Skip to content

Instantly share code, notes, and snippets.

@RideSolo

RideSolo/ETH_Scanetchain_report.md

Last active March 3, 2020 01:30
Show Gist options
  • Save RideSolo/e4fa40da4fcc94d12f04d137ac4066ef to your computer and use it in GitHub Desktop.
Save RideSolo/e4fa40da4fcc94d12f04d137ac4066ef to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Scanetchain_report.md

Scanetchain Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Scanetchain has been reviewed.

Symbol       : SWC
Name         : Scanetchain
Capped supply: 1,000,000,000
Decimals     : 18 
Standard     : ERC20

2. In scope

3. Findings

2 issues were reported including:

  • 1 low severity issue.
  • 1 owner privilege.

3.1. Owner Privileges

Severity: low

Description

Owner has the right to pause/unpause token transfers and approvals.

Code snippet

https://github.com/Scanetchain/Scanetchain-ERC20-Token/blob/master/Contracts/scanetchaintoken_new_final.sol#L374#L431

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

4. Conclusion

The audited contract is safe, the users should be aware of the owner privilege.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment