- In RestrictTransferFrom:
- Compare tokenIn with tokenIn from storage
- Correct docstrings
- Recompute storage slots with new names
- Rename transferFromNeeded to isTransferFromAllowed
- Don't track amount spent but subtract from amount allowed
- In TychoRouter: Rename transferFromNeeded to isTransferFromAllowed
Took 32 minutes
This will block an attempt to transfer from the user when we expect the funds to already be in the router.
chores:
- add docs
- in EncodingContext, rename transfer to transfer_type
Took 58 minutes
For organization (and thus safety) purposes.
Rename to RestrictTransferFrom.sol so that we can perform multiple transfer froms (upto an allowance) in the case of split swaps (where the split is the first swap).
TODO: Fix tests.
- Don't use payable(receiver).transfer(amount) and use OpenZeppelin's Address.sendValue instead
- In Univ4Executor send funds to the poolManager and not msg.sender
- In OneTransferFromOnly:
- rename method name
- don't pass the sender but hardcode it to caller() (msg.sender)
- Move marking the transfer as done up (before we actually transfer) to prevent reentrancy attacks
Took 18 minutes
This needs to be calculated before we perform a transferFrom in the router! This worked before since we were doing the transferFroms always from inside the executors.
we will never perform a manual transfer into these protocols, as they require the tokens to be in the router contract in order to perform a transferFrom.
Delete TokenTransfer.sol
Make slither happy
Bugfixes:
- Executors
- Ekubo:
- Fix the POOL_DATA_OFFSET value and remove sender from callback data
- Use SafeERC20
- Maverick and Univ2: Use safeTransfer and not safeTransferFrom
- Univ3: update expected data length
- Univ4: update the selectors (the signature changed)
- Router:
- For split swap we don't need to pass the tokenInReceiver, it should always be the router address
- For single and sequential: change order of the parameters (to be before the permit2 specific objects)
- Encoders:
- Update selector signatures
- For split swap pass the transfer_from (we might not need to if the token in is ETH)
Took 2 hours 51 minutes
The transfer from the user into the router is supposed to happen in the router (we only support this in the executors for callback constrained protocols). This is necessary because of some security concerns that were found in the audit. This way we reduce the space of attack.
- Refactored TransferOptimization not to handle TransferTypes anymore but just return bools.
- Split get_transfer_type into get_transfers and get_in_between_transfer. Updates tests
- Updated the strategies to use this
- Updated function signatures to pass transfer_from and funds_receiver
- Updated SwapEncoders to handle this
- SplitSwapStrategy just assumes all tokens are sent to and from the router at all times
Took 2 hours 46 minutes
