Not enough checks on the review ids when a manuscript is judged

iskendria-pub / iskendria

Blockchain-based system for scientific publishing

BSD 3-Clause "New" or "Revised" License

0 stars 0 forks source link

Not enough checks on the review ids when a manuscript is judged #30

Open mhdirkse opened 4 years ago

mhdirkse commented 4 years ago

[AX-30] created by mdi

mhdirkse commented 4 years ago

The manuscript judge command of the blockchain contains review ids. These are the reviews that the editor uses to base the judgement on. The blockchain does check that the reviews exist, but the blockchain allows reviews pointing to another manuscript. The blockchain should be changed to allow only reviews pointing to manuscripts within the same thread.