A smart contract that enables identity-management under ERC 1484 and enables various types of transfers of HYDRO tokens.
2. In scope
- Snowflake.sol github commit hash 90389befae1fcbca015f1257bf9d5ac5eccd302a.
In total, 5 issues were reported including:
1 medium severity issues.
3 low severity issues.
1 minor observation.
No critical security issues were found.
3.1. Gas limit and loops
There is no upper limit on providers, it increments each time a new transaction is registered. Eventually, as the count of transactions increases, gas cost of smart contract calls will raise. If providers.length is large enough, the function exceeds the block gas limit, and transactions calling it will never be confirmed.
3.2. Non-initialized return value
There is no return statement in this function that means that it always returns false by default. And this can break the logic of the Dapp.
Add return statement with the right expression.
3.3. Owner Privileges (the relocating is not secure process for investors).
The owners can implement any logic in the new contract. And even if the new contract will be audited, at any time possible to change the address of the new contract again to not audited and insecure.
3.4. It is necessary to check the input address to the zero-address.
In the setAddresses function, the input address of _hydroTokenAddress is not checked for a null value and the funds can be accidentally transferred to a 0x0-address.
identityExists modifier error message.
Severity: minor observation
In case if
check variable is
false an error message should be "The EIN exists.". But now in any case shows the message "The EIN does not exist.".
Medium issues can influence smart contracts operation in current implementation. We highly recommend addressing them.