Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lucky Strike v7 #352

Closed
4 of 5 tasks
luckystrikeico opened this issue Jul 25, 2019 · 12 comments
Closed
4 of 5 tasks

Lucky Strike v7 #352

luckystrikeico opened this issue Jul 25, 2019 · 12 comments
Labels
approved Auditors can begin to audit this smart contract. priority: 2 (highest) solidity Smart-contract is written in solidity (Ethereum) language.

Comments

@luckystrikeico
Copy link

luckystrikeico commented Jul 25, 2019
edited by yuriy77k

Audit request

Lucky Strike, based fully in Ethereum smart-contract, is bringing the core philosophy of blockchain to the gambling industry – enhancing it with an ICO model we’re calling ‘Bet & Own.’

Source code

game

tokens

Disclosure policy

You can write about any issues directly in the comments.

Platform

ETH

Previous audit

#332

Changes after previous audit

  • 3.1. An attacker can block the contract: recommendation implemented
    see line 1777

  • 3.2. Truncated Value (Invest & Play): Fixed. Lines: 1851-1857

  • 3.3. Sum Validation: This variable was used in event 'SumAllocatedInWei', see line 1672

  • 3.4. Owner Privileges: won't fix, done intentionally

  • 3.5. No event call: fixed
    See lines: 155-165, 369

Release notes:

Jackpot winnings are no longer paid instantly. The winner must call the appropriate contract method.

Number of lines:

845 (1690 * 0.5 coeficient for reaudit #332 (comment))
@luckystrikeico luckystrikeico changed the title Lucky Strike v7 Lucky Strike v7.1 Jul 26, 2019
@luckystrikeico luckystrikeico changed the title Lucky Strike v7.1 Lucky Strike v7 Jul 27, 2019
@yuriy77k yuriy77k added the solidity Smart-contract is written in solidity (Ethereum) language. label Jul 27, 2019
@yuriy77k
Copy link
Contributor

@luckystrikeico Please, send 0,0839 BTC (845 USD) to 3QuFHJ6uBGMoHMwd749tAYQNJ25yVt85Hf address.

@yuriy77k yuriy77k added approved Auditors can begin to audit this smart contract. High priority (DEPRECATED) DEPRECATED: Use priority 1 or priority 2 to increase the priority of a contract audit. labels Jul 27, 2019
@MrCrambo
Copy link

Auditing time 2 days

@yuriy77k
Copy link
Contributor

@MrCrambo assigned.

@yuriy77k
Copy link
Contributor

@RideSolo, @gorbunovperm please, make this audit for 2 days.

@gorbunovperm
Copy link

Estimated auditing time is 2 days.

@yuriy77k
Copy link
Contributor

@gorbunovperm assigned

@RideSolo
Copy link

auditing time: 1 day.

@MrCrambo
Copy link

My report is finished

@yuriy77k
Copy link
Contributor

@RideSolo assigned

@Dexaran Dexaran added priority: 2 (highest) and removed High priority (DEPRECATED) DEPRECATED: Use priority 1 or priority 2 to increase the priority of a contract audit. labels Jul 29, 2019
@gorbunovperm
Copy link

My report is finished.

@yuriy77k
Copy link
Contributor

yuriy77k commented Aug 2, 2019

LuckyStrike V7 Security Audit Report

1. Summary

LuckyStrike smart contract security audit report performed by Callisto Security Audit Department

2. In scope

3. Findings

In total, 2 issues were reported including:

  • 1 low severity issues.

  • 1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).

No critical security issues were found.

3.1. Truncated Value (Invest & Play)

Severity: low

Description

Since the token does not have decimals, the truncated value issue will happen in line 1859. But the loss value will be less than the price of the token, which is less than the transaction fee.

uint256 tokensToMint = sumToMarketingFund / tokenPriceInWei;

3.2. Owner privileges

Severity: owner privileges

Description

  • adjustAllocation function allows the owner to reset the rates of the different jackpots and income rate as wished.
  • 70M tokens are first distributed by the owner that represent 10500 ether, the token sale hardcap is 4500 ether, meaning that the developers allow them self more than a third of the total income of the bet game, investors have to be aware of such usage.

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

5. Revealing audit reports

https://gist.github.com/yuriy77k/7ec5a6253cdf01d3b81e63eed16caf9f

https://gist.github.com/yuriy77k/cb7167e1a1a82c95a3af50c55c076879

https://gist.github.com/yuriy77k/1b207c88f6be849189223ff5aaab71b6

@yuriy77k
Copy link
Contributor

yuriy77k commented Aug 2, 2019
edited

The comments about not exist issues.

  1. Known vulnerabilities of ERC20 token. In the contract were implemented all recommendations to resolve those issues. The fact that this token implements ERC20 standard does not mean that it is subject to all the problems of this standard.
  2. Block Gas Limit.. It's not an issue. If there is a limitation of maximum number of tickets in UI, but a user would like to cheat UI and buy more then limitation, his transaction will be throw.
  3. Sum Validation. This variable was used in the event 'SumAllocatedInWei', see line 1672.
  4. No event call. The ERC20 standard does not require to emit an event when burn token.

@yuriy77k yuriy77k closed this as completed Aug 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved Auditors can begin to audit this smart contract. priority: 2 (highest) solidity Smart-contract is written in solidity (Ethereum) language.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@MrCrambo @Dexaran @gorbunovperm @RideSolo @yuriy77k @luckystrikeico