Skip to content

Instantly share code, notes, and snippets.

@MrCrambo

MrCrambo/PHIToken.md Secret

Created October 12, 2018 23:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save MrCrambo/6c5cf2e533fdb7f6b15e5048d191b0f8 to your computer and use it in GitHub Desktop.
Save MrCrambo/6c5cf2e533fdb7f6b15e5048d191b0f8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PHIToken.md

PHI Token Smart Contract audit report.

Summary

This is the report from a security audit performed on PHI Token by MrCrambo.

The audit focused primarily on the security of PHI Token Smart Contract.

In scope

  1. https://github.com/vpomo/TokenPHI/blob/master/contracts/PHICrowdsale.sol

Findings

In total, 4 issue were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

Security issues

1. Different data in docs and code.

Severity: medium

Description

According to documentation there is 60000 tokens for sale, but in code there is 60250

Recommendation

Please provide correct data and re-check all the values.

2. Owner can disable transfer for people not from whitelist.

Severity: medium

Description

Using setTransferActive owner can disable transfer for all people not from whitelist, but transfers should be active after ICO end.

Recommendation

Add condition, that if ICO ended, then all the transfers are enabled.

3. Wrong mint function.

Severity: low

Description

mint function should create new tokens, but in this case it will just transfer from other address.It's same with transferFrom function.

4. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Conclusion

Smart contract has two medium severity issues, please fix it before deploying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment