Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit issues #5564

Merged
merged 15 commits into from Jan 19, 2020
@@ -10,7 +10,7 @@ title: Reporting



<div class="contract-index"><span class="contract-index-title">Functions</span><ul><li><a href="#AffiliateValidator.addOperator(address)"><code class="function-signature">addOperator(address _operator)</code></a></li><li><a href="#AffiliateValidator.removeOperator(address)"><code class="function-signature">removeOperator(address _operator)</code></a></li><li><a href="#AffiliateValidator.addKey(bytes32,uint256,bytes32,bytes32,uint8)"><code class="function-signature">addKey(bytes32 _key, uint256 _salt, bytes32 _r, bytes32 _s, uint8 _v)</code></a></li><li><a href="#AffiliateValidator.getKeyHash(bytes32,uint256)"><code class="function-signature">getKeyHash(bytes32 _key, uint256 _salt)</code></a></li><li><a href="#AffiliateValidator.isValidSignature(bytes32,bytes32,bytes32,uint8)"><code class="function-signature">isValidSignature(bytes32 _hash, bytes32 _r, bytes32 _s, uint8 _v)</code></a></li><li><a href="#AffiliateValidator.validateReference(address,address)"><code class="function-signature">validateReference(address _account, address _referrer)</code></a></li><li><a href="#AffiliateValidator.onTransferOwnership(address,address)"><code class="function-signature">onTransferOwnership(address, address)</code></a></li><li class="inherited"><a href="#Ownable.constructor()"><code class="function-signature">constructor()</code></a></li><li class="inherited"><a href="#Ownable.getOwner()"><code class="function-signature">getOwner()</code></a></li><li class="inherited"><a href="#Ownable.transferOwnership(address)"><code class="function-signature">transferOwnership(address _newOwner)</code></a></li></ul></div>
<div class="contract-index"><span class="contract-index-title">Functions</span><ul><li><a href="#AffiliateValidator.addOperator(address)"><code class="function-signature">addOperator(address _operator)</code></a></li><li><a href="#AffiliateValidator.removeOperator(address)"><code class="function-signature">removeOperator(address _operator)</code></a></li><li><a href="#AffiliateValidator.addKey(bytes32,address,uint256,bytes32,bytes32,uint8)"><code class="function-signature">addKey(bytes32 _key, address _account, uint256 _salt, bytes32 _r, bytes32 _s, uint8 _v)</code></a></li><li><a href="#AffiliateValidator.getKeyHash(bytes32,address,uint256)"><code class="function-signature">getKeyHash(bytes32 _key, address _account, uint256 _salt)</code></a></li><li><a href="#AffiliateValidator.isValidSignature(bytes32,bytes32,bytes32,uint8)"><code class="function-signature">isValidSignature(bytes32 _hash, bytes32 _r, bytes32 _s, uint8 _v)</code></a></li><li><a href="#AffiliateValidator.validateReference(address,address)"><code class="function-signature">validateReference(address _account, address _referrer)</code></a></li><li><a href="#AffiliateValidator.onTransferOwnership(address,address)"><code class="function-signature">onTransferOwnership(address, address)</code></a></li><li class="inherited"><a href="#Ownable.constructor()"><code class="function-signature">constructor()</code></a></li><li class="inherited"><a href="#Ownable.getOwner()"><code class="function-signature">getOwner()</code></a></li><li class="inherited"><a href="#Ownable.transferOwnership(address)"><code class="function-signature">transferOwnership(address _newOwner)</code></a></li></ul></div>



@@ -26,13 +26,13 @@ title: Reporting
<h4><a class="anchor" aria-hidden="true" id="AffiliateValidator.addKey(bytes32,uint256,bytes32,bytes32,uint8)"></a><code class="function-signature">addKey(bytes32 _key, uint256 _salt, bytes32 _r, bytes32 _s, uint8 _v)</code><span class="function-visibility">external</span></h4>
<h4><a class="anchor" aria-hidden="true" id="AffiliateValidator.addKey(bytes32,address,uint256,bytes32,bytes32,uint8)"></a><code class="function-signature">addKey(bytes32 _key, address _account, uint256 _salt, bytes32 _r, bytes32 _s, uint8 _v)</code><span class="function-visibility">external</span></h4>
<h4><a class="anchor" aria-hidden="true" id="AffiliateValidator.getKeyHash(bytes32,uint256)"></a><code class="function-signature">getKeyHash(bytes32 _key, uint256 _salt) <span class="return-arrow">→</span> <span class="return-type">bytes32</span></code><span class="function-visibility">public</span></h4>
<h4><a class="anchor" aria-hidden="true" id="AffiliateValidator.getKeyHash(bytes32,address,uint256)"></a><code class="function-signature">getKeyHash(bytes32 _key, address _account, uint256 _salt) <span class="return-arrow">→</span> <span class="return-type">bytes32</span></code><span class="function-visibility">public</span></h4>
@@ -17726,6 +17726,11 @@
"name": "_key",
"type": "bytes32"
},
{
"internalType": "address",
"name": "_account",
"type": "address"
},
{
"internalType": "uint256",
"name": "_salt",
@@ -17776,6 +17781,11 @@
"name": "_key",
"type": "bytes32"
},
{
"internalType": "address",
"name": "_account",
"type": "address"
},
{
"internalType": "uint256",
"name": "_salt",
@@ -17791,7 +17801,7 @@
}
],
"payable": false,
"stateMutability": "pure",
"stateMutability": "view",
"type": "function"
},
{
@@ -21127,7 +21137,7 @@
{
"constant": true,
"inputs": [],
"name": "totalAffiliateFeesAttoCash",
"name": "totalPreFinalizationAffiliateFeesAttoCash",
"outputs": [
{
"internalType": "uint256",

Large diffs are not rendered by default.

@@ -6,12 +6,14 @@ import 'ROOT/reporting/IMarket.sol';
import 'ROOT/reporting/IV2ReputationToken.sol';
import 'ROOT/reporting/IAffiliateValidator.sol';
import 'ROOT/libraries/Initializable.sol';
import 'ROOT/libraries/math/SafeMathUint256.sol';

/**
* @title Warp Sync
* @notice A contract that control the recurring creation of a market which exists to report on warp sync data for Augur
*/
contract WarpSync is IWarpSync, Initializable {
using SafeMathUint256 for uint256;

struct Data {
uint256 warpSyncHash;
@@ -101,8 +103,9 @@ contract WarpSync is IWarpSync, Initializable {

function getRepReward(uint256 _theoreticalTime) private view returns (uint256) {
uint256 _currentTime = augur.getTimestamp();
uint256 _timeSinceTheoreticalCreationInSeconds = _currentTime - _theoreticalTime;
return (_timeSinceTheoreticalCreationInSeconds ** 3) * 1000;
uint256 _timeSinceTheoreticalCreationInSeconds = _currentTime.sub(_theoreticalTime);
// Cannot overflow in any reasonable timeline of the universe

This comment has been minimized.

Copy link
@MicahZoltu

MicahZoltu Jan 16, 2020

Member

Comment is now unnecessary sincey ou have moved to SafeMath everywhere.

return (_timeSinceTheoreticalCreationInSeconds ** 3).mul(1000);
}

function awardRep(IUniverse _universe, uint256 _amount) private returns (bool) {
@@ -117,7 +120,7 @@ contract WarpSync is IWarpSync, Initializable {
IV2ReputationToken _reputationToken = _universe.getReputationToken();
uint256 _repBond = _universe.getOrCacheMarketRepBond();
_reputationToken.mintForWarpSync(_repBond, address(this));
uint256 _endTime = augur.getTimestamp() + MARKET_LENGTH;
uint256 _endTime = augur.getTimestamp().add(MARKET_LENGTH);
IMarket _market = _universe.createScalarMarket(_endTime, 0, IAffiliateValidator(0), 0, address(this), PRICES, MAX_NUM_TICKS, EXTRA_INFO);
markets[address(_universe)] = address(_market);
}
@@ -42,7 +42,7 @@ contract AffiliateValidator is Ownable, IAffiliateValidator {
*/
function addKey(bytes32 _key, uint256 _salt, bytes32 _r, bytes32 _s, uint8 _v) external {
require(!usedSalts[_salt], "Salt already used");
bytes32 _hash = getKeyHash(_key, _salt);
bytes32 _hash = getKeyHash(_key, msg.sender, _salt);
require(isValidSignature(_hash, _r, _s, _v), "Signature invalid");
usedSalts[_salt] = true;
keys[msg.sender] = _key;
@@ -51,11 +51,12 @@ contract AffiliateValidator is Ownable, IAffiliateValidator {
/**
* @notice Get the key hash for a given key
* @param _key The key to get a hash for
* @param _account The account to get a hash for
* @param _salt A salt to secure the key hash
* @return bytes32
*/
function getKeyHash(bytes32 _key, uint256 _salt) public pure returns (bytes32) {
return keccak256(abi.encodePacked(_key, _salt));
function getKeyHash(bytes32 _key, address _account, uint256 _salt) public view returns (bytes32) {
return keccak256(abi.encodePacked(_key, _account, address(this), _salt));
}

function isValidSignature(bytes32 _hash, bytes32 _r, bytes32 _s, uint8 _v) public view returns (bool) {
@@ -54,7 +54,7 @@ contract Market is Initializable, Ownable, IMarket, CashSender {
bool private disputePacingOn;
address public repBondOwner;
uint256 public marketCreatorFeesAttoCash;
uint256 public totalAffiliateFeesAttoCash;
uint256 public totalPreFinalizationAffiliateFeesAttoCash;
IDisputeCrowdsourcer public preemptiveDisputeCrowdsourcer;

// Collections
@@ -341,7 +341,7 @@ contract Market is Initializable, Ownable, IMarket, CashSender {
universe.withdraw(_sourceAccount, _sourceCut, address(this));
affiliateFeesAttoCash[_affiliateAddress] += _affiliateFees;
_marketCreatorFees = _marketCreatorFees.sub(_totalAffiliateFees);
totalAffiliateFeesAttoCash = totalAffiliateFeesAttoCash.add(_affiliateFees);
totalPreFinalizationAffiliateFeesAttoCash = totalPreFinalizationAffiliateFeesAttoCash.add(_affiliateFees);
}

marketCreatorFeesAttoCash = marketCreatorFeesAttoCash.add(_marketCreatorFees);
@@ -366,8 +366,8 @@ contract Market is Initializable, Ownable, IMarket, CashSender {
withdrawAffiliateFees(_affiliateAddress);
}
} else {
universe.withdraw(address(universe.getOrCreateNextDisputeWindow(false)), _marketCreatorFeesAttoCash.add(totalAffiliateFeesAttoCash), address(this));
totalAffiliateFeesAttoCash = 0;
universe.withdraw(address(universe.getOrCreateNextDisputeWindow(false)), _marketCreatorFeesAttoCash.add(totalPreFinalizationAffiliateFeesAttoCash), address(this));
totalPreFinalizationAffiliateFeesAttoCash = 0;
}
}

@@ -469,6 +469,7 @@ contract Market is Initializable, Ownable, IMarket, CashSender {
delete participants;
participants.push(_initialParticipant);
clearCrowdsourcers();
preemptiveDisputeCrowdsourcer = IDisputeCrowdsourcer(0);
// Send REP from the rep bond back to the address that placed it. If a report has been made tell the InitialReporter to return that REP and reset
if (repBond > 0) {
IV2ReputationToken _reputationToken = getReputationToken();
super(dependencies, address)
}

public addKey = async (key: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<Array<Event>> => {
public addKey = async (key: string, account: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<Array<Event>> => {
options = options || {}
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
return await this.remoteCall(abi, [key, salt, r, s, v], 'addKey', options.sender)
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"address","name":"_account","type":"address"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
return await this.remoteCall(abi, [key, account, salt, r, s, v], 'addKey', options.sender)
}

public addKey_estimateGas = async (key: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<TBigNumber> => {
public addKey_estimateGas = async (key: string, account: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<TBigNumber> => {
options = options || {}
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
return await this.estimateGas(abi, [key, salt, r, s, v], 'addKey', options.sender)
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"address","name":"_account","type":"address"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
return await this.estimateGas(abi, [key, account, salt, r, s, v], 'addKey', options.sender)
}

public addKey_ = async (key: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<void> => {
public addKey_ = async (key: string, account: string, salt: TBigNumber, r: string, s: string, v: TBigNumber, options?: { sender?: string }): Promise<void> => {
options = options || {}
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
await this.localCall(abi, [key, salt, r, s, v], options.sender)
const abi: AbiFunction = {"constant":false,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"address","name":"_account","type":"address"},{"internalType":"uint256","name":"_salt","type":"uint256"},{"internalType":"bytes32","name":"_r","type":"bytes32"},{"internalType":"bytes32","name":"_s","type":"bytes32"},{"internalType":"uint8","name":"_v","type":"uint8"}],"name":"addKey","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}
await this.localCall(abi, [key, account, salt, r, s, v], options.sender)
}

public addOperator = async (operator: string, options?: { sender?: string }): Promise<Array<Event>> => {
await this.localCall(abi, [operator], options.sender)
}

public getKeyHash_ = async (key: string, salt: TBigNumber, options?: { sender?: string }): Promise<string> => {
public getKeyHash_ = async (key: string, account: string, salt: TBigNumber, options?: { sender?: string }): Promise<string> => {
options = options || {}
const abi: AbiFunction = {"constant":true,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"uint256","name":"_salt","type":"uint256"}],"name":"getKeyHash","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"payable":false,"stateMutability":"pure","type":"function"}
const result = await this.localCall(abi, [key, salt], options.sender)
const abi: AbiFunction = {"constant":true,"inputs":[{"internalType":"bytes32","name":"_key","type":"bytes32"},{"internalType":"address","name":"_account","type":"address"},{"internalType":"uint256","name":"_salt","type":"uint256"}],"name":"getKeyHash","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"payable":false,"stateMutability":"view","type":"function"}
const result = await this.localCall(abi, [key, account, salt], options.sender)
return <string>result[0]
}

return <string>result[0]
}

public totalAffiliateFeesAttoCash_ = async (options?: { sender?: string }): Promise<TBigNumber> => {
public totalPreFinalizationAffiliateFeesAttoCash_ = async (options?: { sender?: string }): Promise<TBigNumber> => {
options = options || {}
const abi: AbiFunction = {"constant":true,"inputs":[],"name":"totalAffiliateFeesAttoCash","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"}
const abi: AbiFunction = {"constant":true,"inputs":[],"name":"totalPreFinalizationAffiliateFeesAttoCash","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"}
const result = await this.localCall(abi, [], options.sender)
return <TBigNumber>result[0]
}
@@ -64,7 +64,7 @@ def test_affiliate_validator(kitchenSinkFixture, universe, cash):

accountKey = longTo32Bytes(21)
salt = 0
accountHash = affiliateValidator.getKeyHash(accountKey, salt)
accountHash = affiliateValidator.getKeyHash(accountKey, account, salt)

# A bad signature will be rejected
with raises(TransactionFailed):
@@ -85,7 +85,7 @@ def test_affiliate_validator(kitchenSinkFixture, universe, cash):

affiliateKey = longTo32Bytes(22)
salt += 1
affiliateHash = affiliateValidator.getKeyHash(affiliateKey, salt)
affiliateHash = affiliateValidator.getKeyHash(affiliateKey, affiliate, salt)
r, s, v = signHash(affiliateHash, affiliateValidatorOperatorPrivKey)
affiliateValidator.addKey(affiliateKey, salt, r, s, v, sender=affiliate)

@@ -107,7 +107,7 @@ def test_affiliate_validator(kitchenSinkFixture, universe, cash):
dupeAccount = kitchenSinkFixture.accounts[2]
affiliates.setReferrer(affiliate, sender=dupeAccount)
salt += 1
affiliateHash = affiliateValidator.getKeyHash(affiliateKey, salt)
affiliateHash = affiliateValidator.getKeyHash(affiliateKey, dupeAccount, salt)
r, s, v = signHash(affiliateHash, affiliateValidatorOperatorPrivKey)
affiliateValidator.addKey(affiliateKey, salt, r, s, v, sender=dupeAccount)

@@ -844,7 +844,7 @@ def test_fees_from_trades(finalized, invalid, contractsFixture, cash, market, un

disputeWindow = contractsFixture.applySignature('DisputeWindow', market.getDisputeWindow())
contractsFixture.contracts["Time"].setTimestamp(disputeWindow.getEndTime() + 1)
totalCollectedFees = market.marketCreatorFeesAttoCash() + market.totalAffiliateFeesAttoCash() + market.validityBondAttoCash()
totalCollectedFees = market.marketCreatorFeesAttoCash() + market.totalPreFinalizationAffiliateFeesAttoCash() + market.validityBondAttoCash()
nextDisputeWindowAddress = universe.getOrCreateNextDisputeWindow(False)
nextDisputeWindowBalanceBeforeFinalization = cash.balanceOf(universe.getOrCreateNextDisputeWindow(False))
assert market.finalize()
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.