Ethereum smart contracts to manage validators in Oracles POA Network
ValidatorsStorage and ValidatorsManager contracts.
These are contracts for storing and managing the data for validators.
| № | Description | Status |
|---|---|---|
| 1 | Validator's personal data addition is available for valid initial key from ceremony |  |
| 2 | Validator's personal data addition is forbidden for invalid initial key from ceremony | |
| 3 | Validator's personal data addition is forbidden for the same valid initial key from ceremony twice | |
| 4 | Validator's personal data addition is forbidden from ceremony, if counter of initial keys, invalidated from ceremony, reached the limit | |
| 5 | Validator's personal data addition is available for valid voting key from governance | |
| 6 | Validator's personal data addition is forbidden for invalid voting key from governance | |
| 7 | Validator's personal data addition is forbidden for the same valid voting key from governance twice | |
| 8 | Validator's personal data addition is forbidden from governance, if counter of validators, added from governance, reached the limit | |
| 9 | Mining key is added to validators' array after generation of new production keys | |
| 10 | Personal data: output zip code is equal to input zip code and it is a bignumber | |
| 11 | Personal data: output licenseExpiredAt is equal to input licenseExpiredAt and it is a bignumber | |
| 12 | Personal data: output licenseID is equal to input licenseID | |
| 13 | Personal data: output fullname is equal to input fullname | |
| 14 | Personal data: output streetname is equal to input streetname | |
| 15 | Personal data: output state is equal to input state | |
| 16 | Personal data: output sisablingDate is empty | |
KeysStorage and KeysManager contracts.
These are contracts for storing and managing the data for Oracles POA Network Keys Generation dApp.
| № | Description | Status |
|---|---|---|
| 1 | Initial key addition is available for contract owner | |
| 2 | Initial key addition fails to add same key twice | |
| 3 | Initial key is valid after execution of addInitialKey function |
|
| 4 | Initial key generation is forbidden for non-owner of contract | |
| 5 | It is allowed to add only limited number of initial keys (25) | |
| 6 | Production keys generation fails for invalid initial key | |
| 7 | Production keys generation fails for used initial key | |
| 8 | Licenses counter is incremented by generation of production keys | |
| 9 | Initial keys invalidation counter is incremented by generation of production keys | |
| 10 | Mining, voting and payout keys are generated after execution createKeys function, and they are valid |
|
| 11 | Initial key is invalidated immediately after mining/payout/voting keys are created | |
BallotsStorage and BallotsManager contracts.
These are contracts for storing and managing the data for Oracles POA Network Governance dApp.
To be done...
| № | Attack vector | Description | Status |
|---|---|---|---|
| 1 | Race Conditions | The order of transactions themselves (within a block) is easily subject to manipulation | |
| 1.a | Reentrancy | Functions can be called repeatedly, before the first invocation of the function was finished | |
| 1.b | Cross-function Race Conditions | A similar attack using two different functions that share the same state | |
| 1.c | Pitfalls in Race Condition Solutions | Avoiding of calling functions which call external functions | |
| 2 | Timestamp Dependence | Timestamp of the block can be manipulated by the miner | |
| 3 | Integer Overflow and Underflow | Usage of unlimited increments can cause such issue | |
| 4 | DoS with (Unexpected) Throw | Unexpected throw is reached with some contract method for any user, because of malicious user called it before with bad parameters | |
| 5 | DoS with Block Gas Limit | Block gas limit can be reached, for example, with looping through an array with unknown size and sending send() in a single transaction. Sending should be divided to multiple transactions |
|
Install dapp cli
-
git clone https://github.com/oraclesorg/oracles-contract// clone repository -
cd oracles-contract/// move to folder with project -
git submodule update --init --recursive// get submodules data -
dapp build// compiling of contracts to./out
Expected result:
./out/Oracles.bin - bytecode of Oracles contract
./out/Oracles.abi - binary interface of Oracles contract
- Start testrpc process with specific accounts and balances. Use
make testrpccommand. - Run tests with command
truffle test.