audit fix02

2020-12-09 11:20:27 +08:00
parent ca692ee548
commit fc39f709f2
6 changed files with 41 additions and 5 deletions
--- a/contracts/DODOPrivatePool/impl/DPPTrader.sol
+++ b/contracts/DODOPrivatePool/impl/DPPTrader.sol
@@ -122,7 +122,12 @@ contract DPPTrader is DPPVault {
        uint256 quoteAmount,
        address assetTo,
        bytes calldata data
-    ) external preventReentrant {
+    ) 
+        external 
+        preventReentrant 
+        isSellAllow(assetTo)
+        isBuyAllow(assetTo)  
+    {
        _transferBaseOut(assetTo, baseAmount);
        _transferQuoteOut(assetTo, quoteAmount);

--- a/contracts/DODOVendingMachine/impl/DVMStorage.sol
+++ b/contracts/DODOVendingMachine/impl/DVMStorage.sol
@@ -42,7 +42,7 @@ contract DVMStorage is InitializableOwnable, ReentrancyGuard {
    // ============ Shares (ERC20) ============

    string public symbol;
-    uint256 public decimals;
+    uint8 public decimals;
    string public name;

    uint256 public totalSupply;
--- a/contracts/DODOVendingMachine/impl/DVMTrader.sol
+++ b/contracts/DODOVendingMachine/impl/DVMTrader.sol
@@ -103,7 +103,12 @@ contract DVMTrader is DVMVault {
        uint256 quoteAmount,
        address assetTo,
        bytes calldata data
-    ) external preventReentrant {
+    ) 
+        external 
+        preventReentrant 
+        isSellAllow(assetTo)
+        isBuyAllow(assetTo)  
+    {
        _transferBaseOut(assetTo, baseAmount);
        _transferQuoteOut(assetTo, quoteAmount);

--- a/contracts/SmartRoute/DODOV1Proxy01.sol
+++ b/contracts/SmartRoute/DODOV1Proxy01.sol
@@ -32,6 +32,7 @@ contract DODOV1Proxy01 is IDODOV1Proxy01, ReentrancyGuard, Ownable {
    address public immutable _CHI_TOKEN_;
    uint8 public _GAS_DODO_MAX_RETURN_ = 0;
    uint8 public _GAS_EXTERNAL_RETURN_ = 0;
+    mapping (address => bool) public isWhiteListed;

    // ============ Events ============

@@ -71,6 +72,14 @@ contract DODOV1Proxy01 is IDODOV1Proxy01, ReentrancyGuard, Ownable {
        _GAS_EXTERNAL_RETURN_ = newExternalGasReturn;
    }

+    function addWhiteList (address contractAddr) public onlyOwner {
+        isWhiteListed[contractAddr] = true;
+    }
+
+    function removeWhiteList (address contractAddr) public onlyOwner {
+        isWhiteListed[contractAddr] = false;
+    }
+
    function dodoSwapV1(
        address fromToken,
        address toToken,
@@ -80,6 +89,7 @@ contract DODOV1Proxy01 is IDODOV1Proxy01, ReentrancyGuard, Ownable {
        uint8[] memory directions,
        uint256 deadLine
    ) external override payable judgeExpired(deadLine) returns (uint256 returnAmount) {
+        require(dodoPairs.length == directions.length, "DODOV1Proxy01: PARAMS_LENGTH_NOT_MATCH");
        uint256 originGas = gasleft();

        if (fromToken != _ETH_ADDRESS_) {
@@ -159,6 +169,7 @@ contract DODOV1Proxy01 is IDODOV1Proxy01, ReentrancyGuard, Ownable {
            IERC20(_fromToken).universalApproveMax(approveTarget, fromTokenAmount);
        }

+        require(isWhiteListed[to], "DODOV1Proxy01: Not Whitelist Contract");
        (bool success, ) = to.call{value: _fromToken == _ETH_ADDRESS_ ? msg.value : 0}(callDataConcat);

        require(success, "DODOV1Proxy01: Contract Swap execution Failed");
--- a/contracts/SmartRoute/DODOV2Proxy01.sol
+++ b/contracts/SmartRoute/DODOV2Proxy01.sol
@@ -19,8 +19,9 @@ import {UniversalERC20} from "./lib/UniversalERC20.sol";
 import {SafeERC20} from "../lib/SafeERC20.sol";
 import {DecimalMath} from "../lib/DecimalMath.sol";
 import {ReentrancyGuard} from "../lib/ReentrancyGuard.sol";
+import {Ownable} from "../lib/Ownable.sol";

-contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
+contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard, Ownable {
    using SafeMath for uint256;
    using UniversalERC20 for IERC20;

@@ -32,6 +33,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
    address public immutable _DODO_SELL_HELPER_;
    address public immutable _DVM_FACTORY_;
    address public immutable _DPP_FACTORY_;
+    mapping (address => bool) public isWhiteListed;

    // ============ Events ============

@@ -68,6 +70,14 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
        _DODO_SELL_HELPER_ = dodoSellHelper;
    }

+    function addWhiteList (address contractAddr) public onlyOwner {
+        isWhiteListed[contractAddr] = true;
+    }
+
+    function removeWhiteList (address contractAddr) public onlyOwner {
+        isWhiteListed[contractAddr] = false;
+    }
+
    // ============ DVM Functions (create & add liquidity) ============

    function createDODOVendingMachine(
@@ -299,6 +309,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
        judgeExpired(deadLine)
        returns (uint256 returnAmount)
    {
+        require(dodoPairs.length == directions.length, "DODOV2Proxy01: PARAMS_LENGTH_NOT_MATCH");
        uint256 originToTokenBalance = IERC20(toToken).balanceOf(msg.sender);

        IWETH(_WETH_).deposit{value: msg.value}();
@@ -345,6 +356,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
        judgeExpired(deadLine)
        returns (uint256 returnAmount)
    {
+        require(dodoPairs.length == directions.length, "DODOV2Proxy01: PARAMS_LENGTH_NOT_MATCH");
        IDODOApprove(_DODO_APPROVE_).claimTokens(fromToken, msg.sender, dodoPairs[0], fromTokenAmount);

        for (uint256 i = 0; i < dodoPairs.length; i++) {
@@ -390,6 +402,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
        judgeExpired(deadLine)
        returns (uint256 returnAmount)
    {
+        require(dodoPairs.length == directions.length, "DODOV2Proxy01: PARAMS_LENGTH_NOT_MATCH");
        uint256 originToTokenBalance = IERC20(toToken).balanceOf(msg.sender);
        IDODOApprove(_DODO_APPROVE_).claimTokens(fromToken, msg.sender, dodoPairs[0], fromTokenAmount);

@@ -447,6 +460,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
            IERC20(fromToken).universalApproveMax(approveTarget, fromTokenAmount);
        }

+        require(isWhiteListed[to], "DODOV2Proxy01: Not Whitelist Contract");
        (bool success, ) = to.call{value: fromToken == _ETH_ADDRESS_ ? msg.value : 0}(callDataConcat);

        require(success, "DODOV2Proxy01: Contract Swap execution Failed");
@@ -488,6 +502,7 @@ contract DODOV2Proxy01 is IDODOV2Proxy01, ReentrancyGuard {
        judgeExpired(deadLine)
        returns (uint256 returnAmount)
    {
+        require(dodoPairs.length == directions.length, "DODOV2Proxy01: PARAMS_LENGTH_NOT_MATCH");
        _deposit(msg.sender, address(this), fromToken, fromTokenAmount, fromToken == _ETH_ADDRESS_);

        for (uint256 i = 0; i < dodoPairs.length; i++) {
--- a/contracts/lib/DODOMath.sol
+++ b/contracts/lib/DODOMath.sol
@@ -123,7 +123,7 @@ library DODOMath {
        if (k == DecimalMath.ONE) {
            // if k==1
            // Q2=Q1/(1+ideltaBQ1/Q0/Q0)
-            // temp = (1+ideltaBQ1/Q0/Q0)
+            // temp = ideltaBQ1/Q0/Q0
            // Q1-Q2 = Q1*(temp/(1+temp))
            uint256 temp = i.mul(delta).mul(V1).div(V0.mul(V0));
            return V1.mul(temp).div(temp.add(DecimalMath.ONE));