Info

Source on GitHub

https://github.com/catchain/cheques

Smart Contract Address

kf8ihwLOYxUJecO7CNTyFoP5fDrZQw0NzQH9bN1kUZAxYaXc

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest, Stage 2 contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

1

Comments

Smartcontract was redeployed on new address Ef-8kb2ZawZX9XLQ_9BKTlOPsBWf59iTaJsYO4ZEqIvux5-H
It includes fix of security issue listed earlier.
You have not added any comments yet...
by rating

Issues

You do require signature for constructor, but then allow anyone to drain contract funds.
1
Yet unprocessed transactions are broadcasted over the network to peers. To steal the funds I just need to send my own with the same cheque_passcode.
1
Grim Duck Dec 26, 2019 at 22:02
Thank you! The code of smartcontract was updated with fix of this issue. Now smartcontract uses private/public keys instead of hashes, so now cheque activation does not require passcode. Only valid signature is need.
Clever Turkey Feb 11, 2020 at 02:49
Call `set_gas_limit(msg_value - grams);` is incorrect, because grams are passed as the argument instead of a gas value.
1
Nobody added any issues yet...