Skip to content

Instantly share code, notes, and snippets.

@MrCrambo

MrCrambo/ETH_Ezo_report.md Secret

Created January 12, 2020 20:46
Show Gist options
  • Save MrCrambo/f9499804a579df9fb10611079e5f4776 to your computer and use it in GitHub Desktop.
Save MrCrambo/f9499804a579df9fb10611079e5f4776 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Ezo_report.md

Summary

This is the report from a security audit performed on Ezo by MrCrambo.

The audit focused primarily on the security of Ezo smart contracts.

In scope

  1. https://github.com/ezo-network/ezo-token/blob/master/ezotoken/contracts/EZOToken.sol
  2. https://github.com/ezo-network/ezo-token/blob/master/ezotoken/contracts/CurrrencyPrices.sol
  3. https://github.com/ezo-network/ezo-token/blob/master/ezotoken/contracts/SmartSwap.sol

Findings

In total, 6 issues were reported including:

  • 1 critical severity issues.

  • 1 high severity issues.

  • 0 medium severity issues.

  • 2 owner privilegies issues.

  • 2 low severity issues.

Security issues

1. Zero address checking

Severity: low severity

Description

In function addAllowedAddress there is no zero address checking.

2. Different array sizes

Severity: low severity

Description

In function setCurrencyPriceUSD there is possibility that arrays _currency and _price will have different sizes.

3. Owner privilegies

Severity: owner privilegies

Description

Owner can change currency smart contract any time and without any restrictions.

4. Unlimited minting

Severity: high

Description

Every allowed address can mint any amount of tokens to any address using function mint

5. Burning without restrictions

Severity: critical

Description

Any allowed address can burn all the tokens from any address.

6. Price setting

Severity: owner privilegies

Description

Owner can change token price without restrictions.

Conclusion

Smart contracts contain critical and high severity issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment