NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #43 from makoto/bounty_with_factory_merged

Browse Source 
Bounty with factory (merged) version
This commit is contained in:
Manuel Aráoz
2016-10-28 19:08:45 -03:00
committed by GitHub
parent 19d3b8b27d 949f25b244
commit 6de19c59ae
8 changed files with 334 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
README.md
View File

@ -24,20 +24,90 @@ After that, you'll get all the library's contracts in the `contracts/zeppelin` f
```js
import "./zeppelin/Rejector.sol";
contract MetaCoin is Rejector {
contract MetaCoin is Rejector {
...
}
```
> NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome.
## Add your own bounty contract
So far you inherit Zeppelin contracts into your own contract through inheritance.
A bounty contract, however, is a special contract that is deployed on its own.
Each researcher creates a separate copy of your contract, and can claims bounty by breaking invariants logic on the copy of your contract without hacking your original contract.
To use the bounty contract, please follow the below instruction.
### Implement invariant logic into your smart contract
At contracts/YourContract.sol
```
contract YourContract {
function checkInvariant() returns(bool){
// Implement your logic to make sure that none of the state is broken.
}
}
contract YourContractFactory {
function deployContract() returns (address) {
// This contract allows researchers to create a copy of your contract
return new YourContract();
}
}
```
### Add the bounty contracts as well as your contracts into migrations
At `migrations/2_deploy_contracts.js`
```
module.exports = function(deployer) {
deployer.deploy(YourContract);
deployer.deploy(YourContractFactory).then(function() {
return deployer.deploy(Bounty, YourContractFactory.address);
});
};
```
### Add a reward to the bounty contract
After deploying the contract, send rewards money into the bounty contract.
From `truffle console`
```
address = 'your account address'
reward = 'reward to pay to a researcher'
web3.eth.sendTransaction({
from:address,
to:bounty.address,
value: web3.toWei(reward, "ether")
}
```
### Researchers hack the contract and claim their reward.
For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
### Ends the contract
If you manage to protect your contract from security researchers and wants to end the bounty, kill the contract so that all the rewards go back to the owner of the bounty contract.
```
bounty.kill()
```
#### Truffle Beta Support
We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so:
```js
import "zeppelin-solidity/contracts/Rejector.sol";
contract MetaCoin is Rejector {
contract MetaCoin is Rejector {
...
}
```

62
contracts/Bounty.sol Normal file
View File

@ -0,0 +1,62 @@
pragma solidity ^0.4.0;
import './PullPayment.sol';
import './Killable.sol';
/*
* Bounty
* This bounty will pay out to a researcher if he/she breaks invariant logic of
* the contract you bet reward against.
*/
contract Factory {
function deployContract() returns (address);
}
contract Target {
function checkInvariant() returns(bool);
}
contract Bounty is PullPayment, Killable {
Target target;
bool public claimed;
address public factoryAddress;
mapping(address => address) public researchers;
event TargetCreated(address createdAddress);
function() payable {
if (claimed) throw;
}
modifier withAddress(address _address) {
if(_address == 0) throw;
_;
}
function Bounty(address _factoryAddress) withAddress(_factoryAddress){
factoryAddress = _factoryAddress;
}
function createTarget() returns(Target) {
target = Target(Factory(factoryAddress).deployContract());
researchers[target] = msg.sender;
TargetCreated(target);
return target;
}
function checkInvariant() returns(bool){
return target.checkInvariant();
}
function claim(Target target) {
address researcher = researchers[target];
if (researcher == 0) throw;
// Check Target contract invariants
if (target.checkInvariant()) {
throw;
}
asyncSend(researcher, this.balance);
claimed = true;
}
}

38
contracts/bounties/CrowdsaleTokenBounty.sol
View File

@ -1,38 +0,0 @@
pragma solidity ^0.4.0;
import '../PullPayment.sol';
import '../token/CrowdsaleToken.sol';
/*
* Bounty
* This bounty will pay out if you can cause a CrowdsaleToken's balance
* to be lower than its totalSupply, which would mean that it doesn't
* have sufficient ether for everyone to withdraw.
*/
contract CrowdsaleTokenBounty is PullPayment {
bool public claimed;
mapping(address => address) public researchers;
function() {
if (claimed) throw;
}
function createTarget() returns(CrowdsaleToken) {
CrowdsaleToken target = new CrowdsaleToken();
researchers[target] = msg.sender;
return target;
}
function claim(CrowdsaleToken target) {
address researcher = researchers[target];
if (researcher == 0) throw;
// Check CrowdsaleToken contract invariants
// Customize this to the specifics of your contract
if (target.totalSupply() == target.balance) {
throw;
}
asyncSend(researcher, this.balance);
claimed = true;
}
}

38
contracts/bounties/SimpleTokenBounty.sol
View File

@ -1,38 +0,0 @@
pragma solidity ^0.4.0;
import '../PullPayment.sol';
import '../token/SimpleToken.sol';
/*
* Bounty
* This bounty will pay out if you can cause a SimpleToken's balance
* to be lower than its totalSupply, which would mean that it doesn't
* have sufficient ether for everyone to withdraw.
*/
contract SimpleTokenBounty is PullPayment {
bool public claimed;
mapping(address => address) public researchers;
function() {
if (claimed) throw;
}
function createTarget() returns(SimpleToken) {
SimpleToken target = new SimpleToken();
researchers[target] = msg.sender;
return target;
}
function claim(SimpleToken target) {
address researcher = researchers[target];
if (researcher == 0) throw;
// Check SimpleToken contract invariants
// Customize this to the specifics of your contract
if (target.totalSupply() == target.balance) {
throw;
}
asyncSend(researcher, this.balance);
claimed = true;
}
}

13
contracts/test-helpers/InsecureTargetMock.sol Normal file
View File

@ -0,0 +1,13 @@
pragma solidity ^0.4.0;
contract InsecureTargetMock {
function checkInvariant() returns(bool){
return false;
}
}
contract InsecureTargetFactory {
function deployContract() returns (address) {
return new InsecureTargetMock();
}
}

13
contracts/test-helpers/SecureTargetMock.sol Normal file
View File

@ -0,0 +1,13 @@
pragma solidity ^0.4.0;
contract SecureTargetMock {
function checkInvariant() returns(bool){
return true;
}
}
contract SecureTargetFactory {
function deployContract() returns (address) {
return new SecureTargetMock();
}
}

8
migrations/2_deploy_contracts.js
View File

@ -2,8 +2,12 @@ module.exports = function(deployer) {
deployer.deploy(PullPaymentBid);
deployer.deploy(BadArrayUse);
deployer.deploy(ProofOfExistence);
deployer.deploy(SimpleTokenBounty);
deployer.deploy(CrowdsaleTokenBounty);
deployer.deploy(Ownable);
deployer.deploy(LimitFunds);
if(deployer.network == 'test'){
deployer.deploy(SecureTargetMock);
deployer.deploy(SecureTargetFactory);
deployer.deploy(InsecureTargetMock);
deployer.deploy(InsecureTargetFactory);
};
};

168
test/Bounty.js Normal file
View File

@ -0,0 +1,168 @@
var sendReward = function(sender, receiver, value){
web3.eth.sendTransaction({
from:sender,
to:receiver,
value: value
})
}
contract('Bounty', function(accounts) {
it("creates bounty contract with factory address", function(done){
var target = SecureTargetMock.deployed();
Bounty.new(target.address).
then(function(bounty){
return bounty.factoryAddress.call()
}).
then(function(address){
assert.equal(address, target.address)
}).
then(done);
})
it("sets reward", function(done){
var target = SecureTargetMock.deployed();
var owner = accounts[0];
var reward = web3.toWei(1, "ether");
Bounty.new(target.address).
then(function(bounty){
sendReward(owner, bounty.address, reward);
assert.equal(reward, web3.eth.getBalance(bounty.address).toNumber())
}).
then(done);
})
it("cannot create bounty without address", function(done){
var target = SecureTargetMock.deployed();
Bounty.new().
then(function(bounty){
throw {name : "NoThrowError", message : "should not come here"};
}).
catch(function(error){
assert.notEqual(error.name, "NoThrowError");
}).
then(done);
})
it("empties itself when killed", function(done){
var target = SecureTargetMock.deployed();
var owner = accounts[0];
var reward = web3.toWei(1, "ether");
var bounty;
Bounty.new(target.address).
then(function(_bounty){
bounty = _bounty;
sendReward(owner, bounty.address, reward);
assert.equal(reward, web3.eth.getBalance(bounty.address).toNumber())
return bounty.kill()
}).
then(function(){
assert.equal(0, web3.eth.getBalance(bounty.address).toNumber())
}).
then(done);
})
describe("Against secure contract", function(){
it("checkInvariant returns true", function(done){
var targetFactory = SecureTargetFactory.deployed();
var bounty;
Bounty.new(targetFactory.address).
then(function(_bounty) {
bounty = _bounty;
return bounty.createTarget();
}).
then(function() {
return bounty.checkInvariant.call()
}).
then(function(result) {
assert.isTrue(result);
}).
then(done);
})
it("cannot claim reward", function(done){
var targetFactory = SecureTargetFactory.deployed();
var owner = accounts[0];
var researcher = accounts[1];
var reward = web3.toWei(1, "ether");
Bounty.new(targetFactory.address).
then(function(bounty) {
var event = bounty.TargetCreated({});
event.watch(function(err, result) {
event.stopWatching();
if (err) { throw err }
var targetAddress = result.args.createdAddress;
sendReward(owner, bounty.address, reward);
assert.equal(reward, web3.eth.getBalance(bounty.address).toNumber())
bounty.claim(targetAddress, {from:researcher}).
then(function(){ throw("should not come here")}).
catch(function() {
return bounty.claimed.call();
}).
then(function(result) {
assert.isFalse(result);
bounty.withdrawPayments({from:researcher}).
then(function(){ throw("should not come here")}).
catch(function() {
assert.equal(reward, web3.eth.getBalance(bounty.address).toNumber())
done();
})
})
})
bounty.createTarget({from:researcher});
})
})
})
describe("Against broken contract", function(){
it("checkInvariant returns false", function(done){
var targetFactory = InsecureTargetFactory.deployed();
var bounty;
Bounty.new(targetFactory.address).
then(function(_bounty) {
bounty = _bounty;
return bounty.createTarget();
}).
then(function() {
return bounty.checkInvariant.call()
}).
then(function(result) {
assert.isFalse(result);
}).
then(done);
})
it("claims reward", function(done){
var targetFactory = InsecureTargetFactory.deployed();
var owner = accounts[0];
var researcher = accounts[1];
var reward = web3.toWei(1, "ether");
Bounty.new(targetFactory.address).
then(function(bounty) {
var event = bounty.TargetCreated({});
event.watch(function(err, result) {
event.stopWatching();
if (err) { throw err }
var targetAddress = result.args.createdAddress;
sendReward(owner, bounty.address, reward);
assert.equal(reward, web3.eth.getBalance(bounty.address).toNumber())
bounty.claim(targetAddress, {from:researcher}).
then(function() {
return bounty.claimed.call();
}).
then(function(result) {
assert.isTrue(result);
return bounty.withdrawPayments({from:researcher})
}).
then(function() {
assert.equal(0, web3.eth.getBalance(bounty.address).toNumber())
}).then(done);
})
bounty.createTarget({from:researcher});
})
})
})
});