Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/JarvisPlus.md Secret

Forked from pro100skm/JarvisPlus.md
Created October 9, 2018 07:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/d1f01c441cb6ac96d25368a25cf4407d to your computer and use it in GitHub Desktop.
Save yuriy77k/d1f01c441cb6ac96d25368a25cf4407d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
JarvisPlus.md

JarvisPlus audit report

Summary

This is the report from a security audit performed on JarvisPlus by pro100skm.

The audit focused primarily on the security of JarvisPlus contract.

In scope

  1. https://github.com/x-contract/JarvisPlusToken/blob/master/flats/JarvisPlusToken_flat.sol

Findings

In total, 2 issues were reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 1 low severity issues.

  • 1 minor observations.

Security issues

1. Known Issues of ERC20 Standard

Severity: low

Description

approve + transferFrom mechanism allows double Withdrawal attack.

2. Representation note

Severity: minor

Description

'initialAmount' assigns a long number.

Recommendation

Better to change the representation of this number. And write it as below:

uint256 private constant initialAmount = 600000000 * (10 ** uint256(decimals));

Conclusion

There weren't detected any high severity vulnerabilities that can directly hurt the JarvisPlus smart contracts. We highly recommend you to complete other bugbounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment