invoice-canister
invoice-canister copied to clipboard
dfinity
Providing an example and simplified experience for accepting payments in smart contracts
./install-local.sh results in following errors being dumped continuously (no perceivable delay): Nov 06 09:11:19.362 ERRO s:lftbv-pjj44-lhaob-lpzga-soo6y-smi4l-rg745-5kpnc-of53u-ousgw-cae/n:fotuh-z4hlx-r7spc-ydzkg-rp5tq-jktzt-ba23y-ab56v-tggcd-2iwh5-pqe/ic_consensus/notary Couldn't create a signature: Cannot find MultiBls12_381 secret key with ID "KeyId(0xc0134609a2f493b0981df8eeb90739aa7a84b417f88918c8be5692332b2d02b4)" Nov 06...
## Observation The invoice canister can be deployed by anyone and anyone can create invoices on it. This means that the invoice creators (sellers) will receive money that will be...
## Observation The balance could have changed by the time of the transfer out and updating of the invoice. Consider if Alice pays an invoice I of 1 ICP created...
7 additional notes were provided from the security audit that have minimal risk and are trivial to clean up. - redundant argument in verify_invoice: The caller is no longer needed...
## Observation if invoice is paid again after the invoice was verified, the money is locked. TODO: expand on this ## Recommendations Offer a new method: ``` type AmountConsolidated =...
## Observation The sha256, crc32 and hex libraries are copied into the repository. ## Risk Description If the libraries are copied, it is hard to keep them up to date....
## Observation Invoice content is usually private information (what did I order, how much, etc.) ## Risk description Every node can see the data (independent of permissions) since they are...
Currently when requesting a transfer with an amount in TransferArgs below **10_000 e8s** the invoice canister will trap on an **arithmetic overflow**, due to this line : ``` amount =...
