Skip to content

Instantly share code, notes, and snippets.

@yuriy77k
Forked from alexo18/Gigzi_audit_report.md
Created August 15, 2018 17:01
Show Gist options
  • Save yuriy77k/22a7cc05f8d221e7109048efe1d37073 to your computer and use it in GitHub Desktop.
Save yuriy77k/22a7cc05f8d221e7109048efe1d37073 to your computer and use it in GitHub Desktop.

Ethereum Classic Gigzi smart contract audit report.

Summary

This is the report from a security audit performed on Gigzi smart contract (ETH) by alexo18. The audit focused primarily on the security of funds and fault tolerance of the Gigzi contract. The main intention of this contract is to serve as token ecosystem.

In scope

FeeableToken.sol
GigBlack.sol
GigCrowdsale.sol
GigGold.sol
GigSilver.sol
GigPlatinum.sol
Migrations.sol
MessageHelper.sol

Findings

In total, 2 issues were reported including:

  • 2 low severity issues.

Security issues

1.Account of Fee Collector Address not updated

Severity: low

Description

The 'setTxFeeCollector' function not update the 'accountReserved[]' with new fee collector address, moreover, the function does not remove last collector address from the array.

Code snippet

https://github.com/GigziProject/GigziContracts/blob/master/contracts/FeeableToken.sol#L69

2. Known Issues of ERC20 Standard.

Severity: low

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

  • Approve + transferFrom mechanism allows double Withdrawal attack (as commented on the contract).
  • Lack of transaction handling.
The above mentioned issues are well documented, a basic search can help to get more information.

Conclusion

No critical vulnerabilities were detected.This contract can be considered safe to be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment