Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ink! version 5.0.0 instead of 4.3.0 #24

Open
hats-bug-reporter bot opened this issue May 17, 2024 · 3 comments
Open

Use ink! version 5.0.0 instead of 4.3.0 #24

hats-bug-reporter bot opened this issue May 17, 2024 · 3 comments
Labels
bug Something isn't working invalid This doesn't seem right Invalid-Lead

Comments

@hats-bug-reporter
Copy link

Github username: @0xRizwan
Twitter username: 0xRizwann
Submission hash (on-chain): 0x68daf21c22efad1ffc95b8f018d14bc379ac77e31c87a78076d5a8a8332f2440
Severity: low

Description:
Description\

ink! has released version 5.0.0 which comes with several fixes and changes from last version v4.3.0. ink!

ink! had be extensively audited by Openzeppelin and few High, Medium and low severity issues were found in OZ audit and the ink! 5.0.0 fixed it before official release. Openzeppelin audit report can be checked here

The kintsu ink contracts have used version 4.3.0 which can be checked and confirmed from cargo.toml.

V4.3.0 had few bugs which are fixed in v5.0.0 and in the context of the Kintsu contracts, the following are the functionalities/features which would be benefitted.

The whole v5.0.0 changelog can be checked at https://github.com/use-ink/ink/releases/tag/v5.0.0

  1. Kintsu contracts have used events for transparency and for users on chain information. The version v5.0.0 brings changes to Events in the form of Events 2.0 and the details can be checked here. v5.0.0 allows sharing events between contracts. Events have been used in almost all inscope contracts.

  2. nomination_agent and vault contract allows to upgrade via set_code_hash function. With version 5.0.0, the set_code_hash() is made generic. More details can be checked here

  3. nomination_agent contracts has made use of call_runtime. At version 4.3.0, the call_runtime was unstable and it can be checked here and now with ink! 5.0.0, This host function is now stabilized in the pallet. More details can be checked here

and so on...

Recommended Mitigation steps
Best security practice to avoid using versions which has bugs and lack features. It is recommended to use ink! version 5.0.0 instead of 4.3.0. It is more evident that, upgrading to version 5.0.0 has indeed more benefits along with new features, less contract size and few optimizations.
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label May 17, 2024
@0xmahdirostami 0xmahdirostami added the question Further information is requested label May 19, 2024
@0xmahdirostami
Copy link
Collaborator

If you encounter any “real issues” in the current contracts that should be addressed with the transition to Ink! 5.0.0, please let us know.

@bgibers
Copy link
Collaborator

bgibers commented May 20, 2024

If you encounter any “real issues” in the current contracts that should be addressed with the transition to Ink! 5.0.0, please let us know.

Agreed, if you find any specific issues that are security related, we will gladly pay out on this and upgrade to 5.0 😄

@bgibers
Copy link
Collaborator

bgibers commented May 20, 2024

Not really a bug here

@0xmahdirostami 0xmahdirostami removed the question Further information is requested label May 21, 2024
@bgibers bgibers added the invalid This doesn't seem right label May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right Invalid-Lead
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bgibers @0xmahdirostami