Enjin Coin (ENJ) security audit report

ETH_EnjinCoinENJ_report.md

Enjin Coin (ENJ) security audit report

Summary

This is the report from a security audit performed on Enjin Coin by gorbunovperm.

Audit Top 200 CoinMarketCap tokens.

https://enjincoin.io/

In scope

1. ENJ.sol

Findings

In total, 4 issues were reported including:

• 0 high severity issue.

• 0 medium severity issues.

• 3 low severity issues.

• 1 owner privileges.

• 0 note.

Security issues

1. Known vulnerabilities of ERC-20 token

Severity: low

Description

• It is possible to double withdrawal attack. More details here

• Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

2. ERC20 Compliance — event missing

Severity: low

Description

According to ERC20 standard when coins are minted a Transfer event should be emitted.

Code snippet

• Lines 352, 353.

3. Checking input addresses

Severity: low

Description

Incoming addresses should be checked for an empty value(0x0 address) to avoid loss of funds or blocking some functionality.

Code snippet

• Lines 345.

4. Owner privileges

Severity: owner privileges

Description

The owner can allocate unsold tokens after crowdsale to incentivisation address which is managed by the owner. It is common practice to burn unsold tokens.

Code snippet

• Lines 456.

Conclusion

There are some low vulnerabilities were discovered here.