Open hats-bug-reporter[bot] opened 1 month ago
If you encounter any “real issues” in the current contracts that should be addressed with the transition to Ink! 5.0.0, please let us know.
If you encounter any “real issues” in the current contracts that should be addressed with the transition to Ink! 5.0.0, please let us know.
Agreed, if you find any specific issues that are security related, we will gladly pay out on this and upgrade to 5.0 😄
Not really a bug here
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0x68daf21c22efad1ffc95b8f018d14bc379ac77e31c87a78076d5a8a8332f2440 Severity: low
Description: Description\
ink!
has released version 5.0.0 which comes with several fixes and changes from last version v4.3.0. ink!ink!
had be extensively audited by Openzeppelin and few High, Medium and low severity issues were found in OZ audit and theink!
5.0.0 fixed it before official release. Openzeppelin audit report can be checked hereThe
kintsu
ink contracts have used version4.3.0
which can be checked and confirmed fromcargo.toml
.V4.3.0 had few bugs which are fixed in v5.0.0 and in the context of the Kintsu contracts, the following are the functionalities/features which would be benefitted.
The whole v5.0.0 changelog can be checked at https://github.com/use-ink/ink/releases/tag/v5.0.0
1)
Kintsu
contracts have used events for transparency and for users on chain information. The version v5.0.0 brings changes to Events in the form ofEvents 2.0
and the details can be checked here. v5.0.0 allows sharing events between contracts. Events have been used in almost all inscope contracts.2)
nomination_agent
andvault
contract allows to upgrade via set_code_hash function. With version 5.0.0, theset_code_hash()
is made generic. More details can be checked here3)
nomination_agent
contracts has made use ofcall_runtime
. At version 4.3.0, thecall_runtime
wasunstable
and it can be checked here and now with ink! 5.0.0, This host function is now stabilized in the pallet. More details can be checked hereand so on...
Recommended Mitigation steps\ Best security practice to avoid using versions which has bugs and lack features. It is recommended to use
ink!
version 5.0.0 instead of4.3.0
. It is more evident that, upgrading to version5.0.0
has indeed more benefits along with new features, less contract size and few optimizations.