Info

Download ZIP (47.4 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

44

Comments

Multisignature wallet.
Description of building process and usage could be found in the README file inside the archive. 

The wallet supports the following requests:
1. Add signer.
2. Remove signer.
3. Create order.
4. Sign order.

Also number of get methods:
1. `seqno`
2. `current_order_id` shows current order_id.
3. `contract_info` shows information about contract
4. `get_signers_pubkeys`. Will return public keys as 256-bit integer list.
5. `get_orders`. partially signed orders as `order_id, transaction_message`.
6. `get_order_by_id 1` returns order by id (`1` in current example).
7. `get_order_ids_by_pubkey_signed pubkey` will return a list of order ids that signed by a participant with provided pubkey.
8. `get_order_ids_by_pubkey_unsigned pubkey` same as 7. but unsigned
You have not added any comments yet...
by rating

Issues

Magic Python Oct 23, 2019 at 13:14
Is it possible to create one order message with multiple signatures in it?
Brave Kangaroo Oct 23, 2019 at 18:09
No, it is not, when user creates order it will be signed only by him.
Magic Python Nov 17, 2019 at 17:00
plus:
some tests are implemented.

minus:
"Add signer. Only contract owner is allowed to add new signer."
This is not a feature, this is a major vulnerability. The owner is able to transfer all funds by himself which contradicts the idea of multi-wallet.

"bulk order signing is not implemented"
Note, it is not exactly the same as the merge of signatures. What was needed is the ability to send a lot of signatures with one request. Dropping this feature significantly simplifies the correct logic of the smart contract.
Also, it not possible to perform our test on this smart contract (n=16, k=10, transfer some funds in a single query).

load_data function would simplify things a bit.
It could be reasonable to split recv_external into several functions.

No usage in fift scripts. (Also, everything is explained in README)
Brave Kangaroo Nov 17, 2019 at 21:41
"this is a major vulnerability"
Agreed. Assumed that the creator is trusted but understand now that assumption is incorrect.

"it not possible to perform our test"
Yes, not possible to transfer funds in one request.

"load_data function would simplify things"
Sometimes it was enough to load only first e.g. 256 bits but didn't need the remaining part.

"It could be reasonable to split recv_external into several functions."
"No usage in fift scripts"
Agreed

Magic Python, thanks for the detailed and fair review but I have a question that bothers me.
Since the review was published after results does it mean that contract has not been tested during the evaluation part and results will be somehow revised (even if contract didn't win any prize) or it has been tested during the evaluation but the review was published only now? Thank you!
Nobody added any issues yet...