From 53219e150234e652c1ae8735faeb6cc2a55ba7e4 Mon Sep 17 00:00:00 2001 From: Noisy <125606576+donatik27@users.noreply.github.com> Date: Fri, 6 Dec 2024 01:55:50 +0100 Subject: [PATCH] Update 2017-03.md --- audits/2017-03.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audits/2017-03.md b/audits/2017-03.md index 4cd6dbfd30d..6cc78313c85 100644 --- a/audits/2017-03.md +++ b/audits/2017-03.md @@ -159,7 +159,7 @@ Allows owner to set a public string of contract information. No issues. This needs some work. Doesn't check if `_required <= len(_owners)` for instance, that would be a bummer. What if _required were like `MAX - 1`? -I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recomment single character differences in variable names, although a preceding underscore is not uncommon in Solidity code. +I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recommend single character differences in variable names, although a preceding underscore is not uncommon in Solidity code. Line 34: "this contract only has six types of events"...actually only two. @@ -246,7 +246,7 @@ Delete not actually necessary since the value is overwritten in the next line an ### Bounty -Avoids potential race condition by having each researcher deploy a separate contract for attack; if a research manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts. +Avoids potential race condition by having each researcher deploy a separate contract for attack; if a researcher manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts. A developer could subvert this intent by implementing `deployContract()` to always return the same address. However, this would break the `researchers` mapping, updating the researcher address associated with the contract. This could be prevented by blocking rewrites in `researchers`.