Pundi X (NPXS) Token smart contract security audit report performed by Callisto Security Audit Department
In total, 9 issues were reported including:
-
5 low severity issues.
-
1 notes.
-
3 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
-
The owner receives funds immediately after the purchase of tokens. It should be available after the end of crowdsale. Otherwise, the owner has the opportunity to buy tokens for the same money. (line 149).
RefundVaultandWithdrawVaultcontracts is managed manually by the owner and are not integrated with theCrowdsalecontract which is not good for investors. (lines 200 and 446) -
The contract owner allowed to pause transfer functions (
transfer,transferFrom). (lines 541-545) -
The owner can finish minting whenever he wants. Related with issue #4. (line 401)
According to ERC20 standard when burning coins a transfer event should be emitted. In this case the Burn event is emitted, it is better to additionally use emit Transfer(msg.sender, address(0), value);
stopReceive mechanism is used for transfer function but not implemented for transferFrom function. It is possibler to approve funds to yourself and send through transferForm without any restrictions.
-
Judging by the call of the
tokenFallbackfunction, this token should support the ERC223 standard. But in this case it should be called in thetransferfunction also. And should to check whether the recipient is a contract. And functiontransfer(address, uint, bytes)should be implemented. Please, read this -
Judding by
transferAndCallfunction this token should support the ERC677 standard. But in this case it should callcontractFallbacknottokenFallbackfunction. And should to check whether the recipient is a contract. Please, read this -
transferAndCallfunction not usewhenNotPausedmodifier and tokens may be transferred even if contract is paused.
There are no zero address checking in functions deposit at line 212, mint at line 389, deposit at line 465
Following ERC-20 final description:
"NOTE: To prevent attack vectors like the one described here and discussed here, clients SHOULD make sure to create user interfaces in such a way that they set the allowance first to 0 before setting it to another value for the same spender. THOUGH The contract itself shouldn't enforce it, to allow backwards compatibility with contracts deployed before.
Do not throw in case if the following condition is true require((value == 0) || (_allowances[msg.sender][spender] == 0)) and return false, users might not notice that the changes didn't occur, and external contract calls to this function will highlight many other issues.
function approve(address _spender, uint256 _value) returns (bool) {
require((_value == 0) || (allowed[msg.sender][_spender] == 0));
allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
}The audited smart contract can be deployed. Only low severity issues were found during the audit.
https://gist.github.com/yuriy77k/ede3912b0498e812eecd528acbe37137
https://gist.github.com/yuriy77k/72b57e6c662bf0413e4ad11190db1977
https://gist.github.com/yuriy77k/76d020a1607a9483b7dba267eb36b36d