token balance should not account for voting power, can use ERC20Votes.sol for better checkpoints implementations, ERC20Votes.sol extension keeps a history (checkpoints) of each account's vote power, the downside is that it
requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked, and to keep in mind is that voting is usually handled by governance contracts.
ps: also it save more gas, can vote without spending gas, because the delegatee is using voting on their behalf
ERC20Votes.sol source : https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC20Votes.sol
function _delegate uint256 _addrBalance = balanceOf(_addr);getVotes function doesn't check the availability of checkpoints. This means that vote powers can still remain transferable, even after member has delegated to another user and transferred tokens to other members
- Inherited ERC20Permit functionality allows for the delegation of voting power by signature.
https://blog.solidityscan.com/sell-token-hack-analysis-a4956648a25
https://neptunemutual.com/blog/understanding-sell-token-exploit/
https://hackmd.io/@onChainFund/BJAxnQLZq
https://learnblockchain.cn/article/6820
https://medium.com/@bunzzdev/erc20votes-smart-contract-module-in-bunzz-b045fdd75c4f
https://www.rareskills.io/post/erc20-votes-erc5805-and-erc6372
https://hackmd.io/@8rXWaRgcQu2FZPSSiiX8Yw/Hkd76nvNs