FanChain Token Receives Passing Audit Report From Hosho, A Global Leader In Blockchain Security
FanChain is a unique ERC-20 token that utilizes ERC-721-style characteristics (when used within the FanChain ecosystem) to “stamp” team-meta-data onto individual tokens, allowing team affinity to be embedded within FanChain tokens. We worked with the team at Hosho, one of the global leader’s in blockchain security, to complete a full token audit. In addition to verifying that this unique team-stamping ability was secure and functional, the Hosho team tested the FanChain token contract to ensure that it:
- Implements and adheres to existing ERC-20 Token standards appropriately and effectively;
- Documentation and code comments match logic and behavior;
- Distributes tokens in a manner that matches calculations;
- Follows best practices in efficient use of gas, without unnecessary waste; and
- Uses methods safe from reentrance attacks.
- Is not affected by the latest vulnerabilities
As per the audit report by Hosho:
[FanChain] is an ERC-20 based token with a series of extensions that permit the “stamping” of coins to different “stamps”. This allows the functional “transfer” of tokens between different systems within a single ERC-20 contract… The Hosho Team has followed best practices and industry-standard techniques to verify the implementation of FanChain’s token contract. To do so, [the token was] reviewed line-by-line by our team of expert pentesters and smart contract developers, documenting any issues as they were discovered. Part of this work included writing a unit test suite using the Truffle testing framework. In summary, our strategies consist largely of manual collaboration between multiple team members at each stage of the review:
- Due diligence in assessing the overall code quality of the codebase.
- Cross-comparison with other, similar smart contracts by industry leaders.
- Testing contract logic against common and uncommon attack vectors.
- Thorough, manual review of the codebase, line-by-line.
- Deploying the smart contract to testnet and production networks using multiple client implementations to run live tests.