-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AMO Project #162
Comments
@MillianoConti I have no response from support@amo.foundation |
publish the audit results publicly
…Пятница, 1 марта 2019, 16:23 +03:00 от Yuriy ***@***.***>:
@MillianoConti I have no response from ***@***.***
Please, check email.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub , or mute the thread .
|
Callisto Network provides security audits free of charge for smart-contract developers and development teams. And by our disclosure policy, we need to inform developers about found issues. Therefore we have to contact with them. As far as we didn't receive confirmation from smart contract developer team, the request should be closed. |
Auditing time 2 days |
@MrCrambo assigned |
Auditing time 5 days. |
@danbogd assigned |
Auditing time: 3 days. |
@RideSolo assigned |
My report is finished. |
AMO Project Security Audit Report1. SummaryAMO Project smart contract security audit report performed by Callisto Security Audit Department 2. In scope
3. FindingsIn total, 7 issues were reported including:
No critical security issues were found. 3.1. Multiple Token TransfersSeverity: mediumDescriptionWhen Code snippethttps://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoinSale.sol#L463#L476 https://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoinSale.sol#L400#L407 3.2. Multiple Token AllocationSeverity: notesDescriptionIf Multiple allocations are made to Code snippethttps://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoinSale.sol#L400#L407 3.3. Owner PrivilegesSeverity: Owner privilegeDescription
3.4. Zero addressSeverity: notesDescriptionThere is possibility of setting zero address as admin in function Code snippethttps://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoin.sol#L85 https://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoin.sol#L101 3.5. Modifier will block correct workingSeverity: lowDescriptionThe modifier Code snippethttps://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoin.sol#L67 https://github.com/AMO-Project/AMO-Contracts/blob/master/contracts/AMOCoin.sol#L101 3.6. Known vulnerability of ERC-20 tokenSeverity: lowDescriptionIt is possible to double withdrawal attack. More details here. 4. ConclusionThe audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract. 5. Revealing audit reportshttps://gist.github.com/yuriy77k/2fc552fd10cb2f77139068f29cfdedb5 https://gist.github.com/yuriy77k/618cb51beedeebb119dd37991a77238f https://gist.github.com/yuriy77k/23b820cc0dbcced4d173dcbd105b9464 |
Audit request
AMO a security solution for connected cars, autonomous vehicles, and smart cars.
Source code
https://github.com/AMO-Project/AMO-Contracts/tree/master/contracts
Disclosure policy
support@amo.foundation
Platform
ETH
Number of lines:
399
The text was updated successfully, but these errors were encountered: