Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

P3C Smart Contract #15

Closed
yuriy77k opened this Issue Aug 15, 2018 · 8 comments

Comments

Projects
None yet
5 participants
@yuriy77k
Copy link
Member

yuriy77k commented Aug 15, 2018

Audit request

P3C is a fork of the P3D contract on Etherueum Classic. The original P3D contract has held over $40 million in Ethereum over a 6 month period, and P3C currently holds around 4500 Ethereum Classic. We believe the attack surface on P3C is actually smaller since we removed all of the administrative functions: - Our live contract: https://etherhub.io/addr/0xdf9aac76b722b08511a4c561607a9bf3afa62e49#tab_addr_3 - P3D live contract: https://etherscan.io/address/0xb3775fb83f7d12a36e0475abdd1fca35c091efbe#code The goal is to create a global rewards system, in which users that use crypto to buy things are given P3C in return like Credit card points that will earn them dividends.

Source code

https://github.com/p3c-bot/p3c-bot.github.io/blob/master/contracts/P3C.sol

Disclosure policy

Email: masterhax@protonmail.com

Platform

Ethereum Classic

@alexo18

This comment has been minimized.

Copy link

alexo18 commented Aug 17, 2018

Auditing time : 7 days

@RideSolo

This comment has been minimized.

Copy link

RideSolo commented Aug 20, 2018

Auditing time: 10 days.

@yuriy77k

This comment has been minimized.

Copy link
Member Author

yuriy77k commented Aug 20, 2018

@alexo18 @RideSolo assigned.

@MrCrambo

This comment has been minimized.

Copy link

MrCrambo commented Aug 21, 2018

Auditing time 8 days.

@yuriy77k

This comment has been minimized.

Copy link
Member Author

yuriy77k commented Aug 21, 2018

@MrCrambo assigned.

@p3c-bot

This comment has been minimized.

Copy link

p3c-bot commented Sep 1, 2018

@yuriy77k

This comment has been minimized.

Copy link
Member Author

yuriy77k commented Sep 2, 2018

P3C Smart Contract security audit report performed by Callisto Security Audit Department

1. Conclusion:

The audit, conducted on P3C contract, concluded that the contract is safe to be used. Graphical analysis and the definition domains of the functions used for conversion (tokens to ether and ether to tokens) showed positive results. However, for better analysis the contract developers should provide the community with a white paper describing every aspect of the contract especial the conversion algorithms.

2. Low severity issues:

2.1. Known Issue of ERC20 Standard

Description

This issue is just a reminder about ERC20 Tokens lack of transaction handling, that can cause tokens loss.
In the case of P3C contract, tokens can be accidentally sent to 0x0 address (no requirement is set to prevent it) or to a contract address not developed with the purpose of handling ERC20 tokens.

Recommendation

Need to check if _toAddress address is not zero address.

require(_toAddress != address(0));

3. Minor observation.

3.1. Fees avoidance.

Description

There is a condition which checks if the purchaser address is not same as the referrer address, but this may be easily bypassed by registering a different account on the same user.

Code snippet

https://github.com/p3c-bot/p3c-bot.github.io/blob/master/contracts/P3C.sol#L536

3.2. Maybe incorrect 'buy price' estimation.

Description

The 'buyPrice' function uses the 'tokensToEthereum_' function as the buy price estimator , but the ''tokensToEthereum_' function may act substantially different from the 'ethereumToTokens_' function in specific circumstances.

Code snippet

https://github.com/p3c-bot/p3c-bot.github.io/blob/master/contracts/P3C.sol#L464

Revealing audit reports:

https://gist.github.com/yuriy77k/4046d684441080fe1b312e631512123e

https://gist.github.com/yuriy77k/e6ce76b130a24906ef551a8d070eb0d4

https://gist.github.com/yuriy77k/873d7db0e3197070fa30eefe04c32d2a

@yuriy77k yuriy77k closed this Sep 2, 2018

@p3c-bot

This comment has been minimized.

Copy link

p3c-bot commented Sep 4, 2018

Thank you everyone who has participated in the audit. We look forward to working with the Callisto community further to grow the P3C economy. The goal of P3C is to provide a sustainable way to support open-source projects through our sponsorship program. Right now you can only sponsor P3C, but our goal is to expand this to many open-source project.

Since this report is concluded, we believe it is ethically fair to offer all of the auditors : @yuriy77k @RideSolo @alexo18 @MrCrambo a tip in P3C , please come by our Discord - https://discord.gg/crjsdJr

Once again, Thank you for your time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.