Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_Holo_report.md

Last active July 22, 2019 17:07
Show Gist options
  • Save RideSolo/49c4f3d588895f43a578e7b6147bef02 to your computer and use it in GitHub Desktop.
Save RideSolo/49c4f3d588895f43a578e7b6147bef02 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Holo_report.md

Holo Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Holo Token has been reviewed.

2. In scope

  • Holo Token github commit hash 8bfb49766d967009a680548ef3cc28c011aa1c4c.

3. Findings

** 1 issue** was reported:

  • 1 low severity issue.

olo/EthereumSmartContracts/blob/master/SafeUpgradeableTokenERC20/contracts/SafeUpgradeableTokenERC20.sol#L217#LL229

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

Conclusion

The audited contract can be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment