This document is a security audit report performed by danbogd, where Natmin has been reviewed.
- NatminToken.sol github commit hash fcfdf37b07ba613bf8ca4ecd566865344e72dd82.
2 issues were reported including:
-
1 medium severity issues.
-
1 minor remark.
It is possible to accidentally send tokens to 0x0 address then _to parameter will not be set in transfer function call. Functions transfer(ERC20), transfer (erc223), transferFrom of contract NatminToken.
https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L156-L164 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L166-L173 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L219-L232
Use condition to check 0x0 address.
require(_to != address(0));
SafeMath.sub() will automatically throw, if someone will try send more, than he has. In transfer and transferFrom functions no need to check it with require.
https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L189 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L208 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L222
In lines 189, 208, 222 no need of require.
No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.