Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] First and Second Token Sale periods are redefinable by owner #2

Open
hoxxep opened this issue Aug 6, 2017 · 5 comments
Open

[Security] First and Second Token Sale periods are redefinable by owner #2

hoxxep opened this issue Aug 6, 2017 · 5 comments

Comments

@hoxxep
Copy link

hoxxep commented Aug 6, 2017
edited
Loading

I may be mistaken, but as far as I can see the first or second step sales are repeatable — the first step times could easily be "reset" after the first set has ended, to create another "first phase sale".

https://github.com/suntechsoft/dmarket-smartcontract/blob/master/contracts/DMTokenContract.sol#L61
@hoxxep hoxxep changed the title First and Second Token Sale periods are redefinable [Security] First and Second Token Sale periods are redefinable by owner Aug 7, 2017
@akhavr
Copy link

akhavr commented Aug 12, 2017

We have had discussions with potential investors and have frequently heard that they would like to invest in BTC too.

The smart contract, implementing BTC payments has lots of limitations and potential security problems, so we've decided to simplify the process of token distribution at 1st stage, focusing on the performance and the security.

Thus tomorrow we will update our GitHub with much simpler and more secure contract, that will implement ERC20 interface and distribute tokens to users' wallets.

So, the 1st stage of token generation would work as follows:

We have generated BTC addresses for BTC investors on a clean airgapped computer that would serve as a temporary cold storage. Those addresses were transferred over the air gap to an internet-connected server with watch-only wallet.

ETH address was generated also on the airgapped computer and private keys are in the cold storage.

Our script will monitor the transactions, coming to those wallet from investors and update the balances accordingly to the current exchange rates. Tokens will be transferred to the investors after the end of the Token Sale.

@hoxxep thanks for keeping an eye on our code :)

@snemesh
Copy link
Contributor

snemesh commented Aug 12, 2017

Important news! We have updated information about DMarket Tokens tests on our GitHub page - https://github.com/suntechsoft/dmarket-smartcontract. Feel free to have a look, give it try, and tell us what you think about it!

@hoxxep
Copy link
Author

hoxxep commented Aug 12, 2017
edited
Loading

The simplicity of doing a token sale eh, all the contract stuff handled for you 😉 My only comment would be to update the minimum solidity version to 0.4.13 (or even 0.4.15 if your testnet supports it).

Secondly, how will you be doing the crowdsale aspect, through the zepplin Crowdsale contracts (which only support single-phase as far as I'm aware) or your own?

@akhavr
Copy link

akhavr commented Aug 13, 2017

@hoxxep we're going to use just ERC20 part of zeppelin. All transaction processing will be done off-chain. Sry, I trust server, that I run, more than a decentralized unstoppable ethereum world-wide computer :)

@eddieljackson
Copy link

Would please be so very kind to help me get what ever I may or. May not got coming thanks so very much and GOD BLESS you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@akhavr @snemesh @hoxxep @eddieljackson