From eb85a893c816f87480634d9a951bd80483e9e0ae Mon Sep 17 00:00:00 2001 From: Arturo Beccar-Varela <107512933+arturoBeccar@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:35:49 -0300 Subject: [PATCH 1/3] Substitute pinned for old in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d59472f3..8a535c85 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Visit [Scout's website](https://coinfabrik.github.io/scout/) to view the full do | [avoid-format-string](https://coinfabrik.github.io/scout/docs/detectors/avoid-format-string) | [The `format!` macro is not recommended. A custom error is recommended instead.](https://coinfabrik.github.io/scout/docs/vulnerabilities/avoid-format-string) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/avoid-format-string/avoid-format-string-1) | Enhacement | | [unprotected-self-destruct](https://coinfabrik.github.io/scout/docs/detectors/unprotected-self-destruct) | [If users are allowed to call terminate_contract, they can intentionally or accidentally destroy the contract.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-self-destruct) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-self-destruct/unprotected-self-destruct-1) | Critical | | [iterators-over-indexing](https://coinfabrik.github.io/scout/docs/detectors/iterators-over-indexing) | [Iterating with hardcoded indexes is slower than using an iterator. Also, if the index is out of bounds, it will panic.](https://coinfabrik.github.io/scout/docs/vulnerabilities/iterators-over-indexing) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/iterators-over-indexing/iterators-over-indexing-1) | Enhacement | -| [ink-version](https://coinfabrik.github.io/scout/docs/detectors/ink-version) | [Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.](https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) | Enhacement | +| [ink-version](https://coinfabrik.github.io/scout/docs/detectors/ink-version) | [Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.](https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) | Enhacement | | [unprotected-set-code-hash](https://coinfabrik.github.io/scout/docs/detectors/unprotected-set-code-hash) | [If users are allowed to call terminate_contract, they can intentionally modify the contract behaviour.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-set-code-hash) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/set-code-hash/set-code-hash-1) | Critical | | [unprotected-mapping-operation](https://coinfabrik.github.io/scout/docs/detectors/unprotected-mapping-operation) | [Modifying mappings with an arbitrary key given by the user could lead to unintented modifications of critical data, modifying data belonging to other users, causing denial of service, unathorized access, and other potential issues.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-mapping-operation) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-mapping-operation/unprotected-mapping-operation-1) | Critical | | [lazy-delegate](https://coinfabrik.github.io/scout/docs/detectors/lazy-delegate) | [Delegated calls in ink! need lazy storage.](https://coinfabrik.github.io/scout/docs/vulnerabilities/lazy-delegate) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/lazy-delegate/lazy-delegate-1) | Critical | From c46cda232d7625914dbc811b9541df786a638df0 Mon Sep 17 00:00:00 2001 From: Arturo Beccar-Varela <107512933+arturoBeccar@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:39:40 -0300 Subject: [PATCH 2/3] Substitute pinned for old in README.md --- docs/docs/vulnerabilities/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/vulnerabilities/README.md b/docs/docs/vulnerabilities/README.md index 017f7dc0..850bf8ba 100644 --- a/docs/docs/vulnerabilities/README.md +++ b/docs/docs/vulnerabilities/README.md @@ -315,7 +315,7 @@ security implications, under the [Best practices](#vulnerability-categories) cat ### 20 - Ink version -Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. +Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. We classified this issue, a deviation from best practices which could have security implications, under the [Best practices](#vulnerability-categories) category and assigned it an Enhancement severity. From 5bae2a4039b728c66ab6944da8dc119a5494d491 Mon Sep 17 00:00:00 2001 From: Arturo Beccar-Varela <107512933+arturoBeccar@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:40:24 -0300 Subject: [PATCH 3/3] Substitute pinned for old in 20-ink-version.md --- docs/docs/vulnerabilities/20-ink-version.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/vulnerabilities/20-ink-version.md b/docs/docs/vulnerabilities/20-ink-version.md index 60bbcb39..23b5bf90 100644 --- a/docs/docs/vulnerabilities/20-ink-version.md +++ b/docs/docs/vulnerabilities/20-ink-version.md @@ -7,7 +7,7 @@ - Detectors: [`ink-version`](https://github.com/CoinFabrik/scout/tree/main/detectors/ink-version) - Test Cases: [`ink-version-1`](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) -Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. +Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. ## Exploit Scenario