Do security audit of the smart contract #1
Comments
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 0.799 ETH (90.03 USD @ $112.68/ETH) attached to it as part of the vporton fund.
|
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work has been started. These users each claimed they can complete the work by 3 weeks, 3 days from now. 1) ridesolo has been approved to start work. hello, I'm an expert solidity auditor and I'm interested to audit your contract, you can check all my reports in my gist http://gist.github.com/ridesolo/. I have audited hundreds of projects the lasts two years. Learn more on the Gitcoin Issue Details page. |
|
@RideSolo Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
Working on it. |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work for 0.799 ETH (93.56 USD @ $117.09/ETH) has been submitted by: @vporton please take a look at the submitted work:
|
|
My response to your security audit: https://gist.github.com/vporton/e39a060986d02e1889aea0b50aa4356c - please respond back. |
|
|
Why have you removed this? if (_interfaceId == INTERFACE_SIGNATURE_ERC165 ||
_interfaceId == INTERFACE_SIGNATURE_ERC1155) {
return true;
}You proposed to add checks for methods, but removed the check for these two interfaces. I do not understand. |
|
Could you provide the full code for Note that the last version of the contract added two more public variables, which are also to be counted. |
|
I do not understand why you suggest to rewrite function supportsInterface(bytes4 _interfaceId)
public
view
returns (bool) {
if (_interfaceId == INTERFACE_SIGNATURE_ERC165 ||
_interfaceId == INTERFACE_SIGNATURE_ERC1155) {
return true;
}
return false;
}in another way. You tell something about gas, but it's obvious that this function uses very little gas. |
|
@vporton sure like this it is too low, however I saw that you commented out part of the value here, I set this issue to low, since If you wanted to list all the functions following ERC-165, the required gas to execute the function will be too high (probably higher than 10k or 30k suggested by the standards). This is an audit, the recommendation done was to implement a more efficient way to list the functions, as commented " list all public function here, following the previous example" you can simply add the remaining functions by following the same example. The proposed implementation is more gas efficient since you can list as many function selectors as you want. Also there was an error, since you set another function selector to true that must not be implemented, this is why I suggested a new way to implement it. as you can see the original code below. Please note that it was just a suggestion and you can decide to ignore it. the main point was to point out the issue in case of setting more function selectors. |
|
Why should I add "all functions"?
|
|
I agree, I pointed this issue out because I saw you comments here I figured out that you wanted to implement all functions and using condition while accessing all global variables won't be optimal. also you should note that it is a low severity issue and it does not represent any risk . |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done The funding of 0.799 ETH (93.56 USD @ $117.09/ETH) attached to this issue has been approved & issued to @RideSolo.
|
Do a security audit of this Solidity smart contract:
https://github.com/vporton/courts/blob/master/contracts/RewardCourts.sol
Apply only if you have security audit experience.
The text was updated successfully, but these errors were encountered: