Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0xBTC Smart Contract #102

Closed
admazzola opened this issue Nov 10, 2018 · 8 comments

Comments

@admazzola
Copy link

@admazzola admazzola commented Nov 10, 2018

Audit request

0xBTC is the first Pure Mined PoW Token for the Ethereum Mainnet. It was developed by Infernal_Toast in February 2018 and readapted by the 'Bitcoin Classic Token' team at a later time to incorporate into Ethereum Classic.

Please note that while there is an owner, the owner can only withdraw tokens that have been explicitly transferred to the contract address. This is to recover funds accidentally sent into the contract and the contract owner can be burned using a standard ownership burn contract.

Source code

https://github.com/0xbitcoin/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol

Disclosure policy

Please publish. admin@0xbitcoin.org

Platform

ETH

Complexity

Low

@MrCrambo

This comment has been minimized.

Copy link

@MrCrambo MrCrambo commented Nov 26, 2018

auditing time 1 day

@yuriy77k

This comment has been minimized.

Copy link
Member

@yuriy77k yuriy77k commented Nov 26, 2018

@MrCrambo assigned

@RideSolo

This comment has been minimized.

Copy link

@RideSolo RideSolo commented Nov 30, 2018

Auditing time: 1 day

@yuriy77k

This comment has been minimized.

Copy link
Member

@yuriy77k yuriy77k commented Nov 30, 2018

@RideSolo assigned

@danbogd

This comment has been minimized.

Copy link

@danbogd danbogd commented Dec 9, 2018

Auditing time:~ 2 days.

@yuriy77k

This comment has been minimized.

Copy link
Member

@yuriy77k yuriy77k commented Dec 9, 2018

@danbogd assigned

@danbogd

This comment has been minimized.

Copy link

@danbogd danbogd commented Dec 13, 2018

My report is finished.

@yuriy77k

This comment has been minimized.

Copy link
Member

@yuriy77k yuriy77k commented Dec 14, 2018

1. Summary

0xBTC smart contract security audit report performed by Callisto Security Audit Department

0xBTC is the first Pure Mined PoW Token for the Ethereum Mainnet. It was developed by Infernal_Toast in February 2018 and readapted by the 'Bitcoin Classic Token' team at a later time to incorporate into Ethereum Classic.

Please note that while there is an owner, the owner can only withdraw tokens that have been explicitly transferred to the contract address. This is to recover funds accidentally sent into the contract and the contract owner can be burned using a standard ownership burn contract.

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 2 low severity issues.

No critical security issues were found.

3.1. Transfer to Address 0x0 and Burn Mechanism

Severity: low

Description

Transfer to address zero in the audited contract is used as basic burn mechanism (check totalSupply, balances[address(0)] is deducted from the total supply), this mechanism open the doors also for sending tokens by mistake to address 0x0.

Code snippet

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L488

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L520

https://github.com/RideSolo/0xbitcoin-token/blob/master/contracts/_0xBitcoinToken.sol#L580

3.2. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

4. Conclusion

The contract logic has been audited, the results confirm that the mining process of the token is safe and coherent with the white paper.
The audited contract is safe to be deployed.

5. Revealing audit reports

https://gist.github.com/yuriy77k/bbe004836e44b56b7663c8e3350c5d86

https://gist.github.com/yuriy77k/8cacfd5523627493fd74f308d909d43b

https://gist.github.com/yuriy77k/b8380047f1f6d4da86d121c2d854537d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.