Another audit nailed by SNTR token
Ongoing preparations for listing on major exchanges. This time SNTR token passed a security audition by chinese cybersecurity company SlowMist.
The token was specifically tested for:
- Overflow audit. Overflow vulnerabilities are based on exploiting an ERC20 token standard vulnerability called integer overflow or underflow. This problem happens when the result of a math operation is outside the range that can be represented by a variable. In the case of smart contracts in Ethereum, if you subtract anything from zero, you'll get a very large value. If you add two large values together, the result will wrap around and will be close to zero. Result: Passed (SNTR token has no such vulnerabilities)
- Race conditions audit. Race Condition allows a malicious application to obtain several access_token and refresh_token pairs while only one pair should be generated. Further, it leads to authorization bypass when access would be revoked. Result: Passed (SNTR token has no such vulnerabilities)
- Authority Control Audit. Includes all risks resulted from improper authority allocation, e.g. set "owner" by anyone. Result: Passed (SNTR token has no such vulnerabilities)
- Safety design audit. A check for design-related risks like bad compiler version or proper return values. Might render tokens non-retractable if done wrong. Result: Passed (SNTR token has no such vulnerabilities)
- Denial of Service audit. A check if the token could malfunction because of denial of service attacks (DDoS). Result: Passed (SNTR token has no such vulnerabilities)
- Gas optimization audit — a check if the token uses gas for it's transactions efficiently. Result: Passed (SNTR token has no such issues)
- Design logic audit — a check if token actually designed to do what it is described to do. Result: Passed (SNTR token does exactly what it says on the tin)
- "False top-up" vulnerability audit — a check for vulnerability that results from the mild judgement of if/else in transfer sensitive function scenarios. Result: Passed (SNTR token has no such vulnerabilities)
- Uninitialized storage pointers audit — we have a strong opinion that this check is added just to increase report volume. Solidity compiler runs these checks automatically and will not allow you to compile your code if you have them. Result: Passed (SNTR token has no such issues, duh)
- Arithmetic accuracy deviation audit — an audit for errors that are caused by computers being inaccurate with very large or very small numbers. For detailed explanations watch this. Result: Passed (SNTR token has no such vulnerabilities)
Security scrutiny showed that SNTR developers do their homework. SNTR big listing train is off to the next scrutiny station that is legal opinion.