Tracks tasks associated with identifying security considerations for the wrapping component.
Security Considerations
Component | Vulnerability | Description | Implications for FIO | Next steps / Status |
---|---|---|---|---|
fio.erc20 fio.erc721 | Re-entrancy | The following site lists several solidity hacks/vulnerabilities that should be reviewed and considered. | Recommend erc20 and erc721 contract be audited for securit | FIO had our erc20 contract audited: https://drive.google.com/drive/folders/1B2UoJ9rgOcnG2yhr4uUsLcGLKQVLoMOE?usp=sharing The critical issues from the |
Create a table that includes:
Security issue
Description of the issue
Implications of the security issue for FIO users
Mitigation strategies for the security issue
Identify those areas where there is a gap in existing knowledge or technologies.
Discuss/identify external resources that can fill these gaps.
Consider adding an anomaly detection system:
https://www.eosgo.io/news/vaultsx-hack-lessnos-learned-and-thoughts
“It is likely that if more than 30% of the funds are withdrawn from the contract in a short period of time, then the chances are high that this is the result of a hacker attack.
Automatic anomaly detection systems cannot stop an attack, but they can mitigate damage. Such systems are an algorithm for detecting behavior that is not typical of a contract under normal circumstances. I highly recommend that developers of high-end contracts implement the simplest anomaly detection systems.”
We have a FIO token Wrapping project under development and will need to audit three areas:
The FIO Chain fio.orcle contract
The Ethereum Chain fio.erc20 contract
The Nodejs Oracle code that monitors both chains and executes wrap and unwrap transactions.
This story tracks the security audit of the "oracle" JS code that sits between the FIO and the Ethereum chains and monitors them for wrap/unwrap activity and then transfers FIO tokens on the FIO chain to WFIO tokens on Ethereum (and vice versa).
Current working branch: https://github.com/fioprotocol/fio.oracle/tree/feat/v1-history
Specification: https://fioprotocol.atlassian.net/wiki/spaces/FD/pages/70680882/Oracle+design