From 653294c674be10e6903f4ba48298bb50a2d0178d Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Thu, 25 Jan 2024 19:10:13 +0800 Subject: [PATCH 1/3] Update BridgedERC20Base.sol --- packages/protocol/contracts/tokenvault/BridgedERC20Base.sol | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol index 2aeb37572f7..5c8210e01a2 100644 --- a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol +++ b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol @@ -66,6 +66,7 @@ abstract contract BridgedERC20Base is EssentialContract, IBridgedERC20 { function burn(address account, uint256 amount) public nonReentrant whenNotPaused { if (migratingAddress != address(0) && !migratingInbound) { + if (msg.sender != account) revert BB_PERMISSION_DENIED(); // Outbond migration emit MigratedTo(migratingAddress, account, amount); // Ask the new bridged token to mint token for the user. From cafbecf21baec77dc4a49a83a9551aedff11be44 Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Thu, 25 Jan 2024 19:14:21 +0800 Subject: [PATCH 2/3] fix test --- .../contracts/tokenvault/BridgedERC20Base.sol | 2 +- .../protocol/test/tokenvault/BridgedERC20.t.sol | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol index 5c8210e01a2..eb683bb8d95 100644 --- a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol +++ b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol @@ -66,7 +66,7 @@ abstract contract BridgedERC20Base is EssentialContract, IBridgedERC20 { function burn(address account, uint256 amount) public nonReentrant whenNotPaused { if (migratingAddress != address(0) && !migratingInbound) { - if (msg.sender != account) revert BB_PERMISSION_DENIED(); + if (msg.sender != account && msg.sender != owner()) revert BB_PERMISSION_DENIED(); // Outbond migration emit MigratedTo(migratingAddress, account, amount); // Ask the new bridged token to mint token for the user. diff --git a/packages/protocol/test/tokenvault/BridgedERC20.t.sol b/packages/protocol/test/tokenvault/BridgedERC20.t.sol index 3162437cd63..98bef3c715d 100644 --- a/packages/protocol/test/tokenvault/BridgedERC20.t.sol +++ b/packages/protocol/test/tokenvault/BridgedERC20.t.sol @@ -88,12 +88,23 @@ contract TestBridgedERC20 is TaikoTest { vm.expectRevert(); oldToken.mint(Bob, 10); - // 2. burning can be done by anyone + // 2. burning can NOT be done by anyone vm.prank(randAddress()); + vm.expectRevert(); + oldToken.burn(Bob, 10); + + // but can be done by the token owner + vm.prank(Bob); oldToken.burn(Bob, 10); assertEq(oldToken.balanceOf(Bob), 90); assertEq(newToken.balanceOf(Bob), 210); + // and the token owner + vm.prank(oldToken.owner()); + oldToken.burn(Bob, 10); + assertEq(oldToken.balanceOf(Bob), 80); + assertEq(newToken.balanceOf(Bob), 220); + // Testing newToken // 1. Nobody can mint except the vault vm.prank(Bob); From 235d65ca46188b6ae3e3276c09f11dda32136540 Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Thu, 25 Jan 2024 19:34:35 +0800 Subject: [PATCH 3/3] fix test --- .../contracts/tokenvault/BridgedERC20Base.sol | 2 +- .../protocol/test/tokenvault/BridgedERC20.t.sol | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol index eb683bb8d95..5c8210e01a2 100644 --- a/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol +++ b/packages/protocol/contracts/tokenvault/BridgedERC20Base.sol @@ -66,7 +66,7 @@ abstract contract BridgedERC20Base is EssentialContract, IBridgedERC20 { function burn(address account, uint256 amount) public nonReentrant whenNotPaused { if (migratingAddress != address(0) && !migratingInbound) { - if (msg.sender != account && msg.sender != owner()) revert BB_PERMISSION_DENIED(); + if (msg.sender != account) revert BB_PERMISSION_DENIED(); // Outbond migration emit MigratedTo(migratingAddress, account, amount); // Ask the new bridged token to mint token for the user. diff --git a/packages/protocol/test/tokenvault/BridgedERC20.t.sol b/packages/protocol/test/tokenvault/BridgedERC20.t.sol index 98bef3c715d..26691947ade 100644 --- a/packages/protocol/test/tokenvault/BridgedERC20.t.sol +++ b/packages/protocol/test/tokenvault/BridgedERC20.t.sol @@ -93,18 +93,21 @@ contract TestBridgedERC20 is TaikoTest { vm.expectRevert(); oldToken.burn(Bob, 10); + // including the owners + vm.prank(oldToken.owner()); + vm.expectRevert(); + oldToken.burn(Bob, 10); + + vm.prank(newToken.owner()); + vm.expectRevert(); + oldToken.burn(Bob, 10); + // but can be done by the token owner vm.prank(Bob); oldToken.burn(Bob, 10); assertEq(oldToken.balanceOf(Bob), 90); assertEq(newToken.balanceOf(Bob), 210); - // and the token owner - vm.prank(oldToken.owner()); - oldToken.burn(Bob, 10); - assertEq(oldToken.balanceOf(Bob), 80); - assertEq(newToken.balanceOf(Bob), 220); - // Testing newToken // 1. Nobody can mint except the vault vm.prank(Bob);