yuriy77k/ETH_SelfKey_audit_report.md Secret

## ETH_SelfKey_audit_report.md

      
    Raw
  

              ETH_SelfKey_audit_report.md
            
          
    SelfKey audit report.

1. Summary

This document is a security audit report performed by danbogd, where SelfKey has been reviewed.
2. In scope

Сommit hash f7163d55b2bac2d9b9e575ae35660c453ff32e42.

SelfKeyMain.sol.
PaymentSplitter.sol.

3. Findings

In total, 3 issues were reported including:

0 medium severity issues
3 low severity issues
0 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
0 notes.

No critical security issues were found.
3.1. Non-initialized return value

Severity: low

Description

Function doesn't initialize return value.If you don't need the return value of the function, do not specify returns in function signature.
Code snippet

https://github.com/SelfKeyFoundation/selfkey-main-contracts/blob/f7163d55b2bac2d9b9e575ae35660c453ff32e42/contracts/PaymentSplitter.sol#L36-L84
3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description


It is possible to double withdrawal attack. More details here.


Lack of transaction handling mechanism issue. WARNING!  This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.


Recommendation

Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );

3.3. No checking for zero address

Severity: low

Description

In this functions there are no checking for zero address.
Code snippet

https://github.com/SelfKeyFoundation/selfkey-main-contracts/blob/f7163d55b2bac2d9b9e575ae35660c453ff32e42/contracts/SelfKeyMain.sol#L32
4. Conclusion

The review did not show any critical issues, some of low severity issues were found.