Update ManagedLedger implementation
A couple of things can be improved in ManagedLedger's implementation:
- in
transfer
the case wherefrom == to
is considered a no-op. There is no good motivation for this and perhaps even contradicts theFA1.2
. Moreover, it increases the cost of the most common case (from ≠ to
). - approvals are stored as a
map
in theledger
big_map
, which can be arbitrarily large. Only the owner of an address can make itsledger
entry large (by callingapprove
many times). It's not a big problem inManagedLedger
(normally there is no incentive to break your own account), but it may break/spoil additional functionality inManagedLedger
-based contracts and it's just inefficient. Fortunately, since Carthagenet we can usepair
s as keys inbig_map
s, so we can store approvals in abig_map (pair address address) nat
. -
approve
prohibits a non-zero to non-zero allowance change, to prevent its attack vector, however this is not fully secure (for example when two transactions change an allowance to0
and then to a different value end up in the same block), nor is convenient. We can add anallowanceCAS
entrypoint that additionally takes the expected current allowance as a parameter and fails if it does not match the actual current value, but otherwise permits non-zero to non-zero changes.