orenyodfat
commented
4 years ago - one option will be to do DAOFactory.createInstance("Competition") with no(null) init params ,so it will instance a new Competition without initilize it.
Closed dOrgJelli closed 4 years ago
orenyodfat
commented
4 years ago 
dOrgJelli
commented
4 years ago
- one option will be to do DAOFactory.createInstance("Competition") with no(null) init params ,so it will instance a new Competition without initilize it.
If you do this, isn't there a security risk of the competition's initialize function callable by anyone, before you initialize it yourself?
ben-kaufman
commented
4 years ago Well not really a security risk. You will know if something like that has happened, and it's costly "attack" (mining fees...) with no reward, as you'll just deploy another Competition. So worst case it could force you to do some redeployment, but it is very unlikely as an attacker will need to listen to the blockchain and wait for a tx with this specific bytecode, then send immediatly a transaction before you get to send your initialize tx.
orenyodfat
commented
4 years ago fixed by #746
While implementing the SchemeFactory within the client library, we ran into an issue: a SchemeFactory proposal cannot add a competition scheme to the DAO.
The process that's required to deploy a competition scheme is as follows:
DAOFactory.createInstance("Competition")1.a. Save the address of the competition instanceSchemeFactory.propose("ContributionRewardExt", initParams)2.a. NOTE:initParamshas competition's address in it as "rewarder"FAILURE: step 3 is impossible, since the initialize function on competition can only be called during the initial creation process of the contract (if I'm not mistaken).
@orenyodfat am I understanding this correctly?