Alax.io Token Smart Contracts Audit
The audit makes no warranties or statements about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about status of the contracts to purpose, or their bug free status. The audit documentation is for discussion purposes only and should not be construed as an investment advice.
Intro
Cryptodus company was contacted by Alax.io to perform ERC-20 Token Smart Contract audit. The aim of this audit was to ensure that these contracts are not easily attacked by third parties, to ensure that the code is well written and performs according to the business requirements. This audit does not guarantee that that the code is without any bugs, but intends to highlight any areas of weaknesses. The auditor is not responsible for any issues within the smart contracts found during and after the audit.
The audit was performed on smart contract ALAX.sol sent by one of the co-founders via e-mail.
Open-zeppelin contracts
- SafeMath
- Ownable
- ERC20Basic
- ERC20
- BasicToken
- StandardToken
All these contracts are identical to Open-Zeppelin 1.4 classes and used by most of the Tokens.
ALX contract
ALX is a basic standard token. Keeping in mind that Open-Zeppelin contracts are considered as secure and well tested, ALX token is also secure, since it has no custom functionality.
At the deployment all the tokens are assigned to the wallet deploying the Smart Contract.
Issues found
Critical: -
Major: -
Moderate: -
Minor:
- According to solidity style conventions contract naming should be done in CapWords style. Therefore, contract name should be Alax.
- Constants should be named ALL_CAPPS style.
- For the initialSupply variable it is recommended to use SafeMath since it is from open-zeppelin.
Suggestions for improvements
- There is a special open-zeppelin contract for decimals: DetailedERC20 (https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/ERC20/DetailedERC20.sol) and preferably this should be used.
- Follow solidity style guidelines: http://solidity.readthedocs.io/en/develop/style-guide.html
Conclusion
Smart Contract is working as expected and there were no vulnerabilities found. Open-Zeppelin framework is used in the right way, thus increasing the overall security.