Here is the report of the Centaury Security Audit performed by the Callisto Network security department in September 2018.
About Callisto Network and the security department
Utilizing Callisto Network capabilities, we have established a free-for-all system of smart-contracts auditing, to this end, Callisto Network has founded the Callisto security department and deploys treasury funds to pay security auditors for auditing smart-contracts, to reduce risk/flaw in smart-contracts and improve the adoption of programmable blockchains for the whole crypto industry.
Centaure Security Audit Report
The described issues should be fixed. The audited contract is not fully ERC20 compliant.
High severity issues
No High severity issues
Medium severity issues
1. Token Transfer to Address 0x0
Centaure Token do not require the
to address to be non null before
transfer. Accidental token loss to address 0x0 can be applicable.
The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address to burn them. However, this mechanism leads to the above mentioned issue.
Low severity issues
1. Total Supply
totalSupply function return the value of
_totalSupply - balances[address(0)],
since 0x0 is used to send the burned tokens to it, However the
implemented lock mechanism will also save the locked tokens in address
0x0, until the claim day by the contract owner.
The value returned by
totalSupply will increase when the contract owner will withdraw the locked tokens.
totalSupply function represent the circulating supply not the total supply.
2. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
1. Old solidity version
The used solidity version in Centaure is old.
Need to use one of the latest version of solidity.