Merge pull request #6 from OpenZeppelin/master

Merge

.travis.yml

@@ -0,0 +1,12 @@
+dist: trusty
+sudo: false
+group: beta
+language: node_js
+node_js:
+  - "6"
+before_install:
+  - npm i -g ethereumjs-testrpc
+  - npm i -g truffle
+script:
+  - testrpc&
+  - npm test

README.md

@@ -1,4 +1,7 @@
 # Zeppelin Solidity
+[![NPM Package](https://img.shields.io/npm/v/zeppelin-solidity.svg?style=flat-square)](https://www.npmjs.org/package/zeppelin-solidity)
+[![Build Status](https://img.shields.io/travis/OpenZeppelin/zeppelin-solidity.svg?branch=master&style=flat-square)](https://travis-ci.org/bitpay/bitcore-lib)
+
 Zeppelin is a library for writing secure Smart Contracts on Ethereum.
 
 With Zeppelin, you can build distributed applications, protocols and organizations:
@@ -7,9 +10,9 @@ With Zeppelin, you can build distributed applications, protocols and organizatio
 
 ## Getting Started
 
-Zeppelin integrates with [Truffle](https://github.com/ConsenSys/truffle), an Ethereum development environment. Please [install Truffle](https://github.com/ConsenSys/truffle#install) and initialize your project with `truffle init`.
+Zeppelin integrates with [Truffle](https://github.com/ConsenSys/truffle), an Ethereum development environment. Please install Truffle and initialize your project with `truffle init`.
 ```sh
-sudo npm install -g truffle
+npm install -g truffle
 mkdir myproject && cd myproject
 truffle init
 ```
@@ -31,74 +34,6 @@ contract MyContract is Ownable {
 
 > NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome.
 
-## Add your own bounty contract
-
-To create a bounty for your contract, inherit from the base Bounty contract and provide an implementation for `deployContract()` returning the new contract address.
-
-```
-import "./zeppelin/Bounty.sol";
-import "./YourContract.sol";
-
-contract YourBounty is Bounty {
-  function deployContract() internal returns(address) {
-    return new YourContract()
-  }
-}
-```
-
-### Implement invariant logic into your smart contract
-
-At contracts/YourContract.sol
-
-```
-contract YourContract {
-  function checkInvariant() returns(bool) {
-    // Implement your logic to make sure that none of the state is broken.
-  }
-}
-```
-
-### Deploy your bounty contract as usual
-
-At `migrations/2_deploy_contracts.js`
-
-```
-module.exports = function(deployer) {
-  deployer.deploy(YourContract);
-  deployer.deploy(YourBounty);
-};
-```
-
-### Add a reward to the bounty contract
-
-After deploying the contract, send rewards money into the bounty contract.
-
-From `truffle console`
-
-```
-address = 'your account address'
-reward = 'reward to pay to a researcher'
-
-web3.eth.sendTransaction({
-  from:address,
-  to:bounty.address,
-  value: web3.toWei(reward, "ether")
-}
-
-```
-
-### Researchers hack the contract and claim their reward.
-
-For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
-
-### Ends the contract
-
-If you manage to protect your contract from security researchers and wants to end the bounty, kill the contract so that all the rewards go back to the owner of the bounty contract.
-
-```
-bounty.kill()
-```
-
 #### Truffle Beta Support
 We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so:
 
@@ -112,38 +47,12 @@ contract MyContract is Ownable {
 
 For more info see [the Truffle Beta package management tutorial](http://truffleframework.com/tutorials/package-management).
 
+
 ## Security
 Zeppelin is meant to provide secure, tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problem you might experience.
 
 If you find a security issue, please email [security@openzeppelin.org](mailto:security@openzeppelin.org).
 
-## Developer Resources
-
-Building a distributed application, protocol or organization with Zeppelin?
-
-- Ask for help and follow progress at: https://zeppelin-slackin.herokuapp.com/
-
-Interested in contributing to Zeppelin?
-
-- Framework proposal and roadmap: https://medium.com/zeppelin-blog/zeppelin-framework-proposal-and-development-roadmap-fdfa9a3a32ab#.iain47pak
-- Issue tracker: https://github.com/OpenZeppelin/zeppelin-solidity/issues
-- Contribution guidelines: https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/CONTRIBUTING.md
-
-## Collaborating organizations and audits by Zeppelin
-- [Golem](https://golem.network/)
-- [Mediachain](https://golem.network/)
-- [Truffle](http://truffleframework.com/)
-- [Firstblood](http://firstblood.io/)
-- [Rootstock](http://www.rsk.co/)
-- [Consensys](https://consensys.net/)
-- [DigixGlobal](https://www.dgx.io/)
-- [Coinfund](https://coinfund.io/)
-- [DemocracyEarth](http://democracy.earth/)
-- [Signatura](https://signatura.co/)
-- [Ether.camp](http://www.ether.camp/)
-
-among others...
-
 ## Contracts
 
 ### Ownable
@@ -250,10 +159,9 @@ ___
 ### StandardToken
 Based on code by FirstBlood: [FirstBloodToken.sol]
 
-Inherits from contract SafeMath. Implementation of abstract contract ERC20 (see [https://github.com/ethereum/EIPs/issues/20])
+Inherits from contract SafeMath. Implementation of abstract contract ERC20 (see https://github.com/ethereum/EIPs/issues/20)
 
 [FirstBloodToken.sol]: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
-[https://github.com/ethereum/EIPs/issues/20]: see https://github.com/ethereum/EIPs/issues/20
 
 #### approve(address _spender, uint _value) returns (bool success)
 Sets the amount of the sender's token balance that the passed address is approved to use.
@@ -292,5 +200,104 @@ Creates tokens based on message value and credits to the recipient.
 #### getPrice() constant returns (uint result)
 Returns the amount of tokens per 1 ether.
 
+
+___
+### Bounty
+To create a bounty for your contract, inherit from the base `Bounty` contract and provide an implementation for `deployContract()` returning the new contract address.
+
+```
+import {Bounty, Target} from "./zeppelin/Bounty.sol";
+import "./YourContract.sol";
+
+contract YourBounty is Bounty {
+  function deployContract() internal returns(address) {
+    return new YourContract()
+  }
+}
+```
+
+Next, implement invariant logic into your smart contract.
+Your main contract should inherit from the Target class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
+
+At contracts/YourContract.sol
+
+```
+import {Bounty, Target} from "./zeppelin/Bounty.sol";
+contract YourContract is Target {
+  function checkInvariant() returns(bool) {
+    // Implement your logic to make sure that none of the invariants are broken.
+  }
+}
+```
+
+Next, deploy your bounty contract along with your main contract to the network.
+
+At `migrations/2_deploy_contracts.js`
+
+```
+module.exports = function(deployer) {
+  deployer.deploy(YourContract);
+  deployer.deploy(YourBounty);
+};
+```
+
+Next, add a reward to the bounty contract
+
+After deploying the contract, send reward funds into the bounty contract.
+
+From `truffle console`
+
+```
+bounty = YourBounty.deployed();
+address = 0xb9f68f96cde3b895cc9f6b14b856081b41cb96f1; // your account address
+reward = 5; // reward to pay to a researcher who breaks your contract
+
+web3.eth.sendTransaction({
+  from: address,
+  to: bounty.address,
+  value: web3.toWei(reward, "ether")
+})
+
+```
+
+If researchers break the contract, they can claim their reward.
+
+For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
+
+Finally, if you manage to protect your contract from security researchers, you can reclaim the bounty funds. To end the bounty, kill the contract so that all the rewards go back to the owner.
+
+```
+bounty.kill();
+```
+
+
+## More Developer Resources
+
+Building a distributed application, protocol or organization with Zeppelin?
+
+- Ask for help and follow progress at: https://zeppelin-slackin.herokuapp.com/
+
+Interested in contributing to Zeppelin?
+
+- Framework proposal and roadmap: https://medium.com/zeppelin-blog/zeppelin-framework-proposal-and-development-roadmap-fdfa9a3a32ab#.iain47pak
+- Issue tracker: https://github.com/OpenZeppelin/zeppelin-solidity/issues
+- Contribution guidelines: https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/CONTRIBUTING.md
+
+## Collaborating organizations and audits by Zeppelin
+- [Golem](https://golem.network/)
+- [Mediachain](https://golem.network/)
+- [Truffle](http://truffleframework.com/)
+- [Firstblood](http://firstblood.io/)
+- [Rootstock](http://www.rsk.co/)
+- [Consensys](https://consensys.net/)
+- [DigixGlobal](https://www.dgx.io/)
+- [Coinfund](https://coinfund.io/)
+- [DemocracyEarth](http://democracy.earth/)
+- [Signatura](https://signatura.co/)
+- [Ether.camp](http://www.ether.camp/)
+
+among others...
+
+
 ## License
 Code released under the [MIT License](https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/LICENSE).

contracts/Bounty.sol

@@ -1,17 +1,15 @@
 pragma solidity ^0.4.4;
+
+
 import './PullPayment.sol';
 import './Killable.sol';
 
+
 /*
  * Bounty
- * This bounty will pay out to a researcher if he/she breaks invariant logic of
- * the contract you bet reward against.
+ * 
+ * This bounty will pay out to a researcher if they break invariant logic of the contract.
  */
-
-contract Target {
-  function checkInvariant() returns(bool);
-}
-
 contract Bounty is PullPayment, Killable {
   Target target;
   bool public claimed;
@@ -48,3 +46,13 @@ contract Bounty is PullPayment, Killable {
   }
 
 }
+
+/*
+ * Target
+ * 
+ * Your main contract should inherit from this class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
+ */
+contract Target {
+  function checkInvariant() returns(bool);
+}
+

contracts/Claimable.sol

@@ -1,11 +1,15 @@
 pragma solidity ^0.4.0;
+
+
+
 import './Ownable.sol';
 
+
 /*
  * Claimable
- * Extension for the Ownable contract, where the ownership needs to be claimed
+ * 
+ * Extension for the Ownable contract, where the ownership needs to be claimed. This allows the new owner to accept the transfer. 
  */
-
 contract Claimable is Ownable {
   address public pendingOwner;
 

contracts/Killable.sol

@@ -1,9 +1,12 @@
 pragma solidity ^0.4.4;
+
+
 import "./Ownable.sol";
 
+
 /*
  * Killable
- * Base contract that can be killed by owner
+ * Base contract that can be killed by owner. All funds in contract will be sent to the owner.
  */
 contract Killable is Ownable {
   function kill() onlyOwner {

contracts/Ownable.sol

@@ -1,8 +1,11 @@
 pragma solidity ^0.4.4;
 
+
 /*
  * Ownable
- * Base contract with an owner
+ *
+ * Base contract with an owner.
+ * Provides onlyOwner modifier, which prevents function from running if it is called by anyone other than the owner.
  */
 contract Ownable {
   address public owner;

contracts/PullPayment.sol

@@ -1,4 +1,6 @@
 pragma solidity ^0.4.4;
+
+
 /*
  * PullPayment
  * Base contract supporting async send for pull payments.

contracts/SafeMath.sol

@@ -1,5 +1,6 @@
 pragma solidity ^0.4.4;
 
+
 /**
  * Math operations with safety checks
  */

contracts/Stoppable.sol

@@ -1,6 +1,9 @@
 pragma solidity ^0.4.4;
 
+
 import "./Ownable.sol";
+
+
 /*
  * Stoppable
  * Abstract contract that allows children to implement an
@@ -12,10 +15,12 @@ contract Stoppable is Ownable {
   modifier stopInEmergency { if (!stopped) _; }
   modifier onlyInEmergency { if (stopped) _; }
 
+  // called by the owner on emergency, triggers stopped state
   function emergencyStop() external onlyOwner {
     stopped = true;
   }
 
+  // called by the owner on end of emergency, returns to normal state
   function release() external onlyOwner onlyInEmergency {
     stopped = false;
   }

contracts/test-helpers/InsecureTargetBounty.sol

@@ -1,8 +1,10 @@
 pragma solidity ^0.4.4;
 
-import "../Bounty.sol";
 
-contract InsecureTargetMock {
+import {Bounty, Target} from "../Bounty.sol";
+
+
+contract InsecureTargetMock is Target {
   function checkInvariant() returns(bool){
     return false;
   }

contracts/test-helpers/SecureTargetBounty.sol

@@ -1,9 +1,11 @@
 pragma solidity ^0.4.4;
 
-import "../Bounty.sol";
 
-contract SecureTargetMock {
-  function checkInvariant() returns(bool){
+import {Bounty, Target} from "../Bounty.sol";
+
+
+contract SecureTargetMock is Target {
+  function checkInvariant() returns(bool) {
     return true;
   }
 }

contracts/token/BasicToken.sol

@@ -1,9 +1,11 @@
 pragma solidity ^0.4.4;
 
+
 import './ERC20Basic.sol';
 import '../SafeMath.sol';
 
-/**
+
+/*
  * Basic token
  * Basic version of StandardToken, with no allowances
  */

contracts/token/CrowdsaleToken.sol

@@ -1,8 +1,12 @@
 pragma solidity ^0.4.4;
 
+
 import "./StandardToken.sol";
 
+
 /*
+ * CrowdsaleToken
+ *
  * Simple ERC20 Token example, with crowdsale token creation
  */
 contract CrowdsaleToken is StandardToken {

contracts/token/ERC20.sol

@@ -1,8 +1,10 @@
 pragma solidity ^0.4.4;
 
 
-// see https://github.com/ethereum/EIPs/issues/20
-
+/*
+ * ERC20 interface
+ * see https://github.com/ethereum/EIPs/issues/20
+ */
 contract ERC20 {
   uint public totalSupply;
   function balanceOf(address who) constant returns (uint);

contracts/token/ERC20Basic.sol

@@ -1,6 +1,11 @@
 pragma solidity ^0.4.4;
 
 
+/*
+ * ERC20Basic
+ * Simpler version of ERC20 interface
+ * see https://github.com/ethereum/EIPs/issues/20
+ */
 contract ERC20Basic {
   uint public totalSupply;
   function balanceOf(address who) constant returns (uint);

contracts/token/SimpleToken.sol

@@ -1,8 +1,12 @@
 pragma solidity ^0.4.4;
 
+
 import "./StandardToken.sol";
 
+
 /*
+ * SimpleToken
+ *
  * Very simple ERC20 Token example, where all tokens are pre-assigned
  * to the creator. Note they can later distribute these tokens
  * as they wish using `transfer` and other `StandardToken` functions.

contracts/token/StandardToken.sol

@@ -16,9 +16,6 @@ contract StandardToken is ERC20, SafeMath {
   mapping (address => mapping (address => uint)) allowed;
 
   function transfer(address _to, uint _value) returns (bool success) {
-    if (balances[msg.sender] < _value) {
-      throw;
-    } 
     balances[msg.sender] = safeSub(balances[msg.sender], _value);
     balances[_to] = safeAdd(balances[_to], _value);
     Transfer(msg.sender, _to, _value);
@@ -27,11 +24,7 @@ contract StandardToken is ERC20, SafeMath {
 
   function transferFrom(address _from, address _to, uint _value) returns (bool success) {
     var _allowance = allowed[_from][msg.sender];
-    if (balances[_from] < _value ||
-        _allowance < _value) {
-      throw;
-    }
-
+    
     balances[_to] = safeAdd(balances[_to], _value);
     balances[_from] = safeSub(balances[_from], _value);
     allowed[_from][msg.sender] = safeSub(_allowance, _value);

package.json

@@ -3,7 +3,10 @@
   "version": "0.0.11",
   "description": "Secure Smart Contract library for Solidity",
   "main": "truffle.js",
-  "devDependencies": {},
+  "devDependencies": {
+    "ethereumjs-testrpc": "^3.0.2",
+    "truffle": "^2.1.1"
+  },
   "scripts": {
     "test": "truffle test",
     "install": "scripts/install.sh"

test/Killable.js

@@ -0,0 +1,69 @@
+
+contract('Killable', function(accounts) {
+  //from https://gist.github.com/xavierlepretre/88682e871f4ad07be4534ae560692ee6
+  web3.eth.getTransactionReceiptMined = function (txnHash, interval) {
+    var transactionReceiptAsync;
+    interval = interval ? interval : 500;
+    transactionReceiptAsync = function(txnHash, resolve, reject) {
+        try {
+            var receipt = web3.eth.getTransactionReceipt(txnHash);
+            if (receipt == null) {
+                setTimeout(function () {
+                    transactionReceiptAsync(txnHash, resolve, reject);
+                }, interval);
+            } else {
+                resolve(receipt);
+            }
+        } catch(e) {
+            reject(e);
+        }
+    };
+
+    if (Array.isArray(txnHash)) {
+        var promises = [];
+        txnHash.forEach(function (oneTxHash) {
+            promises.push(web3.eth.getTransactionReceiptMined(oneTxHash, interval));
+        });
+        return Promise.all(promises);
+    } else {
+        return new Promise(function (resolve, reject) {
+                transactionReceiptAsync(txnHash, resolve, reject);
+            });
+    }
+};
+
+  it("should send balance to owner after death", function(done) {
+    var initBalance, newBalance, owner, address, killable, kBalance;
+    web3.eth.sendTransaction({from: web3.eth.coinbase, to: accounts[0], value: web3.toWei('50','ether')}, function(err, result) {
+      if(err)
+        console.log("ERROR:" + err);
+      else {
+        console.log(result);
+      }
+    })
+    return Killable.new({from: accounts[0], value: web3.toWei('10','ether')})
+      .then(function(_killable) {
+        killable = _killable;
+        return killable.owner();
+      })
+      .then(function(_owner) {
+        owner = _owner;
+        initBalance = web3.eth.getBalance(owner);
+        kBalance = web3.eth.getBalance(killable.address);
+      })
+      .then(function() {
+        return killable.kill({from: owner});
+      })
+      .then(function (txnHash) {
+        return web3.eth.getTransactionReceiptMined(txnHash);
+      })
+      .then(function() {
+        newBalance = web3.eth.getBalance(owner);
+      })
+      .then(function() {
+        assert.isTrue(newBalance > initBalance);
+      })
+      .then(done);
+  });
+
+});

test/TestOwnable.sol

@@ -1,25 +0,0 @@
-pragma solidity ^0.4.4;
-import "truffle/Assert.sol";
-import "truffle/DeployedAddresses.sol";
-import "../contracts/Ownable.sol";
-
-contract TestOwnable {
-  Ownable ownable = new Ownable();
-
-  function testHasOwner() {
-    Assert.isNotZero(ownable.owner(), "Ownable should have an owner upon creation.");
-  }
-
-  function testChangesOwner() {
-    address originalOwner = ownable.owner();
-    ownable.transfer(0x0);
-    Assert.notEqual(originalOwner, ownable.owner(), "Ownable should change owners after transfer.");
-  }
-
-  function testOnlyOwnerCanChangeOwner() {
-    Ownable deployedOwnable = Ownable(DeployedAddresses.Ownable());
-    address originalOwner = deployedOwnable.owner();
-    deployedOwnable.transfer(0x0);
-    Assert.equal(originalOwner, deployedOwnable.owner(), "Ownable should prevent non-owners from transfering");
-  }
-}