Transpile dc57a7e

Author: github-actions[bot]

CHANGELOG.md

@@ -1,8 +1,10 @@
 # Changelog
 
-## 4.7.2
+## 4.7.2 (2022-07-27)
 
  * `LibArbitrumL2`, `CrossChainEnabledArbitrumL2`: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. ([#3578](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578))
+ * `GovernorVotesQuorumFraction`: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. ([#3561](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561))
+ * `ERC165Checker`: Added protection against large returndata. ([#3587](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587))
 
 ## 4.7.1 (2022-07-19)
 

contracts/crosschain/arbitrum/LibArbitrumL2Upgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/arbitrum/LibArbitrumL2.sol)
+// OpenZeppelin Contracts (last updated v4.7.2) (crosschain/arbitrum/LibArbitrumL2.sol)
 
 pragma solidity ^0.8.4;
 

contracts/governance/GovernorUpgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v4.7.0) (governance/Governor.sol)
+// OpenZeppelin Contracts (last updated v4.7.2) (governance/Governor.sol)
 
 pragma solidity ^0.8.0;
 

contracts/governance/IGovernorUpgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v4.7.0) (governance/IGovernor.sol)
+// OpenZeppelin Contracts (last updated v4.7.2) (governance/IGovernor.sol)
 
 pragma solidity ^0.8.0;
 

contracts/governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v4.5.0) (governance/extensions/GovernorVotesQuorumFraction.sol)
+// OpenZeppelin Contracts (last updated v4.7.2) (governance/extensions/GovernorVotesQuorumFraction.sol)
 
 pragma solidity ^0.8.0;
 

contracts/mocks/ERC165/ERC165ReturnBombUpgradeable.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "../../utils/introspection/IERC165Upgradeable.sol";
+import "../../proxy/utils/Initializable.sol";
+
+contract ERC165ReturnBombMockUpgradeable is Initializable, IERC165Upgradeable {
+    function __ERC165ReturnBombMock_init() internal onlyInitializing {
+    }
+
+    function __ERC165ReturnBombMock_init_unchained() internal onlyInitializing {
+    }
+    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
+        if (interfaceId == type(IERC165Upgradeable).interfaceId) {
+            assembly {
+                mstore(0, 1)
+            }
+        }
+        assembly {
+            return(0, 101500)
+        }
+    }
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     */
+    uint256[50] private __gap;
+}

contracts/mocks/WithInit.sol

@@ -341,6 +341,13 @@ contract ERC165CheckerMockUpgradeableWithInit is ERC165CheckerMockUpgradeable {
         __ERC165CheckerMock_init();
     }
 }
+import "./ERC165/ERC165ReturnBombUpgradeable.sol";
+
+contract ERC165ReturnBombMockUpgradeableWithInit is ERC165ReturnBombMockUpgradeable {
+    constructor() payable initializer {
+        __ERC165ReturnBombMock_init();
+    }
+}
 import "./ERC165/ERC165InterfacesSupportedUpgradeable.sol";
 
 contract SupportsInterfaceWithLookupMockUpgradeableWithInit is SupportsInterfaceWithLookupMockUpgradeable {

contracts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openzeppelin/contracts-upgradeable",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "4.7.1",
+  "version": "4.7.2",
   "files": [
     "**/*.sol",
     "/build/contracts/*.json",

contracts/utils/introspection/ERC165CheckerUpgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v4.7.1) (utils/introspection/ERC165Checker.sol)
+// OpenZeppelin Contracts (last updated v4.7.2) (utils/introspection/ERC165Checker.sol)
 
 pragma solidity ^0.8.0;
 
@@ -105,9 +105,19 @@ library ERC165CheckerUpgradeable {
      * Interface identification is specified in ERC-165.
      */
     function _supportsERC165Interface(address account, bytes4 interfaceId) private view returns (bool) {
+        // prepare call
         bytes memory encodedParams = abi.encodeWithSelector(IERC165Upgradeable.supportsInterface.selector, interfaceId);
-        (bool success, bytes memory result) = account.staticcall{gas: 30000}(encodedParams);
-        if (result.length < 32) return false;
-        return success && abi.decode(result, (uint256)) > 0;
+
+        // perform static call
+        bool success;
+        uint256 returnSize;
+        uint256 returnValue;
+        assembly {
+            success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20)
+            returnSize := returndatasize()
+            returnValue := mload(0x00)
+        }
+
+        return success && returnSize >= 0x20 && returnValue > 0;
     }
 }

package-lock.json

@@ -2,7 +2,7 @@
   "private": true,
   "name": "openzeppelin-solidity",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "4.7.1",
+  "version": "4.7.2",
   "files": [
     "/contracts/**/*.sol",
     "/build/contracts/*.json",

package.json

@@ -7,6 +7,7 @@ const ERC165MissingData = artifacts.require('ERC165MissingData');
 const ERC165MaliciousData = artifacts.require('ERC165MaliciousData');
 const ERC165NotSupported = artifacts.require('ERC165NotSupported');
 const ERC165InterfacesSupported = artifacts.require('ERC165InterfacesSupported');
+const ERC165ReturnBombMock = artifacts.require('ERC165ReturnBombMock');
 
 const DUMMY_ID = '0xdeadbeef';
 const DUMMY_ID_2 = '0xcafebabe';
@@ -243,4 +244,23 @@ contract('ERC165Checker', function (accounts) {
       expect(supported[0]).to.equal(false);
     });
   });
+
+  it('Return bomb resistance', async function () {
+    this.target = await ERC165ReturnBombMock.new();
+
+    const tx1 = await this.mock.supportsInterface.sendTransaction(this.target.address, DUMMY_ID);
+    expect(tx1.receipt.gasUsed).to.be.lessThan(120000); // 3*30k + 21k + some margin
+
+    const tx2 = await this.mock.getSupportedInterfaces.sendTransaction(
+      this.target.address,
+      [
+        DUMMY_ID,
+        DUMMY_ID_2,
+        DUMMY_ID_3,
+        DUMMY_UNSUPPORTED_ID,
+        DUMMY_UNSUPPORTED_ID_2,
+      ],
+    );
+    expect(tx2.receipt.gasUsed).to.be.lessThan(250000); // (2+5)*30k + 21k + some margin
+  });
 });