-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add whitelisting to erc20 custody v2 #296
Conversation
Caution Review failedThe pull request is closed. WalkthroughThe changes introduce significant enhancements to several smart contracts, focusing on role management, token whitelisting, and event handling. New functions and events improve security and usability by ensuring that only approved tokens can be managed and interacted with. The updates also refine error handling, making it clearer when operations fail due to access control issues. Overall, these modifications aim to bolster the functionality and robustness of the contracts in managing ERC20 tokens. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant ERC20Custody
participant Token
User->>ERC20Custody: Request to whitelist token
ERC20Custody->>Token: Verify token validity
Token-->>ERC20Custody: Token is valid
ERC20Custody->>ERC20Custody: Update whitelist
ERC20Custody-->>User: Token whitelisted
User->>ERC20Custody: Attempt to withdraw token
ERC20Custody->>ERC20Custody: Check if token is whitelisted
alt Token is whitelisted
ERC20Custody-->>User: Withdrawal successful
else Token is not whitelisted
ERC20Custody-->>User: NotWhitelisted error
end
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## improve-v2-coverage #296 +/- ##
=======================================================
+ Coverage 82.65% 83.09% +0.44%
=======================================================
Files 7 7
Lines 271 284 +13
Branches 85 92 +7
=======================================================
+ Hits 224 236 +12
- Misses 47 48 +1 ☔ View full report in Codecov by Sentry. |
v2/src/evm/ERC20Custody.sol
Outdated
function whitelist(address token) external onlyRole(WHITELISTER_ROLE) { | ||
whitelisted[token] = true; | ||
emit Whitelisted(token); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before whitelisting:
- Check address != address(0).
- Check address is a contract (address.code > 0)
- Also, ideally we would check as well
address.totalSupply()
or any other IERC20 interface method exists.
That way we make sure whitelisted
only contain valid ERC20 contracts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed address point
regarding erc20 interface, there is separate issue for that, lets handle it on codebase level: #239
not sure what is the best way for that, i dont think that check if single method exists is precise enough in theory because we want to check for whole interface, which is more something like supportsInterface
which i think exists on some standrads
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, after some investigation it seems like the best idea: supportsInterface(0x36372b07)
should be it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Summary by CodeRabbit
New Features
WHITELISTER_ROLE
for managing token whitelisting.Whitelisted
andUnwhitelisted
for tracking token status changes.Bug Fixes
NotWhitelisted
andNotWhitelistedInCustody
.Tests