Closed yuriy77k closed 5 years ago
XCOYNZ token smart contract security audit report performed by Callisto Security Audit Department
In total, 3 issues were reported including:
No critical security issues were found.
If the tokenOwner input not correct value the underflow occurs, in this case the requires in transfer
function will not work, but transfer will reverted due using SafeMath in the function _transfer
.
The values of timestamps must be updated. (23 Jan 2019).
The contact code is not guaranteed that the owner will burn tokens after crowdsale, which is not good for investors.
The tokenOwner can bypass the restrictions in transfer
function using functions approve
and transferFrom
instead.
It is possible to double withdrawal attack. More details here.
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
No critical security issues were found in the audited smart contract. But investors have to pay attention to high privileges of token Owner whose could manipulate ICO process.
https://gist.github.com/yuriy77k/e01d4429a4a4e62f37b9cc0990eabd2e
https://gist.github.com/yuriy77k/9f2f707f0ba330597ae3ac8e674568be
https://gist.github.com/yuriy77k/df49590bde2835e5f25a327f9f492f6b
Audit request
Smart Contract to support XCOYNZ token and project fundamentals with 1.25B total supply and a token ticker of XCZ. The Smart Contract encompasses all basic token attributes and periodic releases of tokens, adhering to vesting periods as dictated by the project's long term vision which is made publicly available in the Whitepaper and all project documentation. https://xcoynz.com/ XCOYNZ offers the ability for non-crypto-participants to quickly and easily enter the Cryptocurrency world, familiarise themselves with the regular movements between Crypto assets and connect their personal Crypto wealth to a world where payments and transfer executions are no longer difficult or long-winded processes. In essence, making the handling of Crypto wealth just as seamless as everyday banking has now become. XCOYNZ will offer training videos and a support infrastructure for those non-crypto-savvy people who are waiting to enter this new world of crypto-currency. XCOYNZ is a platform of many components, and as its flagship feature, the XCOYNZ Exchange enables the facility for the Individual to set their own fee and exchange Crypto back to fiat directly into their bank accounts in a much quicker way. At XCOYNZ we believe in empowering the Individual and consequently we have decided that the transfer fee of every transaction on our exchange can be chosen by the Individual. A further exciting innovation is the concept of a “Smart Algorithm Wallet (SAW)”. Most people have multiple Cryptocurrencies in various wallets, and based on your wallet holdings, XCOYNZ will incorporate machine learning algorithms, such as suggesting the best possible combination of Cryptocurrency for the transaction (i.e. to pay retailers) to ensure that the lowest network and exchange fees are applied. Various predictive and prescriptive tools will be used to ensure accurate decisions are provided – and of course an override facility will also be available. Together with a Payment Gateway for retailer subscriptions that allows payments using the currency of choice for the consumer, the XCOYNZ platform spearheads the incorporation of these unique elements to facilitate the mass market shift that is in the making and is so inevitable.
Source code
https://github.com/xcoynz/XCZ-Token-Smart_Contract
Disclosure policy
azeem@xcoynz.com
Platform
ETH
Complexity
Low