Skip to content

Instantly share code, notes, and snippets.

@greywolf12
Created August 31, 2023 17:19
Show Gist options
  • Save greywolf12/fc0fa65f8c0ec69a5ef1db80d2fb0261 to your computer and use it in GitHub Desktop.
Save greywolf12/fc0fa65f8c0ec69a5ef1db80d2fb0261 to your computer and use it in GitHub Desktop.
Enduracoin Security re-audit v4 Report

Enduracoin Security re-audit v4 Report

1. Summary

Enduracoin smart contract security audit report performed by GreyWolf

2. In scope

Commit 08b4d7ec8603f7a0711c566bbd92bb9fc6d1eaeb

  • EnduracoinToken.sol
  • EnduracoinValue.sol
  • ManageApprovers.sol
  • StringHelpers.sol
  • ChangeRequests.sol

3. Findings

In total, 0 issues were reported, including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 0 low severity issues.

In total, 3 notes were reported, including:

  • 1 minor observation.

  • 2 owner privileges.

3.1. Owner privileges

Severity: owner privileges

Description

  1. 50 Billion Enduracoin will be pre-minted to the owner's wallet. If tokens are burnt, the owner has the right to mint new tokens up to 50 Billion in total supply.
  2. The majority of approvers can set any value in the EnduracoinValue contract. So the getCurrentValue in the EnduracoinValue contract does not get a real market value of Enduracoin in a decentralized way.

3.2. Multiple minor observation

Severity: minor observation

Description

  1. The modifier requiresMultiSig restrict owner to call function until voting is finished, but allow anybody else to call function without restriction. Therefore, in context of contract EnduracoinValue it does not make any sense and can be removed or replaced by modifier onlyApprovers.
  1. The getPendingChangeRequest() is a view function, so does not require onlyApprovers modifier.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment