From 77eb77c6a43ad68e842a2af41a0bd23562ea6339 Mon Sep 17 00:00:00 2001
From: kasperpawlowski <25374117+kasperpawlowski@users.noreply.github.com>
Date: Thu, 21 Mar 2024 14:41:58 +0000
Subject: [PATCH 1/3] feat: allow the owner to burn the synth only if allowed
 or burning from the synth contract

---
 src/Synths/ESynth.sol | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Synths/ESynth.sol b/src/Synths/ESynth.sol
index cbf7502b..864c31c6 100644
--- a/src/Synths/ESynth.sol
+++ b/src/Synths/ESynth.sol
@@ -61,7 +61,8 @@ contract ESynth is ERC20Collateral, Ownable {
         address sender = _msgSender();
         MinterData storage minterCache = minters[sender];
 
-        if (account != sender && sender != owner()) {
+        // The allowance check should be performed if the spender is not the account with the exception of the owner burning from this contract.
+        if (account != sender && !(account == address(this) && sender == owner())) {
             _spendAllowance(account, sender, amount);
         }
 

From db5282f0f01425474767bcfdd8a9ea43755c8a06 Mon Sep 17 00:00:00 2001
From: kasperpawlowski <25374117+kasperpawlowski@users.noreply.github.com>
Date: Thu, 21 Mar 2024 15:06:27 +0000
Subject: [PATCH 2/3] fix: update synth test

---
 test/unit/esynth/ESynthGeneral.t.sol | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/test/unit/esynth/ESynthGeneral.t.sol b/test/unit/esynth/ESynthGeneral.t.sol
index 20af1c5c..01eac8ca 100644
--- a/test/unit/esynth/ESynthGeneral.t.sol
+++ b/test/unit/esynth/ESynthGeneral.t.sol
@@ -9,6 +9,8 @@ import {ESynth} from "src/Synths/ESynth.sol";
 contract ESynthGeneralTest is ESynthTest {
     uint128 constant MAX_ALLOWED = type(uint128).max;
 
+    error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
+
     function testFuzz_mintShouldIncreaseTotalSupplyAndBalance(uint128 amount) public {
         amount = uint128(bound(amount, 0, MAX_ALLOWED));
         uint256 balanceBefore = esynth.balanceOf(user1);
@@ -21,10 +23,14 @@ contract ESynthGeneralTest is ESynthTest {
     }
 
     function testFuzz_burnShouldDecreaseTotalSupplyAndBalance(uint128 initialAmount, uint128 burnAmount) public {
-        initialAmount = uint128(bound(initialAmount, 0, MAX_ALLOWED));
+        initialAmount = uint128(bound(initialAmount, 1, MAX_ALLOWED));
         esynth.setCapacity(address(this), MAX_ALLOWED);
         esynth.mint(user1, initialAmount);
-        burnAmount = uint128(bound(burnAmount, 0, initialAmount));
+        burnAmount = uint128(bound(burnAmount, 1, initialAmount));
+
+        vm.expectRevert(abi.encodeWithSelector(ERC20InsufficientAllowance.selector, user2, 0, burnAmount));
+        vm.prank(user2);
+        esynth.burn(user1, burnAmount);
 
         vm.prank(user1);
         esynth.approve(user2, burnAmount);
@@ -55,7 +61,7 @@ contract ESynthGeneralTest is ESynthTest {
     }
 
     // burn of amount more then minted shoud reset minterCache.minted to 0
-    function testFuzz_burnMoreThenMinted(uint128 amount) public {
+    function testFuzz_burnMoreThanMinted(uint128 amount) public {
         amount = uint128(bound(amount, 0, MAX_ALLOWED / 2));
         // one minter mints
         esynth.setCapacity(user2, amount); // we set the cap to less then
@@ -67,18 +73,26 @@ contract ESynthGeneralTest is ESynthTest {
         vm.prank(user1);
         esynth.mint(address(esynth), amount);
 
+        // the owner of the synth can always burn from synth
         esynth.burn(address(esynth), amount * 2);
 
         (, uint128 minted) = esynth.minters(address(this));
         assertEq(minted, 0);
     }
 
-    function testFuzz_burnFromOwner(uint128 amount) public {
-        amount = uint128(bound(amount, 0, MAX_ALLOWED));
+    function testFuzz_burnFromUser(uint128 amount) public {
+        amount = uint128(bound(amount, 1, MAX_ALLOWED));
         esynth.setCapacity(user1, MAX_ALLOWED);
         vm.prank(user1);
         esynth.mint(user1, amount);
+
+        vm.expectRevert(abi.encodeWithSelector(ERC20InsufficientAllowance.selector, address(this), 0, amount));
         esynth.burn(user1, amount);
+
+        vm.prank(user1);
+        esynth.approve(address(this), amount);
+        esynth.burn(user1, amount);
+
         assertEq(esynth.balanceOf(user1), 0);
     }
 

From afbac59901d3bcc0f1227073dba2d94cc346990a Mon Sep 17 00:00:00 2001
From: kasperpawlowski <25374117+kasperpawlowski@users.noreply.github.com>
Date: Thu, 21 Mar 2024 15:09:14 +0000
Subject: [PATCH 3/3] fix: typo

---
 test/unit/esynth/ESynthGeneral.t.sol | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/unit/esynth/ESynthGeneral.t.sol b/test/unit/esynth/ESynthGeneral.t.sol
index 01eac8ca..cbd19add 100644
--- a/test/unit/esynth/ESynthGeneral.t.sol
+++ b/test/unit/esynth/ESynthGeneral.t.sol
@@ -80,12 +80,13 @@ contract ESynthGeneralTest is ESynthTest {
         assertEq(minted, 0);
     }
 
-    function testFuzz_burnFromUser(uint128 amount) public {
+    function testFuzz_burnFromOwner(uint128 amount) public {
         amount = uint128(bound(amount, 1, MAX_ALLOWED));
         esynth.setCapacity(user1, MAX_ALLOWED);
         vm.prank(user1);
         esynth.mint(user1, amount);
 
+        // the owner of the synth can always burn from synth but cannot from other accounts without allowance
         vm.expectRevert(abi.encodeWithSelector(ERC20InsufficientAllowance.selector, address(this), 0, amount));
         esynth.burn(user1, amount);