Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/ETH_ETHERC_report.md Secret

Forked from MrCrambo/ETH_ETHERC_report.md
Created April 24, 2019 11:57
Show Gist options
  • Save yuriy77k/0851796133f03a9d2d8230027fa85e25 to your computer and use it in GitHub Desktop.
Save yuriy77k/0851796133f03a9d2d8230027fa85e25 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_ETHERC_report.md

Summary

This is the report from a security audit performed on ETHERC by MrCrambo.

The audit focused primarily on the security of ETHERC smart contracs.

In scope

  1. https://github.com/ETHERCIO/smart_contract/blob/master/contracts/TokenStandard.sol
  2. https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCToken.sol
  3. https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCFeeModifiers.sol
  4. https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCExchange.sol
  5. https://github.com/ETHERCIO/smart_contract/blob/master/contracts/test/TokenTemplate.sol

Findings

In total, 2 issues was reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 2 low severity issues.

Security issues

1. Wrong modifier name

Severity: low

Description

Modifier onlyAdmin will works even if msg.sender is owner.

Recommendation

Change the modifier name to onlyAdminOrOwner or remove owner checking.

2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contracts are free of critical issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment