search

pendulum-chain / pendulum-solidity-wrapper

A collection of Solidity wrapper contracts emulating common ERC interfaces to grant access to runtime features on Pendulum.
GNU General Public License v3.0
0 stars 0 forks source link

Add zero-address checks to ERC20 wrapper #29

Closed ebma closed 1 year ago

ebma commented 1 year ago

This PR adds additional checks to some functions of the ERC20 wrapper contract. The changes adhere to the implementation of this contract. Note that it's not possible to revert with custom errors in Solang on Substrate. You can only revert with a string. That's why I decided to make the string at least have the same name as the custom errors used in this contract.

The auditors point out that we should consider adding additional checks to basically all accessible functions. I don't think this makes sense. I also checked if Aaves implementation of the IPriceOracleGetter interface has any zero-address checks and there is only one, here, which then uses some fallback oracle. Since we don't have a fallback oracle I decided not to change anything.

We might want to get back to the auditors and ask them how they would expect these zero-address checks to look like for all functions.

TorstenStueber commented 1 year ago

@ebma I am not sure what happens if we forget some of these checks: the 0 address has a particular semantics in the Ethereum world but in our runtime it is probably just treated like any other address. That's why such a check is important in a contract running on EVM but I don't even think that anything goes wrong in our case.

ebma commented 1 year ago

I also don't think much could go wrong in our case without the extra checks 👍