Description

Tracker for issues discovered during the ongoing audit and internal code review.

Relevant issues

• document bidirectional fund channel being disabled in production
• check that verification on data is done in that code path
• hopr ledger timestamp not updated
• domain separator caching and re-computation to catch forks and changing chain id
• utils/SafeSuiteLib.sol should be under src instead of script.
• abi.encodePacked("\x19\x01", domainHash, hashStruct) should be used in standard EIP712.
• SC Fuzzy failure #5263
• smart contract review #5250
• reentrancy in closeIncomingChannel
• update comment in NodeSafeRegistry on checking owner
• offset winning ticket index
• add event emission in SimplifiedModule so that indexer can resolve pending transaction by listening to module
• ERC777 Reentrancy in fundChannel
• "turn the aggregation test into a "full fuzzy test" which might reveal additional shortcomings but that can be left as an afterwork exercise"

Definition of DONE