make a "Voucher" contract
Closed this issue · 3 comments
This contract holds some PTI and a list of vouchers. On sending he voucher to the contract, it should invalidate the voucher and transfer the correspondign PTI.
Precisely:
- The contract is
Owned
- The
owner
can callregisterVoucher(hashOfVoucher, amountOfPTI)
- The
owner
can callinvalidateVoucher(hashOfVoucer)
- Anyone can call
redeemVoucher(voucher)
. A call to this function will- check if
hash(voucher)
equalshashOfVoucher
- if the check passes, invalidate the voucher and send the PTI to the addressee
- check if
There is one security problem here - the person who calls redeemVoucher
is sending the voucher in the clear, so an attacker could intercept the transaction, read the voucher, and claim the PTI himself.
(we can, perhaps, just ignore the security problem, but it would be nice to fid a solution for it)
The following article by matthew ferrante describes exactly our problem (he calls it "frontrunning") and a solution ("blinded commitments"). https://medium.com/@matthewdif/mechanism-design-security-in-smart-contracts-87f08555b38b
We are not going to implement that solution :-)
Voucher.sol is there and (slightly) tested