Expired allowance miscalculation #289
Description
This issue involves a poor implementation of the allowance function in the Token SEP-041 interface. While the approve function in SEP-041 allows passing an expiration_ledger:
fn approve(e: Env, from: Address, spender: Address, amount: i128, expiration_ledger: u32)The allowance function only returns the amount:
fn allowance(e: Env, from: Address, spender: Address) -> i128This can lead to implementations that compile but do not account for expiration_ledger. For example:
fn allowance(e: Env, from: Address, spender: Address) -> i128 {
let result = storage::get_allowance(&e, &from, &spender);
result.amount
}Proposal
If the TokenInterface is implemented (this could be verified by checking if the trait is imported and implemented), ensure that allowance includes something like:
fn allowance(e: Env, from: Address, spender: Address) -> i128 {
let result = storage::get_allowance(&e, &from, &spender);
if e.ledger().sequence() > result.expiration_ledger {
0
} else {
result.amount
}
}