Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-06-24 14:40:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update redacted-cartel.md

Browse source
This commit is contained in:
bt3gl 2022-06-12 17:00:44 -07:00 committed by GitHub
parent 94498b45d4
commit 47ded51c43
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

34
Top-Immunefi-Vulnerabilities/redacted-cartel.md
View file

@ -40,5 +40,39 @@ where `allowance(sender, recipient)` should be `allowance(sender, msg.sender)`.
| spender | `msg.sender` | who is calling `transferFrom()`; the operator; who needs allowance approval |
<br>
[Here](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol) is how OpenZeppelin implements this function for `ERC-20`:
```
function transferFrom(
address from,
address to,
uint256 amount
) public virtual override returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, amount);
_transfer(from, to, amount);
return true;
}
```
where
```
function _spendAllowance(
address owner,
address spender,
uint256 amount
) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
require(currentAllowance >= amount, "ERC20: insufficient allowance");
unchecked {
_approve(owner, spender, currentAllowance - amount);
}
}
}
```