CryptoAds Security Audit Report

Here is the report of the CryptoAds Security Audit performed by the Callisto Network security department in August 2018.

About Callisto Network and the security department

Utilizing Callisto Network capabilities, we have established a free-for-all system of smart-contracts auditing, to this end, Callisto Network has founded the Callisto security department and deploys treasury funds to pay security auditors for auditing smart-contracts, to reduce risk/flaw in smart-contracts and improve the adoption of programmable blockchains for the whole crypto industry.

CryptoAds specificities

Source code

(for convenience use: )

Disclosure policy

Private Notification



CryptoAds Security Audit Report


No critical issue, bug fixing is necessary.

It is highly recommended to complete a bug bounty before use.

Medium severity issues

1. Zero address owner


Owner address may be sent to zero address at function setOwner and because of its owner will lose his access to the smart contract.


Need to check if _newOwner is not zero address.

require(_newOwner != address(0));

2. Transfer to zero address

Severity: medium


Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.


Need to check if _to address is not zero address.

require(_to != address(0));

3. Double-spend attack is possible

Severity: medium


In case the user wants to change the approved amount a double-spend attack is possible.


It can be reviewed here.

Revealing audit reports