Add `approveCAS` to ManagedLedger
Clarification and motivation
ManagedLedger
contract has approve
entrypoint as specified in FA1.2. It sort of prevents front running attack by prohibiting changing allowance from non-zero to non-zero. However, that's not a perfect solution for a couple of reasons:
- Sometimes it is convenient to change from non-zero to non-zero.
- If two transactions change allowance from
n
to 0 and then from 0 tom
, they will be accepted, but it can be dangerous if they get into the same block or adjacent blocks.
Sometimes one may want to have a safer version of approve
which requires passing the expected current allowance value. Since our managed ledger is a library for writing managed-ledger-alike contracts, it makes sense to add approveCAS
there to let others add it to their contracts if they want.
Acceptance criteria
ManagedLedger
contract has an additional approveCAS
entrypoint, its definition should be exported to be usable in other contracts. It should have an additional nat :expected
value which is compared against the current allowance. An error is thrown in case of mismatch. It should not prohibit non-zero to non-zero change.