kopia lustrzana https://github.com/bugout-dev/dao
A fix for the mintBatch vulnerability to bypass pool capacity
rodzic
67a8e7953a
commit
12204c47dd
|
@ -386,18 +386,15 @@ contract ERC1155WithTerminusStorage is
|
|||
|
||||
LibTerminus.TerminusStorage storage ts = LibTerminus.terminusStorage();
|
||||
|
||||
for (uint256 i = 0; i < ids.length; i++) {
|
||||
require(
|
||||
ts.poolSupply[ids[i]] + amounts[i] <= ts.poolCapacity[ids[i]],
|
||||
"ERC1155WithTerminusStorage: _mintBatch -- Minted tokens would exceed pool capacity"
|
||||
);
|
||||
}
|
||||
|
||||
address operator = _msgSender();
|
||||
|
||||
_beforeTokenTransfer(operator, address(0), to, ids, amounts, data);
|
||||
|
||||
for (uint256 i = 0; i < ids.length; i++) {
|
||||
require(
|
||||
ts.poolSupply[ids[i]] + amounts[i] <= ts.poolCapacity[ids[i]],
|
||||
"ERC1155WithTerminusStorage: _mintBatch -- Minted tokens would exceed pool capacity"
|
||||
);
|
||||
ts.poolSupply[ids[i]] += amounts[i];
|
||||
ts.poolBalances[ids[i]][to] += amounts[i];
|
||||
}
|
||||
|
|
|
@ -333,12 +333,16 @@ class TestPoolOperations(TerminusTestCase):
|
|||
)
|
||||
|
||||
def test_mint_batch_fails_if_it_exceeds_capacity(self):
|
||||
capacity = 10
|
||||
self.diamond_terminus.create_pool_v1(
|
||||
capacity, True, True, {"from": accounts[1]}
|
||||
)
|
||||
pool_id = self.diamond_terminus.total_pools()
|
||||
with self.assertRaises(Exception):
|
||||
self.diamond_terminus.mint_batch(
|
||||
accounts[2].address,
|
||||
pool_i_ds=[pool_id],
|
||||
amounts=[11],
|
||||
pool_i_ds=[pool_id, pool_id],
|
||||
amounts=[int(capacity / 2) + 1, int(capacity / 2) + 1],
|
||||
data=b"",
|
||||
transaction_config={"from": accounts[1]},
|
||||
)
|
||||
|
|
Ładowanie…
Reference in New Issue