Centaure Smart Contract audit report.
This is the report from a security audit performed on Centaure by MrCrambo.
The audit focused primarily on the security of Centaure Smart Contract.
In total, 5 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
2 low severity issues.
-
1 minor observation.
There are possibility of sending to zero address at functions transfer
and transferFrom
.
Add checking for zero address.
require(to != address(0));
totalSupply
function will show wrong amount of tokens with subtracting from _totalSupply
tokens amount at zero address, but there will be locked tokens and wrongly sent tokens, because of having no checking for zero address transfer.
Fix issue 1 and calculate totalSupply
correctly.
There are setting teamLock.withdrawSteps
to 1, but it should be 6, as initialised at locking, otherwise after first withdraw it will let owner get other amount with 2 steps, instead of 6.
Also if owner can withdraw amount after 180 days and there are no other time limits, there are no need of having 6 withdraw steps or you need to add 6 different time periods to withdraw.
Rewrite the logic of unlocking.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Used solidity version in Centaure is old.
Need to use one of the latest version of solidity.
Smart contract has medium severiyt issues and low severity issues, please fix it before deploying.