Files imported from OpenZeppelin are not audited. In the audit OpenZeppelin latest commit 99f3e26f83f4628246b48c8b3afa5bb3958f5224 is considered. Only Coin.sol is audited.
- Token minting is only allowed to owner so contract is centralized and not compliant to escrow standards.
- No unit test are provided which is a big red flag. I will recommend to write unit test and use of truffle.
- Check that destination of token transfers is not 0x0
- Rate of Occurrence: Low
Sanity check on parameteraddress _tois missing in functionmint(address _to, uint256 _amount)andmintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime)so token can be transferred to zero address0x00by calling function with argumentsmint('0x00','tokenAmount')and same formintWithTimeLock. The rate of occurrence is low because minting is only allowed to owner. - Correction
require(_to != address(0))
- Minting can lock tokens to the past time
- Rate of Occurrence: Low
Sanity check on parameter
uint256 _releaseTimeis missing in functionmintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime)so token can be locked by passing_releaseTimefrom past. The rate of occurrence is low because minting is only allowed to owner. - Correction
require(_releaseTime > now)
- Redundant Code
ModifiersonlyOwnerandcanMintare called twice in functionmint(address _to, uint256 _amount)and called thrice in functionmintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime)because they are also implemented by the parent function so no need to use here inCoin.sol.
No critical issue found in code. Some medium severity issues and low severity issues found so their corrections are also proposed. It is highly recommended to properly use sanity checks on function arguments.