The audit focused primarily on the security of SelfKey smart contracts.
In total, 3 issues were reported including:
0 high severity issues.
1 medium severity issues.
0 owner privilegies issues.
2 low severity issues.
1. Zero address checking
2. Making payment error
affiliate1Address is not zero address and
affiliate2Address is zero address then
affiliate1Address will receive tokens and
affiliate2Address will not receive it. But if
affiliate1Address is zero address and
affiliate2Address is not zero address then both of them will not receive, but
affiliate2Address should receive it.
affiliate2Address for zero address should be outside of if statement which checks
affiliate1Address for zero address.
3. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
Smart contract contains medium severity issue.