Update EIP-3643: Move to Draft #7164
Conversation
put out of stagnant status
github-actions
bot
added
c-status
|
✅ All reviewers have approved. |
Joachim-Lebrun
changed the title
eth-bot
changed the title
|
The commit c69bb86 (as a parent of b332759) contains errors. |
EIPS/eip-3643.md
Outdated
| The suite of Smart Contracts has been audited by external independent companies. The results can be found on | ||
| Tokeny's website or on the Tokeny's T-REX repository. |
There was a problem hiding this comment.
Mentioning your website is conceptually an "external link", and so isn't allowed. I'd recommend either summarizing the results of the audit, or simply noting that no security issues have been found.
Perhaps something like one of these, as appropriate:
This specification has been audited by Kapersky, and no notable security considerations were found.
An audit, performed by Kapersky, highlighted the following considerations for implementers of this standard:
- When flooping a glarp, implementers must pay particular attention to the meep. It must remain glooped for the duration of the merp.
- Never transfer the moop to the merp. Doing so would allow an attacker to floop the glarp too early.
From an extremely quick read of the audit report, it looks like it was focused on your implementation, but not on this standard itself. In other words, they focused on whether your implementation conformed to your whitepaper, and didn't consider whether your overall design was sound.
That isn't problematic in and of itself, but it does mean the audit might not be applicable to other implementers?
There was a problem hiding this comment.
Indeed, the audit mainly focused on the concrete implementation of the standard. However, it is important to note that our implementation is a direct translation of the standard specification outlined in the whitepaper. Therefore, the audit process essentially included a thorough review and verification of the standard's design and functionality.
While the audit report may not explicitly state the details of these discussions, the audit process was comprehensive and spanned over four months. During this time, the audit team harshly challenged the principles and design decisions underlying the T-REX standard (ERC-3643). Their inquiry was not limited to the security aspects of smart contracts, but also delved into the rationale behind the standard's specifications. Satisfactory responses to these inquiries and the absence of any outstanding safety issues in the audit report demonstrate the robustness of the standard.
It is true that the audits we realized may not be fully applicable to other implementations of the standard, but still provide valuable insight into the standard's design and functionality. The audits validate the standard's specifications and provide assurance that the standard does not present any notable security issues (when implemented as per the specifications). Therefore, we consider it relevant and useful to mention the audits in this section related to standard security considerations.
There was a problem hiding this comment.
Updated the Security Considerations section in adfc130
Co-authored-by: Sam Wilson <[email protected]>
Co-authored-by: Sam Wilson <[email protected]>
Co-authored-by: Sam Wilson <[email protected]>
|
@SamWilsn is there still any changes required to merge this PR? |
transferOwnershipOnIdentityRegistryContractwhich is a duplicate oftransferOwnershipas we mention the ERC-173 used by the standard.