witnet / vrf-solidity Goto Github PK

View Code? Open in Web Editor NEW

96.0 96.0 31.0 348 KB

Verifiable Random Function (VRF) library written in Solidity

License: MIT License

JavaScript 41.28% Solidity 58.72%

vrf-solidity's People

Contributors

Stargazers

Watchers

vrf-solidity's Issues

Test with failure

I try to test the VRF verify by invoking the VRF contract with web3.py, but encounter the revoked error in ganache. I can't figure it out, maybe you know the cause？Thanks.

Comments Specification Mismatch

Red4Sec issue 16:

VRF-solidity\contracts\VRF.sol:68-70 - The logic specified in the comment does not match the implementation of the code.

Add option to validate proofs using ECRECOVER

Integrate scalar decomposition in Secp256k1 library

After completing elliptic-curve-solidity #7, scalar decomposition should be integrated into the vrf-solidity library as it will contribute to gas cost reduction.

Refactor as internal library

Update usage of elliptic-curve-solidity library
Modify contract to be a library with internal methods
Update tests
Update gas cost report
Release new version to npm

Handle library edge cases

The library needs to take into account invalid input parameters of functions:

Perform code review for vrf-solidity

This issue aims to analyze (with the proper auditing tools) the potential vunerabilities that the library might have.

Fix errors from code review

Code Review

Tool used: SmartCheck

Errors found

Summary:

·-----------------------------------------------·--------------·
|                Error Type                     |  Occurences  |
································································
| Compiler version not fixed                    |           6  |
································································
| Pure-functions should not read/change state   |           3  |
································································
| Prefer external to public visibility level    |           2  |
································································
| Use of assembly                               |           3  |
································································
| Implicit visibility level                     |           6  |
·-----------------------------------------------·--------------·
| TOTAL                                         |          20  |
·-----------------------------------------------·--------------·

Compiler version not fixed

File: test/TestHelperVRF.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32
File: test/TestHelperInternals.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32
File: benchmark/VRFGasHelper.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32
File: contracts/Migrations.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32
File: contracts/Migrations.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32
File: contracts/VRF.sol
Lines: 1-1
Severity: 1
Pattern id: 23fc32

Pure-functions should not read/change state

File: contracts/VRF.sol
Lines: 217-228
Severity: 1
Pattern id: 11314f
File: contracts/VRF.sol
Lines: 193-212
Severity: 1
Pattern id: 11314f
File: contracts/VRF.sol
Lines: 315-347
Severity: 1
Pattern id: 11314f

Prefer external to public visibility level

File: contracts/Migrations.sol
Lines: 15-17
Severity: 1
Pattern id: 73ufc1
File: contracts/Migrations.sol
Lines: 19-22
Severity: 1
Pattern id: 73ufc1

Use of assembly

File: contracts/VRF.sol
Lines: 221-224
Severity: 1
Pattern id: 109cd5
File: contracts/VRF.sol
Lines: 340-344
Severity: 1
Pattern id: 109cd5
File: contracts/VRF.sol
Lines: 199-204
Severity: 1
Pattern id: 109cd5

Implicit visibility level

File: contracts/VRF.sol
Lines: 26-26
Severity: 1
Pattern id: b51ce0
File: contracts/VRF.sol
Lines: 22-22
Severity: 1
Pattern id: b51ce0
File: contracts/VRF.sol
Lines: 30-30
Severity: 1
Pattern id: b51ce0
File: contracts/VRF.sol
Lines: 28-28
Severity: 1
Pattern id: b51ce0
File: contracts/VRF.sol
Lines: 20-20
Severity: 1
Pattern id: b51ce0
File: contracts/VRF.sol
Lines: 24-24
Severity: 1
Pattern id: b51ce0

code readibility

VRF-solidity\contracts\VRF.sol:31-37 - Same as the previous example. Notice that
calls to this function should not interfere with the blockchain. If a contract function calls it,
could expose private information.

Improve Secp256k1 multiplication by using simultaneous scalar multiplication

Implement a Secp256k1 arithmetic function that follows the equation R = aP + bQ and uses simultaneous scalar multiplication in order to make it gas-effective.

Performance improvement by user-provided CTR variable

The user could provide which CTR values provides a valid H EC point. As consequence the contract does not have to iterate until it finds a valid point.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.