danbogd/FORZE_audit_report.md

Last active August 31, 2019 14:49

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/danbogd/0491b5bfffcabf71147dd584e58a0866.js"></script>
Save danbogd/0491b5bfffcabf71147dd584e58a0866 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

FORZE_audit_report.md

FORZE Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where FORZE has been reviewed.

2. In scope

forze.sol.

3. Findings

3 issues were reported including:

1 low severity issues.
2 minor remark.

3.1. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

Approve + transferFrom mechanism allows double Withdrawal attack. Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

3.2. Old solidity version.

Severity: minor

Description

Used solidity version is old.

Recommendation

Use one of the latest version of solidity.

3.3. Extra checking.

Severity: minor

Description

Extra checking in 81, 101 lines of FORZE contract. SafeMath library checks it anyway.

Code snippet

https://gist.github.com/yuriy77k/4f5f9148280105cddc636b1d93dbec37#file-forze-sol-L81 https://gist.github.com/yuriy77k/4f5f9148280105cddc636b1d93dbec37#file-forze-sol-L101

Recommendation

This lines 81, 101 may be deleted.

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment