Hotfix: Duplicate Currency in Bitmap #92
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes critical issue where a bitmap currency can be duplicated in active currencies, causing free collateral to be double counted: https://blog.notional.finance/critical-bug-payout-report/
This fix will re-enable the
enableBitmapCurrencymethod to be called by accounts. The fix here is to simply remove the functionality of changing a bitmap currency on an account once it is set. This should eliminate the potential for double counting altogether. There is no valid use case for accounts changing bitmap currencies. Furthermore, once enabled a bitmap currency also cannot be disabled.This feature was designed with the intention that a bitmap currency was a permanent fixture of an account. If an account does set this and need to change it later they must switch to using a different address. From our perspective, this is an acceptable switching cost.
Additionally, require statements have been added to the
FreeCollateral.solfile to explicitly disallow double counting across bitmap currency to active currency. Since the FreeCollateral library is compiled directly into the bytecode of multiple other contracts, this change will only take effect on a redeployment of the FreeCollateralExternal library and its associated contracts.