search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

TRONDapphub Token #227

Closed yuriy77k closed 5 years ago

yuriy77k commented 5 years ago

Audit request

TRONDapphub aims to host 100+ games in 1 Platform by 2020. Currently, we have 60 games available to deploy by Q4 2019. • TRONdapphub.io aims to provide both Mobile and Web Gaming experience to its Users. • TRONdapphub.io mission is to be the Biggest Dapp by Volume and Usage standpoint on Tron Ecosystem by hosting most Popular Traditional PVP Games like Bowling, Billiards, Football, and Casino Games like Dice, Texas Holdem, Black Jack, Baccarat, High Low, Let it Ride, Casino War, Slots, Keno. • Our goal as a team is to create the fairest provability across all our games.

website: Trondapphub.io

https://trondapphub.io/wp/Whitepaper%20TRONDapphub.pdf

Source code

https://github.com/trondapphub/contracts/blob/3cf4e716c3e8cf2e4339657b1fbca51d9c19bc96/TDHtoken.sol

Disclosure policy

trondapphub@gmail.com

Platform

TRX

Number of lines:

111

MrCrambo commented 5 years ago

Auditing time 1 day

yuriy77k commented 5 years ago

@MrCrambo assigned

danbogd commented 5 years ago

Auditing time: 2 days.

yuriy77k commented 5 years ago

@danbogd assigned

danbogd commented 5 years ago

My report is finished.

gorbunovperm commented 5 years ago

Estimated auditing time is 2 days.

yuriy77k commented 5 years ago

@gorbunovperm assigned

gorbunovperm commented 5 years ago

My report is finished.

yuriy77k commented 5 years ago

TRONDapphub security Audit Report

1. Summary

TRONDapphub smart contract security audit report performed by Callisto Security Audit Department

TRONDapphub aims to host 100+ games in 1 Platform by 2020. Currently, we have 60 games available to deploy by Q4 2019.

https://trondapphub.io/

2. In scope

Commit hash: 3cf4e716c3e8cf2e4339657b1fbca51d9c19bc96

  1. TDHtoken.sol

3. Findings

In total, 2 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. Extra checking

Severity: note

Description

There is extra checking in function transferFrom for zero address, because it will be checking in _transfer function.

Code snippet

https://github.com/trondapphub/contracts/blob/3cf4e716c3e8cf2e4339657b1fbca51d9c19bc96/TDHtoken.sol#L106

https://github.com/trondapphub/contracts/blob/3cf4e716c3e8cf2e4339657b1fbca51d9c19bc96/TDHtoken.sol#L117

4. Conclusion

The audited smart contract can be deployed. Only one low severity issue was found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/ce2cca3ff243fb379be63ef9cb1f3f2c

https://gist.github.com/yuriy77k/5dbc7165fc737c95517f6807cc2763e4

https://gist.github.com/yuriy77k/7e1874755c0fbc7a2214e5a19d22471e