OpenZeppelin / openzeppelin-contracts

OpenZeppelin Contracts is a library for secure smart contract development.
https://openzeppelin.com/contracts
MIT License
24.89k stars 11.78k forks source link

Opinion on checking the parameter in Crowdsale #545

Closed rstormsf closed 6 years ago

rstormsf commented 6 years ago

I was thinking of adding this check: require(beneficiary == msg.sender); to https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/crowdsale/Crowdsale.sol#L70

Any opinions? I believe that's if someone calls from low level, we need to make sure they are doing it correctly.

frangio commented 6 years ago

Actually the buyTokens method is designed so that anyone can execute a purchase for another beneficiary! So the check goes against the intended semantics.

rstormsf commented 6 years ago

got it. makes sense.