Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/CryptoAds.md Secret forked from MrCrambo/CryptoAds.md
Created Aug 20, 2018

Embed
What would you like to do?

CryptoAds audit report.

Summary

This is the report from a security audit performed on CryptoAds by MrCrambo.

The audit focused primarily on the security of CryptoAds smart contract.

In scope

  1. https://gist.github.com/yuriy77k/6f636b466df04c8ae0cc24e56b28e51a

Findings

In total, ** 5 issues** were reported including:

  • 0 high severity issues.

  • 3 medium severity issues.

  • 0 low severity issues.

  • 2 minor remark.

Security issues

1. Zero address owner.

Severity: medium

Description

Owner address may be sent to zero address at function setOwner and because of it owner will lose his access to smart contract.

Recommendation

Need to check if _newOwner is not zero address.

require(_newOwner != address(0));

2. Transfer to zero address.

Severity: medium

Description

Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.

Recommendation

Need to check if _to address is not zero address.

require(_to != address(0));

3. Double-spend attack is possible.

Severity: medium

Description

In case the user wants to change the approved amount an double-spend attack is possible.

Recommendation

Can be reviewed here.

4. Inheritance.

Severity: minor

Description

In approve, transfer and transferFrom functions better to use super.'your function name' for better understanding of the code.

Recommendation

Use super.'your function name' for better understanding of the code.

5. Few count of solidity version declaration.

Severity: minor

Description

You used few times solidity version declaration. Better to declare it one time at the beginning. Lines 1, 7, 14, 109,

Recommendation

Use just one declaration of solidity version at the beginning of smart contract.

Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete other bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.