FINDINGS
Detailed Summary of Findings
| Sl. No. | Name | Severity |
|---|---|---|
| M-01. | Centralization Risk for trusted owners | Medium |
| I-01. | Functions not used internally could be marked Informational external | Informational |
| I-02. | A proxy should be used to initialize the contract | Informational |
| I-03. | Incorrect token name | Informational |
Pie Chart
Static Analysis
No major issues were found. Some false positive errors were reported by the tool. All the other issues have been categorized above according to their level of severity.
Manual Review
High Severity Issues
No High Severity issues were found.
Medium Severity Issues
M-01.
Centralization Risk for Trusted Owners
Description: Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
There exist 2 functions with onlyOwner access modifier. While the snapshot function may not lead to any problem due to being expected that only the owner can execute a snapshot, the mint function also implements the onlyOwner modifier. This mint function allows the owner to mint an unlimited amount of tokens for free.
Code Snippets :
function snapshot() public onlyOwnner{
_snapshot();
}
function mint(address to↑,unit256 amount↑) public onlyuOwner{
_mint(to↑,amount↑);
}Recommendations:
Do not allow the owner to mint an unlimited amount of tokens by free in case that it is not the expected behavior. If the expected behaviour is the mentioned one, clearly warn the users of the described fact as it could affect them.
Informational Issues
I-01
Functions not used internally could be marked external
Description :
There are some functions that are not used internally and are defined as public that can be defined as external instead.
Code Snippets :
File: MyToken.sol
17: function initialize() initializer public {
27: function snapshot() public onlyOwner {
31: function mint(address to,uint256 amount) public onlyOwner {Recommendations:
Change the public declaration by external.
I-02
A proxy should be used to initialize the contract
Description :
The initialize() function may not work as expected.
Recommendations:
In order to work as expected the initialize() function should be called from a proxy using delegatecall.
I-03
A proxy should be used to initialize the contract
Description :
Token name was set to “KunjiFinance”, the document containing the necessary requirements proposed by the development team indicates that the name should be "Kunji Finance".
Recommendations:
Replace ERC20_init("KunjiFinance","KNJ")by__ERC20_init("Kunji Finance", "KNJ");