kasko2go Token Contract Audit

Similar documents
QIIBEE Security Audit

FanChain Contract Audit

GUTS Token Sale Audit

SECURITY AUDIT REPORT

Secure Token Development and Deployment. Dmitry Khovratovich and Mikhail Vladimirov, University of Luxembourg and ABDK Consulting

FXY TOKEN SMART CONTRACT AUDIT RESULTS FOR FIXY NETWORK LTD

Security Audit of FuzeX Smart Contract This report is public. ChainSecurity Ltd. January 11, 2018

Gnosis Safe Documentation. Gnosis

Bob s Repair Contract Audit

Pillar Token Code Review

Table of contents. Abstract. Disclaimer. Scope. Procedure. AS-IS overview. Audit overview. Conclusion. Appendix A. Automated tools reports 12

Securify: Practical Security Analysis of Smart Contracts

SmartDec icumulate.io Smart Contracts Security Analysis

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I

POA Bridge. Security Assessment. Cris Neckar SECUREWARE.IO

LECTURE 2 BLOCKCHAIN TECHNOLOGY EVOLUTION

Active Planning Committee John Lindsay, Patent Attorney Tony Schuman, Investment Advisor Todd Russell, Gov t Contract Opportunities

Ethereum Computation Market Documentation

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

FLIP Token (FLP) How to Participate in the FLIP Token (FLP) Sale Event. 1 Disclaimer 2. 2 What You Will Need 2

Declarative Static Analysis of Smart Contracts

A SYSTEM FOR ENABLING SHORT-TERM FINANCING

ICO Review: Raiden Network (RDN)

POLYBIUS TOKEN WHITEPAPER

Smart!= Secure - Breaking Ethereum Smart Contracts. Elliot Ward & Jake Humphries

Lecture 10. A2 - will post tonight - due in two weeks

MYETHERWALLET GUIDE 1

TABLE OF CONTENTS 1.0 TOKEN SALE SUMMARY INTRODUCTION HOW TO BUY LION HOW TO BUY LION WITH METAMASK

Technical Overview. Version: 1.0 Date:

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

Blockchains: new home for proven-correct software. Paris, Yoichi Hirai formal verification engineer, the Ethereum Foundation

Prelude. The notes within this Whitepaper publication are intended to formally document the concepts and features of the Aegeus cryptocurrency.

DISTRIBUTION PLAN. Operation of EMMARES smart contract. EMA Token Allocation

GENESIS VISION NETWORK

Mobilink-Network Partial List of Partners

Mobilink-Network Partial List of Partners

[ANALYSIS ASSIGNMENT 10]

ETHERNITY DECENTRALIZED CLOUD COMPUTING

Defining the Ethereum Virtual Machine for Interactive Theorem Provers

Ethereum. Campbell R. Harvey* Duke University and NBER. Ashwin Ramachandran Duke University. Brent Xu ConsenSys. Innovation and Cryptoventures

CLN CLN TOKEN SALE. How to Participate Using MyEtherWallter

ICO Review: Etherparty (FUEL)

Guide to a Successful Wanchain Token Contribution

a new cryptocurrency STK GLOBAL PAYMENTS USER GUIDE USER GUIDE: PARTICIPATING IN IN STK STK TOKEN TOKEN SALE USING SALE MYETHERWALLET

Ethereum: 30 Tips & Tricks

Ethereum. Smart Contracts Programming Model

Who wants to be a millionaire? A class in creating your own cryptocurrency

Whitepaper Rcoin Global

Learn Blockchain Programming. Ali Dorri

How to buy LIVE Token with Ethereum and Bitcoin step by step

Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data

Vladimir Groshev. COO, Project Coordinator.

TOKEN SWAP FAQ. For action before July 23, 2018.

0xcert - Your ID, degree, artwork or house. 0xcert-ified on the blockchain.

NEUROSEED WHITEPAPER. Version 1.1. May 1, 2018 Contents of the white paper are subject to changes and improvements

Three-Dimensional Scalable Blockchain. Tokenomics draft v. 0.3 (En)

Replay Attacks on Ethereum Smart Contracts. Zhenxuan Bai, Yuwei Zheng, Kunzhe Chai Senhua Wang

DTX Token. Starter guide

Technical White Paper of. MOAC Mother of All Chains. June 8 th, 2017

Wanchain Documentation

Key concepts of blockchain

Token Sale. Participation guide

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

QUADCORECHAIN. White Paper ver.1

Callisto Network Whitepaper

Smart Contract Security Tips. Ethereum devcon2 Sep Joseph Chow

Kibo Contract Audit. Prepared by Hosho July 17th, Report Version: 2.0. Copyright 2018 Hosho Group Inc.

Executive Summary. (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation

INX Tokenomics I

SUN Token Ecosystem Architecture Written by: Sun Token Technical Team Date: September 20, 2018 Version: 1.06

Token White Paper. Global marketplace based on Block chain for small-scale business I ver P a g e

BLOCKCHAIN CADEC Pär Wenåker & Peter Larsson

Ethereum Consortium Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager

Technical Specifications for Platform Development

Wanchain Documentation

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection *#

A Java Framework for Smart Contracts

powerone For the Palm Computing Platform

Ethereum Consortium Network Deployments Made Easy Christine Avanessians Senior Program Manager

Specifying the Ethereum Virtual Machine for Theorem Provers

Implementing and Mechanically Verifying Smart Contracts

Wormhole: A Smart Contract Solution for Bitcoin Cash

Knowledge Platform TOKEN SALE. GUIDELINE (MetaMask & MyEtherWallet)

WHITEPAPER. Security overview. podio.com

TOKEN PAPER.

OW TO PARTICIPAT HOW TO PARTICIPATE

Smart Contract Security Audit Report. Loopring Protocol Smart Contract version 2

TABLE OF CONTENTS 1.0 TOKEN SALE SUMMARY INTRODUCTION HOW TO BUY LION HOW TO BUY LION WITH METAMASK

Blockchain! What consultants should know about it. Daniel

Liferay Security Features Overview. How Liferay Approaches Security

Elphyrecoin (ELPH) a Private, Untraceable, ASIC-Resistant CryptoCurrency Based on CryptoNote

Ergo platform: from prototypes to a survivable cryptocurrency

IoT security based on the DPK platform

Distributed Ledger With Secure Data Deletion

Twilio cloud communications SECURITY

ENEE 457: E-Cash and Bitcoin

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

10 FOCUS AREAS FOR BREACH PREVENTION

Who s Protecting Your Keys? August 2018

Examining the Code. [Reading assignment: Chapter 6, pp ]

Transcription:

Version 1.0 / 17.04.2018 kasko2go Token Contract Audit inacta AG Eugen Lechner <eugen.lechner@inacta.ch> Cédric Walter <cedric.walter@inacta.ch>

Index 1. Introduction 2 2. Scope 2 3. Executive Summary 2 4. Ambisafe 3 5. On chain analysis 4 6. 5 7. Review Report of Token Sale Smart Contract 6 8. Use latest Solidity version 6 9. Compliance with ERC20 Standard 6 10. Compliance with Token Sale Terms and Conditions 6 11. Compliance with Smart Contract Best Practices 7 12. General code checking 7 13. Use safe math operators 8 14. Use modifiers for recurring checks 9 15. Avoid negated conditions 9 16. Patterns for error handling 9 17. Use view/constant modifier if possible 10 18. Implements default payable function 10 19. Token Lifecycle 10 20. Crowdsale Lifecycle 10 21. Explicitly mark visibility in function 10 22. Avoid to make time-based decisions in your business logic 10 23. Avoid commented code 10 24. Missing circuit breaker 11 25. Prefer newer solidity constructs 11 26. Many typography error 11 27. Lock pragmas to specific compiler version 12 28. Compliance with Code Style 12 29. Missing Input Validation 12 30. Avoid compiler warnings 12 31. Check known security attacks 13 32. ERC20 API: An Attack Vector on Approve/TransferFrom Methods 13 33. Re-Entrancy (Checks-Effects-Interactions Pattern) 13 34. Transactions May Affect Ether Receiver 13 35. Unhandled Exception 13 1

36. Limitations 13 37. Introduction Name Web Presence Name of Token Whitepaper Reference kasko2go https://kasko2go.com/ K2G https://kasko2go.com/whitepaper.pdf Smart Contract Code K2GAudit.zip, received at 11.04.2018 38.Scope This is an, eyes over code review only of the contracts source code. No static or dynamic testing have been done by the reviewing author. Only the Smart Contracts Code available in K2GAudit.zip have been reviewed. The smart contract is only the ERC20 token. The entire token sales logic is located in the off-chain area of the ICO Platform and cannot be verified by this audit. The white paper specifications such as hardcap are therefore not part of this audit. The audit was carried out between April 11rd and 12th, 2018 by using the following sources - Paper ICO White Paper - K2G Token Smart Contract Code (etoken2-contracts-907f9fa01b753845645c9985d2a04b45e5d23d43) 39.Executive Summary We reviewed the K2G Token Sales Contract and did not find any critical security problems. Our findings included four medium and nine low issues. Most of the code does not comply with best practice recommendations, but generally leaves a solid 2

impression. It follows a generic approach with many proxy classes and integrated role management, which goes far beyond the ERC20 standard requirements. Although token sales take place without a crowdsale smart contract, Ambisafe provides the necessary transparency for the distribution of tokens by executing all transactions on blockchain. It is the responsibility of kasko2go to distribute the tokens according to the information in white papers, there is no mechanism to automatically distribute the tokens. The conformity of crowdsale (number of tokens generated, allocations to founders) can been verified directly in ethereum blockchain. 40. Ambisafe Ambisafe Inc. is an Ethereum Asset Platform based in San Francisco California. Ambisafe is a platform that makes it easier for anyone to create blockchain-based digital assets. Using Ambisafe, anyone can issue a blockchain-based asset in minutes, then add it to cryptocurrency exchanges worldwide. K2G tokens will be stored via the Ambisafe Asset Cold Storage with multi-sig capabilities which requires multiple confirmations from trusted parties to securely perform management actions. Ambisafe offer an asset manager where it is possible to create the K2G assets to sell, a wallet to store and release them, a wallet to collect funds. During ICO sale, investors purchase K2G tokens and their money is store in an online multisig Crypto-Wallet. Meanwhile, investors receive a generated own Wallets where they store the tokens they bought. The following image shows how the individual token and payment transactions can be traced in the blockchain. All tokens are generated at the start of ICO and transferred to the kasko2go Cold Storage. From there it is the responsibility of kasko2go to distribute the tokens according to the information in white papers. This is performed manually by the ICO Managers of kasko2go distributing the tokens manually. Some tokens are distributed directly (founders, team etc.). Tokens that will be distributed to the contributors in the K2G public token sale are moved to the automated Crypto Wallet and distributed from there according to the investor deposits at the daily rate. 3

41.On chain analysis K2G token can be seen at Ethereum address https://etherscan.io/token/0x926703fb558f46331b6a06322bcf9e9d017fe6ec From there we can certify that the number of Token is capped to 600 Millions tokens and match the whitepaper kasko2go-whitepaper.pdf (sha256sum c81946031618a167d2e2bb7e33213c4b2a238a915849569fc4f0d7b96f98ac48) We can also see the distribution of wallets holding K2G tokens: 4

The wallet 0x9acb172f0ab5978eea6766df202d15570b37e506 is assumed to be the mutisig cold storage wallet holding 99.70% of K2G token. The distribution of K2G tokens among founders, advisors, team as of today 20.04.2018 17:41 has not yet being done. The deployed code at https://etherscan.io/address/0x926703fb558f46331b6a06322bcf9e9d017fe6ec# code 42. Here is our assessment and recommendations. Description Severity Priority 1 Using one year old Solidity compiler version (6.1) Medium Medium 2 High code complexity (6.4.1) Low Low 3 Use safe math operators (6.4.2) Medium Medium 4 Avoid negated conditions (6.4.4) Low Low 5 Patterns for error handling (6.4.5) Medium Medium 6 Event name consistency, invoking events without "emit" prefix is deprecated. (6.7) 7 Explicitly mark visibility in function (6.4.10) Low Low Low Low 5

8 Avoid to make time-based decisions in your business logic. (6.4.11) Medium 9 Avoid commented code (6.4.12) Low Low 10 Missing circuit breaker (6.4.13) Low Low 11 Prefer newer solidity constructs (6.4.14) Low Low 12 Many Typography errors (6.4.15) Low Low 13 Lock pragmas to specific compiler version (6.4.16) Low Low Medium 43.Review Report of Token Sale Smart Contract 43.1 Use latest Solidity version The Smart Contract Code is compiled with different versions of Solidity. The EToken2 contract uses the Solidity compiler version 0.4.8 from Jan 13, 2017. Since this version many security fixes and improvements in the compiler have been identified and implemented. The Asset Contract uses the Solidity compiler version 0.4.15 from Aug 8, 2017. We strongly recommend using the latest stable version 0.4.21 for all smart contracts to take advantage of the latest features of Solidity and to avoid potential security risks. The version of Truffle has to match the compiler version of solidity. Since you are using Truffle 3.1.9, we recommend you to update to Truffle 4.1.5 from "dependencies" : { "ethereumjs-testrpc" : "3.0.3", "truffle" : "3.1.9", to "dependencies" : { "ethereumjs-testrpc" : "3.0.3", "truffle" : "4.1.5", 43.2 Compliance with ERC20 Standard The K2G Token implements the ERC20 Token Standard Interface. The generating of asset through the platform Ambisafe should be like all other assets generated before. We have no access to the off-chain platform and its source code and therefore cannot make any statement as to whether the sales process will be complied with white paper. 43.3 Compliance with Token Sale Terms and Conditions The conditions controlling the Token Sale is located in the off-chain at the ICO Platform and cannot be verified by this audit. All payments made by investors cannot be verified in Blockchain and must be verified in off-chain platform. We recommend 6

carrying out an independent audit of the generated tokens after the end of the sales process. 43.4 Compliance with Smart Contract Best Practices 43.4.1 General code checking The code implements many interfaces and contains a lot of logic that goes far beyond the ERC20 standard. Many sections are not in accordance with current best practice recommendations, such as no error are throw in case of wrong parameters in order to reduce the caller's gas costs. We recommend keep the contracts small and easily understandable. In Solidity 0.4.10 require() were introduced. require(condition) is meant to be used for input validation, which should be done on any user input, and reverts if the condition is false. As such we recommend you to replace all code pattern like these modifier checkenabledswitch( bytes32 _switch) { if (!isenabled(_switch)) { _error( 'Feature is disabled' ); else { _; with modifier checkenabledswitch( bytes32 _switch) { required(!isenabled(_switch)) _; 7

43.4.2 Use safe math operators In order to remove the risk of overflow and underflow when using most mathematical operations, we recommend using the SafeMath library like the one provided by OpenZeppelin. Over and under flows An overflow happens when the limit of the type variable uint256, 2 ** 256, is exceeded. What happens is that the value resets to zero instead of incrementing more. For instance, if I want to assign a value to a uint bigger than 2 ** 256 it will simple go to 0 this is dangerou s. On the other hand, an underflow happens when you try to subtract from 0 a number bigger than 0.For example, if you subtract 0-1 the result will be = 2 ** 256 instead of -1. This is quite dangerous. For example, in the Smart Contract MultiAsset.sol: function _transferdirect( uint _fromid, uint _toid, uint _value, bytes32 _symbol) internal { assets[_symbol].wallets[_fromid].balance -= _value; assets[_symbol].wallets[_toid].balance += _value; If the parameter _value is a negative value, the balance at the caller is increased instead of decreased. uint256 is only used in interface ERC20Interface.sol but we don t see the implementation of it, Ambisafe has the responsibility to ensure that they are using a SafeMath library. We recommend you to reuse (not copy...) the implementation of Open Zeppelin ( link ) which is well reviewed and battle tested. The latest version as of today is "zeppelin-solidity": "1.8.0", here it is as reference library SafeMath { /** * @dev Multiplies two numbers, throws on overflow. */ function mul( uint256 a, uint256 b) internal pure returns ( uint256 ) { if (a == 0 ) { return 0 ; uint256 c = a * b; assert(c / a == b); return c; /** * @dev Integer division of two numbers, truncating the quotient. 8

*/ function div( uint256 a, uint256 b) internal pure returns ( uint256 ) { // assert(b > 0); // Solidity automatically throws when dividing by 0 uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; /** * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). */ function sub( uint256 a, uint256 b) internal pure returns ( uint256 ) { assert(b <= a); return a - b; /** * @dev Adds two numbers, throws on overflow. */ function add( uint256 a, uint256 b) internal pure returns ( uint256 ) { uint256 c = a + b; assert(c >= a); return c; 43.4.3 Use modifiers for recurring checks No. All contracts use modifiers very proficiently. The use of modifiers in the functions and state variables are explicitly specified. This increases the readability of the contract and makes it more trustworthy. 43.4.4 Avoid negated conditions The negated conditions can cause errors if the condition is complex and must be avoided. The smart contracts contains many negated conditions, some of them can be simplified. E.g.:!isEnabled can be used as isdisabled 43.4.5 Patterns for error handling The Smart Contract token does not throw errors when input parameters is not valid. This means that transactions with incorrect parameters are still accepted from Blockchain with the following disadvantages: The gas fees of callers are consumed even if it has not led to a result The state of the Smart Contract can still change, although it should not lead to any changes if the input parameters are incorrect. The Ethereum EVM guarantees that the state is unchanged only if a error is thrown. 9

43.4.6 Use view/constant modifier if possible No findings. The smart contracts use constant modifier if possible. 43.4.7 Implements default payable function No findings. 43.4.8 Token Lifecycle No findings. 43.4.9 Crowdsale Lifecycle The entire sales life cycle is controlled outside the blockchain and cannot be verified by this audit. 43.4.10 Explicitly mark visibility in function Solidity defaults to public. Consider making this explicit. This will also avoid some compiler warnings introduced in the latest versions. for example in EToken2.sol mapping ( bytes32 => bool ) switches; mapping ( address => uint ) holderindex; 43.4.11 Avoid to make time-based decisions in your business logic The timestamp of the block can be manipulated by the miner, and all direct and indirect uses of the timestamp should be considered.block numbers and average block time can be used to estimate time. for example in AssetProxy.sol L. 464/497 Date-related logic is not critical, and as such code can be kept like that. 43.4.12 Avoid commented code Because of commented code certain portion of the contract is difficult to understand and give the feeling that the contract is not ready yet for deployment. RegistryICAP.sol L. 61/62 & 85/88 Use Git or any code versioning software to avoid having commended code spread in shippable code. 10

43.4.13 Missing circuit breaker It will be good if contract will have a circuit breaker to stop contract execution in case of any emergency or attacks. see https://consensys.github.io/smart-contract-best-practices/software_engineering/#circ uit-breakers-pause-contract-functionality. 43.4.14 Prefer newer solidity constructs Prefer constructs/aliases such as keccak256 (over sha3). While not a security issue, sha3 is deprecated in Ethereum and do not behave like sha3 introducing confusion when external system would calculate sha3 differently. Replace sha3 with keccak-256 to express the reality to potential users of your APIs. Ethereum uses KECCAK-256. It should be noted that it does not follow the FIPS-202 based standard of Keccak, which was finalized in August 2015. Hashing the string "testing": Ethereum SHA3 function in Solidity = 5f16f4c7f149ac4f9510d9cf8cf384038ad348b3bcdc01915f95de12df9d1b02 Keccak-256 (Original Padding) = 5f16f4c7f149ac4f9510d9cf8cf384038ad348b3bcdc01915f95de12df9d1b02 SHA3-256 (NIST Standard) = 7f5979fb78f082e8b1c676635db8795c4ac6faba03525fb708cb5fd68fd40c5e see https://consensys.github.io/smart-contract-best-practices/recommendations/#prefernewer-solidity-constructs According to ethereum/eips#59, solidity has already been updated https://github.com/ethereum/solidity/blob/develop/changelog.md#0417-2017-09-21 https://github.com/ethereum/solidity/pull/1164/files http://ethereum.stackexchange.com/questions/550/which-cryptographic-hash-functio n-does-ethereum-use And the Yellowpaper also mentions it at every occasion except for the OP-code name itself. 43.4.15 Many typography error Typos make the code difficult to read and understand. 11

In EToken2.sol Sets EventsHstory contract address. -> Sets EventsHistory contract address. existance -> existence In AssetProxy.sol Timespan -> TimeSpan etoken2 -> etoken2 Prforms -> Performs event UpgradeCommited( address newversion); -> event UpgradeCommitted( address newversion); Correct typos. 43.4.16 Lock pragmas to specific compiler version Contracts should be deployed with the same compiler version and flags that they have been tested the most with. Locking the pragma helps ensure that contracts do not accidentally get deployed using, for example, the latest compiler which may have higher risks of undiscovered bugs. Contracts may also be deployed by others and the pragma indicates the compiler version intended by the original authors. In Ambi.sol L. 1 // bad pragma solidity ^ 0. 4. 8 ; // good pragma solidity 0. 4. 8 ; 43.5 Compliance with Code Style No findings. Smart contracts code corresponds for the most part to the recommended Code Style. It does not contain any complex duplicate code that can lead to diverging program logic. 43.6 Missing Input Validation No findings. Unexpected method arguments may result in insecure contract behaviors. To avoid this, contracts must check whether all transaction arguments meet their desired preconditions. 43.7 Avoid compiler warnings If you start using the latest compiler 12

we recommend to use emit prefix in all event names to avoid following compiler warnings: Warning: Invoking events without "emit" prefix is deprecated. 43.8 Check known security attacks No findings. The patterns of attacks that have already been successfully executed are checked. 43.8.1 ERC20 API: An Attack Vector on Approve/TransferFrom Methods No findings. To prevent attack vectors clients should make sure to create user interfaces in such a way that they set the allowance first to 0 before setting it to another value for the same spender. Though the contract itself shouldn't enforce it, to allow backwards compatibility with contracts deployed before. 43.8.2 Re-Entrancy (Checks-Effects-Interactions Pattern) No findings in smart contract code. 43.8.3 Transactions May Affect Ether Receiver No findings. A contract is exposed to this vulnerability if a miner (who executes and validates transactions) can reorder the transactions within a block in a way that affects the receiver of ether. 43.8.4 Unhandled Exception No findings. A call/send instruction returns a non-zero value if an exception occurs during the execution of the instruction (e.g., out-of-gas). A contract must check the return value of these instructions and throw an exception. Limitations Only the Solidity source code of the smart contract has been reviewed and audited. The low-level assembly code that is created by the Solidity compiler was excluded from the review. Solely the token smart contract has been reviewed; the ICO platform in any other matters have not been part of the assessment. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback