improve: Clarify transferFrom() require() assumptions

Signed-off-by: Paul <108695806+pxrl@users.noreply.github.com>
across-protocol · Feb 1, 2023 · 5215b60 · 5215b60
1 parent edbee53
commit 5215b60
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/contracts/BondToken.sol b/contracts/BondToken.sol
@@ -62,6 +62,9 @@ contract BondToken is WETH9, Ownable {
      * - The src address is not a pre-approved proposer, *and*
      * - The src address is the current proposer of a HubPool root bundle.
      * Falls back to the base implementation after verifying that the transfer is permitted.
+     * @dev The require(..., "Transfer not permitted") statement is dependent on the internal ordering of HubPool
+     * proposedRootBundle state variable updates, relative to calling bondToken.safeTransferFrom(). Changing the order
+     * of HubPool actions may invalidate this verification. BondToken tests are implemented to detect this.
      * @param src Source address.
      * @param dst Destination address.
      * @param amt Amount to transfer.