Merge pull request #139 from PolymathNetwork/audit_fixes

Audit Fixes
PolymathNetwork · Feb 6, 2018 · 1a6e7bd · 1a6e7bd
2 parents 01686f4 + 8289682
commit 1a6e7bd
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 23 deletions.
diff --git a/contracts/Compliance.sol b/contracts/Compliance.sol
@@ -214,9 +214,8 @@ contract Compliance is ICompliance {
         require(totalSupply > 0 && owner != address(0));
 
         var (,,,,KYC) = ISecurityToken(_securityToken).getTokenDetails();
-        var (,,, verified, expires) = PolyCustomers.getCustomer(KYC, offerings[_stoContract].auditor);
+        var (,,, expires) = PolyCustomers.getCustomer(KYC, offerings[_stoContract].auditor);
         require(offerings[_stoContract].auditor == msg.sender);
-        require(verified);
         require(expires > now);
         offeringProposals[_securityToken].push(_stoContract);
         LogNewContractProposal(_securityToken, _stoContract, msg.sender, offeringProposals[_securityToken].length - 1);

diff --git a/contracts/Customers.sol b/contracts/Customers.sol
@@ -26,7 +26,6 @@ contract Customers is ICustomers {
         bytes32 divisionJurisdiction;                                   // Customers sub-division jurisdiction as ex - ISO3166
         uint256 joined;                                                 // Timestamp when customer register
         uint8 role;                                                     // role of the customer
-        bool verified;                                                  // Boolean variable to check the status of the customer whether it is verified or not
         bool accredited;                                                // Accrediation status of the customer
         bytes32 proof;                                                  // Proof for customer
         uint256 expires;                                                // Timestamp when customer verification expires
@@ -80,8 +79,7 @@ contract Customers is ICustomers {
      * @dev Change a providers fee
      * @param _newFee The new fee of the provider
      */
-    function changeFee(uint256 _newFee) public returns (bool success) {
-        require(providers[msg.sender].details != 0x0);
+    function changeFee(uint256 _newFee) onlyProvider public returns (bool success) {
         providers[msg.sender].fee = _newFee;
         return true;
     }
@@ -111,7 +109,6 @@ contract Customers is ICustomers {
         customers[msg.sender][_customer].role = _role;
         customers[msg.sender][_customer].accredited = _accredited;
         customers[msg.sender][_customer].expires = _expires;
-        customers[msg.sender][_customer].verified = true;
         LogCustomerVerified(_customer, msg.sender, _role);
         return true;
     }
@@ -125,20 +122,18 @@ contract Customers is ICustomers {
      * @param _provider Address of the KYC provider.
      * @param _customer Address of the customer ethereum address
      */
-    function getCustomer(address _provider, address _customer) public constant returns (
+    function getCustomer(address _provider, address _customer) public view returns (
         bytes32,
         bytes32,
         bool,
         uint8,
-        bool,
         uint256
     ) {
       return (
         customers[_provider][_customer].countryJurisdiction,
         customers[_provider][_customer].divisionJurisdiction,
         customers[_provider][_customer].accredited,
         customers[_provider][_customer].role,
-        customers[_provider][_customer].verified,
         customers[_provider][_customer].expires
       );
     }
@@ -147,7 +142,7 @@ contract Customers is ICustomers {
      * Get provider details and fee by ethereum address
      * @param _providerAddress Address of the KYC provider
      */
-    function getProvider(address _providerAddress) public constant returns (
+    function getProvider(address _providerAddress) public view returns (
         string name,
         uint256 joined,
         bytes32 details,

diff --git a/contracts/SecurityToken.sol b/contracts/SecurityToken.sol
@@ -242,14 +242,26 @@ contract SecurityToken is IERC20 {
      * @return bool success
      */
     function addToWhitelist(address _whitelistAddress) onlyOwner public returns (bool success) {
-        var (countryJurisdiction, divisionJurisdiction, accredited, role, verified, expires) = PolyCustomers.getCustomer(KYC, _whitelistAddress);
-        require(verified && expires > now);
+        var (countryJurisdiction, divisionJurisdiction, accredited, role, expires) = PolyCustomers.getCustomer(KYC, _whitelistAddress);
+        require(expires > now);
         require(Template.checkTemplateRequirements(countryJurisdiction, divisionJurisdiction, accredited, role));
-        shareholders[_whitelistAddress] = Shareholder(msg.sender, true, role);
+        shareholders[_whitelistAddress] = Shareholder(KYC, true, role);
         LogNewWhitelistedAddress(KYC, _whitelistAddress, role);
         return true;
     }
 
+    function addToWhitelistMulti(address[] _whitelistAddresses) onlyOwner public {
+      for (uint256 i = 0; i < _whitelistAddresses.length; i++) {
+        require(addToWhitelist(_whitelistAddresses[i]));
+      }
+    }
+
+    function addToBlacklistMulti(address[] _blacklistAddresses) onlyOwner public {
+      for (uint256 i = 0; i < _blacklistAddresses.length; i++) {
+        require(addToBlacklist(_blacklistAddresses[i]));
+      }
+    }
+
     /**
      * @dev Add a verified address to the Security Token blacklist
      * @param _blacklistAddress Address being added to the blacklist
@@ -345,7 +357,7 @@ contract SecurityToken is IERC20 {
      * @return bool success
      */
     function transfer(address _to, uint256 _value) public returns (bool success) {
-        if (shareholders[_to].allowed && shareholders[msg.sender].allowed && balances[msg.sender] >= _value && _value > 0) {
+        if (shareholders[_to].allowed && shareholders[msg.sender].allowed && balances[msg.sender] >= _value) {
             balances[msg.sender] = balances[msg.sender].sub(_value);
             balances[_to] = balances[_to].add(_value);
             Transfer(msg.sender, _to, _value);
@@ -363,7 +375,7 @@ contract SecurityToken is IERC20 {
      * @return bool success
      */
     function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
-        if (shareholders[_to].allowed && shareholders[_from].allowed && balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) {
+        if (shareholders[_to].allowed && shareholders[_from].allowed && balances[_from] >= _value && allowed[_from][msg.sender] >= _value) {
             uint256 _allowance = allowed[_from][msg.sender];
             balances[_from] = balances[_from].sub(_value);
             allowed[_from][msg.sender] = _allowance.sub(_value);
@@ -391,7 +403,6 @@ contract SecurityToken is IERC20 {
      * @return bool success
      */
     function approve(address _spender, uint256 _value) public returns (bool success) {
-        require(_value != 0);
         allowed[msg.sender][_spender] = _value;
         Approval(msg.sender, _spender, _value);
         return true;

diff --git a/contracts/SecurityTokenRegistrar.sol b/contracts/SecurityTokenRegistrar.sol
@@ -201,15 +201,15 @@ contract SecurityTokenRegistrar is ISTRegistrar {
      * @param _ticker Symbol of the Scurity token
      * @return address _ticker
      */
-    function getSecurityTokenAddress(string _nameSpace, string _ticker) public constant returns (address) {
+    function getSecurityTokenAddress(string _nameSpace, string _ticker) public view returns (address) {
       return tickers[_nameSpace][_ticker];
     }
 
     /**
      * @dev Get Security token details by its ethereum address
      * @param _STAddress Security token address
      */
-    function getSecurityTokenData(address _STAddress) public constant returns (
+    function getSecurityTokenData(address _STAddress) public view returns (
       string,
       uint256,
       address,

diff --git a/contracts/Template.sol b/contracts/Template.sol
@@ -143,7 +143,7 @@ contract Template is ITemplate {
         bytes32 _divisionJurisdiction,
         bool _accredited,
         uint8 _role
-    ) public constant returns (bool allowed)
+    ) public view returns (bool allowed)
     {
         require(_countryJurisdiction != 0x0);
         require(allowedJurisdictions[_countryJurisdiction] || !blockedDivisionJurisdictions[_divisionJurisdiction]);

diff --git a/contracts/interfaces/ICustomers.sol b/contracts/interfaces/ICustomers.sol
@@ -44,20 +44,19 @@ interface ICustomers {
     * @param _provider Address of the KYC provider.
     * @param _customer Address of the customer ethereum address
     */
-  function getCustomer(address _provider, address _customer) public constant returns (
+  function getCustomer(address _provider, address _customer) public view returns (
     bytes32,
     bytes32,
     bool,
     uint8,
-    bool,
     uint256
   );
 
   /**
    * Get provider details and fee by ethereum address
    * @param _providerAddress Address of the KYC provider
    */
-  function getProvider(address _providerAddress) public constant returns (
+  function getProvider(address _providerAddress) public view returns (
     string name,
     uint256 joined,
     bytes32 details,

diff --git a/contracts/interfaces/ITemplate.sol b/contracts/interfaces/ITemplate.sol
@@ -48,7 +48,7 @@ interface ITemplate {
       bytes32 _divisionJurisdiction,
       bool _accredited,
       uint8 _role
-  ) public constant returns (bool allowed);
+  ) public view returns (bool allowed);
 
   /**
    * @dev getTemplateDetails is a constant function that gets template details