Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Awaken Swap>Discussion>Additional token-sanity checks
GeneralOverview
Findings
High (3)
Medium (2)
Low (1)
Informational (2)
DiscussionVirtual addresses are not actually usedNo tests for ACS2 read/write path correctnessAdditional token-sanity checks
Threat ModelModule: AwakenSwapContract.csModule: AwakenSwapContract_Admin.csModule: AwakenSwapContract_Helper.csModule: AwakenSwapContract_LP.csModule: AwakenSwapContract_Swap.csModule: AwakenSwapContract_Views.csModule: TokenContract.csModule: TokenContract_ACS2.csModule: TokenContract_Actions.cs
Audit ResultsSummary

Additional token-sanity checks

We recommend adding some missing checks to the token contract:

  • The DoTransfer method should check whether To is null in case anyone attempts to burn tokens by sending them to the null address, rather than calling Burn.

  • The Create method should check that Decimals is nonnegative and not too large. User-interface denial-of-service issues may arise if the number of decimals is not within a reasonable logarithm of the range of the token balances.

  • The AddMinter and RemoveMinter methods should have null checks on the addresses added/removed.

Zellic © 2024Back to top ↑