Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/ETH_Holo_report.md Secret

Forked from RideSolo/ETH_Holo_report.md
Last active June 9, 2019 09:52
Show Gist options
  • Save yuriy77k/c6a8d409a858f6155780ea7f4addd097 to your computer and use it in GitHub Desktop.
Save yuriy77k/c6a8d409a858f6155780ea7f4addd097 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ETH_Holo_report.md

Holo Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Holo Token has been reviewed.

2. In scope

3. Findings

1 issue was reported:

  • 1 low severity issue.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

Conclusion

The audited contract can be deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment