Lunaray Token Security Scan Report

According to Lunaray Security Team, the Token contract security scanning platform has completed the automatic security scan of the goblintown (GOBLIN) contract and the security risk level is Low.

The scan result is only for general security vulnerabilities and is not used as the final contract security audit result, nor as investment advice for users. If you have any questions, please contact support@lunaray.co.

The scan contract address:

0xbCe3781ae7Ca1a5e050Bd9C4c77369867eBc307e

The scan tool:

Lunaray Token Security

Scan result:

Onlyowner: There are one or more methods in the contract that only the administrator can operate.

Self transfer:There may be a risk of deflation if the same addresses are not identified at the time of transfer.

No events added:Failure to add method events may result in users or administrators being unable to determine the details of their actions.

Redundant code:There are unused internal methods in the contract, which may result in additional gas consumption.

timestamp:Timestamps may be manipulated by miners

Dangerous strict equivalence:Dangerous strict equivalence testing

Fake Recharge:The mild if/else-only judgment is a sloppy way of coding in sensitive function scenarios such as transfer, and will lead to false recharge vulnerabilities.

Hard coding:Unspecified constants that appear in the code can lead to problems such as poor readability of the code.

Incorrect modifier:Incorrect modifier

No safemath library: An integer variable can only have a certain range of numbers represented, and exceeding the range of values expressed by the variable type will result in an integer overflow vulnerability.

Public suicide function calls:Public suicide function calls

Re entrancy:The attacker builds a contract containing malicious code at an external address in the [Fallback function].

Unchecked empty address:No judgement is made on the address passed in, if the address is a address(0), the address cannot be modified again

Unchecked transfer return:Failure to check the method return value when sending tokens using the send or call.value methods in the contract code will lead to unexpected results.

Unspecified method visibility:The visibility of contract functions is public by default, so functions that do not specify any visibility can be called externally by the user.

Unused local variables:Unused local variables

Unused return values:The return value of an external call is not stored in a local or state variable

Using sha3:sha3 is not secure in solidity

Wrong storage usage:Objects that have not changed their state, using storage to initialize variables will increase gas consumption, risking overrunning the limit and increasing the risk of memory overwriting.

INFO SECURITY:

Lunaray social media
Twitter: https://twitter.com/lunaray_sec

Github: https://github.com/LunaraySec

Telegram:http://t.me/LunaraySec

Facebook: https://www.facebook.com/lunarayblockchain

Quora:https://blockchainsecurityaudit.quora.com/

Reddit:https://www.reddit.com/user/Lunarayblockchain/

Instagram: https://www.instagram.com/lunarayblockchain02/

Website: https://lunaray.co

--

--

--

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SDBS #23 |Getting Started with the QPoS Public Testnet

Hacking a Telecommunication company(MTN)

$OSWAP Staking on OpenSwap

Encrypted currency trading platform encountered Log4Shell (CVE-2021–44228) vulnerability attack and…

Is 'Privacy' a myth in this technological-era?

HOW KEYSTROKE LOGGER IS PROPITIOUS FOR FIRMS HAVING THEIR EMPLOYEES WORK FROM HOME?

Docker Private Registry + Let’s Encrypt on Ubuntu 18.04

Your New Network Security Champion: NIST vs. CIS — itSynergy

IT Services Phoenix

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from Medium

Lunaray Token Security Scan Report

Security Implications of selfdestruct() in Solidity — Part 1

“Damn Vulnerable DeFi Wargame” Challenge #2 — Naive receiver Contract Analysis

Lunaray Token Security Scan Report