Asure Network — Crowdsale Smart Contract audit

Asure.Network Team
Asure Network
Published in
4 min readJul 18, 2019

To ensure that our crowdsale smart contracts are free of security vulnerabilities from one side as well as to prove that we implemented what is specified in our TGE paper, we requested two independent smart contract audits.

The first audit was carried out by Callisto Network and the second by SOMISH Blockchain Labs. Both did excellent smart contract audits and discovered a few issues we fixed by now. Many thanks to both Callisto Network and SOMISH Blockchain Labs!

In this article, we list the issues found and provide our explanation about the bugs fixed.

Audit 1 (Callisto Network) | Audit 2 (SOMISH Blockchain Labs)

Introduction

This Audit Report highlights the overall security of Asure Network CrowdSale Smart Contracts. With these reports, we ensure the reliability of smart contract by complete assessment of smart contract codebase.

Crowdsale Github
https://github.com/AsureNetwork/crowdsale

TGE Paper
https://www.asure.network/asure.network.tge.en.pdf

Audit 1 — Callisto Network (12.06.2019)

In total, 7 issues were reported including:

  • 2 low severity issues.
  • 5 owner privileges.

No critical security issues were found.

Low severity issues

  • Known vulnerabilities of ERC-20 token.
  • Array Size.

Owner privileges (ability of owner to manipulate contract, may be risky for investors)

  • According to the whitepaper, specified parameters of soft cap and hard cap, but in code we can’t see these functions.
  • According to the [whitepaper] the Asure Team and Advisors will receive their tokens over two years after the start of the second phase, but in constructor of AsureCrowdsaleDeployer contract we can’t see the Teams and Advisor vesting parameters.
  • According to the [whitepaper] the minimum Contribution is $ 100 (ETH equivalent), but we can’t see this parameter in code.
  • Update bonus rate, bonus time, crowdsale time and default rate before crowdsale opened. 2. withdraw ETH and tokens funds before the end of sales.
  • Missing individual check for Team members and Advisors tokens.

Audit 1 (Callisto Network)

About Callisto Network

Callisto Network is a decentralized open-source crypto platform based on the go-Ethereum source code with its own cryptocurrency ‘CLO’. The main goal of Callisto is to research and develop a reference implementation of a self-sustaining, self-governed and self-funded blockchain ecosystem and development environment.

WEBSITE | LINKEDIN
TELEGRAM | TWITTER

Audit 2- SOMISH Blockchain Labs (04.07.2019)

In total, 6 issues were reported including:

  • 1 critical issue.
  • 2 major issues.
  • 5 minor issues.

Critical

  • Tokens withdrawable by owner before the end of sale.

Major

  • Missing individual check for Team members and Advisors tokens.
  • Missing check to ensure token vesting for Team Members and Advisors.

Minor

  • Crowdfund investment are being transferred to an unknown address.
  • ERC-20 transfers should be wrapped in require statements.
  • Missing check in mint(),transferFrom() functions.

Audit 2 (SOMISH Blockchain Labs)

About SOMISH Blockchain Labs

Established since 2006, SOMISH is a technology and product development company with expertise in building automation systems using cutting edge technologies. For over 10 years, we have continuously served top line customers with our ability to re-engineer, design, develop and implement automation systems.

WEBSITE | LINKEDIN
TWITTER | CEO TWITTER | AUDITOR TWITTER

Comments from Asure team

After we implemented our smart contracts, we have talked with multiple exchanges about the possibilities of the Initial Exchange Offerings (IEOs) and how appropriate they are for Asure Network. We have determined for ourselves, that IEOs can be very beneficial to us. Because of that, we needed a way to make an additional IEO from the CrowdSale. In order to remain flexible, we reserve the right to carry out IEO on crypto exchange platforms. That’s why some issues were seen as bugs by the reviewers, but for us, it is simply a way to be able to react to newly created financial opportunities.

We have also identified a few bugs by ourselves, they were fixed as well.

Unit Testing Suite — Final Result

✓ 113 passing

❌ 0 failing

Official channels for Asure Network are

To be up to date with our work,
Join Our Community!

TELEGRAM: https://t.me/AsureNetwork
TWITTER: https://twitter.com/AsureNetwork
FACEBOOK: https://www.facebook.com/AsureNetwork
YOUTUBE:
https://www.youtube.com/c/AsureNetwork
LINKEDIN:
https://www.linkedin.com/company/asure

WEBSITE | WHITEPAPER | TGE PAPER |PITCH DECK

Have any questions?

Join our Telegram: https://t.me/AsureNetwork
Follow us on Twitter: https://twitter.com/AsureNetwork
Check out our website: https://www.asure.network

If you like what we do, consider clapping to encourage us to push boundaries even further.

--

--

Asure.Network Team
Asure Network

Asure.Network Team - is a group of insurance and blockchain technology experts. We research social security on blockchain. Website: https://www.asure.network