chhajershrenik
commented
1 year ago @Enduracoin Please add @yuriy77k to the repository. So that he can provide you with the payment details.
Closed Enduracoin closed 1 year ago
chhajershrenik
commented
1 year ago @Enduracoin Please add @yuriy77k to the repository. So that he can provide you with the payment details.
Enduracoin
commented
1 year ago Hello, @yuriy77k has been added as a collaborator to the repository.
chhajershrenik
commented
1 year ago @Enduracoin Thank you, please wait for his response he will follow up with your team.
yuriy77k
commented
1 year ago Hello @Enduracoin The audit fee is 1200 USDT. You may send USDT (ERC20 or BEP20) to: 0x6317c6944bd1cD3932d062cce39d7Fd602119529 (valid for Ethereum and Binance Smart Chain)
The estimated auditing time - is 7 days after payment.
Callisto audits were moved to another repository: https://github.com/CallistoSecurity/Smart-contract-auditing/issues
Please, use it for creating audit request.
Enduracoin
commented
1 year ago Hello @yuriy77k,
I have submitted the payment to 0x6317c6944bd1cD3932d062cce39d7Fd602119529.
I have also recreated the audit request at the new URL provided: https://github.com/CallistoSecurity/Smart-contract-auditing/issues/5
It is request #5.
Enduracoin
commented
1 year ago Hello @yuriy77k and team,
I received an email from a Kunal Mishra with Github username of Kunalmishra1999. The subject line of the email reads, "Enduracoin audit contest". However, there is no other information in the body of the email, no instructions, etc.
Is Kunal Mishra a member of your audit team and a part of the Enduracoin audit? If so, are there any actions that I need to take?
Sincerely, @Enduracoin
yuriy77k
commented
1 year ago Hello @Enduracoin Yes, he is our new junior auditor. He was not assigned to the Enduracoin audit, so you don't need to do any action. Sorry for inconvenience.
Enduracoin
commented
1 year ago Hello @yuriy77k and team,
I sent the following note 3 days ago to the https://github.com/CallistoSecurity/Smart-contract-auditing request #5 location but haven't heard back. Is everything ok?
Message sent Sunday June 25... "Hello @yuriy77k and team,
I have uploaded updated code with respect to your findings. Some code was removed from the token contract and some code was added to the value contract. Some of the additions were separated into 2 additional files. Readme info has been added as well. Shall I make the re-audit payment to the same address as before (0x6317c6944bd1cD3932d062cce39d7Fd602119529) in USDT?"
Candicelaney2021
commented
1 year ago yuriy77k
commented
1 year ago This request was moved to the Callisto Security repository: https://github.com/CallistoSecurity/Smart-contract-auditing/issues/5
Audit request
... Briefly describe your smart-contract and its main purposes here ...
Hopefully this will be a simple one for you. This request consists of two primary files:
1.) EnduracoinToken.sol which is our ERC20 token contract. It is built upon the OpenZeppelin 4.8.3 contracts release and Solidity compiler version 0.8.20. It's fairly simple and self-explanatory with no significant deviations from the OZ 4.8.3 version contracts.
We have overridden the burn, burnFrom, transferOwnership and renounceOwnership methods to apply onlyOwner execution permissions. A "safetyLock" has been applied as an extra step for our internal team processes. We've also implemented the pause and unpause methods.
and
2.) EnduracoinValue.sol which is a ERC20 contract that is used to convey a value of our product via ongoing daily calculations. This contract provides the ability for the conveyed value to be modified via the setDailyValueGainAdjustment and setBaseValueAdjustment methods with corresponding events for each. The conveyed value is presented as a string value representing a decimal number for easy interpretation. This contract also implements a "safetyLock" which has been applied as an extra step for our internal team processes. This contract does not receive, hold nor transfer any tokens.
The OpenZeppelin 4.8.3 contracts that we've used are included in the @openzeppelin/contracts@4.8.3 locations in our repo and can be accessed via the following URL: https://github.com/Enduracoin/EnduracoinToken/tree/main/%40openzeppelin/contracts%404.8.3
Source code
... Give a link to the source code of contracts ...
The source repo we've created for this audit is located at https://github.com/Enduracoin/EnduracoinToken It is currently in a private repo so please email us the github username or email address for the auditors to receive access that we may grant that access and add as a collaborator for this repo. You can email us at troy@enduracoin.org.
Payment plan
... Write [x] at the checkbox of the payment plan that suits your needs ...
Disclosure policy
... Do you want us to publish the report as it is or to notify you privately in case of finding critical mistakes? ...
If no findings you may publish the report. If there are findings, please notify us privately that we may remedy and resubmit to pass before publishing. Thank you.
... provide your conditions for publishing the report or leave only standard disclosure policy link ...
If no findings you may publish the report. If there are findings, please notify us privately that we may remedy and resubmit to pass before publishing. Thank you.
Standard disclosure policy.
Contact information (optional)
Please send all correspondence of results, findings and recommendations to troy@enduracoin.org
... Provide information to contact you or the smart contract-developer in case high severity issues will be found ...
Please send all correspondence of results, findings and recommendations to troy@enduracoin.org
... Provide information about the media resources of the project you want us to audit (website/ twitter account/ reddit/ telegram channel/ etc.) ...
I'm not quite sure what this is asking and apologies if this isn't what you're looking for. Feel free to contact us for clarification if this answer isn't what you're asking...
Assuming there are no findings you may communicate the report to whatever media resources you would commonly publish to. However, if there are findings, please notify us privately that we may remedy and resubmit to pass before publishing. We will disclose our results upon successful notification via our website, enduracoin.org and via our Twitter account, @Enduracoin, and via Etherscan.io. There is no direct tie to our code and any media resource operations.
Platform
... In which network will your contract be deployed? (EOS/TRX/ETC/ETH/CLO/UBQ/something else ) ...
ETH - Ethereum Mainnet
Thank you.