[PDB-01M] Arbitrary External Contract Calls #894
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
contracts/protocol/clients/priceDiscovery/BosonPriceDiscovery.sol
Dismissed
Show dismissed
Hide dismissed
contracts/protocol/clients/priceDiscovery/BosonPriceDiscovery.sol
Dismissed
Show dismissed
Hide dismissed
contracts/protocol/clients/priceDiscovery/BosonPriceDiscovery.sol
Dismissed
Show dismissed
Hide dismissed
contracts/protocol/clients/priceDiscovery/BosonPriceDiscovery.sol
Dismissed
Show dismissed
Hide dismissed
contracts/protocol/clients/priceDiscovery/BosonPriceDiscovery.sol
Dismissed
Show dismissed
Hide dismissed
| import { Address } from "@openzeppelin/contracts/utils/Address.sol"; | ||
| import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; | ||
|
|
||
| // import { BosonPriceDiscovery } from "./../clients/priceDiscovery/BosonPriceDiscovery.sol"; |
There was a problem hiding this comment.
remove unused code
| /** | ||
| * @title BosonPriceDiscovery | ||
| * | ||
| * @dev Boson Price Discovery is a external contract that is used to determine the price of an exchange. |
There was a problem hiding this comment.
Suggested change
| * @dev Boson Price Discovery is a external contract that is used to determine the price of an exchange. | |
| * @dev Boson Price Discovery is an external contract that is used to determine the price of an exchange. |
|
|
||
| /** | ||
| * @notice | ||
| * For offers with native exchange token, it is expected the the price discovery contracts will |
There was a problem hiding this comment.
Suggested change
| * For offers with native exchange token, it is expected the the price discovery contracts will | |
| * For offers with native exchange token, it is expected that the price discovery contracts will |
| /** | ||
| * @notice | ||
| * For offers with native exchange token, it is expected the the price discovery contracts will | ||
| * operate with wrapped native token. Set the address of the wrapped native token in the constructor. |
There was a problem hiding this comment.
Suggested change
| * operate with wrapped native token. Set the address of the wrapped native token in the constructor. | |
| * operate with wrapped native token. Sets the address of the wrapped native token in the constructor. |
There was a problem hiding this comment.
I kept that as it was, since it's meant as an instruction for the deployer.
levalleux-ludo
previously approved these changes
Jan 22, 2024
albertfolch-redeemeum
approved these changes
Jan 23, 2024
levalleux-ludo
approved these changes
Jan 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #861
This change moves a part of price discovery logic outside the diamond, effectively creating another boson protocol client.
Since this client does not own any assets, they cannot be stolen from it. The user will always approve only Boson Protocol or external price discovery contract to transfer the vouchers and/or erc20 tokens.
Users can still make arbitrary calls through this client, but since it's outside the boson protocol address, any calls that the client makes will not be directly associated with the boson protocol.