ChainLink (LINK) Security Audit Report
Here is the report of the ChainLink Token (LINK) security audit performed by the Callisto Network security department in April 2019.
About Callisto Network and the security department:
Utilizing Callisto Network capabilities, we have established a free-for-all system of smart-contracts auditing, to this end, Callisto Network has founded the Callisto security department and deploys treasury funds to pay security auditors for auditing smart-contracts, to reduce risk/flaw in smart-contracts and improve the adoption of programmable blockchains for the whole crypto industry.
Deployed at :
Number of lines: 160
Security Audit Report
Symbol : LINK Name : ChainLink Token Total supply: 1,000,000,000 Decimals : 18 Standard : ERC677
2. In scope
In total, 2 issues were reported including:
- 2 low severity issues.
No critical security issues were found.
3.1. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here.
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the
transfer(_to address, ...) function:
require( _to != address(this) );
3.2. No zero address checking
transfer(Line 81) and
transferFrom(Line 118) there are no zero address checking.
The audited smart contract can be deployed. Only low severity issues were found during the audit.