LifToken Distribution Audit Response
We received the results of the audit performed over the LifToken smart contracts last week by Pablo Yabo and Ismael Bejarano, we are pleased with the results, they found critical issues and recommended good fixes and improvements.
You can read the audit performed by Coinfabrik HERE.
Error in MVM Formula
This error has been fixed in this PR https://github.com/windingtree/LifToken/pull/271 , now the foundation wont need to wait for the end of the MVM to claim the remaining funds of a period.
Arbitrary calls in token contract
We don't consider this methods a very important part of our token, we are working on smart contracts for hotels solution that will make very good use of this new methods (transferData, approveData and transferDataFrom), we want to allow developers to build more complex applications and we think that allowing the execution of calls inside transfers and approvals is the best way to do it, we will follow the SmartToken standard that we proposed in Zeppelin Solidity
Using tx.origin
Fixed in https://github.com/windingtree/LifToken/pull/280
Double Spend
Response on this PR https://github.com/windingtree/LifToken/pull/270
Required solidity version
Fixed in https://github.com/windingtree/LifToken/pull/257
Unassigned result
Fixed in https://github.com/windingtree/LifToken/pull/223
Missing Transfer events
Fixed in https://github.com/windingtree/LifToken/pull/266
Inconsistent use of contract balance
Fixed in this PR https://github.com/windingtree/LifToken/pull/258
Protection for unintended token transfers
We wont take responsibility for all the tokens send to the contract, they can be claimed by anyone since we will allowed the execution of calls in transfer and approval methods.
Complex Finalize
We tested the amount of gas used by `Finalize` method and is not higher than the gas limit, we know that is a high amount of gas needed but the function will be able to be executed on the network.
Missing access methods
Fixed in https://github.com/windingtree/LifToken/pull/259