Michael.W基于Foundry精读Openzeppelin第58期——PullPayment.sol
- Michael.W
- 发布于 2024-06-18 10:09
- 阅读 1685
PullPayment库是对Openzeppelin中Escrow库的一种封装。从安全角度看,PullPayment是一对多发送eth的最佳解决方案。它可以防止收款人阻塞发送eth的行为并消除重入问题。
0. 版本
[openzeppelin]:v4.8.3,[forge-std]:v1.5.6
0.1 PullPayment.sol
PullPayment库是对Openzeppelin中Escrow库的一种封装。从安全角度看,PullPayment是一对多发送eth的最佳解决方案。它可以防止收款人阻塞发送eth的行为并消除重入问题。
注:PullPayment也是基于合约安全模式( https://consensys.github.io/smart-contract-best-practices/development-recommendations/general/external-calls/#favor-pull-over-push-for-external-calls[pull-payment] )的一种简单代码实现。付款合约并不会主动同收款人地址交互,而是需要他们自己来提取。
1. 目标合约
继承PullPayment合约:
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "openzeppelin-contracts/contracts/security/PullPayment.sol";
contract MockPullPayment is PullPayment {
event DoWithAsyncTransfer(address payee, uint amount);
function doWithAsyncTransfer(address payee, uint amount) external payable {
_asyncTransfer(payee, amount);
emit DoWithAsyncTransfer(payee, amount);
}
}全部foundry测试合约:
2. 代码精读
2.1 constructor()
主合约部署的时候会自动部署一个Escrow合约。PullPayment只是Escrow的一个wrapper,所有的存取逻辑都在Escrow合约中定义。
注:Escrow是Openzeppelin的一个合约库,详解参见:https://learnblockchain.cn/article/6374
// 中间的资金托管合约
Escrow private immutable _escrow;
constructor() {
// 使用CREATE方式部署资金托管合约
_escrow = new Escrow();
}2.2 _asyncTransfer(address dest, uint256 amount) internal && payments(address dest)
_asyncTransfer(address dest, uint256 amount) internal:付款人将调用该函数锁入amount数量的eth。这部分eth最终可以提取给dest。注:付款人的eth将锁入中间的托管合约,因此资金在提取之前都是安全的;payments(address dest):返回dest当前名下累计的可提取eth数量。
function payments(address dest) public view returns (uint256) {
// 调用Escrow.depositsOf(),返回dest当前名下累计的可提取eth数量
return _escrow.depositsOf(dest);
}
function _asyncTransfer(address dest, uint256 amount) internal virtual {
// 携带数量为amount的eth调用Escrow.deposit(),payee为dest
_escrow.deposit{value: amount}(dest);
}foundry代码验证:
contract PullPaymentTest is Test {
MockPullPayment private _testing;
address private _payee1 = address(1);
address private _payee2 = address(2);
function setUp() external {
_testing = new MockPullPayment();
}
event DoWithAsyncTransfer(address payee, uint amount);
function test_AsyncTransferAndPayments() external {
address testingAddress = address(_testing);
// load the inner escrow contract with the address computed from deployer address and nonce
// note: the nonce in the first contract deployment by a contract is 1
Escrow innerEscrow = Escrow(
computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1)
);
assertEq(address(innerEscrow).balance, 0);
// deposit for payee 1
assertEq(_testing.payments(_payee1), 0);
vm.expectEmit(testingAddress);
emit DoWithAsyncTransfer(_payee1, 100);
_testing.doWithAsyncTransfer{value: 100}(_payee1, 100);
assertEq(_testing.payments(_payee1), 100);
assertEq(address(innerEscrow).balance, 0 + 100);
// revert with depositing to escrow contract directly
vm.expectRevert("Ownable: caller is not the owner");
innerEscrow.deposit{value: 100}(_payee1);
// deposit for payee 2
assertEq(_testing.payments(_payee2), 0);
vm.expectEmit(testingAddress);
emit DoWithAsyncTransfer(_payee2, 101);
_testing.doWithAsyncTransfer{value: 101}(_payee2, 101);
assertEq(_testing.payments(_payee2), 101);
assertEq(address(innerEscrow).balance, 100 + 101);
// revert with depositing to escrow contract directly
vm.expectRevert("Ownable: caller is not the owner");
innerEscrow.deposit{value: 101}(_payee2);
}
}2.3 withdrawPayments(address payable payee)
提取payee名下全部锁存的eth。任何地址都可以调用该方法,但是eth只会转移给payee。这意味着payee本身可以不需要知道PullPayment合约的存在,其他地址仍可替他触发eth的提取操作。
注:将eth转移给payee地址的过程可能会引发重入攻击,请确保payee地址的安全性。亦可通过以下方法抵御重入:
- 代码开发遵循check-effects-interactions模式;
- 使用Openzeppelin的ReentrancyGuard库。
function withdrawPayments(address payable payee) public virtual {
// 调用Escrow.withdraw(),触发提取操作
_escrow.withdraw(payee);
}foundry代码验证:
contract PullPaymentTest is Test {
MockPullPayment private _testing;
address private _payee1 = address(1);
address private _payee2 = address(2);
function setUp() external {
_testing = new MockPullPayment();
}
function test_WithdrawPayments() external {
address testingAddress = address(_testing);
// load the inner escrow contract with the address computed from deployer address and nonce
// note: the nonce in the first contract deployment by a contract is 1
Escrow innerEscrow = Escrow(
computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1)
);
_testing.doWithAsyncTransfer{value: 50}(_payee1, 50);
_testing.doWithAsyncTransfer{value: 100}(_payee2, 100);
assertEq(address(innerEscrow).balance, 50 + 100);
// withdraw the deposited eth to payee 1
assertEq(_payee1.balance, 0);
// revert if withdraw from the escrow directly
vm.expectRevert("Ownable: caller is not the owner");
innerEscrow.withdraw(payable(_payee1));
_testing.withdrawPayments(payable(_payee1));
assertEq(_payee1.balance, 50);
assertEq(address(innerEscrow).balance, 100);
// withdraw the deposited eth to payee 2
assertEq(_payee2.balance, 0);
// revert if withdraw from the escrow directly
vm.expectRevert("Ownable: caller is not the owner");
innerEscrow.withdraw(payable(_payee2));
_testing.withdrawPayments(payable(_payee2));
assertEq(_payee2.balance, 100);
assertEq(address(innerEscrow).balance, 0);
}
}ps: 本人热爱图灵,热爱中本聪,热爱V神。 以下是我个人的公众号,如果有技术问题可以关注我的公众号来跟我交流。 同时我也会在这个公众号上每周更新我的原创文章,喜欢的小伙伴或者老伙计可以支持一下! 如果需要转发,麻烦注明作者。十分感谢!
公众号名称:后现代泼痞浪漫主义奠基人
- 学分: 11
- 分类: Solidity
- 标签: PullPayment OpenZeppelin Foundry
本文参与登链社区写作激励计划 ,好文好收益,欢迎正在阅读的你也加入。
