Quarashi Network security audit, conducted by the Callisto Network Security Department during July 2021.

 


 

Quarashi Network Security Audit Report

Are Your Funds Safe?

 

Audit Request

Hello Callisto, we need a contract audit, it’s for the utility token from Quarashi Platform, it’s also verified in the Etherscan Network.

Source code

https://etherscan.io/address/0x0aff88b4cf3015c9c17f1da1fccb88c632f3505e#code

Disclosure policy

Standard disclosure policy.

Contact information

Website: https://quarashi.network

Contact: contact@quarashi.network

Telegram: https://t.me/quarashinetworkofficial

Twitter: https://twitter.com/QuarashiN/media

Platform

ETH.

1. In scope

2. Findings

In total, 3 issues were reported including:

  • 0 high severity issues.
  • 0 medium severity issue.
  • 2 low severity issue.
  • 0 note.
  • 1 owner privilege.

2.1 Known vulnerabilities of ERC-20

Severity: low.

Description:

  1. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

2.2 High gas consumption

Severity: low.

Description:

The functions freezingCount()getFreezing()freezeTo()releaseAll() use lops of indefinite length and can use a lot of gas.

Recommendation

Try to rebuild functions logic to avoid long loops in functions.

 

2.3 Owner privileges

Severity: owner privileges.

Description:

Contract owner has right:

  1. Mint any amount of tokens to any address
  2. Pause/unpause tokens transfer.

3. Security practices

  •  Open-source contact.
  •  The contract should pass a bug bounty after the completion of the security audit.
  •  Public testing.
  •  Automated anomaly detection systems. – NOT IMPLEMENTED. A simple anomaly detection algorithm is recommended to be implemented to detect behavior that is atypical compared to normal for this contract. For instance the contract must halt deposits in case a large amount is being withdrawn in short period of time until the owner or the community of the contract approves further operationing.
  •  Multisig owner account.
  •  Stnadard ERC20-related issues. – NOT IMPLEMENTED. It is known that every contract can potentially receive unintended ERC20-token deposit without the ability to reject it even if the contract is not intended to receive or hold tokens. As the result it is recommended to implement a function that will allow to extract any arbitrary number of tokens from the contract.

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

It is recommended to adhere to the security practices described in pt. 4 of this report in order to ensure the operability of the contract and prevent any issues which are not directly related to the code of this smart-contract.

Appendix

Smart Contract Audits by Callisto Network.

Miscellaneous

Why Audit Smart Contracts?

Our Most Popular Audit Reports.

 


Trust the Blockchain, Audit the Smart Contracts.


Follow Callisto’s Security Department on Twitter to get our latest news and updates!