Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/ Secret forked from MrCrambo/
Created Aug 20, 2018

What would you like to do?

CryptoAds audit report.


This is the report from a security audit performed on CryptoAds by MrCrambo.

The audit focused primarily on the security of CryptoAds smart contract.

In scope



In total, ** 5 issues** were reported including:

  • 0 high severity issues.

  • 3 medium severity issues.

  • 0 low severity issues.

  • 2 minor remark.

Security issues

1. Zero address owner.

Severity: medium


Owner address may be sent to zero address at function setOwner and because of it owner will lose his access to smart contract.


Need to check if _newOwner is not zero address.

require(_newOwner != address(0));

2. Transfer to zero address.

Severity: medium


Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.


Need to check if _to address is not zero address.

require(_to != address(0));

3. Double-spend attack is possible.

Severity: medium


In case the user wants to change the approved amount an double-spend attack is possible.


Can be reviewed here.

4. Inheritance.

Severity: minor


In approve, transfer and transferFrom functions better to use super.'your function name' for better understanding of the code.


Use super.'your function name' for better understanding of the code.

5. Few count of solidity version declaration.

Severity: minor


You used few times solidity version declaration. Better to declare it one time at the beginning. Lines 1, 7, 14, 109,


Use just one declaration of solidity version at the beginning of smart contract.


No critical vulnerabilities were detected,but we highly recommend to complete other bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.