search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

Pika Crypto #490

Closed yuriy77k closed 3 years ago

yuriy77k commented 3 years ago

Audit request

The Pika Token has primitive tokenomics designed to sustain organic growth with a few unique characteristics.

Source code

https://github.com/pikacryptogit/pikacrypto-token

Disclosure policy

notify privately in case of finding critical mistakes

Standard disclosure policy.

Contact information (optional)

... Provide information to contact you or the smart contract-developer in case high severity issues will be found ...

... Provide information about the media resources of the project you want us to audit (website/ twitter account/ reddit/ telegram channel/ etc.) ...

Platform

ETH

yuriy77k commented 3 years ago

The audit fee is 1208 USDT, estimation time: 4 working days after payment. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb

yuriy77k commented 3 years ago

Pika Crypto Security Audit Report

1. Summary

Pika Crypto smart contract security audit report performed by Callisto Security Audit Department

The Pika Token has primitive tokenomics designed to sustain organic growth with a few unique characteristics.

Website: https://pikacrypto.com/
Coin Market Cap: https://coinmarketcap.com/currencies/pika/
Coin Gecko: http://coingecko.com/en/coins/pika
Telegram: https://t.me/Pikatokenofficial
Discord: https://discord.gg/VZRGnTAZWt
Twitter: https://twitter.com/pika_token?lang=en
Reddit: https://www.reddit.com/r/PIKAOFFICIAL/

2. In scope

https://etherscan.io/address/0x075fbc0a804de702bfda4d8e29834c763ffef1c3#code

3. Findings

In total, 3 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

3.2. ERC20 compliant - no Transfer event on initial token creation

Severity: low

Description

Following ERC20 standard:

A token contract which creates new tokens SHOULD trigger a Transfer event with the _from address set to 0x0 when tokens are created.

But in the constructor (lines 539-541) where 50 trillion tokens are created and assigned to owner the Transfer event was not emitted.

3.3. The owner can exchange old Pika tokens to current Pika unlimited times

Severity: owner privileges

Description

Using function extractOldPIKA() (lines 486-489) owner can withdraw already exchanged old Pika tokens and then, using function exchnagePika() (lines 454-484) exchange it again to new Pika tokens. It can be repeated unlimited times until drain Pika tokens reserve.

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

Users have to pay attention to assigning the entire TotalSupply (50 trillion tokens) to the owner account and the owner can withdraw old and new Pika tokens from the contract address (reserve).