BitUnits Crowdsale security audit report performed by Callisto Security Audit Department
the same as: http://etherhub.io/addr/0xd1c10d433c888e6d1841ff924d0ce45157f0d5cd#tab_addr_3
In total, 4 issues were reported including:
-
1 medium severity issues.
-
2 low severity issues.
-
1 minor observation.
No critical security issues were found.
Taking into account the decimals and the rate set by the developers, if any token value is allocated for the crowdsale the investors will receive for every 1 ETC = 10.000.000 token which is the total supply of UNITS token.
Developers should set a different rate otherwise the maximum collected fund will be 1 ETC.
https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L189
In order for the investors to buy tokens the address 0x0 should be set with a certain amount of tokens to be sold, however 0x0 address is set with zero tokens.
The crowdsale won't work.
https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L187#L189
Accidentally transferred to zero address tokens may be sold.
Extra checking in 90 and 100 lines. SafeMath library checks it anyway.
https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L90
https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L100
Those lines may be deleted.
The contract developers should consider the issues described above. the contract cannot be deployed.
https://gist.github.com/yuriy77k/f96117ef641b601010ffc9c9b5c2a0b9
https://gist.github.com/yuriy77k/598a97f409c1a890b26571e416ebff7f
https://gist.github.com/yuriy77k/52081bed4c5b8cdf745ec9e3ebd444f2