- Re-entrancy has been avoided by using
.transfer()instead of.call.value()or.send()which are less secure - Checks-Effects-Interaction has been implemented - First checking Policy .
state == PENDING, then setting.state = RELEASEDand only then making a.transfer()call. OpenZeppelin.SafeMathis used whenever performing any mathematical operations. The only exceptions are for-loop counters which usecounter++in the for loop anyway, and do not threaten any loss of funds or DoS.- Only Policy owners are allowed to call
force_release. - Oracle callbacks are authenticated by ensuring that the calling address belongs to Oraclize.
- DoS on Oraclize callbacks is avoided by using
queryIndexesto ensure that every Oraclize query can only trigger the__callback()function only once.