Type:
core development
RETROACTIVE

Amount Requested:

100.00 DOT

845.72$

Proposed on:
Dec. 29, 2023
Proposal Awarded on:
Jan. 11, 2024
Expected Delivery
Jan. 11, 2024
Actual Delivery:
Jan. 11, 2024

Status:

completed

Finding and fixing a vulnerability in broker-pallet

by Szego

Summary:

The new broker pallet, responsible for handling the Coretime procurement logic, had a vulnerability that allowed users to assign Coretime they no longer owned. This is, obviously, quite problematic.

Current Progress and Comments:

A relatively small tip for an important discovery in the polkadot-sdk code. Oliver, commented that tips like these are fine for now but fellowship members, once they start earning their salary through the treasury, tips like these should stop.