Comments (1)
scott-silver
commented on July 28, 2024
@cylon56 for doTransferIn, you'd want to reverse the normal logic of checks-effects-interactions, right?
for example, in supplyBase, we start by doing the transfer in of base tokens from the from address. this transfer is the opportunity for a malicious token to attempt to take some action/alter some state in a way that we do not intend.
after the transfer, we accrue, update balances, etc, doing all the required checks along the way and reverting if we discover that we're in some unexpected/undesirable state.
this ordering is intentional. if we did it the opposite way, then it would allow the transferIn to take a reentrant action after all of our other checks had run. this seems like it would have a greater potential of allowing a malicious token to take an unexpected action, no?
from comet.
Related Issues (20)
- [N10] Use of Global imports HOT 1
- [N11] Potential front-run HOT 1
- [N13] Repetitive code HOT 1
- [N14] Typos HOT 1
- [N15] Unnecessary return values HOT 1
- [N16] Lack of explicitness on data type sizes HOT 2
- [N17] `PRICE_SCALE` constant is not used HOT 1
- [N18] Wrong value emitted in event
- pauseGuardianSigner is null HOT 1
- Derive asset addresses in deploy script from `configuration.json`
- Addresses in `relations.ts` should be case-insensitive HOT 2
- BulkerScenario.ts should bump supply caps in testing
- Goland SDK client HOT 2
- too many errors
- Missing events
- Spider tool can't crawl base with basic infura key HOT 1
- Update project to use Node.js 18 or 20 LTS (16 was end of life September 2023)
- Spider tool: fails to crawl create2 contracts produced by internal tx HOT 1
- Arbitrum USDT Migration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from comet.