This is the report from a security audit performed on Enjin by MrCrambo.
The audit focused primarily on the security of Enjin smart contract.
In total, 3 issue was reported including:
-
0 high severity issues.
-
1 medium severity issues.
-
0 owner privilegies issues.
-
2 low severity issues.
-
0 notes.
In function releaseEnjinTeamTokens in line 413 there is possibility of integer underflow in line 417. If now will be less than endTime, then there will be integer underflow, that will mean, that currentTranche value will be great. So team will be able to release all team tokens before endTime.
Add checking, that now is gretaer than endTime.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );There is possiblity, that totalAllocated value will be greater than total supply, because owners can call addToAllocation any time they want.
Add checking, that totalAllocated is less than total supply.
Smart contract contains medium severity issue.