Zilliqa Token (ZIL) security audit, conducted by the Callisto Network Security Department in April 2019.
Zilliqa (ZIL) Specificities
Audit Request
Audit Top 200 CoinMarketCap tokens.
Symbol : ZIL
Name : Zilliqa
Circulating Supply: 8 750 823 775
Total Supply: 12 599 999 804Deployed at:
https://etherscan.io/address/0x05f4a42e251f2d52b8ed15e9fedaacfcef1fad27#code
Source Code:
https://gist.github.com/yuriy77k/cd476ddc9a1c1685dc39e399fcd08b3e
Disclosure policy
Public.
Platform:
ETH.
Number of lines:
192.
Zilliqa Token (ZIL) Smart Contract Security Audit Report
Are Your Funds Safe?
1. In scope
2. Findings
In total, 3 issues were reported including:
- 3 low severity issues.
2.1. Known vulnerabilities of ERC-20 token
Severity: low.
Description:
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Recommendation:
Add the following code to the
transfer(_to address, ...)function:
require( _to != address(this) );
2.2. Transfer Admin to zero address
Severity: low.
Description:
Possibility of setting zero address as newAdnin at changeAdmin function.
Code snippet:
Recommendation:
Need to check if newOwner address is not zero address.
require( newAdmin != address(0) );
2.3. Owner Privileges
Severity: low.
Description:
The contract owner allow himself:
- to pause functions of contract (transfer, transferFrom, approve, increaseApproval, decreaseApproval), besides burn function;
- Evacuate Tokens at any time.
The contract is managed manually by the owner which is not good for investors.
Code snippet:
3. Conclusion
The audited smart contract can be deployed. Only low severity issues were found during the audit.
4. Revealing audit reports
- https://gist.github.com/yuriy77k/8a4e69ad1ae46a818982b0dbc5627a1a
- https://gist.github.com/yuriy77k/4b4dbfbd3ce5ba84eb0b7364dd608c74
- https://gist.github.com/yuriy77k/7facb589523c03d64f09be1ba8b11614
Appendix
Smart Contract Audits by Callisto Network.
Miscellaneous
Our Most Popular Audit Reports.
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!