Skip to content

Instantly share code, notes, and snippets.

@danbogd

danbogd/FORZE_audit_report.md

Last active August 31, 2019 14:49
Show Gist options
  • Save danbogd/0491b5bfffcabf71147dd584e58a0866 to your computer and use it in GitHub Desktop.
Save danbogd/0491b5bfffcabf71147dd584e58a0866 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
FORZE_audit_report.md

FORZE Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where FORZE has been reviewed.

2. In scope

3. Findings

3 issues were reported including:

  • 1 low severity issues.

  • 2 minor remark.

3.1. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

Approve + transferFrom mechanism allows double Withdrawal attack. Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

3.2. Old solidity version.

Severity: minor

Description

Used solidity version is old.

Recommendation

Use one of the latest version of solidity.

3.3. Extra checking.

Severity: minor

Description

Extra checking in 81, 101 lines of FORZE contract. SafeMath library checks it anyway.

Code snippet

https://gist.github.com/yuriy77k/4f5f9148280105cddc636b1d93dbec37#file-forze-sol-L81 https://gist.github.com/yuriy77k/4f5f9148280105cddc636b1d93dbec37#file-forze-sol-L101

Recommendation

This lines 81, 101 may be deleted.

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment