Smart contract audit for Refactor project

Code repository:

The version of the contracts for which the audit was conducted:

Revision version:…cedc5ff105e332b7fa1aa1e23600d4d91453a901

Classification of identified problems

CRITICAL – the possibility of theft of the ether / tokens or their blocking without the possibility of restoring access or other loss of ether / tokens due to any party, for example, dividends.

SERIOUS – the possibility of violations of the contract, in which to restore its correct operation, it is necessary to modify the state of the contract manually or completely replace it.

WARNINGS – the possibility of violation of the planned logic of the contract or the possibility of organizing a DoS attack on the contract.

NOTES – all other remarks.

Methodology of audit

The contract code is manually scanned for known vulnerabilities, logic errors, WhitePaper compliance. If necessary, unit tests are written for questionable moments.

Identified problems


– None



The technical characteristics of the token indicate that the token contract must have a “burning” function. This function is implemented, but you can only burn your own tokens. Judging by the technical characteristics (the remainder of unsold tokens can be manually “burned” at the end of all activities) there should be a function of burning tokens by the organizers. Thus, in the current version of the contract, unsold tokens will remain on the crowdsale contract without the possibility of withdrawal.



In the version of the StandardToken contract from the Zeppelin Solidity library, an error error was found, which allows to generate a false event about the transfer to itself of any number of tokens, even exceeding the ones available.


Probably, in the formula the excess division by 1 ETH. with the current formula, to set the price of the token to 1 dollar, you need to call the setRate method with the parameter 300 * 10 ^ 18. It is better to implement the rate without such a number of zeros, so that there are fewer opportunities to make a mistake.

Implemented in


We also recommend adding an event:

Transfer (burner, 0, _value);
in order for wallets, and other clients to see the fact of the balance change. Without this, many investors simply will not see their tokens in their wallets.

A similar problem exists in the token constructor, , there should be added:



1. The latest version of the Zeppelin Solidity library is not used. Changes in the new version:

fixed a bug in the transferFrom function of the StandardToken contract (see p.1 of the warnings)
In the functions of contracts explicitly specified visibility modifiers
optimization in mul function from SafeMath, slightly reducing gas consumption
in the contracts BasicToken, StandardToken, BurnableToken in the functions transfer, transferFrom and burn are added checks of input parameters that do not burn all gas in case of failure: a check for transfer to a zero contract and that the value for transfer / incineration is less than the balance and allowable for transfer amount.


The field digits in the token usually do the type uint8, this field is not described in ERC20, but it was suggested in ERC223 ( In the example on ( and in the Zeppelin Solidity library in the example ( uint8

Implemented in


The technical characteristics of the token indicate that the token contract must have such functions as “Transfer of owner rights” and “Are Ownable”. For a token contract, this is not done, but it may be necessary if the function of burning tokens in the token contract is added.

4. In the mechanics of the contract, there is a reference to the “shelf life” of the contract (which is 365 days). This is not implemented.

5. In the comments to those. the description is written, why the signature of three people of actions with contracts was not realized. Usually, to make these minuses irrelevant, they make it possible to perform actions that are not signed by all the owners. For example, signed by two owners of three.

6. In the comments to those. The description is written, why the distribution of funds for purses was not realized. But to find out the balance of any address is quite simple:


There is no check for the amount of transmitted ETH, you can buy 0 tokens.

Implemented in в


Blanks ADDRESS_FOR_TOKENS, ADDRESS_FOR_ETH, START_DATETIME – bad practice, because will require code modification before deployment, which is fraught with errors.


modifier onlyOwner is redundant inCrowdsale


Pointless line. In addition, the default rate is 0 and its installation is not monitored before / during the beginning of crowdsale – this is fraught with the fact that if you forget or do not have time to install it, payments will pass for which 0 tokens will be credited.

It is necessary to specify in the instruction about the need to set the rate in this line before the contract is deployed and allocated visually.

Implemented in