Security checks in MoatAsset

2024-07-29 22:47:45 +00:00 · 2018-10-26 01:12:48 +05:30 · 2018-10-26 01:12:48 +05:30 · 7603c59840
commit 7603c59840
parent 34bde065b8
3 changed files with 27 additions and 139 deletions
--- a/contracts/MoatAsset.sol
+++ b/contracts/MoatAsset.sol
@ -1,6 +1,5 @@
 // Allow ERC20 deposits
 // withdraw the extra assets other than global balance (in case anyone donated for free) and then no need for seperate brokerage calculation
-// IMPORTANT CHECK - how the balance of tokens with less than 18 decimals are stored. Factor it.
+// IMPORTANT CHECK - decimals() - how the balance of tokens with less than 18 decimals are stored. Factor it.
 // update the balance along with "transferAssets" functions and also check the for onlyAllowedResolver
 pragma solidity ^0.4.24;
@ -50,6 +49,7 @@ contract AssetDB is Registry {
    // AssetOwner >> TokenAddress >> Balance (as per respective decimals)
    mapping(address => mapping(address => uint)) balances;
    // mapping(address => uint) globalBalance;
    address eth = 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee;
    function getBalance(
@ -63,43 +63,49 @@ contract AssetDB is Registry {
    function deposit(address tknAddr, uint amount) public payable {
        if (msg.value > 0) {
            balances[msg.sender][eth] += msg.value;
            // globalBalance[eth] += msg.value;
        } else {
            token tokenFunctions = token(tknAddr);
            tokenFunctions.transferFrom(msg.sender, address(this), amount);
-            balances[msg.sender][eth] += msg.value;
+            balances[msg.sender][tknAddr] += amount;
            // globalBalance[tknAddr] += amount;
        }
    }
-    function withdraw(address addr, uint amt) public {
+    function withdraw(address tknAddr, uint amount) public {
-        require(balances[msg.sender][addr] >= amt, "Insufficient Balance");
+        require(balances[msg.sender][tknAddr] >= amount, "Insufficient Balance");
-        balances[msg.sender][addr] -= amt;
+        balances[msg.sender][tknAddr] -= amount;
-        if (addr == eth) {
+        // globalBalance[tknAddr] -= amount;
-            msg.sender.transfer(amt);
+        if (tknAddr == eth) {
            msg.sender.transfer(amount);
        } else {
-            token tokenFunctions = token(addr);
+            token tokenFunctions = token(tknAddr);
-            tokenFunctions.transfer(msg.sender, amt);
+            tokenFunctions.transfer(msg.sender, amount);
        }
    }
    function updateBalance(
        address tokenAddr,
-        uint amt,
+        uint amount,
        bool add,
        address user
    ) public onlyAllowedResolver(user)
    {
        if (add) {
-            balances[user][tokenAddr] += amt;
+            balances[user][tokenAddr] += amount;
            // globalBalance[tokenAddr] += amount;
        } else {
-            balances[user][tokenAddr] -= amt;
+            balances[user][tokenAddr] -= amount;
            // globalBalance[tokenAddr] -= amount;
        }
    }
-    function transferAssets(
+    function moveAssets(
        address tokenAddress,
        uint amount,
-        address sendTo
+        address sendTo,
-    ) public onlyAllowedResolver 
+        address user
    ) public onlyAllowedResolver(user)
    {
        if (tokenAddress == eth) {
            sendTo.transfer(amount);
@ -107,6 +113,8 @@ contract AssetDB is Registry {
            token tokenFunctions = token(tokenAddress);
            tokenFunctions.transfer(sendTo, amount);
        }
        balances[user][tokenAddress] -= amount;
        // globalBalance[tokenAddress] -= amount;
    }
 }
@ -118,9 +126,6 @@ contract MoatAsset is AssetDB {
        registryAddress = rAddr;
    }
-    // emit an event atleast
+    function () public payable {}
    function () public payable {
        deposit(eth);
    }
 }
--- a/contracts/MoatResolver.sol
+++ b/contracts/MoatResolver.sol
@ -1,121 +1,4 @@
 // Global Freeze Variable
 // no more than 10 ETH allowed as of now
 // withdraw store the 0.5% on the contract itself and can be withdrawn by admin addresses
-
+// https://bitbucket.org/Sowmay/resolver-dex/src/master/contracts/MoatResolver.sol
 pragma solidity ^0.4.24;
 interface token {
    function approve(address spender, uint256 value) external returns (bool);
    function transfer(address receiver, uint amount) external returns (bool);
    function balanceOf(address who) external returns(uint256);
 }
 interface AddressRegistry {
    function getAddr(string AddrName) external returns(address);
 }
 contract Registry {
    address public RegistryAddress;
    modifier onlyAdmin() {
        require(
            msg.sender == getAddress("admin"),
            "Permission Denied"
        );
        _;
    }
    function getAddress(string AddressName) internal view returns(address) {
        AddressRegistry aRegistry = AddressRegistry(RegistryAddress);
        address realAddress = aRegistry.getAddr(AddressName);
        require(realAddress != address(0), "Invalid Address");
        return realAddress;
    }
 }
 interface Kyber {
    function trade(
        address src,
        uint srcAmount,
        address dest,
        address destAddress,
        uint maxDestAmount,
        uint minConversionRate,
        address walletId
    ) external payable returns (uint);
 }
 interface MoatAsset {
    function getBalance(address AssetHolder, address Token) external view returns (uint256 balance);
    function TransferAssets(address tokenAddress, uint amount, address sendTo) external;
    function UpdateBalance(address tokenAddr, uint amt, bool add, address target) external;
 }
 contract KyberTrade is Registry {
    event eKyber(address src, address dest, uint weiAmt, uint srcAmt);
    function ExecuteTrade(
        uint weiAmt,
        address src,
        address dest,
        uint srcAmt,
        uint slipRate
    ) public {
        MoatAsset MAFunctions = MoatAsset(getAddress("asset"));
        // Balance check
        uint UserBalance = MAFunctions.getBalance(msg.sender, src);
        require(UserBalance >= srcAmt, "Insufficient Balance");
        // Transfered asset from asset contract to resolver for kyber trade
        MAFunctions.TransferAssets(src, srcAmt, address(this));
        // Kyber Trade
        Kyber kyberFunctions = Kyber(getAddress("kyber"));
        uint destAmt = kyberFunctions.trade.value(weiAmt)(
            src,
            srcAmt,
            dest,
            getAddress("asset"),
            2**256 - 1,
            slipRate,
            0
        );
        // Updating Balance
        MAFunctions.UpdateBalance(src, srcAmt, false, msg.sender);
        MAFunctions.UpdateBalance(dest, destAmt, true, msg.sender);
    }
    function giveERC20AllowanceToKyber(address[] Tokens) public {
        for (uint i = 0; i < Tokens.length; i++) {
            token tokenFunctions = token(Tokens[i]);
            tokenFunctions.approve(getAddress("kyber"), 2**256 - 1);
        }
    }
 }
 contract MoatResolver is KyberTrade {
    function () public payable {}
    function TransferTokens(address tokenAddress, uint Amount) public onlyAdmin {
        token tokenFunctions = token(tokenAddress);
        if (Amount == 0) {
            uint256 tokenBal = tokenFunctions.balanceOf(address(this));
        } else {
            tokenBal = Amount;
        }
        tokenFunctions.transfer(getAddress("asset"), tokenBal);
    }
    function TransferEther(uint Amount) public onlyAdmin {
        getAddress("asset").transfer(Amount);
    }
    constructor(address rAddr) public {
        RegistryAddress = rAddr;
    }
 }
--- a/contracts/protocols/MoatMaker.sol
+++ b/contracts/protocols/MoatMaker.sol
@ -1,7 +1,7 @@
 // get back the ownership of CDP
 // mechanism to transfer an existing CDP (2 txn process)
 // factor the WETH to PETH conversion rate - https://chat.makerdao.com/direct/Sean
-// run an event after changing the CDP ownership
+// run an event after eveything which change the DApp info like changing the CDP ownership
 // implement repay loan function
 pragma solidity 0.4.24;