Duplicate method staker_info

EthereumCommonwealth / Cold-staking

BSD 4-Clause "Original" or "Old" License

21 stars 19 forks source link

Duplicate method staker_info #11

Closed k06a closed 5 years ago

k06a commented 5 years ago

This method: https://github.com/EthereumCommonwealth/Cold-staking/blob/863846e510299b8cb07bab38c0b60d1bd78e9947/ColdStaking.sol#L226

Is already exist because of this line: https://github.com/EthereumCommonwealth/Cold-staking/blob/863846e510299b8cb07bab38c0b60d1bd78e9947/ColdStaking.sol#L76

Public property auto-generates getter:

function staker(address staker) public constant returns(uint _amount, uint _time);

Auditing smart contracts in live stream: https://www.youtube.com/watch?v=efZY3_COaiE

Your CryptoManiacs :)

Dexaran commented 5 years ago

Confirmed.

I can classify this as a minor observation, non-security issue (10,000 CLO) because this does not pose a threat of losing funds for users.

Please, provide your ETH/CLO address.

However, it was stated that you should keep your reports private until the end of security audit https://github.com/EthereumCommonwealth/Roadmap/issues/52

bugbounty

The reward will be evaluated after the end of the security audit.

k06a commented 5 years ago

@Dexaran sorry about that (my public reports), but I mistakely decided such non-critical issues should be public to avoid duplicates.

This contributions were the part of our public live stream smart contract audits, which help people to understand smart contracts logic better. So any reward is welcome, thank you :)

Wallet: 0x083fc10cE7e97CaFBaE0fE332a9c4384c5f54E45

Dexaran commented 5 years ago

@k06a

sorry about that (my public reports), but I mistakely decided such non-critical issues should be public to avoid duplicates.

The issue with public reports is that we are running an official audit of this contract at the same time by our auditing team. We keep all audit reports and we may assign penalties if an auditor failed to report some issues. Now they can just copy&paste everything from here. However, it is not a great problem. Even more, there were no major issues yet.

This contributions were the part of our public live stream smart contract audits, which help people to understand smart contracts logic better.

Yeah, I've seen the link. At the end of bugbounty I will write a summary and it is likely that it will be published at Callisto blog. I can provide some links to your channel or any other resources if you would like it.

Dexaran commented 5 years ago

Paid https://explorer2.callisto.network/tx/0xd94e40e07600c87fe70eae8f009a490660e4d9ebb81ae90aa55fa3194e49118d

k06a commented 5 years ago

@Dexaran thanks!