Ethereum ChainLink Token (LINK) audit report
Summary
This is the report from a security audit performed on Ethereum ChainLink Token (LINK) by Parthasarathi R.
The audit focused primarily on the security and stability of the ChainLink Token’s solidity smart contract.
In scope :
Findings
In total, 3 issues are found
-
1 medium severity issue
-
1 low severity issue
-
1 minor observation
Security Issues :
1. Abstract contract function declaration best practice
Severity: Minor observation
Description:
It is good practice to add braces to the function declaration.
Eg : On Line no 42 : function balanceOf(address who) constant returns (uint256);
Can be written as : function balanceOf(address who) constant returns (uint256){ }
Recommendation: Add braces to the declaration of the function.
2.Missing function visibility specifier
Severity: low
Description :
Almost all the abstract contract’s functions have no visibility specifier. It is highly recommended to explicitly mention the visibility specifier even though the function is public.
Recommendation :
Mention the appropriate visibility specifier to all the abstract contract’s functions.
3. Short address attack
Severity: Medium
Line No/Function: 252 / transfer()
Description :
The tranfer() function in LinkToken contract is vulnerable to short address attack.
More detail about the attack is given here.
Other similar functions : transferAndCall() - line no :239
transferFrom() -line No:279
Recommendation :
User proper input validation on length using modifiers or require/assert functions.
Conclusion
ChainLink Token contract is looking stable and secured along with few required minor changes .