From 7e1e71d25ec378df9e0edc5c30a994eb713ed7ed Mon Sep 17 00:00:00 2001 From: Mark Spanbroek Date: Tue, 28 Jan 2025 15:56:53 +0100 Subject: [PATCH] vault: disallow transfer of flowing tokens --- contracts/vault/VaultBase.sol | 19 +++++++++++++------ test/Vault.tests.js | 10 ++++++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/contracts/vault/VaultBase.sol b/contracts/vault/VaultBase.sol index 9016f46..48553ac 100644 --- a/contracts/vault/VaultBase.sol +++ b/contracts/vault/VaultBase.sol @@ -123,12 +123,19 @@ abstract contract VaultBase { Recipient to, uint128 amount ) internal { - require( - amount <= _balances[controller][context][from].available, - InsufficientBalance() - ); - _balances[controller][context][from].available -= amount; - _balances[controller][context][to].available += amount; + Balance memory senderBalance = _getBalance(controller, context, from); + Balance memory receiverBalance = _getBalance(controller, context, to); + require(amount <= senderBalance.available, InsufficientBalance()); + + senderBalance.available -= amount; + receiverBalance.available += amount; + + Flow memory senderFlow = _flows[controller][context][from]; + Lock memory lock = _locks[controller][context]; + _checkFlowInvariant(senderBalance, lock, senderFlow); + + _balances[controller][context][from] = senderBalance; + _balances[controller][context][to] = receiverBalance; } function _designate( diff --git a/test/Vault.tests.js b/test/Vault.tests.js index 24f7c36..5de8280 100644 --- a/test/Vault.tests.js +++ b/test/Vault.tests.js @@ -588,6 +588,16 @@ describe("Vault", function () { vault.flow(context, sender, receiver, 1) ).to.be.revertedWith("InsufficientBalance") }) + + it("cannot transfer tokens that are flowing", async function () { + await vault.flow(context, sender, receiver, 5) + await expect( + vault.transfer(context, sender, receiver, 500) + ).not.to.be.reverted + await expect( + vault.transfer(context, sender, receiver, 1) + ).to.be.revertedWith("InsufficientBalance") + }) }) }) })