Solidity

乙太遠期和代幣掃描合約?

  • February 24, 2020

我編寫了一個簡單的乙太轉發合約,加上一個掃描功能,當自動呼叫它時,將指定代幣合約地址的所有代幣掃描到預定義的收件人地址。

希望尋求可靠的專家和審計協助,以審查程式碼的完整性以及在生產中使用它是否“相對”安全。

pragma solidity ^0.5.16; //declare solidity version to use

//Standard interface functions for erc20 token contracts
contract ERC20 {
   function balanceOf(address _owner) public view returns (uint balance);
   function transfer(address _to, uint _value) public returns (bool success);
}

contract SweepFunds {
   
   //address declaration
   address payable public merchant = RECIPIENT_ADDR; //merchant account
   address payable public admin = ADMIN_ADDR; //admin account
   
   //Events Logging
   event LogForwardedEther(uint total, address indexed merchant, uint merchVal, address indexed admin, uint adminFee);
   event LogForwardedToken(uint total, address indexed merchant, uint merchVal, address indexed admin, uint adminFee, address indexed token);

   //Fallback function; Gets called when Ether is deposited, and forwards it to merchant and admin
   function() external payable {
       transferFunds(msg.value);
   }

   //It is possible that funds were sent to this address before the contract was deployed; flush those funds to the designated addresses.
   function flushEther() public payable {
       uint ethBal = address(this).balance;
       transferFunds(ethBal);
   }
   
   //Sweep tokens method by specifying token contract address and amount.
   function sweepTokens(address _token) public {
       transferFunds(_token);
   }

   //General transfer funds function (Ether)
   function transferFunds(uint _value) private {
       require(_value > 0);
       uint _fee = (NUMERATOR*_value)/(DENOMINATOR*100);
       
       //Perform Ether transfer method
       emit LogForwardedEther(_value, merchant, _value - _fee, admin, _fee);
       merchant.transfer(_value - _fee);
       admin.transfer(_fee);
   }
   
   //General transfer funds function (Token)
   function transferFunds(address _token) private {
       uint _value = ERC20(_token).balanceOf(address(this));
       require(_value > 0);
       uint _fee = (NUMERATOR*_value)/(DENOMINATOR*100);
           
       //Perform Token transfer method
       emit LogForwardedToken(_value, merchant, _value - _fee, admin, _fee, _token);
       ERC20(_token).transfer(merchant, _value - _fee);
       ERC20(_token).transfer(admin, _fee);
   }
} //end of SweepFunds contract

上述合約將通過用值替換以下字元串以程式方式生成:

  • RECIPIENT_ADDR
  • 管理員地址
  • 分子
  • 分母

例子

方案 1

如果費用為 1.5%(NUMERATOR:3,DENOMINATOR:2),並且 100 ether 被發送到合約地址;98.5 ether 將自動轉發到 RECIPIENT_ADDR,而 1.5 ether 將發送到 ADMIN_ADDR。

方案 2

如果手續費為 1.5%(NUMERATOR:3,DENOMINATOR:2),並且 100 USDT 代幣被發送到合約地址;98.5 USDT 會自動轉發到RECIPIENT_ADDR,而1.5 USDT 會通過呼叫sweep 函式發送到ADMIN_ADDR,指定合約地址USDT 代幣合約地址。

到目前為止,它一直執行良好;如果您發現任何漏洞或任何建議,請告訴我,非常感謝!

謝謝!

我認為你應該為這些變數設置一個建構子:

  • RECIPIENT_ADDR
  • 管理員地址
  • 分子
  • 分母

並且也許這些變數的設置器/獲取器,以增加之後編輯它們的可能性。

從 OpenZeppelin 的庫中添加Safemath所有權可能是一個好主意。

SafeMath 防止溢出和所有權提供基本的授權控制功能,並允許轉讓合約的所有權!

還應該檢查是否(_fee > _value)。

引用自:https://ethereum.stackexchange.com/questions/80055