Natmin_audit_report.md

Natmin Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where Natmin has been reviewed.

2. In scope

• NatminToken.sol github commit hash fcfdf37b07ba613bf8ca4ecd566865344e72dd82.

3. Findings

2 issues were reported including:

• 1 medium severity issues.

• 1 minor remark.

3.1. Token Transfer to Address 0x0

Severity: medium

Description

It is possible to accidentally send tokens to 0x0 address then _to parameter will not be set in transfer function call. Functions transfer(ERC20), transfer (erc223), transferFrom of contract NatminToken.

Code snippet

https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L156-L164 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L166-L173 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L219-L232

Recommendation

Use condition to check 0x0 address.

require(_to != address(0));

3.2. No need of require.

Severity: minor

Description

SafeMath.sub() will automatically throw, if someone will try send more, than he has. In transfer and transferFrom functions no need to check it with require.

Code snippet

https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L189 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L208 https://github.com/NatminPureEscrow/Token/blob/fcfdf37b07ba613bf8ca4ecd566865344e72dd82/contracts/NatminToken.sol#L222

Recommendation

In lines 189, 208, 222 no need of require.

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.