Info

Grim Duck
Author

Source on GitHub

https://github.com/catchain/cheques

Smart Contract Address

kf8ihwLOYxUJecO7CNTyFoP5fDrZQw0NzQH9bN1kUZAxYaXc

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest, Stage 2 contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

1

Comments

Grim Duck Dec 26, 2019 at 22:04
Smartcontract was redeployed on new address Ef-8kb2ZawZX9XLQ_9BKTlOPsBWf59iTaJsYO4ZEqIvux5-H
It includes fix of security issue listed earlier.
You have not added any comments yet...
by rating

Issues

Chic Dolphin Dec 26, 2019 at 18:04
You do require signature for constructor, but then allow anyone to drain contract funds.
1
Chic Dolphin Dec 26, 2019 at 18:08
Yet unprocessed transactions are broadcasted over the network to peers. To steal the funds I just need to send my own with the same cheque_passcode.
1
Grim Duck Dec 26, 2019 at 22:02
Thank you! The code of smartcontract was updated with fix of this issue. Now smartcontract uses private/public keys instead of hashes, so now cheque activation does not require passcode. Only valid signature is need.
Clever Turkey Feb 11, 2020 at 02:49
Call `set_gas_limit(msg_value - grams);` is incorrect, because grams are passed as the argument instead of a gas value.
1
Nobody added any issues yet...