From 7a891eab628b5b1a1fdfbd2da067bc1aeeffe876 Mon Sep 17 00:00:00 2001 From: Sowmayjain Date: Sat, 1 Dec 2018 16:29:13 +0530 Subject: [PATCH 1/2] Added payTo & Claim external CDP feature. --- contracts/protocols/InstaMaker.sol | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/contracts/protocols/InstaMaker.sol b/contracts/protocols/InstaMaker.sol index d34ed81..6601f06 100644 --- a/contracts/protocols/InstaMaker.sol +++ b/contracts/protocols/InstaMaker.sol @@ -41,6 +41,7 @@ interface MakerCDP { function draw(bytes32 cup, uint wad) external; function wipe(bytes32 cup, uint wad) external; function per() external view returns (uint ray); + function lad(bytes32 cup) external view returns (address); } interface PriceInterface { @@ -104,7 +105,7 @@ contract GlobalVar is Registry { contract IssueLoan is GlobalVar { event LockedETH(address borrower, uint lockETH, uint lockPETH, address lockedBy); - event LoanedDAI(address borrower, uint loanDAI); + event LoanedDAI(address borrower, uint loanDAI, address payTo); event NewCDP(address borrower, bytes32 cdpBytes); function pethPEReth(uint ethNum) public view returns (uint rPETH) { @@ -112,9 +113,9 @@ contract IssueLoan is GlobalVar { rPETH = (ethNum.mul(10 ** 27)).div(loanMaster.per()); } - function borrow(uint daiDraw) public payable { + function borrow(uint daiDraw, address beneficiary) public payable { if (msg.value > 0) {lockETH(msg.sender);} - if (daiDraw > 0) {drawDAI(daiDraw);} + if (daiDraw > 0) {drawDAI(daiDraw, beneficiary);} } function lockETH(address borrower) public payable { @@ -134,13 +135,17 @@ contract IssueLoan is GlobalVar { ); } - function drawDAI(uint daiDraw) public { + function drawDAI(uint daiDraw, address beneficiary) public { require(!freezed, "Operation Disabled"); MakerCDP loanMaster = MakerCDP(cdpAddr); loanMaster.draw(cdps[msg.sender], daiDraw); IERC20 daiTkn = IERC20(getAddress("dai")); - daiTkn.transfer(msg.sender, daiDraw); - emit LoanedDAI(msg.sender, daiDraw); + address payTo = msg.sender; + if (payTo != address(0)) { + payTo = beneficiary; + } + daiTkn.transfer(payTo, daiDraw); + emit LoanedDAI(msg.sender, daiDraw, payTo); } } @@ -221,6 +226,7 @@ contract RepayLoan is IssueLoan { contract BorrowTasks is RepayLoan { event TranferCDP(bytes32 cdp, address owner, address nextOwner); + event CDPClaimed(bytes32 cdp, address owner); function transferCDP(address nextOwner) public { require(nextOwner != 0, "Invalid Address."); @@ -230,6 +236,14 @@ contract BorrowTasks is RepayLoan { emit TranferCDP(cdps[msg.sender], msg.sender, nextOwner); } + function claimCDP(uint cdpNum) public { + bytes32 cdpBytes = bytes32(cdpNum); + MakerCDP loanMaster = MakerCDP(cdpAddr); + address cdpOwner = loanMaster.lad(cdpBytes); + cdps[cdpOwner] = cdpBytes; + emit CDPClaimed(cdpBytes, msg.sender); + } + function getETHRate() public view returns (uint) { PriceInterface ethRate = PriceInterface(getAddress("ethfeed")); bytes32 ethrate; From da9581f6431f0ed8f2f6cecbf647141e66d7f0f7 Mon Sep 17 00:00:00 2001 From: Sowmayjain Date: Sat, 1 Dec 2018 16:40:51 +0530 Subject: [PATCH 2/2] Fixed a very vulnerable bug. --- contracts/protocols/InstaMaker.sol | 1 + 1 file changed, 1 insertion(+) diff --git a/contracts/protocols/InstaMaker.sol b/contracts/protocols/InstaMaker.sol index 6601f06..a8eb119 100644 --- a/contracts/protocols/InstaMaker.sol +++ b/contracts/protocols/InstaMaker.sol @@ -240,6 +240,7 @@ contract BorrowTasks is RepayLoan { bytes32 cdpBytes = bytes32(cdpNum); MakerCDP loanMaster = MakerCDP(cdpAddr); address cdpOwner = loanMaster.lad(cdpBytes); + require(cdps[cdpOwner] == blankCDP, "More than 1 CDP is not allowed."); cdps[cdpOwner] = cdpBytes; emit CDPClaimed(cdpBytes, msg.sender); }