Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/MinToken.md Secret

Forked from MrCrambo/MinToken.md
Created March 2, 2019 11:53
Show Gist options
  • Save yuriy77k/ca95cb336e623ce452c96d1915b9cabd to your computer and use it in GitHub Desktop.
Save yuriy77k/ca95cb336e623ce452c96d1915b9cabd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MinToken.md

Summary

This is the report from a security audit performed on MinToken by MrCrambo.

The audit focused primarily on the security of MinToken smart contract.

In scope

  1. https://github.com/MinToken/MinToken/blob/master/mintoken.sol

Findings

In total, 3 issues were reported including:

  • 0 high severity issues.

  • 1 medium severity issues.

  • 2 low severity issues.

Security issues

1. Owner Privileges

Severity: medium

Description

Owner can freeze and unfreeze accounts at any moment without any restrictions using function freezeAccount

2. Zero address transfer

Severity: low

Description

In functions transferOwnership there is no zero address checking.

Recommendation

Add zero address checking

require(newOwner != address(0));

3. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contract contains medium severity issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment