-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ERC1363 implementation #4631
Conversation
🦋 Changeset detectedLatest commit: 2c85474 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…-contracts into feat/eip1363-v5.x
NOT DIRECTLY RELATED TO THE PR: I have been looking at some standards such as ERC777 and ERC1363. ERC777 used to be included in OpenZeppelin contract and it got removed. I was wondering why such standards that extend ERC20 to be able to add a call to transfers or approvals is not highly adopted. Since they are backwards compatible, why not use them on new tokens? I am considering to use them but want to learn the reason why others are not using it. Maybe related to complexity, extra work for integrations, security reasons (possible reentrancy in on |
For ERC777: |
This one obviously comes to mind: #2620 |
Thanks a lot for the answers 🙏 |
…-contracts into feat/eip1363-v5.x
Co-authored-by: Ernesto García <[email protected]>
Co-authored-by: Ernesto García <[email protected]>
Co-authored-by: Ernesto García <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀
I missed why it is saying that It reverts if target returns something different than the interface id. (also openzeppelin-contracts/contracts/token/ERC20/extensions/ERC1363.sol Lines 57 to 66 in e86bb45
|
@Amxx @ernestognw I'm not sure about checking ERC20 methods return values. The ERC1363 does not explicitly say that the ERC20 methods MUST succeed. It says:
Below it says:
Maybe logically ok to force checking that the ERC20 methods returned Also regarding ERC1363 returning false, the spec says that methods:
So it is unnecessary to test ERC1363 against returning false as it is out of the standard. |
Yeah but also it doesn't mention they have to be treated as a noop. We concluded that it's more dangerous to allow a noop because an attacker can force a transfer failure and still call the target. This is misleading and may compromise the assumption that the caller is trusted (or always is called after a successful transfer). I also believed it shouldn't be required, but we strive for the most secure implementation out of the box, and I do think this is it.
Yeah. However, that's not the case for I think I'd be open to changing this. It's unclear to me if there's a potential issue arising, but I think reverting is the safest. Compliant tokens will work perfectly using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Morhef
This PR adds the ERC1363 implementation following the v5 guidelines.
It uses inheritdoc whenever is possible and custom errors following the ERC-6093 rationale.
Would like to replace #3525 and #3017 as they are outdated.
Fixes: #3736
Fixes LIB-1181
PR Checklist
npx changeset add
)