Skip to content
This repository has been archived by the owner on May 15, 2021. It is now read-only.

Fixed OZ March 7 audit C01: Supply is Manipulable #2

Merged
merged 19 commits into from Apr 2, 2020
Merged

Fixed OZ March 7 audit C01: Supply is Manipulable #2

merged 19 commits into from Apr 2, 2020

Conversation

asselstine
Copy link
Contributor

Neglected to reduce supply when user withdraws their pending deposit.

@asselstine
Fixed OZ March 7 audit C01: Supply is Manipulable
59f2b42 
Neglected to reduce supply when user withdraws their pending deposit.
Fixed
@asselstine
Fixes OZ March 7 audit H01: Deposit uses operator collateral
6f49935 
There was an egregious mistake trying to transfer collateral tokens from
the *operator* on deposit.  Test had the same bug!
@asselstine
OZ March 7 security audit issue M01: Incomplete ERC777
8aa35c5 
Overrode `send`, `transfer`, and `transferFrom` with versions that
consolidate the users balance before calling the superclass function.

Fixes M01
@asselstine
Fixed OZ March 7 security audit issue L01: Missing Return Value
d405d08 
Removed return value from ScheduledBalance#clearConsolidated

Fixes L01
@asselstine
Fixes OZ March 7 audit issue L02: Misleading comments
9118e39
@asselstine
Fixes OZ March 7 Audit issue L03: Complicated Code
9cf252b 
After reviewing the audit and code, discovered the invariant that the committed draw
exchange rate *is always known*, so there was no need to track previous
/ current deposits for a user.

Fixes L03
@asselstine
Fixes OZ March 7 audit issue N03: Duplicated Code
4f649c8 
Removed ExchangeRateTracker#currentExchangeRateMantissa

Retained the tokenToCollateralValue and collateralTokenToValue functions
for convenience and gas efficiency (they don't run `search`).

Partially addresses issue N03
@asselstine
Fixes OZ March 7 audit issue N04: Reinitialize Exchange Rate Tracker
c9b5908 
Added checks to ensure tracker is initialized only once

Fixes N04
@asselstine
Fixes OZ March 7 audit issue N06: Typographical errors
2a96a54 
Fixed some old documentation, and most of the typos identified.

"User's backing collateral" remained as it's a "possesive apostrophe".

:)

Fixes N06
@asselstine
Redeployed Kovan
08fb0a7
@asselstine
Deployed UsdcPod
ae6606e
@asselstine
Merge pull request #10 from pooltogether/audit/N06
762954f 
Fixes OZ March 7 audit issue N06: Typographical errors
@asselstine
Merge pull request #9 from pooltogether/audit/N04
8637dcc 
Fixes OZ March 7 audit issue N04: Reinitialize Exchange Rate Tracker
@asselstine
Merge pull request #8 from pooltogether/audit/N03
fe4ccac 
Fixes OZ March 7 audit issue N03: Duplicated Code
@asselstine
Merge pull request #7 from pooltogether/audit/L03
3465efc 
Fixes OZ March 7 Audit issue L03: Complicated Code
@asselstine
Merge pull request #6 from pooltogether/audit/L02
5ec82af 
Fixes OZ March 7 audit issue L02: Misleading comments
@asselstine
Merge pull request #5 from pooltogether/audit/L01
0cff243 
Fixed OZ March 7 security audit issue L01: Missing Return Value
@asselstine
Merge pull request #4 from pooltogether/audit/M01
303019c 
OZ March 7 security audit issue M01: Incomplete ERC777
@asselstine
Merge pull request #3 from pooltogether/audit/H01
128d850 
Fixes OZ March 7 audit H01: Deposit uses operator collateral
@asselstine asselstine merged commit 306d2b1 into master Apr 2, 2020
@asselstine asselstine deleted the audit/C01 branch April 2, 2020 18:16
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@asselstine