Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checks-effects-interactions adhernce within PolicyService might still violate in upper-level contracts #515

Closed
1 task done
marcoatpaladin opened this issue Jul 16, 2024 · 2 comments
Assignees
Labels
bug Something isn't working info review

Comments

@marcoatpaladin
Copy link
Collaborator

marcoatpaladin commented Jul 16, 2024

// TODO: add callback IPolicyHolder.policyActivated() if applicable

Even though functions like the above are written in CEI, they might not be when they are called from an upper level contract (eg. the Product).

We recommend Etherisc to be careful with any such interactions, the above being a uttermost dangerous one (others are often a bit less dangerous), and ensure that where these functions are being used (eg. within the product), that these interactions occur last.

@marcoatpaladin marcoatpaladin added info bug Something isn't working labels Jul 16, 2024
@doerfli doerfli added this to the GIF v3 Audit Ready milestone Jul 16, 2024
@doerfli doerfli added the review label Jul 17, 2024
@doerfli doerfli self-assigned this Jul 17, 2024
@doerfli
Copy link
Contributor

doerfli commented Jul 17, 2024

See #446 for call stacks to token transfers

@doerfli
Copy link
Contributor

doerfli commented Jul 19, 2024

made it more flexible for components to support custom process flows by splitting policy creation and token collection as well as splitting bundle creation and initial staking into two separate calls.

@doerfli doerfli closed this as completed Jul 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working info review
Projects
None yet
Development

No branches or pull requests

2 participants