zlsecure3 / review_star

0 stars 0 forks source link

User can free from fee. #26

Open zlsecure3 opened 1 year ago

zlsecure3 commented 1 year ago

subject

User can free from fee.

description

There are some fees paid to SNS_address by AptosCoin or by consume some airdropped amount with different pay_option when calling StarNameService::create_name_script or StarNameService::renew_name_script functions.

Due to the pricision loss, fee * duration / 31536000 can be zero, that is to say user can free from fee by calling create_name_script and renew_name_script periodically as long as he ensures fee * duration less than 31536000.

recommendation

To prevent user free from fee there should be a minimum fee to pay when fee * duration / 31536000 is zero.

locations

severity

Critical

damage

exploitability

category

Logical


system_generated: auditor:jayphbee submission_id:1465155195

zlsecure3 commented 1 year ago

grading (edit)


submission_id:1465155195


review_type:GRADING


result: TBD-yes,no


rating: TBD-123


comment: TBD-Rejected,Accepted by Secure3.


severity: TBD-Critical,Medium,Low,Informational


category:


description:


zlsecure3 commented 1 year ago

client feedback (manual copy)


submission_id:1465155195


review_type:CLIENT_FEEDBACK


result: TBD-yes,no


severity: TBD-Critical,Medium,Low,Informational


comment:


zlsecure3 commented 1 year ago

client feedback decision(edit)


submission_id:1465155195


review_type:CLIENT_FEEDBACK_DECISION


result: TBD-yes,no,yes-honored,no-honored


severity: TBD-Critical,Medium,Low,Informational


comment: