracts inheriting from Shareable to use custom structs for pending transactions.
### SafeMath
Another interesting comment from the same Edcon presentation was that the overflow behavior of Solidity is undocumented, so in theory, source code that relies on it could break with a future revision.
However, compiled code should be fine, and in the unlikely event that the compiler is revised in this way, there should be plenty of warning. (But this is an argument for keeping overflow checks isolated in SafeMath.)
The following provides visibility into how OpenZeppelin's contracts are organized:
- **access** - Smart contracts that enable functionality that can be used for selective restrictions and basic authorization control functions.
- **crowdsale** - A collection of smart contracts used to manage token crowdsales that allow investors to purchase tokens with ETH. Includes a base contract which implements fundamental crowdsale functionality in its simplest form. The base contract can be extended in order to satisfy your crowdsale’s specific requirements.
- **distribution** - Includes extensions of the base crowdsale contract which can be used to customize the completion of a crowdsale.
- **emission** - Includes extensions of the base crowdsale contract which can be used to mint and manage how tokens are issued to purchasers.
- **price** - Includes extensions of the crowdsale contract that can be used to manage changes in token prices.
- **validation** - Includes extensions of the crowdsale contract that can be used to enforce restraints and limit access to token purchases.
- **examples** - A collection of simple smart contracts that demonstrate how to add new features to base contracts through multiple inheritance.
- **introspection** - An interface that can be used to make a contract comply with the ERC-165 standard as well as a contract that implements ERC-165 using a lookup table.
- **lifecycle** - A collection of base contracts used to manage the existence and behavior of your contracts and their funds.
- **math** - Libraries with safety checks on operations that throw on errors.
- **mocks** - A collection of abstract contracts that are primarily used for unit testing. They also serve as good usage examples and demonstrate how to combine contracts with inheritance when developing your own custom applications.
- **ownership** - A collection of smart contracts that can be used to manage contract and token ownership
- **payment** - A collection of smart contracts that can be used to manage payments through escrow arrangements, withdrawals, and claims. Includes support for both single payees and multiple payees.
- **proposals** - A collection of smart contracts that reflect community Ethereum Improvement Proposals (EIPs). These contracts are under development and standardization. They are not recommended for production, but they are useful for experimentation with pending EIP standards. Go [here](https://github.com/OpenZeppelin/openzeppelin-solidity/wiki/ERC-Process) for more information.
- **token** - A collection of approved ERC standard tokens -- their interfaces and implementations.
- **ERC20** - A standard interface for fungible tokens:
- *Interfaces* - Includes the ERC-20 token standard basic interface. I.e., what the contract’s ABI can represent.
- *Implementations* - Includes ERC-20 token implementations that include all required and some optional ERC-20 functionality.
- **ERC721** - A standard interface for non-fungible tokens
- *Interfaces* - Includes the ERC-721 token standard basic interface. I.e., what the contract’s ABI can represent.
- *Implementations* - Includes ERC-721 token implementations that include all required and some optional ERC-721 functionality.
* This bounty will pay out to a researcher if they break invariant logic of the contract.
*/
contractBountyisPullPayment,Killable{
boolpublicclaimed;
mapping(address=>address)publicresearchers;
eventTargetCreated(addresscreatedAddress);
function()payable{
if(claimed){
throw;
}
}
functioncreateTarget()returns(Target){
Targettarget=Target(deployContract());
researchers[target]=msg.sender;
TargetCreated(target);
returntarget;
}
functiondeployContract()internalreturns(address);
functionclaim(Targettarget){
addressresearcher=researchers[target];
if(researcher==0){
throw;
}
// Check Target contract invariants
if(target.checkInvariant()){
throw;
}
asyncSend(researcher,this.balance);
claimed=true;
}
}
/*
* Target
*
* Your main contract should inherit from this class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
