search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

ChainLink Token (LINK) #210

Closed yuriy77k closed 5 years ago

yuriy77k commented 5 years ago

Audit request

Audit Top 200 CoinMarketCap tokens.

ChainLink Token (LINK)

Deployed at https://etherscan.io/address/0x514910771af9ca656af840dff83e8264ecf986ca#code

Source code

https://gist.github.com/yuriy77k/c3a70d212a7f9ecda715252e45073158

Disclosure policy

Public

Platform

ETH

Number of lines:

160

MrCrambo commented 5 years ago

Auditing time 1 day.

yuriy77k commented 5 years ago

@MrCrambo assigned

sarathi16 commented 5 years ago

Auditing time : 1 day

RideSolo commented 5 years ago

Auditing time: 1 day

danbogd commented 5 years ago

Auditing time: 1 day.

yuriy77k commented 5 years ago

@sarathi16 @RideSolo assigned

yuriy77k commented 5 years ago

@danbogd Not assigned. There are enough auditors.

yuriy77k commented 5 years ago

Security Audit Report

1. Summary

ChainLink Token smart contract security audit report performed by Callisto Security Audit Department

Token description:

Symbol      : LINK
Name        : ChainLink Token
Total supply: 1,000,000,000
Decimals    : 18 
Standard    : ERC677

2. In scope

3. Findings

In total, 2 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. No zero address checking

Severity: low

Description

In functions transfer(Line 81) and transferFrom(Line 118) there are no zero address checking.

Code snippet

https://gist.github.com/yuriy77k/c3a70d212a7f9ecda715252e45073158#file-linktoken-sol-L81

https://gist.github.com/yuriy77k/c3a70d212a7f9ecda715252e45073158#file-linktoken-sol-L118

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/18f0b9562bfba4210550f251d91fe2ca

https://gist.github.com/yuriy77k/6ea910cccecf1c44f93b0551a474db51

https://gist.github.com/yuriy77k/6a6833c14f6a688eb142a00fd50630d9

MillianoConti commented 5 years ago

Reddit announcement