We do not plan to change the implementation mentioned in L01 - block.timestamp possibly manipulated by miners. Even though a miner could try to set a different timestamp for e.g. the release function, it's almost impossible to set the block.timestamp to far into the future, as these blocks will likely be rejected by the network (nodes will not validate blocks whose timestamps are in the future). The miner could only, in a very unlikely case, cheat the release of launched tokens by some minutes max. We are okay with risking, that in an unlikely case of a miner trying to release launched tokens a few minutes earlier. This does not require a different implementation as other implementations would just come with other risks. Even though we have evaluated other ways of determining time, including using chainlink oracles, this alternative bears it's own risk namely a stop of feeding data by the data providers, which could lead to a state where the launchpad never ends because that particularly used feed stops reporting (being updated).
10xSebastian
commented
3 years ago
We do not plan to change the implementation mentioned in L01 - block.timestamp possibly manipulated by miners. Even though a miner could try to set a different timestamp for e.g. the
releasefunction, it's almost impossible to set the block.timestamp to far into the future, as these blocks will likely be rejected by the network (nodes will not validate blocks whose timestamps are in the future). The miner could only, in a very unlikely case, cheat the release of launched tokens by some minutes max. We are okay with risking, that in an unlikely case of a miner trying to release launched tokens a few minutes earlier. This does not require a different implementation as other implementations would just come with other risks. Even though we have evaluated other ways of determining time, including using chainlink oracles, this alternative bears it's own risk namely a stop of feeding data by the data providers, which could lead to a state where the launchpad never ends because that particularly used feed stops reporting (being updated).Mitigates N01 - Cannot use address(0) -> HERE
L02 - Verify if address is zero has already been fixed -> HERE
N02 - Change Solidity version to save gas & manage bug fixes has already been fixed -> HERE