Skip to content

Instantly share code, notes, and snippets.

@MrCrambo

MrCrambo/shield_protocol_audit_report.md Secret

Created February 7, 2021 13:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MrCrambo/830356e6648f5b7f5f192f4820d625a9 to your computer and use it in GitHub Desktop.
Save MrCrambo/830356e6648f5b7f5f192f4820d625a9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
shield_protocol_audit_report.md

Summary

This is the report from a security audit performed on Shield Protocol by MrCrambo.

The audit focused primarily on the security of Ezo smart contracts.

In scope

  1. https://github.com/shield2protocol/smart-contract/blob/main/BinanceSmartChain_SHIELD.sol

Findings

In total, 1 issue were reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 1 low severity issues.

  • 0 owner privilegies issues.

Security issues

1. Known vulnerabilities of ERC-20 token

Severity: low severity

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contract contains only low severity issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment