Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Centaure Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Centaure Token has been reviewed.

Token Description:

Name: Centaure Token
Symbol: CEN
Decimals: 18
Standard: ERC20
Total Supply: 50,000,000

2. In scope

  • centaure.sol github commit hash ec34a00eee2f6414182cbf1aa301011eefe6fb63.

3. Findings

3 issues were reported including:

  • 1 medium severity issue.

  • 2 low severity issues.

3.1. Token Transfer to Address 0x0

Severity: medium

Description

Centaure Token do not require the to address to be non null before transfer. Accidental token loss to address 0x0 can be applicable.

The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address to burn them. However, this mechanism leads to the above mentioned issue.

Code snippet

https://github.com/centaureio/centaure/blob/master/centaure.sol#L206#L211

https://github.com/centaureio/centaure/blob/master/centaure.sol#L188#L190

3.2. Total Supply

Severity: low

Description

totalSupply function return the value of _totalSupply - balances[address(0)], since 0x0 is used to send the burned tokens to it, However the implemented lock mechanism will also save the locked tokens in address 0x0, until the claim day by the contract owner.

The value returned by totalSupply will increase when the contract owner will withdraw the locked tokens. totalSupply function represent the circulating supply not the total supply.

Code snippet

https://github.com/centaureio/centaure/blob/master/centaure.sol#L188#L190

https://github.com/centaureio/centaure/blob/master/centaure.sol#L133#L135

https://github.com/centaureio/centaure/blob/master/centaure.sol#L138#L142

3.3. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed below), This is just a reminder for the contract developers.

  • Approve + transferFrom mechanism allows double withdrawal attack.
  • Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

4. Conclusion

The described issues should be fixed. The audited contract is not fully ERC20 compliant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.