Skip to content

Commit

Permalink
Update 2017-03.md
Browse files Browse the repository at this point in the history
  • Loading branch information
donatik27 authored Dec 6, 2024
1 parent 063fbb3 commit 53219e1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions audits/2017-03.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ Allows owner to set a public string of contract information. No issues.

This needs some work. Doesn't check if `_required <= len(_owners)` for instance, that would be a bummer. What if _required were like `MAX - 1`?

I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recomment single character differences in variable names, although a preceding underscore is not uncommon in Solidity code.
I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recommend single character differences in variable names, although a preceding underscore is not uncommon in Solidity code.

Line 34: "this contract only has six types of events"...actually only two.

Expand Down Expand Up @@ -246,7 +246,7 @@ Delete not actually necessary since the value is overwritten in the next line an

### Bounty

Avoids potential race condition by having each researcher deploy a separate contract for attack; if a research manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts.
Avoids potential race condition by having each researcher deploy a separate contract for attack; if a researcher manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts.

A developer could subvert this intent by implementing `deployContract()` to always return the same address. However, this would break the `researchers` mapping, updating the researcher address associated with the contract. This could be prevented by blocking rewrites in `researchers`.

Expand Down

0 comments on commit 53219e1

Please sign in to comment.