Skale Token Security Smart Contract Audit

Summary

Executive summary In January 2020, SKALE engaged us to conduct a security assessment of the Skale Network Delegation contracts and ERC777 implementation. The SKALE Manager orchestrates and administers the entirety of the SKALE Network with respect to business, engineering, and security operations. The Manager is comprised as a set of Solidity contracts and is built to be deployed on the Ethereum mainnet. The Manager system is organized for upgradability by separating data and functional contract functionality. The first review was conducted over two weeks, from January 27th to February 7th, by Sergii Kravchenko and Shayan Eskandari. A total of 15 person-days were spent during this period. Because of the massive code changes following the first review, SKALE engaged us for a secondary review. This portion of the engagement consisted of 160 hours (20 person-days).

Project

SKALE

Ethereum

No active critical issues

Last audited on 2020/09/30

Auditor

59 audits on Trustblock

Multi-Tags

Issues (30)

	Low	Medium	High	Critical	Total
Not fixed	2	2	-	-	4
Fixed	2	10	12	2	26
Total	4	12	12	2	30

Contracts (11)

#	File Name
1	contracts/delegation/DelegationRequestManager.sol
2	contracts/delegation/DelegationService.sol
3	contracts/delegation/DelegationController.sol
4	contracts/delegation/TokenState.sol
5	contracts/delegation/TimeHelpers.sol
6	contracts/delegation/SkaleBalances.sol
7	contracts/delegation/DelegationPeriodManager.sol
8	contracts/ERC777/LockableERC777.sol
9	contracts/delegation/ValidatorService.sol
10	contracts/delegation/TokenSaleManager.sol

Skale Token

Summary

Issues (30)

Delegations might stuck in non-active validatornot_fixed/medium

Disabled Validators still have delegated fundsnot_fixed/medium

Add timelock for some onlyOwner functionsnot_fixed/low

Lack of logs and events on state changesnot_fixed/low

Contracts (11)