This document is a security audit report performed by RideSolo, where TheWALL has been reviewed.
- thewall.sol github commit hash 4d7b98e06def9a605aba06663d5c90d5a5e55c54.
- thewallbeneficiaries.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallcore.sol github commit hash 4d7b98e06def9a605aba06663d5c90d5a5e55c54.
- thewallcoupons.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallusers.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
3 issues were reported including:
- 1 low.
- 3 owner privileges.
Please note that this issue is not an owner privilege but a logical flow issue, the result are actual losses for the users.
The frequency at which commitSecret and updateSecret is called is important to the users. If a user that created new area want to rent or sell it and the owner didn't call commitSecret for his hash then isPremium will return false, resulting in a loss of 30% (fee charged) even if his nonce and secret will give him a premium area. If the secret is committed later, a possible new owner will have access to the premium discount.
- Change area price.
- Change wall size.
- The owner can tamper with the random values since no decentralized oracle is used when using update and commit
- Check coupons contract address to be different than zero inside the constructor of
TheWallUsers. - Check the updated coupons contract address to be different than zero here.
All highlighted issues should be fixed.