Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/ Secret forked from MrCrambo/
Created Sep 21, 2018

What would you like to do?

NatminToken Smart Contract audit report.


This is the report from a security audit performed on NatminToken by MrCrambo.

The audit focused primarily on the security of NatminToken Smart Contract.

In scope



In total, ** 4 issue** were reported including:

  • 0 high severity issues.

  • 3 medium severity issues.

  • 1 low severity issues.

Security issues

1. Zero address trasnfer.

Severity: medium


In functions transferToAddress and transferFrom there are no checking for zero address sending.


Add zero address checking before sending for protecting user from sending his money to zero address.

rquire(_to != address(0));

2. Double-spend attack is possible.

Severity: medium


In case the user wants to change the approved amount an double-spend attack is possible.


Can be reviewed here. Add increaseApproval and decreaseApproval functions.

3. Owner can burn from any address.

Severity: medium


Owner of the contract can _burn tokens from any address, that means all users have the risk to lose their tokens.


The logic of burning should be changed. Owner should be able to burn his own tokens all approved amount of tokens.

4. Owner can burn from any address.

Severity: low


Owner can end vesting earier than it should end.


Vesting time should not be ended manually earlier.


No critical vulnerabilities were detected,but we highly recommend to complete other bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.