bridge.sol: check for overflow in transferFrom

2018-01-26 10:23:05 +01:00 · 2018-01-26 10:23:05 +01:00 · ddc54802dd
parent 1daa7bb6ad
commit ddc54802dd
4 changed files with 27 additions and 0 deletions
--- a/contracts/bridge.sol
+++ b/contracts/bridge.sol
@ -321,6 +321,8 @@ contract ForeignBridge {
        require(balances[from] >= tokens);
        // `sender` is allowed to move `tokens` from `from`
        require(allowed[from][msg.sender] >= tokens);
+        // fails if there is an overflow
+        require(balances[to] + tokens >= balances[to]);

        balances[to] += tokens;
        balances[from] -= tokens;
--- a/truffle/.node-xmlhttprequest-content-37792
+++ b/truffle/.node-xmlhttprequest-content-37792
@ -0,0 +1 @@
+{"err":null,"data":{"statusCode":200,"headers":{"access-control-allow-headers":"Origin, X-Requested-With, Content-Type, Accept","access-control-allow-origin":"*","access-control-allow-methods":"*","content-type":"application/json","date":"Fri, 26 Jan 2018 09:06:17 GMT","connection":"close","transfer-encoding":"chunked"},"text":"{\"id\":723,\"jsonrpc\":\"2.0\",\"result\":\"0x00000000000000056bc75e2d63100000\"}"}}
--- a/truffle/.node-xmlhttprequest-sync-37792
+++ b/truffle/.node-xmlhttprequest-sync-37792
--- a/truffle/test/foreign-erc20.js
+++ b/truffle/test/foreign-erc20.js
@ -226,4 +226,28 @@ contract('ForeignBridge', function(accounts) {
    }, function(err) {
    })
  })
+
+  it("transferFrom that results in overflow should fail", function() {
+    var meta;
+    var requiredSignatures = 1;
+    var authorities = [accounts[0], accounts[1]];
+    var userAccount = accounts[2];
+	var spenderAccount = accounts[3];
+    var recipientAccount = accounts[4];
+    var maxValue = web3.toWei("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "wei");
+    var hash = "0xe55bb43c36cdf79e23b4adc149cdded921f0d482e613c50c6540977c213bc408";
+    return ForeignBridge.new(requiredSignatures, authorities).then(function(instance) {
+      meta = instance;
+      return meta.deposit(recipientAccount, maxValue, hash, { from: authorities[0] });
+    }).then(function(result) {
+      return meta.deposit(userAccount, 1, hash, { from: authorities[0] });
+    }).then(function(result) {
+	  return meta.approve(spenderAccount, 1, {from: userAccount});
+    }).then(function(result) {
+      return meta.transferFrom(userAccount, recipientAccount, 1, { from: spenderAccount });
+    }).then(function(result) {
+      assert(false, "transfer should fail");
+    }, function(err) {
+    })
+  })
 })
				`@ -0,0 +1 @@`
				`{"err":null,"data":{"statusCode":200,"headers":{"access-control-allow-headers":"Origin, X-Requested-With, Content-Type, Accept","access-control-allow-origin":"","access-control-allow-methods":"","content-type":"application/json","date":"Fri, 26 Jan 2018 09:06:17 GMT","connection":"close","transfer-encoding":"chunked"},"text":"{\"id\":723,\"jsonrpc\":\"2.0\",\"result\":\"0x00000000000000056bc75e2d63100000\"}"}}`