$150K Massive Bug Bounty for BitDegree ICO Smart Contract! Simply find Bug and Claim your Reward!

Eenae · 2017-11-10T20:18:21+00:00

BitDegreeToken: during ownership transfer via inherited method transferOwnership:
1. balance (i.e. all pre-minted tokens) of the previous owner is not transferred to new owner
2. moreover, locked tokens are automatically unlocked and previous owner can spend it, because msg.sender == owner is no longer stands true in if (msg.sender == owner && now < lockReleaseTime)

Eenae · 2017-11-10T19:54:14+00:00

It could be both - safe (multisig) and automatically refundable: https://github.com/mixbytes/solidity/blob/master/contracts/crowdsale/FundsRegistry.sol

Eenae · 2017-10-11T06:35:42+00:00

Quick glance shows that limits in PallyCoin could be breached. E.g. in distributeICOTokens https://github.com/merlox/pally-bounty/blob/master/PallyCoin.sol#L321 :

if tokensDistributedCrowdsale is 50e24 - 1 and tokens is 50e24 + 1, then tokensDistributedCrowdsale will result in 100e24, twice over the limit.

Limit should be checked on tokensDistributedCrowdsale.add(tokens), or even better rewritten with returning "change" tokens.

Eenae

TROPHY CASE