Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nexo #285

Closed
MillianoConti opened this issue Jun 11, 2019 · 11 comments
Closed

Nexo #285

MillianoConti opened this issue Jun 11, 2019 · 11 comments
Labels
approved Low priority (DEPRECATED) solidity

Comments

@MillianoConti
Copy link

@MillianoConti MillianoConti commented Jun 11, 2019
edited by yuriy77k
Loading

Audit request

Nexo is the most advanced and trusted instant crypto lending provider on a global scale, servicing 40+ currencies across more than 200 jurisdictions.
https://nexo.io/

Source code

https://github.com/nexofinance/NEXO-Token/blob/master/contracts/NexoToken.sol

Disclosure policy

info@nexo.io

Platform

Eth

Number of lines:

164
@MrCrambo
Copy link

@MrCrambo MrCrambo commented Jun 16, 2019

Auditing time 1 day

Loading

@yuriy77k
Copy link
Member

@yuriy77k yuriy77k commented Jun 16, 2019

@MrCrambo assigned

Loading

@RideSolo
Copy link

@RideSolo RideSolo commented Jun 16, 2019

Auditing time: 1 day

Loading

@yuriy77k
Copy link
Member

@yuriy77k yuriy77k commented Jun 17, 2019

@RideSolo assigned

Loading

@danbogd
Copy link

@danbogd danbogd commented Jun 18, 2019

Auditing time: 1 day.

Loading

@yuriy77k
Copy link
Member

@yuriy77k yuriy77k commented Jun 18, 2019

@danbogd assigned

Loading

@danbogd
Copy link

@danbogd danbogd commented Jun 18, 2019

Audit paused.

Loading

@danbogd
Copy link

@danbogd danbogd commented Jun 19, 2019

My report is finished.

Loading

@MrCrambo
Copy link

@MrCrambo MrCrambo commented Jun 19, 2019

My report is finished

Loading

@yuriy77k
Copy link
Member

@yuriy77k yuriy77k commented Jun 19, 2019

Nexo Security Audit Report

1. Summary

Nexo smart contract security audit report performed by Callisto Security Audit Department

2. In scope

Сommit hash 3571169b3365adfc92c5bd743cc75b5184a2172a.

3. Findings

In total, 3 issues were reported including:

  • 1 low severity issues.

  • 1 notes.

  • 1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

It is possible to double withdrawal attack. More details here.

3.2. Owner Privileges

Severity: owner previliges

Description

Owner allows himself to call transferFrom function from investors, community and advisers address, so there is risk to investors, that owner will transfer this tokens to another address.

Code snippet

https://github.com/nexofinance/NEXO-Token/blob/master/contracts/NexoToken.sol#L103

3.3. Address is not correct.

Severity: note

Description

Don't forget to change addresses before deploy contract.

Code snippet

https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L31

https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L42

https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L57

https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L75

https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L92

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/2bf5ef25e14b3c8fe974092f082e73ef

https://gist.github.com/yuriy77k/35cb280c011e56ae697b72d5dd0c379e

https://gist.github.com/yuriy77k/c8775b71c10309e21c343bd1400f965c

Loading

@yuriy77k yuriy77k closed this Jun 20, 2019
@MillianoConti
Copy link
Author

@MillianoConti MillianoConti commented Jun 22, 2019

Announced:https://www.reddit.com/r/Nexo/comments/c3naxw/audit_of_nexo_token_performed_by_callisto_network/

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved Low priority (DEPRECATED) solidity
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
@MrCrambo @danbogd @RideSolo @yuriy77k @MillianoConti