ERC20_and_Crowdsale_audit_report.md

ERC20 and Crowdsale audit report.

Summary

This is the report from a security audit performed on ERC20andCrowdsale by Il Kadyrov.

The audit focused primarily on the security of ERC20andCrowdsale contracts.

In scope

1. https://github.com/SamueleA/ERC20andCrowdsale/blob/master/Crowdsale.sol
2. https://github.com/SamueleA/ERC20andCrowdsale/blob/master/ERC20Interface.sol
3. https://github.com/SamueleA/ERC20andCrowdsale/blob/master/ERC20Token.sol
4. https://github.com/SamueleA/ERC20andCrowdsale/blob/master/Ownable.sol
5. https://github.com/SamueleA/ERC20andCrowdsale/blob/master/SafeMath.sol

Findings

In total, 4 issues were reported including:

• 1 high severity issues.

• 1 medium severity issues.

• 2 low severity issues.

Security issues

1. Transfer to zero address (ERC20Token.sol).

Severity: high

Description

Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.

Recommendation

Need to check if to address is not zero address.

require(to != address(0));

2. Integer overflow possibility (ERC20Token.sol) and (Crowdsale.sol).

Severity: medium

Description

In line 159 (ERC20Token.sol) and line 120 (Crowdsale.sol) there are integer overflow possibilities.

Recommendation

Need to use SafeMath.

3. Old solidity version.

Severity: low

Description

Used solidity version is old.

Recommendation

Need to use latest version of solidity.

4. Empty functions (Crowdsale.sol).

Severity: low

Description

_postValidatePurchase and _updatePurchasingState functions are empty, but used in buyTokens function.

Recommendation

Rewrite functions or remove them and don't use.

Conclusion

One high severity vulnerabilitiy was detected. The reported issue can directly hurt the ERC20andCrowdsale smart-contracts.

You need to fix high severity issue and we highly recommend you to complete other bug bounty before use.