Review the Bloom Smart Contract documentation for inaccuracies, clarity or errors

dereksilva commented 5 years ago

Read the documentation found at https://bloom.co/docs/contracts/accounts. Answer the following questions and submit your answers as a comment on this issue.

In your own words, describe a high-level overview of Bloom's smart contract architecture.
Identify any inaccuracies in the documentation when compared to the solidity code on GitHub
Identify any sections of the documentation that lack clarity
Identify any typos in the documentation

This bounty is intended to cover the docs at the following locations:

Submissions will be reviewed by the Bloom team and rewards will be issued according to the judged effort, accuracy and impact.

Here is our bug bounty payment rubric/guideline: bloom-dev-bounty-rubric

gitcoinbot commented 5 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

This issue now has a funding of 0.3 ETH (33.95 USD @ $113.15/ETH) attached to it as part of the Bloom Protocol fund.

If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $35,530.98 more funded OSS Work available on the Gitcoin Issue Explorer

tpscrpt commented 5 years ago

The docs are quite confusing: when I read core/contracts/AccountRegistryLogic.sol, I'm under the impression that those functions and structures are "Account Registry" in the docs (not "Account Registry Logic". I would expect events like InviteAccepted to be in AccountRegistryLogic.sol.

The Bloom Platform Account Smart Contract provides two layers.

The first layer, Account Registry, is responsible for storing a mapping of addresses to BloomIDs (linkId), which are UIDs provided to each new registered user.

The other layer, Account Registry Logic, is detached from storage functions, exposes public user account management functions and can be upgraded.

To join the registry, invite functions are offered. To create an invite, the registered user must sign his registered address with a private key, then share that private key with an unregistered user who then signs their own unregistered address and submits it to become registered.

To link an additional address with an existing BloomID, a message containing the new address and a nonce (randomly generated value) must be signed by both the original address linked to the BloomID and the new address.

Aside from the publicly accessible user functions to invite users and add addresses, Bloom itself has access to administrative functions: one to link an address to an existing BloomID and one to remove an address for a BloomID. The "add address by RegistryAdmin" function is useful for enabling user registration without the need for them to pay any gas. The "remove address by RegistryAdmin" function is useful in case of compromised accounts.

// what if remove address from BloomID to 0 addresses linked to ID

Typos: // Sign the address associated with a **nuw** user account using the

Users can associate create and accept invites and associate additional addresses with their BloomID

ipatka commented 5 years ago

Hi @JeremiGendron. You are right that the docs did not match the contracts. As of about an hour ago they have been updated. Also this bounty is intended to cover the docs at the following locations:

https://bloom.co/docs/contracts/accounts https://bloom.co/docs/contracts/signing-logic https://bloom.co/docs/contracts/attestations https://bloom.co/docs/contracts/token-escrow https://bloom.co/docs/contracts/voting

Hope that clarifies things.

gitcoinbot commented 5 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

The funding of this issue was increased to 1.2 ETH (137.53 USD @ $114.61/ETH) .

If you want to claim the bounty you can do so here
Want to chip in? Add your own contribution here.
Questions? Checkout Gitcoin Help or the Gitcoin Slack
$34,389.55 more funded OSS Work available on the Gitcoin Issue Explorer

tpscrpt commented 5 years ago

@ipatka Will audit the remaining contracts.

gitcoinbot commented 5 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work has been started.

These users each claimed they can complete the work by 1 week, 6 days ago. Please review their action plans below:

1) jeremigendron has started work.

Examine the documentation and compare what is presented with the contracts in the source code. If necessary, some custom tests will be issued to validate behaviors.

Learn more on the Gitcoin Issue Details page.

2) sounak98 has started work.

I will proceed as mentioned and answer the aforementioned questions.

Learn more on the Gitcoin Issue Details page.

nanspro commented 5 years ago

https://docs.google.com/document/d/1_X-WfIAeYS2tmqzCx9MXyztmF787EKc3jqMSVaCPK6U/edit?usp=sharing @dereksilva @ipatka could you please review? The text was too much so i thought providing a link would be better instead of commenting here!!

gitcoinbot commented 5 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work for 1.2 ETH (108.78 USD @ $90.65/ETH) has been submitted by:

@dereksilva please take a look at the submitted work:

(Link Not Provided) by @sounak98
(Link Not Provided) by @nanspro

Learn more on the Gitcoin Issue Details page
Want to chip in? Add your own contribution here.
Questions? Checkout Gitcoin Help or the Gitcoin Slack
$44,521.21 more funded OSS Work available on the Gitcoin Issue Explorer

sounak98 commented 5 years ago

Overview

Bloom is an end-to-end protocol for identity attestation, risk assessment, and credit scoring; entirely on the blockchain. The credibility score of a user increases upon verification of her phone number, email, social profiles, etc. More the credibility score of a user more the creditworthiness.

Bloom runs on the Ethereum Virtual Machine using Whisper Protocol and its core functionality is handled using Solidity Smart Contracts. There are two layers of contracts known as the “Internal Contracts” and “Platform Contracts”.

Inaccuracies in Documentation (includes Typos)

Accounts (`AccountRegistryLogic`)

In the overview of Accounts the contract name is mentioned as ~Account Registry Logic~, it should be changed to AccountRegistryLogic as per the name of the contract.
linkAddresses
- Change ~public~ to external in the interface.
unlinkAddresses
- Change ~public~ to external in the interface.
migrateLink
- Change ~public~ to external in the interface.

Signing Logic (`SigningLogic`)

In overview of Signing Logic change ~Signing Logic~ to SigningLogic as per the name of the contract.
Change the 3rd sentence to this: This contract defines all of the signature schemas for Bloom protocol signatures and implements the logic to validate signatures. It also keeps track of used signatures so that actions cannot be replayed without user permission.
The header “Bloom ~SignTypedData~ Domain” should be changed to “Bloom signTypedData Domain”.
recoverSigner
- In the text change “~Recover Signer~” to “recoverSigner”.
- Change external to internal in the interface.
- Add line breaks after each argument of the function signature in the interface to maintain uniformity in UI.
burnSignatureDigest
- Remove the whole function definition and add only the function signature.

Attestations (`AttestationLogic`)

In overview of Attestations change ~Attestation Logic~ to AttestationLogic as per the name of the contract.
attest
- Change ~public~ to external in the interface.
revokeAttestation
- Change ~public~ to external in the interface.
contest
- Change ~public~ to external in the interface.
attestFor
- Change ~public~ to external in the interface.
contestFor
- Add some text as the description for the function.
- Change public to external in the interface.
revokeAttestationFor
- Add some text as the description for the function.
- Change ~public~ to external in the interface.
Add sections for functions attestForUser, contestForUser, vaidateSubjectSig, validateContestForSig, migrateAttestation, validateRevokeForSig, setTokenEscrowMarketplace and revokeAttestationForUser.

Token Escrow (`TokenEscrowMarketplace`)

Combine the 2nd and 3rd sentence in the 2nd paragraph of the overview to this: The signature transfers BLT from lockup to the recipient's wallet. Users can withdraw funds at any time or a 3rd party can release them on the owner's behalf using a valid signatures.
In 3rd paragraph change ~Attestation Logic~ to AttestationLogic as per the name of the contract.
moveTokensToEscrowLockup
- Change ~public~ to external in the interface.
- Update the function signature to include the new arguments such as address _sender, bytes32 _nonce, bytes _delegationSig.
releaseTokensForEscrow
- Change ~public~ to external in the interface.
- Update the function signature to include the new arguments such as address _sender, bytes32 _nonce, bytes _delegationSig.
There are more functions in the contract which needs to be added in the documentation.
In Events section change the name of the contract from ~Token Escrow Marketplace~ to TokenEscrowMarketplace.

@ipatka @dereksilva please review and let me know!

ipatka commented 5 years ago

@sounak98 thanks for the detailed review! Please fork and submit a PR with the changes you recommend so we can accept the work.

nanspro commented 5 years ago

@ipatka i submitted my proposal 5 days ago!! Could you review it and tell if there is any problem with it ?

ipatka commented 5 years ago

Hi @nanspro, thanks for your patience. I did review your submission and appreciate the detailed notes! You will receive a bounty soon.

gitcoinbot commented 5 years ago

⚡️ A tip worth 0.30000 ETH (26.13 USD @ $87.08/ETH) has been granted to @nanspro for this issue from @dereksilva. ⚡️

Nice work @nanspro! Your tip has automatically been deposited in the ETH address we have on file.

$46043.48 in Funded OSS Work Available at: https://gitcoin.co/explorer
Incentivize contributions to your repo: Send a Tip or Fund a PR
No Email? Get help on the Gitcoin Slack

gitcoinbot commented 5 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

This Bounty has been completed.

Additional Tips for this Bounty:

dereksilva tipped 0.3000 ETH worth 26.19 USD to nanspro.

Learn more on the Gitcoin Issue Details page
Questions? Checkout Gitcoin Help or the Gitcoin Slack
$45,848.81 more funded OSS Work available on the Gitcoin Issue Explorer

gitcoinbot commented 5 years ago

⚡️ A tip worth 0.90000 ETH (78.56 USD @ $87.29/ETH) has been granted to @nanspro for this issue from @dereksilva. ⚡️

Nice work @nanspro! Your tip has automatically been deposited in the ETH address we have on file.

$45848.81 in Funded OSS Work Available at: https://gitcoin.co/explorer
Incentivize contributions to your repo: Send a Tip or Fund a PR
No Email? Get help on the Gitcoin Slack

sounak98 commented 5 years ago

Hey @ipatka can you tell me how to proceed as the bounty is closed now?

ipatka commented 5 years ago

@sounak98 please proceed by submitting a PR with your recommended changes on the README in this repo. We will reopen the bounty to grant the award

sounak98 commented 5 years ago

@ipatka please review the PR!

dereksilva commented 5 years ago

@sounak98 Thanks, your submission has been approved. I'll be sending you some ETH using a different bounty just to keep things moving along. 😃

hellobloom / core