CyberConnect - CyberToken
Off-Chain (Private)
Audited on 2023/08/03
No active critical issues
Summary
A decentralized social network protocol returning data ownership back to users and helping devs build meaningful social experiences.
Issues (2)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 1 | - | 1 | - | 2 |
Fixed | - | - | - | - | 0 |
| Total | 1 | 0 | 1 | 0 | 2 |
Centralized Balance Manipulation
not_fixed/high
In the contract `CyberToken`, the role `_owner` has the authority to update the token balance of an arbitrary account via `mint` function without sanity restriction. Meanwhile, the role `_owner` has the authority over the following functions: * `renounceOwnership()` - Give up contract ownership and set owner to address(0) * `transferOwnership()` - Transfer the contract ownership to a new address Any compromise to the `_owner` account may allow a hacker to take advantage of this authority and manipulate users' balances.
Draft Openzeppelin Dependencies
not_fixed/low
The contract `CyberToken` utilized draft-IERC20Permit.sol which is a draft Openzeppelin contract. OpenZeppelin contracts may be considered draft contracts if they have not received adequate security auditing or are liable to change with future development. Since 4.9.0 the contract `ERC20Permit` is no longer a draft. More detail can be found in the [change log](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#490-2023-05-23).
Contract (1)
| # | File Name |
|---|---|
| 1 | Unknown Contract |