How to Stake CLO

Cold staking is a protocol that rewards long-term coin holders for staking their Callisto coins.

Centaure Security Audit Report

Centaure Security Audit Report

Here is the report of the Centaury Security Audit performed by the Callisto Network security department in September 2018.

About Callisto Network and the security department

Utilizing Callisto Network capabilities, we have established a free-for-all system of smart-contracts auditing, to this end, Callisto Network has founded the Callisto security department and deploys treasury funds to pay security auditors for auditing smart-contracts, to reduce risk/flaw in smart-contracts and improve the adoption of programmable blockchains for the whole crypto industry.

Centaure specificities

Source code

Disclosure policy

[email protected]





Centaure Security Audit Report


The described issues should be fixed. The audited contract is not fully ERC20 compliant.

High severity issues

No High severity issues

Medium severity issues

1. Token Transfer to Address 0x0


Centaure Token do not require the to address to be non null before transfer. Accidental token loss to address 0x0 can be applicable.

The version of ERC20 used in this contract, use a basic burn mechanism where anyone can send tokens to 0x0 address to burn them. However, this mechanism leads to the above mentioned issue.

Code snippet

Low severity issues

1. Total Supply


totalSupply function return the value of _totalSupply - balances[address(0)], since 0x0 is used to send the burned tokens to it, However the implemented lock mechanism will also save the locked tokens in address 0x0, until the claim day by the contract owner.

The value returned by totalSupply will increase when the contract owner will withdraw the locked tokens. totalSupply function represent the circulating supply not the total supply.

Code snippet

2. Known vulnerabilities of ERC-20 token


  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. More details here

Minor observation

1. Old solidity version


The used solidity version in Centaure is old.


Need to use one of the latest version of solidity.

Revealing audit reports