Skip to content

Instantly share code, notes, and snippets.

@yuriy77k
Created August 11, 2018 11:59
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save yuriy77k/2ac131d3ed755ac9179acc55c99dcb93 to your computer and use it in GitHub Desktop.
Bionic Conclusion

BNC token security audit report performed by Callisto Security Audit Department

1. Conclusion:

No critical issue. This contract can be considered safe to be deployed. However, as highlighted users can accidentally send their tokens to 0x0 address.

2. Medium severity issues:

2.1. Token Transfer to Address 0x0

Description

Bionic Token do not require the to address to be non null before transfer. Accidental token loss to address 0x0 can be applicable.

The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address. However, this mechanism leads to the above mentioned issue.

Code snippet

https://github.com/bioniccoin/BNC/blob/81ddaaa00ede373c6043cd9e06f9447b8c963959/Contracts/Bionic.sol#L146#L151

Recommendation

Refer to ERC20 Standard implemented by OpenZepplin, to avoid this issue.

3. Low severity issue:

3.2. Known Issues of ERC20 Standard

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

  • Approve + transferFrom mechanism allows double Withdrawal attack (as commented on the contract).
  • Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment