Conversation
alex0207s
left a comment
alex0207s
left a comment
There was a problem hiding this comment.
- DO NOT merge this branch to the main branch.
- You haven't reproduced the test scenario on the sepolia testing chain.
- Either rename
MyToken.soltoSammiToken.solor deleteMyToken.sol, along with the corresponding test contract and script contract. Do not leave an empty contract.
|
|
||
| _mint(to, amount * 10 ** uint256(decimals())); | ||
|
|
||
| console.log(startGas - gasleft()); |
There was a problem hiding this comment.
gasleft()is not a good way to measure gas cost.- We generally avoid logging within the contract itself, preferring to do so in test contracts or script contracts instead.
| revert OnlyDeployerCanMintOver10(); | ||
| } | ||
|
|
||
| _mint(to, amount * 10 ** uint256(decimals())); |
There was a problem hiding this comment.
If you don't override the decimals() function, you can use the ether keyword directly.
|
|
||
| uint256 notDeployerLimit = 10; | ||
|
|
||
| if (deployer != to && balanceOf(to) + amount > notDeployerLimit) { |
There was a problem hiding this comment.
DON'T rely solely on the balanceOf to determine the number of tokens a user can mint. Depending solely on this could cause a vulnerability, especially when a user transfers out the minted tokens and continues to mint more tokens.
| } | ||
|
|
||
| function test_mint_user() public { | ||
| uint256 eth = 10 ** uint256(sammiToken.decimals()); |
There was a problem hiding this comment.
If you don't override the decimals() function, you can use the ether keyword directly.
| address public _deployer; | ||
|
|
||
| function setUp() public { | ||
| sammiToken = new SammiToken(); |
There was a problem hiding this comment.
Utilize startPrank(deployer) to simulate the deployer role for deploying the SammiToken.
|
|
||
| function test_mint_deployer() public { | ||
| sammiToken.mint(_deployer, 100); | ||
| assertEq(sammiToken.balanceOf(_deployer), 100 * 10 ** 18); |
There was a problem hiding this comment.
repalce ether with 10**18
|
|
||
| //hacker以 bob 的private-key操作 | ||
| vm.startPrank(bob); | ||
| daoToken.delegate(hacker); |
There was a problem hiding this comment.
use formatter or execute forge fmt before push
# Conflicts: # w1/README.md # w1/script/MyToken.s.sol # w1/src/MyToken.sol # w1/test/MyToken.t.sol # w2/README.md # w2/test/DaoToken.t.sol # w3/.gitignore # w3/src/AmazingToken.sol # w3/src/LenderPool.sol # w3/src/ReceiverPool.sol # w3/test/Lender.t.sol
# Conflicts: # .gitmodules # w1/README.md # w1/script/MyToken.s.sol # w1/src/MyToken.sol # w1/test/MyToken.t.sol # w2/README.md # w2/test/DaoToken.t.sol
(cherry picked from commit 0b05ec2)
(cherry picked from commit 747517a)
2 participants
No description provided.