Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V2 - P3C.io Auto-Reinvestment Farm #107

Closed
p3c-bot opened this issue Nov 19, 2018 · 10 comments
Closed

V2 - P3C.io Auto-Reinvestment Farm #107

p3c-bot opened this issue Nov 19, 2018 · 10 comments
Labels
approved Auditors can begin to audit this smart contract. High priority (DEPRECATED) DEPRECATED: Use priority 1 or priority 2 to increase the priority of a contract audit. solidity Smart-contract is written in solidity (Ethereum) language.

Comments

@p3c-bot
Copy link

p3c-bot commented Nov 19, 2018

Audit request

After receiving the results of the previous audit I have gone back and made improvements to the architecture based on the recommendation of the auditor.

The goal is still the same, to provide an interface for users to deposit their P3C and outsiders to reinvest on their behalf.

The issue was that the Farm would allow anybody to link crops. This could be attacked. In this new version, I have changed the architecture of the Farm so that it actually deploys the crop contract itself. The crop contract is the same.

Changes:

  • Consolidated Farm and Crop into same file.
  • Now Crops are created by the Farm and linked on creation.
  • Users can create a crop and send value along with the function call to automatically seed the crop.

Source code

https://github.com/p3c-bot/p3c-bot.github.io/blob/upgrade/contracts/v1.0.0/Farm.sol

Disclosure policy

masterhax@protonmail.com
Please notify publicly.

Platform

ETC
@p3c-bot p3c-bot changed the title V2 - P3C.io Auto-Reinvestment Contracts Request V2 - P3C.io Auto-Reinvestment Farm Contract Request Nov 19, 2018
@yuriy77k yuriy77k added solidity Smart-contract is written in solidity (Ethereum) language. approved Auditors can begin to audit this smart contract. High priority (DEPRECATED) DEPRECATED: Use priority 1 or priority 2 to increase the priority of a contract audit. labels Nov 19, 2018
@MrCrambo
Copy link

Auditing time 1 day

@yuriy77k yuriy77k changed the title V2 - P3C.io Auto-Reinvestment Farm Contract Request V2 - P3C.io Auto-Reinvestment Farm Nov 21, 2018
@yuriy77k
Copy link
Contributor

@MrCrambo assigned.

@danbogd
Copy link

danbogd commented Nov 21, 2018

Auditing time: 2 days.

@yuriy77k
Copy link
Contributor

@danbogd assigned.

@danbogd
Copy link

danbogd commented Nov 23, 2018

My report is finished.

@p3c-bot
Copy link
Author

p3c-bot commented Nov 24, 2018

A release candidate of The system is live and can be tested here: https://p3c.io/p3c-rc/interact.html

@gorbunovperm
Copy link

Estimated auditing time is 1 day.

@yuriy77k
Copy link
Contributor

@gorbunovperm assigned.

@gorbunovperm
Copy link

My report is finished.

@yuriy77k
Copy link
Contributor

1. Summary

P3C.io v.2. security audit report performed by Callisto Security Audit Department

2. In scope

  1. Farm.sol

3. Findings

In total, 2 issues were reported including:

  • 2 low severity issues.

No critical security issues were found.

3.1. No checking for zero address.

Severity: low

Description

Transfer function and constructor Crop members of Crop contract do not require the to address to be non null before transfer.

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

ERC20 Tokens have some well-known issues (listed below), This is just a reminder for the contract developers.

  1. Lack of transaction handling mechanism issue.

The above mentioned issues are well documented, a basic search can help to get more information.

4. Conclusion

The vulnerability from the previous contract has been fixed. No new ones were found. The smart contract safe to deploy.

5. Revealing audit reports

https://gist.github.com/yuriy77k/527953e18d71fe7a3dcb35c6fc14462f

https://gist.github.com/yuriy77k/f1e42e367828766c99d2572754f7dedb

https://gist.github.com/yuriy77k/24f888209386b7d38f6258fcf334bec9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved Auditors can begin to audit this smart contract. High priority (DEPRECATED) DEPRECATED: Use priority 1 or priority 2 to increase the priority of a contract audit. solidity Smart-contract is written in solidity (Ethereum) language.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MrCrambo @danbogd @gorbunovperm @yuriy77k @p3c-bot