Comments (8)
Qkyrie
commented on September 26, 2024
We just discussed this internally. We confirm that this is indeed a bug in the current version of the platform.
We will however decline the current PR, as it is not a vulnerability, but rather just a bug.
We are prepared to grant a minor bounty if you fix this issue for us. We request that you just remove the functionality where
- we write to the counter
- read from the counter
- remove the tests for the counter (if they exist)
We don't use the counter (it's a remnant from a previous version) and the public constant function can just be removed. You'll be able to claim the minor bounty once the platform is live on mainnet.
from contracts.
thomasvds
commented on September 26, 2024
Hi @Qkyrie roger that. Given this leads to a loss (i.e., non-capture) of data I think it entered the criteria for the bounty. But agree 100% it's not a security breach, and very happy that you still recognize the value of this input.
Will definitely proceed with the removal of that buggy functionality.
Note that even though this is not used, this still consumes gas, and the removal will hence decrease overall transaction cost 💪
from contracts.
Qkyrie
commented on September 26, 2024
perfect! 👍
from contracts.
fundrequestbot
commented on September 26, 2024
This issue has been funded using FundRequest. A developer can claim the reward by submitting a pull request referencing this issue. (How to Close Issues via Pull Requests?) e.g. fixes #50
- For more help on how to claim on issue, please visit our help section.
- Looking for more? Feel free to browse through all funded requests.
from contracts.
fundrequestbot
commented on September 26, 2024
Thank you @thomasvds for your code contribution. You can now claim the reward that is linked to this issue. This can be done directly from the funded request.
- Looking for more? Feel free to browse through all funded requests.
from contracts.
fundrequestbot
commented on September 26, 2024
Thank you @thomasvds for your code contribution. You can now claim the reward that is linked to this issue. This can be done directly from the funded request.
- Looking for more? Feel free to browse through all funded requests.
from contracts.
fundrequestbot
commented on September 26, 2024
Thank you @thomasvds for your code contribution. You can now claim the reward that is linked to this issue. This can be done directly from the funded request.
- Looking for more? Feel free to browse through all funded requests.
from contracts.
fundrequestbot
commented on September 26, 2024
Thank you @thomasvds for your code contribution. You can now claim the reward that is linked to this issue. This can be done directly from the funded request.
- Looking for more? Feel free to browse through all funded requests.
from contracts.
Related Issues (20)
- Update Contracts to v0.4.22
- Make the contracts upgradeable, using the new features from v0.4.22
- Add messages to every revert, as per v0.4.22
- Use Eternal Storage pattern as part of the upgradeability
- Make seperate functionality class from Callable
- As an admin, I want to be able to migrate existing tokens to a new Contract
- As a user, I want to be able to fund with ether
- As a user, I want to be able to fund in DAI HOT 1
- Upgradeable Contracts
- As a security auditor I log a major security breach in the FundRequest Smart Contracts #1 HOT 2
- As a security auditor I log a minor security breach in the FundRequest Smart Contracts #1 HOT 2
- Old issues (solved) HOT 3
- Using delete on an array leaves a gap HOT 3
- Add Refund Functionality to contracts
- pubenv endpoint contains wrong entries HOT 1
- Transaction fails when trying to refund certain issues HOT 1
- Check valid tokens based on platform, owner and repo
- trust wallet parthner demo
- Bug Title:Broken Authentication and Session Management
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from contracts.