NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add warning about trading tokens before refundable crowdsale goal is met (#1452)

Browse Source 
This attack was reported in https://github.com/OpenZeppelin/openzeppelin-solidity/issues/877

(cherry picked from commit 80458ebc72)
This commit is contained in:
Leo Arias
2018-10-19 17:35:04 -06:00
committed by Leo Arias
parent 1a4009f817
commit ae339333d7
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
contracts/crowdsale/distribution/RefundableCrowdsale.sol
View File

@ -8,6 +8,19 @@ import "../../payment/escrow/RefundEscrow.sol";
* @title RefundableCrowdsale * @title RefundableCrowdsale
* @dev Extension of Crowdsale contract that adds a funding goal, and * @dev Extension of Crowdsale contract that adds a funding goal, and
* the possibility of users getting a refund if goal is not met. * the possibility of users getting a refund if goal is not met.
* WARNING: note that if you allow tokens to be traded before the goal
* is met, then an attack is possible in which the attacker purchases
* tokens from the crowdsale and when they sees that the goal is
* unlikely to be met, they sell their tokens (possibly at a discount).
* The attacker will be refunded when the crowdsale is finalized, and
* the users that purchased from them will be left with worthless
* tokens. There are many possible ways to avoid this, like making the
* the crowdsale inherit from PostDeliveryCrowdsale, or imposing
* restrictions on token trading until the crowdsale is finalized.
* This is being discussed in
* https://github.com/OpenZeppelin/openzeppelin-solidity/issues/877
* This contract will be updated when we agree on a general solution
* for this problem.
*/ */
contract RefundableCrowdsale is FinalizableCrowdsale { contract RefundableCrowdsale is FinalizableCrowdsale {
using SafeMath for uint256; using SafeMath for uint256;