-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathReadme.md.mustache
82 lines (49 loc) · 2.81 KB
/
Readme.md.mustache
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
{{> partials/splash}}
[TOC]
## Details
- **Client** {{client_name}}
- **Date** {{date}}
- **Lead reviewer** Daniel Luca ([@cleanunicorn](https://twitter.com/cleanunicorn))
- **Reviewers** Daniel Luca ([@cleanunicorn](https://twitter.com/cleanunicorn)), Andrei Simion ([@andreiashu](https://twitter.com/andreiashu))
- **Repository**: [{{project_name}}]({{source_repository}})
- **Commit hash** `{{commit_hash}}`
- **Technologies**
- Rust
## Issues Summary
| SEVERITY | OPEN | CLOSED |
|----------------|:----------:|:------------:|
{{#issues_summary}}
| {{severity}} | {{open}} | {{closed}} |
{{/issues_summary}}
## Executive summary
This report represents the results of the engagement with **{{client_name}}** to review **{{project_name}}**.
The review was conducted over the course of **{{review_period}}** from **{{date_interval}}**. A total of **{{person_days}} person-days** were spent reviewing the code.
### Week 1
During the first week, we familiarized ourselves with the code and the project. Then, we reviewed the code from the beginning to the end of the week.
We set up a few meetings throughout the week to discuss the code and learn how to navigate the codebase. We also discussed the project goals and the project scope.
### Week 2
We continued to keep communication open with the development team while navigating the code and trying out different attack vectors.
We started to focus more on how the `Stage` selection is determined, paying particular attention to how the `get_launch_stage` function can be made to perform an invalid state transition.
We discovered critical and medium severity issues which were fixed in a further pull request provided by the Elrond Team.
We spent the rest of the week focusing on reviewing the above-mentioned pull request changes to ensure no further issues were introduced.
## Scope
The initial review focused on the [{{project_name}}]({{source_repository}}) repository, identified by the commit hash `{{commit_hash}}`.
We merged fixes from branch `fixes-after-audit` at commit hash `17810ee9957bf95d42fade8ac7e73267fa7490b1`.
**Includes:**
- code/launchpad/src/random.rs
- code/launchpad/src/ticket_status.rs
- code/launchpad/src/ongoing_operation.rs
- code/launchpad/src/launchpad.rs
- code/launchpad/src/launch_stage.rs
- code/launchpad/src/setup.rs
## Issues
{{#issues}}
### [{{title}}]({{url}})
 
{{{body}}}
---
{{/issues}}
## License
This report falls under the terms described in the included [LICENSE](./LICENSE).
{{> partials/features}}
<link rel="stylesheet" href="./style/print.css"/>