[CS AUDIT] Arbitrary Contract are trusted

Question

[CS AUDIT] Arbitrary Contract are trusted

Closed this issue 7 years ago · 2 comments

Answer 1 · 2018-05-19T19:39:29.000Z

proposed solution is not enough.

Functions like rewardForWork are under threat of forged workorder.
workorder must be authentic to trigger a reward, and must be removed lose it's flag once inalized to avoid further rewarding

Answer 2 · 2018-05-24T12:09:49.000Z

fixed in https://github.com/iExecBlockchainComputing/PoCo/tree/v1.0.13