fundrequest / contracts Goto Github PK
View Code? Open in Web Editor NEWContracts for FundRequest (platform, token, crowdsale)
Home Page: https://fundrequest.io
Contracts for FundRequest (platform, token, crowdsale)
Home Page: https://fundrequest.io
Allow a request to be funded with Ether.
Approve works
approve does not work when current approve balance > 0
When funding we currently check the available tokens based on the platform, owner, repo and the issuenumber.
It would be better if it would only be platform, owner and repo, this would be more performant to cache (see FundRequest/platform#475)
uint8 public decimals;
uint public decimals;
The ERC20 standard specifies that decimals should be of type uint8.
More: https://theethereum.wiki/w/index.php/ERC20_Token_Standard
P.S. also don't forget to change it in the constructor.
https://github.com/fravoll/solidity-patterns/blob/master/EternalStorage/EternalStorage.sol
--> implement fundrepository/claimrepository
FundRequestToken should have an abstraction above it. The only thing this abstraction should be able to do is identify if the token is indeed a FundRequestToken.
This seperates the FundRequestContract code with the actual Token Model.
The FND token contract keeps track of the FND token balances on the ethereum accounts. Before the token sale only addresses that are whitelisted are allowed to transfer tokens and only to the FundRequest Platform Contract. The FundRequest Platform Contract can transfer tokens to any address.
The FND token contract must contain a parameter (allowAnyTransfer) that enables/disables the possibility to transfer tokens between any ethereum address:
A function is available to whitelist an ethereum address. This function can only be called by a FundRequest account.
Seed and presale participants will receive their tokens prior to the token sale so it is possible to already generate and use the tokens for ecosystem incentivization.
The ETH of the seed participants is already received, the ETH or FIAT of the presale participants will also be received before the public token sale.
Calculation of FND tokens to be vested:
FND tokens to be vested = amount of FND tokens * percentage to be vested.
Calculation of FND tokens to be assigned to beneficiary address
FND to assign to beneficiary address = amount of FND tokens - FND tokens to be vested
The tokens that have to be vested are assigned to the vesting wallet and can be withdrawn after a period of 6 months by the beneficiary address.
Callable is now duplicated across ClaimRepository and FundRepository. Move this to a separate class.
The tokens will already be generated and distributed to participants to the presale. The token contract will thus have to support multiple funding rounds. To support this the presale contract will need to have a number of functions.
function removePrecondition(uint _index) external onlyOwner {
delete preconditions[_index];
}
Removed item from the array
Empty gap
Try to add and then remove the precondition. The size of an array does not change after removal.
As there is a function that iterates over this array:
for (uint idx = 0; idx < preconditions.length; idx++) {
....
}
If the array grows very large, the loop could exceed the block gas limit and fail.
If we deploy a new version of the token, we need to give everyone new tokens that can be used in the alpha environment.
Next to the token, if we're deploying on rinkeby, also deploy a faucet contract.
functional requirements:
balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);
balances[_to] = balances[_to].add(_value);
balances[_from] = balances[_from].sub(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);
Reorder these lines as substraction should always come before the addition to make your code more secure against re-entrancy attacks.
Also, please make sure that this correctly done in other functions.
Good example:
https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/StandardToken.sol
As FundRequest we want our community to audit the FundRequest contracts to make sure we get the best audit possible.
Only FundRequest platform contracts:
https://github.com/FundRequest/contracts/tree/master/contracts/platform
Find a Major security breach
A major security breach qualifies as an issue in the FundRequest production code base that can cause:
- a loss of funds;
- a loss of control over the smart contracts;
- an outage of the production environment;
The first reward is $10 000 in FundRequest tokens (FND), for each subsequent major security issue the bounty is lowered by $1 000 in FundRequest tokens (FND).
https://github.com/FundRequest/contracts/blob/develop/vulnerabilities.md
During the public token sale whitelisted participants will be able to transfer ETH to the FundRequest token sale contract and receive FND tokens in exchange.
The goal of this story is to implement the functions of the token sale contract that are needed during the token sale.
It has to be possible to pause and unpause the token sale contract.
The token sale contract contains a list of whitelisted ETH addresses. It has to be possible to add an extra address.
In the first round of the public token sale there will be a max cap per person. It is not allowed to transfer more .
When the first round is ended and a user transfers ETH, there will not be checked on max. cap per person when a user transfers ETH. A person can transfer any amount of ETH to the token contract as long as it does not make the hard cap exceed.
There is a hard cap. As soon as this hard cap is reached it will no longer be possible to transfer any ETH to the token contract.
Note that the user can make multiple transfers from his contract. The sum of the ETH has to be compared to the personal cap.
See attachement.
Create a travis configuration for this solidity-based repository, so we can have a decent CI
db.setUint(keccak256("claims.count"), db.getUint(keccak256("claim.count")).add(1));
The count of claims should be incremented by 1.
The count of claims stays at 1 forever. Indeed, the incorrect key is used to retrieve the basis to be incremented by 1. It should be "claims.count"
on both sides. I recommend using enums to flag this at compilation time.
Call addClaim
several times. Then call getClaimCount
: il will not have evolved.
When trying to refund following issues, the transaction fails:
Hello there
I have noticed there is (Broken Authentication and Session Management) bug in your website.
POC:
Steps:
We have to use two browser (Browser A) and (Browser B)
1 : Open (Browser A) and go to "https://key.fundrequest.io/auth/realms/fundrequest/protocol/openid-connect/auth?response_type=code&client_id=fundrequest_dev&redirect_uri=https%3A%2F%2Ffundrequest.io%2Fsso%2Flogin&state=efff0a99-79e7-4c60-a883-12ebaeb384e7&login=true&scope=openid" and login your " fundrequest" account with your valid email and password.
2 : Open (Browser B ) and (Similarly) go to "https://key.fundrequest.io/auth/realms/fundrequest/login-actions/reset-credentials?client_id=fundrequest_dev&tab_id=M58shjzspTU&response_type=code&client_id=fundrequest_dev&redirect_uri=https%3A%2F%2Ffundrequest.io%2Fsso%2Flogin&state=efff0a99-79e7-4c60-a883-12ebaeb384e7&login=true&scope=openid" and get a password reset token .
3 : Suppose (Browser A is an shared computer's browser, and you left your account logged in at that computer. Then you changed your account password from (Browser B). By getting a password reset token link Now Go to (Browser B) and change your account password.
Step 4 : When you change your account password at (Browser B) , the session at (Browser A ) should expire and the account should automatically logged out.
Step 5 : Go to (Browser B ) , and visit your account page and refresh the page.
**You will notice that even after changing the account password at (Browser B) , the session at (Browser A) didn't expired which can cause major problems. And also after that you can change user information's.
Impact
Authentication and session management includes all aspects of handling user authentication and managing active sessions. Authentication is a critical aspect of this process, but even solid authentication mechanisms can be undermined by flawed credential management functions, including password change, forgot my password, remember my password, account update, and other related functions. Because “walk by” attacks are likely for many web applications, all account management functions should require re-authentication even if the user has a valid session id.
As part of the upgradability, we want to be able to migrate tokens on the Fundrequestcontract to a new Fundrequestcontract.
We want cryptoprojects that have their own ERC-20 token to be able to fund issues in their own ERC-20 token. Though the use of en ERC-20 token is limited to the repositories of the project itself.
Currently it is only possible to fund an issue in FND tokens
An admin has to be able to link Github repositories with an ERC-20 token in the FundRequest smart contract. Only when this link exists the user can use the specified ERC-20 token to fund issues in the specified GitHub repository.
And admin can also remove the link between an ERC-20 token and a Github repo from the FundRequest smart contract.
The FND token can always be used to fund an issue in any Github repository!
Whenever the FundRequest platform smart contract receives a call to fund an issue in another token as the FND token the contract checks if it is allowed to fund this issue with the ERC-20 token that is sent. If the configuration allows the use of the token the transaction succeeds, else the transaction fails.
Add refund functionality
During the presale and the public tokens sale the donators will receive FND tokens in exchange for the ethers they have donated. The functionality to do so is developed in previous stories.
When the FND for a donator are generated and transfered to his account, the mint agent also has to mint extra FND tokens to assign to the different allocations. The generation and allocation of these extra tokens is the scope of this user story.
When the assignTokens() function on the token sale contract is called, step 3 to 6 also have to be executed.
During the token sale for every ETH transferred to the token sale contract to following allocations are made:
When the function assignTokens() is called with for example 4500 FND tokens assigned to the donator, the allocation is as follows:
During the Crowdsale it shouldn't be possible to transfer the ownership, otherwise, it could not go well.
// Create initially all balance on the team multisig
balances[owner] = totalSupply;
As FundRequest we want our community to audit the FundRequest contracts to make sure we get the best audit possible.
Only FundRequest platform contracts:
https://github.com/FundRequest/contracts/tree/master/contracts/platform
Find a minor security breach
A minor security breach qualifies as an issue in the FundRequest production code base that is not a major security breach and can cause:
- a loss of data;
- corruption of data;
Each unique minor security breach is rewarded with $250 in FundRequest tokens (FND)
https://github.com/FundRequest/contracts/blob/develop/vulnerabilities.md
In the past, we chose for the TokenMarket model.
In this spike, we'll create the entire token model, including existing crowdsale contract using the Minime architecture.
Rewrite entire architecture using minime
Write Blogpost about our differences
Choose our own architecture based on the findings
require(multisigWallet != address(0));
require(startsAt <= endsAt);
function() payable {
revert();
}
if(multisigWallet == 0) {
throw;
}
if(startsAt >= endsAt) {
throw;
}
function() payable {
throw;
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.