minhquanym/test.md

## test.md

      
    Raw
  

              test.md
            
          
    Kyber Smart Contract Test

1. BasicERC20 - Save gas in constructor - Line 20-22

Impact:


Variables name, symbol, decimals is assigned in constructor function
No need to assign when declaring in code.

2. BasicERC20 - Initializing with decimals not equal 18 can make contract work incorrectly - Line 23

Impact:


INITIAL_SUPPLY is assigned 10 ** (50  + 18) in code, means that decimals should be 18 and number of tokens is 10 ** 50
constructor is called with decimals > 58
Should assign INITIAL_SUPPLY in constructor function
INITIAL_SUPPLY = 10 ** (50 + _decimals);

3. BasicERC20 - Save gas in check - Line 47


Should check
require(balances[msg.sender] >= _value);
Instead of
require(balances[msg.sender] - _value >= 0);

4. BasicERC20 - transfer function not check input address _to != address(0)

Impact:


Send to address(0) => Burn token but not update totalSupply and emit event

5. BasicERC20 - transferFrom function do not return bool

6. BasicERC20 - transferFrom function - Potentially overflow - Line 59 - 60

Impact:


Not check balances of _from can lead to overflow

Proof of concept


Call transferFrom with _value bigger than balances[_from]

7. Lottery - guessWithWeth - not check amount >= GUESS_COST

8. Lottery - withdrawGuess - Guesser can still withdraw ETH but not delete any guess from guesses array

Impact:


Lacking check for index < guesses[msg.sender].length()

9. Lottery - withdrawGuess - Lacking check for guesses[msg.sender].length() == 0 before remove guesser from guessers array