yuriy77k/ETH_LuckyStrikeV7_report.md Secret

## ETH_LuckyStrikeV7_report.md

      
    Raw
  

              ETH_LuckyStrikeV7_report.md
            
          
    Lucky Strike v7 security audit report

Summary

This is the report from a security audit performed on Lucky Strike v7 by gorbunovperm.

Lucky Strike, based fully in Ethereum smart-contract, is bringing the core philosophy of blockchain to the gambling industry – enhancing it with an ICO model we’re calling ‘Bet & Own.’

https://lucky-strike.io/game/#/
In scope


LuckyStrike
LuckyStrikeTokens

Findings

In total, 3 issues were reported including:


0 critical severity issue.


0 high severity issue.


0 medium severity issues.


1 low severity issues.


1 owner privileges.


1 note.


Security issues

1. Known vulnerabilities of ERC-20 token

Severity: low

Description


It is possible to double withdrawal attack. More details here


Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here


2. Possibility of minting more than hardCap

Severity: note

Description

Function mint allows owner to mint more tokens than hardCap.
Code snippet


LuckyStrikeTokens, line 353

Recommendation

You should check (invested + _invested) > hardCap before minting and if it's true, mint only hardCap - invested number of tokens and return remainder to investor.
3. Owner Privileges

Severity: owner privileges

Description

adjustAllocation function allows the owner to reset the rates of the different jackpots and income rate.
Code snippet


LuckyStrike, line 1617

Conclusion

There are no dangerous vulnerabilities were discovered in these contracts.