This document is a security audit report performed by danbogd, where KuCoin Shares has been reviewed.
Сommit hash .
In total, 3 issues were reported including:
- 1 medium severity issues
- 2 low severity issues
- 0 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
- 0 notes.
No critical security issues were found.
In the ERC-20 standard here should be approve, transferFrom, allowance, balanceOf functions, but here its are missing.
An event isn't emited when assigning the initial supply to the msg.sender.
Line 33.
function MyToken(
uint256 initialSupply,
string tokenName,
uint8 decimalUnits,
string tokenSymbol
) {
balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens
totalSupply = initialSupply; // Update total supply
name = tokenName; // Set the name for display purposes
symbol = tokenSymbol; // Set the symbol for display purposes
decimals = decimalUnits; // Amount of decimals for display purposes
}balances[_to] + value should be able to be zero since balance[to] can equal zero and the ERC20 standard states that transfers with value zero must be allowed. As it stands, this implementation threatens to break ERC20 compliance.
Line 43.
function _transfer(address _from, address _to, uint _value) internal {
require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead
require (balanceOf[_from] > _value); // Check if the sender has enough
require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows
balanceOf[_from] -= _value; // Subtract from the sender
balanceOf[_to] += _value; // Add the same to the recipient
Transfer(_from, _to, _value);
}
require (balanceOf[_from] >= _value);
require (balanceOf[_to] + _value >= balanceOf[_to]);The review did not show any critical issues, some of medium and low severity issues were found.