Skip to content

Mitigation of issues found in Trust Security's audit#96

Merged
spengrah merged 20 commits intomainfrom
mitigation/trust-audit
Feb 22, 2023
Merged

Mitigation of issues found in Trust Security's audit#96
spengrah merged 20 commits intomainfrom
mitigation/trust-audit

Conversation

@spengrah
Copy link
Copy Markdown
Member

@spengrah spengrah commented Feb 20, 2023
edited
Loading

  • TRST-H-1
  • TRST-M-1
  • TRST-M-2
  • TRST-M-3
  • TRST-M-4
  • TRST-M-7
  • TRST-L-1
  • TRST-L-2
  • TRST-L-3
  • TRST-L-4
  • TRST-L-5
  • Other recommendations
    • Documentation changes
    • Cleaner cod
    • Emit events without state change
    • Improving display of information

🚨 IMPORTANT 🚨

  • squash commits on merge

spengrah and others added 20 commits February 20, 2023 10:46
@spengrah
mark audit issues as TODOs
4625a1f
@spengrah
TRST-H-1: add static balance check to mintHat
7293e60
@spengrah
TRST-M-7: check static balance on renounceHat
7223e27
@spengrah
TRST-L-1: uint16(_admin) check on createHat
4c27a04
@spengrah
TRST-L-2: fix tophat imageURI fallback
5cde1ad
@spengrah
TRST-L-5 revert on zero-address toggle & eligibility
13dd59f
@spengrah
address other minor Trust recs
62c04a0
@spengrah
address remaining minor Trust recs
8d6b723
@topocount
Fix: M-3 tree depth overflow
372762d 
Rather than adding any checks, it's just cheaper to accomodate more
depth. This is relatively arbitrary imo. I chose uint8 because I had a
hard time imagining any org reaching that size on V1, but breaking for
such a silly reason, is poor form, unless we add explicit contraints for
nested tree depth.
@spengrah
TRST-L-3 protect against invalid return data (dirty impl.)
c580e1c
@spengrah
Merge pull request #98 from Hats-Protocol/topo-mitigation
06397be 
Topo's audit fixes
@spengrah
rebase from mitigation/trust-audit
f83f521
@spengrah
TRST-L-4 refactor isAdminOfHat (and related functions
cebbc01
@spengrah
TRST-M-4 add eligibility check to mintHat and transferHat
5ee3f49
@spengrah
TRST-M-1 clarify that Hats is ERC1155-similar
1118c27
@spengrah
TRST-L-3 clean up toggle and eligibility returndata handling
d2a0776
@spengrah
fix readme
aff1716
@spengrah
clean up logs
2cfad31
@spengrah
address @nintynick and @topocount review suggestions
1d62512
@spengrah
Merge pull request #97 from Hats-Protocol/mitigation/trust-audit-spencer
c5bfd82 
Mitigation/trust-audit-spencer
@spengrah spengrah marked this pull request as ready for review February 22, 2023 04:42
@spengrah spengrah merged commit 37fa2d2 into main Feb 22, 2023
@spengrah spengrah deleted the mitigation/trust-audit branch February 23, 2023 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nintynick nintynick Awaiting requested review from nintynick

@topocount topocount Awaiting requested review from topocount

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spengrah @topocount