Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/MultiSigWallet_audit_report.md Secret

Forked from MrCrambo/MultiSigWallet_audit_report.md
Created July 13, 2018 10:19
Show Gist options
  • Save yuriy77k/5e6348abd2399024768e51157bae33e6 to your computer and use it in GitHub Desktop.
Save yuriy77k/5e6348abd2399024768e51157bae33e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MultiSigWallet_audit_report.md

MultiSigWallet audit report.

Summary

This is the report from a security audit performed on MultiSigWallet by Il Kadyrov.

The audit focused primarily on the security of MultiSigWallet contract.

In scope

  1. https://github.com/ConsenSys/MultiSigWallet/blob/master/MultiSigWalletWithDailyLimit.sol

Findings

In total, 4 issues were reported including:

  • 0 high severity issues.

  • 2 medium severity issues.

  • 2 low severity issues.

Security issues

1. Integer over-/under- flow possibility.

Severity: medium

Description

In lines: 459, 421, 145, 140 integer underflow possibilities.

Recommendation

Need to use SafeMath.

2. Function doesn't return value.

Severity: medium

Description

Function isConfirmed will not return false, if transaction doesn't confirmed, there is just return true in if statement.

Recommendation

Add return false.

3. Old solidity version.

Severity: low

Description

Used solidity version is old.

Recommendation

Need to use latest version of solidity.

4. Use require instead of if throw.

Severity: low

Description

In modifiers onlyWallet, ownerDoesNotExist, ownerExists, transactionExists, confirmed, notConfirmed, notExecuted, notNull, validRequirement used if throw, which can be replaced with require.

Recommendation

Need to use require.

Conclusion

Smart contract has few medium and low severity issues. We higly recommend you to complete bug bounty before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment