Prevent token&auction address to be used in bid()

loredanacirstea · loredanacirstea · commit 6fbd9eb991b8 · 2017-10-02T17:03:13.000+03:00
Closes #91 Token and auction contract addresses should not be used as receivers of tokens.
diff --git a/contracts/auction.sol b/contracts/auction.sol
@@ -227,6 +227,8 @@ contract DutchAuction {
         atStage(Stages.AuctionStarted)
     {
         require(receiver_address != 0x0);
+        require(receiver_address != address(this));
+        require(receiver_address != address(token));
         require(msg.value > 0);
         assert(bids[receiver_address] + msg.value >= msg.value);
 
diff --git a/tests/test_auction.py b/tests/test_auction.py
@@ -255,6 +255,13 @@ def test_auction_bid(
     token_multiplier = auction.call().token_multiplier()
 
     auction.transact({'from': owner}).startAuction()
+    # Bids with the token contract address as receiver should fail
+    with pytest.raises(tester.TransactionFailed):
+        auction.transact({'from': A, "value": 100}).bid(token.address)
+
+    # Bids with the auction contract address as receiver should fail
+    with pytest.raises(tester.TransactionFailed):
+        auction.transact({'from': A, "value": 100}).bid(auction.address)
 
     # End auction by bidding the needed amount
     missing_funds = auction.call().missingFundsToEndAuction()

Original file line number	Diff line number	Diff line change
`@@ -227,6 +227,8 @@ contract DutchAuction {`
`227`	`227`	`atStage(Stages.AuctionStarted)`
`228`	`228`	`{`
`229`	`229`	`require(receiver_address != 0x0);`
	`230`	`+ require(receiver_address != address(this));`
	`231`	`+ require(receiver_address != address(token));`
`230`	`232`	`require(msg.value > 0);`
`231`	`233`	`assert(bids[receiver_address] + msg.value >= msg.value);`
`232`	`234`