Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Hydrogen Snowflake Audit Report.

1. Summary

Hydrogen Snowflake smart contract security audit report performed by Callisto Security Audit Department

A smart contract that enables identity-management under ERC 1484 and enables various types of transfers of HYDRO tokens.

2. In scope

  • Snowflake.sol github commit hash 90389befae1fcbca015f1257bf9d5ac5eccd302a.

3. Findings

In total, 5 issues were reported including:

  • 1 medium severity issues.

  • 3 low severity issues.

  • 1 minor observation.

No critical security issues were found.

3.1. Gas limit and loops

Severity: medium


There is no upper limit on providers, it increments each time a new transaction is registered. Eventually, as the count of transactions increases, gas cost of smart contract calls will raise. If providers.length is large enough, the function exceeds the block gas limit, and transactions calling it will never be confirmed.

Code snippet

3.2. Non-initialized return value

Severity: low


There is no return statement in this function that means that it always returns false by default. And this can break the logic of the Dapp.

Code snippet


Add return statement with the right expression.

3.3. Owner Privileges (the relocating is not secure process for investors).

Severity: low


The owners can implement any logic in the new contract. And even if the new contract will be audited, at any time possible to change the address of the new contract again to not audited and insecure.

Code snippet

3.4. It is necessary to check the input address to the zero-address.

Severity: low


In the setAddresses function, the input address of _hydroTokenAddress is not checked for a null value and the funds can be accidentally transferred to a 0x0-address.

Code snippet

3.5. identityExists modifier error message.

Severity: minor observation


In case if check variable is false an error message should be "The EIN exists.". But now in any case shows the message "The EIN does not exist.".

Code snippet

4. Conclusion

Medium issues can influence smart contracts operation in current implementation. We highly recommend addressing them.

5. Revealing audit reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.