Added natsec for all lifecycle contracts + bounty.sol, DayLimit.sol and LimitBalance.sol

8 years ago · b5d4120adb
parent e851938199
commit b5d4120adb
7 changed files with 90 additions and 38 deletions
--- a/contracts/Bounty.sol
+++ b/contracts/Bounty.sol
@ -6,9 +6,8 @@ import './lifecycle/Destructible.sol';
 /*
- * Bounty
+ * @title Bounty
- * 
+ * @dev This bounty will pay out to a researcher if they break invariant logic of the contract.
 * This bounty will pay out to a researcher if they break invariant logic of the contract.
 */
 contract Bounty is PullPayment, Destructible {
  bool public claimed;
@ -16,12 +15,19 @@ contract Bounty is PullPayment, Destructible {
  event TargetCreated(address createdAddress);
  /*
   * @dev Function that allows the contract to recieve funds, if it hasn't been claimed.
   */
  function() payable {
    if (claimed) {
      throw;
    }
  }
  /*
   * @dev Create and deploy the target contract(extension of Target contract), and sets the msg.sender as a researcher
   * @return A target contract
   */
  function createTarget() returns(Target) {
    Target target = Target(deployContract());
    researchers[target] = msg.sender;
@ -29,8 +35,16 @@ contract Bounty is PullPayment, Destructible {
    return target;
  }
  /*
   * @dev Internal function to deploy the target contract.
   * @return A target contract address
   */
  function deployContract() internal returns(address);
  /*
   * @dev Sends the contract funds to the researcher that proved the contract is broken.
   * @param Target contract
   */
  function claim(Target target) {
    address researcher = researchers[target];
    if (researcher == 0) {
@ -48,11 +62,15 @@ contract Bounty is PullPayment, Destructible {
 /*
- * Target
+ * @title Target
- * 
+ *
- * Your main contract should inherit from this class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
+ * @dev Your main contract should inherit from this class and implement the checkInvariant method.
 */
 contract Target {
   /*
    * @dev Funtion tha should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
    * @return A boolean that indicates if the contract is broken or not.
    */
  function checkInvariant() returns(bool);
 }
--- a/contracts/DayLimit.sol
+++ b/contracts/DayLimit.sol
@ -1,11 +1,8 @@
 pragma solidity ^0.4.8;
 /*
- * DayLimit
+ * @title DayLimit
- *
+ * @dev Base contract that enables methods to be protected by placing a linear limit (specifiable) on a particular resource per calendar day. Is multiowned to allow the limit to be altered
 * inheritable "property" contract that enables methods to be protected by placing a linear limit (specifiable)
 * on a particular resource per calendar day. is multiowned to allow the limit to be altered. resource that method
 * uses is specified in the modifier.
 */
 contract DayLimit {
@ -13,24 +10,35 @@ contract DayLimit {
  uint public spentToday;
  uint public lastDay;
-
+  /*
   * @dev Constructor that sets the passed value as a dailyLimit
   * @param _limit Uint to represent the daily limit.
   */
  function DayLimit(uint _limit) {
    dailyLimit = _limit;
    lastDay = today();
  }
-  // sets the daily limit. doesn't alter the amount already spent today
+  /*
   * @dev sets the daily limit. doesn't alter the amount already spent today
   * @param _newLimit Uint to represent the new limit.
   */
  function _setDailyLimit(uint _newLimit) internal {
    dailyLimit = _newLimit;
  }
-  // resets the amount already spent today.
+  /*
   * @dev Resets the amount already spent today.
   */
  function _resetSpentToday() internal {
    spentToday = 0;
  }
-  // checks to see if there is at least `_value` left from the daily limit today. if there is, subtracts it and
+  /*
-  // returns true. otherwise just returns false.
+   * @dev Checks to see if there is enough resource to spend today. If true, the resource is expended.
   * @param _value Uint representing the amout of resurce to spend.
   * @return Boolean. True if the resource was spended and false otherwise.
   */
  function underLimit(uint _value) internal returns (bool) {
    // reset the spend limit if we're on a different day to last time.
    if (today() > lastDay) {
@ -46,13 +54,17 @@ contract DayLimit {
    return false;
  }
-  // determines today's index.
+  /*
   * @dev Private function to determine today index
   * @return Uint of todays index.
   */
  function today() private constant returns (uint) {
    return now / 1 days;
  }
-
+  /*
-  // simple modifier for daily limit.
+   * @dev Simple modifier for daily limit.
   */
  modifier limitedDaily(uint _value) {
    if (!underLimit(_value)) {
      throw;
--- a/contracts/LimitBalance.sol
+++ b/contracts/LimitBalance.sol
@ -2,26 +2,32 @@ pragma solidity ^0.4.8;
 /**
- * LimitBalance
+ * @title LimitBalance
- * Simple contract to limit the balance of child contract.
+ * @dev Simple contract to limit the balance of child contract.
- * Note this doesn't prevent other contracts to send funds 
+ * @dev Note this doesn't prevent other contracts to send funds by using selfdestruct(address);
- * by using selfdestruct(address);
+ * @dev See: https://github.com/ConsenSys/smart-contract-best-practices#remember-that-ether-can-be-forcibly-sent-to-an-account
 * See: https://github.com/ConsenSys/smart-contract-best-practices#remember-that-ether-can-be-forcibly-sent-to-an-account
 */
 contract LimitBalance {
  uint public limit;
  /*
   * @dev Constructor that sets the passed value as a limit
   * @param _limit Uint to represent the limit.
   */
  function LimitBalance(uint _limit) {
    limit = _limit;
  }
-  modifier limitedPayable() { 
+  /*
   * @dev Checks if limit was reached. Case true, it throws.
   */
  modifier limitedPayable() {
    if (this.balance > limit) {
      throw;
    }
    _;
-    
+
  }
 }
--- a/contracts/lifecycle/Destructible.sol
+++ b/contracts/lifecycle/Destructible.sol
@ -5,10 +5,14 @@ import "../ownership/Ownable.sol";
 /*
- * Destructible
+ * @title Destructible
- * Base contract that can be destroyed by owner. All funds in contract will be sent to the owner.
+ * @dev Base contract that can be destroyed by owner. All funds in contract will be sent to the owner.
 */
 contract Destructible is Ownable {
  /*
   *@dev The destroy function transfer the current balance to the owner and terminate de lifecycle
   */
  function destroy() onlyOwner {
    selfdestruct(owner);
  }
--- a/contracts/lifecycle/Migrations.sol
+++ b/contracts/lifecycle/Migrations.sol
@ -3,8 +3,10 @@ pragma solidity ^0.4.8;
 import '../ownership/Ownable.sol';
-
+/*
-// This is a truffle contract, needed for truffle integration, not meant for use by Zeppelin users. 
+ * @title Migrations
 * @dev This is a truffle contract, needed for truffle integration, not meant for use by Zeppelin users.
 */
 contract Migrations is Ownable {
  uint public lastCompletedMigration;
--- a/contracts/lifecycle/Pausable.sol
+++ b/contracts/lifecycle/Pausable.sol
@ -4,10 +4,9 @@ pragma solidity ^0.4.8;
 import "../ownership/Ownable.sol";
-/*
+/**
- * Pausable
+ * @title Pausable
- * Abstract contract that allows children to implement a
+ * @dev Abstract contract that allows children to implement an emergency stop mechanism.
 * pause mechanism.
 */
 contract Pausable is Ownable {
  event Pause();
@ -15,24 +14,35 @@ contract Pausable is Ownable {
  bool public paused = false;
  /**
   * @dev modifier to allow actions only when the contract IS paused
   */
  modifier whenNotPaused() {
    if (paused) throw;
    _;
  }
  /**
   * @dev modifier to allow actions only when the contract IS NOT paused
   */
  modifier whenPaused {
    if (!paused) throw;
    _;
  }
-  // called by the owner to pause, triggers stopped state
+  /**
   * @dev called by the owner to pause, triggers stopped state
   */
  function pause() onlyOwner whenNotPaused returns (bool) {
    paused = true;
    Pause();
    return true;
  }
-  // called by the owner to unpause, returns to normal state
+  /**
   * @dev called by the owner to unpause, returns to normal state
   */
  function unpause() onlyOwner whenPaused returns (bool) {
    paused = false;
    Unpause();
--- a/contracts/lifecycle/TokenDestructible.sol
+++ b/contracts/lifecycle/TokenDestructible.sol
@ -6,7 +6,7 @@ import "../token/ERC20Basic.sol";
 /// @title TokenDestructible:
 /// @author Remco Bloemen <remco@2π.com>
-///.Base contract that can be destroyed by owner. All funds in contract including
+/// @dev Base contract that can be destroyed by owner. All funds in contract including
 /// listed tokens will be sent to the owner
 contract TokenDestructible is Ownable {