openst / organization-contracts Goto Github PK
View Code? Open in Web Editor NEWOrganization contracts manage application permissions
License: Apache License 2.0
Organization contracts manage application permissions
License: Apache License 2.0
Contract interacts creation in type-script has a lot of boilerplate code and its time consuming to maintain it manually. It will be helpful to consume APIs with proper typed parameters.
@0xproject/abi-gen
to generate contract interactsnpm run generate
Use package's prepack
. Generally see the relevant developer guidelines section.
eg. in setAdmin
, but do so everywhere
ST-06-002 Doc: Mismatch Between Comment and Code in Organization (Info)
The docstring of the setAdmin function in the Organization contract does not match the actual implementation. As can be seen below, the function is described to be callable by the owner and admin, but only if the current admin calls the function, adminship shall be transferred immediately. However the code makes no such distinction. Further the description also indicates that it is discouraged to set the admin to the same address of the owner, but the contract makes no effort to prevent that.
Affected File:
/openst-contracts/contracts/organization/Organization.sol
Affected Code:
/**
* @notice Sets the admin address. Can only be called by owner or current
* admin. If called by the current admin, adminship is transferred
* to the given address immediately.
* It is discouraged to set the admin address to be the same as the
* address of the owner. The point of the admin is to act on behalf
* of the organization without requiring the possibly very safely
* stored owner key(s).
* Admin can be set to `address(0)` if no admin is desired.
*
* @param _admin Admin address to be set.
*
* @return success_ True on successful execution.
*/
function setAdmin(
address _admin
)
external
onlyOwnerOrAdmin
returns (bool success_)
{
/*
* If the address does not change, the call is considered a success,
* but we don't need to emit an event as it did not actually change.
*/
if (admin != _admin) {
emit AdminAddressChanged(_admin, admin);
admin = _admin;
}
success_ = true;
}
Check if the following contracts are identical in all repository.
If it is not identical then
blocked by #3
#12 Generates the interacts using typechain package. This interact doesn't have deploy method.
Generated interacts are extended from web3.eth.Contracts class which has deploy method. Theoretically, deploy should be available to the interact.
This ticket is about finding if the deploy
method can be used to deploy interacts by using web3 types and implementing it.
If the deploy
method can't be used, research how other projects are deploying contracts using type chain. Select and implement the best approach.
If nothing works, then write a simple utility to deploy contracts.
References:
https://www.npmjs.com/package/@types/web3
https://www.npmjs.com/package/web3-typescript-typings
Organization.sol
imports/uses SafeMath.sol
, but no SafeMath
functions are called.
Since SafeMath
functionality is not used, it should be removed from Organization.sol
and the repository:
SafeMath.sol
from /contracts/lib
TestSafeMath.sol
from /contracts/test/lib
SafeMath
from Organization.sol
safe_math.js
from /test/lib
npm audit
reveals we have 6 vulnerabilities (1 low, 1 moderate, 4 high).
Fix as many vulnerabilities as possible.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.