InstaDApp Audit
Off-Chain (Private)
Audited on 2019/09/17
No active critical issues
Summary
to another account. It also gives the admins of the InstaRegistry contract the ability to change the InstaRegistry admin addresses and register other privileged roles. Audit context and scope InstaDapp is a live project on Ethereum’s mainnet. The code we audited is the code located at the address... 0x498b3bfabe9f73db90d252bcd4fa9548cd0fd981, as verified by Etherscan. This consists of the two top-level contracts: UserWallet and InstaRegistry. We audited these two contracts and the contracts from which they inherit. The InstaRegistry contract is used to deploy new UserWallet instances, track...
Issues (15)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 9 | 6 | - | - | 15 |
Fixed | - | - | - | - | 0 |
| Total | 9 | 6 | 0 | 0 | 15 |
Admin/Owner roles may be burned by mistake
not_fixed/medium
None
Logging a memory pointer instead of the actual data
not_fixed/medium
None
Transfer of wallet ownership can be DoSed — Method 1
not_fixed/medium
None
Transfer of wallet ownership can be DoSed — Method 2
not_fixed/medium
None
Undocumented assembly blocks
not_fixed/medium
None
Various NatSpec issues
not_fixed/medium
None
Function visibilities could be more restrictive
not_fixed/low
None
Function/Modifier/Variable naming could be improved for readability
not_fixed/low
None
Hardcoded gas remainder
not_fixed/low
None
Implicit Returns
not_fixed/low
None
Privileged roles can have only one member
not_fixed/low
None
The proxies map can lose track of wallets
not_fixed/low
None
UserWallet owners may mistakenly burn ownership
not_fixed/low
None
Wallet creation transactions can be made to fail — Method 1
not_fixed/low
None
Wallet creation transactions can be made to fail — Method 2
not_fixed/low
None
Contracts (3)
| # | File Name |
|---|---|
| 1 | flats/InstaRegistry.sol |
| 2 | contracts/UserWallet.sol |
| 3 | contracts/InstaRegistry.sol |