search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

ZilliqaToken #197

Closed yuriy77k closed 5 years ago

yuriy77k commented 5 years ago

Audit request

Audit Top 200 CoinMarketCap tokens.

Zilliqa ZIL
Circulating Supply 8 750 823 775
Total Supply 12 599 999 804

Deployed at https://etherscan.io/address/0x05f4a42e251f2d52b8ed15e9fedaacfcef1fad27#code

Zilliqa (ZIL)
https://www.zilliqa.com/

Source code

https://gist.github.com/yuriy77k/cd476ddc9a1c1685dc39e399fcd08b3e

Disclosure policy

Public

Platform

ETH

Number of lines

192

RideSolo commented 5 years ago

Estimated audit time: 1 day.

yuriy77k commented 5 years ago

@RideSolo assigned

danbogd commented 5 years ago

Auditing time: ~ 2 days.

gorbunovperm commented 5 years ago

Estimated auditing time is 1 day.

danbogd commented 5 years ago

My report is finished.

yuriy77k commented 5 years ago

@gorbunovperm @danbogd assigned

gorbunovperm commented 5 years ago

My report is finished.

yuriy77k commented 5 years ago

Security Audit Report

1. Summary

Zilliqa Token smart contract security audit report performed by Callisto Security Audit Department

Token desription:

Symbol      : ZIL
Name        : Zilliqa
Total supply: To be set in the construction phase
Decimals    : 12
Standard    : ERC20

2. In scope

3. Findings

In total, 3 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. Transfer Admin to zero address.

Severity: low

Description

Possibility of setting zero address as newAdnin at changeAdmin function.

Code snippet

Recommendation

Need to check if newOwner address is not zero address.

require( newAdmin != address(0) );

3.3. Owner Privileges

Severity: low

Description

The contract owner allow himself:

The contract is managed manually by the owner which is not good for investors.

Code snippet

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/8a4e69ad1ae46a818982b0dbc5627a1a

https://gist.github.com/yuriy77k/4b4dbfbd3ce5ba84eb0b7364dd608c74

https://gist.github.com/yuriy77k/7facb589523c03d64f09be1ba8b11614

MillianoConti commented 5 years ago

Reddit announcement