Giter Site home page Giter Site logo

dip20's Issues

Changing Fees - Issue

The caller of the transfer method can't reliably predict the fee amount that will be charged when transferring out. After a query call has been made to retrieve the fee value and before the actual transfer call, it's possible the fee could be changed by the owner. This may be a rare occurrence but can cause issues for downstream applications who may send more tokens than is necessary if a fee is changed by the owner.

Two possible fixes include making the transfer method have a limit parameter to ensure that fee + transfer value <= limit, or changing the transfer function so that the amount transferred is inclusive rather than exclusive of the fee.

IC CDK Storage bug

Any code that uses the IC CDK storage is using unsafe Rust which can result in race conditions. This may not introduce downstream issues in your code, but it was a problem for us, and certainly may be a problem if storage is used more widely throughout the codebase.

rust example build failed 

error[E0308]: mismatched types
   --> src/main.rs:537:13
    |
537 |             caller,
    |             ^^^^^^
    |             |
    |             expected enum `std::option::Option`, found struct `candid::Principal`
    |             help: try using a variant of the expected enum: `_::_serde::__private::Some(caller)`
    |
    = note: expected enum `std::option::Option<candid::Principal>`
             found struct `candid::Principal`

For more information about this error, try `rustc --explain E0308`.
error: could not compile `token` due to previous error

ben@u2 ~/D/rust (main) [101]> rustc --version
rustc 1.57.0 (f1edd0429 2021-11-29)

dip20 fails cargo audit with RUSTSEC-2022-0013 and RUSTSEC-2021-0127

issue: 1 warn and 1 vuln, looks like cpu dos

command output:

(ins)kod@m1:~/code/DIP20/rust$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 417 security advisories (from /Users/kod/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (164 crate dependencies)
Crate:     regex
Version:   1.5.4
Title:     Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:      2022-03-08
ID:        RUSTSEC-2022-0013
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:  Upgrade to >=1.5.5
Dependency tree:
regex 1.5.4
├── lalrpop-util 0.19.7
│   ├── lalrpop 0.19.7
│   │   └── candid 0.7.11
│   │       ├── token 0.1.0
│   │       ├── ic-cdk-macros 0.3.3
│   │       │   ├── token 0.1.0
│   │       │   └── ic-kit 0.4.3
│   │       │       ├── token 0.1.0
│   │       │       ├── cap-sdk-core 0.1.0-alpha1
│   │       │       │   └── cap-sdk 0.1.0-alpha1
│   │       │       │       ├── token 0.1.0
│   │       │       │       └── cap-standards 0.1.0-alpha1
│   │       │       │           └── token 0.1.0
│   │       │       ├── cap-sdk 0.1.0-alpha1
│   │       │       └── cap-common 0.1.0
│   │       │           └── cap-sdk-core 0.1.0-alpha1
│   │       ├── ic-cdk 0.3.3
│   │       │   ├── token 0.1.0
│   │       │   ├── ic-kit 0.4.3
│   │       │   ├── ic-cdk-macros 0.3.3
│   │       │   ├── cap-standards 0.1.0-alpha1
│   │       │   ├── cap-sdk-core 0.1.0-alpha1
│   │       │   ├── cap-sdk 0.1.0-alpha1
│   │       │   └── cap-common 0.1.0
│   │       └── cap-standards 0.1.0-alpha1
│   └── candid 0.7.11
└── lalrpop 0.19.7

Crate:     serde_cbor
Version:   0.11.2
Warning:   unmaintained
Title:     serde_cbor is unmaintained
Date:      2021-08-15
ID:        RUSTSEC-2021-0127
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0127
Dependency tree:
serde_cbor 0.11.2
└── cap-common 0.1.0
    └── cap-sdk-core 0.1.0-alpha1
        └── cap-sdk 0.1.0-alpha1
            ├── token 0.1.0
            └── cap-standards 0.1.0-alpha1
                └── token 0.1.0

error: 1 vulnerability found!
warning: 1 allowed warning found

suggested action:

cargo update

During canister install token : Invalid data: Unable to serialize Candid values: wrong number of argument values

While trying to run the create token commands, this error shows up.

Way to Replicate Error:
cd rust
dfx canister create --all
dfx build
dfx canister install token --argument="("data:image/jpeg;base64,...", "DFinance Coin", "DFC", 8, 10000000000000000, principal "qk36l-k7g7k-mtr6a-bfuek-eqsah-yjjj7-jurfe-54jjj7-jurfe-554sq-d7qhw-jw3su-jqe", 10000)"
Invalid data: Unable to serialize Candid values: wrong number of argument values

Add support for ICRC1 standard to DIP20

Hey!

I am one of the developers building OpenChat.
Within OpenChat we support the sending of any ICRC1 tokens, but we have been asked a few times to also support DIP20 tokens.
We make use of subaccounts in a few cases to isolate user funds held by a single canister, so we cant use DIP20 due to its lack of support for subaccounts.
However, a year ago, @roman-kashitsyn (one of the Dfinity devs) came up with a solution (see here) that would allow us to easily add support for ICRC1 to the DIP20 ledger.
His proposed solution simply involves converting each {owner, subaccount} pair into a derived principal.
The core of the ledger remains exactly the same.

I'm keen to implement the solution proposed by Roman so I'm creating this issue to start the discussion and to see if others also think this is a good plan.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.