Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/ETH_Maximine_Report.md Secret

Forked from MrCrambo/ETH_Maximine_Report.md
Created July 12, 2019 07:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/d59b2a1e8b4801fff49b18b6456d7435 to your computer and use it in GitHub Desktop.
Save yuriy77k/d59b2a1e8b4801fff49b18b6456d7435 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Maximine_Report.md

Summary

This is the report from a security audit performed on Maximine by MrCrambo.

The audit focused primarily on the security of Maximine smart contract.

In scope

  1. https://etherscan.io/address/0x8e766f57f7d16ca50b4a0b90b88f6468a09b0439#code

Findings

In total, 3 issues were reported including:

  • 0 high severity issues.

  • 0 medium severity issues.

  • 1 owner privilegies issues.

  • 1 low severity issues.

  • 1 notes.

Security issues

1. No event call

Severity: note

Description

In constructor in line 35 there is no event call that funds transfered to owner.

2. Owner privilegies

Severity: owner privilegies

Description

Owner can ban any address without any restrictions.

3. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contract is safe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment