Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/TokenPHI.md Secret

Forked from pro100skm/TokenPHI.md
Created October 5, 2018 17:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/05801fb042a3ad801f75e3ba7e55d390 to your computer and use it in GitHub Desktop.
Save yuriy77k/05801fb042a3ad801f75e3ba7e55d390 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TokenPHI.md

TokenPHI audit report

Summary

This is the report from a security audit performed on TokenPHI by pro100skm.

The audit focused primarily on the security of TokenPHI contract.

In scope

  1. https://github.com/vpomo/TokenPHI/blob/master/contracts/Migrations.sol
  2. https://github.com/vpomo/TokenPHI/blob/master/contracts/PHICrowdsale.sol

Findings

In total, 3 issues were reported including:

  • 0 high severity issues.

  • 1 medium severity issues.

  • 2 low severity issues.

  • 0 minor observations.

Security issues

1. Mint realization

Severity: medium

Description

Incorect realization of mint function. It is transfering. Also there is no function for chenging mintingFinished variable. It means that mintable contract is wrongly implemented and minting never will be finished.

2. Known Issues of ERC20 Standard

Severity: low

Description

approve + transferFrom mechanism allows double Withdrawal attack.

3. No checking time

Severity: low

Description

No checking of proper time settings in those lines. Start time value may be set more than end time value.

Conclusion

There weren't detected any high severity vulnerabilities that can directly hurt the TokenPHI smart contracts. We highly recommend you to complete other bugbounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment