Centaure Smart Contract audit report.
Summary
This is the report from a security audit performed on Centaure by MrCrambo.
The audit focused primarily on the security of Centaure Smart Contract.
In scope
Findings
In total, 5 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
2 low severity issues.
-
1 minor observation.
Security issues
1. Zero address transfer.
Severity: medium
Description
There are possibility of sending to zero address at functions transfer
and transferFrom
.
Recommendation
Add checking for zero address.
require(to != address(0));
2. Total supply will show wrong amount.
Severity: medium
Description
totalSupply
function will show wrong amount of tokens with subtracting from _totalSupply
tokens amount at zero address, but there will be locked tokens and wrongly sent tokens, because of having no checking for zero address transfer.
Recommendation
Fix issue 1 and calculate totalSupply
correctly.
3. Lock period and steps.
Severity: low
Description
There are setting teamLock.withdrawSteps
to 1, but it should be 6, as initialised at locking, otherwise after first withdraw it will let owner get other amount with 2 steps, instead of 6.
Also if owner can withdraw amount after 180 days and there are no other time limits, there are no need of having 6 withdraw steps or you need to add 6 different time periods to withdraw.
Recommendation
Rewrite the logic of unlocking.
4. Known vulnerabilities of ERC-20 token
Severity: low
Description
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
5. Old solidity version.
Severity: minor
Description
Used solidity version in Centaure is old.
Recommendation
Need to use one of the latest version of solidity.
Conclusion
Smart contract has medium severiyt issues and low severity issues, please fix it before deploying.