MACI: Return values of transferFrom calls are not checked #505
Comments
ctrlc03
added a commit
to ctrlc03/maci
that referenced
this issue
Sep 15, 2022
…ndings on MACI Implemented fixes for audit findings on MACI, Poll, VkRegistry and AccQueue. 1. Fixed possible reentrancy attacks. 2. Moved around error messages to reflect the correct error condition. 3. changed storage variables outside of loops to reduce gas costs. 4. Added SafeERC20 to check a transfer's return value. 5. Removed redundant boolean checks. 6. Using return value of `maci.mergeStateAq` to update the `mergedStateRoot` variable. fix privacy-scaling-explorations#503 fix privacy-scaling-explorations#504 fix privacy-scaling-explorations#505 fix privacy-scaling-explorations#508 fix privacy-scaling-explorations#510
ctrlc03
added a commit
to ctrlc03/maci
that referenced
this issue
Sep 16, 2022
1. Implemented fixes for possible reentrancy attacks. 2. Ameneded error messages in `Poll` and `PollyProcesorAndTallyer`. 3. Introduced local variable in `AccQueue` to prevent updating state variables in a for loop. 4. Removed redundant boolean comparisons. 5. Added `SafeERC20` to `Poll` to check the return value of `transferFrom`. fix privacy-scaling-explorations#503 fix privacy-scaling-explorations#504 fix privacy-scaling-explorations#505 fix privacy-scaling-explorations#508 fix privacy-scaling-explorations#510
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Points: 3
The text was updated successfully, but these errors were encountered: