Skip to content

Instantly share code, notes, and snippets.

@danbogd

danbogd/TechX Audit Report.md

Created October 12, 2018 14:55
Show Gist options
  • Save danbogd/6bc2aac2642b0ea0897a80a0d9dc5256 to your computer and use it in GitHub Desktop.
Save danbogd/6bc2aac2642b0ea0897a80a0d9dc5256 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TechX Audit Report.md

TechX Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where TechX has been reviewed.

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 1 low severity issues.

  • 1 minor observation.

No critical security issues were found.

3.1. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

Approve + transferFrom mechanism allows double Withdrawal attack. Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

3.2. Extra checking

Severity: minor observation

Description

Extra checking in 163,109,110 lines. SafeMath library checks it anyway. Solidity automatically throws when dividing by zero in 14 line. There is no case in which this doesn't hold.

Code snippet

https://gist.github.com/yuriy77k/0b860f1970ad357f254b0c5945c6cf2c#file-techx-sol-L63 https://gist.github.com/yuriy77k/0b860f1970ad357f254b0c5945c6cf2c#file-techx-sol-L109 https://gist.github.com/yuriy77k/0b860f1970ad357f254b0c5945c6cf2c#file-techx-sol-L110

Recommendation

Those lines may be deleted.

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment