Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/JarvisPlus_Token_audit_report.md Secret

Forked from danbogd/JarvisPlus_Token_audit_report.md
Created October 8, 2018 19:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/141fc6fc44b69cfeb06fe0335c72475d to your computer and use it in GitHub Desktop.
Save yuriy77k/141fc6fc44b69cfeb06fe0335c72475d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
JarvisPlus_Token_audit_report.md

JarvisPlus Token Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where JarvisPlus Token has been reviewed.

2. In scope

3. Findings

2 issues were reported including:

  • 1 low severity issues.

  • 1 minor remark.

3.1. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

Approve + transferFrom mechanism allows double Withdrawal attack. Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

3.2. Extra checking.

Severity: minor

Description

Extra checking in 96,165,166 lines of BasicToken and StandardToken contracts. SafeMath library checks it anyway.

Code snippet

https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L96 https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L165 https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L166

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment