search

dossinstitute / sidequest

Apache License 2.0
0 stars 0 forks source link

Security and Validations for Interaction Verification #8

Open Fr0z0n3 opened 2 weeks ago

Fr0z0n3 commented 2 weeks ago

Ticket: Security and Validations for Interaction Verification

Title: Solidity Contract for Security and Validations in Interaction Verification

Description: Enhance the existing Solidity contract to ensure it only accepts valid QR code scans linked to events, validates the uniqueness of QR code scans, and prevents re-entrancy attacks or other security vulnerabilities.

Acceptance Criteria

  1. Contract Deployment
    • The contract should be deployable on the Ethereum blockchain.
    • The contract should initialize with zero interactions recorded.
  2. QR Code Interaction Submission
    • Users must be able to submit a QR code scan (interaction).
    • Each interaction must include the event ID and the attendee’s wallet address.
    • The contract should store interactions securely and validate their uniqueness.
  3. Interaction Validation
    • The contract should validate the interaction to ensure it includes a valid event ID and wallet address.
    • Duplicate interactions for the same event and attendee should be prevented.
  4. Security Enhancements
    • Implement checks to prevent re-entrancy attacks and other common security vulnerabilities.
    • Ensure the contract uses best practices for Solidity development to secure user data and interactions.
  5. Admin Functions
    • Only the admin should be able to manage event IDs and interaction data.
    • The admin should be able to review and manage interactions if necessary.
  6. Events
    • Events should be emitted for each QR code interaction submission and validation.

Solidity Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract InteractionVerification {
    struct Interaction {
        uint eventId;
        address attendee;
        bool isValid;
    }

    address public admin;
    uint public interactionCount;
    mapping(uint => Interaction) public interactions;
    mapping(uint => mapping(address => bool)) public eventAttendees;

    event InteractionSubmitted(uint interactionId, uint eventId, address attendee);
    event InteractionValidated(uint interactionId, uint eventId, address attendee);

    modifier onlyAdmin() {
        require(msg.sender == admin, "Only admin can perform this action");
        _;
    }

    modifier nonReentrant() {
        uint _interactionCount = interactionCount;
        _;
        require(_interactionCount == interactionCount, "Reentrancy attack detected");
    }

    constructor() {
        admin = msg.sender;
        interactionCount = 0;
    }

    function submitInteraction(uint _eventId) public nonReentrant {
        require(!eventAttendees[_eventId][msg.sender], "Interaction already submitted for this event");

        interactionCount++;
        interactions[interactionCount] = Interaction({
            eventId: _eventId,
            attendee: msg.sender,
            isValid: true
        });

        eventAttendees[_eventId][msg.sender] = true;

        emit InteractionSubmitted(interactionCount, _eventId, msg.sender);
        emit InteractionValidated(interactionCount, _eventId, msg.sender);
    }

    function validateInteraction(uint _interactionId) public view returns (bool) {
        Interaction memory interaction = interactions[_interactionId];
        return interaction.isValid;
    }

    function invalidateInteraction(uint _interactionId) public onlyAdmin {
        interactions[_interactionId].isValid = false;
    }

    // Function to get interaction details
    function getInteraction(uint _interactionId) public view returns (uint eventId, address attendee, bool isValid) {
        Interaction memory interaction = interactions[_interactionId];
        return (interaction.eventId, interaction.attendee, interaction.isValid);
    }
}

Test Cases

  1. Deployment:
    • Deploy the contract and verify the admin, interactionCount, and initial state of interactions.
  2. QR Code Interaction Submission:
    • Submit a new interaction with a valid event ID.
    • Verify the interaction is stored with the correct event ID and attendee's wallet address.
    • Emit InteractionSubmitted and InteractionValidated events.
  3. Interaction Validation:
    • Validate an interaction to ensure it is marked as valid.
    • Prevent duplicate interactions for the same event and attendee.
  4. Security Enhancements:
    • Implement and test the nonReentrant modifier to prevent re-entrancy attacks.
    • Verify the contract follows best practices for Solidity development to ensure security.
  5. Admin Functions:
    • Invalidate an interaction and verify its status is updated.
    • Ensure only the admin can perform interaction invalidation.
  6. Events:
    • Emit appropriate events for interaction submission and validation.
  7. Edge Cases:
    • Test behavior when attempting to submit duplicate interactions for the same event and attendee.
    • Ensure the contract handles multiple interactions and validations correctly.
    • Verify no unauthorized users can invalidate interactions.
wvwatson commented 2 weeks ago

points: 1, 2, 3, 5, 8, 13, 21

@russlive215 13 @Fr0z0n3 13 @noireconnect2024 8 @wvwatson 13 @tierra-d 8

points: 13