This is the report from a security audit performed on Auditchain Token by gorbunovperm.
In total, 5 issues were reported including:
-
0 high severity issue.
-
0 medium severity issues.
-
5 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );It is about
Issuing yearly 12,500,000 new tokens to governance contract
-
In this contract, the year is determined by dividing the number of seconds since the beginning of the Unix Epoch by the number of seconds in a leap year. In this case
06.02.2019 11:59pmis 2018 year byreturnYear()function. And07.02.2019 12:00amis 2019 year. -
If the contract is deployed on Febrary 6 the owner will recieve 12'500'000 tokens. And the next day he can call
mint()and get another 12'500'000 tokens because the contract will consider that the next year has come.
Just save the timestamp of first payment and add to it year value in seconds to figure out if next payment date is come. And then update the date of the last payment.
transferFrom function check from and to addresses for lock state but not check msg.sender state.
In the process of migration, all funds of the sender are burned, but only those that he specified as an argument are sent to new contract. The user may not have actual information of the his balance and accidentally burn part of his funds.
The owners privileges:
- Ability to be migrated to new contract in the future
- Ability to lock and unlock ERC20 functions of Token based on user address
There is no serious vulnerabilities were found in this contract.