cpV2 for audit

2021-12-05 11:19:11 +08:00
parent 343a6d2f11
commit d2691d68dd
7 changed files with 8804 additions and 48 deletions
--- a/README.md
+++ b/README.md
@@ -1,34 +1,13 @@
-# DODO V2: Help 1 Trillion People Issue Token
+## DODO CrowdPoolingV2 Audit Scope

-## Audit Report
+- contracts/CrowdPooling/impl/CP.sol
+- contracts/CrowdPooling/impl/CPFunding.sol
+- contracts/CrowdPooling/impl/CPStorage.sol
+- contracts/CrowdPooling/impl/CPVesting.sol

-[Audited by Peckshield](https://github.com/DODOEX/contractV2/blob/main/audit/PeckShield-Audit-DODOV2-v1.0.pdf)
+*Note: CrowdPoolingV2 && CrowdPoolingV1 code diff*

-## Bug Bounty 💰
+- [https://github.com/DODOEX/contractV2/blob/starter/cpV2&&cpV1-diff.html](https://github.com/DODOEX/contractV2/blob/starter/cpV2&&cpV1-diff.html)

-### Rewards
+## DODO Starter Audit Scope

-Severity of bugs will be assessed under the [CVSS Risk Rating](https://www.first.org/cvss/calculator/3.0) scale, as follows:
-
- - Critical (9.0-10.0): Up to $100,000
- - High (7.0-8.9): Up to $10,000
- - Medium (4.0-6.9): Up to $5,000
- - Low (0.1-3.9): Up to $1,000
-
-In addition to assessing severity, rewards will be considered based on the impact of the discovered vulnerability as well as the level of difficulty in discovering such vulnerability.
-
-### Disclosure
-
-Any vulnerability or bug discovered must be reported only to the following email: contact@dodoex.io; must not be disclosed publicly; must not be disclosed to any other person, entity or email address prior to disclosure to the contact@dodoex.io email; and must not be disclosed in any way other than to the contact@dodoex.io email. In addition, disclosure to contact@dodoex.io must be made promptly following discovery of the vulnerability. Please include as much information about the vulnerability as possible, including:
-
- - The conditions on which reproducing the bug is contingent.
- - The steps needed to reproduce the bug or, preferably, a proof of concept.
- - The potential implications of the vulnerability being abused.
- 
-A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount.
-
-Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.
-
-## Contact Us
-
-Send E-mail to contact@dodoex.io
--- a/contracts/CrowdPooling/impl/CP.sol
+++ b/contracts/CrowdPooling/impl/CP.sol
@@ -23,7 +23,9 @@ import {SafeMath} from "../../lib/SafeMath.sol";
 contract CP is CPVesting {
    using SafeMath for uint256;

-    receive() external payable {}
+    receive() external payable {
+        require(_INITIALIZED_ == false, "WE_NOT_SAVE_ETH_AFTER_INIT");
+    }

    function init(
        address[] calldata addressList,
@@ -110,6 +112,6 @@ contract CP is CPVesting {
    // ============ Version Control ============

    function version() virtual external pure returns (string memory) {
-        return "CP 1.0.1";
+        return "CP 2.0.0";
    }
 }
--- a/contracts/Factory/CrowdPoolingFactory.sol
+++ b/contracts/Factory/CrowdPoolingFactory.sol
@@ -51,7 +51,6 @@ contract CrowdPoolingFactory is InitializableOwnable {
    // ============ modifiers ===========

    modifier valueCheck(
-        address creator,
        address cpAddress,
        address baseToken,
        uint256[] memory timeLine,
@@ -64,6 +63,7 @@ contract CrowdPoolingFactory is InitializableOwnable {

        uint256 baseTokenBalance = IERC20(baseToken).balanceOf(cpAddress);
        require(valueList[0].mul(100) <= baseTokenBalance.mul(valueList[2]).div(10**18).mul(_CAP_RATIO_),"CP_FACTORY : QUOTE_CAP_INVALID");
+        require(timeLine[3]>= _FREEZE_DURATION_, "CP_FACTORY : FREEZE_DURATION_INVALID");
        _;
    }

@@ -107,7 +107,7 @@ contract CrowdPoolingFactory is InitializableOwnable {
        uint256[] memory timeLine,
        uint256[] memory valueList,
        bool[] memory switches
-    ) external valueCheck(creator,cpAddress,tokens[0],timeLine,valueList) {
+    ) external valueCheck(cpAddress,tokens[0],timeLine,valueList) {
        {
        address[] memory addressList = new address[](7);
        addressList[0] = creator;
--- a/contracts/SmartRoute/DODOV2Proxy02.sol
+++ b/contracts/SmartRoute/DODOV2Proxy02.sol
@@ -467,15 +467,15 @@ contract DODOV2Proxy02 is IDODOV2Proxy01, ReentrancyGuard, InitializableOwnable
    }

    //============ CrowdPooling Functions (bid) ============
-    function bid(
-        address cpAddress,
-        uint256 quoteAmount,
-        uint8 flag, // 0 - ERC20, 1 - quoteInETH
-        uint256 deadLine
-    ) external override payable preventReentrant judgeExpired(deadLine) {
-        _deposit(msg.sender, cpAddress, IDODOV2(cpAddress)._QUOTE_TOKEN_(), quoteAmount, flag == 1);
-        IDODOV2(cpAddress).bid(msg.sender);
-    }
+    // function bid(
+    //     address cpAddress,
+    //     uint256 quoteAmount,
+    //     uint8 flag, // 0 - ERC20, 1 - quoteInETH
+    //     uint256 deadLine
+    // ) external override payable preventReentrant judgeExpired(deadLine) {
+    //     _deposit(msg.sender, cpAddress, IDODOV2(cpAddress)._QUOTE_TOKEN_(), quoteAmount, flag == 1);
+    //     IDODOV2(cpAddress).bid(msg.sender);
+    // }


    function addLiquidityToV1(
--- a/contracts/SmartRoute/intf/IDODOV2Proxy01.sol
+++ b/contracts/SmartRoute/intf/IDODOV2Proxy01.sol
@@ -92,12 +92,12 @@ interface IDODOV2Proxy01 {
    // ) external payable;


-    function bid(
-        address cpAddress,
-        uint256 quoteAmount,
-        uint8 flag, // 0 - ERC20, 1 - quoteInETH
-        uint256 deadLine
-    ) external payable;
+    // function bid(
+    //     address cpAddress,
+    //     uint256 quoteAmount,
+    //     uint8 flag, // 0 - ERC20, 1 - quoteInETH
+    //     uint256 deadLine
+    // ) external payable;

    function addLiquidityToV1(
        address pair,
--- a/contracts/SmartRoute/proxies/DODOCpProxy.sol
+++ b/contracts/SmartRoute/proxies/DODOCpProxy.sol
@@ -137,6 +137,16 @@ contract DODOCpProxy is ReentrancyGuard {
        );
    }

+    function bid(
+        address cpAddress,
+        uint256 quoteAmount,
+        uint8 flag, // 0 - ERC20, 1 - quoteInETH
+        uint256 deadLine
+    ) external payable preventReentrant judgeExpired(deadLine) {
+        _deposit(msg.sender, cpAddress, IDODOV2(cpAddress)._QUOTE_TOKEN_(), quoteAmount, flag == 1);
+        IDODOV2(cpAddress).bid(msg.sender);
+    }
+
    //====================== internal =======================

    function _deposit(
--- a/cpV2&&cpV1-diff.html
+++ b/cpV2&&cpV1-diff.html