Conclusion of the smart contract audit.

As mentioned before, Matthew Di Ferrante, security engineer at Ethereum has performed a thorough audit of the smart contract code for the token sale.

The full result of the audit can be found in the Github repository of the contracts, or directly at https://github.com/DataBrokerDAO/crowdsale-contracts/blob/master/audit/databroker-audit.pdf

Anti spam methods

The contracts have some anti spam functionality built in:

  • Only normal addresses can send ETH, not contracts to prevent scalping.
  • The gasprice can be no higher than 50 Gwei to prevent outrageous transaction fees.
  • Each address can only send ETH once per 100 blocks, to prevent flooding the chain with many small transactions.

Matthew rightly notices in his analysis that these measures are only a stop gap measure since anyone with the skill can just spread their actions across large number of addresses.

While this is true, there is no protocol level measure to prevent this, and as such are the implemented measures the best available method preventing spam and outrageous behaviour.

MiniMe and the MiniMe controller

A benefit of using industry standards is that reusable code has been audited by many different firms before. In this case the MiniMe contract and the way to use it correctly has been audited before by CoinFabrik, BlockchainLabs and OpenZeppelin.

There is only one potential vulnerability in MiniMe, the ERC20 Short Address “Attack”. Since there are have never been found ways to take advantage, all ways to circumvent this issue have been deemed ineffective and projects use it with great success (Aragon, Swarm City, Mothership CX, Status and many more), we have declined to implement these troublesome mitigations.

For DataBrokerDAO, Matthew has verified that the usage of the contract is correct and safe while he did note that it is very important to make sure the controller of the token, is in fact a contract during the phases where there is no trading allowed.

Conclusion

I would like to thank Matthew for this diligent work on making sure the token, sale and all funds are secure.

This would not have been possible without the great work of teams like Aragon, Status, Mothership CX and most of all Giveth. Thanks!

More details on the platform can be found in our whitepaper:

Any questions, opportunities or partnership requests are welcome on any of these channels:

Don’t forget, the token sale starts September 18th, 2017 at 5PM CET! More info on https://databrokerdao.com