yuriy77k/CryptoAds_conclusion.md

Created August 20, 2018 19:14

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/yuriy77k/c68640f18ae397c309beff64e228af7e.js"></script>
Save yuriy77k/c68640f18ae397c309beff64e228af7e to your computer and use it in GitHub Desktop.

Download ZIP

CryptoAds smart contract audit report conclusion

Raw

CryptoAds_conclusion.md

CryptoAds smart contract security audit report performed by Callisto Security Audit Department

Conclusion:

No critical issue, bug fixing is necessary. It is highly recommended to complete a bug bounty before use.

Medium severity issues:

1. Zero address owner.

Description

Owner address may be sent to zero address at function setOwner and because of it owner will lose his access to smart contract.

Recommendation

Need to check if _newOwner is not zero address.

require(_newOwner != address(0));

2. Transfer to zero address.

Severity: medium

Description

Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.

Recommendation

Need to check if _to address is not zero address.

require(_to != address(0));

3. Double-spend attack is possible.

Severity: medium

Description

In case the user wants to change the approved amount an double-spend attack is possible.

Recommendation

Can be reviewed here.

Revealing audit reports:

https://gist.github.com/yuriy77k/0642bdfd140789929904373bf3564123

https://gist.github.com/yuriy77k/df7339f021bed8366ed40da915da1a8f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment