Closed Vestcomp closed 3 years ago
@Vestcomp The audit fee is 750 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB
The estimated auditing time - 7 days after payment.
Hi @yuriy77k we can only send DAI or ETH. Dan you accommodate?
Hi @Vestcomp, you may pay with DAI to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb
Confirming the following wallet address to send DAI...Please respond...
0xb9662e592f2f0412be62f0833ca463a9b1aabebb
Confirming the following wallet address to send DAI...Please respond...
0xb9662e592f2f0412be62f0833ca463a9b1aabebb
Yes, I confirm
Thank you. Received
Can you please add bogdanfiedur@gmail.com to all communications? He developed the contracts. Thank you
@yuriy77k can you say if you have seen any serious vulnerabilities so far?
Auditchain smart contract security audit report performed by Callisto Security Audit Department
Commit 54b18eb12fe79941bb90bd057ea847fe0264ad8f
In total, 7 issues were reported, including:
0 high severity issues.
1 medium severity issues.
2 low severity issues.
5 notes.
6 owner privileges.
The DAI token contract has lack of transaction handling mechanism issue. WARNING! This is a very common issue, and it already caused millions of dollars in losses for lots of token users! More details here.
Add the following code to the transfer(_to address, ...)
function:
require( _to != address(this) );
In the modifier isNotLocked
member of contract Locked
the condition hes opposite action as described in comment.
It allows any user to bypass checking _from
and _to
addresses is locked, but only if address _from
has admin role the addresses will be checked.
Add !
(NOT) into condition:
if (!hasRole(DEFAULT_ADMIN_ROLE, _from))
The function burnFrom() member of AuditToken
contract checks isNotLocked(msg.sender, msg.sender)
but by contract logic it seems to be isNotLocked(user, user)
. Please, pay attention to it.
The contract owner has DEFAULT_ADMIN_ROLE
and may assign any role to any wallets.
The role CONTROLLER_ROLE
has following rights in AuditToken, Locked, WhiteList contracts:
Auditchain
tokens to any address; Auditchain
tokens operations;Admin (Operator) of Vesting contract has next rights:
The _operator declared but is unused.
Remove unused variable.
The functions revoke() and reinstate() have isOperator
modifier, but also it require the msg.sender == admin
, that is the same as required in modifier.
Remove duplicated require(msg.sender == admin)
from functions body.
In the function release()
you require releasedAmount <= tokensToSend
, but it should be releasedAmount < tokensToSend
, because if releasedAmount == tokensToSend
than all tokens claimed.
emit
missedIn the function claimStake()
when emit event StakingRewardsReleased the keyword emit
was missed.
An operator may accidentally call a function fundVesting() more than once and transfer more tokens than required for vesting. These tokens will be locked on contract forever.
Add require(!fundingCompleted)
on begging of function.
CREATE (0xf0)
opcode is assigned following this scheme keccak256(rlp([sender, nonce]))
. Therefore you need to use the same address that was originally used at the main chain to deploy the mock contract at a transaction with the nonce
that matches that on the original chain. Example: If you have deployed your main contract with address 0x010101 at your 2021th transaction then you need to increase your nonce of 0x010101 address to 2020 at the chain where your mock contract will be deployed. Then you can deploy your mock contract with your 2021th transaction and it will receive the same address as your mainnet contract.The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.
It is recommended to adhere to the security practices described in pt. 4 of this report in order to ensure the operability of the contract and prevent any issues which are not directly related to the code of this smart-contract.
Audit request
... Briefly describe your smart-contract and its main purposes here ...
WHitelist contract, Sale contract and two vesting contracts https://auditchain.finance/private-sale
Source code
https://github.com/Auditchain/Private-Sale
... Give a link to the source code of contracts ...
Disclosure policy
... Do you want us to publish the report as it is or to notify you privately in case of finding critical mistakes? ...NO
... provide your conditions for publishing the report or leave only standard disclosure policy link ...
Standard disclosure policy.
Contact information (optional)
... Provide information to contact you or the smart contract-developer in case high severity issues will be found ...jm@auditchain.com
... Provide information about the media resources of the project you want us to audit (website/ twitter account/ reddit/ telegram channel/ etc.) ...
Platform
... In which network will your contract be deployed? (EOS/TRX/ETC/ETH/CLO/UBQ/something else ) ...Ethereum