MoonX Smart Contracts Audit Report

Abhishek Sharma
Nov 26, 2019 · 6 min read

We’ve been asked by the MoonX team to review and audit their smart contracts.

by QuillAudits, March 2019

Introduction :

This Audit Report highlights the overall security of MoonMoneyChain Smart Contract. With this report, we have tried to ensure the reliability of their smart contract by complete assessment of their system’s architecture and the smart contract code-base.

Auditing Approach and Methodologies applied :

Quillhash team has performed thorough testing of the project starting with analysing the code design patterns in which we reviewed the smart contract architecture to ensure it is structured and safe use of third party smart contracts and libraries.

Our team then performed a formal line by line inspection of the Smart Contract in order to find any potential issue like race conditions, transaction-ordering dependence, timestamp dependence, and denial of service attacks.

In the Unit testing Phase we coded/conducted Custom unit tests written for each function in the contract to verify that each function works as expected. In Automated Testing, We tested the Smart Contract with our in-house developed tools to identify vulnerabilities and security flaws.

The code was tested in collaboration of our multiple team members and this included -

  1. Testing the functionality of the Smart Contract to determine proper logic has been followed throughout.
  2. Analyzing the complexity of the code by thorough, manual review of the code, line-by-line.
  3. Deploying the code on test-net using multiple clients to run live tests
  4. Analyzing failure preparations to check how the Smart Contract performs in case of bugs and vulnerabilities.
  5. Checking whether all the libraries used in the code are on the latest version.
  6. Analyzing the security of the on-chain data.

Audit Details

  • Project Name: MOON MONEY CHAIN
  • Client Name: Nithin palavalli
  • website/Etherscan Code : https://moon.family
  • Languages: Solidity(Smart contract), JavaScript(Unit Testing)

Summary of moon money chain Smart Contract :

QuillAudits conducted a security audit of a smart contract of Moonx. Moon money chain contract is used to create the ERC20 token which is a MM token, Smart contract contain basic functionalities of ERC20 token with total supply of 2400 million.

Audit Goals

The focus of the audit was to verify that the smart contract system is secure, resilient and working according to its specifications. The audit activities can be grouped in the following three categories:

Security: Identifying security related issues within each contract and within the system of contracts.

Sound Architecture: Evaluation of the architecture of this system through the lens of established smart contract best practices and general software best practices.

Code Correctness and Quality: A full review of the contract source code. The primary areas of focus include:

  • Correctness
  • Readability
  • Sections of code with high complexity
  • Quantity and quality of test coverage

Security Level references :

Every issue in this report was assigned a severity level from the following:

High severity issues will bring problems and should be fixed.

Medium severity issues could potentially bring problems and should eventually be fixed.

Low severity issues are minor details and warnings that can remain unfixed but would be better fixed at some point in the future.

High severity issues:-

No High Severity Issue.

Medium Severity Issues:-

No Medium Severity Issue.

Low Severity Issues:-

  1. Solidity version must be fixed (Always use latest Version).

It should not pragma solidity ^0.5.0;

It should be pragma solidity 0.5.0;

Status : Not an issue as contract is already deployed on Mainnet with same development and deployment version.

version should be fixed so that development phase and deployment phase should have same solidity version.

2. Use safe math library operation at all places.

Line 190 transferFrom() function, safe math operation is not used to subtract allowance.

Status : Not considered as an issue because multiple checks are already used before transferring tokens.

3. Name of a token in smart contract is contradict with name of token in a doc you filled.

Name of a token in Contract : “MM Moon Money”

Name of a token in document : “Moon Money Chain”

Status : Not considered as an issue.

(as conveyed by development team of MoonX, Code that has been provided to us for security audit may be different from the code that is on Mainnet and token name is correct on Mainnet.)

Unit Testing

Test Suite

Contract: Moon Money Token

Final Result of Test:

✓ 20 Passing (3s) PASSED

❌ 0 Failed

Coverage Report :

TokenA is a sample contract use to check functionality of transfer ERC20 tokens function.

Slither Tool Result :

Implementation Recommendations :

  • You can Use pausable library to stop functionalities of smart contract in case of attack on smart contract.
  • Remove unnecessary code while deploying on main net.

Comments:

Use case of smart contract is very well designed and Implemented.Overall, the code is clearly written, and demonstrates effective use of abstraction, separation of concerns, and modularity. MoonX development team demonstrated high technical capabilities, both in the design of the architecture and in the implementation.

All the low severity issues either not considered as an issue by MoonX development or not an valid issue as code is already deployed on Mainnet.

Note : Code that has been provided to us for security audit is secure and all the issues raised in initial audit is closed.

Transaction hashes

Network : rinkeby

Initial Audit Report : 10th March 2019.

Initial Audit Report feedback by MoonX : 10th March 2019.

Final Audit Report (Review of Initial Audit report Fixes) : 11th March 2019

You can request for Audit by filling a form :

https://quillhash.typeform.com/to/KQ5Hhm

To be up to date with our work, Join Our Community :-

QuillHash

Delivering Enterprise-grade blockchain technology to leading companies worldwide.

Abhishek Sharma

Written by

Lead Blockchain Developer and Auditor ~ Quillhash Technologies

QuillHash

QuillHash

Delivering Enterprise-grade blockchain technology to leading companies worldwide.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade