2.2 Key Findings

Overall, these smart contracts are well-designed and engineered, though the implementation can be improved by resolving the identified issues (shown in Table 2.1), including 1 high-severity vulnerability, 2 medium-severity vulnerabilities, 3 low-severity vulnerabilities, and 1 undetermiend issue.

IDSeverityTitleCategoryStatus

PVE-001

Medium

Voting Amplification With Sybil Attacks

Business Logics

Resolve

PVE-002

Undetermined

Revisited Delegation Logic in Token- SaleDistributor

Coding Practices

Resolve

PVE-003

Low

Improved isWrapped() Assessment in NameWrapper

Coding Practice

Resolve

PVE-004

Low

Improved Precision in TokenSaleDistribu- tor::_vested()

Numeric Errors

Resolve

PVE-005

Medium

Trust Issue of Admin Keys

Security Features

Mitigate

PVE-006

High

Improper Fund Return in PopMar-

ket::withdrawRejectBid()

Business Logics

Resolve

PVE-007

Low

Improved NameRenewed Event Genera-

tion in RegistrarController

Coding Practices

Resolve

Besides recommending specific countermeasures to mitigate these issues, we also emphasize that it is always important to develop necessary risk-control mechanisms and make contingency plans, which may need to be exercised before the mainnet deployment. The risk-control mechanisms need to kick in at the very moment when the contracts are being deployed in mainnet. Please refer to Section 3 for details.

Previous2.1 SummaryNext3.1 Voting Amplification With Sybil Attacks

Last updated