Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Price per block could increase #2

Open
That3Percent opened this issue Jun 27, 2022 · 2 comments
Open

Price per block could increase #2

That3Percent opened this issue Jun 27, 2022 · 2 comments

Comments

@That3Percent
Copy link

Here:
https://github.com/edgeandnode/subscription-payments-contract/blob/7b0368e4da25ece37440e0999fbeee652ad8b103/contracts/Subscriptions.sol#L90

there is no "defense" to the consumer for the price per block to increase suddenly. This could be used by a malicious entity to drain funds
@Theodus
Copy link
Member

Theodus commented Jun 27, 2022

My understanding is that transferFrom requires the sender to first approve the transfer of up to some amount of tokens. The expectation is that the subscriber would only approve the expected amount so an unexpected increase would result in the transaction being reverted.

@That3Percent
Copy link
Author

True, but a frequent pattern is to approve an unlimited amount if they expect to repeatedly interact with the contract. Something we should run by experts when the time comes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Theodus @That3Percent