This document is a security audit report performed by RideSolo, where TheWALL has been reviewed.
- thewall.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallbeneficiaries.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallcore.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallcoupons.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
- thewallusers.sol github commit hash 607640150491de8bdd0ff3414a7ed5017f4b84b6.
3 issues were reported including:
- 2 medium severity issues.
- 1 low severity issue.
The issue described here is still applicable, if a user wants to remove an area from the cluster that is located in the end of the cluster array, then it will be impossible since the array size might be too large.
The loop does not require the user to go through the full array, but like this the user will be forced to remove areas in the beginning of the cluster (even if he wants to keep them) just to remove an area in the latest positions, then add them back later on.
The frequency at wich the commitSecret and updateSecret is called is important to the users. If a user that created new area want to rent or sell it and the owner didn't call commitSecret for his hash then isPremium will return false, resulting in a loss of 30% (fee charged) even if his nonce and secret will give him a premium area. If the secret is commited later, a possible new owner will have access to the premium privilege.
- Lock the sell and rent functionalities and unlock them after the secret commit.
- Automate the process using an oracle callback such as oracalize or chainlink.
- Check coupons contract address to be different than zero inside the constructor of
TheWallUsers. - Check the updated coupons contract address to be different than zero here.
All highlighted issues must be fixed.