Fix security issue of extractStuckERC20

[gorbunovperm]

No description provided.

[gorbunovperm]

This is a fix based on a vulnerability found by @u59149403 :

Okay, now I found actual bug. Let's assume that 0x01000B5fE61411C466b70631d7fF070187179Bbf address owner (presumably this is you) will call TokenStandardConverter.extractStuckERC20 with original ERC-223 token (for which ERC-20 wrapper exists) as an argument. Then you will be able to withdraw all amount of this token.

It is described here ethereum#658 (comment)

[gorbunovperm]

The following is a description of the fix logic.

The converter contract can be deposited with tokens such as:

1. ERC-20. Purposely, through wrapERC20toERC223 function, the incoming number of tokens will be taken into account: erc20Supply[_ERC20token] += _amount.

2. ERC-20. Accidentally, then it will be possible to save tokens through extractStuckERC20. Even if there were purposely deposits before, thanks to erc20Supply[_ERC20token], only accidentally deposited tokens will be extracted.

3. ERC-223 original. Purposely or accidentally, in any case, the tokens will be processed by tokenReceived. An erc20 wrapper will be created there and the variable erc20Wrappers[_token] will have a wrapper address. The non-zero value of this variable is the exact marker that _token is erc223. We prohibit extracting such tokens in extractStuckERC20. (the essence of this fix)

4. ERC-223 wrapper. Purposely or accidentally. These tokens are burned in tokenReceived when they arrive. We don't need to worry about their withdrawal via extractStuckERC20.