Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Tracks tasks associated with identifying security considerations for the wrapping component.

Security Considerations

Component

Vulnerability

Description

Implications for FIO

Next steps / Status

fio.erc20

fio.erc721

Re-entrancy

The following site lists several solidity hacks/vulnerabilities that should be reviewed and considered.

https://medium.com/hackernoon/hackpedia-16-solidity-hacks-vulnerabilities-their-fixes-and-real-world-examples-f3210eba5148

Recommend erc20 and erc721 contract be audited for securit

FIO had our erc20 contract audited: https://drive.google.com/drive/folders/1B2UoJ9rgOcnG2yhr4uUsLcGLKQVLoMOE?usp=sharing

The critical issues from the

  • Create a table that includes:

    • Security issue

    • Description of the issue

    • Implications of the security issue for FIO users

    • Mitigation strategies for the security issue

  • Identify those areas where there is a gap in existing knowledge or technologies.

  • Discuss/identify external resources that can fill these gaps.

Consider adding an anomaly detection system:

https://www.eosgo.io/news/vaultsx-hack-lessnos-learned-and-thoughts

“It is likely that if more than 30% of the funds are withdrawn from the contract in a short period of time, then the chances are high that this is the result of a hacker attack.

Automatic anomaly detection systems cannot stop an attack, but they can mitigate damage. Such systems are an algorithm for detecting behavior that is not typical of a contract under normal circumstances. I highly recommend that developers of high-end contracts implement the simplest anomaly detection systems.”

We have a FIO token Wrapping project under development and will need to audit three areas:

  • The FIO Chain fio.orcle contract

  • The Ethereum Chain fio.erc20 contract

  • The Nodejs Oracle code that monitors both chains and executes wrap and unwrap transactions.

This story tracks the security audit of the "oracle" JS code that sits between the FIO and the Ethereum chains and monitors them for wrap/unwrap activity and then transfers FIO tokens on the FIO chain to WFIO tokens on Ethereum (and vice versa).

Current working branch: https://github.com/fioprotocol/fio.oracle/tree/feat/v1-history
Specification: https://fioprotocol.atlassian.net/wiki/spaces/FD/pages/70680882/Oracle+design

  • No labels