kleros-interaction icon indicating copy to clipboard operation
kleros-interaction copied to clipboard

Published 20 hours ago verified publisher icon kleros

Make Tests for ArbitrablePermissionList

Open clesaege opened this issue 6 years ago • 8 comments

https://github.com/kleros/kleros-interaction/blob/master/contracts/standard/permission/ArbitrablePermissionList.sol

clesaege avatar Oct 09 '18 00:10 clesaege

I am interested in taking this up.. started working on this

heypran avatar Oct 28 '18 01:10 heypran

What is the significance of the item that we are trying to register?

heypran avatar Oct 28 '18 04:10 heypran

I have a doubt it in the below scenario -

    /**
     *  @dev Appeal ruling. Anyone can appeal to prevent a malicious actor from challenging its own submission and losing on purpose.
     *  @param _value The value of the item with the dispute to appeal on.
     */
    function appeal(bytes32 _value) public payable {
        Item storage item = items[_value];
        arbitrator.appeal.value(msg.value)(item.disputeID,arbitratorExtraData); // Appeal, no need to check anything as the arbitrator does it.
    }

The scenario says that appeal can be made to prevent a malicious actor from challenging its own submission and losing on purpose. Suggestion: This can be prevented by adding a require(item.submitter !=msg.sender) in the challenge functions

heypran avatar Oct 28 '18 13:10 heypran

He could just make a second account to bypass that.

On Sun, Oct 28, 2018 at 2:29 PM heychessy [email protected] wrote:

I have a doubt it in the below scenario -

/**
 *  @dev Appeal ruling. Anyone can appeal to prevent a malicious actor from challenging its own submission and losing on purpose.
 *  @param _value The value of the item with the dispute to appeal on.
 */
function appeal(bytes32 _value) public payable {
    Item storage item = items[_value];
    arbitrator.appeal.value(msg.value)(item.disputeID,arbitratorExtraData); // Appeal, no need to check anything as the arbitrator does it.
}

The scenario says that appeal can be made to prevent a malicious actor from challenging its own submission and losing on purpose. Suggestion: This can be prevented by adding a require(item.submitter !=msg.sender) in the challenge functions

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/kleros/kleros-interaction/issues/139#issuecomment-433705386, or mute the thread https://github.com/notifications/unsubscribe-auth/ASRQaGunaCC0kBaXyAnipTirVwJ_dl7Gks5upbErgaJpZM4XOFTM .

epiqueras avatar Oct 28 '18 13:10 epiqueras

How should I submit the test code?

heypran avatar Oct 29 '18 02:10 heypran

Through a pull request. But I think @mtsalenc was already working on this?

epiqueras avatar Oct 29 '18 08:10 epiqueras

I have submitted a pull request #164, request a review.

heypran avatar Oct 29 '18 17:10 heypran

Hi @clesaege is this issue still open?

pasDamola avatar Nov 02 '19 14:11 pasDamola