This is the report from a security audit performed on AMO by MrCrambo.
The audit focused primarily on the security of AMO smart contracts.
- https://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoin.sol
- https://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoinSale.sol
In total, 7 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
3 owner privilegies issues.
-
2 low severity issues.
There is possibility of setting zero address as admin in function AMOCoin
and as contract address in function setTokenSaleAmount
.
Check address for zero address:
require(_adminAddr != address(0));
Owner can disable transfer functions any time he wants.
Owner can disable any amount of tokens for any address using function lockAccount
.
Modifier will fail the function in case of transfering funds to sale address. For example in function setTokenSaleAmount
there are approving funds for tokenSaleAddr
. And after it should be transfered from to this address, but transferFrom
function checks with using onlyValidDestination(to)
modifier.
In function allocateTokensToMany
there is possibility of Out of gas in case array will have lot of addresses and function should be call transferFrom
function each time.
Owner can change minContribution
, maxContribution
, rate
and hardCap
for each sale round before starting sale.
Owner can start any round in any order, because there is no checking in function setUpSale
that rounds will be in correct order.
Smart contract contains medium severity issues and should be fixed.