SHUSKY token security audit, conducted by the Callisto Network Security Department during May 2021.

 


 

SHUSKY Token Security Audit Report

Are Your Funds Safe?

 

Audit request

SHUSKY (Siberian Husky) is a decentralized community token and store of value.
50% burned, 40% locked, 10% dumped on open market already, contract revoked.

Source code

https://etherscan.io/address/0x236d53148f83706c3d670064809577385f923a75#code

Disclosure policy

Talk to me first in case it is a misunderstanding, but publish it later.

Standard disclosure policy.

Contact information

Platform

ETH

1. Summary

SHUSKY smart contract security audit report performed by Callisto Security Audit Department.

  • https://SHUSKYTOKEN.com
  • https://twitter.com/SHUSKYTOKEN
  • https://t.me/SHUSKYTOKEN
  • https://reddit.com/r/SHUSKYTOKEN
  • https://discord.gg/XGPhdcp9nA

2. In scope

https://etherscan.io/address/0x236d53148f83706c3d670064809577385f923a75#code

2.1 Excluded

The correctness of the mathematical calculations was not verified during the audit due to the lack of complete documentation of what the contract should do and under what conditions.

3. Findings

In total, 1 issue were reported including:

  • 0 high severity issue.
  • 0 medium issue.
  • 1 low severity issue.

No critical security issues were found.

3.1 Known vulnerabilities of ERC-20 and BEP-20 token

Severity: low.

Description:

  1. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

  1. ERC20 is a widely used standard across the Ethereum ecosystem. It is reasonable to assume that ERC20 tokens could be “accidentally” deposited into this contract even though it is not intentional.

Every user on the entire Ethereum ecosystem can send ERC20 tokens to this contract and he will have no ability to extract it back unless there is a special “ERC20-rescue” function implemented in your contract. It is advised to implement this function.

Example: here is BAT contract address. As you can see the contract itself holds $497,000 worth of different ERC20 tokens – all these tokens are permanently “stuck” inside the contract and therefore uselessly lost.

Recommendation

A simple “ERC20-rescue” function can solve the problem.

function rescueERC20(address _token, uint256 _amount) external onlyOwner {
    IERC20(_token).transfer(owner(), _amount);
  }

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during security audit.

Appendix

Smart Contract Audits by Callisto Network.

Miscellaneous

Why Audit Smart Contracts?

Our Most Popular Audit Reports.


Trust the Blockchain, Audit the Smart Contracts.


Follow Callisto’s Security Department on Twitter to get our latest news and updates!