yudetamago
commented
6 years ago Thanks for your report, @samczsun!
You're absolutely right...... We will insert require statement in top of this function.
Open samczsun opened 6 years ago
yudetamago
commented
6 years ago Thanks for your report, @samczsun!
You're absolutely right...... We will insert require statement in top of this function.
minicoohei
commented
6 years ago Thanks for your participation,@samczsun Our team has reviewed your submission, and we are pleased to reward you for your report.
Impact:High Points: 500
Please see the final leaderboard here.
Currently, anyone can cancel anyone else's exchange and take ownership of their crystal.
https://github.com/cryptocrystalio/cryptocrystal-bounty/blob/118cd744ffc2d8ff0682ef063843c4704133fab5/contracts/CryptoCrystal.sol#L423-L428
Solution:
msg.sendershould be compared with the creator of the exchange.