This document is a security audit report performed by danbogd, where axmtoken has been reviewed.
Сommit hash 8ac50f805184bade0fb9470aa170e455a254e6f8.
In total, 4 issues were reported including:
- 1 high
- 1 medium severity issues
- 1 low severity issues
- 0 owner privileges (ability of owner to manipulate contract, may be risky for investors).
- 1 notes.
No critical security issues were found.
In this implementation, if the investor wants to purchase the remaining tokens for a large amount he will get them for free.
Under totalSupply the investor understands the total number of tokens, but this indicator starts to grow up to 200000010**18. After the end of sales, on the owner balance still remains 100000010**18 tokens. It is not good for investors.
https://github.com/mahamihirion/axmtoken/blob/8ac50f805184bade0fb9470aa170e455a254e6f8/axm.sol#L293 https://github.com/mahamihirion/axmtoken/blob/8ac50f805184bade0fb9470aa170e455a254e6f8/axm.sol#L257-L258
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
In AssamToken contract, according to the ERC20 standard, the variable decimals should be declared as uint8.
The audited smart contract is not safe to deploy.