Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_projecton_audit_report.md

Created March 14, 2019 08:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RideSolo/7592197f84cb779493b7dcc5d93f0950 to your computer and use it in GitHub Desktop.
Save RideSolo/7592197f84cb779493b7dcc5d93f0950 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_projecton_audit_report.md

Projecton Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Projecton Token has been reviewed.

Token desription:

Symbol      : XN35
Name        : Projecton
Total supply: 100,000,000
Decimals    : 18
Standard    : ERC20

2. In scope

  • LICENSE github commit hash fed7803c48d517f5aee9d787e54d3bebf3106d44.

3. Findings

2 issues were reported:

  • 2 low severity issues.

3.1. Transfer to 0x0 Address

Severity: low

Description

transfer & transferFrom function allow transfer to 0x0 address.

Code snippet

https://github.com/Projecton13/XN35_Standard_Tokens/blob/master/LICENSE#L82

https://github.com/Projecton13/XN35_Standard_Tokens/blob/master/LICENSE#L94

Recommendation

Add require(_to != address(0));

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

4. Conclusion

The contract can be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment