Enduracoin smart contract security audit report performed by GreyWolf
Commit 08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb
- EnduracoinToken.sol
- EnduracoinValue.sol
- ManageApprovers.sol
- StringHelpers.sol
- ChangeRequests.sol
In total, 0 issues were reported, including:
-
0 high severity issues.
-
0 medium severity issues.
-
0 low severity issues.
In total, 3 notes were reported, including:
-
1 minor observation.
-
2 owner privileges.
- 50 Billion Enduracoin will be pre-minted to the owner's wallet. If tokens are burnt, the owner has the right to mint new tokens up to 50 Billion in total supply.
- The majority of approvers can set any value in the
EnduracoinValue
contract. So thegetCurrentValue
in theEnduracoinValue
contract does not get a real market value of Enduracoin in a decentralized way.
- The modifier requiresMultiSig restrict
owner
to call function until voting is finished, but allow anybody else to call function without restriction. Therefore, in context of contractEnduracoinValue
it does not make any sense and can be removed or replaced by modifieronlyApprovers
.
- https://github.com/CallistoSecurity/EnduracoinToken/blob/08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb/EnduracoinValue.sol#L125
- https://github.com/CallistoSecurity/EnduracoinToken/blob/08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb/EnduracoinValue.sol#L137
- https://github.com/CallistoSecurity/EnduracoinToken/blob/08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb/EnduracoinValue.sol#L147
- https://github.com/CallistoSecurity/EnduracoinToken/blob/08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb/EnduracoinValue.sol#L161
- https://github.com/CallistoSecurity/EnduracoinToken/blob/08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb/EnduracoinValue.sol#L170
- The
getPendingChangeRequest()
is a view function, so does not requireonlyApprovers
modifier.