This is the report from a security audit performed on LuckyStrike by MrCrambo.
The audit focused primarily on the security of LuckyStrike smart contracts.
- https://gist.github.com/yuriy77k/8111757d30637066b3b4bdb60b3525d0
- https://gist.github.com/yuriy77k/2d80694c23b89c543e832715b0b89305
In total, 5 issue were reported including:
-
1 high severity issues.
-
1 medium severity issues.
-
3 low severity issues.
After each investment team address wil get 25% of tokens as bonus. Also, there is possibility, that team will get more tokens, then investor will get. Line 338.
In function withdrawAllByOwner there should be check that msg.sender is owner, but there is checking that msg.sender is team.
Add correct checking
No zero address checking in functions transferFrom, init
Add zero address checking
require(to != address(0));
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Event names should start with uppercase letter, but it start with lowercase. Lines 1415, 1454, etc.
Smart contracts have high severity issues, which should be fixed.