Comments (5)
Hi @frangio
You are 100% correct. A thousand apologies.
I'll tell you exactly what happened. When I refreshed my remix session, in my browser, the environment defaulted to "JavaScript VM (London)", with out me noticing. I intended to have the environment connected to Ropsten via MetaMask at all times.
I seemed to be able to transfer ERC20 tokens on the contract I deployed; even when changing between external accounts in MetaMask. This seemed very odd to me and I was concerned that there was some underlying issue. Now I understand that remix was not even acknowledging MetaMask and I was transacting as the same single account in the JavaScript VM (London) environment. Again, a thousand apologies and sorry for taking up your valuable time.
As you say the transfer function is fundamentally only able to transfer tokens if the msg.sender actually has tokens to transfer.
I have to own, both, my correctness and my blunders, right? :)
Thanks again for your time.
Kind regards
Tim
from contracts-wizard.
Thanks for bringing this up! I've noticed it as well.
The issue is that toggling "Ownable" doesn't really mean "add Ownable" but "add Ownable if any of the above selected features require access control".
The design definitely doesn't convey that.
I'm thinking the access control section should be more like the upgradeability section where there is a toggle at the top and if enabled then there are the two choices.
from contracts-wizard.
Hi @frangio
Ah, I see. So for example when I click "mintable" it automatically adds "ownable" because the "ownable" radio button is selected.
Yes I completely agree, there could be a toggle beside the heading "access control".
If a user switches the toggle on then the user has the choice of either "ownable" or "roles" (the default being "ownable").
As the Wizard currently sits, a project and/or user may deploy their ERC20 contract with the following settings (minting a million tokens in the constructor and thinking that "ownable" is implemented somewhere in the inheritance).
The project will then be surprised to find out that any external account address can instantiate their contract and then easily transfer all of the project's tokens out of the project's ERC20 contract.
from contracts-wizard.
But I don't really understand why you mention transfer. Ownable is not meant to affect the transfer function. Transfer is native to ERC20 and anyone with balance can transfer their own tokens.
What is exactly the thing a project would be surprised with?
from contracts-wizard.
I don't think there are any more actionables in this issue.
from contracts-wizard.
Related Issues (20)
- Grant roles or owner using constructor arguments HOT 4
- ERC721 safeMint should return the tokenId HOT 4
- Link readme image to wizard.openzeppelin.com HOT 2
- Update Cairo formatting
- Governor redundant overrides
- Highlight differences when changing features
- Consider adding Governor and Votes clock options
- Add html meta description for wizard.openzeppelin.com HOT 1
- Error: spawn yarn ENOENT
- NPM package has unspecified dependency on @openzeppelin/contracts
- Can't resolve '../openzeppelin-contracts' in `wizard` 0.2.2 HOT 2
- ERC20 Premint field has no upper bound
- Invalid contracts generated for @openzeppelin/contracts 4.9.0 HOT 1
- Use package entry points for core
- Enable ERC20Permit by default HOT 7
- Use token-specific pausable extensions HOT 1
- add required OpenZeppelin Contracts version as a comment ? HOT 1
- Copy to Clipboard not working from docs site HOT 1
- Use Cairo specific highlighting for Cairo 1+
- Provide better feedback in UI when input is invalid
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from contracts-wizard.