PHIToken.md

PHI Token Smart Contract audit report.

Summary

This is the report from a security audit performed on PHI Token by MrCrambo.

The audit focused primarily on the security of PHI Token Smart Contract.

In scope

1. https://github.com/vpomo/TokenPHI/blob/master/contracts/PHICrowdsale.sol

Findings

In total, 4 issue were reported including:

• 0 high severity issues.

• 2 medium severity issues.

• 2 low severity issues.

Security issues

1. Different data in docs and code.

Severity: medium

Description

According to documentation there is 60000 tokens for sale, but in code there is 60250

Recommendation

Please provide correct data and re-check all the values.

2. Owner can disable transfer for people not from whitelist.

Severity: medium

Description

Using setTransferActive owner can disable transfer for all people not from whitelist, but transfers should be active after ICO end.

Recommendation

Add condition, that if ICO ended, then all the transfers are enabled.

3. Wrong mint function.

Severity: low

Description

mint function should create new tokens, but in this case it will just transfer from other address.It's same with transferFrom function.

4. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here
2. Lack of transaction handling mechanism issue. More details here

Conclusion

Smart contract has two medium severity issues, please fix it before deploying.