GithubHelp home page GithubHelp logo

lif2's People

Contributors

kostysh avatar kvakes avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar

lif2's Issues

Publish to npm.js

This repo hasn't been published to npm.js. Suggest that this is done and that a CI process is put in place when a new release version is tagged that an automatic push be done.

lif2: assign owner to community multi-sig

tl;dr
Superuser functions such as pause(), stop() are assigned to an EOA (nominally the Winding Tree Deployer). This represents immediate medium level security risks.

Overview

The Lif2 implementation contains two types of superuser:

  1. ProxyAdmin - this is responsible for the token logic of the contract, and represents essentially root level access to the contract state by virtue of token logic modification. This is guarded by the WT Community multi-sig 0x876969b13dcf884C13D4b4f003B69229E6b7966A.

  2. owner - this is an account stored in state for the contract that allows pause() and stop() on the contract - used for pausing the contract in it's entirety or stopping the claimable period. This is currently set the Winding Tree Deployer 0x008235a1Ed13130861b82DCF21FB2E39396F0673.

Hypothetically should the deployer EOA key be compromised, there would be no loss of funds, but there would be a denial of service, attack vector, freezing all token holder's balance of LIF.

Therefore it is strongly recommended to immediately execute the following:

Lif2.transferOwnership(0x876969b13dcf884C13D4b4f003B69229E6b7966A)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.