diff --git a/contracts/Accounts.sol b/contracts/Accounts.sol index 1250de9..046a1ae 100644 --- a/contracts/Accounts.sol +++ b/contracts/Accounts.sol @@ -113,7 +113,6 @@ contract Accounts is Data { external onlyAccountOwner(accountId) { - address addr = accounts[accountId].owner; uint64 balance = accounts[accountId].balance; require(balance >= amount, "insufficient funds"); @@ -121,7 +120,7 @@ contract Accounts is Data { balanceSub(accountId, amount); - token.transfer(addr, amount); + require(token.transfer(msg.sender, amount), "transfer failed"); } /** @@ -135,7 +134,6 @@ contract Accounts is Data { function deposit(uint64 amount, uint256 accountId) external { require(accountId < accounts.length || accountId == NEW_ACCOUNT_FLAG, "invalid accountId"); require(amount > 0, "amount should be positive"); - require(token.transferFrom(msg.sender, address(this), amount), "transfer failed"); if (accountId == NEW_ACCOUNT_FLAG) { // new account @@ -145,6 +143,8 @@ contract Accounts is Data { // existing account balanceAdd(accountId, amount); } + + require(token.transferFrom(msg.sender, address(this), amount), "transfer failed"); } /** diff --git a/package-lock.json b/package-lock.json index 218510b..8a2ae1a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2025,7 +2025,7 @@ }, "browserify-aes": { "version": "1.2.0", - "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", + "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==", "requires": { "buffer-xor": "^1.0.3", @@ -2609,7 +2609,7 @@ }, "create-hash": { "version": "1.2.0", - "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", + "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==", "requires": { "cipher-base": "^1.0.1", @@ -2621,7 +2621,7 @@ }, "create-hmac": { "version": "1.1.7", - "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", + "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==", "requires": { "cipher-base": "^1.0.3", @@ -6877,7 +6877,6 @@ "version": "1.5.0", "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz", "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==", - "dev": true, "requires": { "file-uri-to-path": "1.0.0" } @@ -6899,7 +6898,6 @@ "version": "1.1.5", "resolved": "https://registry.npmjs.org/bip66/-/bip66-1.1.5.tgz", "integrity": "sha1-AfqHSHhcpwlV1QESF9GzE5lpyiI=", - "dev": true, "requires": { "safe-buffer": "^5.0.1" } @@ -8138,7 +8136,6 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/drbg.js/-/drbg.js-1.0.1.tgz", "integrity": "sha1-Pja2xCs3BDgjzbwzLVjzHiRFSAs=", - "dev": true, "requires": { "browserify-aes": "^1.0.6", "create-hash": "^1.1.2", @@ -8857,8 +8854,8 @@ "from": "git+https://github.com/ethereumjs/ethereumjs-abi.git#d84a96796079c8595a0c78accd1e7709f2277215", "dev": true, "requires": { - "bn.js": "^4.10.0", - "ethereumjs-util": "^5.0.0" + "bn.js": "^4.11.8", + "ethereumjs-util": "^6.0.0" } } } @@ -8873,7 +8870,8 @@ "version": "git+https://github.com/ethereumjs/ethereumjs-abi.git#d84a96796079c8595a0c78accd1e7709f2277215", "from": "git+https://github.com/ethereumjs/ethereumjs-abi.git", "requires": { - "bn.js": "^4.11.8" + "bn.js": "^4.11.8", + "ethereumjs-util": "^6.0.0" } }, "ethereumjs-block": { @@ -9050,7 +9048,6 @@ "version": "5.2.0", "resolved": "https://registry.npmjs.org/ethereumjs-util/-/ethereumjs-util-5.2.0.tgz", "integrity": "sha512-CJAKdI0wgMbQFLlLRtZKGcy/L6pzVRgelIZqRqNbuVFM3K9VEnyfbcvz0ncWMRNCe4kaHWjwRYQcYMucmwsnWA==", - "dev": true, "requires": { "bn.js": "^4.11.0", "create-hash": "^1.1.2", @@ -9308,7 +9305,6 @@ "version": "0.1.6", "resolved": "https://registry.npmjs.org/ethjs-util/-/ethjs-util-0.1.6.tgz", "integrity": "sha512-CUnVOQq7gSpDHZVVrQW8ExxUETWrnrvXYvYz55wOU8Uj4VCgw56XC2B/fVqQN+f7gmrnRHSLVnFAwsCuNwji8w==", - "dev": true, "requires": { "is-hex-prefixed": "1.0.0", "strip-hex-prefix": "1.0.0" @@ -9642,8 +9638,7 @@ "file-uri-to-path": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", - "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==", - "dev": true + "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==" }, "filesize": { "version": "3.6.1", @@ -11132,8 +11127,7 @@ "is-hex-prefixed": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-hex-prefixed/-/is-hex-prefixed-1.0.0.tgz", - "integrity": "sha1-fY035q135dEnFIkTxXPggtd39VQ=", - "dev": true + "integrity": "sha1-fY035q135dEnFIkTxXPggtd39VQ=" }, "is-natural-number": { "version": "4.0.1", @@ -11459,7 +11453,6 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/keccak/-/keccak-1.4.0.tgz", "integrity": "sha512-eZVaCpblK5formjPjeTBik7TAg+pqnDrMHIffSvi9Lh7PQgM1+hSzakUeZFCk9DVVG0dacZJuaz2ntwlzZUIBw==", - "dev": true, "requires": { "bindings": "^1.2.1", "inherits": "^2.0.3", @@ -14560,7 +14553,6 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/rlp/-/rlp-2.1.0.tgz", "integrity": "sha512-93U7IKH5j7nmXFVg19MeNBGzQW5uXW1pmCuKY8veeKIhYTE32C2d0mOegfiIAfXcHOKJjjPlJisn8iHDF5AezA==", - "dev": true, "requires": { "safe-buffer": "^5.1.1" } @@ -14676,7 +14668,6 @@ "version": "3.6.2", "resolved": "https://registry.npmjs.org/secp256k1/-/secp256k1-3.6.2.tgz", "integrity": "sha512-90nYt7yb0LmI4A2jJs1grglkTAXrBwxYAjP9bpeKjvJKOjG2fOeH/YI/lchDMIvjrOasd5QXwvV2jwN168xNng==", - "dev": true, "requires": { "bindings": "^1.2.1", "bip66": "^1.1.3", @@ -15342,7 +15333,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/strip-hex-prefix/-/strip-hex-prefix-1.0.0.tgz", "integrity": "sha1-DF8VX+8RUTczd96du1iNoFUA428=", - "dev": true, "requires": { "is-hex-prefixed": "1.0.0" } @@ -16345,8 +16335,8 @@ "from": "git+https://github.com/ethereumjs/ethereumjs-abi.git#d84a96796079c8595a0c78accd1e7709f2277215", "dev": true, "requires": { - "bn.js": "^4.10.0", - "ethereumjs-util": "^5.0.0" + "bn.js": "^4.11.8", + "ethereumjs-util": "^6.0.0" } } } @@ -16361,7 +16351,8 @@ "version": "git+https://github.com/ethereumjs/ethereumjs-abi.git#d84a96796079c8595a0c78accd1e7709f2277215", "from": "git+https://github.com/ethereumjs/ethereumjs-abi.git", "requires": { - "bn.js": "^4.11.8" + "bn.js": "^4.11.8", + "ethereumjs-util": "^6.0.0" } }, "ethereumjs-block": { @@ -20153,7 +20144,7 @@ }, "sha.js": { "version": "2.4.11", - "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", + "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==", "requires": { "inherits": "^2.0.1", diff --git a/package.json b/package.json index 869bcd3..cff4c5a 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "istanbul": "^0.4.5", "solhint": "^2.0.0", "standard": "^12.0.1", - "truffle-hdwallet-provider": "^1.0.6" + "truffle-hdwallet-provider": "1.0.6" }, "standard": { "globals": [ diff --git a/test/test_accounts.js b/test/test_accounts.js index 804d103..3ca2af2 100644 --- a/test/test_accounts.js +++ b/test/test_accounts.js @@ -101,6 +101,17 @@ contract('Accounts', (addr) => { assert.equal(y1 - y0, amount / 2) }) + it('Should reject withdrawals for existing accounts when sender is not the owner', async () => { + const amount = 100 + + await st.approve(bp.address, amount) + await bp.deposit(amount, newAccountFlag) + let id = await bp.getAccountsLength.call() + id = id.toNumber() - 1 + + await catchRevert(bp.withdraw(amount / 2, id, { from: a1 })) + }) + it('Should reject withdrawals for invalid accounts', async () => { const amount = 100