Skip to content

Instantly share code, notes, and snippets.

@danbogd

danbogd/VANMtoken_audit_report.md Secret

Created January 18, 2019 08:47
Show Gist options
  • Save danbogd/47253e4882a0dd6614863dfb8b74a783 to your computer and use it in GitHub Desktop.
Save danbogd/47253e4882a0dd6614863dfb8b74a783 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
VANMtoken_audit_report.md

VANM token audit report.

1. Summary

This document is a security audit report performed by danbogd, where VANM token has been reviewed.

2. In scope

  • VANMToken.sol github commit hash 1c0995c827b200c76e90efe3a809096a71251581.

3. Findings

In total,3 issues were reported including:

  • 2 low severity issues.
  • 1 minor observation

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

3.2. Extra checking.

Severity: low

Description

Extra checking in 279, 294-295 lines. SafeMath library checks it anyway.

Code snippet

https://github.com/VANMofficial/Token-Sale/blob/1c0995c827b200c76e90efe3a809096a71251581/VANMToken.sol#L279 https://github.com/VANMofficial/Token-Sale/blob/1c0995c827b200c76e90efe3a809096a71251581/VANMToken.sol#L294-L295

Recommendation

Those lines may be deleted.

3.3. Deprecated method.

Severity: minor observation

Description

The function () payable { revert(); } was a pattern used to prevent implicit acceptance of ether in Solidity versions older than 0.4.0, but today this is unneeded.

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment