kopia lustrzana https://github.com/bugout-dev/dao
A fix for the mintBatch vulnerability to bypass pool capacity
rodzic
67a8e7953a
commit
12204c47dd
|
@ -386,18 +386,15 @@ contract ERC1155WithTerminusStorage is
|
||||||
|
|
||||||
LibTerminus.TerminusStorage storage ts = LibTerminus.terminusStorage();
|
LibTerminus.TerminusStorage storage ts = LibTerminus.terminusStorage();
|
||||||
|
|
||||||
for (uint256 i = 0; i < ids.length; i++) {
|
|
||||||
require(
|
|
||||||
ts.poolSupply[ids[i]] + amounts[i] <= ts.poolCapacity[ids[i]],
|
|
||||||
"ERC1155WithTerminusStorage: _mintBatch -- Minted tokens would exceed pool capacity"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
address operator = _msgSender();
|
address operator = _msgSender();
|
||||||
|
|
||||||
_beforeTokenTransfer(operator, address(0), to, ids, amounts, data);
|
_beforeTokenTransfer(operator, address(0), to, ids, amounts, data);
|
||||||
|
|
||||||
for (uint256 i = 0; i < ids.length; i++) {
|
for (uint256 i = 0; i < ids.length; i++) {
|
||||||
|
require(
|
||||||
|
ts.poolSupply[ids[i]] + amounts[i] <= ts.poolCapacity[ids[i]],
|
||||||
|
"ERC1155WithTerminusStorage: _mintBatch -- Minted tokens would exceed pool capacity"
|
||||||
|
);
|
||||||
ts.poolSupply[ids[i]] += amounts[i];
|
ts.poolSupply[ids[i]] += amounts[i];
|
||||||
ts.poolBalances[ids[i]][to] += amounts[i];
|
ts.poolBalances[ids[i]][to] += amounts[i];
|
||||||
}
|
}
|
||||||
|
|
|
@ -333,12 +333,16 @@ class TestPoolOperations(TerminusTestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_mint_batch_fails_if_it_exceeds_capacity(self):
|
def test_mint_batch_fails_if_it_exceeds_capacity(self):
|
||||||
|
capacity = 10
|
||||||
|
self.diamond_terminus.create_pool_v1(
|
||||||
|
capacity, True, True, {"from": accounts[1]}
|
||||||
|
)
|
||||||
pool_id = self.diamond_terminus.total_pools()
|
pool_id = self.diamond_terminus.total_pools()
|
||||||
with self.assertRaises(Exception):
|
with self.assertRaises(Exception):
|
||||||
self.diamond_terminus.mint_batch(
|
self.diamond_terminus.mint_batch(
|
||||||
accounts[2].address,
|
accounts[2].address,
|
||||||
pool_i_ds=[pool_id],
|
pool_i_ds=[pool_id, pool_id],
|
||||||
amounts=[11],
|
amounts=[int(capacity / 2) + 1, int(capacity / 2) + 1],
|
||||||
data=b"",
|
data=b"",
|
||||||
transaction_config={"from": accounts[1]},
|
transaction_config={"from": accounts[1]},
|
||||||
)
|
)
|
||||||
|
|
Ładowanie…
Reference in New Issue