Genesis Vision

[MillianoConti]

Audit request

Genesis Vision is a decentralized asset management platform built on blockchain technology. https://genesis.vision/

Source code

https://github.com/GenesisVision/platform-contracts/tree/master/contracts

Disclosure policy

support@genesis.vision

Platform

ETH

Number of lines:

149

[gorbunovperm]

Estimated auditing time is 1 day.

[yuriy77k]

@gorbunovperm assigned

[MrCrambo]

Auditing time 1 day

[gorbunovperm]

My report is finished.

[danbogd]

Auditing time: 2 days.

[danbogd]

My report is finished.

[yuriy77k]

@MrCrambo @danbogd assigned

[yuriy77k]

Genesis Vision Security Audit Report

1. Summary

Genesis Vision smart contract security audit report performed by Callisto Security Audit Department

2. In scope

Commit hash 4eca90915580f209e86db8270c4f53d6e645712b.

• Models.sol.
• GenesisVisionPlatform.sol.
• ManagerToken.sol.
• Migrations.sol.
• TradingHistoryStorage.sol.

3. Findings

In total, 6 issues were reported including:

• 3 low severity issues.

• 2 notes.

• 1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here.

2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. Raise total supply

Severity: owner privileges

Description

Contract owner allow himself to raise TotalSupply and he will get added amount.

Code snippet

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/ManagerToken.sol#L30

3.3. Required check for an 0x0 address

Severity: low

Description

It is possible to remain out of contract control by accidentally calling function without parameter.

Code snippet

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/GenesisVisionPlatform.sol#L39

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/TradingHistoryStorage.sol#L30

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/GenesisVisionPlatform.sol#L85

3.4. Discrepancy with the ERC20 standard

Severity: note

Description

In ManagerToken.sol, according to the ERC20 standard, the variable decimals should be declared as uint8.

Code snippet

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/ManagerToken.sol#L10

3.5. Missing event call.

Severity: low

Description

According to ERC20 standard, when initializing a token contract if any token value is set to any given address a transfer event should be emitted.

Code snippet

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/ManagerToken.sol#L26

3.6. Overflow

Severity: notes

Description

In the ManagerToken.sol, the developers didn't use SafeMath to prevent overflow by the owner.

Code snippet

https://github.com/GenesisVision/platform-contracts/blob/4eca90915580f209e86db8270c4f53d6e645712b/contracts/ManagerToken.sol#L29

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/113a182dbe2742936d548b8217d59482

https://gist.github.com/yuriy77k/f51540e6dd89019c991c85fbe829163d

https://gist.github.com/yuriy77k/3be27844e8b3a408b16454926db88c08

[MillianoConti]

Announced:https://www.reddit.com/r/genesisvision/comments/c3nk3f/audit_of_genesis_vision_performed_by_callisto/