Merge branch 'audit-fixes' into fix-plcr

contracts/ModuleRegistry.sol

@@ -325,7 +325,7 @@ contract ModuleRegistry is IModuleRegistry, EternalStorage {
      * @notice Returns the verified status, and reputation of the entered Module Factory
      * @param _factoryAddress is the address of the module factory
      * @return bool indicating whether module factory is verified
-     * @return address of factory owner
+     * @return address of the factory owner
      * @return address array which contains the list of securityTokens that use that module factory
      */
     function getFactoryDetails(address _factoryAddress) external view returns(bool, address, address[] memory) {

contracts/interfaces/IModuleRegistry.sol

@@ -74,7 +74,7 @@ interface IModuleRegistry {
      * @notice Returns the verified status, and reputation of the entered Module Factory
      * @param _factoryAddress is the address of the module factory
      * @return bool indicating whether module factory is verified
-     * @return address of factory owner
+     * @return address of the factory owner
      * @return address array which contains the list of securityTokens that use that module factory
      */
     function getFactoryDetails(address _factoryAddress) external view returns(bool isVerified, address factoryOwner, address[] memory usingTokens);

contracts/libraries/TokenLib.sol

@@ -6,8 +6,10 @@ import "../modules/UpgradableModuleFactory.sol";
 import "../interfaces/IDataStore.sol";
 import "../tokens/SecurityTokenStorage.sol";
 import "../interfaces/ITransferManager.sol";
+import "../modules/UpgradableModuleFactory.sol";
 import "openzeppelin-solidity/contracts/math/SafeMath.sol";
 import "../modules/PermissionManager/IPermissionManager.sol";
+import "openzeppelin-solidity/contracts/token/ERC20/IERC20.sol";
 
 library TokenLib {
 
@@ -138,11 +140,11 @@ library TokenLib {
     * @notice Unarchives a module attached to the SecurityToken
     * @param _moduleData Storage data
     */
-    function unarchiveModule(address _moduleRegistry, SecurityTokenStorage.ModuleData storage _moduleData) external {
+    function unarchiveModule(IModuleRegistry _moduleRegistry, SecurityTokenStorage.ModuleData storage _moduleData) external {
         require(_moduleData.isArchived, "Module unarchived");
         /*solium-disable-next-line security/no-block-members*/
         // Check the version is still valid - can only be false if token was upgraded between unarchive / archive
-        IModuleRegistry(_moduleRegistry).useModule(_moduleData.moduleFactory, true);
+        _moduleRegistry.useModule(_moduleData.moduleFactory, true);
         emit ModuleUnarchived(_moduleData.moduleTypes, _moduleData.module);
         _moduleData.isArchived = false;
     }
@@ -151,10 +153,10 @@ library TokenLib {
     * @notice Upgrades a module attached to the SecurityToken
     * @param _moduleData Storage data
     */
-    function upgradeModule(address _moduleRegistry, SecurityTokenStorage.ModuleData storage _moduleData) external {
+    function upgradeModule(IModuleRegistry _moduleRegistry, SecurityTokenStorage.ModuleData storage _moduleData) external {
         require(_moduleData.module != address(0), "Module missing");
         //Check module is verified and within version bounds
-        IModuleRegistry(_moduleRegistry).useModule(_moduleData.moduleFactory, true);
+        _moduleRegistry.useModule(_moduleData.moduleFactory, true);
         // Will revert if module isn't upgradable
         UpgradableModuleFactory(_moduleData.moduleFactory).upgrade(_moduleData.module);
         emit ModuleUpgraded(_moduleData.moduleTypes, _moduleData.module);
@@ -231,19 +233,19 @@ library TokenLib {
         address _module,
         uint256 _change,
         bool _increase,
-        address _polyToken,
+        IERC20 _polyToken,
         mapping(address => SecurityTokenStorage.ModuleData) storage _modulesToData
     )
         external
     {
         require(_modulesToData[_module].module != address(0), "Module missing");
-        uint256 currentAllowance = IPoly(_polyToken).allowance(address(this), _module);
+        uint256 currentAllowance = _polyToken.allowance(address(this), _module);
         uint256 newAllowance;
         if (_increase) {
-            require(IPoly(_polyToken).increaseApproval(_module, _change), "IncreaseApproval fail");
+            require(IPoly(address(_polyToken)).increaseApproval(_module, _change), "IncreaseApproval fail");
             newAllowance = currentAllowance.add(_change);
         } else {
-            require(IPoly(_polyToken).decreaseApproval(_module, _change), "Insufficient allowance");
+            require(IPoly(address(_polyToken)).decreaseApproval(_module, _change), "Insufficient allowance");
             newAllowance = currentAllowance.sub(_change);
         }
         emit ModuleBudgetChanged(_modulesToData[_module].moduleTypes, _module, currentAllowance, newAllowance);
@@ -325,7 +327,7 @@ library TokenLib {
         uint256 _value,
         uint256 _balanceTo,
         uint256 _balanceFrom,
-        address _dataStore
+        IDataStore _dataStore
     )
         external
         returns(uint256)
@@ -337,11 +339,10 @@ library TokenLib {
         // Check whether receiver is a new token holder
         if ((_balanceTo == 0) && (_to != address(0))) {
             holderCount = holderCount.add(1);
-            IDataStore dataStore = IDataStore(_dataStore);
-            if (!_isExistingInvestor(_to, dataStore)) {
-                dataStore.insertAddress(INVESTORSKEY, _to);
+            if (!_isExistingInvestor(_to, _dataStore)) {
+                _dataStore.insertAddress(INVESTORSKEY, _to);
                 //KYC data can not be present if added is false and hence we can set packed KYC as uint256(1) to set added as true
-                dataStore.setUint256(_getKey(WHITELIST, _to), uint256(1));
+                _dataStore.setUint256(_getKey(WHITELIST, _to), uint256(1));
             }
         }
         // Check whether sender is moving all of their tokens

contracts/mocks/Dummy/DummySTO.sol

@@ -49,7 +49,7 @@ contract DummySTO is DummySTOStorage, STO {
         require(!paused, "Should not be paused");
         require(_amount > 0, "Amount should be greater than 0");
         require(_canBuy(_investor), "Unauthorized");
-        ISecurityToken(securityToken).issue(_investor, _amount, "");
+        securityToken.issue(_investor, _amount, "");
         if (investors[_investor] == 0) {
             investorCount = investorCount + 1;
         }

contracts/mocks/Dummy/DummySTOFactory.sol

@@ -41,7 +41,7 @@ contract DummySTOFactory is UpgradableModuleFactory {
      * @return address Contract address of the Module
      */
     function deploy(bytes calldata _data) external returns(address) {
-        address dummySTO = address(new DummySTOProxy(logicContracts[latestUpgrade].version, msg.sender, IPolymathRegistry(polymathRegistry).getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
+        address dummySTO = address(new DummySTOProxy(logicContracts[latestUpgrade].version, msg.sender, polymathRegistry.getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
         _initializeModule(dummySTO, _data);
         return dummySTO;
     }

contracts/mocks/MockBurnFactory.sol

@@ -35,7 +35,7 @@ contract MockBurnFactory is TrackedRedemptionFactory {
         external
         returns(address)
     {
-        address mockRedemptionManager = address(new MockRedemptionManager(msg.sender, IPolymathRegistry(polymathRegistry).getAddress("PolyToken")));
+        address mockRedemptionManager = address(new MockRedemptionManager(msg.sender, polymathRegistry.getAddress("PolyToken")));
         _initializeModule(mockRedemptionManager, _data);
         return mockRedemptionManager;
     }

contracts/mocks/MockRedemptionManager.sol

@@ -25,7 +25,7 @@ contract MockRedemptionManager is TrackedRedemption {
      * @param _value The number of tokens to redeem
      */
     function transferToRedeem(uint256 _value) public {
-        require(ISecurityToken(securityToken).transferFrom(msg.sender, address(this), _value), "Insufficient funds");
+        require(securityToken.transferFrom(msg.sender, address(this), _value), "Insufficient funds");
         tokenToRedeem[msg.sender] = _value;
     }
 
@@ -37,7 +37,7 @@ contract MockRedemptionManager is TrackedRedemption {
         require(tokenToRedeem[msg.sender] >= _value, "Insufficient tokens redeemable");
         tokenToRedeem[msg.sender] = tokenToRedeem[msg.sender].sub(_value);
         redeemedTokens[msg.sender] = redeemedTokens[msg.sender].add(_value);
-        ISecurityToken(securityToken).redeem(_value, "");
+        securityToken.redeem(_value, "");
         /*solium-disable-next-line security/no-block-members*/
         emit RedeemedTokenByOwner(msg.sender, address(this), _value);
     }
@@ -52,7 +52,7 @@ contract MockRedemptionManager is TrackedRedemption {
         require(tokenToRedeem[msg.sender] >= _value, "Insufficient tokens redeemable");
         tokenToRedeem[msg.sender] = tokenToRedeem[msg.sender].sub(_value);
         redeemedTokensByPartition[msg.sender][_partition] = redeemedTokensByPartition[msg.sender][_partition].add(_value);
-        ISecurityToken(securityToken).redeemByPartition(_partition, _value, _data);
+        securityToken.redeemByPartition(_partition, _value, _data);
         /*solium-disable-next-line security/no-block-members*/
         emit RedeemedTokensByPartition(msg.sender, address(0), _partition, _value, _data, "");
     }
@@ -68,13 +68,13 @@ contract MockRedemptionManager is TrackedRedemption {
         require(tokenToRedeem[msg.sender] >= _value, "Insufficient tokens redeemable");
         tokenToRedeem[msg.sender] = tokenToRedeem[msg.sender].sub(_value);
         redeemedTokensByPartition[msg.sender][_partition] = redeemedTokensByPartition[msg.sender][_partition].add(_value);
-        ISecurityToken(securityToken).operatorRedeemByPartition(_partition, msg.sender, _value, _data, _operatorData);
+        securityToken.operatorRedeemByPartition(_partition, msg.sender, _value, _data, _operatorData);
         /*solium-disable-next-line security/no-block-members*/
         emit RedeemedTokensByPartition(msg.sender, address(this), _partition, _value, _data, _operatorData);
     }
 
     function operatorTransferToRedeem(uint256 _value, bytes32 _partition, bytes calldata _data, bytes calldata _operatorData) external {
-        ISecurityToken(securityToken).operatorTransferByPartition(_partition, msg.sender, address(this), _value, _data, _operatorData);
+        securityToken.operatorTransferByPartition(_partition, msg.sender, address(this), _value, _data, _operatorData);
         tokenToRedeem[msg.sender] = _value;
     }
 

contracts/modules/Checkpoint/Dividend/DividendCheckpoint.sol

@@ -94,7 +94,7 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
      * @return Checkpoint ID
      */
     function createCheckpoint() public withPerm(OPERATOR) returns(uint256) {
-        return ISecurityToken(securityToken).createCheckpoint();
+        return securityToken.createCheckpoint();
     }
 
     /**
@@ -182,7 +182,7 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
         _validDividendIndex(_dividendIndex);
         Dividend storage dividend = dividends[_dividendIndex];
         uint256 checkpointId = dividend.checkpointId;
-        address[] memory investors = ISecurityToken(securityToken).getInvestorsSubsetAt(checkpointId, _start, _end);
+        address[] memory investors = securityToken.getInvestorsSubsetAt(checkpointId, _start, _end);
         // The investors list maybe smaller than _end - _start becuase it only contains addresses that had a positive balance
         // the _start and _end used here are for the address list stored in the dataStore
         for (uint256 i = 0; i < investors.length; i++) {
@@ -231,7 +231,7 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
         if (dividend.claimed[_payee] || dividend.dividendExcluded[_payee]) {
             return (0, 0);
         }
-        uint256 balance = ISecurityToken(securityToken).balanceOfAt(_payee, dividend.checkpointId);
+        uint256 balance = securityToken.balanceOfAt(_payee, dividend.checkpointId);
         uint256 claim = balance.mul(dividend.amount).div(dividend.totalSupply);
         uint256 withheld = claim.mul(withholdingTax[_payee]).div(e18);
         return (claim, withheld);
@@ -362,7 +362,7 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
         //Get list of Investors
         Dividend storage dividend = dividends[_dividendIndex];
         uint256 checkpointId = dividend.checkpointId;
-        investors = ISecurityToken(securityToken).getInvestorsAt(checkpointId);
+        investors = securityToken.getInvestorsAt(checkpointId);
         resultClaimed = new bool[](investors.length);
         resultExcluded = new bool[](investors.length);
         resultWithheld = new uint256[](investors.length);
@@ -371,7 +371,7 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
         for (uint256 i; i < investors.length; i++) {
             resultClaimed[i] = dividend.claimed[investors[i]];
             resultExcluded[i] = dividend.dividendExcluded[investors[i]];
-            resultBalance[i] = ISecurityToken(securityToken).balanceOfAt(investors[i], dividend.checkpointId);
+            resultBalance[i] = securityToken.balanceOfAt(investors[i], dividend.checkpointId);
             if (!resultExcluded[i]) {
                 if (resultClaimed[i]) {
                     resultWithheld[i] = dividend.withheld[investors[i]];
@@ -393,12 +393,12 @@ contract DividendCheckpoint is DividendCheckpointStorage, ICheckpoint, Module {
      * @return uint256[] investor withheld percentages
      */
     function getCheckpointData(uint256 _checkpointId) external view returns (address[] memory investors, uint256[] memory balances, uint256[] memory withholdings) {
-        require(_checkpointId <= ISecurityToken(securityToken).currentCheckpointId(), "Invalid checkpoint");
-        investors = ISecurityToken(securityToken).getInvestorsAt(_checkpointId);
+        require(_checkpointId <= securityToken.currentCheckpointId(), "Invalid checkpoint");
+        investors = securityToken.getInvestorsAt(_checkpointId);
         balances = new uint256[](investors.length);
         withholdings = new uint256[](investors.length);
         for (uint256 i; i < investors.length; i++) {
-            balances[i] = ISecurityToken(securityToken).balanceOfAt(investors[i], _checkpointId);
+            balances[i] = securityToken.balanceOfAt(investors[i], _checkpointId);
             withholdings[i] = withholdingTax[investors[i]];
         }
     }

contracts/modules/Checkpoint/Dividend/ERC20/ERC20DividendCheckpoint.sol

@@ -103,7 +103,7 @@ contract ERC20DividendCheckpoint is ERC20DividendCheckpointStorage, DividendChec
         public
         withPerm(ADMIN)
     {
-        uint256 checkpointId = ISecurityToken(securityToken).createCheckpoint();
+        uint256 checkpointId = securityToken.createCheckpoint();
         _createDividendWithCheckpointAndExclusions(_maturity, _expiry, _token, _amount, checkpointId, _excluded, _name);
     }
 
@@ -153,18 +153,18 @@ contract ERC20DividendCheckpoint is ERC20DividendCheckpointStorage, DividendChec
     )
         internal
     {
-        ISecurityToken securityTokenInstance = ISecurityToken(securityToken);
         require(_excluded.length <= EXCLUDED_ADDRESS_LIMIT, "Too many addresses excluded");
         require(_expiry > _maturity, "Expiry before maturity");
         /*solium-disable-next-line security/no-block-members*/
         require(_expiry > now, "Expiry in past");
         require(_amount > 0, "No dividend sent");
         require(_token != address(0), "Invalid token");
-        require(_checkpointId <= securityTokenInstance.currentCheckpointId(), "Invalid checkpoint");
+        require(_checkpointId <= securityToken.currentCheckpointId(), "Invalid checkpoint");
         require(IERC20(_token).transferFrom(msg.sender, address(this), _amount), "insufficent allowance");
         require(_name != bytes32(0));
         uint256 dividendIndex = dividends.length;
-        uint256 currentSupply = securityTokenInstance.totalSupplyAt(_checkpointId);
+        uint256 currentSupply = securityToken.totalSupplyAt(_checkpointId);
+        require(currentSupply > 0, "Invalid supply");
         uint256 excludedSupply = 0;
         dividends.push(
             Dividend(
@@ -185,7 +185,7 @@ contract ERC20DividendCheckpoint is ERC20DividendCheckpointStorage, DividendChec
         for (uint256 j = 0; j < _excluded.length; j++) {
             require(_excluded[j] != address(0), "Invalid address");
             require(!dividends[dividendIndex].dividendExcluded[_excluded[j]], "duped exclude address");
-            excludedSupply = excludedSupply.add(securityTokenInstance.balanceOfAt(_excluded[j], _checkpointId));
+            excludedSupply = excludedSupply.add(securityToken.balanceOfAt(_excluded[j], _checkpointId));
             dividends[dividendIndex].dividendExcluded[_excluded[j]] = true;
         }
         require(currentSupply > excludedSupply, "Invalid supply");

contracts/modules/Checkpoint/Dividend/ERC20/ERC20DividendCheckpointFactory.sol

@@ -40,7 +40,7 @@ contract ERC20DividendCheckpointFactory is UpgradableModuleFactory {
      * @return Address Contract address of the Module
      */
     function deploy(bytes calldata _data) external returns(address) {
-        address erc20DividendCheckpoint = address(new ERC20DividendCheckpointProxy(logicContracts[latestUpgrade].version, msg.sender, IPolymathRegistry(polymathRegistry).getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
+        address erc20DividendCheckpoint = address(new ERC20DividendCheckpointProxy(logicContracts[latestUpgrade].version, msg.sender, polymathRegistry.getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
         _initializeModule(erc20DividendCheckpoint, _data);
         return erc20DividendCheckpoint;
     }

contracts/modules/Checkpoint/Dividend/Ether/EtherDividendCheckpoint.sol

@@ -79,7 +79,7 @@ contract EtherDividendCheckpoint is DividendCheckpoint {
         payable
         withPerm(ADMIN)
     {
-        uint256 checkpointId = ISecurityToken(securityToken).createCheckpoint();
+        uint256 checkpointId = securityToken.createCheckpoint();
         _createDividendWithCheckpointAndExclusions(_maturity, _expiry, checkpointId, _excluded, _name);
     }
 
@@ -127,10 +127,11 @@ contract EtherDividendCheckpoint is DividendCheckpoint {
         /*solium-disable-next-line security/no-block-members*/
         require(_expiry > now, "Expiry is in the past");
         require(msg.value > 0, "No dividend sent");
-        require(_checkpointId <= ISecurityToken(securityToken).currentCheckpointId());
+        require(_checkpointId <= securityToken.currentCheckpointId());
         require(_name[0] != bytes32(0));
         uint256 dividendIndex = dividends.length;
-        uint256 currentSupply = ISecurityToken(securityToken).totalSupplyAt(_checkpointId);
+        uint256 currentSupply = securityToken.totalSupplyAt(_checkpointId);
+        require(currentSupply > 0, "Invalid supply");
         uint256 excludedSupply = 0;
         dividends.push(
             Dividend(
@@ -151,7 +152,7 @@ contract EtherDividendCheckpoint is DividendCheckpoint {
         for (uint256 j = 0; j < _excluded.length; j++) {
             require(_excluded[j] != address(0), "Invalid address");
             require(!dividends[dividendIndex].dividendExcluded[_excluded[j]], "duped exclude address");
-            excludedSupply = excludedSupply.add(ISecurityToken(securityToken).balanceOfAt(_excluded[j], _checkpointId));
+            excludedSupply = excludedSupply.add(securityToken.balanceOfAt(_excluded[j], _checkpointId));
             dividends[dividendIndex].dividendExcluded[_excluded[j]] = true;
         }
         require(currentSupply > excludedSupply, "Invalid supply");

contracts/modules/Checkpoint/Dividend/Ether/EtherDividendCheckpointFactory.sol

@@ -40,7 +40,7 @@ contract EtherDividendCheckpointFactory is UpgradableModuleFactory {
      * @return address Contract address of the Module
      */
     function deploy(bytes calldata _data) external returns(address) {
-        address ethDividendCheckpoint = address(new EtherDividendCheckpointProxy(logicContracts[latestUpgrade].version, msg.sender, IPolymathRegistry(polymathRegistry).getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
+        address ethDividendCheckpoint = address(new EtherDividendCheckpointProxy(logicContracts[latestUpgrade].version, msg.sender, polymathRegistry.getAddress("PolyToken"), logicContracts[latestUpgrade].logicContract));
         _initializeModule(ethDividendCheckpoint, _data);
         return ethDividendCheckpoint;
     }