search

erasureprotocol / erasure-protocol

Information wants to be expensive
https://erasure.world/
MIT License
164 stars 27 forks source link

[OneWayGriefing] Fix increaseStake() such that funds are taken from msg.sender #137

Closed thegostep closed 5 years ago

kenchangh commented 5 years ago

@thegostep should this apply to the punish function too?

Currently the punish function looks like this:

function punish(address from, uint256 currentStake, uint256 punishment, bytes memory message) public returns (uint256 cost) {
        // restrict access
        require(isCounterparty(msg.sender) || Operated.isActiveOperator(msg.sender), "only counterparty or active operator");

        // execute griefing
        cost = Griefing._grief(from, _data.staker, currentStake, punishment, message);
    }

So if we were to change it to use msg.sender, it would look like this:

function punish(uint256 currentStake, uint256 punishment, bytes memory message) public returns (uint256 cost) {
        // restrict access
        require(isCounterparty(msg.sender) || Operated.isActiveOperator(msg.sender), "only counterparty or active operator");

        // execute griefing
        cost = Griefing._grief(msg.sender, _data.staker, currentStake, punishment, message);
    }
thegostep commented 5 years ago

The stronger assumption of always taking funds from msg.sender is necessary to avoid relying on approval amounts to control access to funds on the contract