SHUSKY token security audit, conducted by the Callisto Network Security Department during May 2021.
SHUSKY Token Security Audit Report
Are Your Funds Safe?
Audit request
SHUSKY (Siberian Husky) is a decentralized community token and store of value.
50% burned, 40% locked, 10% dumped on open market already, contract revoked.
Source code
https://etherscan.io/address/0x236d53148f83706c3d670064809577385f923a75#code
Disclosure policy
Talk to me first in case it is a misunderstanding, but publish it later.
Contact information
- admin@SHUSKYTOKEN.com
- T.me/serecthunderson
- https://SHUSKYTOKEN.com
- https://twitter.com/SHUSKYTOKEN
- https://t.me/SHUSKYTOKEN
- https://reddit.com/r/SHUSKYTOKEN
- https://discord.gg/XGPhdcp9nA
Platform
ETH
1. Summary
SHUSKY smart contract security audit report performed by Callisto Security Audit Department.
- https://SHUSKYTOKEN.com
- https://twitter.com/SHUSKYTOKEN
- https://t.me/SHUSKYTOKEN
- https://reddit.com/r/SHUSKYTOKEN
- https://discord.gg/XGPhdcp9nA
2. In scope
https://etherscan.io/address/0x236d53148f83706c3d670064809577385f923a75#code
2.1 Excluded
The correctness of the mathematical calculations was not verified during the audit due to the lack of complete documentation of what the contract should do and under what conditions.
3. Findings
In total, 1 issue were reported including:
- 0 high severity issue.
- 0 medium issue.
- 1 low severity issue.
No critical security issues were found.
3.1 Known vulnerabilities of ERC-20 and BEP-20 token
Severity: low.
Description:
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Recommendation
Add the following code to the transfer(_to address, ...)
function:
require( _to != address(this) );
- ERC20 is a widely used standard across the Ethereum ecosystem. It is reasonable to assume that ERC20 tokens could be “accidentally” deposited into this contract even though it is not intentional.
Every user on the entire Ethereum ecosystem can send ERC20 tokens to this contract and he will have no ability to extract it back unless there is a special “ERC20-rescue” function implemented in your contract. It is advised to implement this function.
Example: here is BAT contract address. As you can see the contract itself holds $497,000 worth of different ERC20 tokens – all these tokens are permanently “stuck” inside the contract and therefore uselessly lost.
Recommendation
A simple “ERC20-rescue” function can solve the problem.
function rescueERC20(address _token, uint256 _amount) external onlyOwner {
IERC20(_token).transfer(owner(), _amount);
}
4. Conclusion
The audited smart contract can be deployed. Only low severity issues were found during security audit.
Appendix
Smart Contract Audits by Callisto Network.
Miscellaneous
Our Most Popular Audit Reports.
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!