0. 版本
[openzeppelin]:v4.8.3,[forge-std]:v1.5.6
0.1 PullPayment.sol
Github: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.8.3/contracts/security/PullPayment.sol
PullPayment库是对Openzeppelin中Escrow库的一种封装。从安全角度看,PullPayment是一对多发送eth的最佳解决方案。它可以防止收款人阻塞发送eth的行为并消除重入问题。
注:PullPayment也是基于合约安全模式( https://consensys.github.io/smart-contract-best-practices/development-recommendations/general/external-calls/#favor-pull-over-push-for-external-calls[pull-payment] )的一种简单代码实现。付款合约并不会主动同收款人地址交互,而是需要他们自己来提取。
1. 目标合约
继承PullPayment合约:
Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/src/security/MockPullPayment.sol
// SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; import "openzeppelin-contracts/contracts/security/PullPayment.sol"; contract MockPullPayment is PullPayment { event DoWithAsyncTransfer(address payee, uint amount); function doWithAsyncTransfer(address payee, uint amount) external payable { _asyncTransfer(payee, amount); emit DoWithAsyncTransfer(payee, amount); } }全部foundry测试合约:
Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/security/PullPayment.t.sol
2. 代码精读
2.1 constructor()
主合约部署的时候会自动部署一个Escrow合约。PullPayment只是Escrow的一个wrapper,所有的存取逻辑都在Escrow合约中定义。
注:Escrow是Openzeppelin的一个合约库,详解参见:https://learnblockchain.cn/article/6374
// 中间的资金托管合约 Escrow private immutable _escrow; constructor() { // 使用CREATE方式部署资金托管合约 _escrow = new Escrow(); }2.2 _asyncTransfer(address dest, uint256 amount) internal && payments(address dest)
_asyncTransfer(address dest, uint256 amount) internal:付款人将调用该函数锁入amount数量的eth。这部分eth最终可以提取给dest。注:付款人的eth将锁入中间的托管合约,因此资金在提取之前都是安全的;payments(address dest):返回dest当前名下累计的可提取eth数量。
function payments(address dest) public view returns (uint256) { // 调用Escrow.depositsOf(),返回dest当前名下累计的可提取eth数量 return _escrow.depositsOf(dest); } function _asyncTransfer(address dest, uint256 amount) internal virtual { // 携带数量为amount的eth调用Escrow.deposit(),payee为dest _escrow.deposit{value: amount}(dest); }foundry代码验证:
contract PullPaymentTest is Test { MockPullPayment private _testing; address private _payee1 = address(1); address private _payee2 = address(2); function setUp() external { _testing = new MockPullPayment(); } event DoWithAsyncTransfer(address payee, uint amount); function test_AsyncTransferAndPayments() external { address testingAddress = address(_testing); // load the inner escrow contract with the address computed from deployer address and nonce // note: the nonce in the first contract deployment by a contract is 1 Escrow innerEscrow = Escrow( computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1) ); assertEq(address(innerEscrow).balance, 0); // deposit for payee 1 assertEq(_testing.payments(_payee1), 0); vm.expectEmit(testingAddress); emit DoWithAsyncTransfer(_payee1, 100); _testing.doWithAsyncTransfer{value: 100}(_payee1, 100); assertEq(_testing.payments(_payee1), 100); assertEq(address(innerEscrow).balance, 0 + 100); // revert with depositing to escrow contract directly vm.expectRevert("Ownable: caller is not the owner"); innerEscrow.deposit{value: 100}(_payee1); // deposit for payee 2 assertEq(_testing.payments(_payee2), 0); vm.expectEmit(testingAddress); emit DoWithAsyncTransfer(_payee2, 101); _testing.doWithAsyncTransfer{value: 101}(_payee2, 101); assertEq(_testing.payments(_payee2), 101); assertEq(address(innerEscrow).balance, 100 + 101); // revert with depositing to escrow contract directly vm.expectRevert("Ownable: caller is not the owner"); innerEscrow.deposit{value: 101}(_payee2); } }2.3 withdrawPayments(address payable payee)
提取payee名下全部锁存的eth。任何地址都可以调用该方法,但是eth只会转移给payee。这意味着payee本身可以不需要知道PullPayment合约的存在,其他地址仍可替他触发eth的提取操作。
注:将eth转移给payee地址的过程可能会引发重入攻击,请确保payee地址的安全性。亦可通过以下方法抵御重入:
- 代码开发遵循check-effects-interactions模式;
- 使用Openzeppelin的ReentrancyGuard库。
function withdrawPayments(address payable payee) public virtual { // 调用Escrow.withdraw(),触发提取操作 _escrow.withdraw(payee); }foundry代码验证:
contract PullPaymentTest is Test { MockPullPayment private _testing; address private _payee1 = address(1); address private _payee2 = address(2); function setUp() external { _testing = new MockPullPayment(); } function test_WithdrawPayments() external { address testingAddress = address(_testing); // load the inner escrow contract with the address computed from deployer address and nonce // note: the nonce in the first contract deployment by a contract is 1 Escrow innerEscrow = Escrow( computeCreateAddress(testingAddress, vm.getNonce(testingAddress) - 1) ); _testing.doWithAsyncTransfer{value: 50}(_payee1, 50); _testing.doWithAsyncTransfer{value: 100}(_payee2, 100); assertEq(address(innerEscrow).balance, 50 + 100); // withdraw the deposited eth to payee 1 assertEq(_payee1.balance, 0); // revert if withdraw from the escrow directly vm.expectRevert("Ownable: caller is not the owner"); innerEscrow.withdraw(payable(_payee1)); _testing.withdrawPayments(payable(_payee1)); assertEq(_payee1.balance, 50); assertEq(address(innerEscrow).balance, 100); // withdraw the deposited eth to payee 2 assertEq(_payee2.balance, 0); // revert if withdraw from the escrow directly vm.expectRevert("Ownable: caller is not the owner"); innerEscrow.withdraw(payable(_payee2)); _testing.withdrawPayments(payable(_payee2)); assertEq(_payee2.balance, 100); assertEq(address(innerEscrow).balance, 0); } }ps: 本人热爱图灵,热爱中本聪,热爱V神。 以下是我个人的公众号,如果有技术问题可以关注我的公众号来跟我交流。 同时我也会在这个公众号上每周更新我的原创文章,喜欢的小伙伴或者老伙计可以支持一下! 如果需要转发,麻烦注明作者。十分感谢!
公众号名称:后现代泼痞浪漫主义奠基人
