RCN Network

RCN Smart Contracts Audit v2

Pablo Yabo1 Comment

Reading Time: 3 minutes

Summary The smart contracts that have been audited were taken from the RCN repository at: https://github.com/ripio/rcn-network/tree/v2. The audit is based on the commit 3ded36151ad55543d16c354e70161852de4061d0, which was updated to reflect changes at: 052e5fd4d77301e854d0ecdaadbd785dd91950ce. The audited files are: NanoLoanEngine.sol: Lending engine examples/BasicScoreProvider.sol: Example examples/ReferenceCosigner.sol: Example of a cosigner examples/ReferenceOracle.sol: Example of an oracle interfaces/Cosigner.sol: Interface of cosigners […]

Theta Token Sale Security Audit

Pablo Yabo2 Comments

Reading Time: 3 minutes

Introduction Coinfabrik was asked to audit the contracts for the Theta Token sale. In the first part, we will give a summary of our discoveries and follow them with the details of our findings. The contracts audited are from the Theta repository at https://github.com/thetatoken/theta-erc20-token-sale. The audit is based on the commit 46592ac461949fa793b9d0dc1f59df9bf7ea07f3 and updated to […]

Worldbit Logo

Worldbit Token Sale Smart Contract Audit

Pablo Yabo1 Comment

Reading Time: 7 minutes

Introduction CoinFabrik’s Smart Contract Audit team audited WorldBit Token sale ICO’s smart contracts. The contracts audited are taken from the WorldBit repository on https://github.com/CoinFabrik/ico/tree/world-bit. The audit is based on the commit 445cc0c28894a85cb58f54631666deafdd35d859, and updated to reflect changes on 21abcc3bde6d64d4aee391544fc9332fc9f2749d. Summary The audited contracts are: ERC20Basic: non-approval half of ERC20 interface. ERC20: Full ERC20 interface. FractionalERC20: Full ERC20 […]

Realisto Token Logo

Realisto Token Sale Smart Contract Audit

Pablo Yabo1 Comment

Reading Time: 5 minutes

By Ismael Bejarano and Pablo Yabo Introduction Coinfabrik smart contract audit’s team was hired to review the contracts for the Realisto’s ICO or token sale. We audited the contracts from repository https://github.com/realisto/smartcontract at commit b8f68bd4330f4852260636c00013794ffec1c6a7. In the next section, we provide a short summary of the contracts and our discoveries. After that, we present our […]

Flixxo Token

Flixxo Token Sale Audit

Pablo Yabo1 Comment

Reading Time: 7 minutes

By Ismael Bejarano and Pablo Yabo Introduction Coinfabrik’s smart contracts auditing team was asked to audit the contracts for the Flixxo Token sale. In the first part, we will give a summary of our discoveries and then the details of our findings. The audited contracts are in Flixxo repository on https://github.com/AdrianClv/icofunding-flixxo. The audit is based on […]

Lif Token

Líf Token Smart Contract Audit

Pablo YaboNo Comments

Reading Time: 10 minutes

By Pablo Yabo and Ismael Bejarano Introduction CoinFabrik’s smart contract audit team was requested to review contracts of the Líf Token for the Winding Tree platform. In the following sections, we will write the discoveries of this process. The contracts audited are from the repository https://github.com/windingtree/LifToken, the audit was started at commit fa503ebe495b7ec11d19333731b1f506e897929b, and completed […]

REAL token

Smart Contract Audit: REAL Estate Crypto Token

Pablo Yabo2 Comments

Reading Time: 4 minutes

By Sergio Demian Lerner 1. Executive Summary In August 2017, REAL engaged Coinfabrik smart contract audit team to perform a security audit of the REAL crowdsale smart contracts. The purpose of the audit was to evaluate the security of the smart contracts. The source code was retrieved by Coinfabrik from https://github.com/RealEstateAssetLedger/real_contract commit e8af021445785ad0e36c54adf6568b079ec6293d on August […]

Smart Contract Short Address Attack Mitigation Failure

Pablo Yabo11 Comments

Reading Time: 3 minutes

Overview Our  smart contract audit team found that Short Address Attack mitigations can cause several problems with smart contracts. A Short Address Attack is when a contract receives less data than it was expecting, and Solidity fills the missing bytes with zeros. The deployed smart contract cannot prevent this and will interpret those extra zeros as […]