search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
131 stars 34 forks source link

Quarashi Network #525

Closed quarashinetwork closed 3 years ago

quarashinetwork commented 3 years ago

Audit request

Hello Callisto, we need a contract audit, it's for the utility token from Quarashi Platform, it's also verified in the Etherscan Network.

Source code

https://etherscan.io/address/0x0aff88b4cf3015c9c17f1da1fccb88c632f3505e#code

Disclosure policy

... Do you want us to publish the report as it is or to notify you privately in case of finding critical mistakes? Notify me

... provide your conditions for publishing the report or leave only standard disclosure policy link ...

Standard disclosure policy.

Contact information (optional) email : contact@quarashi.network

... Provide information to contact you or the smart contract-developer in case high severity issues will be found ...

... Provide information about the media resources of the project you want us to audit (website/ twitter account/ reddit/ telegram channel/ etc.) https://quarashi.network https://t.me/quarashinetworkofficial https://twitter.com/QuarashiN/media

Platform

... In which network will your contract be deployed? (EOS/TRX/ETC/ETH/CLO/UBQ/something else ) ETH

yuriy77k commented 3 years ago

@quarashinetwork The audit fee is 685 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 7 days after payment.

yuriy77k commented 3 years ago

Quarashi Network Security Audit Report

1. Summary

Quarashi Network smart contract security audit report performed by Callisto Security Audit Department

2. In scope

https://etherscan.io/address/0x0aff88b4cf3015c9c17f1da1fccb88c632f3505e#code

3. Findings

In total, 3 issues were reported including:

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. High gas consumption

Severity: low

Description

The functions freezingCount(), getFreezing(), freezeTo(), releaseAll() use lops of indefinite length and can use a lot of gas.

Recommendation

Try to rebuild functions logic to avoid long loops in functions.

3.3. Owner privileges

Severity: owner privileges

Description

Contract owner has right:

  1. Mint any amount of tokens to any address
  2. Pause/unpause tokens transfer.

4. Security practices

5. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

It is recommended to adhere to the security practices described in pt. 4 of this report in order to ensure the operability of the contract and prevent any issues which are not directly related to the code of this smart-contract.

yuriy77k commented 3 years ago

Please find below the links of the blog post and our twitter publications:

Blog post: https://callisto.network/quarashi-network-security-audit/

Twitter: https://twitter.com/Callisto_Audits/status/1412109230555926529

Twitter FR: https://twitter.com/CallistoNetFr/status/1412109587969421313

Twitter RU: https://twitter.com/CallistoNetRu/status/1412109712653492225