search

ether-camp / virtual-accelerator

17 stars 19 forks source link

Bug in DSTContract.sol submitHKGProposal #10

Open kpii opened 7 years ago

kpii commented 7 years ago

In submitHKGProposal() the parameter requestValue is an amount in HKG. According to the whitepaper, it should be "possible to request up to 20% of the HKG funds every 2 weeks".

The corresponding check in the code should compare requestValue with the HKG balance of the contract (e.g. using getHKGOwned()).

However, on lines 392 and 397 requestValue is checked against preferedQtySold which is a value in DST tokens.

If preferedQtySold is higher than the HKG balance this allows to submit a proposal for a higher amount, up to the full HKG balance of the contract.

romanman commented 7 years ago

@mkalinin : do you think it is duplicate?