Skip to content

Instantly share code, notes, and snippets.

@pro100skm

pro100skm/TokenPHI.md Secret

Last active October 5, 2018 17:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save pro100skm/9d23c73d8e71485b97f5c1dfc4ed12bf to your computer and use it in GitHub Desktop.
Save pro100skm/9d23c73d8e71485b97f5c1dfc4ed12bf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TokenPHI.md

TokenPHI audit report

Summary

This is the report from a security audit performed on TokenPHI by pro100skm.

The audit focused primarily on the security of TokenPHI contract.

In scope

  1. https://github.com/vpomo/TokenPHI/blob/master/contracts/Migrations.sol
  2. https://github.com/vpomo/TokenPHI/blob/master/contracts/PHICrowdsale.sol

Findings

In total, 3 issues were reported including:

  • 0 high severity issues.

  • 1 medium severity issues.

  • 2 low severity issues.

  • 0 minor observations.

Security issues

1. Mint realization

Severity: medium

Description

Incorect realization of mint function. It is transfering. Also there is no function for chenging mintingFinished variable. It means that mintable contract is wrongly implemented and minting never will be finished.

2. Known Issues of ERC20 Standard

Severity: low

Description

approve + transferFrom mechanism allows double Withdrawal attack.

3. No checking time

Severity: low

Description

No checking of proper time settings in those lines. Start time value may be set more than end time value.

Conclusion

There weren't detected any high severity vulnerabilities that can directly hurt the TokenPHI smart contracts. We highly recommend you to complete other bugbounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment