Centaure Smart Contract audit report.
The audit focused primarily on the security of Centaure Smart Contract.
In total, 5 issues were reported including:
0 high severity issues.
2 medium severity issues.
2 low severity issues.
1 minor observation.
1. Zero address transfer.
Add checking for zero address.
require(to != address(0));
2. Total supply will show wrong amount.
totalSupply function will show wrong amount of tokens with subtracting from
_totalSupply tokens amount at zero address, but there will be locked tokens and wrongly sent tokens, because of having no checking for zero address transfer.
Fix issue 1 and calculate
3. Lock period and steps.
There are setting
teamLock.withdrawSteps to 1, but it should be 6, as initialised at locking, otherwise after first withdraw it will let owner get other amount with 2 steps, instead of 6.
Also if owner can withdraw amount after 180 days and there are no other time limits, there are no need of having 6 withdraw steps or you need to add 6 different time periods to withdraw.
Rewrite the logic of unlocking.
4. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
5. Old solidity version.
Used solidity version in Centaure is old.
Need to use one of the latest version of solidity.
Smart contract has medium severiyt issues and low severity issues, please fix it before deploying.