-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security review fixes #116
Conversation
…instead rabbit:3-management. Added files to .dockerignore.
…s and rabbitmq container restart policy to 'unless-stoped'
docker-compose.yml
Outdated
env_file: ./.env | ||
environment: | ||
- NODE_ENV=production | ||
- VALIDATOR_ADDRESS=${VALIDATOR_ADDRESS:-0x8fd379246834eac74B8419FfdA202CF8051F7A03} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's better not to use any default values here.
Applies to all occurences of VALIDATOR_ADDRESS
and VALIDATOR_ADDRESS_PRIVATE_KEY
below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Major audit findings were fixed
Should this PR target |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do the changes in the README to reflect how to run the token bridge by using the docker now (https://github.com/poanetwork/token-bridge#docker).
Should some updates be placed to the section to reset the last processed blocks (https://github.com/poanetwork/token-bridge#rollback-the-last-processed-block-in-redis) and to the section where commands to test the bridge are described (https://github.com/poanetwork/token-bridge#native-to-erc20-mode-testing).
env_file: ./.env | ||
environment: | ||
- NODE_ENV=production | ||
- VALIDATOR_ADDRESS=${VALIDATOR_ADDRESS} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't need VALIDATOR_ADDRESS
here since the address will be generated automatically based on the private key provided in the next line.
@patitonar please confirm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's correct. VALIDATOR_ADDRESS
is generated automatically using the private key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm. I might be mistaking, but it won't work if not specifying the VALIDATOR_ADDRESS
. However, let me check it first.
env_file: ./.env | ||
environment: | ||
- NODE_ENV=production | ||
- VALIDATOR_ADDRESS=${VALIDATOR_ADDRESS} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't need VALIDATOR_ADDRESS
here since the address will be generated automatically based on the private key provided in the next line.
environment: | ||
- NODE_ENV=production | ||
- VALIDATOR_ADDRESS=${VALIDATOR_ADDRESS} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't need VALIDATOR_ADDRESS
here since the address will be generated automatically based on the private key provided in the next line.
Yes, it is correct. We need to use |
Should be targeted to different branch. |
@ArseniiPetrovich are you going to open another PR for the |
|
This one is similar to #113, but also takes into account all review remarks.