This document is a security audit report performed by RideSolo, where LuckyStrike has been reviewed.
6 issues were reported:
- 1 medium severity issues.
- 2 low severity issues.
- 2 owner privilege.
- 1 note.
The newly assigned sumToMarketingFund value allow the owner to take the previous described truncated ether value to themselves since the truncation will happen now here.
Please refer to the previous audit issue description to solve this error.
Inside allocateSum member of the game contract contain sumValidationPassed variable that is used to check if the allocated sum values are correct however no action is taken following the result of it.
https://github.com/RideSolo/LuckyStrikeV6/blob/master/game.sol#L1712
The previously described issue is not compeletely solved, the implemented solution throw if the ether value allows more than 333 tickets to be bought by the player.
require(newTickets > 0 && newTickets <= maxTicketsToBuyInOneTransaction);
uint256 newTicketsTotal = ticketsTotal.add(newTickets);
// new tickets included in jackpot games instantly:
for (uint256 i = ticketsTotal + 1; i <= newTicketsTotal; i++) {
theLotteryTicket[i] = msg.sender;
}
Let the player buy the maximum number of tickets then return the extra ether back to him.
- adjustAllocation function allows the owner to reset the rates of the different jackpots and income rate as wished.
- 70M tokens are first distributed by the owner that represent 10500 ether, the token sale hardcap is 4500 ether, meaning that the developers allow them self more than a third of the total income of the bet game, investors have to be aware of such usage, check here1,2.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
All highlighted issues should be fixed before deploying the audited contracts.