Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VCP Coin #257

Closed
yuriy77k opened this issue May 23, 2019 · 7 comments
Closed

VCP Coin #257

yuriy77k opened this issue May 23, 2019 · 7 comments
Labels
approved Auditors can begin to audit this smart contract. Low priority (DEPRECATED) DEPRECATED: Use priority -1 or priority -2 to decrease the priority of a contract audit. solidity Smart-contract is written in solidity (Ethereum) language.

Comments

@yuriy77k
Copy link
Contributor

Audit request

VCP Coin (VCP)
This contract creates a million token and will be used in a foundation

Source code

https://etherscan.io/address/0x9b7922f5c51b43b59ea666ed77191c4cdbfca72f#code

Disclosure policy

patosofty@hotmail.com

Platform

ETH

Number of lines:

108
@yuriy77k yuriy77k added approved Auditors can begin to audit this smart contract. Low priority (DEPRECATED) DEPRECATED: Use priority -1 or priority -2 to decrease the priority of a contract audit. solidity Smart-contract is written in solidity (Ethereum) language. labels May 23, 2019
@MrCrambo
Copy link

Auditing time 1 day

@yuriy77k
Copy link
Contributor Author

@MrCrambo assigned

@RideSolo
Copy link

auditing time 1 day.

@danbogd
Copy link

danbogd commented May 23, 2019

Auditing time 1 day.

@danbogd
Copy link

danbogd commented May 23, 2019

My report is finished.

@yuriy77k
Copy link
Contributor Author

@RideSolo @danbogd assigned

@yuriy77k
Copy link
Contributor Author

VCP Token Security Audit Report

1. Summary

VCP Token smart contract security audit report performed by Callisto Security Audit Department

Symbol      : VCP
Name        : VCP Coin
Total supply: 1,000,000
Decimals    : 18 
Standard    : ERC20

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 2 low severity issues.

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.1. Transfer to address(0)

Severity: low

Description

Token transfers to address(0) are allowed by transfer and transferFrom functions. They are used as basic burn mechanism, however users might by mistake send tokens to 0x0 address and lose their tokens.

Code snippet

    function totalSupply() public constant returns (uint) {
        return _totalSupply  - balances[address(0)];
    }

    function transfer(address to, uint tokens) public returns (bool success) {
        balances[msg.sender] = safeSub(balances[msg.sender], tokens);
        balances[to] = safeAdd(balances[to], tokens);
        emit Transfer(msg.sender, to, tokens);
        return true;
    }

    function transferFrom(address from, address to, uint tokens) public returns (bool success) {
        balances[from] = safeSub(balances[from], tokens);
        allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);
        balances[to] = safeAdd(balances[to], tokens);
        emit Transfer(from, to, tokens);
        return true;
    }

Recommendation

Do not allow transfers to 0x0 address and implement a burn function for better event handling and to avoiding token loss.

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/2ccffd005f727f172e6b879ab9565f05

https://gist.github.com/yuriy77k/a944cbbffe7d1728eb0df95a56abe164

https://gist.github.com/yuriy77k/a2a7861fe80ec3998379aee697a876ae

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved Auditors can begin to audit this smart contract. Low priority (DEPRECATED) DEPRECATED: Use priority -1 or priority -2 to decrease the priority of a contract audit. solidity Smart-contract is written in solidity (Ethereum) language.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MrCrambo @danbogd @RideSolo @yuriy77k