This repository has been archived by the owner on Nov 6, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Who is auditing this code that ends up affecting $100 millions worth of currency ? :/
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why save addresses as uint? This contracts seems to be overcomplicated to what it wants to do. See Consensys Multisig, they have a much simplier approch.
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@admazzola This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jomo license needs fixing. if there is no "warranty" or any promise of security at all, then use of this software should be actively discouraged. GNU is very likely not a good license for a cryptocurrency wallet. question about audits is reasonable.
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benjyZ You would not have access to this code if the no-warranty clause did not exist. Nobody's going to accept personal responsibility for freely-provided code that they may or may not be properly compensated for writing.
I'm also not seeing you volunteer to provide cash to insure every single deployed multisig contract.
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@admazzola I understand your frustration, but here's why I think it's being misdirected. This is an open source project that offers a wallet. Ethereum-based blockchain projects are choosing to run their ICO's on a multi-sig wallet that this project generates. Don't you think it should be up to the team behind the ICO to do whatever necessary to make sure that their ICO smart contract is secure?
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it make sense to have solidity default each function, that is not explicit external or public to internal?
Then this would not have happend :)
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Internal is default per the docs.
"By default, function types are internal, so the internal keyword can be omitted."
http://solidity.readthedocs.io/en/develop/types.html#function-types
Is it a compiler bug?
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK that is not true and a documentation bug...
I reported this: ethereum/solidity#2617
e06a1e8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only the opinion of one person but I also feel as though it would be prudent to make the functions default to internal in the next version of the solidity compiler. This is the way Java works; classes default to private if it is not explicitly stated to make them public. See you can't get in trouble with a private method, it just wont work at all.