This document is a security audit report performed by RideSolo, where GIGZI Project has been reviewed.
GIGZI project promess to issue regulated tokens (GZS silver, GZG gold, GZP platinum) backed by precious metals and also one non-regulated token GZB black. Round of rewards will be distributed to the holders of GZB tokens on their accounts in the form of regulated tokens (GZG) following the project funding. GZB distribution is performed by ICO.
- GigBlack.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
- GigSilver.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
- GigGold.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
- GigPlatinum.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
- GigCrowdsale.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
- FeeableToken.sol github commit hash 0989f4a550ef8ae7110635784a96144d5578d7d1.
-
The OpenZeppelin contracts inherited by the project are excluded from the audit report, however the usage of this contracts were analyzed.
-
MessageHelper.sol contained in the project repository is part of OpenZeppelin-solidity framework therefore omitted from the audit report.
-
Migrations.sol contained in the project repository is part of [truffle framework]https://github.com/ConsenSys/truffle-webpack-demo/blob/c2735c978b12d596ce40224a06e289c806e40a0e/contracts/Migrations.sol) therefore omitted from the audit report.
3 issues were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
1 low severity issues.
-
2 minor remarks.
The function setTxFeeCollector member of FeeableToken re-assign fee collector address, but do not reset the reserved account old address to avoid fee collection, however addReservedAccount can be used but at the price of extending accountsReserved dynamic array.
Reseverd accounts are used to avoid paying fees for some addresses. Each time if the contract owner wants to add an address he calls addReservedAccount adding a new element to accountsReserved dynamic array, this practice adds too much gas consumption when checking if the address transaction fees are applicable (in isFeeShouldBePaid function).
Use a simple mapping where an address will map to a boolean variable. this will considerably optimize transactions gas consumptions.
The functions addReservedAccount and isFeeShouldBePaid should be reimplemented as recommended.
Requiring txFee lower than _value represent extra computation since txFee is calculated using _value as input.
The contracts reviewed can be considered safe to be deployed. However a lot of optimization has to be done to minimize gas consumption.