ETH_SymVerse_report.md

Summary

This is the report from a security audit performed on SymVerse by MrCrambo.

The audit focused primarily on the security of SymVerse smart contract.

In scope

1. https://github.com/symverse-lab/SmartContract/blob/master/SymToken.sol

Findings

In total, 6 issues were reported including:

• 0 high severity issues.

• 2 medium severity issues.

• 3 owner privilegies issues.

• 1 low severity issues.

Security issues

1. Owner privilegies

Severity: owner privilegies

Description

1. Owner can change delegator any time he wants and to any address.
2. Owner can lock all transfers and all function calls.
3. Owner can increase unlock amount to any address and decrease it from any address at any time.

2. Increasing allowance

Severity: medium

Description

In function increaseAllowance if owner will call this function, he will mint himself extra tokens without any restrictions.

3. Owner minting

Severity: medium

Description

Owner can increase circulation supply any time he wants and can burn any amount of tokens at any time. This could be risky for investors, because all their holding tokens could become unvaluable if owner will increase circulating supply.

4. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here
2. Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

Conclusion

Smart contract contains medium severity issues.