ETH_SymVerse_audit_report.md

SymVerse audit report.

1. Summary

This document is a security audit report performed by danbogd, where SymVerse has been reviewed.

2. In scope

Сommit hash d38e09b7c90763c283215c6da043e720b324f98f.

• SymToken.sol.

3. Findings

In total, 4 issues were reported including:

• 0 medium severity issues
• 2 low severity issues
• 1 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
• 1 notes.

No critical security issues were found.

3.1. ERC20 Compliance.

Severity: low

Description

Accroding to ERC20 standard, when initializing a token contract if any token value is set to any given address a transfer event should be emited.

Code snippet

https://github.com/symverse-lab/SmartContract/blob/d38e09b7c90763c283215c6da043e720b324f98f/SymToken.sol#L469

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here.

2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

3.3. Owner Privileges

Severity: owner previliges

Description

Contract owner allow himself to:

Lock/unlock all users function here

3.4. Discrepancy with the ERC20 standard

Severity: note

Description

In SymToken.sol, according to the ERC20 standard, the variable decimals should be declared as uint8.

Code snippet

https://github.com/symverse-lab/SmartContract/blob/d38e09b7c90763c283215c6da043e720b324f98f/SymToken.sol#L465

4. Conclusion

The review did not show any critical issues, some of low severity issues were found.