Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/NatminToken.md Secret forked from MrCrambo/NatminToken.md
Created Sep 21, 2018

Embed
What would you like to do?

NatminToken Smart Contract audit report.

Summary

This is the report from a security audit performed on NatminToken by MrCrambo.

The audit focused primarily on the security of NatminToken Smart Contract.

In scope

  1. https://github.com/NatminPureEscrow/Token/blob/master/contracts/NatminToken.sol

Findings

In total, ** 4 issue** were reported including:

  • 0 high severity issues.

  • 3 medium severity issues.

  • 1 low severity issues.

Security issues

1. Zero address trasnfer.

Severity: medium

Description

In functions transferToAddress and transferFrom there are no checking for zero address sending.

Recommendation

Add zero address checking before sending for protecting user from sending his money to zero address.

rquire(_to != address(0));

2. Double-spend attack is possible.

Severity: medium

Description

In case the user wants to change the approved amount an double-spend attack is possible.

Recommendation

Can be reviewed here. Add increaseApproval and decreaseApproval functions.

3. Owner can burn from any address.

Severity: medium

Description

Owner of the contract can _burn tokens from any address, that means all users have the risk to lose their tokens.

Recommendation

The logic of burning should be changed. Owner should be able to burn his own tokens all approved amount of tokens.

4. Owner can burn from any address.

Severity: low

Description

Owner can end vesting earier than it should end.

Recommendation

Vesting time should not be ended manually earlier.

Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete other bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.