A place for all the ÐApps to live.
ethereum / dapp-bin Goto Github PK
View Code? Open in Web Editor NEWA place for all the ÐApps to live
License: MIT License
A place for all the ÐApps to live
License: MIT License
I have a question about IterableMapping
: it's insert
, remove
, and iterate_valid
function.
Let's say there is a data that has 5 items, keyIndex should be 1, 2, 3, 4, 5.
And then, we call remove(key2)
(let's say key2 is the key of keyIndex 2), so data now has 4 items, keyIndex should be 1, 3, 4, 5.
And then again, we call insert(key6, value6)
, now data has 5 items, keyIndex are 1, 3, 4, 5, 6.
Here's the question: when we call iterate_valid(6)
, it return false, which is not right.
Is it my understanding or is it true?
Using the iterable_mapping library, I get the following warning in the iterate_next function:
security/no-assign-params: "iterate_next": Avoid assigning to function parameters.
I think the most recent change to wallet.sol broke all of the administrative functions (i.e., those with the onlymanyowners
modifier).
See relevant commit + line: 2849dab#diff-ed99a3039a35a9961cc9c6735a7099baR49
confirmAndCheck
returns either true or false depending on whether or not the function call has been approved by M-of-N owners. However, regardless of return value, it makes important state changes that count the confirmations received thus far. The new implementation of onlymanyowners
reverts state changes (via require
) any time confirmAndCheck
returns false, making it impossible to hit the confirmation threshold for any function. No tallying ever happens.
This makes it impossible to change any of the wallet's properties such as ownership, required confirmations, etc.
Hi,
Assume we have a 2-2 multisig-wallet with owners S1 and S2. Next, S1 wants to send some tokens to the receiver R. This is written to the blockchain.
Now, the issue: S1 changes his mind and revokes the operation by calling revoke. However S2 confirms shortly after. While the miners have not yet committed the function calls to the blockchain they can be arbitrarily reordered, because that's how miners work. So the confirmation may be written to the blockchain before the revocation and the tokens will be send. This is very unexpected behavior, or even a security issue.
Unfortunately I have no idea on how to fix this.
I can't seem to find a definition for it, yet many contracts seem to subclass from it.
Also, what is #require
? Can't find documentation for that construct (did the syntax change?).
I think this https://github.com/ethereum/dapp-bin/blob/master/wallet/wallet.sol#L48
should be
modifier onlymanyowners(bytes32 _operation) {
if (confirmAndCheck(_operation)) {
_;
}
}
I've tried to play with chat/chat.html
but it's missing something.
Uncaught ReferenceError: web3 is not defined at chat.html:120
do we need to link a specific javascript file?
Thanks,
Mohamed.
When we change somethinig in the ownership, we call "clearPending()" (https://github.com/ethereum/dapp-bin/blob/master/wallet/wallet2.sol#L147). But when doing this, the map with the transaction in the "wallet" contract (https://github.com/ethereum/dapp-bin/blob/master/wallet/wallet2.sol#L301) stays there and does not get cleared. Here an example as a StateTest: https://gist.github.com/CJentzsch/a751c6d6d6bb5c893363
Hi,
I do not quite understand how (or if) wallet.sol offers replay protection.
Assume we have a 2-2 multisigwallet shared between owners S1 and S2. S1 wants to send some tokens to R. Thus, it sends a signed message m1 to the contract. It later revokes the operation, before S2 has confirmed.
Which line of code prevents that someone (really anyone) re-sends m1 to the contract, thereby undoing the revocation? After all m1 it is a valid transaction with a valid signature of one of the owners and is publicly available in the network. The crypto-way to prevent against replay attacks is the use of a nonce, but wallet.sol contains none.
The wallet isn't written for tokens, and allows 0-value transaction to be auto-approved, being under the daily limit. Such 'underlimit'-transactions should be constrained to transactions where data
is empty.
Wallet contract in wallet only work for eth.How can i use multi-signature for my token?
Hello,
I've tested out the Wallet.sol deployed on both Mainnet (3 owners, 2 required confirmations), and I faced issue:
I did not have enough time to check it and debug it closer on my local machine, so just raising a discussion, and will dig deeper later. (Maybe something is wrong with my transactions made, wallet id to check on mainnet: https://etherscan.io/address/0x6bDe62b9CAa68dB3ADAEEf29d716343DDa2bd35e)
Thanks!
contract multisig
- where is the implementation of that one ?
...this will likely be easier done when solidity has a generic template type in place...
I think the underLimit
function is broken. It compares today() > m_lastDay
. Where today() = now / 1 days
, 1 days = 86400
seconds and m_lastDay = now
. today()
will be 86400 times smaller than m_lastDay
due to the division.
The intention is that today() > m_lastDay
will be true when 86401 seconds have elapsed which is today() + 86402
. But the implementation means it will only be true when today() * 86400 + 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.