Michael.W基于Foundry精读Openzeppelin第58期——PullPayment.sol

  • Michael.W
  • 更新于 2024-06-18 10:09
  • 阅读 734

PullPayment库是对Openzeppelin中Escrow库的一种封装。从安全角度看,PullPayment是一对多发送eth的最佳解决方案。它可以防止收款人阻塞发送eth的行为并消除重入问题。

0. 版本

[openzeppelin]:v4.8.3,[forge-std]:v1.5.6

0.1 PullPayment.sol

Github: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.8.3/contracts/security/PullPayment.sol

PullPayment库是对Openzeppelin中Escrow库的一种封装。从安全角度看,PullPayment是一对多发送eth的最佳解决方案。它可以防止收款人阻塞发送eth的行为并消除重入问题。

注:PullPayment也是基于合约安全模式( https://consensys.github.io/smart-contract-best-practices/development-recommendations/general/external-calls/#favor-pull-over-push-for-external-calls[pull-payment] )的一种简单代码实现。付款合约并不会主动同收款人地址交互,而是需要他们自己来提取。

1. 目标合约

继承PullPayment合约:

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/src/security/MockPullPayment.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "openzeppelin-contracts/contracts/security/PullPayment.sol";

contract MockPullPayment is PullPayment {
    event DoWithAsyncTransfer(address payee, uint amount);

    function doWithAsyncTransfer(address payee, uint amount) external payable {
        _asyncTransfer(payee, amount);
        emit DoWithAsyncTransfer(payee, amount);
    }
}

全部foundry测试合约:

Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/security/PullPayment.t.sol

2. 代码精读

2.1 constructor()

主合约部署的时候会自动部署一个Escrow合约。PullPayment只是Escrow的一个wrapper,所有的存取逻辑都在Escrow合约中定义。

注:Escrow是Openzeppelin的一个合约库,详解参见:https://learnblockchain.cn/article/6374

    // 中间的资金托管合约
    Escrow private immutable _escrow;

    constructor() {
        // 使用CREATE方式部署资金托管合约
        _escrow = new Escrow();
    }

2.2 _asyncTransfer(address dest, uint256 amount) internal && payments(address dest)

  • _asyncTransfer(address dest, uint256 amount) internal:付款人将调用该函数锁入amount数量的eth。这部分eth最终可以提取给dest。注:付款人的eth将锁入中间的托管合约,因此资金在提取之前都是安全的;
  • payments(address dest):返回dest当前名下累计的可提取eth数量。
    function payments(address dest) public view returns (uint256) {
        // 调用Escrow.depositsOf(),返回dest当前名下累计的可提取eth数量
        return _escrow.depositsOf(dest);
    }

    function _asyncTransfer(address dest, uint256 amount) internal virtual {
        // 携带数量为amount的eth调用Escrow.deposit(),payee为dest
        _escrow.deposit{value: amount}(dest);
    }

foundry代码验证:

contract PullPaymentTest is Test {
    MockPullPayment private _testing;
    address private _payee1 = address(1);
    address private _payee2 = address(2);

    function setUp() external {
        _testing = new MockPullPayment();
    }

    event DoWithAsyncTransfer(address payee, uint amount);

    function test_AsyncTransferAndPayments() external {
        address testingAddress = address(_testing);

        // load the inner escrow contract with the address computed from deployer address and nonce
        // note: the nonce in the first contract deployment by a contract is 1
        Escrow innerEscrow = Escrow(
            computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1)
        );

        assertEq(address(innerEscrow).balance, 0);

        // deposit for payee 1
        assertEq(_testing.payments(_payee1), 0);

        vm.expectEmit(testingAddress);
        emit DoWithAsyncTransfer(_payee1, 100);
        _testing.doWithAsyncTransfer{value: 100}(_payee1, 100);

        assertEq(_testing.payments(_payee1), 100);
        assertEq(address(innerEscrow).balance, 0 + 100);

        // revert with depositing to escrow contract directly
        vm.expectRevert("Ownable: caller is not the owner");
        innerEscrow.deposit{value: 100}(_payee1);

        // deposit for payee 2
        assertEq(_testing.payments(_payee2), 0);

        vm.expectEmit(testingAddress);
        emit DoWithAsyncTransfer(_payee2, 101);
        _testing.doWithAsyncTransfer{value: 101}(_payee2, 101);

        assertEq(_testing.payments(_payee2), 101);
        assertEq(address(innerEscrow).balance, 100 + 101);

        // revert with depositing to escrow contract directly
        vm.expectRevert("Ownable: caller is not the owner");
        innerEscrow.deposit{value: 101}(_payee2);
    }
}

2.3 withdrawPayments(address payable payee)

提取payee名下全部锁存的eth。任何地址都可以调用该方法,但是eth只会转移给payee。这意味着payee本身可以不需要知道PullPayment合约的存在,其他地址仍可替他触发eth的提取操作。

注:将eth转移给payee地址的过程可能会引发重入攻击,请确保payee地址的安全性。亦可通过以下方法抵御重入:

  1. 代码开发遵循check-effects-interactions模式;
  2. 使用Openzeppelin的ReentrancyGuard库。
    function withdrawPayments(address payable payee) public virtual {
        // 调用Escrow.withdraw(),触发提取操作
        _escrow.withdraw(payee);
    }

foundry代码验证:

contract PullPaymentTest is Test {
    MockPullPayment private _testing;
    address private _payee1 = address(1);
    address private _payee2 = address(2);

    function setUp() external {
        _testing = new MockPullPayment();
    }

    function test_WithdrawPayments() external {
        address testingAddress = address(_testing);

        // load the inner escrow contract with the address computed from deployer address and nonce
        // note: the nonce in the first contract deployment by a contract is 1
        Escrow innerEscrow = Escrow(
            computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1)
        );

        _testing.doWithAsyncTransfer{value: 50}(_payee1, 50);
        _testing.doWithAsyncTransfer{value: 100}(_payee2, 100);
        assertEq(address(innerEscrow).balance, 50 + 100);

        // withdraw the deposited eth to payee 1
        assertEq(_payee1.balance, 0);
        // revert if withdraw from the escrow directly
        vm.expectRevert("Ownable: caller is not the owner");
        innerEscrow.withdraw(payable(_payee1));

        _testing.withdrawPayments(payable(_payee1));
        assertEq(_payee1.balance, 50);
        assertEq(address(innerEscrow).balance, 100);

        // withdraw the deposited eth to payee 2
        assertEq(_payee2.balance, 0);
        // revert if withdraw from the escrow directly
        vm.expectRevert("Ownable: caller is not the owner");
        innerEscrow.withdraw(payable(_payee2));

        _testing.withdrawPayments(payable(_payee2));
        assertEq(_payee2.balance, 100);
        assertEq(address(innerEscrow).balance, 0);
    }
}

ps: 本人热爱图灵,热爱中本聪,热爱V神。 以下是我个人的公众号,如果有技术问题可以关注我的公众号来跟我交流。 同时我也会在这个公众号上每周更新我的原创文章,喜欢的小伙伴或者老伙计可以支持一下! 如果需要转发,麻烦注明作者。十分感谢!

1.jpeg

公众号名称:后现代泼痞浪漫主义奠基人

点赞 0
收藏 0
分享
本文参与登链社区写作激励计划 ,好文好收益,欢迎正在阅读的你也加入。

0 条评论

请先 登录 后评论
Michael.W
Michael.W
0x93E7...0000
狂热的区块链爱好者