Bankorus Token smart contract security audit report performed by Callisto Security Audit Department
Symbol : BKTS
Name : Bankorus Token
Total supply: Mintable
Decimals : 18
Standard : ERC20
In total, 4 issues were reported including:
-
2 low severity issues.
-
2 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
decreaseAllowance throw in case if the value to be subtracted is higher than the amount that is allowed, if the address owner wants to change the value allowed by reducing it and the spender withdraw a part of it before, the function might throw and give more chances for the spender to take the rest of the allowed value.
The value should be set to zero if the value to be subtracted is higher than the allowance.
function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
_approve(msg.sender, spender, _allowed[msg.sender][spender].sub(subtractedValue));
return true;
}
- Pause/Unpause token transfers and approvals.
- Unlimited token minting.
modifier whenNotPaused() {
require(!_paused);
_;
}
function mint(address to, uint256 value) public onlyMinter returns (bool) {
_mint(to, value);
return true;
}
The audited smart contract can be deployed. Only low severity issues were found during the audit.
https://gist.github.com/yuriy77k/9b9ce332054f0feedaddefa6544ad645
https://gist.github.com/yuriy77k/4e51e3d0a5818659eeacb75e2833f1be
https://gist.github.com/yuriy77k/2b0e0ebfd78ece5e912c3108c8517f1f