Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/CryptoAds_conclusion.md

Created August 20, 2018 19:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/c68640f18ae397c309beff64e228af7e to your computer and use it in GitHub Desktop.
Save yuriy77k/c68640f18ae397c309beff64e228af7e to your computer and use it in GitHub Desktop.
Download ZIP
CryptoAds smart contract audit report conclusion
Raw
CryptoAds_conclusion.md

CryptoAds smart contract security audit report performed by Callisto Security Audit Department

Conclusion:

No critical issue, bug fixing is necessary. It is highly recommended to complete a bug bounty before use.

Medium severity issues:

1. Zero address owner.

Description

Owner address may be sent to zero address at function setOwner and because of it owner will lose his access to smart contract.

Recommendation

Need to check if _newOwner is not zero address.

require(_newOwner != address(0));

2. Transfer to zero address.

Severity: medium

Description

Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.

Recommendation

Need to check if _to address is not zero address.

require(_to != address(0));

3. Double-spend attack is possible.

Severity: medium

Description

In case the user wants to change the approved amount an double-spend attack is possible.

Recommendation

Can be reviewed here.

Revealing audit reports:

https://gist.github.com/yuriy77k/0642bdfd140789929904373bf3564123

https://gist.github.com/yuriy77k/df7339f021bed8366ed40da915da1a8f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment