danbogd/JarvisPlus_Token_audit_report.md

Created October 8, 2018 18:16

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/danbogd/80e369e6c0d806338e42bf4839637fad.js"></script>
Save danbogd/80e369e6c0d806338e42bf4839637fad to your computer and use it in GitHub Desktop.

Download ZIP

Raw

JarvisPlus_Token_audit_report.md

JarvisPlus Token Audit Report.

1. Summary

This document is a security audit report performed by danbogd, where JarvisPlus Token has been reviewed.

2. In scope

JarvisPlusToken_flat.sol.

3. Findings

2 issues were reported including:

1 low severity issues.
1 minor remark.

3.1. Known Issues of ERC20 Standard

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

Approve + transferFrom mechanism allows double Withdrawal attack. Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

3.2. Extra checking.

Severity: minor

Description

Extra checking in 96,165,166 lines of BasicToken and StandardToken contracts. SafeMath library checks it anyway.

Code snippet

https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L96 https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L165 https://github.com/x-contract/JarvisPlusToken/blob/8dca09084a7e9178ee5770228219bf901ecaf21e/flats/JarvisPlusToken_flat.sol#L166

4. Conclusion

No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment