Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lucky Strike v7 #352

Closed
luckystrikeico opened this issue Jul 25, 2019 · 12 comments

Comments

@luckystrikeico
Copy link

commented Jul 25, 2019

Audit request

Lucky Strike, based fully in Ethereum smart-contract, is bringing the core philosophy of blockchain to the gambling industry – enhancing it with an ICO model we’re calling ‘Bet & Own.’

Source code

game

tokens

Disclosure policy

You can write about any issues directly in the comments.

Platform

ETH

Previous audit

#332

Changes after previous audit

  • 3.1. An attacker can block the contract: recommendation implemented
    see line 1777

  • 3.2. Truncated Value (Invest & Play): Fixed. Lines: 1851-1857

  • 3.3. Sum Validation: This variable was used in event 'SumAllocatedInWei', see line 1672

  • 3.4. Owner Privileges: won't fix, done intentionally

  • 3.5. No event call: fixed
    See lines: 155-165, 369

Release notes:

Jackpot winnings are no longer paid instantly. The winner must call the appropriate contract method.

Number of lines:

845 (1690 * 0.5 coeficient for reaudit #332 (comment))

@luckystrikeico luckystrikeico changed the title Lucky Strike v7 Lucky Strike v7.1 Jul 26, 2019

@luckystrikeico luckystrikeico changed the title Lucky Strike v7.1 Lucky Strike v7 Jul 27, 2019

@yuriy77k yuriy77k added the solidity label Jul 27, 2019

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 27, 2019

@luckystrikeico Please, send 0,0839 BTC (845 USD) to 3QuFHJ6uBGMoHMwd749tAYQNJ25yVt85Hf address.

@MrCrambo

This comment has been minimized.

Copy link

commented Jul 27, 2019

Auditing time 2 days

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 27, 2019

@MrCrambo assigned.

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 27, 2019

@RideSolo, @gorbunovperm please, make this audit for 2 days.

@gorbunovperm

This comment has been minimized.

Copy link

commented Jul 28, 2019

Estimated auditing time is 2 days.

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 28, 2019

@gorbunovperm assigned

@RideSolo

This comment has been minimized.

Copy link

commented Jul 28, 2019

auditing time: 1 day.

@MrCrambo

This comment has been minimized.

Copy link

commented Jul 28, 2019

My report is finished

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 29, 2019

@RideSolo assigned

@gorbunovperm

This comment has been minimized.

Copy link

commented Aug 1, 2019

My report is finished.

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Aug 2, 2019

LuckyStrike V7 Security Audit Report

1. Summary

LuckyStrike smart contract security audit report performed by Callisto Security Audit Department

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 1 low severity issues.

  • 1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).

No critical security issues were found.

3.1. Truncated Value (Invest & Play)

Severity: low

Description

Since the token does not have decimals, the truncated value issue will happen in line 1859. But the loss value will be less than the price of the token, which is less than the transaction fee.

uint256 tokensToMint = sumToMarketingFund / tokenPriceInWei;

3.2. Owner privileges

Severity: owner privileges

Description

  • adjustAllocation function allows the owner to reset the rates of the different jackpots and income rate as wished.
  • 70M tokens are first distributed by the owner that represent 10500 ether, the token sale hardcap is 4500 ether, meaning that the developers allow them self more than a third of the total income of the bet game, investors have to be aware of such usage.

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/7ec5a6253cdf01d3b81e63eed16caf9f

https://gist.github.com/yuriy77k/cb7167e1a1a82c95a3af50c55c076879

https://gist.github.com/yuriy77k/1b207c88f6be849189223ff5aaab71b6

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Aug 2, 2019

The comments about not exist issues.

  1. Known vulnerabilities of ERC20 token. In the contract were implemented all recommendations to resolve those issues. The fact that this token implements ERC20 standard does not mean that it is subject to all the problems of this standard.
  2. Block Gas Limit.. It's not an issue. If there is a limitation of maximum number of tickets in UI, but a user would like to cheat UI and buy more then limitation, his transaction will be throw.
  3. Sum Validation. This variable was used in the event 'SumAllocatedInWei', see line 1672.
  4. No event call. The ERC20 standard does not require to emit an event when burn token.

@yuriy77k yuriy77k closed this Aug 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.