This document is a security audit report performed by danbogd, where NTP Tokens has been reviewed.
- ntp.sol github commit hash 72fac4492abee0b14ac0133b94197b5bfe2ca9d6.
In total, 4 issues were reported including:
- 2 medium severity issues.
- 2 low severity issues.
No critical security issues were found.
The owner or a hacker (if the owner's private key will be compromised) can mint any value of tokens he wants. The token can become worthless very quickly. This is dangerous for investors.
There is necessary to check the input value of the updateTokensPerEth function for zero-value. In case of the argument is not specified, the user can pay money but not get tokens.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
The contract owner allow himself to:
- set the price
- finish distribution tokens
- withdraw all fonds of contract
- burn and mint tokens
The contract is managed manually by the owner which is not good for investors.
The review did not show any critical issues, but some of medium severity issues were found.