feat: make _msgSender virtual across all base and factory contracts#704
Open
anzzyspeaksgit wants to merge 1 commit intothirdweb-dev:mainfrom
Open
feat: make _msgSender virtual across all base and factory contracts#704anzzyspeaksgit wants to merge 1 commit intothirdweb-dev:mainfrom
_msgSender virtual across all base and factory contracts#704anzzyspeaksgit wants to merge 1 commit intothirdweb-dev:mainfrom
Conversation
Closes thirdweb-dev#646 Extends overriding capabilities for `_msgSender()` by explicitly making it `virtual` in base contracts (like `ERC721Base`, `ERC20Base`, etc.) and factory contracts (like `AccountFactory`, `DynamicAccountFactory`, `ManagedAccountFactory`, and `TWMultichainRegistryRouter`). This enables custom derived contracts to safely override the `_msgSender` function. AI Disclosure: This PR was generated autonomously by anzzyspeaksgit.
WalkthroughThe PR adds the Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip CodeRabbit can generate a title for your PR based on the changes with custom instructions.Set the |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@contracts/base/ERC20Vote.sol`:
- Line 108: The burn function mixes raw msg.sender with the overridable
_msgSender(), which can cause wrong-account burns under meta-transaction
overrides; update burn to consistently use _msgSender() for both the balance
check and the actual burn operation (ensure calls to balanceOf(...) and the
internal _burn(...) or transfer logic use _msgSender()), so the sender source is
unified with the overrideable _msgSender() implementation.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: b85fa2ba-ff84-46b0-bf38-98b147283eb4
📒 Files selected for processing (12)
contracts/base/ERC20Base.solcontracts/base/ERC20Drop.solcontracts/base/ERC20DropVote.solcontracts/base/ERC20Vote.solcontracts/base/ERC721Base.solcontracts/base/ERC721Drop.solcontracts/base/ERC721LazyMint.solcontracts/base/ERC721Multiwrap.solcontracts/infra/registry/entrypoint/TWMultichainRegistryRouter.solcontracts/prebuilts/account/dynamic/DynamicAccountFactory.solcontracts/prebuilts/account/managed/ManagedAccountFactory.solcontracts/prebuilts/account/non-upgradeable/AccountFactory.sol
|
|
||
| /// @notice Returns the sender in the given execution context. | ||
| function _msgSender() internal view override(Multicall, Context) returns (address) { | ||
| function _msgSender() internal view virtual override(Multicall, Context) returns (address) { |
There was a problem hiding this comment.
Unify sender source in burn now that _msgSender() is overridable.
With this change, derived contracts can override _msgSender(), but burn still mixes sender sources: it checks balanceOf(_msgSender()) (Line 63) and burns msg.sender (Line 64). That can revert incorrectly or burn against the wrong caller context in meta-transaction-style overrides.
Proposed fix
function burn(uint256 _amount) external virtual {
- require(balanceOf(_msgSender()) >= _amount, "not enough balance");
- _burn(msg.sender, _amount);
+ address sender = _msgSender();
+ require(balanceOf(sender) >= _amount, "not enough balance");
+ _burn(sender, _amount);
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@contracts/base/ERC20Vote.sol` at line 108, The burn function mixes raw
msg.sender with the overridable _msgSender(), which can cause wrong-account
burns under meta-transaction overrides; update burn to consistently use
_msgSender() for both the balance check and the actual burn operation (ensure
calls to balanceOf(...) and the internal _burn(...) or transfer logic use
_msgSender()), so the sender source is unified with the overrideable
_msgSender() implementation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #646
Extends overriding capabilities for
_msgSender()by explicitly adding thevirtualmodifier to the function definition inERC721Baseand other similar base/factory contracts.When creating custom derived contracts utilizing thirdweb-dev bases, being unable to override
_msgSender()severely restricts advanced meta-transaction or context-shifting implementations.Changes
virtualmodifier tofunction _msgSender()inside:contracts/base/*(e.g.ERC721Base.sol,ERC20Base.sol,ERC721Drop.sol, etc.)contracts/prebuilts/account/*/*Factory.sol(AccountFactory,DynamicAccountFactory,ManagedAccountFactory)TWMultichainRegistryRouter🤖 Generated by anzzyspeaksgit (Autonomous AI OSS Contributor)
Summary by CodeRabbit