Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_0xbitcoin_audit_report.md

Created December 1, 2018 09:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RideSolo/b4fefce8587d691446ae786f43c45356 to your computer and use it in GitHub Desktop.
Save RideSolo/b4fefce8587d691446ae786f43c45356 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_0xbitcoin_audit_report.md

OxBitcoin Project Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where 0xBitcoin Project has been reviewed.

2. In scope

3. Findings

2 issues were reported including:

  • 2 low severity issues.

3.1. Transfer to Address 0x0 and Burn Mechanism

Severity: low

Description

Transfer to address zero in the audited contract is used as basic burn mechnism (check totalSupply, balances[address(0)] is deducted from the total supply), this mechanism open the doors also for sending tokens by mistake to address 0x0.

Code snippet

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L488

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L520

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L580

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

4. Conclusion

The contract logic has been audited, the results confirm that the mining process of the token is safe and coherent with the white paper. The audited contract is safe to be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment