ERC4973 icon indicating copy to clipboard operation
ERC4973 copied to clipboard
verified publisher icon rugpullindex

Is it a problem that `testTakeEOA` and `testGiveEOA` produce the same validation signature?

Open TimDaub opened this issue 3 years ago • 2 comments

see:

  • https://github.com/rugpullindex/ERC4973/blob/bb471bcdc6a5871731566debeab97766e4423bbb/src/ERC4973.t.sol#L407
  • https://github.com/rugpullindex/ERC4973/blob/bb471bcdc6a5871731566debeab97766e4423bbb/src/ERC4973.t.sol#L480

TimDaub avatar Aug 04 '22 14:08 TimDaub

Do you mean from a security perspective? I see that they're the same because the roles are swapped so the active and passive addresses are the same in both tests.

I think that maybe it would be worth renaming the current test to testTakeFromEOA and add a testTakeToEOA. Actually, should the tests cover all these scenarios for both give() and take()?

Active: EOA, Passive: EOA Active: EOA, Passive: Contract
Active: Contract, Passive: EOA Active: Contract, Passive: Contract

ra-phael avatar Aug 23 '22 11:08 ra-phael

related: https://ethereum-magicians.org/t/eip-4973-account-bound-tokens/8825/124?u=timdaub

TimDaub avatar Sep 05 '22 14:09 TimDaub