This document is a security audit report performed by RideSolo, where Asure Token has been reviewed.
- Migrations.sol github commit hash d5e819c9e061be5ad9387582e7522b03b1abc539.
- AsureToken.sol github commit hash e252c5808a199a23ab71e5882dab279e5ffe4e25.
- AsureCrowdsaleDeployer.sol github commit hash cd24bac8af2db678f85bc0ad92a6fddd535525fd.
- AsureCrowdsale.sol github commit hash 445c6bba4e091929f3d25a09ffe1f6cc8c963185.
- AsureBounty.sol github commit hash c1a4957bf11a0694c81f63a7425d4e1128dbab91.
- AsureBonusesCrowdsale.sol github commit hash 213665e7e3a62ab2ab1d63d23a8f2649f37a53e7.
- TestAsureBonusesCrowdsale.sol github commit hash 213665e7e3a62ab2ab1d63d23a8f2649f37a53e7.
- TestToken.sol github commit hash 7d0791d35a51a15e81bf04f6e198beed7d408a75.
- TestToken.sol github commit hash 7d0791d35a51a15e81bf04f6e198beed7d408a75.
2 issues were reported:
- 2 low severity issues.
In drop
function member of AsureBounty
contract, recipients
and values
arrays length should be checked if they are the same length.
https://github.com/RideSolo/crowdsale/blob/master/packages/crowdsale/contracts/AsureBounty.sol#L16
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add the following code to the transfer(_to address, ...)
function:
require( _to != address(this) );
https://github.com/RideSolo/crowdsale/blob/master/packages/crowdsale/contracts/AsureToken.sol
The audited contracts can be deployed safely.