Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/TokenPHI.md Secret

forked from pro100skm/TokenPHI.md
Created Oct 5, 2018
Embed
What would you like to do?

TokenPHI audit report

Summary

This is the report from a security audit performed on TokenPHI by pro100skm.

The audit focused primarily on the security of TokenPHI contract.

In scope

  1. https://github.com/vpomo/TokenPHI/blob/master/contracts/Migrations.sol
  2. https://github.com/vpomo/TokenPHI/blob/master/contracts/PHICrowdsale.sol

Findings

In total, 3 issues were reported including:

  • 0 high severity issues.

  • 1 medium severity issues.

  • 2 low severity issues.

  • 0 minor observations.

Security issues

1. Mint realization

Severity: medium

Description

Incorect realization of mint function. It is transfering. Also there is no function for chenging mintingFinished variable. It means that mintable contract is wrongly implemented and minting never will be finished.

2. Known Issues of ERC20 Standard

Severity: low

Description

approve + transferFrom mechanism allows double Withdrawal attack.

3. No checking time

Severity: low

Description

No checking of proper time settings in those lines. Start time value may be set more than end time value.

Conclusion

There weren't detected any high severity vulnerabilities that can directly hurt the TokenPHI smart contracts. We highly recommend you to complete other bugbounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.