search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

XSZH Token #498

Closed tokenxszh closed 3 years ago

tokenxszh commented 3 years ago

Audit request

Project introduction XSZH is a decentralized Extra Strong Zero Hora game platform token supported by the Huobi ecological chain. It is also truly applied to online games and solves the problems of high fees and low trust in games. In fact, games are the most important vertical application field of smart contract technology. XSZH introduces blockchain technology into the game field.  

Source code

https://hecoinfo.com/address/0x53d97ADC423D49813dC874D9D4EB1fD8D8c703EE#code

Disclosure policy

notify privately. leave only standard disclosure policy link.

Platform

HECO

yuriy77k commented 3 years ago

@tokenxszh The audit fee is 601 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 4 days after payment.

tokenxszh commented 3 years ago

Paid

Yuriy @.***> 于2021年5月10日周一 下午8:28写道:

@tokenxszh https://github.com/tokenxszh The audit fee is 601 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 4 days after payment.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/EthereumCommonwealth/Auditing/issues/498#issuecomment-836637095, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUAFRY2UKT6N36H4LKQOXKLTM7GQVANCNFSM44PAXVHA .

tokenxszh commented 3 years ago

When will the audit report come out?

yuriy77k commented 3 years ago

XSZH Token Security Audit Report

1. Summary

XSZH Token smart contract security audit report performed by Callisto Security Audit Department

XSZH is a decentralized Extra Strong Zero Hora game platform token supported by the Huobi ecological chain. It is also truly applied to online games and solves the problems of high fees and low trust in games. In fact, games are the most important vertical application field of smart contract technology. XSZH introduces blockchain technology into the game field.  

2. In scope

https://hecoinfo.com/address/0x53d97ADC423D49813dC874D9D4EB1fD8D8c703EE#code

3. Findings

In total, 1 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

tokenxszh commented 3 years ago

Can the audit report you can publish here be in pdf format?

yuriy77k commented 3 years ago

attached pdf version of report HECO_XSZH_report.pdf