Audit, v3.0 (including ERC20 version)

Exported by Edmund Edgar from Original audit document (PDF).

Reality 3.0 / August 2021

Current status

All issues have been fixed by the developer. There are no know issues in https://github.com/RealityETH/monorepo/blob/e4584d7cf6ab2d9a5b129bd970b7d4517811ae6a.

Issues

1. Incorrect bond payout on UNRESOLVED_ANSWER

type: faulty implementation / severity: medium

When last answer is unrevealed and best answer is UNRESOLVED_ANSWER, the bond from the unrevealed answer will be paid to address(0) instead of to the winner which would we be the case if the best answer wasn’t an UNRESOLVED_ANSWER.

status - fixed

Issue has been fixed and is no longer present in https://github.com/RealityETH/monorepo/blob/e4584d7cf6ab2d9a5b129bd970b7d4517811ae6a

2. Arbitration can be initiated even with no valid answer, resulting in premature finalisation after the arbitration is cancelled

type: security / severity: medium

Arbitration can be initiated after an answer commitment is posted, even if no revealed answers have been posted, after this arbitration is cancelled the question will be finalised after finalize_ts seconds, even though no answer has been provided. In results all bonds will be paid out to address(0), bounty will become unretrievable and best_answer will be set to 0.

status - fixed

Issue has been fixed and is no longer present in https://github.com/RealityETH/monorepo/blob/e4584d7cf6ab2d9a5b129bd970b7d4517811ae6a

3. answer_takeover_fee credited to second answer depends on the way answers are processed

type: security / severity: medium

In claimWinnings answer_takeover_fee is inconsistently calculated, it is being subtracted from bounty if the winning answer and second best answer are processed in one go, but if they are processed separately, the whole bounty amount is reserved for the winner and can’t by used for the fee.

status - fixed

Issue has been fixed and is no longer present in https://github.com/RealityETH/monorepo/blob/e4584d7cf6ab2d9a5b129bd970b7d4517811ae6a

Notes

RealityETH_ERC20-3.0.sol should not be used with ERC20-like token contracts that implement callbacks like ERC777 due to potential re- entrancy issues.