pauliax
commented
5 years ago I am reviewing the smart contracts
EDIT Found potential issues:
-
Contract HydroLottery, function buyTicket() has a comment: "Note, you can only buy 1 ticket per lottery for now." However, I do not see any restrictions that would prevent me from buying more than 1 ticket for the same lottery.
-
How the winner is supposed to claim his winnings? Function releaseWinnerReward() is never called and it can only be called by Hydro Lottery.
-
I hope you won't leave function getMoreTokens() in the mainnet version, as it allows minting as many tokens as you want.
milvinae
web3abhi
Project Details
The Hydro Community Development Program (HCDP) is an initiative to more heavily involve the Hydro community in the ongoing decentralization and global expansion of the Hydro blockchain ecosystem. This task is to evaluate the current master state of the Solidity code in the the various community built Smart Contracts, in order to identify any areas of potential improvement.
A list of the smart contracts open for audit can be found here - https://github.com/HydroBlockchain/SmartContractReview
What are the deliverables? A thorough document detailing the code review. The document should contain, at minimum, the following sections:
Security,Syntax,Extendability,Functionality,Gas Usage, orOther), a description of the finding, relevant code location(s), severity (Low,Medium, orHigh), and a recommendation for potential improvement.Examples of a smart contract review can be found here - https://github.com/HydroBlockchain/SmartContractReview/blob/master/ClementDAAudit.pdf
and here - https://github.com/HydroBlockchain/SmartContractReview/blob/master/auditDA.pdf
Bounty Structure / How you a user can earn Hydro?
The 800,000 Hydro reward is reserved for the code review of one smart contract and will be released to the developer once the task is complete and the audit has been reviewed. Only one auditor can review any one smart contract for the 800,000 HYDRO reward.
An ongoing testing bounty will be open for claims by anyone in the community who can find severe issues within any of the smart contracts within 3 months of the audit. Each issue that is verified and is severe enough to require action will reward the discoverer with a maximum of 20,000 hydro.
It should be noted that the severity of the issue is at our discretion, and only medium to critical errors, not warnings, will liable to receive the reward.
Timeframe? The 800,000 HYDRO reward is reserved for one developer per smart contract and delivery should be within one week.
The 20,000 HYDRO reward will remain open for any of the smart contracts for a period of three months after an audit is complete
Submission process? First, comment on this issue to declare your willingness to complete the task and declare what smart contract it is that you wish to audit. Next, fill out the Smart Contract Audit Claim Form. We will evaluate candidates factoring in their qualifications, Github activity, and the order in which they expressed interest.
Should any developer find any verified errors or improvements (that require action) within any of the smart contracts code after the audit has been completed they should add the issue in the comments below.
Should this issue be verified and require action than they shall be receive a 20,000 HYDRO reward. It should be noted that the severity of the issue is at our discretion, and only medium to critical errors, not warnings, will liable to receive the reward