Merge branch 'v1.0.13' of github.com:iExecBlockchainComputing/PoCo into v1.0.13

Author: Amxx

ChangeLog.md

@@ -17,11 +17,18 @@ Features:
  * [#21](https://github.com/iExecBlockchainComputing/PoCo/issues/21): remove change ownership in OwnableOZ.sol   
 
 Bugfixes:
-* [#24](https://github.com/iExecBlockchainComputing/PoCo/issues/24) possibly useless RLC address getter
-* [#15](https://github.com/iExecBlockchainComputing/PoCo/issues/15): Malicious IexecAPI contract without callback
-* [#15](https://github.com/iExecBlockchainComputing/PoCo/issues/15): [SC AUDIT] Result without Payment. Malicious IexecAPI contract without callback
-* [#25](https://github.com/iExecBlockchainComputing/PoCo/issues/25) :[SC AUDIT] Scheduler can manipulate its reward percentage
-* [#26](https://github.com/iExecBlockchainComputing/PoCo/issues/26) :[SC AUDIT] Arbitrary Contract are trusted
+* [#24](https://github.com/iExecBlockchainComputing/PoCo/issues/24) : possibly useless RLC address getter
+* [#15](https://github.com/iExecBlockchainComputing/PoCo/issues/15) :[CS AUDIT] Result without Payment. Malicious IexecAPI contract without callback
+* [#25](https://github.com/iExecBlockchainComputing/PoCo/issues/25) :[CS AUDIT] Scheduler can manipulate its reward percentage
+* [#26](https://github.com/iExecBlockchainComputing/PoCo/issues/26) :[CS AUDIT] Arbitrary Contract are trusted
+* [#27](https://github.com/iExecBlockchainComputing/PoCo/issues/27) :[CS AUDIT] fix consensusTimout, failled typo to consensusTimeout, failed
+* [#28](https://github.com/iExecBlockchainComputing/PoCo/issues/28) : Attacker can race to attach invalid hubs.
+* [#29](https://github.com/iExecBlockchainComputing/PoCo/issues/29) : [CS AUDIT] Addresses are are duplicates
+* [#30](https://github.com/iExecBlockchainComputing/PoCo/issues/30) : IexecHubInterface is not up to date
+* [#31](https://github.com/iExecBlockchainComputing/PoCo/issues/31) : OwnableOZ event not correct
+* [#32](https://github.com/iExecBlockchainComputing/PoCo/issues/32) : Need more gas
+* [#33](https://github.com/iExecBlockchainComputing/PoCo/issues/33) : [CS AUDIT] Both a contract and an event are called WorkOrder.
+* [#34](https://github.com/iExecBlockchainComputing/PoCo/issues/34) : [CS AUDIT] the variable names workerReward and workersReward are confusingly similar
 
 
 ### [v1.0.12](https://github.com/iExecBlockchainComputing/PoCo/releases/tag/v1.0.12)

README.md

@@ -492,15 +492,15 @@ or
 
 
 ```
-coverage : 12/04/2018
+coverage : 20/05/2018
 
-180 passing (12m)
+184 passing (10m)
 1 pending
 
 -----------------------------|----------|----------|----------|----------|----------------|
 File                         |  % Stmts | % Branch |  % Funcs |  % Lines |Uncovered Lines |
 -----------------------------|----------|----------|----------|----------|----------------|
-contracts/                  |      100 |    75.16 |      100 |      100 |                |
+contracts/                  |      100 |     74.7 |      100 |      100 |                |
 App.sol                    |      100 |       50 |      100 |      100 |                |
 AppHub.sol                 |      100 |      100 |      100 |      100 |                |
 Dataset.sol                |      100 |       50 |      100 |      100 |                |
@@ -511,17 +511,17 @@ IexecHub.sol               |      100 |    70.54 |      100 |      100 |
 IexecHubAccessor.sol       |      100 |       75 |      100 |      100 |                |
 IexecHubInterface.sol      |      100 |      100 |      100 |      100 |                |
 IexecLib.sol               |      100 |      100 |      100 |      100 |                |
-Marketplace.sol            |      100 |    88.89 |      100 |      100 |                |
+Marketplace.sol            |      100 |    83.33 |      100 |      100 |                |
 MarketplaceAccessor.sol    |      100 |       50 |      100 |      100 |                |
 MarketplaceInterface.sol   |      100 |      100 |      100 |      100 |                |
-OwnableOZ.sol              |      100 |       75 |      100 |      100 |                |
+OwnableOZ.sol              |      100 |    66.67 |      100 |      100 |                |
 SafeMathOZ.sol             |      100 |       75 |      100 |      100 |                |
 TestSha.sol                |      100 |      100 |      100 |      100 |                |
-WorkOrder.sol              |      100 |       60 |      100 |      100 |                |
-WorkerPool.sol             |      100 |    82.69 |      100 |      100 |                |
+WorkOrder.sol              |      100 |    56.25 |      100 |      100 |                |
+WorkerPool.sol             |      100 |     81.9 |      100 |      100 |                |
 WorkerPoolHub.sol          |      100 |       75 |      100 |      100 |                |
 -----------------------------|----------|----------|----------|----------|----------------|
-All files                    |      100 |    75.16 |      100 |      100 |                |
+All files                    |      100 |     74.7 |      100 |      100 |                |
 -----------------------------|----------|----------|----------|----------|----------------|
 ```
 ## Oyente analyse see [here](./oyente)

contracts/IexecAPI.sol

@@ -7,7 +7,7 @@ import "rlc-token/contracts/RLC.sol";
 
 contract IexecAPI is OwnableOZ, IexecHubAccessor, IexecCallbackInterface
 {
-	event WorkOrder              (address woid);
+	event WorkOrderActivated     (address woid);
 	event WithdrawRLCFromIexecAPI(address to,       uint256 amount);
 	event ApproveIexecHub        (address iexecHub, uint256 amount);
 	event DepositRLCOnIexecHub   (address iexecHub, uint256 amount);
@@ -34,7 +34,7 @@ contract IexecAPI is OwnableOZ, IexecHubAccessor, IexecCallbackInterface
 	public
 	{
 		address woid = iexecHubInterface.buyForWorkOrder(_marketorderIdx, _workerpool, _app, _dataset, _params, _callback, _beneficiary);
-		emit WorkOrder(woid);
+		emit WorkOrderActivated(woid);
 	}
 
 	function workOrderCallback(

contracts/IexecHub.sol

@@ -38,7 +38,7 @@ contract IexecHub
 	/**
 	 * Market place
 	 */
-	Marketplace marketplace;
+	Marketplace public marketplace;
 	modifier onlyMarketplace()
 	{
 		require(msg.sender == address(marketplace));
@@ -504,7 +504,7 @@ contract IexecHub
 		require(seize(_worker, _amount));
 		if (_reputation)
 		{
-			m_contributionHistory.failled = m_contributionHistory.failled.add(1);
+			m_contributionHistory.failed = m_contributionHistory.failed.add(1);
 			m_scores[_worker] = m_scores[_worker].sub(m_scores[_worker].min(SCORE_UNITARY_SLASH));
 			emit FaultyContribution(_woid, _worker);
 		}

contracts/IexecLib.sol

@@ -32,7 +32,7 @@ library IexecLib
 		UNSET,     // Work order not yet initialized (invalid address)
 		ACTIVE,    // Marketed → constributions are open
 		REVEALING, // Starting consensus reveal
-		CLAIMED,   // Failled consensus
+		CLAIMED,   // failed consensus
 		COMPLETED  // Concensus achieved
 	}
 
@@ -48,7 +48,7 @@ library IexecLib
 		bytes32 consensus;
 		uint256 revealDate;
 		uint256 revealCounter;
-		uint256 consensusTimout;
+		uint256 consensusTimeout;
 		uint256 winnerCount;
 		address[] contributors;
 		address workerpoolOwner;
@@ -90,10 +90,10 @@ library IexecLib
 		uint256 locked;
 	}
 
-	struct ContributionHistory // for credibility computation, f = failled/total
+	struct ContributionHistory // for credibility computation, f = failed/total
 	{
 		uint256 success;
-		uint256 failled;
+		uint256 failed;
 	}
 
 	struct Category

contracts/WorkerPool.sol

@@ -176,7 +176,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 		bytes32 c_consensus,
 		uint256 c_revealDate,
 		uint256 c_revealCounter,
-		uint256 c_consensusTimout,
+		uint256 c_consensusTimeout,
 		uint256 c_winnerCount,
 		address c_workerpoolOwner)
 	{
@@ -187,7 +187,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 			consensus.consensus,
 			consensus.revealDate,
 			consensus.revealCounter,
-			consensus.consensusTimout,
+			consensus.consensusTimeout,
 			consensus.winnerCount,
 			consensus.workerpoolOwner
 		);
@@ -240,7 +240,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 		consensus.poolReward                 = marketplaceInterface.getMarketOrderValue(_marketorderIdx);
 		consensus.workerpoolOwner            = marketplaceInterface.getMarketOrderWorkerpoolOwner(_marketorderIdx);
 		consensus.stakeAmount                = consensus.poolReward.percentage(m_stakeRatioPolicy);
-		consensus.consensusTimout            = timeout;
+		consensus.consensusTimeout            = timeout;
 		consensus.schedulerRewardRatioPolicy = m_schedulerRewardRatioPolicy;
 
 		emit WorkOrderActive(_woid);
@@ -251,7 +251,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	function claimFailedConsensus(address _woid) public onlyIexecHub returns (bool)
 	{
 	  IexecLib.Consensus storage consensus = m_consensus[_woid];
-		require(now > consensus.consensusTimout);
+		require(now > consensus.consensusTimeout);
 		uint256 i;
 		address w;
 		for (i = 0; i < consensus.contributors.length; ++i)
@@ -281,7 +281,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 		require(WorkOrder(_woid).m_status() == IexecLib.WorkOrderStatusEnum.ACTIVE);
 		IexecLib.Contribution storage contribution = m_contributions[_woid][_worker];
 		IexecLib.Consensus    storage consensus    = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 
 		address workerPool;
 		uint256 workerScore;
@@ -300,7 +300,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	{
 		require(iexecHubInterface.isWoidRegistred(_woid));
 		IexecLib.Consensus    storage consensus    = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 		require(WorkOrder(_woid).m_status() == IexecLib.WorkOrderStatusEnum.ACTIVE); // can't contribute on a claimed or completed workorder
 		IexecLib.Contribution storage contribution = m_contributions[_woid][msg.sender];
 
@@ -328,7 +328,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	{
 		require(iexecHubInterface.isWoidRegistred(_woid));
 		IexecLib.Consensus storage consensus = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 		require(WorkOrder(_woid).startRevealingPhase());
 
 		consensus.winnerCount = 0;
@@ -356,7 +356,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	{
 		require(iexecHubInterface.isWoidRegistred(_woid));
 		IexecLib.Consensus    storage consensus    = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 		IexecLib.Contribution storage contribution = m_contributions[_woid][msg.sender];
 
 		require(WorkOrder(_woid).m_status() == IexecLib.WorkOrderStatusEnum.REVEALING     );
@@ -377,7 +377,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	{
 		require(iexecHubInterface.isWoidRegistred(_woid));
 		IexecLib.Consensus storage consensus = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 		require(consensus.revealDate <= now && consensus.revealCounter == 0);
 		require(WorkOrder(_woid).reActivate());
 
@@ -402,7 +402,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 	{
 		require(iexecHubInterface.isWoidRegistred(_woid));
 		IexecLib.Consensus storage consensus = m_consensus[_woid];
-		require(now <= consensus.consensusTimout);
+		require(now <= consensus.consensusTimeout);
 		require((consensus.revealDate <= now && consensus.revealCounter > 0) || (consensus.revealCounter == consensus.winnerCount)); // consensus.winnerCount never 0 at this step
 
 		// add penalized to the call worker to contribution and they never contribute ?
@@ -420,7 +420,7 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 		uint256 workerBonus;
 		uint256 workerWeight;
 		uint256 totalWeight;
-		uint256 workerReward;
+		uint256 individualWorkerReward;
 		uint256 totalReward = _consensus.poolReward;
 		address[] memory contributors = _consensus.contributors;
 		for (i = 0; i<contributors.length; ++i)
@@ -442,17 +442,17 @@ contract WorkerPool is OwnableOZ, IexecHubAccessor, MarketplaceAccessor
 		require(totalWeight > 0);
 
 		// compute how much is going to the workers
-		uint256 workersReward = totalReward.percentage(uint256(100).sub(_consensus.schedulerRewardRatioPolicy));
+		uint256 totalWorkersReward = totalReward.percentage(uint256(100).sub(_consensus.schedulerRewardRatioPolicy));
 
 		for (i = 0; i<contributors.length; ++i)
 		{
 			w = contributors[i];
 			if (m_contributions[_woid][w].status == IexecLib.ContributionStatusEnum.PROVED)
 			{
-				workerReward = workersReward.mulByFraction(m_contributions[_woid][w].weight, totalWeight);
-				totalReward  = totalReward.sub(workerReward);
+				individualWorkerReward = totalWorkersReward.mulByFraction(m_contributions[_woid][w].weight, totalWeight);
+				totalReward  = totalReward.sub(individualWorkerReward);
 				require(iexecHubInterface.unlockForWork(_woid, w, _consensus.stakeAmount));
-				require(iexecHubInterface.rewardForWork(_woid, w, workerReward, true));
+				require(iexecHubInterface.rewardForWork(_woid, w, individualWorkerReward, true));
 			}
 			else // WorkStatusEnum.POCO_REJECT or ContributionStatusEnum.CONTRIBUTED (not revealed)
 			{

test/byFunctions/IexecAPI/buyForWorkOrder.js

@@ -259,7 +259,7 @@ contract('IexecHub', function(accounts) {
 	it("buyForWorkOrder_01: test buyForWorkOrder from a smart contract", async function() {
 
 
-    aIexecAPIInstance = await IexecAPI.new(aIexecHubInstance.address, aMarketplaceInstance.address, aRLCInstance.address,{
+    aIexecAPIInstance = await IexecAPI.new(aIexecHubInstance.address, aMarketplaceInstance.address, {
       from: iExecCloudUser
     });
     console.log("aIexecAPIInstance created "+aIexecAPIInstance.address);
@@ -348,6 +348,9 @@ contract('IexecHub', function(accounts) {
 		woid = events[0].args.woid;
 		assert.strictEqual(events[0].args.workerPool, aWorkerPoolInstance.address, "check workerPool");
 
+		events = await Extensions.getEventsPromise(aIexecAPIInstance.WorkOrderActivated({}),1,constants.EVENT_WAIT_TIMEOUT);
+		assert.strictEqual(events[0].args.woid, woid, "check woid");
+
     checkBalance = await aIexecHubInstance.checkBalance.call(aIexecAPIInstance.address);
     assert.strictEqual(checkBalance[0].toNumber(), 0, "check stake of the aIexecAPIInstance.address");
     assert.strictEqual(checkBalance[1].toNumber(),  100, "check stake locked of the aIexecAPIInstance.address");

test/byFunctions/IexecAPI/workOrderCallback.js

@@ -304,7 +304,7 @@ contract('IexecHub', function(accounts) {
   it("workOrderCallback_01: test workOrderCallback from a smart contract", async function() {
 
 
-    aIexecAPIInstance = await IexecAPI.new(aIexecHubInstance.address, aMarketplaceInstance.address,aRLCInstance.address, {
+    aIexecAPIInstance = await IexecAPI.new(aIexecHubInstance.address, aMarketplaceInstance.address, {
       from: iExecCloudUser
     });
     console.log("aIexecAPIInstance created " + aIexecAPIInstance.address);
@@ -417,7 +417,7 @@ contract('IexecHub', function(accounts) {
     assert.strictEqual(events[0].args.result, '0x5def3ac0554e7a443f84985aa9629864e81d71d59e0649ddad3d618f85a1bf4b', "check revealed result by resourceProvider");
     assert.strictEqual(events[0].args.result, web3.sha3("iExec the wanderer"), "check revealed result by resourceProvider");
 
-    [poolReward, stakeAmount, consensus, revealDate, revealCounter, consensusTimout, winnerCount] = await aWorkerPoolInstance.getConsensusDetails.call(woid, {
+    [poolReward, stakeAmount, consensus, revealDate, revealCounter, consensusTimeout, winnerCount] = await aWorkerPoolInstance.getConsensusDetails.call(woid, {
       from: iExecCloudUser,
       gas: constants.AMOUNT_GAS_PROVIDED
     });
@@ -436,7 +436,7 @@ contract('IexecHub', function(accounts) {
     assert.strictEqual(consensus, '0x2fa3c6dc29e10dfc01cea7e9443ffe431e6564e74f5dcf4de4b04f2e5d343d70', "check consensus");
     assert.isTrue(revealDate.toNumber() > 0, "check revealDate > 0");
     assert.strictEqual(revealCounter.toNumber(), 1, "check revealCounter 1 now");
-    assert.isTrue(consensusTimout.toNumber() > 0, "check consensusTimout > 0");
+    assert.isTrue(consensusTimeout.toNumber() > 0, "check consensusTimeout > 0");
     assert.strictEqual(winnerCount.toNumber(), 1, "check 1 winnerCount");
 
 

test/byFunctions/IexecHub/attachMarketplace.js

@@ -166,7 +166,7 @@ contract('IexecHub', function(accounts) {
       gas : constants.AMOUNT_GAS_PROVIDED
 		});
 		assert.isBelow(txMined.receipt.gasUsed, constants.AMOUNT_GAS_PROVIDED, "should not use all gas");
-    let marketplaceAddressCall = await aIexecHubInstance.marketplaceAddress.call();
+    let marketplaceAddressCall = await aIexecHubInstance.marketplace.call();
     assert.strictEqual(marketplaceAddressCall,  aMarketplaceInstance.address, "check marketplaceAddress in aIexecHubInstance");
 	});
 

test/byFunctions/IexecHub/setCategoriesCreator.js

@@ -219,28 +219,6 @@ contract('IexecHub', function(accounts) {
 
   });
 
-  it("setCategoriesCreator_03 : it should be possible for any user to setCategoriesCreator to himself", async function() {
-
-    txMined = await aIexecHubInstance.setCategoriesCreator(iExecCloudUser, {
-      from: iExecCloudUser,
-      gas: constants.AMOUNT_GAS_PROVIDED
-    });
-    assert.isBelow(txMined.receipt.gasUsed, constants.AMOUNT_GAS_PROVIDED, "should not use all gas");
-
-    let categoriesCreatorCall = await aIexecHubInstance.m_categoriesCreator.call();
-    assert.strictEqual(categoriesCreatorCall, iExecCloudUser, "check m_categoriesCreator in aIexecHubInstance");
-
-  });
-
-  it("setCategoriesCreator_04 : it should be possible for any user to setCategoriesCreator to others users", async function() {
-    txMined = await aIexecHubInstance.setCategoriesCreator(resourceProvider, {
-      from: iExecCloudUser,
-      gas: constants.AMOUNT_GAS_PROVIDED
-    });
-    assert.isBelow(txMined.receipt.gasUsed, constants.AMOUNT_GAS_PROVIDED, "should not use all gas");
-    let categoriesCreatorCall = await aIexecHubInstance.m_categoriesCreator.call();
-    assert.strictEqual(categoriesCreatorCall, resourceProvider, "check m_categoriesCreator in aIexecHubInstance");
-  });
 
   it("setCategoriesCreator_05 :  when m_categoriesCreator is valorized. it must not be possible to others users to call setCategoriesCreator", async function() {
     txMined = await aIexecHubInstance.setCategoriesCreator(marketplaceCreator, {