Security Testing Results for the Contract: #29
Assignees
Comments
|
issue 3: we can don't save T0 on chain. if both duration and percentage are 0. instead, we need improve this issue on front-end. @thmadong @alisaweb3 |
|
Issue 4: fix patch uint256 releaseTime = schedule.start;
// for (uint256 i = schedule.lastReleasedStep; i < releases.length; i++) {
for (uint256 i = 0; i < releases.length; i++) {
releaseTime += releases[i].durationInHours * 1 hours;
if (i < schedule.lastReleasedStep) continue // continue to next
if (block.timestamp < releaseTime) {
break;
}
uint256 releaseAmount = (schedule.totalAmount *
releases[i].percentage) / 10000;
amountForRelease += releaseAmount;
schedule.lastReleasedStep = i + 1;
} |
|
When submitting a Vesting order, currently, Vesting parameters don't allow any step's percentage to be equal to 0! (Is this design reasonable?) is there need to add 0 percent release? |
of course. |
|
so can't release anyway. |
|
There is no problem on release step.
But the duration of claimed releases have been omitted in your previous implementation, Time of T3 become |
|
ok |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Security Testing Results for the Contract:
MakeSwap
(1) Uniqueness check: orderId=uuid+addrss, error reported in case of duplicates, validation correct!
(2) Parameter compliance check: Correct!
(3) Fund access check: Correct!
MakeSwapWithVesting
(1) Added compliance check for Vesting parameters on top of MakeSwap!
Issue: Currently, in Vesting parameters, no step's percentage is allowed to be equal to 0! (Is this design reasonable?)
TakeSwap
(1) Order status check: Correct!
(2) Parameter compliance check: Correct!
(3) Order expiration check: Correct!
(4) Fund access check: Correct!
CancelSwap
(1) Order status check: Correct!
(2) Parameter compliance check: Correct!
(3) Fund access check: Correct!
Issue: After canceling the order, the contract deletes the order, and subsequently related bids cannot correctly be claimed! (Severe)
PlaceBid
(1) Order status check: Correct!
(2) Uniqueness check: Each user can only placeBid once; error reported in case of duplicates, validation correct!
(3) Order expiration check: Correct!
(4) Parameter compliance check: Correct!
(5) Fund access check: Correct!
Issue: Not checking if the order allows bidding, i.e., if acceptBid is true? (Incorrect logic, not severely harmful)
UpdateBid
(1) Order status check: Correct!
(2) Bid status check: Correct!
(3) Bid expiration check: Correct!
(4) Parameter compliance check: Correct!
(5) Fund access check: Correct!
AcceptBid
(1) Order status check: Correct!
(2) Check acceptBid=true: Correct!
(3) Bid status check: Correct!
(4) Bid expiration check: Correct!
(5) Fund access check: Correct!
CancelBid
(1) Order existence check: Correct!
(2) Bid status check: Correct!
(3) Parameter compliance check: Correct!
(4) Fund access check: Correct!
StartVesting
(1) Added administrator mechanism, only specified addresses are allowed to call this interface.
(2) Parameter compliance check: Correct!
(3) Uniqueness check, beneficiary+orderId unique to avoid data overwrite attacks, correct!
(4) Fund access check: Correct!
Release
(1) Ensures the uniqueness of each Vesting detail execution, no duplicate claims, total asset payment correct!
Issue: Calculation problem in claiming Vesting, can be claimed prematurely! (Severe)
Issue List:
The text was updated successfully, but these errors were encountered: