Cyberconnect - cybervesting
Off-Chain (Private)
Audited on 2023/08/15
No active critical issues
Summary
A decentralized social network protocol returning data ownership back to users and helping devs build meaningful social experiences.
Issues (5)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 3 | 1 | 1 | - | 5 |
Fixed | - | - | - | - | 0 |
| Total | 3 | 1 | 1 | 0 | 5 |
Centralization Risks in CyberVesting.sol
not_fixed/high
In the contract `CyberVesting` the role `_owner` has authority over the function shown in the diagram below. Any compromise to the `_owner` account may allow the hacker to take advantage of this authority and call `recoverERC20()` to withdraw ERC20 tokens from `CyberVesting`. 
Lack of validations in the `recoverERC20()` funct
not_fixed/medium
The owner can call `recoverERC20()` to transfer any ERC20 tokens from the `CyberVesting` contract. If the owner withdraws a portion of the Cyber tokens before the release end time, `_start + _duration * _numVestings`, there will not be enough tokens to release.
Lack of input validation for `start_`
not_fixed/low
The input `start_` of constructor is missing a check to ensure it is greater than `block.timestamp`.
Lack of sanity check to ensure the Cyber token is
not_fixed/low
The `CyberVesting` contract lacks a sanity check to ensure the Cyber token balance is sufficient to be released.
Missing Emit Events
not_fixed/low
There should always be events emitted in the sensitive functions that are controlled by centralization roles.
Contract (1)
| # | File Name |
|---|---|
| 1 | src/core/CyberVesting.sol |