This document is a security audit report performed by RideSolo, where Centaure Token has been reviewed.
Token Description:
Name: Centaure Token
Symbol: CEN
Decimals: 18
Standard: ERC20
Total Supply: 50,000,000
- centaure.sol github commit hash ec34a00eee2f6414182cbf1aa301011eefe6fb63.
3 issues were reported including:
-
1 medium severity issue.
-
2 low severity issues.
Centaure Token do not require the to
address to be non null before transfer
. Accidental token loss to address 0x0 can be applicable.
The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address to burn them. However, this mechanism leads to the above mentioned issue.
https://github.com/centaureio/centaure/blob/master/centaure.sol#L206#L211
https://github.com/centaureio/centaure/blob/master/centaure.sol#L188#L190
totalSupply
function return the value of _totalSupply - balances[address(0)]
, since 0x0 is used to send the burned tokens to it, However the implemented lock mechanism will also save the locked tokens in address 0x0, until the claim day by the contract owner.
The value returned by totalSupply
will increase when the contract owner will withdraw the locked tokens. totalSupply
function represent the circulating supply not the total supply.
https://github.com/centaureio/centaure/blob/master/centaure.sol#L188#L190
https://github.com/centaureio/centaure/blob/master/centaure.sol#L133#L135
https://github.com/centaureio/centaure/blob/master/centaure.sol#L138#L142
ERC20 Tokens have some well-known issues (listed below), This is just a reminder for the contract developers.
- Approve + transferFrom mechanism allows double withdrawal attack.
- Lack of transaction handling.
The above mentioned issues are well documented, a basic search can help to get more information.
The described issues should be fixed. The audited contract is not fully ERC20 compliant.