Comments (10)
Thanks Adam for a very nice audit! I have some questions:
Moderate: In general this contract uses unix timestamps (now) to control behavior. This value is somewhat manipulatable by miners (within bounds) and usually a better approach is to use block number as a proxy for date / time instead.
Could you provide some resources, why timestamp is less secure than block number? I was searching about this, asking around, didn't find much. There's been many major sales, which used timestamps and everything seems to go well.
Minor: In the function compensateContributors you calculate ratio to be the amount of tokens per ether contributed. You then take the amount contribute, turn this into an ether amount (divide by 10^18) and multiply by ratio. You could consider having ratio instead being the amount of tokens per wei contributed, which would avoid these divisions by 10^18 and make the code clearer.
Could you please explain this some more, not quite sure what you mean. Or maybe you could provide some code example?
from district0x-network-token.
from district0x-network-token.
Thanks!
- Although those changes may make code a bit cleaner, at this point, since there are some other audits in progress, I'd avoid doing major changes just for cosmetic purposes. So probably we won't implement.
- Yes, we're paying that much, but it's an audit from Jordi Baylina, rather than Griff. Prices of audits today literally range from $800-$80,000, that's why we decided to do this via Ethlance to bring more pricing transparency into this market.
from district0x-network-token.
from district0x-network-token.
Yes, 10% bonus applies to your review ;)
ok thanks, will test the code
from district0x-network-token.
from district0x-network-token.
Ah, so you just removed .mul(1000000000000000000) and .div(1000000000000000000)
, but that wouldn't work, because you'll lose precision too much. In solidity there are no float numbers, that's why is there this multiplying and dividing.
When I run tests with it, there're errors like:
expected: (bn/eq? expected-dnt (<! (contract-call-ch DNTToken :balance-of contributor)))
actual: (not (bn/eq? #object[BigNumber 8.5714285714285714285714285e+25] #object[BigNumber 8.5714285e+25]))
You can see expected number of DNT tokens is 8.5714285714285714285714285e+25
, but actual number is 8.5714285e+25
- lost 18 decimal points precision
from district0x-network-token.
from district0x-network-token.
yep, sure if you will
from district0x-network-token.
I have removed this Minor issue as per discussion.
from district0x-network-token.
Related Issues (13)
- Hard cap HOT 1
- js/compiled/app.js missing? HOT 1
- node contribution-tests.js fails on Ubuntu 16.04
- Request to Add Trust Wallet for Dapps
- Joining the discord
- Smart Contracts using DNT
- Enable then cancel HOT 1
- compensateContributors isn't onlyOwner HOT 5
- Possible issue in Ownable.sol HOT 2
- DNT tokens locked in the Contribution contract HOT 4
- WallMindFree
- Which exchange can i buy district0x? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from district0x-network-token.