Upon request from the Papyrus team, Ambisafe has conducted an audit on Papyrus PRP prototype token.
The audit has been conducted by the experienced team of developers at Ambisafe, pioneers in Blockchain Technology and solidity language for Smart contracts.
Ambisafe believes it is essential to have audits conducted so to protect future interest.
Ambisafe reviews smart contracts and tokens for potential bugs and vulnerabilities and write an actionable report of every issue found.
The Papyrus Global security audit is available on Github for those who want to understand the more in-depth report: https://github.com/papyrusglobal/security_audit/tree/6094e17789abcf019210e517dc106a
Here’s our assessment and recommendations:
1. Note: it’s not possible to foresee what solidity version will be used in deployed contract.
2. Ownable.sol
Control over token contract might be lost if owner call transferOwnership() with wrong address parameter (receiver lost private key, wrong address used etc).
Possible solution: new owner should accept ownership and confirm that he has access to his address.
3. StandardToken.sol.
Minor: lines 22, 37, 39.
Minor: excess SafeMath usage (overflow is impossible) because of verifications above (lines 21, 35, 36).
Excess gas will be wasted
4. PapyrusPrototypeToken.sol.
Note: mint() function. If _amount.mul(_priceUsd) will be less than 10**18, then amountUsd = 0 and totalCollected will not be increased.
5. PapyrusPrototypeToken.sol.
Note: it is recommended to use unified types declaration style, either uint or uint256, for instance lines 13, 23, 28, 37, 93.
Conclusion
In the Papyrus case, after analyzing the standard token, the ownable dimension of it and the Papyrus Prototype Token, the auditing team has concluded that: “Contracts are well-written and all the controlling functions are protected from unauthorized access. Token transfers can be disabled by the contract owner at any moment, which can be useful in an emergency situation”.
