tezos-academy icon indicating copy to clipboard operation
tezos-academy copied to clipboard

Published 20 hours ago verified publisher icon octo-technology

Critical bug in FA1.2 impl

Open tomjack opened this issue 3 years ago • 1 comments

Hello, I noticed a critical bug in the Pascaligo FA1.2 example contract:

unction isAllowed ( const src : address ; const value : amt ; var s : contract_storage) : bool is
  begin
    var allowed: bool := False;
    if sender =/= source then block {
      const src: account = get_force(src, s.ledger);
      const allowanceAmount: amt = get_force(sender, src.allowances);
      allowed := allowanceAmount >= value;
    };
    else allowed := True;
  end with allowed

The code sender =/= source should read sender =/= src.

(I will attempt to get LIGO to finally remove the terrible source operator...)

tomjack avatar Mar 09 '21 15:03 tomjack

I just noticed that this example comes from the LIGO repository! Sorry!

I guess maybe it used to be exposed in the "try LIGO" website?

I will delete the example from the LIGO repository...

tomjack avatar Mar 10 '21 17:03 tomjack