Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_Zilliqa_report.md

Last active July 22, 2019 17:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RideSolo/0108d1aa284049eb050717da732a5e5c to your computer and use it in GitHub Desktop.
Save RideSolo/0108d1aa284049eb050717da732a5e5c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Zilliqa_report.md

Zilliqa Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Zilliqa Token has been reviewed.

Token desription:

Symbol      : ZIL
Name        : Zilliqa
Total supply: To be set in the construction phase
Decimals    : 12
Standard    : ERC20

2. In scope

3. Findings

3 issues were reported:

  • 1 medium severity issue.
  • 1 low severity issue.
  • 1 minor remark.

3.1. Owner Privileges

Severity: medium

Description

Owner can pause & unpause token transfers separately for two diffrent addresses groups, token holders and (owner,admin) addresses.

Code snippet

https://gist.github.com/yuriy77k/cd476ddc9a1c1685dc39e399fcd08b3e#file-zilliqatoken-sol-L236

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

3.3. Gas Optimization

Severity: minor remark

Description

validDestination contains a requirement that is already implemented in the inherited transfer & transferFrom functions, require(_to!=0x0), adding more gas consumption.

Code snippet

https://gist.github.com/yuriy77k/cd476ddc9a1c1685dc39e399fcd08b3e#file-zilliqatoken-sol-L291

Conclusion

Users should be aware of pause unpause functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment