FanChain Token Receives Passing Audit Report From Hosho, A Global Leader In Blockchain Security

FanChain is a unique ERC-20 token that utilizes ERC-721-style characteristics (when used within the FanChain ecosystem) to “stamp” team-meta-data onto individual tokens, allowing team affinity to be embedded within FanChain tokens. We worked with the team at Hosho, one of the global leader’s in blockchain security, to complete a full token audit. In addition to verifying that this unique team-stamping ability was secure and functional, the Hosho team tested the FanChain token contract to ensure that it:

  1. Implements and adheres to existing ERC-20 Token standards appropriately and effectively;
  2. Documentation and code comments match logic and behavior;
  3. Distributes tokens in a manner that matches calculations;
  4. Follows best practices in efficient use of gas, without unnecessary waste; and
  5. Uses methods safe from reentrance attacks.
  6. Is not affected by the latest vulnerabilities

As per the audit report by Hosho:

[FanChain] is an ERC-20 based token with a series of extensions that permit the “stamping” of coins to different “stamps”. This allows the functional “transfer” of tokens between different systems within a single ERC-20 contract… The Hosho Team has followed best practices and industry-standard techniques to verify the implementation of FanChain’s token contract. To do so, [the token was] reviewed line-by-line by our team of expert pentesters and smart contract developers, documenting any issues as they were discovered. Part of this work included writing a unit test suite using the Truffle testing framework. In summary, our strategies consist largely of manual collaboration between multiple team members at each stage of the review:

  1. Due diligence in assessing the overall code quality of the codebase.
  2. Cross-comparison with other, similar smart contracts by industry leaders.
  3. Testing contract logic against common and uncommon attack vectors.
  4. Thorough, manual review of the codebase, line-by-line.
  5. Deploying the smart contract to testnet and production networks using multiple client implementations to run live tests.

Read the full audit report here, or jump into our GitHub to view our full code.