From d2f8761d9e5c4c14b4375529e7fb2489ba6a6cde Mon Sep 17 00:00:00 2001 From: jakub-wojciechowski Date: Thu, 14 Sep 2017 22:04:34 +0200 Subject: [PATCH 1/2] Make approve method compliant with ERC20 --- contracts/token/ERC20.sol | 2 +- contracts/token/StandardToken.sol | 9 +-------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/contracts/token/ERC20.sol b/contracts/token/ERC20.sol index 9516ba82d77..0b1f3de9b98 100644 --- a/contracts/token/ERC20.sol +++ b/contracts/token/ERC20.sol @@ -11,6 +11,6 @@ import './ERC20Basic.sol'; contract ERC20 is ERC20Basic { function allowance(address owner, address spender) constant returns (uint256); function transferFrom(address from, address to, uint256 value) returns (bool); - function approve(address spender, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool success); event Approval(address indexed owner, address indexed spender, uint256 value); } diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index f5cf58fc261..3a18f9ce0bc 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -43,14 +43,7 @@ contract StandardToken is ERC20, BasicToken { * @param _spender The address which will spend the funds. * @param _value The amount of tokens to be spent. */ - function approve(address _spender, uint256 _value) returns (bool) { - - // To change the approve amount you first have to reduce the addresses` - // allowance to zero by calling `approve(_spender, 0)` if it is not - // already 0 to mitigate the race condition described here: - // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 - require((_value == 0) || (allowed[msg.sender][_spender] == 0)); - + function approve(address _spender, uint256 _value) returns (bool success) { allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); return true; From 79c3626a134e4c9d94e46bbb70d1b476e9a5182a Mon Sep 17 00:00:00 2001 From: jakub-wojciechowski Date: Fri, 15 Sep 2017 12:28:29 +0200 Subject: [PATCH 2/2] Warning in approve method documentation. --- contracts/token/StandardToken.sol | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contracts/token/StandardToken.sol b/contracts/token/StandardToken.sol index 3a18f9ce0bc..ba00ca728b5 100644 --- a/contracts/token/StandardToken.sol +++ b/contracts/token/StandardToken.sol @@ -40,6 +40,11 @@ contract StandardToken is ERC20, BasicToken { /** * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * @param _spender The address which will spend the funds. * @param _value The amount of tokens to be spent. */