The following assumes the use of node@>=10
.
yarn
yarn compile
yarn test
📦 A smart contract that distributes a balance of tokens according to a merkle root
License: GNU General Public License v3.0
MerkleDistributor.sol is
// SPDX-License-Identifier: UNLICENSED
Is this on purpose? I saw that you made the code GPL-3.0
c3255bf.
As mentioned here Merkle trees are susceptible to the second preimage attack when a node can be presented as a leaf. To prevent this attack, OpenZeppelin typically uses double hashing for leaf values. However, in MerkleDistributor.sol
, the leaf is constructed by hashing the value only once. Does this mean that the current implementation is not safe about these attacks? Is it assumed that they can't happen or are there other safeguards in the current contract?
Hi, i am newbie here and want to understand the definition of one of the params passed to constructor. the token address
Clawbacks of unclaimed tokens after X amount of time is a relatively common usecase. I'd like to propose either extending the existing contract or adding a second contract that inherits from the primary MerkleDistributor and handles clawbacks. I'd be happy to implement this.
Hello team!
Like this project and would love to see everything running. Compiling and installing was fine, but yarn test
gave me the following error which i couldn't resolve until now.
node -v = v14.17.0
npm -v = 7.17.0
/merkle-distributor$ yarn test
yarn run v1.22.10
$ yarn compile
$ rimraf ./build/
$ waffle
$ mocha
MerkleDistributor
#token
1) "before each" hook: deploy token
0 passing (64ms)
1 failing
1) MerkleDistributor
"before each" hook: deploy token:
Uncaught Error: Callback was already called.
at /merkle-distributor/node_modules/merkle-patricia-tree/node_modules/async/lib/async.js:43:36
at WriteStream.<anonymous> (node_modules/merkle-patricia-tree/node_modules/async/lib/async.js:358:17)
at WriteStream.destroy (node_modules/merkle-patricia-tree/node_modules/level-ws/level-ws.js:140:8)
at finish (internal/streams/writable.js:670:14)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
/merkle-distributor/node_modules/merkle-patricia-tree/node_modules/async/lib/async.js:358
callback(err);
^
Error: Callback was already called.
at /merkle-distributor/node_modules/merkle-patricia-tree/node_modules/async/lib/async.js:43:36
at WriteStream.<anonymous> (/merkle-distributor/node_modules/merkle-patricia-tree/node_modules/async/lib/async.js:358:17)
at WriteStream.emit (events.js:376:20)
at WriteStream.destroy (/merkle-distributor/node_modules/merkle-patricia-tree/node_modules/level-ws/level-ws.js:140:8)
at finish (internal/streams/writable.js:670:14)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Let's imagine this scenario.
We build the merkle tree with userA, userB, userC
and their respective amounts (10,20,30) with the indexes (0,1,2). We get the merkle root and create this merkle-distributor
contract with it.
Now, it's possible that userB
calls claim
function and passes userA
's address, index and amount and also proof. This will make sure that userB
is able to make the transfer from merkle-distributor
to userA
without even userA
's interaction and consent, which seems kind of wrong.
Of course, userB
can quickly figure out the proof, address, index and amount of userA
. So that's not the obstacle.
Am i missing something ?
Thanks in advance.
https://docs.github.com/en/articles/github-corporate-terms-of-service
Originally posted by @Brenda-01-01 in #14 (comment)
Yeah
🔥This is a great company and the idea of this project is very good the team of this project is highly professional and I would say never miss this project🎉
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.