Skip to content

Commit

Permalink
feat: add ReentrancyGuard and use the Checks-Effects-Interactions Pat…
Browse files Browse the repository at this point in the history 
…tern
  • Loading branch information
@0xashu
0xashu committed May 27, 2024
1 parent 7ffd7d2 commit dbbd8b1
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions contracts/core/SharesFactoryV1.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@
pragma solidity 0.8.25;

import "@openzeppelin/contracts/access/Ownable2Step.sol";

Check warning on line 5 in contracts/core/SharesFactoryV1.sol

View workflow job for this annotation

GitHub Actions / lint (18) 

global import of path @openzeppelin/contracts/access/Ownable2Step.sol is not allowed. Specify names to import individually or bind all exports of the module into a name (import "path" as Name)

Check warning on line 5 in contracts/core/SharesFactoryV1.sol

View workflow job for this annotation

GitHub Actions / lint (18) 

global import of path @openzeppelin/contracts/access/Ownable2Step.sol is not allowed. Specify names to import individually or bind all exports of the module into a name (import "path" as Name)
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

Check warning on line 6 in contracts/core/SharesFactoryV1.sol

View workflow job for this annotation

GitHub Actions / lint (18) 

global import of path @openzeppelin/contracts/security/ReentrancyGuard.sol is not allowed. Specify names to import individually or bind all exports of the module into a name (import "path" as Name)

Check warning on line 6 in contracts/core/SharesFactoryV1.sol

View workflow job for this annotation

GitHub Actions / lint (18) 

global import of path @openzeppelin/contracts/security/ReentrancyGuard.sol is not allowed. Specify names to import individually or bind all exports of the module into a name (import "path" as Name)
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { IShare } from "../interface/IShare.sol";
import { IYieldAggregator } from "contracts/interface/IYieldAggregator.sol";
import { BondingCurveLib } from "../lib/BondingCurveLib.sol";

contract SharesFactoryV1 is Ownable2Step {
contract SharesFactoryV1 is Ownable2Step, ReentrancyGuard {
using SafeERC20 for IERC20;

struct Curve {
Expand Down Expand Up @@ -212,7 +213,7 @@ contract SharesFactoryV1 is Ownable2Step {
* @param quantity The quantity of shares.
* @param referral The address of the referral fee recipient.
*/
function buyShare(uint256 shareId, uint32 quantity, address referral) public payable {
function buyShare(uint256 shareId, uint32 quantity, address referral) public payable nonReentrant {
require(address(yieldAggregator) != address(0), "Invalid yieldAggregator");
require(shareId < shareIndex, "Invalid shareId");

Expand All @@ -224,6 +225,10 @@ contract SharesFactoryV1 is Ownable2Step {
) = getBuyPriceAfterFee(shareId, quantity, referral);
require(msg.value >= buyPriceAfterFee, "Insufficient payment");

// Mint shares to the buyer
IShare(ERC1155).shareMint(msg.sender, shareId, quantity);
emit Buy(shareId, msg.sender, quantity, buyPriceAfterFee);

// Deposit the buy price (in ETH) to the yield aggregator (e.g., Aave)
_safeTransferETH(address(yieldAggregator), buyPrice);
yieldAggregator.yieldDeposit();
Expand All @@ -239,10 +244,6 @@ contract SharesFactoryV1 is Ownable2Step {
if (refundAmount > 0) {
_safeTransferETH(msg.sender, refundAmount);
}

// Mint shares to the buyer
IShare(ERC1155).shareMint(msg.sender, shareId, quantity);
emit Buy(shareId, msg.sender, quantity, buyPriceAfterFee);
}

/**
Expand All @@ -256,7 +257,7 @@ contract SharesFactoryV1 is Ownable2Step {
uint32 quantity,
uint256 minETHAmount,
address referral
) public {
) public nonReentrant {
require(shareId < shareIndex, "Invalid shareId");
require(
IShare(ERC1155).shareBalanceOf(msg.sender, shareId) >= quantity,
Expand Down

0 comments on commit dbbd8b1

Please sign in to comment.