-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V2 - P3C.io Auto-Reinvestment Farm #107
Comments
Auditing time 1 day |
@MrCrambo assigned. |
Auditing time: 2 days. |
@danbogd assigned. |
My report is finished. |
A release candidate of The system is live and can be tested here: https://p3c.io/p3c-rc/interact.html |
Estimated auditing time is 1 day. |
@gorbunovperm assigned. |
My report is finished. |
1. SummaryP3C.io v.2. security audit report performed by Callisto Security Audit Department 2. In scope3. FindingsIn total, 2 issues were reported including:
No critical security issues were found. 3.1. No checking for zero address.Severity: lowDescriptionTransfer function and constructor Crop members of Crop contract do not require the to address to be non null before transfer. 3.2. Known vulnerabilities of ERC-20 tokenSeverity: lowDescriptionERC20 Tokens have some well-known issues (listed below), This is just a reminder for the contract developers.
The above mentioned issues are well documented, a basic search can help to get more information. 4. ConclusionThe vulnerability from the previous contract has been fixed. No new ones were found. The smart contract safe to deploy. 5. Revealing audit reportshttps://gist.github.com/yuriy77k/527953e18d71fe7a3dcb35c6fc14462f https://gist.github.com/yuriy77k/f1e42e367828766c99d2572754f7dedb https://gist.github.com/yuriy77k/24f888209386b7d38f6258fcf334bec9 |
Audit request
After receiving the results of the previous audit I have gone back and made improvements to the architecture based on the recommendation of the auditor.
The goal is still the same, to provide an interface for users to deposit their P3C and outsiders to reinvest on their behalf.
The issue was that the Farm would allow anybody to link crops. This could be attacked. In this new version, I have changed the architecture of the Farm so that it actually deploys the crop contract itself. The crop contract is the same.
Changes:
Source code
https://github.com/p3c-bot/p3c-bot.github.io/blob/upgrade/contracts/v1.0.0/Farm.sol
Disclosure policy
masterhax@protonmail.com
Please notify publicly.
Platform
ETC
The text was updated successfully, but these errors were encountered: