search

shapeshift / security

Issue and discussion tracking for the Security Workstream.
1 stars 0 forks source link

review(vFOX): smart contract review #32

Closed mrnerdhair closed 2 years ago

mrnerdhair commented 2 years ago

from @willyogo on Discord:

gm @MrNerdHair! just finished deploying the test version of vFOX token on Rinkeby as per https://app.boardroom.info/shapeshift/proposal/cHJvcG9zYWw6c2hhcGVzaGlmdDpkZWZhdWx0OjB4YTAyNmY1MGJjOGFkYTYwMWJlN2UyOWU3OGE0OTVlNzc5MTVjYmFiZmZhZTY2ZjVmMDU4N2Y5MjIzMzk3N2NmMA==

test vFOX: https://rinkeby.etherscan.io/address/0xf3a9c415d24dbe7b316cc9d20189f7fc6c5193e2#code

I also set up a test gnosis safe on Rinkeby to verify the ability for the vFOX safe to mint more vFOX tokens (the actual gnosis safe will use the Role modifier to give ShapeShift DAO admin control): https://gnosis-safe.io/app/rin:0x3AC0E35617611568A881a2835779025bb328B344/balances

and confirmed the vFOX safe (and only the vFOX safe) was able to mint new tokens: https://rinkeby.etherscan.io/tx/0x3155d5e59829d3e2a6c5eb880997ce96e6284c2fa2cbd861b524340812400e3e

We still need to deploy the safe on mainnet, configure ShapeShift DAO as an admin, and then deploy the vFOX tokens on mainnet, mint 1,000,000 for the vFOX safe, and transfer ownership of vFOX token contract to the vFOX safe.

Are you able to review the vFOX token contract and confirm that it is good to deploy on mainnet? I'll also appreciate a secondary review on mainnet to verify nothing changed and could also use your help configuring ShapeShift DAO as an admin on the vFOX safe

mrnerdhair commented 2 years ago

check with willy; if he hasn't yet, need to deploy

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import "@openzeppelin/contracts@4.5.0/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts@4.5.0/access/Ownable.sol";
import "@openzeppelin/contracts@4.5.0/token/ERC20/extensions/draft-ERC20Permit.sol";

/// @custom:security-contact security@shapeshift.io
contract VFOX is ERC20, Ownable, ERC20Permit {
    constructor() ERC20("vFOX", "vFOX") ERC20Permit("vFOX") {}

    function mint(address to, uint256 amount) public onlyOwner {
        _mint(to, amount);
    }
}

or substantially similar and transfer ownership to https://gnosis-safe.io/app/eth:0xF275B4d223c33A971704e759a4A54d5b71f1daF0/balances

0xean commented 2 years ago

completed. please see https://github.com/shapeshift/vFOX for deployment info