Add tests for ERC20 as per pdaian's suggestions #616
Description
On his audit for Tether, @pdaian identified some code paths in the ERC20 token contract which did not have explicit unit tests to exercise them.
Add a test case for each of the following:
- Testing the code path in approve that does not allow non-zero approval with an
existing non-zero allowance. Furthermore, the documentation does not sufficiently
warn contract implementers to use the "set to 0, check, then reset" pattern for more
than one approval operation. - transferFrom should also check for the ability to transfer more than balance when
allowance is correctly set. - Tests with zero values are generally missing, though manual inspection shows that
the class’s guarantees will not be violated with such values. Interestingly, the transferFrom
and transfer methods impose a payload size restriction representing such
a check, for which a test is missing. The allowance method does not feature this
modifier, allowing for the creation of transfer approvals that can never be executed.
This does not seem to be a substantial security risk in the contract. - Tests with zero-length (null) addresses are generally missing, though manual inspection
shows that the class’s guarantees will not be violated with such addresses.