fundrequest / vesting-wallets Goto Github PK
View Code? Open in Web Editor NEWVesting Wallets in Solidity
Vesting Wallets in Solidity
6.1.8
to 6.2.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
ganache-cli is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 28 commits.
93dadb1
6.2.0
4759eab
Update ganache-core to 2.3.0
d84c9e6
6.2.0-beta.0
1c80923
move these dev dependencies to devDependencies
17a7de7
ignore perf dir when publishing to npm
27cda62
Merge branch 'develop'
4a25106
Update docker build to use shrinkwrap file and node 10-lts
ed0c27e
shrinkwrap deps
671824a
Update ganache-core to beta
cf4384e
Merge pull request #581 from martianov/add_time_to_cli_args
a89bd86
add time arg to readme
f598676
Merge branch 'develop' into add_time_to_cli_args
8d3e958
Improve readme formatting
3f6ac8e
Replace bit.ly link with direct link in readme
8215ccf
Add Option for HTTP Server keepAliveTimeout (#583)
There are 28 commits in total.
See the full diff
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
VestingWallet#registerVestingSchedule
registers the vesting schedule and
assumes the _depositor will transfer tokens to vest. If this second implied transaction
does not occur or it transfers fewer tokens than the vesting schedule defines, some token
recipients will be unable to withdraw funds.
Impact: Potential loss of funds
Feasibility: High, can occur due to poor internal communication.
Mitigation: Redesign this into an approval flow where a vesting schedule does not become
valid/active until a corresponding deposit is made (or there already exists an appropriate
deposit).
1.1.9
to 1.1.10
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
solium is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
There are no guards to prevent the _percentage argument from exceeding 100%. A
mistake or typo by the contract owner will not be caught, and will allocate more tokens than
intended. As a result, the recipient of the created schedule will be able to withdraw more
tokens than intended or allotted. Other vesting recipients may be unable to withdraw tokens
as a result.
Impact: Potential loss of funds
Feasibility: High, can occur with simple typo.
Mitigation: Add require(_percentage <= 100); between lines 98 and 99 in
VestingWallet#registerVestingScheduleWithPercentage
Synopsis: When registering a vesting schedule and subsequently performing a
corresponding deposit, funds that are deposited over the sum of all existing vesting
schedules become inaccessible. Recovering those funds requires a new vesting schedule
for the extraneous amount to be created then calling VestingWallet#endVesting to
recover the funds.
Impact: Temporary locking of funds with reconciliation workflow possibly leading to
additional user input mistakes.
Feasibility: High, can occur with simple typo.
Mitigation: Implement a method that explicitly balances the deposit amount to match the
sum of all vesting schedules, refunding the remainder to the owner of the vesting wallet in
order to reduce the complexity of recovering from over-deposit and mitigate further mistakes.
This audit
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.