Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add handling for max uint256 amount in withdrawERC20 #333

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

ylv-io
Copy link
Collaborator

@ylv-io ylv-io commented Dec 23, 2024

Description

Type of change

  • Bug fix
  • New feature
  • Breaking change
  • Dependency changes
  • Deployment
  • Forge Script
  • Code refactor / cleanup
  • Documentation or wording changes
  • Other

Checklist:

  • The diff is legible and has no extraneous changes
  • Complex code has been commented, including external interfaces
  • Tests have 100% code coverage
  • The base branch is either main, or there's a description of how to merge

Issue Resolution

Copy link

openzeppelin-code bot commented Dec 23, 2024

Add handling for max uint256 amount in withdrawERC20

Generated at commit: a095fea86ca0edd8016f60a58f39a0c2a01a56ed

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total
4
2
0
12
39
57
Dependencies Critical
High
Medium
Low
Note
Total
0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

Copy link

github-actions bot commented Dec 24, 2024

Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

unchecked-transfer

Impact: High
Confidence: Medium

function withdraw(address asset, uint256 amount) public returns (uint256) {
address pool = poolAddressProvider.getPool();
// If amount is max uint256, withdraw all available
if (amount == type(uint256).max) {
amount = IERC20(IAavePool(pool).getReserveData(asset).aTokenAddress).balanceOf(address(this));
}
// Withdraw from Aave
IAavePool(pool).withdraw(asset, amount, address(this));
// Send the fee to the Safe
uint256 fee = amount * FEE / 1e18;
IERC20(asset).transfer(safe, fee);
return amount - fee;
}

Copy link

codecov bot commented Dec 24, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.63%. Comparing base (20d6a0d) to head (a095fea).
Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #333      +/-   ##
==========================================
+ Coverage   88.56%   88.63%   +0.06%     
==========================================
  Files          41       41              
  Lines        2502     2517      +15     
==========================================
+ Hits         2216     2231      +15     
  Misses        286      286              
Files with missing lines Coverage Δ
src/access/workflows/AaveWithdrawWorkflow.sol 100.00% <100.00%> (ø)
src/access/workflows/WithdrawWorkflow.sol 95.23% <100.00%> (+5.23%) ⬆️


/* ============ Constructor ============ */

/**
* @notice Initializes the contract with Aave's pool address provider
* @param poolAddressProvider_ The address of Aave's pool address provider
*/
constructor(address poolAddressProvider_, address bridger_) {
constructor(address poolAddressProvider_, address bridger_, address safe_) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to change the fee we will just upgrade?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants