Skip to content

Instantly share code, notes, and snippets.

@MrCrambo
Created July 5, 2018 08:36
Show Gist options
  • Save MrCrambo/a230677041444d7a563d8983d2ec21fa to your computer and use it in GitHub Desktop.
Save MrCrambo/a230677041444d7a563d8983d2ec21fa to your computer and use it in GitHub Desktop.

MultiSigWallet audit report.

Summary

This is the report from a security audit performed on MultiSigWallet by Il Kadyrov.

The audit focused primarily on the security of MultiSigWallet contract.

In scope

  1. https://github.com/ConsenSys/MultiSigWallet/blob/master/MultiSigWalletWithDailyLimit.sol

Findings

In total, 4 issues were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

Security issues

1. Integer over-/under- flow possibility.

Severity: medium

Description

In lines: 459, 421, 145, 140 integer underflow possibilities.

Recommendation

Need to use SafeMath.

2. Function doesn't return value.

Severity: medium

Description

Function isConfirmed will not return false, if transaction doesn't confirmed, there is just return true in if statement.

Recommendation

Add return false.

3. Old solidity version.

Severity: low

Description

Used solidity version is old.

Recommendation

Need to use latest version of solidity.

4. Use require instead of if throw.

Severity: low

Description

In modifiers onlyWallet, ownerDoesNotExist, ownerExists, transactionExists, confirmed, notConfirmed, notExecuted, notNull, validRequirement used if throw, which can be replaced with require.

Recommendation

Need to use require.

Conclusion

Smart contract has few medium and low severity issues. We higly recommend you to complete bug bounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment