Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smart contract to verify an address and for accept an invitation #124

Merged
merged 15 commits into from
Nov 13, 2023
Merged

Smart contract to verify an address and for accept an invitation #124

merged 15 commits into from
Nov 13, 2023

Conversation

andresaiello
Copy link
Collaborator

Summary

  • Register contract to verify an address
  • Reference contract to accept a referral code

@nautel2000

This comment was marked as off-topic.

Sign in to view
@andresaiello andresaiello marked this pull request as ready for review October 11, 2023 16:33
lucas-janon
lucas-janon reviewed Nov 13, 2023
View reviewed changes
Copy link
Contributor

@lucas-janon lucas-janon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see a potential vulnerability (low) that goes like this:

  • I create an invite signature.
  • Someone accepts my invite.
  • An attacker gets my invite signature since it's public.
  • The attacker creates thousands of accounts and gets all of them to be invited by me.
  • My inviteeList gets extremely long and I get no benefits since they're capped to N invites a week.

I think it's not too bad since we don't iterate over an inviteeList on any function, but I think a very long list may cause view issues.

On top of that, we have getInviteeAtIndex, shouldn't we at least make index part of the InvitationAccepted event? So there's more information available to query that function.

@andresaiello
Copy link
Collaborator Author

I see a potential vulnerability (low) that goes like this:

  • I create an invite signature.
  • Someone accepts my invite.
  • An attacker gets my invite signature since it's public.
  • The attacker creates thousands of accounts and gets all of them to be invited by me.
  • My inviteeList gets extremely long and I get no benefits since they're capped to N invites a week.

I think it's not too bad since we don't iterate over an inviteeList on any function, but I think a very long list may cause view issues.

On top of that, we have getInviteeAtIndex, shouldn't we at least make index part of the InvitationAccepted event? So there's more information available to query that function.

that's why we have getInviteeAtIndex and not iterate the list and return the list to avoid any out of gas issue. I agree to add the index, I will do it now

lucas-janon
lucas-janon approved these changes Nov 13, 2023
View reviewed changes
Copy link
Contributor

@lucas-janon lucas-janon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andresaiello andresaiello merged commit b418a4d into main Nov 13, 2023
8 checks passed
@andresaiello andresaiello deleted the andy/pd-4818-smart-contract-to-verify-an-address-and-for-accept-an branch November 13, 2023 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucas-janon lucas-janon lucas-janon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andresaiello @nautel2000 @lucas-janon