Skip to content

Instantly share code, notes, and snippets.

@danbogd

danbogd/ETH_cryptomillions_audit_report.md

Created August 19, 2019 10:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save danbogd/f8d66858351ccb24048934b303ca3ac1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save danbogd/f8d66858351ccb24048934b303ca3ac1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_cryptomillions_audit_report.md

cryptomillions audit report.

1. Summary

This document is a security audit report performed by danbogd, where cryptomillions has been reviewed.

2. In scope

Сommit hash 2274bf5224168da72285399fca9be14471ea7764.

3. Findings

In total, 3 issues were reported including:

  • 2 medium severity issues
  • 0 low severity issues
  • 1 owner privileges (ability of owner to manipulate contract, may be risky for investors).
  • 0 notes.

No critical security issues were found.

3.1. Transfer prevents transfers of zero value

Severity: medium

Description

The transfer function in ERC20_CPM1_Token is not ERC20 compliant as it stands. From the ERC20 standard: “Note Transfers of 0 values MUST be treated as normal transfers and fire the Transfer event”. This function has a require statement that causes execution to revert if value is greater than zero.

Code snippet

https://github.com/cryptomillionsofficial/CREATE_ERC20_CPM1/blob/2274bf5224168da72285399fca9be14471ea7764/ERC20_CPM1_Token.sol#L69

3.2. ERC20 Compliance — method missing

Severity: medium

Description

In the ERC-20 standard here should be approve, allowance functions, but here its are missing.

3.3. Owner Privileges

Severity: owner previliges

Description

Contract owner allow himself to:

  • pause/unpause transfer and burn functions here.

4. Conclusion

The review did not show any critical issues, some of medium severity issues were found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment