Disallow sending XTZ

Hover-Labs · Apr 12, 2022 · 7548ecb · 7548ecb
1 parent f7f6418
commit 7548ecb
Show file tree

Hide file tree

Showing 9 changed files with 608 additions and 111 deletions.
diff --git a/smart_contracts/common/errors.py b/smart_contracts/common/errors.py
@@ -83,3 +83,6 @@
 
 # A given parameter was an unacceptable value
 ERROR_BAD_DAO_PARAM = "ERROR_BAD_DAO_PARAM"
+
+# This endpoint does not accept XTZ sent to it, and XTZ was sent.
+ERROR_BAD_AMOUNT = "BAD_AMOUNT"
diff --git a/smart_contracts/community-fund.py b/smart_contracts/community-fund.py
@@ -45,6 +45,9 @@ def default(self):
     def setGovernorContract(self, newGovernorAddress):
       sp.set_type(newGovernorAddress, sp.TAddress)
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify command came from governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
 
@@ -56,6 +59,9 @@ def setGovernorContract(self, newGovernorAddress):
     def send(self, params):
       sp.set_type(params, sp.TRecord(numberOfTokens = sp.TNat, destination = sp.TAddress).layout(("numberOfTokens", "destination")))
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify command came from governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
 
@@ -73,6 +79,9 @@ def send(self, params):
     def rescueXTZ(self, params):
       sp.set_type(params, sp.TRecord(destinationAddress = sp.TAddress).layout("destinationAddress"))
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify the requester is the governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
       sp.send(params.destinationAddress, sp.balance)
@@ -86,6 +95,9 @@ def rescueFA12(self, params):
         destination = sp.TAddress,
       ).layout(("tokenContractAddress", ("amount", "destination"))))
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify the requester is the governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
 
@@ -112,6 +124,9 @@ def rescueFA2(self, params):
         destination = sp.TAddress,
       ).layout(("tokenContractAddress", ("tokenId", ("amount", "destination")))))
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify the requester is the governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
 
@@ -151,6 +166,9 @@ def rescueFA2(self, params):
     def setDelegate(self, newDelegate):
       sp.set_type(newDelegate, sp.TOption(sp.TKeyHash))
 
+      # Verify that the call did not include XTZ.
+      sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
       # Verify the caller is the governor.
       sp.verify(sp.sender == self.data.governorAddress, Errors.ERROR_NOT_GOVERNOR)
 

diff --git a/smart_contracts/community-fund.tz b/smart_contracts/community-fund.tz
@@ -14,8 +14,19 @@ code
           {
             IF_LEFT
               {
-                SWAP;       # @storage : @parameter%rescueFA12
                 # == rescueFA12 ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%rescueFA12 : @storage
+                PUSH mutez 0; # mutez : @parameter%rescueFA12 : @storage
+                AMOUNT;     # @amount : mutez : @parameter%rescueFA12 : @storage
+                COMPARE;    # int : @parameter%rescueFA12 : @storage
+                EQ;         # bool : @parameter%rescueFA12 : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%rescueFA12 : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%rescueFA12 : @storage
+                SWAP;       # @storage : @parameter%rescueFA12
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%rescueFA12
                 DUP;        # @storage : @storage : @parameter%rescueFA12
                 DUG 2;      # @storage : @parameter%rescueFA12 : @storage
@@ -35,7 +46,7 @@ code
                 CONTRACT %transfer (pair (address %from) (pair (address %to) (nat %value))); # option (contract (pair (address %from) (pair (address %to) (nat %value)))) : @parameter%rescueFA12 : @storage
                 IF_NONE
                   {
-                    PUSH int 93; # int : @parameter%rescueFA12 : @storage
+                    PUSH int 105; # int : @parameter%rescueFA12 : @storage
                     FAILWITH;   # FAILED
                   }
                   {}; # @some : @parameter%rescueFA12 : @storage
@@ -53,8 +64,19 @@ code
                 CONS;       # list operation : @storage
               }
               {
-                SWAP;       # @storage : @parameter%rescueFA2
                 # == rescueFA2 ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%rescueFA2 : @storage
+                PUSH mutez 0; # mutez : @parameter%rescueFA2 : @storage
+                AMOUNT;     # @amount : mutez : @parameter%rescueFA2 : @storage
+                COMPARE;    # int : @parameter%rescueFA2 : @storage
+                EQ;         # bool : @parameter%rescueFA2 : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%rescueFA2 : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%rescueFA2 : @storage
+                SWAP;       # @storage : @parameter%rescueFA2
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%rescueFA2
                 DUP;        # @storage : @storage : @parameter%rescueFA2
                 DUG 2;      # @storage : @parameter%rescueFA2 : @storage
@@ -74,7 +96,7 @@ code
                 CONTRACT %transfer (list (pair (address %from_) (list %txs (pair (address %to_) (pair (nat %token_id) (nat %amount)))))); # option (contract (list (pair (address %from_) (list %txs (pair (address %to_) (pair (nat %token_id) (nat %amount))))))) : @parameter%rescueFA2 : @storage
                 IF_NONE
                   {
-                    PUSH int 119; # int : @parameter%rescueFA2 : @storage
+                    PUSH int 134; # int : @parameter%rescueFA2 : @storage
                     FAILWITH;   # FAILED
                   }
                   {}; # @some : @parameter%rescueFA2 : @storage
@@ -106,8 +128,19 @@ code
           {
             IF_LEFT
               {
-                SWAP;       # @storage : @parameter%rescueXTZ
                 # == rescueXTZ ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%rescueXTZ : @storage
+                PUSH mutez 0; # mutez : @parameter%rescueXTZ : @storage
+                AMOUNT;     # @amount : mutez : @parameter%rescueXTZ : @storage
+                COMPARE;    # int : @parameter%rescueXTZ : @storage
+                EQ;         # bool : @parameter%rescueXTZ : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%rescueXTZ : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%rescueXTZ : @storage
+                SWAP;       # @storage : @parameter%rescueXTZ
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%rescueXTZ
                 DUP;        # @storage : @storage : @parameter%rescueXTZ
                 DUG 2;      # @storage : @parameter%rescueXTZ : @storage
@@ -125,7 +158,7 @@ code
                 CONTRACT unit; # option (contract unit) : @storage
                 IF_NONE
                   {
-                    PUSH int 78; # int : @storage
+                    PUSH int 87; # int : @storage
                     FAILWITH;   # FAILED
                   }
                   {}; # @some : @storage
@@ -137,8 +170,19 @@ code
                 CONS;       # list operation : @storage
               }
               {
-                SWAP;       # @storage : @parameter%send
                 # == send ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%send : @storage
+                PUSH mutez 0; # mutez : @parameter%send : @storage
+                AMOUNT;     # @amount : mutez : @parameter%send : @storage
+                COMPARE;    # int : @parameter%send : @storage
+                EQ;         # bool : @parameter%send : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%send : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%send : @storage
+                SWAP;       # @storage : @parameter%send
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%send
                 DUP;        # @storage : @storage : @parameter%send
                 DUG 2;      # @storage : @parameter%send : @storage
@@ -159,7 +203,7 @@ code
                 CONTRACT %transfer (pair (address %from) (pair (address %to) (nat %value))); # option (contract (pair (address %from) (pair (address %to) (nat %value)))) : list operation : @parameter%send : @storage
                 IF_NONE
                   {
-                    PUSH int 63; # int : list operation : @parameter%send : @storage
+                    PUSH int 69; # int : list operation : @parameter%send : @storage
                     FAILWITH;   # FAILED
                   }
                   {}; # @some : list operation : @parameter%send : @storage
@@ -176,8 +220,19 @@ code
           {
             IF_LEFT
               {
-                SWAP;       # @storage : @parameter%setDelegate
                 # == setDelegate ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%setDelegate : @storage
+                PUSH mutez 0; # mutez : @parameter%setDelegate : @storage
+                AMOUNT;     # @amount : mutez : @parameter%setDelegate : @storage
+                COMPARE;    # int : @parameter%setDelegate : @storage
+                EQ;         # bool : @parameter%setDelegate : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%setDelegate : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%setDelegate : @storage
+                SWAP;       # @storage : @parameter%setDelegate
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%setDelegate
                 DUP;        # @storage : @storage : @parameter%setDelegate
                 DUG 2;      # @storage : @parameter%setDelegate : @storage
@@ -198,8 +253,19 @@ code
                 CONS;       # list operation : @storage
               }
               {
-                SWAP;       # @storage : @parameter%setGovernorContract
                 # == setGovernorContract ==
+                # sp.verify(sp.amount == sp.tez(0), 'BAD_AMOUNT') # @parameter%setGovernorContract : @storage
+                PUSH mutez 0; # mutez : @parameter%setGovernorContract : @storage
+                AMOUNT;     # @amount : mutez : @parameter%setGovernorContract : @storage
+                COMPARE;    # int : @parameter%setGovernorContract : @storage
+                EQ;         # bool : @parameter%setGovernorContract : @storage
+                IF
+                  {}
+                  {
+                    PUSH string "BAD_AMOUNT"; # string : @parameter%setGovernorContract : @storage
+                    FAILWITH;   # FAILED
+                  }; # @parameter%setGovernorContract : @storage
+                SWAP;       # @storage : @parameter%setGovernorContract
                 # sp.verify(sp.sender == self.data.governorAddress, 'NOT_GOVERNOR') # @storage : @parameter%setGovernorContract
                 DUP;        # @storage : @storage : @parameter%setGovernorContract
                 DUG 2;      # @storage : @parameter%setGovernorContract : @storage

diff --git a/smart_contracts/dao.py b/smart_contracts/dao.py
@@ -199,7 +199,10 @@ def __init__(
   @sp.entry_point
   def propose(self, proposal):
     sp.set_type(proposal, Proposal.PROPOSAL_TYPE)
-
+
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify a poll is not under vote.
     sp.verify(~self.data.poll.is_some(), Errors.ERROR_POLL_UNDERWAY)
 
@@ -244,6 +247,9 @@ def propose(self, proposal):
   def endVoting(self, unit):
     sp.set_type(unit, sp.TUnit)
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify a poll is underway.
     sp.verify(self.data.poll.is_some(), Errors.ERROR_NO_POLL)
 
@@ -326,6 +332,9 @@ def endVoting(self, unit):
   def vote(self, voteValue):
     sp.set_type(voteValue, sp.TNat)
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify contract is in the correct state.
     sp.verify(self.data.state == STATE_MACHINE_IDLE, Errors.ERROR_BAD_STATE)
 
@@ -373,6 +382,9 @@ def vote(self, voteValue):
   def voteCallback(self, returnedData):
     sp.set_type(returnedData, sp.TRecord(result = sp.TNat, address = sp.TAddress, level = sp.TNat))
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify contract is in the correct state.
     sp.verify(self.data.state == STATE_MACHINE_WAITING_FOR_BALANCE, Errors.ERROR_BAD_STATE)
 
@@ -430,6 +442,9 @@ def voteCallback(self, returnedData):
   def executeTimelock(self, unit):
     sp.set_type(unit, sp.TUnit)
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify an item is in the timelock
     sp.verify(self.data.timelockItem.is_some(), Errors.ERROR_NO_ITEM_IN_TIMELOCK)
 
@@ -460,6 +475,9 @@ def executeTimelock(self, unit):
   def cancelTimelock(self, unit):
     sp.set_type(unit, sp.TUnit)
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Verify an item is in the timelock
     sp.verify(self.data.timelockItem.is_some(), Errors.ERROR_NO_ITEM_IN_TIMELOCK)
 
@@ -486,6 +504,9 @@ def cancelTimelock(self, unit):
   def setParameters(self, newGovernanceParameters):
     sp.set_type(newGovernanceParameters, GOVERNANCE_PARAMETERS_TYPE)
 
+    # Verify that the call did not include XTZ.
+    sp.verify(sp.amount == sp.mutez(0), Errors.ERROR_BAD_AMOUNT)
+
     # Only the DAO can change its own parameters.
     sp.verify(sp.sender == sp.self_address, Errors.ERROR_NOT_DAO)