TokenSoft Token

Off-Chain (Private)

Audited on 2020/06/18

No active critical issues

Summary

The code is overall, well-written, easy to understand and is accompanied with thorough testing. The code behaviour also matches the specifications of the token. No critical security issues were detected during this audit. However, the project would benefit greatly from additional documentation, especially in addressing the centralization of power within the token's privileged roles. We recommend these issues be reviewed and resolved prior to the code being used in production. **Update:** As of commit `c09eeb3`, all of the issues are acknowledged or fixed. Documentation is updated to address our highlighted risks and input validations are added in accordingly. However, some best practise issues/typos still remain.

Project

TokenSoft Token

Ethereum

Issues (5)

	Low	Medium	High	Critical	Total
Not fixed	2	1	-	-	3
Fixed	2	-	-	-	2
Total	4	1	0	0	5

Contracts (20)

#	File Name
1	contracts/testing/Escrowable.sol
2	contracts/roles/BurnerRole.sol
3	contracts/capabilities/Mintable.sol
4	contracts/Proxy.sol
5	contracts/testing/TokenSoftTokenEscrow.sol
6	contracts/capabilities/Revocable.sol
7	contracts/capabilities/Proxiable.sol
8	contracts/roles/OwnerRole.sol
9	contracts/roles/RevokerRole.sol
10	contracts/testing/EscrowerRole.sol

#	File Name
1	contracts/testing/Escrowable.sol
2	contracts/roles/BurnerRole.sol
3	contracts/capabilities/Mintable.sol
4	contracts/Proxy.sol
5	contracts/testing/TokenSoftTokenEscrow.sol
6	contracts/capabilities/Revocable.sol
7	contracts/capabilities/Proxiable.sol
8	contracts/roles/OwnerRole.sol
9	contracts/roles/RevokerRole.sol
10	contracts/testing/EscrowerRole.sol

TokenSoft Token

Summary

Issues (5)

Privileged Roles and Ownershipnot_fixed/medium

Allowance Double-Spend Exploitnot_fixed/low

No Proxy Verification for a Contract Account Addressnot_fixed/low

Contracts (20)