upgrade openzeppelin-contracts

Author: minaminao

foundry.toml

@@ -8,11 +8,12 @@ evm_version = "cancun"
 
 ignored_error_codes = [
     "license", # warning[1878]: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
-    3628, # Warning (3628): This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
-    3860, # Warning (3860): Contract initcode size is X bytes and exceeds Y bytes (a limit introduced in Shanghai). This contract may not be deployable on Mainnet. Consider enabling the optimizer (with a low "runs" value!), turning off revert strings, or using libraries.
-    5159, # Warning (5159): "selfdestruct" has been deprecated. The underlying opcode will eventually undergo breaking changes, and its use is not recommended.
-    5574, # Warning (5574): Contract code size is 24870 bytes and exceeds 24576 bytes (a limit introduced in Spurious Dragon). This contract may not be deployable on Mainnet. Consider enabling the optimizer (with a low "runs" value!), turning off revert strings, or using libraries.
-    9302, # Warning (9302): Return value of low-level calls not used.
+    2394,      # Warning (2394): Transient storage as defined by EIP-1153 can break the composability of smart contracts: Since transient storage is cleared only at the end of the transaction and not at the end of the outermost call frame to the contract within a transaction, your contract may unintentionally misbehave when invoked multiple times in a complex transaction. To avoid this, be sure to clear all transient storage at the end of any call to your contract. The use of transient storage for reentrancy guards that are cleared at the end of the call is safe.
+    3628,      # Warning (3628): This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
+    3860,      # Warning (3860): Contract initcode size is X bytes and exceeds Y bytes (a limit introduced in Shanghai). This contract may not be deployable on Mainnet. Consider enabling the optimizer (with a low "runs" value!), turning off revert strings, or using libraries.
+    5159,      # Warning (5159): "selfdestruct" has been deprecated. The underlying opcode will eventually undergo breaking changes, and its use is not recommended.
+    5574,      # Warning (5574): Contract code size is 24870 bytes and exceeds 24576 bytes (a limit introduced in Spurious Dragon). This contract may not be deployable on Mainnet. Consider enabling the optimizer (with a low "runs" value!), turning off revert strings, or using libraries.
+    9302,      # Warning (9302): Return value of low-level calls not used.
 ]
 
 # For Huff

lib/openzeppelin-contracts

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity 0.8.15;
 
-import "forge-std/Test.sol";
+import {Test} from "forge-std/Test.sol";
 
 struct A {
     B b;

src/0CTF2022/TctfNftMarket/CalldataBug.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.16;
+pragma solidity ^0.8.16;
 
 import "forge-std/Script.sol";
 import "src/utils/UniswapV2Library.sol";

src/0CTF2022/TctfNftMarket/Challenge.sol renamed to src/0CTF2022/TctfNftMarket/Challenge.sol.archived

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.9;
+pragma solidity ^0.8.9;
 
 import {NFTMarketplace} from "./challenge/NFTMarketplace.sol";
 import {Create2} from "src/utils/Create2.sol";

src/0CTF2022/TctfNftMarket/Exploit.t.sol renamed to src/0CTF2022/TctfNftMarket/Exploit.t.sol.archived

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.9;
+pragma solidity ^0.8.9;
 
 import "forge-std/Test.sol";
 import {NFTMarketplace} from "./challenge/NFTMarketplace.sol";

src/0x41414141CTF/RichClub/Exploit.s.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.9;
+pragma solidity ^0.8.9;
 
 import "openzeppelin-contracts/contracts/token/ERC721/ERC721.sol";
 import "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

src/BalsnCTF2022/NFTMarketplace/Exploit.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity 0.8.13;
+pragma solidity ^0.8.13;
 
 import {Test, console2} from "forge-std/Test.sol";
 import {Curta} from "../general/CurtaLocal.sol";

src/BalsnCTF2022/NFTMarketplace/Exploit.t.sol

@@ -9,10 +9,10 @@ contract SimpleERC223Token is ERC20 {
         _mint(msg.sender, _supply);
     }
 
-    function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual override {
+    function _update(address from, address to, uint256 amount) internal virtual override {
         // Call parent hook
-        super._afterTokenTransfer(from, to, amount);
-        if (Address.isContract(to)) {
+        super._update(from, to, amount);
+        if (to.code.length > 0) {
             // this is wrong and broken on many ways, but it works for this example
             // instead of a try catch perhaps we should use a ERC165...
             // the tokenFallback function is run if the contract has this function

src/BalsnCTF2022/NFTMarketplace/challenge/NFTMarketplace.sol

@@ -12,7 +12,7 @@ contract Casino is Ownable {
     uint256 lastPlayed = 0;
     mapping(address => uint256) public balances;
 
-    constructor(address token) {
+    constructor(address token) Ownable(msg.sender) {
         ducoin = DUCoin(token);
     }
 

src/Curta/20_Lana/Exploit.t.sol

@@ -7,7 +7,7 @@ import "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";
 import "openzeppelin-contracts/contracts/access/Ownable.sol";
 
 contract DUCoin is ERC20, Ownable {
-    constructor() ERC20("DUCoin", "DUC") {}
+    constructor() ERC20("DUCoin", "DUC") Ownable(msg.sender) {}
 
     function freeMoney(address addr) external onlyOwner {
         _mint(addr, 1337);

src/DeFiSecuritySummitStanford/tokens/tokenERC223.sol

@@ -1,11 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/math/SafeMath.sol";
-
 contract Denial {
-    using SafeMath for uint256;
-
     address public partner; // withdrawal partner - pay the gas, split the withdraw
     address payable public constant owner = payable(address(0xA9E));
     uint256 timeLastWithdrawn;
@@ -17,15 +13,15 @@ contract Denial {
 
     // withdraw 1% to recipient and 1% to owner
     function withdraw() public {
-        uint256 amountToSend = address(this).balance.div(100);
+        uint256 amountToSend = address(this).balance / 100;
         // perform a call without checking return
         // The recipient can revert, the owner will still get their share
         (bool _result,) = partner.call{value: amountToSend}("");
         _result;
         owner.transfer(amountToSend);
         // keep track of last withdrawal time
         timeLastWithdrawn = block.timestamp;
-        withdrawPartnerBalances[partner] = withdrawPartnerBalances[partner].add(amountToSend);
+        withdrawPartnerBalances[partner] = withdrawPartnerBalances[partner] + amountToSend;
     }
 
     // allow deposit of funds

src/DownUnderCTF2022/CryptoCasino/Casino.sol

@@ -3,16 +3,13 @@ pragma solidity ^0.8.13;
 
 import "openzeppelin/token/ERC20/IERC20.sol";
 import "openzeppelin/token/ERC20/ERC20.sol";
-import "openzeppelin/utils/math/SafeMath.sol";
 import "openzeppelin/access/Ownable.sol";
 
 contract Dex is Ownable {
-    using SafeMath for uint256;
-
     address public token1;
     address public token2;
 
-    constructor() {}
+    constructor() Ownable(msg.sender) {}
 
     function setTokens(address _token1, address _token2) public onlyOwner {
         token1 = _token1;

src/DownUnderCTF2022/CryptoCasino/DUCoin.sol

@@ -3,16 +3,13 @@ pragma solidity ^0.8.13;
 
 import "openzeppelin/token/ERC20/IERC20.sol";
 import "openzeppelin/token/ERC20/ERC20.sol";
-import "openzeppelin/utils/math/SafeMath.sol";
 import "openzeppelin/access/Ownable.sol";
 
 contract DexTwo is Ownable {
-    using SafeMath for uint256;
-
     address public token1;
     address public token2;
 
-    constructor() {}
+    constructor() Ownable(msg.sender) {}
 
     function setTokens(address _token1, address _token2) public onlyOwner {
         token1 = _token1;

src/Ethernaut/Denial/Denial.sol

@@ -72,6 +72,8 @@ contract CryptoVault {
 contract LegacyToken is ERC20("LegacyToken", "LGT"), Ownable {
     DelegateERC20 public delegate;
 
+    constructor() Ownable(msg.sender) {}
+
     function mint(address to, uint256 amount) public onlyOwner {
         _mint(to, amount);
     }
@@ -95,7 +97,9 @@ contract DoubleEntryPoint is ERC20("DoubleEntryPointToken", "DET"), DelegateERC2
     address public delegatedFrom;
     Forta public forta;
 
-    constructor(address legacyToken, address vaultAddress, address fortaAddress, address playerAddress) {
+    constructor(address legacyToken, address vaultAddress, address fortaAddress, address playerAddress)
+        Ownable(msg.sender)
+    {
         delegatedFrom = legacyToken;
         forta = Forta(fortaAddress);
         player = playerAddress;

src/Ethernaut/Dex/Dex.sol

@@ -9,6 +9,7 @@ import "openzeppelin/access/Ownable.sol";
 address constant ETHERNAUT_ADDRESS = 0xD991431D8b033ddCb84dAD257f4821E9d5b38C33;
 
 contract Ethernaut is Ownable {
+    constructor() Ownable(msg.sender) {}
     // ----------------------------------
     // Owner interaction
     // ----------------------------------

src/Ethernaut/DexTwo/DexTwo.sol

@@ -5,6 +5,7 @@ pragma solidity ^0.8.13;
 import "openzeppelin/access/Ownable.sol";
 
 abstract contract Level is Ownable {
+    constructor() Ownable(msg.sender) {}
     function createInstance(address _player) public payable virtual returns (address);
 
     function validateInstance(address payable _instance, address _player) public virtual returns (bool);

src/Ethernaut/DoubleEntryPoint/DoubleEntryPoint.sol

@@ -1,11 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/math/SafeMath.sol";
-
 contract Fallout {
-    using SafeMath for uint256;
-
     mapping(address => uint256) allocations;
     address payable public owner;
 
@@ -21,7 +17,7 @@ contract Fallout {
     }
 
     function allocate() public payable {
-        allocations[msg.sender] = allocations[msg.sender].add(msg.value);
+        allocations[msg.sender] = allocations[msg.sender] + msg.value;
     }
 
     function sendAllocation(address payable allocator) public {

src/Ethernaut/Ethernaut/Ethernaut.sol

@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: MIT
 pragma solidity >=0.8.0 <0.9.0;
 
-import "openzeppelin-contracts/contracts/utils/Address.sol";
-
 contract GoodSamaritan {
     Wallet public wallet;
     Coin public coin;
@@ -29,8 +27,6 @@ contract GoodSamaritan {
 }
 
 contract Coin {
-    using Address for address;
-
     mapping(address => uint256) public balances;
 
     error InsufficientBalance(uint256 current, uint256 required);
@@ -48,7 +44,7 @@ contract Coin {
             balances[msg.sender] -= amount_;
             balances[dest_] += amount_;
 
-            if (dest_.isContract()) {
+            if (dest_.code.length > 0) {
                 // notify contract
                 INotifyable(dest_).notify(amount_);
             }

src/Ethernaut/Ethernaut/Level.sol

@@ -2,7 +2,6 @@
 
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/Address.sol";
 import "openzeppelin/proxy/utils/Initializable.sol";
 
 contract Motorbike {
@@ -15,7 +14,7 @@ contract Motorbike {
 
     // Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
     constructor(address _logic) {
-        require(Address.isContract(_logic), "ERC1967: new implementation is not a contract");
+        require(_logic.code.length > 0, "ERC1967: new implementation is not a contract");
         _getAddressSlot(_IMPLEMENTATION_SLOT).value = _logic;
         (bool success,) = _logic.delegatecall(abi.encodeWithSignature("initialize()"));
         require(success, "Call failed");
@@ -88,7 +87,7 @@ contract Engine is Initializable {
 
     // Stores a new address in the EIP1967 implementation slot.
     function _setImplementation(address newImplementation) private {
-        require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
+        require(newImplementation.code.length > 0, "ERC1967: new implementation is not a contract");
 
         AddressSlot storage r;
         assembly {

src/Ethernaut/Fallout/Fallout.sol

@@ -33,6 +33,6 @@ contract MotorbikeFactory is Level {
 
     function validateInstance(address payable _instance, address _player) public view override returns (bool) {
         _player;
-        return !Address.isContract(engines[_instance]);
+        return !(engines[_instance].code.length > 0);
     }
 }

src/Ethernaut/GoodSamaritan/GoodSamaritan.sol

@@ -1,8 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/math/SafeMath.sol";
-import "openzeppelin/proxy/ERC1967/ERC1967Proxy.sol";
+import {ERC1967Proxy, ERC1967Utils} from "openzeppelin/proxy/ERC1967/ERC1967Proxy.sol";
 
 contract PuzzleProxy is ERC1967Proxy {
     address public pendingAdmin;
@@ -29,13 +28,11 @@ contract PuzzleProxy is ERC1967Proxy {
     }
 
     function upgradeTo(address _newImplementation) external onlyAdmin {
-        _upgradeTo(_newImplementation);
+        ERC1967Utils.upgradeToAndCall(_newImplementation, "");
     }
 }
 
 contract PuzzleWallet {
-    using SafeMath for uint256;
-
     address public owner;
     uint256 public maxBalance;
     mapping(address => bool) public whitelisted;
@@ -64,12 +61,12 @@ contract PuzzleWallet {
 
     function deposit() external payable onlyWhitelisted {
         require(address(this).balance <= maxBalance, "Max balance reached");
-        balances[msg.sender] = balances[msg.sender].add(msg.value);
+        balances[msg.sender] = balances[msg.sender] + msg.value;
     }
 
     function execute(address to, uint256 value, bytes calldata data) external payable onlyWhitelisted {
         require(balances[msg.sender] >= value, "Insufficient balance");
-        balances[msg.sender] = balances[msg.sender].sub(value);
+        balances[msg.sender] = balances[msg.sender] - value;
         (bool success,) = to.call{value: value}(data);
         require(success, "Execution failed");
     }

src/Ethernaut/Motorbike/Motorbike.sol

@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/math/SafeMath.sol";
-
 contract Recovery {
     //generate tokens
     function generateToken(string memory _name, uint256 _initialSupply) public {
@@ -11,8 +9,6 @@ contract Recovery {
 }
 
 contract SimpleToken {
-    using SafeMath for uint256;
-
     // public variables
     string public name;
     mapping(address => uint256) public balances;
@@ -25,13 +21,13 @@ contract SimpleToken {
 
     // collect ether in return for tokens
     receive() external payable {
-        balances[msg.sender] = msg.value.mul(10);
+        balances[msg.sender] = msg.value * 10;
     }
 
     // allow transfers of tokens
     function transfer(address _to, uint256 _amount) public {
         require(balances[msg.sender] >= _amount);
-        balances[msg.sender] = balances[msg.sender].sub(_amount);
+        balances[msg.sender] = balances[msg.sender] - _amount;
         balances[_to] = _amount;
     }
 

src/Ethernaut/Motorbike/MotorbikeFactory.sol

@@ -1,15 +1,11 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.13;
 
-import "openzeppelin/utils/math/SafeMath.sol";
-
 contract Reentrance {
-    using SafeMath for uint256;
-
     mapping(address => uint256) public balances;
 
     function donate(address _to) public payable {
-        balances[_to] = balances[_to].add(msg.value);
+        balances[_to] = balances[_to] + msg.value;
     }
 
     function balanceOf(address _who) public view returns (uint256 balance) {

src/Ethernaut/PuzzleWallet/PuzzleWallet.sol

@@ -35,7 +35,7 @@ contract CarMarket is Ownable {
      * @notice Sets the car token during deployment.
      * @param _carToken The token used to purchase cars
      */
-    constructor(address _carToken) {
+    constructor(address _carToken) Ownable(msg.sender) {
         carToken = ICarToken(_carToken);
     }
 

src/Ethernaut/Recovery/Recovery.sol

@@ -21,7 +21,7 @@ contract CarToken is ERC20, Ownable {
     /**
      * @dev Car Company Contract Constructor.
      */
-    constructor() ERC20("Car Company", "CCY") {}
+    constructor() ERC20("Car Company", "CCY") Ownable(msg.sender) {}
 
     /**
      * @dev Checks to see if the user has minted previously.