Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_BNC_audit_report.md

Created August 9, 2018 14:57
Show Gist options
  • Save RideSolo/4863c3ab4668647199ecd283754e40c7 to your computer and use it in GitHub Desktop.
Save RideSolo/4863c3ab4668647199ecd283754e40c7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_BNC_audit_report.md

BNC Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where BNC Token has been reviewed.

This contract is an ERC20 compliant Token.

2. In scope

  • Bionic.sol github commit hash 9af817cd179ad9dd46834ab8db485083e9b159e9.

3. Findings

2 issues were reported including:

  • 1 medium severity issues.

  • 1 low severity issues.

3.1. Token Transfer to Address 0x0

Severity: medium

Description

Bionic Token do not require the to address to be non null before transfer. Accidental token loss to address 0x0 can be applicable.

The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address. However, this mechanism leads to the above mentioned issue.

Code snippet

https://github.com/bioniccoin/BNC/blob/81ddaaa00ede373c6043cd9e06f9447b8c963959/Contracts/Bionic.sol#L146#L151

Recommendation

Refer to ERC20 Standard implemented by OpenZepplin, to avoid this issue.

3.2. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

  • Approve + transferFrom mechanism allows double Withdrawal attack (as commented on the contract).
  • Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

4. Conclusion

This contract can be considered safe to be deployed. However, as highlighted users can accidentally send their tokens to 0x0 address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment