A Smart Contract audit is fundamentally the same as a regular code audit – which is meticulously investigating code to find security flaws and vulnerabilities before the code is publicly deployed. It’s like testing a bridge before it’s opened to the public. In both cases, the builders have a responsibility for the security and safety of their products. As the blockchain is essentially a replicated, append-only linked “list” of Merkle trees (that is therefore immutable), and Smart Contracts are self-executing.
The audit outline this guide provides applies to Smart Contracts in general, but is tailored towards Ethereum contracts, which are by far the most popular, and thus transacting the most funds, putting them at the highest risk of attack and at greatest need of auditing.
Topic: INVESTOR AND BOUNTY HUNTER: How to avoid scams? (Read 596 times)
It was a good idea.
It seems that participants wishing to get free tokens a little. Get a smart contract and regain the cost of its development is a very good idea.
There are many signs of scams during the ICO, but I would like to draw your attention to one, in my opinion the most important.
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
https://pp.userapi.com/c831408/v831408033/16f1d8/dHXNIskb73E.jpg
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
https://pp.userapi.com/c831408/v831408033/16f1d8/dHXNIskb73E.jpg
I tried to send BGX to audit. Silence in return. Poor functionality. It is not clear whether the application is accepted or not, at what stage it is located.
Judging by the latest reports from the auditors, they will only check smart contracts of immediate developers. So, if you want to check what kind of project, then contact the developers themselves.
"Amazing News!!!
Callisto excited to launch a new referral program."
There was a lot of joy until they said that the service was only for the owners of smart contracts.
"I can bet with you that the team will change their mind and start working for investors, but not exclusively for developers."
- I agree with these words.
I see that nothing offered by investors is accepted for audit? This is a short-sighted act. Identified errors of other projects could create an information noise that could benefit Callisto.
this makes me happy, making me wait for the good news from this project, hopefully everything will run smoothly and well, all efforts will pay off, fighting.
Judging by the latest reports from the auditors, they will only check smart contracts of immediate developers. So, if you want to check what kind of project, then contact the developers themselves.
"Amazing News!!!
Callisto excited to launch a new referral program."
There was a lot of joy until they said that the service was only for the owners of smart contracts.
I can bet with you that the team will change their mind and start working for investors, but not exclusively for developers.
Judging by the latest reports from the auditors, they will only check smart contracts of immediate developers. So, if you want to check what kind of project, then contact the developers themselves.
"Amazing News!!!
Callisto excited to launch a new referral program."
There was a lot of joy until they said that the service was only for the owners of smart contracts.
You can upload smart contracts to the CLO network from ETH. Choose the most interesting projects and go ahead. In Callisto, the commission is quite cheap.
Judging by the latest reports from the auditors, they will only check smart contracts of immediate developers. So, if you want to check what kind of project, then contact the developers themselves.
So they are fools. Why give up hundreds of thousands of potential customers? Bad marketing and market analysis for their product.
Judging by the latest reports from the auditors, they will only check smart contracts of immediate developers. So, if you want to check what kind of project, then contact the developers themselves.
Auditing time: 10 days!
I will check all smart contracts in which I invest and which I advertise.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
It looks like soon will be ready to audit the smart contract that you have in your signature https://github.com/EthereumCommonwealth/Auditing/issues/16
P.S. Attention to those who sent requests! Check your email. I received a letter and you probably too.
Do I need to register with github? Without this, they will not agree to audit a smart contract?
This is not difficult to do (register with github). Follow the instructions received in the letter.
I will check all smart contracts in which I invest and which I advertise.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
It looks like soon will be ready to audit the smart contract that you have in your signature https://github.com/EthereumCommonwealth/Auditing/issues/16
P.S. Attention to those who sent requests! Check your email. I received a letter and you probably too.
Do I need to register with github? Without this, they will not agree to audit a smart contract?
I will check all smart contracts in which I invest and which I advertise.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
It looks like soon will be ready to audit the smart contract that you have in your signature https://github.com/EthereumCommonwealth/Auditing/issues/16
P.S. Attention to those who sent requests! Check your email. I received a letter and you probably too.
Now most projects do not have any smart contracts at the start. They first collect money)))
Now I will check every project I participate in, because it's a great tool for analysis!
Now most projects do not have any smart contracts at the start. They first collect money)))
And you checked the project that advertised in the signature?
Now most projects do not have any smart contracts at the start. They first collect money)))
It is useful to know from the very start which team has a sufficient level of knowledge in coding ...
Yes, knowing the information helps to make the right decision. Already ordered a lot of audits ... let's see what happens.
When will the results of the audit be? Where are the links to the reports?
I do not know the exact answer. The results will be reported to us by those who send information for the audit. The answer will come to the email they specified when completing the form.
When will the results of the audit be? Where are the links to the reports?
Suspicion of a scam and unprofessionalism.
To make a decision, I need to know if there are any critical errors in the code.
How long will the audit be conducted?
http://swish.pw/
https://etherscan.io/address/0x924fc576b7166e1a06e42340ec9c8e8405522789#code
To make a decision, I need to know if there are any critical errors in the code.
How long will the audit be conducted?
http://swish.pw/
https://etherscan.io/address/0x924fc576b7166e1a06e42340ec9c8e8405522789#code
Code:
pragma solidity ^0.4.17;
/**
* @title ERC20Basic
* @dev Simpler version of ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/179
*/
contract ERC20Basic {
uint256 public totalSupply;
function balanceOf(address who) public constant returns (uint256);
function transfer(address to, uint256 value) public returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
}
/**
* @title ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/20
*/
contract ERC20 is ERC20Basic {
function allowance(address owner, address spender) public constant returns (uint256);
function approve(address spender, uint256 value) public returns (bool);
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a * b;
assert(a == 0 || c / a == b);
return c;
}
function div(uint256 a, uint256 b) internal pure returns (uint256) {
// assert(b > 0); // Solidity automatically throws when dividing by 0
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
assert(b <= a);
return a - b;
}
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
assert(c >= a);
return c;
}
}
/**
* @title Basic token
* @dev Basic version of StandardToken.
*/
contract BasicToken is ERC20Basic {
using SafeMath for uint256;
mapping(address => uint256) balances;
/**
* @dev transfer token for a specified address
* @param _to The address to transfer to.
* @param _value The amount to be transferred.
*/
function transfer(address _to, uint256 _value) public returns (bool) {
balances[msg.sender] = balances[msg.sender].sub(_value);
balances[_to] = balances[_to].add(_value);
emit Transfer(msg.sender, _to, _value);
return true;
}
/**
* @dev Gets the balance of the specified address.
* @param _owner The address to query the the balance of.
* @return An uint256 representing the amount owned by the passed address.
*/
function balanceOf(address _owner) public constant returns (uint256 balance) {
return balances[_owner];
}
}
/**
* @title Standard ERC20 token
*
* @dev Implementation of the basic standard token.
* @dev https://github.com/ethereum/EIPs/issues/20
*/
contract StandardToken is ERC20, BasicToken {
mapping (address => mapping (address => uint256)) allowed;
/**
* @dev Aprove the passed address to spend the specified amount of tokens on behalf of msg.sender.
* @param _spender The address which will spend the funds.
* @param _value The amount of tokens to be spent.
*/
function approve(address _spender, uint256 _value) public returns (bool) {
// To change the approve amount you first have to reduce the addresses`
// allowance to zero by calling `approve(_spender, 0)` if it is not
// already 0 to mitigate the race condition described here:
// https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
require((_value == 0) || (allowed[msg.sender][_spender] == 0));
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
return true;
}
/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
* @param _owner address The address which owns the funds.
* @param _spender address The address which will spend the funds.
* @return A uint256 specifing the amount of tokens still available for the spender.
*/
function allowance(address _owner, address _spender) constant public returns (uint256 remaining) {
return allowed[_owner][_spender];
}
}
/**
* @title Ownable
* @dev The Ownable contract has an owner address, and provides basic authorization control
* functions, this simplifies the implementation of "user permissions".
*/
contract Ownable {
address public owner;
/**
* @dev The Ownable constructor sets the original `owner` of the contract to the sender
* account.
*/
function Ownable() public {
owner = msg.sender;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
/**
* @dev Allows the current owner to transfer control of the contract to a newOwner.
* @param newOwner The address to transfer ownership to.
*/
function transferOwnership(address newOwner) onlyOwner public {
require(newOwner != address(0));
owner = newOwner;
}
}
/**
* @title Mintable token
* @dev Simple ERC20 Token example, with mintable token creation
* @dev Issue: * https://github.com/OpenZeppelin/zeppelin-solidity/issues/120
*/
contract MintableToken is StandardToken, Ownable {
event Mint(address indexed to, uint256 amount);
event MintFinished();
bool public mintingFinished = false;
modifier canMint() {
require(!mintingFinished);
_;
}
/**
* @dev Function to mint tokens
* @param _to The address that will recieve the minted tokens.
* @param _amount The amount of tokens to mint.
* @return A boolean that indicates if the operation was successful.
*/
function mint(address _to, uint256 _amount) onlyOwner canMint public returns (bool) {
totalSupply = totalSupply.add(_amount);
balances[_to] = balances[_to].add(_amount);
emit Mint(_to, _amount);
return true;
}
/**
* @dev Function to stop minting new tokens.
* @return True if the operation was successful.
*/
function finishMinting() onlyOwner public returns (bool) {
mintingFinished = true;
emit MintFinished();
return true;
}
}
contract SWISH is MintableToken {
string public constant name = "SWISH";
string public constant symbol = "SWI";
uint32 public constant decimals = 18;
}
Well done! Great idea! For a long time it was necessary to bring scammers to the surface.
It seems that Callisto will indeed audit all suspicious smart contracts.
Cool! If earlier it was possible to check all the smart contracts, how much money investors would be saved!)
I need to know if there are errors in the code.
https://bitcointalksearch.org/topic/token-sale-airdrop-ndex-next-generation-decentralized-erc20-exchange-4479873
https://bitcointalksearch.org/topic/token-sale-airdrop-ndex-next-generation-decentralized-erc20-exchange-4479873
Code:
pragma solidity ^0.4.21;
interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; }
contract NDEX {
// Public variables of the token
string public name = "nDEX";
string public symbol = "NDX";
uint8 public decimals = 18;
// 18 decimals is the strongly suggested default
uint256 public totalSupply;
uint256 public NdexSupply = 15000000000;
uint256 public buyPrice = 10000000;
address public creator;
// This creates an array with all balances
mapping (address => uint256) public balanceOf;
mapping (address => mapping (address => uint256)) public allowance;
// This generates a public event on the blockchain that will notify clients
event Transfer(address indexed from, address indexed to, uint256 value);
event FundTransfer(address backer, uint amount, bool isContribution);
/**
* Constrctor function
*
* Initializes contract with initial supply tokens to the creator of the contract
*/
function NDEX() public {
totalSupply = NdexSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount
balanceOf[msg.sender] = totalSupply; // Give NDX Mint the total created tokens
creator = msg.sender;
}
/**
* Internal transfer, only can be called by this contract
*/
function _transfer(address _from, address _to, uint _value) internal {
// Prevent transfer to 0x0 address. Use burn() instead
require(_to != 0x0);
// Check if the sender has enough
require(balanceOf[_from] >= _value);
// Check for overflows
require(balanceOf[_to] + _value >= balanceOf[_to]);
// Save this for an assertion in the future
uint previousBalances = balanceOf[_from] + balanceOf[_to];
// Subtract from the sender
balanceOf[_from] -= _value;
// Add the same to the recipient
balanceOf[_to] += _value;
emit Transfer(_from, _to, _value);
// Asserts are used to use static analysis to find bugs in your code. They should never fail
assert(balanceOf[_from] + balanceOf[_to] == previousBalances);
}
/**
* Transfer tokens
*
* Send `_value` tokens to `_to` from your account
*
* @param _to The address of the recipient
* @param _value the amount to send
*/
function transfer(address _to, uint256 _value) public {
_transfer(msg.sender, _to, _value);
}
/// @notice Buy tokens from contract by sending ether
function () payable internal {
uint amount = msg.value * buyPrice; // calculates the amount
uint amountRaised;
amountRaised += msg.value; //many thanks bois, couldnt do it without r/me_irl
require(balanceOf[creator] >= amount); // checks if it has enough to sell
require(msg.value <= 10**17); // so any person who wants to put more then 0.1 ETH has time to think!
balanceOf[msg.sender] += amount; // adds the amount to buyer's balance
balanceOf[creator] -= amount; // sends ETH to NDXMint
emit Transfer(creator, msg.sender, amount); // execute an event reflecting the change
creator.transfer(amountRaised);
}
}
We need to check all the smart contracts)))
I added a smart contract for the audit, but I can not believe that there will be a result.
https://github.com/EIPlatform/EMI-Token/blob/master/EMI.sol
Suspicious project.
https://github.com/EIPlatform/EMI-Token/blob/master/EMI.sol
Suspicious project.
There are many signs of scams during the ICO, but I would like to draw your attention to one, in my opinion the most important.
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
https://pp.userapi.com/c831408/v831408033/16f1d8/dHXNIskb73E.jpg
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
https://pp.userapi.com/c831408/v831408033/16f1d8/dHXNIskb73E.jpg
It is useful to know from the very start which team has a sufficient level of knowledge in coding ...
I have at least 15 projects for you to check. Now I will collect all their data for the query and write the order.
Good. I'll look at some project with the "scent" of the scam and add it to the audit. Well came up with the guys!
I will add to the bookmarks. I think I will use this service.
What is there to think about?
The procedure is as follows:
1. Find the source code of a smart contract. For example: https://etherscan.io/address/0xee609fe292128cad03b786dbb9bc2634ccdbe7fc#code
2. Click on the link and open the form HERE
3. Then you write what you need to audit, specify the link to the source code, specify your mail, write what platform.
All.
You wait for the result of the audit in the mail and you tell it to us.
I will add to the bookmarks. I think I will use this service.
I've long wanted to test this smart contract https://bitcointalksearch.org/topic/ann-elixir-elix-trading-on-coinexchange-2195735
1. Can the creator create EXOR and ELEXIR at will?
2. Can the creator pick up EXOR and ELEXIR from the addresses of the holders at will?
3. Can the creator create new address genesis?
Contract Address: 0x898bF39cd67658bd63577fB00A2A3571dAecbC53
Symbol: EXOR
Decimals: 18
Contract Address: 0xc8C6A31A4A806d3710A7B38b7B296D2fABCCDBA8
Symbol: ELIX
Decimals: 18
1. Can the creator create EXOR and ELEXIR at will?
2. Can the creator pick up EXOR and ELEXIR from the addresses of the holders at will?
3. Can the creator create new address genesis?
Contract Address: 0x898bF39cd67658bd63577fB00A2A3571dAecbC53
Symbol: EXOR
Decimals: 18
Contract Address: 0xc8C6A31A4A806d3710A7B38b7B296D2fABCCDBA8
Symbol: ELIX
Decimals: 18
I will also give one smart contract for an audit. I wonder, but what if they find some mistakes? This is free training)))
The right thought. This is a good way to test your mistakes. It will come in handy for sure. As soon as I finish my smart contract, I'll send it.
I remember your work. It was a good idea. Do you still run the project? Prize drawing depending on the time of transactions, if I'm not mistaken?
I will also give one smart contract for an audit. I wonder, but what if they find some mistakes? This is free training)))
The right thought. This is a good way to test your mistakes. It will come in handy for sure. As soon as I finish my smart contract, I'll send it.
I will also give one smart contract for an audit. I wonder, but what if they find some mistakes? This is free training)))
I'm sure that if we check all the smart ICO contracts that are now collecting money, then we'll see that the vast majority of the scam.
How can we simply conclude that they are scamming the investors because the community will always open with proofs? In this way, we can easily identify the scam projects, it is always good to check twice before investing the companies.
If an audit reveals that tokens from a smart contract can be stolen or added to an unlimited number, is not this a sign of fraud? Or the code is written with errors ... This is a sign that badly trained programmers have come to the task and we need to stay away from this project.
I'm sure that if we check all the smart ICO contracts that are now collecting money, then we'll see that the vast majority of the scam.
How can we simply conclude that they are scamming the investors because the community will always open with proofs? In this way, we can easily identify the scam projects, it is always good to check twice before investing the companies.
I'm sure that if we check all the smart ICO contracts that are now collecting money, then we'll see that the vast majority of the scam.
Translating to Russian language: https://bitcointalksearch.org/topic/investor-and-bounty-hunter-4899954
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
And BGX was audited? You do not know? It is necessary to me and this smart contract to send on check. It is necessary to check everything that interests.
Hi dude! Have you sent a BGX audit request? I'm also interested in knowing the result. How long have they audited and where can I see the results?
Translating to Russian language: https://bitcointalksearch.org/topic/investor-and-bounty-hunter-4899954
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
And BGX was audited? You do not know? It is necessary to me and this smart contract to send on check. It is necessary to check everything that interests.
Translating to Russian language: https://bitcointalksearch.org/topic/investor-and-bounty-hunter-4899954
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
I think that this is what is missing now. It is necessary to clean the ranks of the "developers")
This topic can be very useful for investors.
Here's the project https://bitcointalksearch.org/topic/annicoethereum-limited-edition-4521586 Too bright and defiantly decorated. I think it should be checked. Has sent on audit.
I will check all smart contracts in which I invest and which I advertise.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
I'll post the results here.
While I ordered an audit of the project, which I have in the signature.
How will the result - I will inform you.
You can check the projects in which you are participating.
To check smart contracts it is necessary in any case.
If audit hasn't been done and the team are hiding their code it's already a thing to think about. I would just go away from that kind of project, it's no real point of auditing yourself some fishy project
There are many signs of scams during the ICO, but I would like to draw your attention to one, in my opinion the most important.
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
This sign: AUDIT smart contract. The quality of his code.
Before deciding to participate in a particular project, you need to know: Was an audit conducted?
If NO, then it would be good to audit yourself.
Previously, it was expensive, but now you can order an audit for free.
It takes you several minutes to complete the form and as a result you will receive important information that will help you save your money and time!
Who will invest in the project or advertise it if its tokens can be stolen by any hacker?
ORDER THE AUDIT FOR FREE
HERE
Jump to: