Referendum #393

Finding and fixing a vulnerability in broker-pallet

Small Tipper
11mos ago
1 Comments
Executed

The new broker pallet, responsible for handling the Coretime procurement logic, had a vulnerability that allowed users to assign Coretime they no longer owned. This is, obviously, quite problematic.

The issue is described in more detail here: https://github.com/paritytech/polkadot-sdk/pull/2811

This is a small tip request for finding reporting and fixing the issue.

Reply
Up
Share
Request
100DOT
Status
Decision7d
Confirmation10mins
Attempts
1
Tally
93.4%Aye
50.0%Threshold
6.6%Nay
Aye
2.82MDOT
Nay
198.46KDOT
  • 0.0%
  • 0.0%
  • 0.0%

Threshold

Support(0.09%)
1.19MDOT
Issuance
1.32BDOT
Votes
Nested
Flattened
Calls
  • Call
  • Metadata
  • Timeline6
  • Votes Bubble
  • Statistics
Comments
No comments here