Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_TerraEco_report.md

Last active July 22, 2019 17:09
Show Gist options
  • Save RideSolo/3e3b028e669d79885f8ccc2034d1a70d to your computer and use it in GitHub Desktop.
Save RideSolo/3e3b028e669d79885f8ccc2034d1a70d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_TerraEco_report.md

TerraEco Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where TerraEco Token has been reviewed.

2. In scope

3. Findings

2 issues were reported :

  • 0 high severity issues.

  • 0 medium severity issues.

  • 1 low severity issue.

  • 1 note.

3.1. Possible Overflow

Severity: low

Description

A possible overflow can occure if _addedValue is too high either by mistake or by intention.

Recommmendation

Always use SafeMath when performing such operations.

Code snippet

    function increaseApproval(address _spender, uint _addedValue) public returns (bool) { 
        allowed[msg.sender][_spender] = allowed[msg.sender][_spender] + _addedValue; 
        emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]); 
        return true; 
    }

3.2. Known vulnerabilities of ERC-20 token

Severity: note

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

4. Conclusion

The audited contract can be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment