Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/Centaure.md Secret forked from MrCrambo/Centaure.md
Created Sep 27, 2018

Embed
What would you like to do?

Centaure Smart Contract audit report.

Summary

This is the report from a security audit performed on Centaure by MrCrambo.

The audit focused primarily on the security of Centaure Smart Contract.

In scope

  1. https://github.com/centaureio/centaure/blob/master/centaure.sol

Findings

In total, 5 issues were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

  • 1 minor observation.

Security issues

1. Zero address transfer.

Severity: medium

Description

There are possibility of sending to zero address at functions transfer and transferFrom.

Recommendation

Add checking for zero address.

require(to != address(0));

2. Total supply will show wrong amount.

Severity: medium

Description

totalSupply function will show wrong amount of tokens with subtracting from _totalSupply tokens amount at zero address, but there will be locked tokens and wrongly sent tokens, because of having no checking for zero address transfer.

Recommendation

Fix issue 1 and calculate totalSupply correctly.

3. Lock period and steps.

Severity: low

Description

There are setting teamLock.withdrawSteps to 1, but it should be 6, as initialised at locking, otherwise after first withdraw it will let owner get other amount with 2 steps, instead of 6. Also if owner can withdraw amount after 180 days and there are no other time limits, there are no need of having 6 withdraw steps or you need to add 6 different time periods to withdraw.

Recommendation

Rewrite the logic of unlocking.

4. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

5. Old solidity version.

Severity: minor

Description

Used solidity version in Centaure is old.

Recommendation

Need to use one of the latest version of solidity.

Conclusion

Smart contract has medium severiyt issues and low severity issues, please fix it before deploying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.