Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/Bionic_Conclusion.md

Created August 11, 2018 11:59
Show Gist options
  • Save yuriy77k/2ac131d3ed755ac9179acc55c99dcb93 to your computer and use it in GitHub Desktop.
Save yuriy77k/2ac131d3ed755ac9179acc55c99dcb93 to your computer and use it in GitHub Desktop.
Download ZIP
Bionic Conclusion
Raw
Bionic_Conclusion.md

BNC token security audit report performed by Callisto Security Audit Department

1. Conclusion:

No critical issue. This contract can be considered safe to be deployed. However, as highlighted users can accidentally send their tokens to 0x0 address.

2. Medium severity issues:

2.1. Token Transfer to Address 0x0

Description

Bionic Token do not require the to address to be non null before transfer. Accidental token loss to address 0x0 can be applicable.

The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address. However, this mechanism leads to the above mentioned issue.

Code snippet

https://github.com/bioniccoin/BNC/blob/81ddaaa00ede373c6043cd9e06f9447b8c963959/Contracts/Bionic.sol#L146#L151

Recommendation

Refer to ERC20 Standard implemented by OpenZepplin, to avoid this issue.

3. Low severity issue:

3.2. Known Issues of ERC20 Standard

Description

ERC20 Tokens have some well-known issues (listed bellow), This is just a reminder for the contract developers.

  • Approve + transferFrom mechanism allows double Withdrawal attack (as commented on the contract).
  • Lack of transaction handling.

The above mentioned issues are well documented, a basic search can help to get more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment