Skip to content

Instantly share code, notes, and snippets.

@yuriy77k yuriy77k/ Secret

forked from MrCrambo/
Created Oct 13, 2018
What would you like to do?

PHI Token Smart Contract audit report.


This is the report from a security audit performed on PHI Token by MrCrambo.

The audit focused primarily on the security of PHI Token Smart Contract.

In scope



In total, 4 issue were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

Security issues

1. Different data in docs and code.

Severity: medium


According to documentation there is 60000 tokens for sale, but in code there is 60250


Please provide correct data and re-check all the values.

2. Owner can disable transfer for people not from whitelist.

Severity: medium


Using setTransferActive owner can disable transfer for all people not from whitelist, but transfers should be active after ICO end.


Add condition, that if ICO ended, then all the transfers are enabled.

3. Wrong mint function.

Severity: low


mint function should create new tokens, but in this case it will just transfer from other address.It's same with transferFrom function.

4. Known vulnerabilities of ERC-20 token

Severity: low


  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here


Smart contract has two medium severity issues, please fix it before deploying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.