Closed sectorius closed 3 years ago
@sectorius the audit fee is 684 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB
The estimated auditing time - 5 days after payment.
Hello, Yuriy! I'm ready to pay audit. Is address still correct? Regards, Vadim понедельник, 13 сентября 2021г., 12:19 +03:00 от Yuriy @.*** :
@.*** the audit fee is 684 USDT.
You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB The estimated auditing time - 5 days after payment. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub , or unsubscribe . Triage notifications on the go with GitHub Mobile for iOS or Android .
@sectorius yes, the address is correct
I payed the audit.
@yuriy77k
@sectorius thank you. received.
The report was send to email.
@yuriy77k We have updated issues that you mentioned. Could you please check them?
Sector Token smart contract security audit report performed by Callisto Security Audit Department
Smart contracts for sector investment platform
Commit f7187e930d8442f942aa9186905c8330c1efdfa0
In total, 1 issues were reported, including:
0 high severity issues.
1 medium severity issues.
0 low severity issues.
In total, 0 notes were reported, including:
0 notes.
0 owner privileges.
Solidity does not support float point numbers. Therefore in the function endICO if you pass in argument _allocToken
1000 tokens and phase.totalDeposit
is 1001 tokens then tokenPerWEI = _allocToken / phase.totalDeposit = 0
.
In calculation tokenPerWEI should be used nominator to avoid loosing accuracy.
phase.tokenPerWEI = phase.allocToken.mul(1e18).div(phase.totalDeposit);
And when you use phase.tokenPerWEI
in claim functions you have to use denominator:
uint256 reward = phase.tokenPerWEI.mul(user.amount).div(1e18);
CREATE (0xf0)
opcode is assigned following this scheme keccak256(rlp([sender, nonce]))
. Therefore you need to use the same address that was originally used at the main chain to deploy the mock contract at a transaction with the nonce
that matches that on the original chain. Example: If you have deployed your main contract with address 0x010101 at your 2021th transaction then you need to increase your nonce of 0x010101 address to 2020 at the chain where your mock contract will be deployed. Then you can deploy your mock contract with your 2021th transaction, and it will receive the same address as your mainnet contract.The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.
It is recommended to adhere to the security practices described in pt. 4 of this report to ensure the contract's operability and prevent any issues that are not directly related to the code of this smart contract.
@yuriy77k we have updated our files with your remarks.
Sector Token smart contract security audit report performed by Callisto Security Audit Department
Smart contracts for sector investment platform
Commit 249459779d96f8db1a37a4174a7c0e14712caf29
In total, 0 issues were reported, including:
0 high severity issues.
0 medium severity issues.
0 low severity issues.
In total, 0 notes were reported, including:
0 notes.
0 owner privileges.
CREATE (0xf0)
opcode is assigned following this scheme keccak256(rlp([sender, nonce]))
. Therefore you need to use the same address that was originally used at the main chain to deploy the mock contract at a transaction with the nonce
that matches that on the original chain. Example: If you have deployed your main contract with address 0x010101 at your 2021th transaction then you need to increase your nonce of 0x010101 address to 2020 at the chain where your mock contract will be deployed. Then you can deploy your mock contract with your 2021th transaction, and it will receive the same address as your mainnet contract.The audited smart contract can be deployed. No security issues were found during the audit.
It is recommended to adhere to the security practices described in pt. 4 of this report to ensure the contract's operability and prevent any issues that are not directly related to the code of this smart contract.
Audit request
Smart contracts for sector investment platform
Source code
https://github.com/sectorius/sector-contracts/tree/main/contracts
SECICO5.sol, SecToken4.sol
Disclosure policy
Standard disclosure policy.
Contact information (optional)
Mail : vadimgolenkov@mail.ru
Platform
BSC