This is the report from a security audit performed on Holo by MrCrambo.
The audit focused primarily on the security of Holo smart contracts.
In total, 3 issues were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
1 owner privilegies issues.
-
2 low severity issues.
There are no zero address checking in functions setMinter
at line 239, setDestroyer
at line 269 and mint
at line 243.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
- Owner can mint any amount of tokens and for a long period of time, because he can not finish minting and can set himself as minter.
Smart contract contains only low severity issues.