This document is a security audit report performed by danbogd, where Hydrogen Snowflake has been reviewed.
- Snowflake.sol github commit hash 90389befae1fcbca015f1257bf9d5ac5eccd302a.
In total, 4 issues were reported including:
- 1 medium severity issues.
- 3 low severity issues.
No critical security issues were found.
There is no upper limit on providers, it increments each time a new transaction is registered. Eventually, as the count of transactions increases, gas cost of smart contract calls will raise. If providers.length is large enough, the function exceeds the block gas limit, and transactions calling it will never be confirmed.
There is no return statement in this function that means that it always returns false by default. And this can break the logic of the Dapp.
Add return statement with the right expression.
The owners can implement any logic in the new contract. And even if the new contract will be audited, at any time possible to change the address of the new contract again to not audited and insecure.
In the setAddresses function, the input address of _hydroTokenAddress is not checked for a null value and the funds can be accidentally transferred to a 0x0-address.
###Code snippet
Medium issues can influence smart contracts operation in current implementation. We highly recommend addressing them.