From 126a6a1dbf3f952a90a54fa67ab3f8612a6fc261 Mon Sep 17 00:00:00 2001
From: Jordi Baylina <jordi@baylina.cat>
Date: Sun, 11 Dec 2016 18:37:52 +0100
Subject: [PATCH] Fix race condition on approve

---
 MiniMeToken.sol            |  6 ++++++
 test/minimetoken_normal.js | 30 +++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/MiniMeToken.sol b/MiniMeToken.sol
index f23742e..cf1cfd0 100644
--- a/MiniMeToken.sol
+++ b/MiniMeToken.sol
@@ -208,6 +208,12 @@ contract MiniMeToken is Controlled {
     /// @return True if the approval was successful
     function approve(address _spender, uint256 _amount) returns (bool success) {
         if (!transfersEnabled) throw;
+
+        // To change the approve amount you first have to reduce the addresses´
+        // allowance to zero by calling `approve(_spender,0)` if it is not
+        // already 0 https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
+        if ((_amount!=0) && (allowed[msg.sender][_spender] !=0)) throw;
+
         allowed[msg.sender][_spender] = _amount;
         Approval(msg.sender, _spender, _amount);
         return true;
diff --git a/test/minimetoken_normal.js b/test/minimetoken_normal.js
index c9942d9..2c01b92 100644
--- a/test/minimetoken_normal.js
+++ b/test/minimetoken_normal.js
@@ -101,7 +101,17 @@ describe('MiniMeToken test', function(){
     it('Should transfer tokens from address 1 to address 2', function(done) {
         this.timeout(2000);
         async.series([
-
+            function(cb) {
+                miniMeToken.transfer.estimateGas(ethConnector.accounts[2], ethConnector.web3.toWei(2), {
+                    from: ethConnector.accounts[1],
+                    gas: 200000},
+                    function(err, res) {
+                        assert.ifError(err);
+                        log("Gas for transfer: "+res);
+                        cb();
+                    }
+                );
+            },
             function(cb) {
                 miniMeToken.transfer(ethConnector.accounts[2], ethConnector.web3.toWei(2), {
                     from: ethConnector.accounts[1],
@@ -313,6 +323,24 @@ describe('MiniMeToken test', function(){
     it('Should Create the clone token', function(done) {
         this.timeout(200000000);
         async.series([
+            function(cb) {
+                miniMeToken.createCloneToken.estimateGas(
+                    "Clone Token 1",
+                    18,
+                    "MMTc",
+                    Number.MAX_SAFE_INTEGER,
+                    true,
+                    {
+                        from: ethConnector.accounts[3],
+                        gas: 4700000
+                    },
+                    function(err, res) {
+                        assert.ifError(err);
+                        log("Gas to create: " +res);
+                        cb();
+                    }
+                );
+            },
             function(cb) {
                 miniMeToken.createCloneToken(
                     "Clone Token 1",