VCP Token smart contract security audit report performed by Callisto Security Audit Department
Symbol : VCP
Name : VCP Coin
Total supply: 1,000,000
Decimals : 18
Standard : ERC20
In total, 2 issues were reported including:
- 2 low severity issues.
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
Token transfers to address(0) are allowed by transfer and transferFrom functions. They are used as basic burn mechanism, however users might by mistake send tokens to 0x0 address and lose their tokens.
function totalSupply() public constant returns (uint) {
return _totalSupply - balances[address(0)];
}
function transfer(address to, uint tokens) public returns (bool success) {
balances[msg.sender] = safeSub(balances[msg.sender], tokens);
balances[to] = safeAdd(balances[to], tokens);
emit Transfer(msg.sender, to, tokens);
return true;
}
function transferFrom(address from, address to, uint tokens) public returns (bool success) {
balances[from] = safeSub(balances[from], tokens);
allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);
balances[to] = safeAdd(balances[to], tokens);
emit Transfer(from, to, tokens);
return true;
}
Do not allow transfers to 0x0 address and implement a burn function for better event handling and to avoiding token loss.
The audited smart contract can be deployed. Only low severity issues were found during the audit.
https://gist.github.com/yuriy77k/2ccffd005f727f172e6b879ab9565f05
https://gist.github.com/yuriy77k/a944cbbffe7d1728eb0df95a56abe164
https://gist.github.com/yuriy77k/a2a7861fe80ec3998379aee697a876ae