This document is a security audit report performed by RideSolo, where LuckyStrike has been reviewed.
6 issues were reported:
- 1 medium severity issues.
- 1 low severity issues.
- 2 owner privilege.
- 2 notes.
Following the answer to this issue, the tokens are said to be like a bonus for the players but the amount to be invested is susbstructed from msg.value
("bet amount = msg.value - invested amount") when invest and play is called meaning that this issue is still applicable.
Please refer to the previous audit issue description to solve this error.
Inside allocateSum
member of the game contract contain sumValidationPassed
variable that is used to check if the allocated sum values are correct however no action is taken following the result of it.
bool sumValidationPassed = false;
if (
(jackpotsSumAllocation[1] +
jackpotsSumAllocation[2] +
jackpotsSumAllocation[3] +
jackpotsSumAllocation[4] +
incomeSum +
refSum +
payToWinner) == _sum) {
sumValidationPassed = true;
}
The previously described issue is not compeletely solved, the implemented solution throw if the ether value allows more than 333 tickets to be bought by the player.
Let the player buy the maximum number of tickets then return the extra ether back to him.
adjustAllocation
function allows the owner to reset the rates of the different jackpots and income rate as wished.- 70M tokens are first distributed by the owner that represent 10500 ether, the token sale hardcap is 4500 ether, meaning that the developers allow them self more than a third of the total income of the bet game, investors have to be aware of such usage.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
All highlighted issues should be fixed before deploying the audited contracts.