Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TRST audit fixes for Graph Payments contracts #1072

Open
wants to merge 8 commits into
base: horizon
Choose a base branch
from

Conversation

tmigone
Copy link
Contributor

@tmigone tmigone commented Nov 26, 2024

This PR addresses the following audit findings:

  • TRST-H-1 A payer could bypass the escrow mechanism and avoid payments
  • TRST-M-10 A RAV could be collected more than once, leading to double payment
  • TRST-CL-1 A payer could bypass the escrow mechanism and avoid payments through the vulnerable collector allowance mapping
  • TTRST-L-10 The getBalance() function could revert when balance is lower than tokens thawing
  • TRST-M-5 Lack of chunking functionality of new RAVs may cause them to not be processable
  • TRST-L-12 The collection cuts could exceed 100% causing collect() to revert

Copy link

openzeppelin-code bot commented Nov 26, 2024

TRST audit fixes for Graph Payments contracts

Generated at commit: a06580420f485169c42b17df6b2109a340f3a23f

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total
2
4
0
15
40
61
Dependencies Critical
High
Medium
Low
Note
Total
0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

…H01)

Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
@tmigone tmigone force-pushed the tmigone/trust-fixes-payments branch 2 times, most recently from d705ca6 to 7d62913 Compare November 28, 2024 15:30
@tmigone tmigone changed the title TRST audit fixes for GraphPayments contracts TRST audit fixes for Graph Payments contracts Nov 28, 2024
Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
…(TRST-L10)

Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
@tmigone tmigone force-pushed the tmigone/trust-fixes-payments branch from 7d62913 to 670fba7 Compare November 28, 2024 18:44
…R03)

Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
@tmigone tmigone requested a review from Maikol December 4, 2024 18:06
Copy link
Member

@Maikol Maikol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Signed-off-by: Tomás Migone <tomas@edgeandnode.com>
@tmigone tmigone force-pushed the tmigone/trust-fixes-payments branch from 89567c8 to a065804 Compare December 10, 2024 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants