blockchainlabsnz / chronologic Goto Github PK
View Code? Open in Web Editor NEWThis project forked from chronologic/chronologic
THE FIRST CRYPTO PEGGED TO TIME ON THE ETHEREUM BLOCKCHAIN
Home Page: https://chronologic.network/
chronologic's People
Contributors
Watchers
chronologic's Issues
FlatPricing strategy can be initialized in an invalid state
FlatPricing.sol
We would recommend adding require(_oneTokenInWei > 0) in the constructor, you should not be able to declare this variable to 0 because it will break the calculatePrice function.
updateBalanceOf should return a bool
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L259
function updateBalanceOf(uint256 _id) internal returns (bool success) {
This function should always return a bool, it only returns true, and never false.
Safe math should be used for all user-inputted values
Day Token
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L566
balances[this] = safeSub(balances[this], minBalanceToSell + sellingPriceInDayOf[msg.sender]);
balances[msg.sender] = safeAdd(balances[msg.sender], minBalanceToSell + sellingPriceInDayOf[msg.sender]);
We recommend using safe math for adding minBalanceToSell and sellingPriceInDayOf together.
Recommend using the latest version of Solidity supported by Truffle.js
The latest version of Solidity supported by Truffle.js is 0.4.13, the contracts are all using 0.4.11
Value mismatch when purchasing minting address
chronologic/contracts/DayToken.sol
Lines 547 to 550 in 3ba1fe8
The logic in the comment above does not match with the code, the minBalanceToSend is not added to _offerInDay
chronologic/contracts/DayToken.sol
Lines 566 to 567 in 3ba1fe8
This line of code does match the comment from above, which means one of these is wrong.
In this current state you be able to withdraw more than you sold for.
ERC20 Token Standard Consistency
ERC20.sol and ERC20Basic.sol
The names of the parameters deviate from the standard naming conventions in ERC20 Token Standard. We would recommend following them exactly.
Example:
ERC20Basic.sol
function balanceOf(address who) constant returns (uint);
ERC20 Token Standard
function balanceOf(address _owner) constant returns (uint balance);
DRY isContributor
DayToken.sol
There is a pattern used throughout this file for identifying if an ID is a contributor. The modifier onlyContributor uses it, and several other functions use it too. In the interest of not repeating yourself, a function should be created like
function isContributor(uint id) returns (bool isContributor) {
return (id <= latestContributerId && id != 0);
}
Simplify Conditional logic
StandardToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/StandardToken.sol#L68
require(!((_value != 0) && (allowed[msg.sender][_spender] != 0)));
The above line could be simplified to
require((_value == 0) || (allowed[msg.sender][_spender] == 0));
Which is much easier to read.
https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/StandardToken.sol#L50
Unnecessary cast to int
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L411
contributors[toId].totalTransferredDay = contributors[toId].totalTransferredDay + int(_value);
_value is an uint, it will always be a positive number, there is no reason to cast it to an int
Expected total coins minted to be a uint, an int is returned
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L234
function getTotalMinted(address _adr) public constant returns (int256) {
This function returns the number of DAY tokens minted, using the type int which means that it expects there could be a negative amount. Is this correct?
Gender neutral language is recommended
UpgradeableToken.sol
* Somebody has upgraded some of his tokens.
Should probably say
* Somebody has upgraded some of their tokens.
DayToken.sol
/** Funtion to allow seller to get back his deposited amount of day tokens...
to
/** Function to allow seller to get back their deposited amount of day tokens...
etc
Safe math functions should be constant
Add Constant modifier to SafeMath functions as they don't modify storage
Re-entracy issue
DayToken.sol
chronologic/contracts/DayToken.sol
Lines 549 to 550 in 3ba1fe8
Recommend using the shortcut variable that was created
chronologic/contracts/DayToken.sol
Lines 588 to 590 in 3ba1fe8
This variable was created a few lines above, use this instead of repeating yourself.
chronologic/contracts/DayToken.sol
Line 578 in 3ba1fe8
Code formatting is not consistent
We would recommend using a code linter and picking a consistent style guide.
This would make the code look cleaner, and more professional.
Possibly reentrancy attack
StandardToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/StandardToken.sol#L47
balances[_to] = safeAdd(balances[_to],_value);
balances[_from] = safeSub(balances[_from],_value);
These two lines should be swapped to prevent code re-entrancy attacks
Issue with sellMintingAddress
DayToken.sol
chronologic/contracts/DayToken.sol
Line 501 in 3ba1fe8
sellMintingAddress isn't transferring the actual amount specified by the user, instead it's transferring minBalanceToSell
Potential re-entrancy attack
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L414
balances[_to] = safeAdd(balances[_to], _value);
balances[_from] = safeSub(balances[_from], _value);
allowed[_from][msg.sender] = safeSub(_allowance, _value);
Subtractions should be made before addition to prevent a re-entrancy attack. We recommend re-ordering these lines.
DRY mintingPowerByAddress
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L217
function getMintingPowerByAddress is repeating code from function getMintingPowerById
Change the contents of the getMintingPowerByAddress function to:
return getMintingPowerById(idOf[_adr]);
Magic numbers used in several functions
Examples:
chronologic/contracts/DayToken.sol
Line 598 in 3ba1fe8
chronologic/contracts/DayToken.sol
Lines 617 to 619 in 3ba1fe8
chronologic/contracts/DayToken.sol
Lines 457 to 466 in 3ba1fe8
We would recommend using a static variable for these numbers so you can tell what they are meant to be, and change them easily if needed.
A minting address is never set to status SOLD
chronologic/contracts/DayToken.sol
Line 23 in 3ba1fe8
The SOLD status is never used, this should be removed, or used.
Transfer is not behaving correctly
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L380
balances[_to] = safeAdd(balances[msg.sender], _value);
When you make a transfer, the receivers balance will be equal to the senders balance plus the value sent, instead of the receivers balance plus the value sent.
The correct code would be:
balances[_to] = safeAdd(balances[_to], _value);
This error could inadvertently burn or clone all tokens in existence. If you make a transfer to the owner/team multisig address from an address with a small number of tokens, the entire supply other than the small number of tokens will be lost completely.
You could also clone tokens by transferring from a high balance address, to a low balance address.
Explicit declaration of variable access modifier
DayToken.sol
https://github.com/BlockchainLabsNZ/chronologic/blob/dev/contracts/DayToken.sol#L74
e.g
uint256 public bounty;
/* Minimum Balance in Day tokens required to sell a minting address */
uint256 minBalanceToSell;
/* Team address lock down period from issued time, in seconds */
uint256 teamLockPeriodInSec; //Initialize and set function
/* Duration in secs that we consider as a day. (For test deployment purposes,
if we want to decrease length of a day. default: 84600)*/
uint256 public DayInSecs;
address crowdsaleAddress;
Some variables do not state public or private, it's best to be explicit.
Another re-entrancy attack
DayToken.sol
chronologic/contracts/DayToken.sol
Line 515 in 3ba1fe8
balances[this] = safeAdd(balances[this], minBalanceToSell);
balances[msg.sender] = safeSub(balances[msg.sender], minBalanceToSell);
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.