Skip to content

Instantly share code, notes, and snippets.

@MrCrambo

MrCrambo/staking_zac_audit.md Secret

Last active October 5, 2020 01:53
Show Gist options
  • Save MrCrambo/c43d502e96340c59880e71172e7af995 to your computer and use it in GitHub Desktop.
Save MrCrambo/c43d502e96340c59880e71172e7af995 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
staking_zac_audit.md

Summary

This is the report from a security audit performed on ZAC Finance Staking contract by MrCrambo.

The audit focused primarily on the security of ZAC Finance Staking smart contract.

In scope

  1. sZAC.sol

Findings

In total, 1 issue were reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 0 owner privilegies issues.

  • 1 low severity issues.

Security issues

1. Zero address checking

Severity: low severity

Description

There are no zero address checking in function withdrawTokens, so owner will be able to send his tokens to the zero address.

Recommendation

We recommend adding zero address checking in function withdrawTokens, but if the ZAC smart contract does not support zero address checking too, then this mechanism could be used for burning.

Conclusion

Smart contract contains only low severity issue and could be deployed on mainnet without any threats to investors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment