Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Audit

Files imported from OpenZeppelin are not audited. In the audit OpenZeppelin latest commit 99f3e26f83f4628246b48c8b3afa5bb3958f5224 is considered. Only Coin.sol is audited.

2. High Severity

  • Token minting is only allowed to owner so contract is centralized and not compliant to escrow standards.
  • No unit test are provided which is a big red flag. I will recommend to write unit test and use of truffle.

3. Medium Severity Issue

  1. Check that destination of token transfers is not 0x0
  • Rate of Occurrence: Low
    Sanity check on parameter address _to is missing in function mint(address _to, uint256 _amount) and mintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime) so token can be transferred to zero address 0x00 by calling function with arguments mint('0x00','tokenAmount') and same for mintWithTimeLock. The rate of occurrence is low because minting is only allowed to owner.
  • Correction require(_to != address(0))
  1. Minting can lock tokens to the past time
  • Rate of Occurrence: Low Sanity check on parameter uint256 _releaseTime is missing in function mintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime) so token can be locked by passing _releaseTime from past. The rate of occurrence is low because minting is only allowed to owner.
  • Correction require(_releaseTime > now)

4. Low Severity

  • Redundant Code
    Modifiers onlyOwner and canMint are called twice in function mint(address _to, uint256 _amount) and called thrice in function mintWithTimeLock(address _to, uint256 _amount, uint256 _releaseTime) because they are also implemented by the parent function so no need to use here in Coin.sol.

Conclusions

No critical issue found in code. Some medium severity issues and low severity issues found so their corrections are also proposed. It is highly recommended to properly use sanity checks on function arguments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.