Sulkta-Coop/agora
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update changelog

Browse source
This commit is contained in:
Hongrui Fang 2022-10-31 21:39:57 +08:00
parent af81a59bb3
commit 29c1d4c1cf
No known key found for this signature in database
GPG key ID: F10AB2CCE24113DD
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
CHANGELOG.md
View file

@ -6,6 +6,15 @@ This format is based on [Keep A Changelog](https://keepachangelog.com/en/1.0.0).
### Modified
- Fix several vulnerabilities and bugs found in both proposal and governor scripts.
Including:
- Governor accepts fake stake UTxO, meaning that an attacker can DoS by
creating Proposals without passing the minimum GT limit.
- The proposal policy asserts that GST moves while minting PST, effectively
allowing attackers to create fake proposals.
- Fix an exploit that allows arbitrary amount of SSTs to be minted. The attack is
very similar to the GAT one. See also the discussion in
[#202](https://github.com/Liqwid-Labs/agora/pull/202).