Skip to content

Instantly share code, notes, and snippets.

@MrCrambo

MrCrambo/ETH_SREUR_report.md Secret

Last active April 12, 2019 10:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save MrCrambo/44538cfe89aa8435674cba8606bd7939 to your computer and use it in GitHub Desktop.
Save MrCrambo/44538cfe89aa8435674cba8606bd7939 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_SREUR_report.md

Summary

This is the report from a security audit performed on SREUR by MrCrambo.

The audit focused primarily on the security of SREUR smart contract.

In scope

  1. https://github.com/SocialRemit/SOL/blob/master/SREUR.sol

Findings

In total, 2 issues was reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 2 low severity issues.

Security issues

1. No usage of functions

Severity: low

Description

Functions _burn and _burnFrom could not be used never, because they are internal.

2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contract is free of critical issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment