Ethereum Classic CryptoAds smart contract audit report.
This is the report from a security audit performed on CryptoAds smart contract (ETH) by alexo18. The audit focused primarily on the security of funds and fault tolerance of the CryptoAds contract. The main intention of this contract is to serve as utility token for advertisement platform CryptoAds (based on CFC.io)
In total, 4 issues were reported including:
- 1 medium severity issues.
- 3 low severity issues.
1.Transfer to Address 0x0.
The 'address _to' parameter is not inspected for '0x0' value,so it is possible to accidentally send tokens to 0x0 address.
Use a 'require' statement to inspect the parameter.
2.Using state-reverting exceptions to check input conditions.
Some contract functions return '0' value in case if input conditions not met, but the caller may just not check the return value and expect a 'throw'.
A good code practice is to make your code fail as promptly and as loudly as possible. Also state-reverting exception will bubble up and revert changes made to the entire stack.
3.Excessive conditicons checks.
Some input parameters checks are excessive because their fulfillment is guaranteed by the SafeMath ,but, of course, SafeMath will 'throw'.
4.Double withdrawal attack.
There is a possibility when user accidentally calls the 'AbstractToken.approve(address _spender, uint256 _value)' function, instead of overloaded version from the 'CryptoAdsToken' contract, thereby creating an opportunity for the double withdrawal attack.
Change the 'AbstractToken.approve(address _spender, uint256 _value)' access classifier to 'internal'.
No critical vulnerabilities were detected ,but we highly recommend to complete other bugs before use.