MVL Token is ERC-20 token conforms following ERC-20 https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md
name: 'Mass Vehicle Ledger'symbol: 'MVL'decimals: (uint8)18totalSupply: (uint256)3e28
balanceOf:view (address) => (uint256)transfer:(address, uint256) => (bool)transferFrom:(address _from, address _to, uint256) => (bool)approve:(address, uint256) => (bool)allowance:(address _owner, address _spender) => (uint256)increaseApproval:(address _spender, uint256 _addedValue) => (bool)decreaseApproval:(address _spender, uint256 _subtractedValue) => (bool)
Transfer(address indexed _from, address indexed _to, uint256 _value)Approval(address indexed _owner, address indexed _spender, uint256 _value)
There is an attack vector which exploits approve function to spend unwanted by spender. The discussion is here.
Since EIP20 fixed its interface, so the suggestion of changing API isn't accepted.
Therefore, MVL token considers the work-around solution, hinted from MiniMeToken
The main idea of this, enforce token holder to call approve(spender, 0) before call it again with positive integer value.
This is implemented here and tested here.
- Solidity v0.4.19 (solc or solc-js both work)
- Truffle v4.1.3 (core: 4.1.3)
- Node.js v8.11.1 (for dependency mgmt.)
- Docker (18.03.0-ce, build 0520e24, for oyente)
Build status
Test & Coverage status
- Truffle on CircleCI
- Every commit on master branch of this repository triggers CircleCI hook.
- Truffle suite runs test
- CircleCI config file
- install dependencies
$ yarn install --frozen-lockfile --production=false
- test command
$ truffle test