Users / contracts should always be able to use transferFrom from themselves,
without setting approval or trust first.
Then transfer can just be defined as
function transfer(address guy, uint wad) {
transferFrom(msg.sender, guy, wad);
}
The following illustrates some nuances of this change:
// example of default-self-approval causing problems
contract UserVault is DSAuth {
DSToken token;
function allow(uint amount) auth {
token.approve(this, amount);
}
// previously, this would be limited by the approval set by `allow`,
// but with default-self-approval any amount can be withdrawn
function withdraw(uint amount) {
token.transferFrom(this, msg.sender, amount);
}
}
// how to properly implement this in default-self-approve world
contract SaneUserVault is DSAuth {
DSToken token;
uint allowed;
function allow(uint amount) auth {
allowed = amount;
}
function withdraw(uint amount) {
require(amount <= allowed);
allowed = sub(allowed, amount); // sub is overflow safe
token.transfer(msg.sender, amount);
}
}
Users / contracts should always be able to use
transferFrom
from themselves, without setting approval or trust first.Then
transfer
can just be defined asThe following illustrates some nuances of this change: