AXM Token smart contract security audit report performed by Callisto Security Audit Department
To provide cross border payments for people of NorthEast India.
Commit hash: 8ac50f805184bade0fb9470aa170e455a254e6f8
In total, 5 issues were reported including:
-
3 medium severity issues.
-
1 low severity issues.
-
1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
Transfer event should be emitted only for tokens transfers. But in this case it will be emitted when the transfer of ether. dApps will interpret this as a token transfer and this can lead to loss of funds or incorrect application behavior.
After the end of ICO, remaining tokens will be send (minted) to the owner. But at the same time the code misses the increase of the totalSupply_. Also Transfer event is missed.
Following the general adopted ICO rules the remaining supply should be burned and not sent to a different address.
After each purchase of tokens, the owner receives the ether.
Funds must be received by the owner only after the ICO finalization.
To avoid losing accuracy multiply operation should be done before division. In this implementation, if the investor wants to purchase the remaining tokens for a larger amount he could get up to 99 tokens free.
Replace line 278 by following:
uint256 newWei = newTokens.mul(1 ether).div(basePrice);
The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.
https://gist.github.com/yuriy77k/3a4fdd12d7ff987fb25a3bccba71c8c0
https://gist.github.com/yuriy77k/bc828af53b91334d42579395ead78615
https://gist.github.com/yuriy77k/5a0e99a5ff23723b73ee841227ec6a80