This document is a security audit report performed by danbogd, where Zilliqa Token has been reviewed.
In total, 4 issues were reported including:
- 3 low severity issues.
- 1 minor observation.
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Possibility of setting zero address as newAdnin at changeAdmin function.
Need to check if newOwner address is not zero address.
require( newAdmin != address(0) );
The contract owner allow himself:
- to pause functions of contract (transfer, transferFrom, approve, increaseApproval, decreaseApproval), besides burn function;
- Evacuate Tokens at any time.
The contract is managed manually by the owner which is not good for investors.
The contracts use solidity version 0.4.18. It is suggested to use the latest version and fix all compiler warnings that arise. Compiler version should be fixed to avoid any potential discrepancies in smart contract behavior caused by different versions of compiler.
The audited smart contract is safe to deploy. Only low severity issues were found during the audit.