You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ink! has released version 5.0.0 which comes with several fixes and changes from last version v4.3.0. ink!
ink! had be extensively audited by Openzeppelin and few High, Medium and low severity issues were found in OZ audit and the ink! 5.0.0 fixed it before official release. Openzeppelin audit report can be checked here
The kintsu ink contracts have used version 4.3.0 which can be checked and confirmed from cargo.toml.
V4.3.0 had few bugs which are fixed in v5.0.0 and in the context of the Kintsu contracts, the following are the functionalities/features which would be benefitted.
Kintsu contracts have used events for transparency and for users on chain information. The version v5.0.0 brings changes to Events in the form of Events 2.0 and the details can be checked here. v5.0.0 allows sharing events between contracts. Events have been used in almost all inscope contracts.
nomination_agent and vault contract allows to upgrade via set_code_hash function. With version 5.0.0, the set_code_hash() is made generic. More details can be checked here
nomination_agent contracts has made use of call_runtime. At version 4.3.0, the call_runtime was unstable and it can be checked here and now with ink! 5.0.0, This host function is now stabilized in the pallet. More details can be checked here
and so on...
Recommended Mitigation steps
Best security practice to avoid using versions which has bugs and lack features. It is recommended to use ink! version 5.0.0 instead of 4.3.0. It is more evident that, upgrading to version 5.0.0 has indeed more benefits along with new features, less contract size and few optimizations.
The text was updated successfully, but these errors were encountered:
Github username: @0xRizwan
Twitter username: 0xRizwann
Submission hash (on-chain): 0x68daf21c22efad1ffc95b8f018d14bc379ac77e31c87a78076d5a8a8332f2440
Severity: low
Description:
Description\
ink!
has released version 5.0.0 which comes with several fixes and changes from last version v4.3.0. ink!ink!
had be extensively audited by Openzeppelin and few High, Medium and low severity issues were found in OZ audit and theink!
5.0.0 fixed it before official release. Openzeppelin audit report can be checked hereThe
kintsu
ink contracts have used version4.3.0
which can be checked and confirmed fromcargo.toml
.V4.3.0 had few bugs which are fixed in v5.0.0 and in the context of the Kintsu contracts, the following are the functionalities/features which would be benefitted.
The whole v5.0.0 changelog can be checked at https://github.com/use-ink/ink/releases/tag/v5.0.0
Kintsu
contracts have used events for transparency and for users on chain information. The version v5.0.0 brings changes to Events in the form ofEvents 2.0
and the details can be checked here. v5.0.0 allows sharing events between contracts. Events have been used in almost all inscope contracts.nomination_agent
andvault
contract allows to upgrade via set_code_hash function. With version 5.0.0, theset_code_hash()
is made generic. More details can be checked herenomination_agent
contracts has made use ofcall_runtime
. At version 4.3.0, thecall_runtime
wasunstable
and it can be checked here and now with ink! 5.0.0, This host function is now stabilized in the pallet. More details can be checked hereand so on...
Recommended Mitigation steps
Best security practice to avoid using versions which has bugs and lack features. It is recommended to use
ink!
version 5.0.0 instead of4.3.0
. It is more evident that, upgrading to version5.0.0
has indeed more benefits along with new features, less contract size and few optimizations.The text was updated successfully, but these errors were encountered: