Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safe Math #37

Merged
merged 1 commit into from
Feb 6, 2021
Merged

Safe Math #37

merged 1 commit into from
Feb 6, 2021
+87 −60

Conversation

Joeysantoro
Copy link
Contributor

Resolves OpenZeppelin audit issues L06, L10, N23 (partially, only for Pool.sol), and N27

@Joeysantoro Joeysantoro added the OZ Fix New A PR dedicated to fix an OpenZeppelin issue label Feb 6, 2021
@Joeysantoro Joeysantoro merged commit 956af03 into POZ-Fixes Feb 6, 2021
Joeysantoro
Joeysantoro commented Feb 6, 2021
View reviewed changes
contracts/oracle/UniswapOracle.sol
@@ -49,13 +51,13 @@ contract UniswapOracle is IUniswapOracle, CoreRef {
(uint price0Cumulative, uint price1Cumulative, uint32 currentTimestamp) =
UniswapV2OracleLibrary.currentCumulativePrices(address(pair));

uint32 deltaTimestamp = currentTimestamp - priorTimestamp;
if(currentTimestamp <= priorTimestamp || deltaTimestamp < duration) {
uint32 deltaTimestamp = currentTimestamp - priorTimestamp; // allowing underflow per Uniswap Oracle spec
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolves L10

contracts/pool/IPool.sol
@@ -69,15 +69,15 @@ interface IPool {

/// @notice the total amount of rewards previously claimed
/// @return the total
function claimedRewards() external view returns(uint128);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolves N23

contracts/pool/IPool.sol

/// @notice the ERC20 staked token
/// @return the IERC20 implementation address
function stakedToken() external view returns(IERC20);

/// @notice the total amount of staked tokens in the contract
/// @return the total
function totalStaked() external view returns(uint128);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolves N23

contracts/refs/UniRef.sol
@@ -183,7 +187,7 @@ abstract contract UniRef is IUniRef, OracleRef {
if (price.lessThanOrEqualTo(peg)) {
return Decimal.zero();
}
Decimal.D256 memory delta = price.sub(peg, "UniRef: price exceeds peg"); // Should never error
Decimal.D256 memory delta = price.sub(peg, "Impossible underflow");
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolves N27

contracts/token/UniswapIncentive.sol
@@ -14,7 +13,7 @@ import "../oracle/IOracle.sol";
contract UniswapIncentive is IUniswapIncentive, UniRef {
using Decimal for Decimal.D256;
using SafeMath32 for uint32;
using SafeMath for uint;
using SafeMathCopy for uint;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prevent collisions from UniRef

Joeysantoro added a commit that referenced this pull request Jul 9, 2021
@Joeysantoro
Merge pull request #37 from fei-protocol/feat-add-typescript
df1fe1c 
Add TypeScript
@kryptoklob kryptoklob deleted the POZ-Safe-Math branch September 19, 2021 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
OZ Fix New A PR dedicated to fix an OpenZeppelin issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Joeysantoro