MrCrambo
commented
5 years ago Auditing time 1 day
Closed carlossampol closed 5 years ago
MrCrambo
commented
5 years ago Auditing time 1 day
yuriy77k
commented
5 years ago @MrCrambo assigned
MrCrambo
commented
5 years ago My report is finished
danbogd
commented
5 years ago Auditing time: 1 day.
yuriy77k
commented
5 years ago @danbogd assigned
danbogd
commented
5 years ago My report is finished.
gorbunovperm
commented
5 years ago Estimated auditing time is 1 day.
gorbunovperm
commented
5 years ago My report is finished.
yuriy77k
commented
5 years ago @gorbunovperm assigned
yuriy77k
commented
5 years ago Darb Finance smart contract security audit report performed by Callisto Security Audit Department
Darb Finance is a trading platform with it's own infernal economy based on DARB Tokens. If other information is required, please send me a message - I will gladly complete the application for missing information
In total, 8 issues were reported including:
1 medium severity issues.
4 low severity issues.
1 notes.
2 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
No critical security issues were found.
It is possible to double withdrawal attack. More details here.
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
EIP20 says that:
Transfers of 0 values MUST be treated as normal transfers and fire the Transfer event. But in this contract, function
transferhas a condition:if (tokens <= 0) revert();
The contract owner allowed to block transfer functions(transfer, transferFrom, approve).
According to ERC20 standard when coins are minted(or burned) a Transfer event should be emitted.
mintFromTraded function allows the owner to mint as many coins as he wants at any time without any restrictions.
The mintFromTraded() includes not safe math operations as a result overflowing is possible. This can happen for example by mistake. The consequences will be a different value of the real emission and the totalSupply() value.
An example:
mintFromTraded(1111).
totalSupply() = 9026875000;
balances[owner] = 9026875000;transfer(some_address, 9026875000).
totalSupply() = 9026875000;
balances[owner] = 0;
balances[some_address] = 9026875000;mintFromTraded(14251334059977377898285659693376973274248613497309607881779394954818968).
totalSupply() = 12235064; // !!!
balances[owner] = 14251334059977377898285659693376973274248613497309607881779394954818968;
balances[some_address] = 9026875000;Use SafeMath library for calculation toMint value.
There is no zero address checking in function transferFrom.
An anybody, who send Ether to contract address may lose it because of no payment processing in contract code.
Line: 155.
function() external payable {}The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.
https://gist.github.com/yuriy77k/e5e5b1bb1b8cdcc0c4b5d21a2255bc8a
https://gist.github.com/yuriy77k/949fbb026932c8a29f39ab0a84c39ba8
https://gist.github.com/yuriy77k/10bb447e3c1f662cebb8d02734803971
Audit request
Darb Finance (https://darbfinance.com) is a trading platform with it's own infernal economy based on DARB Tokens. If other information is required, please send me a message - I will gladly complete the application for missing information
Source code
https://etherscan.io/address/0xc224dfe42a5332a497334fadb8fed7e7aa4bdf13#contracts
Disclosure policy
jakub.burdajewicz@coinfoundation.io
Platform
Ethereum
Number of lines:
127