Open in app

Sign in

Write

Sign in

Alax.io Token Smart Contracts Audit

Disclaimer

Cryptodus
Cryptodus
2 min readApr 30, 2018

--

The audit makes no warranties or statements about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about status of the contracts to purpose, or their bug free status. The audit documentation is for discussion purposes only and should not be construed as an investment advice.

Intro

Cryptodus company was contacted by Alax.io to perform ERC-20 Token Smart Contract audit. The aim of this audit was to ensure that these contracts are not easily attacked by third parties, to ensure that the code is well written and performs according to the business requirements. This audit does not guarantee that that the code is without any bugs, but intends to highlight any areas of weaknesses. The auditor is not responsible for any issues within the smart contracts found during and after the audit.

The audit was performed on smart contract ALAX.sol sent by one of the co-founders via e-mail.

Open-zeppelin contracts

  1. SafeMath
  2. Ownable
  3. ERC20Basic
  4. ERC20
  5. BasicToken
  6. StandardToken

All these contracts are identical to Open-Zeppelin 1.4 classes and used by most of the Tokens.

ALX contract

ALX is a basic standard token. Keeping in mind that Open-Zeppelin contracts are considered as secure and well tested, ALX token is also secure, since it has no custom functionality.

At the deployment all the tokens are assigned to the wallet deploying the Smart Contract.

Issues found

Critical: -

Major: -

Moderate: -

Minor:

  • According to solidity style conventions contract naming should be done in CapWords style. Therefore, contract name should be Alax.
  • Constants should be named ALL_CAPPS style.
  • For the initialSupply variable it is recommended to use SafeMath since it is from open-zeppelin.

Suggestions for improvements

  1. There is a special open-zeppelin contract for decimals: DetailedERC20 (https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/ERC20/DetailedERC20.sol) and preferably this should be used.
  2. Follow solidity style guidelines: http://solidity.readthedocs.io/en/develop/style-guide.html

Conclusion

Smart Contract is working as expected and there were no vulnerabilities found. Open-Zeppelin framework is used in the right way, thus increasing the overall security.

Ethereum
Smart Contracts
Audit
Blockchain

--

--

Cryptodus
Cryptodus

Written by Cryptodus

10 Followers
Editor for

Blockchain & Smart Contracts for your Venture

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams