-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lucky Strike v3 #219
Comments
Hello, @yuriy77k ! Could you please read our reply on previous audit and check latest version of contract with fixes to confirm that everything is fine. Thank you! |
Auditing time 3 days |
Auditing time: 3 days |
Estimated auditing time is 3 days. |
@gorbunovperm assigned |
My report is finished. |
1 similar comment
My report is finished. |
Lucky Strike v3 Security Audit Report1. SummaryLucky Strike v3 smart contract security audit report performed by Callisto Security Audit Department 2. In scope3. FindingsIn total, 3 issues were reported including:
No critical security issues were found. 3.1. It is possible to use Ahead of The Curve strategySeverity: mediumDescriptionFormula of the random calculation is: bytes32 seed = keccak256(
block.blockhash(lastInstantGameBlockNumber[player])
);
uint256 randomNumber = uint256(seed) % ticketsInTheInstantGame; The result of the player's fight with the King of the hill is known immediately after the player has placed a bet. But the result will be applied only after calling the
Code snippetRecommendationThere should not be a gap between reliable information that someone won between the fact of this. A good solution would be to play all the instant games in the first block after the any bet. Even if there were several bets in one block, they all need to be played at the first next appeal to the contract. 3.2. Possibility of minting more than hardCapSeverity: noteDescriptionFunction Code snippetRecommendationYou should check 3.3. Owner PrivilegesSeverity: owner privilegesDescription
Code snippet4. ConclusionThe audited smart contract must not be deployed. Medium severity issue must be fixed prior to the usage of this contract. 5. Revealing audit reportshttps://gist.github.com/yuriy77k/499ce0873c5827863c85ec75aded02cc https://gist.github.com/yuriy77k/7272da582aff4271a908ca106ef9086d https://gist.github.com/yuriy77k/e4b4e4f96d65e67683fcf76ba1967ff6 |
Audit request
Lucky Strike, based fully in Ethereum smart-contract, is bringing the core philosophy of blockchain to the gambling industry – enhancing it with an ICO model we’re calling ‘Bet & Own.’
Source code
https://ropsten.etherscan.io/address/0x78c32ffb7d209457a75e6c25854f19de58d64a4b#code (game contract)
https://ropsten.etherscan.io/address/0xfd9f46d87625f1f8ee06fdb7f5e93c745005aae2#code (tokens contract)
Disclosure policy
You can write about any issues directly in the comments.
Platform
ETH
Previous audit
#152 (comment)
Release notes
Changes after previous audit:
Number of lines:
1618 * 0.5 (reaudit coeficient) = 809
The text was updated successfully, but these errors were encountered: