Skip to content

Instantly share code, notes, and snippets.


yuriy77k/ Secret

Forked from MrCrambo/
Created Sep 27, 2018
What would you like to do?

Centaure Smart Contract audit report.


This is the report from a security audit performed on Centaure by MrCrambo.

The audit focused primarily on the security of Centaure Smart Contract.

In scope



In total, 5 issues were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

  • 1 minor observation.

Security issues

1. Zero address transfer.

Severity: medium


There are possibility of sending to zero address at functions transfer and transferFrom.


Add checking for zero address.

require(to != address(0));

2. Total supply will show wrong amount.

Severity: medium


totalSupply function will show wrong amount of tokens with subtracting from _totalSupply tokens amount at zero address, but there will be locked tokens and wrongly sent tokens, because of having no checking for zero address transfer.


Fix issue 1 and calculate totalSupply correctly.

3. Lock period and steps.

Severity: low


There are setting teamLock.withdrawSteps to 1, but it should be 6, as initialised at locking, otherwise after first withdraw it will let owner get other amount with 2 steps, instead of 6. Also if owner can withdraw amount after 180 days and there are no other time limits, there are no need of having 6 withdraw steps or you need to add 6 different time periods to withdraw.


Rewrite the logic of unlocking.

4. Known vulnerabilities of ERC-20 token

Severity: low


  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

5. Old solidity version.

Severity: minor


Used solidity version in Centaure is old.


Need to use one of the latest version of solidity.


Smart contract has medium severiyt issues and low severity issues, please fix it before deploying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment