Address audit issues

Added: Fix for non-refunded amendments & test case
Modified: accuracyDiv > decimalDiv
Modified: Specification to include behaviour constraint

Audit_Response.md

@@ -0,0 +1,30 @@
+# Audit Response - 4th August 2018
+
+All fixes are included in the commit:  
+
+
+## 2.1 - Timestamp Dependence
+
+Agree that miners can impact on whether a vote is extended or not, by selectively censoring votes causing them to fall outside of the initial voting window, or not appear at all.
+
+I think the risk here is small, and generally minor censoring of votes is a known issue with on-chain voting.
+
+## 2.2 - Code Path Analysis
+
+Resolved following the recommended approach of refunding (via `unagreeAmendment`) any funds deposited to cover an amended agreement if either party agrees or disputes the original (non-amended) agreement.
+
+A test case has been added for this.
+
+## 2.3 - External Contract Call Attacks
+
+The `approveAndCall` function in `JURToken` only allows external calls to approved functions, and enforces that the first argument (or chunk of data) corresponds to the callers address. This allows called contracts to rely on calls from `JURToken` to be honest (correctly specify the callers address).
+
+## 4 - Misc. Notes
+
+  - `DisputeClosed` has been removed.
+
+  - TODOs have been removed.
+
+  - Comment on voting behaviour has been amended in `Arbitration.sol` and also added to `JUR Protocol Specification.md` to reflect the behaviour that a vote can not lead to the currently winning party having more than twice the next best party.
+
+  - `accuracyDiv` has improved comments and been renamed to `decimalDiv`, and `decimalMul` has been added for consistency. These functions allow multiplication and division of decimals represented as decimals * 10**18. e.g. `decimalDiv(10 * 10**18, 100 * 10**18) == (10 / 100) * 10**18` and `decimalMul(0.5 * 10**18, 0.5 * 10**18) == 0.25 * 10**18`.

JUR Protocol Specification.md

@@ -130,6 +130,8 @@ The rules governing the voting process are:
 
   - any new voter must stake at least 1% of the total amount of votes accrued during the voting process so far.
 
+  - following a vote being cast, the winning party can have at most twice as many votes as the next best party, otherwise the vote is rejected.
+
   - the Voting Period lasts 24 hours from the Dispute Dispersals being finalised, unless extended.
 
   - the Voting Period is extended if, at the end of the Voting Period, either of the following is true. In both cases, the Voting Period is extended by a further 30 minutes, after which this logic is reapplied recursively:

README.md

@@ -129,6 +129,27 @@ Arbitration Address: 0x3804475d74a3b5261b34d3c8f31af30055058466
     ✓ 17. party1 withdraws dispersal (zero tokens) (112ms)
     ✓ 18. party2 withdraws dispersal (180 tokens) - state is now Closed (165ms)
 
+  Contract: Arbitration - Refunded Amendment
+JUR Token Address:  0x526dd75f0645fb6c071656b92c13e169214fe124
+Arbitration Factory Address:  0x8fc1b1def5f7fef63e9bb4b33ac77b02b76a4a6f
+    ✓ 0. initialize token contract and arbitration factory contract (366ms)
+Arbitration Address: 0x794d28d7ae66a334ec589dd8dc25de9d8a43b412
+    ✓ 1. create new arbitration - state is unsigned (166ms)
+    ✓ 2. approve arbitration for transfers (120ms)
+    ✓ 3. only parties can sign arbitration
+    ✓ 4. party1 signs arbitration (60ms)
+    ✓ 5. party1 unsigns arbitration (45ms)
+    ✓ 6. party1 resigns arbitration (91ms)
+    ✓ 7. party2 signs arbitration - state is now Signed (85ms)
+    ✓ 8. party2 proposes amendment (74ms)
+    ✓ 9. party1 agrees amendment (262ms)
+    ✓ 10. party1 proposes amendment without authorising additional funding - fail (73ms)
+    ✓ 11. party1 proposes amendment with authorised additional amendedFunding (234ms)
+    ✓ 15. party1 agrees arbitration - party1 is refunded amendement funds (122ms)
+    ✓ 16. party2 agrees arbitration - state is now Agreed (73ms)
+    ✓ 17. party1 withdraws dispersal (twenty tokens) (101ms)
+    ✓ 18. party2 withdraws dispersal (80 tokens) - state is now Closed (156ms)
+
   Contract: Arbitration - Tied dispute
 JUR Token Address:  0x1f37801d4db18b6a4cb6a65eced53ccb63ab764e
 Arbitration Factory Address:  0x738f23b326d12610a6374de0a12e3f5ce6b9eeca

contracts/Arbitration.sol

@@ -72,11 +72,11 @@ contract Arbitration {
   }
 
   //Initialise state
-  enum State {Unsigned, Signed, Agreed, Dispute, Closed, DisputeClosed}
+  enum State {Unsigned, Signed, Agreed, Dispute, Closed}
   State public state = State.Unsigned;
 
-  //Accuracy for division
-  uint256 constant ACCURACY = 10 ** 18;
+  //Decimals used for voting token
+  uint256 constant DECIMALS = 10 ** 18;
 
   modifier onlyParties {
     require(parties[msg.sender]);
@@ -188,6 +188,10 @@ contract Arbitration {
   function agree() public hasState(State.Signed) onlyParties {
     require(!hasAgreed[msg.sender]);
     hasAgreed[msg.sender] = true;
+    // If there is an amendment proposed, but not agreed refund all amendment funds
+    if (amendmentProposed) {
+      unagreeAmendment();
+    }
     bool allAgreed = true;
     for (uint8 i = 0; i < allParties.length; i++) {
       allAgreed = allAgreed && hasAgreed[allParties[i]];
@@ -275,11 +279,11 @@ contract Arbitration {
       uint256 deficit = amendedFunding[_sender].sub(funding[_sender]);
       require(jurToken.transferFrom(_sender, address(this), deficit));
     }
+    emit ContractAmendmentAgreed(_sender);
     bool allFundedAmendment = true;
     for (uint8 i = 0; i < allParties.length; i++) {
       allFundedAmendment = allFundedAmendment && hasFundedAmendment[allParties[i]];
     }
-    emit ContractAmendmentAgreed(_sender);
     // If all parties have funded / agreed an amendment, refund any excess and reset proposals
     if (allFundedAmendment) {
       amendmentProposed = false;
@@ -358,6 +362,10 @@ contract Arbitration {
 
   function _dispute(address _sender, uint256 _voteAmount, uint256[] _dispersal) internal hasState(State.Signed) isParty(_sender) {
     require(_dispersal.length == allParties.length);
+    // If there is an amendment proposed, but not agreed refund all amendment funds
+    if (amendmentProposed) {
+      unagreeAmendment();
+    }
     setState(State.Dispute);
     uint256 totalDispersal = 0;
     uint256 totalFunding = 0;
@@ -381,7 +389,6 @@ contract Arbitration {
       disputeDispersal[address(0)][allParties[k]] = funding[allParties[k]];
     }
     emit ContractDisputed(_sender, _dispersal);
-    //TODO - fix this
     _vote(_sender, _sender, _voteAmount);
   }
 
@@ -474,7 +481,7 @@ contract Arbitration {
     require(parties[_voteAddress] || (_voteAddress == address(0)));
     //Vote must be at least MIN_VOTE of the totalVotes
     require(_voteAmount >= totalVotes.mul(MIN_VOTE).div(10**18));
-    //Vote must not mean the new winning party after the vote has strictly more than the next best party
+    //Vote must not mean the new winning party after the vote has strictly more than twice the next best party
     if (totalVotes != 0) {
       address winnerParty;
       address bestMinortyParty;
@@ -528,26 +535,23 @@ contract Arbitration {
     //If there were no votes on any minority options (all votes on the winner) then there is no payout
     uint256 reward = 0;
     if (totalMinorityVotes != 0) {
-      reward = accuracyDiv(totalMinorityVotes, bestMinorityVotes);
+      reward = decimalDiv(totalMinorityVotes, bestMinorityVotes);
     }
 
     uint256 eligableVotes = 0;
     uint256 stakedVotes = 0;
 
     for (uint256 i = _start; i < Math.min256(userVotes[msg.sender][winnerParty].length, _end); i++) {
       if (!userVotes[msg.sender][winnerParty][i].claimed) {
+        userVotes[msg.sender][winnerParty][i].claimed = true;
         stakedVotes = stakedVotes.add(userVotes[msg.sender][winnerParty][i].amount);
-        if (userVotes[msg.sender][winnerParty][i].previousVotes >= bestMinorityVotes) {
-          //nothing left to pay out in rewards, just mark as claimed
-          userVotes[msg.sender][winnerParty][i].claimed = true;
-        } else {
+        if (userVotes[msg.sender][winnerParty][i].previousVotes < bestMinorityVotes) {
           eligableVotes = eligableVotes.add(Math.min256(bestMinorityVotes.sub(userVotes[msg.sender][winnerParty][i].previousVotes), userVotes[msg.sender][winnerParty][i].amount));
-          userVotes[msg.sender][winnerParty][i].claimed = true;
         }
       }
     }
-    require(jurToken.transfer(msg.sender, stakedVotes.add(eligableVotes.mul(reward).div(ACCURACY))));
-    emit VoterPayout(msg.sender, stakedVotes, eligableVotes.mul(reward).div(ACCURACY));
+    require(jurToken.transfer(msg.sender, stakedVotes.add(decimalMul(eligableVotes, reward))));
+    emit VoterPayout(msg.sender, stakedVotes, decimalMul(eligableVotes, reward));
   }
 
   /**
@@ -585,7 +589,6 @@ contract Arbitration {
    * @dev Allows sender (party) to claim their dispersal tokens
    */
   function payoutParty() public hasState(State.Dispute) onlyParties {
-    //TODO: check that vote has actually ended
     uint256 newDisputeEnds = calcDisputeEnds();
     if (newDisputeEnds != disputeEnds) {
       emit DisputeEndsAdjusted(newDisputeEnds, disputeEnds);
@@ -601,10 +604,17 @@ contract Arbitration {
   }
 
   /**
-   * @notice Returns division with accuracy of 10**18
+   * @notice Returns division assuming both inputs are decimals multiplied by DECIMALS
+   */
+  function decimalDiv(uint256 x, uint256 y) internal pure returns (uint256) {
+    return x.mul(DECIMALS).add(y.div(2)).div(y);
+  }
+
+  /**
+   * @notice Returns multiplication assuming both inputs are decimals multiplied by DECIMALS
    */
-  function accuracyDiv(uint256 x, uint256 y) internal pure returns (uint256) {
-      return x.mul(ACCURACY).add(y.div(2)).div(y);
+  function decimalMul(uint256 x, uint256 y) internal pure returns (uint256) {
+    return x.mul(y).add(DECIMALS.div(2)).div(DECIMALS);
   }
 
   /**

test/01a_refunded_amend_agreement.js

@@ -0,0 +1,153 @@
+const assertFail = require("./helpers/assertFail");
+
+const ArbitrationFactory = artifacts.require("./ArbitrationFactoryMock.sol");
+const Arbitration = artifacts.require("./ArbitrationMock.sol");
+const JURToken = artifacts.require("./JURToken.sol");
+
+contract('Arbitration - Refunded Amendment', function (accounts) {
+
+  var token;
+  var arbitrationFactory;
+  var arbitration;
+  var party1 = accounts[1];
+  var party2 = accounts[2];
+  var voter1 = accounts[3];
+
+  // =========================================================================
+  it("0. initialize token contract and arbitration factory contract", async () => {
+
+    token = await JURToken.new(["sig1"], {from: accounts[0]});
+    console.log("JUR Token Address: ", token.address);
+
+    //Mint some tokens for party1 and party2
+    await token.mint(party1, 50, {from: accounts[0]});
+    await token.mint(party2, 100, {from: accounts[0]});
+    await token.mint(voter1, 100, {from: accounts[0]});
+
+    //Initialise arbitration contract
+    arbitrationFactory = await ArbitrationFactory.new(token.address, {from: accounts[0]});
+    console.log("Arbitration Factory Address: ", arbitrationFactory.address);
+
+  });
+
+  it("1. create new arbitration - state is unsigned", async () => {
+    let tx = await arbitrationFactory.createArbitration([party1, party2], [0, 150], [50, 100], "Do some work...");
+    arbitration = Arbitration.at(tx.logs[0].args._arbitration);
+    console.log("Arbitration Address: " + arbitration.address);
+    let party1Dispersal = await arbitration.dispersal(party1);
+    let party2Dispersal = await arbitration.dispersal(party2);
+    let party1Funding = await arbitration.funding(party1);
+    let party2Funding = await arbitration.funding(party2);
+    assert.equal(party1Dispersal.toNumber(), 0);
+    assert.equal(party2Dispersal.toNumber(), 150);
+    assert.equal(party1Funding.toNumber(), 50);
+    assert.equal(party2Funding.toNumber(), 100);
+    let state = await arbitration.state();
+    assert.equal(state, 0);
+  });
+
+  it("2. approve arbitration for transfers", async () => {
+    await token.approve(arbitration.address, 50, {from: party1});
+    await token.approve(arbitration.address, 100, {from: party2});
+    await token.approve(arbitration.address, 100, {from: voter1});
+  });
+
+  it("3. only parties can sign arbitration", async () => {
+    await assertFail(async () => {
+      await arbitration.sign({from: voter1});
+    });
+  });
+
+  it("4. party1 signs arbitration", async () => {
+    await arbitration.sign({from: party1});
+  });
+
+  it("5. party1 unsigns arbitration", async () => {
+    await arbitration.unsign({from: party1});
+  });
+
+  it("6. party1 resigns arbitration", async () => {
+    await token.approve(arbitration.address, 50, {from: party1});
+    await arbitration.sign({from: party1});
+  });
+
+  it("7. party2 signs arbitration - state is now Signed", async () => {
+    await arbitration.sign({from: party2});
+    let state = await arbitration.state();
+    assert.equal(state, 1);
+  });
+
+  it("8. party2 proposes amendment", async () => {
+    //Original values: [0, 150], [50, 100], "Do some work..."
+    //No additional funding required from party 2
+    await arbitration.proposeAmendment([20, 80], [0, 100], "Do some different work...", {from: party2});
+    let state = await arbitration.state();
+    assert.equal(state, 1);
+  });
+
+  it("9. party1 agrees amendment", async () => {
+    //No additional funding required from party 1
+    await arbitration.agreeAmendment({from: party1});
+    let state = await arbitration.state();
+    assert.equal(state, 1);
+    assert.equal((await arbitration.dispersal(party1)).toNumber(), 20);
+    assert.equal((await arbitration.dispersal(party2)).toNumber(), 80);
+    assert.equal((await arbitration.funding(party1)).toNumber(), 0);
+    assert.equal((await arbitration.funding(party2)).toNumber(), 100);
+    //Excess funding should have refunded
+    assert.equal((await token.balanceOf(party1)).toNumber(), 50);
+    assert.equal((await token.balanceOf(party2)).toNumber(), 0);
+  });
+
+  it("10. party1 proposes amendment without authorising additional funding - fail", async () => {
+    //Original values: [20, 80], [0, 100], "Do some different work..."
+    //Additional funding required from party 1
+    await assertFail(async () => {
+      await arbitration.proposeAmendment([0, 180], [100, 80], "Do some other work...", {from: party1});
+    });
+  });
+
+  it("11. party1 proposes amendment with authorised additional amendedFunding", async () => {
+    //Original values: [20, 80], [0, 100], "Do some different work..."
+    //Additional funding required from party 1, party 2 gets a refund
+    await token.mint(party1, 50, {from: accounts[0]});
+    await token.approve(arbitration.address, 100, {from: party1});
+    await arbitration.proposeAmendment([0, 180], [100, 80], "Do some other work...", {from: party1});
+    let state = await arbitration.state();
+    assert.equal(state, 1);
+    assert.equal((await token.balanceOf(party1)).toNumber(), 0);
+    assert.equal((await token.balanceOf(party2)).toNumber(), 0);
+  });
+
+  it("15. party1 agrees arbitration - party1 is refunded amendement funds", async () => {
+    await arbitration.agree({from: party1});
+    let state = await arbitration.state();
+    assert.equal(state, 1);
+    assert.equal((await token.balanceOf(party1)).toNumber(), 100);
+  });
+
+  it("16. party2 agrees arbitration - state is now Agreed", async () => {
+    await arbitration.agree({from: party2});
+    let state = await arbitration.state();
+    assert.equal(state, 2);
+  });
+
+  it("17. party1 withdraws dispersal (twenty tokens)", async () => {
+    let initialBalance = await token.balanceOf(party1);
+    await arbitration.withdrawDispersal({from: party1});
+    let finalBalance = await token.balanceOf(party1);
+    //Party 1 dispersal is 0
+    assert.isTrue(finalBalance.sub(initialBalance).toNumber() == 20);
+  });
+
+  it("18. party2 withdraws dispersal (80 tokens) - state is now Closed", async () => {
+    let initialBalance = await token.balanceOf(party2);
+    await arbitration.withdrawDispersal({from: party2});
+    let finalBalance = await token.balanceOf(party2);
+    //Party 1 dispersal is 0
+    assert.equal(finalBalance.sub(initialBalance).toNumber(), 80);
+    let state = await arbitration.state();
+    assert.equal(state, 4);
+  });
+
+});