ETH_Scanetchain_audit_report.md

Scanetchain audit report.

1. Summary

This document is a security audit report performed by danbogd, where Scanetchain has been reviewed.

2. In scope

Сommit hash c29bbfc939b8e71012a7c35a6b3a135d387a8a7e.

• scanetchaintoken_new_final.sol.

3. Findings

In total, 3 issues were reported including:

• 0 medium severity issues
• 1 low severity issues
• 1 owner privileges (ability of owner to manipulate contract, may be risky for investors).
• 1 notes.

No critical security issues were found.

3.1. Deprecated method.

Severity: note

Description

The function () payable { revert(); } was a pattern used to prevent implicit acceptance of ether in Solidity versions older than 0.4.0, but today this is unneeded.

Code snippet

https://github.com/Scanetchain/Scanetchain-ERC20-Token/blob/c29bbfc939b8e71012a7c35a6b3a135d387a8a7e/Contracts/scanetchaintoken_new_final.sol#L241-L243

3.2. Owner Privileges

Severity: owner previliges

Description

Contract owner allow himself to:

pause/unpause transfer, transferFrom, approve, increaseApproval, decreaseApproval functions here.

3.3. Known vulnerabilities of ERC-20 token

Severity: low

Description

Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

4. Conclusion

The review did not show any critical issues, some of low severity issues were found.