From 98f672b534fe9779050a535a823c065b51c2bcff Mon Sep 17 00:00:00 2001 From: jakub-wojciechowski Date: Thu, 14 Sep 2017 22:04:34 +0200 Subject: [PATCH 1/2] Make approve method compliant with ERC20 --- contracts/token/StandardToken.sol | 7 ------- 1 file changed, 7 deletions(-) diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index 728fa709991..dfea3597ddf 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -44,13 +44,6 @@ contract StandardToken is ERC20, BasicToken { * @param _value The amount of tokens to be spent. */ function approve(address _spender, uint256 _value) public returns (bool) { - - // To change the approve amount you first have to reduce the addresses` - // allowance to zero by calling `approve(_spender, 0)` if it is not - // already 0 to mitigate the race condition described here: - // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 - // require((_value == 0) || (allowed[msg.sender][_spender] == 0)); - allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); return true; From adfd8fb6a92a72b919db6e7d1fc90059aff29e9f Mon Sep 17 00:00:00 2001 From: jakub-wojciechowski Date: Fri, 15 Sep 2017 12:28:29 +0200 Subject: [PATCH 2/2] Warning in approve method documentation. --- contracts/token/StandardToken.sol | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index dfea3597ddf..12a6ef8429a 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -40,6 +40,11 @@ contract StandardToken is ERC20, BasicToken { /** * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * @param _spender The address which will spend the funds. * @param _value The amount of tokens to be spent. */