Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/LuckyStrike_audit_report.md Secret

Forked from danbogd/LuckyStrike_audit_report.md
Created January 17, 2019 17:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/9a8422217622491e4f2c50b73abebe1a to your computer and use it in GitHub Desktop.
Save yuriy77k/9a8422217622491e4f2c50b73abebe1a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
LuckyStrike_audit_report.md

Lucky Strike Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where Lucky Strike has been reviewed.

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 1 high severity issues.
  • 1 low severity issues.

Critical security issues were found.

3.1. Multiplication after division

Severity: high

Description

Solidity operates only with integers. Thus, if the division is done before the multiplication, the rounding errors can increase dramatically. The investor who burns tokens will get incorrectly assessed the amount of dividends.

Code snippet

https://gist.github.com/yuriy77k/8111757d30637066b3b4bdb60b3525d0#file-luckystriketokens-sol-L168

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

4. Conclusion

Some critical vulnerabilitie was detected,we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment