Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Ethereum ChainLink Token (LINK) audit report

Summary

This is the report from a security audit performed on Ethereum ChainLink Token (LINK) by Parthasarathi R.

The audit focused primarily on the security and stability of the ChainLink Token’s solidity smart contract.

In scope :

LinkToken.sol

Findings

In total, 3 issues are found

  • 1 medium severity issue

  • 1 low severity issue

  • 1 minor observation

Security Issues :

1. Abstract contract function declaration best practice

Severity: Minor observation

Description:

It is good practice to add braces to the function declaration.

Eg : On Line no 42 : function balanceOf(address who) constant returns (uint256);

Can be written as : function balanceOf(address who) constant returns (uint256){ }

Recommendation: Add braces to the declaration of the function.

2.Missing function visibility specifier

Severity: low

Description :

Almost all the abstract contract’s functions have no visibility specifier. It is highly recommended to explicitly mention the visibility specifier even though the function is public.

Recommendation :

Mention the appropriate visibility specifier to all the abstract contract’s functions.

3. Short address attack

Severity: Medium

Line No/Function: 252 / transfer()

Description :

The tranfer() function in LinkToken contract is vulnerable to short address attack.

More detail about the attack is given here.

Other similar functions : transferAndCall() - line no :239

						transferFrom() -line No:279

Recommendation :

User proper input validation on length using modifiers or require/assert functions.

Conclusion
ChainLink Token contract is looking stable and secured along with few required minor changes .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.