PHI Crowdsale Audit Report.
2. In scope
- PHICrowdsale.sol github commit hash c0eeedc616935ce2cf72191567c05bc705e983a1.
5 issues were reported including:
2 medium severity issues.
3 low severity issues.
3.1. Token Minting
mint(address _to, uint256 _amount, address _owner)function does not mint tokens but rather transfer tokens from
_tothis allow transfer of tokens from any address to another address.
mintis marked as internal, its usage is limited inside the contract and it won't harm any investor.
When the ICO end, if owner doesn't call
ownerBurnTokenthe allocated tokens for the crowdsale will be kept by the owner in his wallet, since mint do not really mint but just transfer tokens from
MintableTokencontract, is not intended be set to
trueat any moment inside all the Token and ICO logic.
3.2. ICO Rates
If a user buy tokens during the pre-ICO expecting
ratePreIco to be applied and the
tokenAllocated is higher than
limitPreIco than the used rate will be
rateIco, resulting in an
amountOfTokens lower than expectations.
3.3. ICO Phases Time
ICO phases can be started, extended or stoped at the owner will.
3.4. Minting Event
mintForFund should emit
Mint event after adding fund value to every address.
3.5. Known Issues of ERC20 Standard
ERC20 Tokens have some well-known issues (listed below), This is just a reminder for the contract developers.
- Approve + transferFrom mechanism allows double withdrawal attack.
- Lack of transaction handling.
The above mentioned issues are well documented, a basic search can help to get more information.
Smart contracts are intended to be more autonomous than centralized applications, Crowdsale functions should be more decentralized to fully benefit from the trustless nature of the ethereum blockchain.
Multiple issues have been raised, the contract developers should fix them before deployment.