Skip to content

Releases: fabianorodrigo/dAppSoccerbet

Feature Pausable on Game and BetToken

17 May 17:39
@fabianorodrigo fabianorodrigo
v0.6.0
e827e64
Compare
Choose a tag to compare
Feature Pausable on Game and BetToken Pre-release
Pre-release

MAJOR CHANGES

Implementation of feature Pausable on contracts BetToken and Game for security purpose. With this feature, the operations on Game contract such as betting, close for betting, finalize game, identify winners, calc prizes, withdraw, among others, can be halt in case of any security concern is found out. The same was done in BetToken contract in order to halt receivement of Ether/ mint of BetTokens and exchange of BetTokens for Ether.

For contract Game, the feature was implemented by extension of Openzeppelin's Pausable contract; for BetToken was extended the ERC20PausableUpgradeable.

MINOR CHANGES

  • Creation of Github Actions workflow to build, run integration tests and run Slither static analysis on each push to the repository
Assets 2
Loading

DoS Overpowered Owner

09 May 19:27
@fabianorodrigo fabianorodrigo
v0.5.0
ef06bdc
Compare
Choose a tag to compare
DoS Overpowered Owner Pre-release
Pre-release

MAJOR CHANGES

In order to improve decentralization and at the same time mitigate the security flaw known as 'DoS overpowered owner', where the project and assets can be lost if the owner's key is compromised or if something happen to the owner so as he can't make the privileged operations, was implemented a Timelock solution to the operations of closing the Games for bettings and to finalize the Game.

Close: only the owner can close a game for bettings until the block timestamp has passed 15 minutes from the time foreseen to start the game. From this moment, any account can close a game for bettings.

Finalize: only the onwer can finalize the game and input the final score until the block timestamp has passed 48 hours from the time foreseen to start the game. From this moment, any account can finalize a game and set the final score.

PS: The operations of identifying winners and prizes calculations is already open for anyone.

MINOR CHANGES

  • Renaming of modifier onlyDelegateCall to onlyProxy so as the Slither`s unprotected-upgradeable-contract detector does not report a FP. More details here: crytic/slither#1136
  • Automated tests refactoring: make use of Waffle Fixtures, directory reorganization
  • Automated tests: Testing scenarios where the implementation contracts are called directly in spite of via proxy contract
  • FRONTEND: validation of the connected chain based on the value returned by the RPC 'eth_chainId' against the value configured in the Angular environment.ts
Assets 2
Loading

Games contract reading from events

25 Apr 22:03
@fabianorodrigo fabianorodrigo
v0.4.0
2e513e6
Compare
Choose a tag to compare
Games contract reading from events Pre-release
Pre-release

MAJOR CHANGES

Until release v0.3.0 the GameFactory contract maintained in its storage a list of Game contracts created and offered a listGames function to return all the Game contracts created. This release eliminate this practice and now the frontend recover the list of Game contracts created from the historical events.

MINOR CHANGES

  • Change of the memory location memory to calldata on functions' parameters whenever possible in order to improve costs efficiency
  • Creation of modifiers isGameOpen, isGameClosed and isGameFinalized on Game contract
  • Workaround for the FP on Slither unprotected-upgradeable-contract detector on the contracts that uses the UUPS pattern by making use of modifier onlyProxy on the initialize function.
  • FRONTEND: Refactorings in order to have more generical functions to call and send transactions on the BaseContract class
  • FRONTEND: Better handle of latency between the transaction sent and its confirmation
Assets 2
Loading

DoS Costly Loop mitigation

14 Apr 00:34
@fabianorodrigo fabianorodrigo
v0.3.0
7f5d339
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
DoS Costly Loop mitigation Pre-release
Pre-release

MAJOR CHANGES

In order to mitigate the risk of DoS by costly loops, we've made the following major changes in the Game contract:

Until this version, when a game was finalized, the same transaction set the final score, identified the winner bets and calculate the prize values for those winners. From now on, the process was splited in 3 different processes: finalized, identify winners and calculate prizes.

Besides that, in the functions where we have to go through an array, we made the control of the iterator in a state variable and validate the gasLeft of the transaction. In case the gasLeft is low, we stop the loop and the users will need to call another transaction starting from the point where it stopped.
for ( ; _idWinners_i < _bets.length && gasleft() > GAS_INTERACTION_WINNERS_IDENTIFICATION; _idWinners_i++ ) { ... }

MINOR CHANGES

  • Use of Solidity custom errors in order to reduce costs (introduced at Solidty v0.8.4)
  • Improvement of frontend to deal better with scenarios where the response for send/calling contracts was longstanding.

FUTURE PLANS

Eventhough we had significant improvement with the measures to mitigate the DoS by Costly Loops, in extreme cases, like a games with 2000 bets, the block gas limit was maxed out. What is making us think about change the logic to identify winners and calc the prize to void this risk besides turn it cheaper. Something like: the bettors has to claim their winning bet, if the case they are identified. After a established number of blocks, the prizes are calculated and split among the identified winner bets. Those that haven't claimed will be out of prize division.

Assets 2
Loading

v0.2.0

24 Mar 22:29
@fabianorodrigo fabianorodrigo
v0.2.0
759bb1c
Compare
Choose a tag to compare
v0.2.0 Pre-release
Pre-release

REFACTORING

Changes in GameFactory and Game contracts in order to follow the Minimal Proxy pattern (ERC-1167). The most notable cost impacts after this changes were:

GameFactoryUpgradeable.newGame
Previous Average cost: 2,861,339 gas
Current Average cost: 312,411 gas (-89%)

Game.withdrawPrize
Previous Average cost: 78,272 gas
Current Average cost: 89,786 (+14,7%)

Game.closeForBetting
Previous Average cost: 36,302 gas
Current Average cost: 39,015 (+7,47%)

Game.openForBetting
Previous Average cost: 58,221 gas
Current Average cost: 60,934 (+4,66%)

GameFactoryUpgradeable Deployment
Previous Average cost: 4,974,537 gas
Current Average cost: 5,087,104 gas (+2,26%)

Assets 2
Loading

v0.1.0

21 Mar 21:21
@fabianorodrigo fabianorodrigo
v0.1.0
c61e87d
Compare
Choose a tag to compare
v0.1.0 Pre-release
Pre-release

Initial version with the following use cases for role:

NEW FEATURES

OWNER

  • Register games
  • Open/Close games for betting
  • Finalize games with the final score input

BETTOR

  • Buy Soccer Bet Tokens (ERC20)
  • Approval a maximum amount of Soccer Bet Tokens for bettings on game
  • Bet on game with the input of the amount of Soccer Bet Tokens and the guessed score
  • View all bets on each game
  • View winner bets on each game
  • Withdraw Soccer Bet Tokens from Game to bettor's account
  • Exchange/Burn Soccer Bet Tokens for Ether

FUTURE PLANS

  • Handle some potential security and costs issues
Assets 2
Loading