Netis audit recommendations applied

HiveProjectLtd · Aug 25, 2017 · 0d54699 · 0d54699
1 parent 3967790
commit 0d54699
Show file tree

Hide file tree

Showing 8 changed files with 81 additions and 68 deletions.
diff --git a/build/contracts/ERC20Interface.json b/build/contracts/ERC20Interface.json
@@ -172,5 +172,5 @@
   "unlinked_binary": "0x",
   "networks": {},
   "schema_version": "0.0.5",
-  "updated_at": 1503585209882
+  "updated_at": 1503670993747
 }
diff --git a/build/contracts/HVNToken.json b/build/contracts/HVNToken.json
diff --git a/build/contracts/Owned.json b/build/contracts/Owned.json
@@ -71,8 +71,8 @@
       "type": "event"
     }
   ],
-  "unlinked_binary": "0x6060604052341561000f57600080fd5b5b60008054600160a060020a03191633600160a060020a03161790555b5b6102448061003c6000396000f300606060405263ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166379ba5097811461005e5780638da5cb5b14610073578063d4ee1d90146100a2578063f2fde38b146100d1575b600080fd5b341561006957600080fd5b6100716100f2565b005b341561007e57600080fd5b61008661019a565b604051600160a060020a03909116815260200160405180910390f35b34156100ad57600080fd5b6100866101a9565b604051600160a060020a03909116815260200160405180910390f35b34156100dc57600080fd5b610071600160a060020a03600435166101b8565b005b60015433600160a060020a0390811691161461010d57600080fd5b6000546001547f343765429aea5a34b3ff6a3785a98a5abb2597aca87bfbb58632c173d585373a91600160a060020a039081169116604051600160a060020a039283168152911660208201526040908101905180910390a1600180546000805473ffffffffffffffffffffffffffffffffffffffff19908116600160a060020a038416179091551690555b565b600054600160a060020a031681565b600154600160a060020a031681565b60005433600160a060020a039081169116146101d057fe5b600054600160a060020a03828116911614156101eb57600080fd5b6001805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a0383161790555b5b505600a165627a7a72305820a5bde6fe5b1e86631ff763b4791f67d4889b0d3099188c12fa3cf82999aba9db0029",
+  "unlinked_binary": "0x6060604052341561000f57600080fd5b5b60008054600160a060020a03191633600160a060020a03161790555b5b6102448061003c6000396000f300606060405263ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166379ba5097811461005e5780638da5cb5b14610073578063d4ee1d90146100a2578063f2fde38b146100d1575b600080fd5b341561006957600080fd5b6100716100f2565b005b341561007e57600080fd5b61008661019a565b604051600160a060020a03909116815260200160405180910390f35b34156100ad57600080fd5b6100866101a9565b604051600160a060020a03909116815260200160405180910390f35b34156100dc57600080fd5b610071600160a060020a03600435166101b8565b005b60015433600160a060020a0390811691161461010d57600080fd5b6000546001547f343765429aea5a34b3ff6a3785a98a5abb2597aca87bfbb58632c173d585373a91600160a060020a039081169116604051600160a060020a039283168152911660208201526040908101905180910390a1600180546000805473ffffffffffffffffffffffffffffffffffffffff19908116600160a060020a038416179091551690555b565b600054600160a060020a031681565b600154600160a060020a031681565b60005433600160a060020a039081169116146101d057fe5b600054600160a060020a03828116911614156101eb57600080fd5b6001805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a0383161790555b5b505600a165627a7a723058209bb90a255705dd9c5f2f7854104a7592d54dddebc2bca8b84b82855b24c721d00029",
   "networks": {},
   "schema_version": "0.0.5",
-  "updated_at": 1503585209884
+  "updated_at": 1503670993747
 }
diff --git a/build/contracts/SafeMath.json b/build/contracts/SafeMath.json
@@ -1,8 +1,8 @@
 {
   "contract_name": "SafeMath",
   "abi": [],
-  "unlinked_binary": "0x60606040523415600e57600080fd5b5b603680601c6000396000f30060606040525b600080fd00a165627a7a7230582065caec121172645dea461d8c8dac7d71d9c24b5e0613c243924785b3ae2d79920029",
+  "unlinked_binary": "0x60606040523415600e57600080fd5b5b603680601c6000396000f30060606040525b600080fd00a165627a7a7230582006281bc3bed7da5179dd340728a5a241e0dd813ba85252ad3126e53af95708600029",
   "networks": {},
   "schema_version": "0.0.5",
-  "updated_at": 1503585209884
+  "updated_at": 1503670993747
 }
diff --git a/build/contracts/tokenRecipient.json b/build/contracts/tokenRecipient.json
@@ -30,5 +30,5 @@
   "unlinked_binary": "0x",
   "networks": {},
   "schema_version": "0.0.5",
-  "updated_at": 1503588987320
+  "updated_at": 1503670993747
 }
diff --git a/contracts/HVNToken.sol b/contracts/HVNToken.sol
@@ -31,7 +31,7 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
     uint8 public constant decimals = 8;
     string public version = '0.0.1';
 
-    bool private transfersFrozen = false;
+    bool public transfersFrozen = false;
 
     /**
      * Protection against short address attack
@@ -82,10 +82,8 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
      * Transfer sender's tokens to a given address
      */
     function transfer(address _to, uint256 _value) whenNotFrozen onlyPayloadSize(2) returns (bool success) {
-        if(_to == 0x0) {
-            return false;
-        }
-
+        require(_to != 0x0);
+
         balances[msg.sender] = sub(balances[msg.sender], _value);
         balances[_to] += _value;
         Transfer(msg.sender, _to, _value);
@@ -138,7 +136,7 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
     /**
      * Approve and then communicate the approved contract in a single transaction
      */
-    function approveAndCall(address _spender, uint256 _value, bytes _extraData)  onlyPayloadSize(2) returns (bool success) {
+    function approveAndCall(address _spender, uint256 _value, bytes _extraData)  onlyPayloadSize(3) returns (bool success) {
         tokenRecipient spender = tokenRecipient(_spender);
         if (approve(_spender, _value)) {
             spender.receiveApproval(msg.sender, _value, this, _extraData);
@@ -155,6 +153,7 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
         totalSupply = add(totalSupply, _amount);
 
         Mint(owner, _amount);
+        Transfer(0x0, owner, _amount);
     }
 
 
@@ -168,6 +167,7 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
         totalSupply  = sub(totalSupply, _amount);
 
         Burn(msg.sender, _amount);
+        Transfer(msg.sender, 0x0, _amount);
         return true;
     }
 
@@ -185,13 +185,13 @@ contract HVNToken is ERC20Interface, SafeMath, Owned {
         HVNToken token = HVNToken(_token);
         uint balance = token.balanceOf(this);
         token.transfer(owner, balance);
-        logTokenTransfer(_token, owner, balance);
+
+        Transfer(_token, owner, balance);
     }
 
 
     event Freeze (address indexed owner);
     event Unfreeze (address indexed owner);
-    event logTokenTransfer(address token, address to, uint amount);
     event Mint(address indexed to, uint amount);
     event Burn(address indexed from, uint amount);
 }
diff --git a/docs/test-results.png b/docs/test-results.png
diff --git a/test/HVNToken.js b/test/HVNToken.js
@@ -8,66 +8,88 @@ const evmThrewError = (err) => {
   return false
 }
 
+const oneToken = 100000000
+const initialSupply = 500000000 * oneToken
+const tenThousandsTokens = 10000 * oneToken
+const thousandTokens = 1000 * oneToken
+const hundredTokens = 100 * oneToken
+const fiftyTokens = 50 * oneToken
+
+it("Current date is: " + new Date().toLocaleString("en-US", {timeZone: "UTC"}))
+
 contract('HNVToken', (accounts) => {
   it("should have total supply of 500,000,000.00000000 tokens", () => {
     return HVNToken.deployed()
       .then((token) => token.totalSupply())
-      .then((supply) => assert.equal(supply.valueOf(), 50000000000000000, "initial supply is not 500,000,000.00000000"))
-  });
+      .then((supply) => assert.equal(supply.valueOf(), initialSupply, "initial supply is not " + initialSupply))
+  })
 
 
   describe("Simple transfers", () => {
     it("should transfer 1,000 tokens to account 2", () => {
       return HVNToken.deployed()
         .then((token) => {
-          return token.transfer(accounts[1], 100000000000, { from: accounts[0] })
+          return token.transfer(accounts[1], thousandTokens, { from: accounts[0] })
             .then(() => token.balanceOf(accounts[1]))
-            .then((balance) => assert.equal(balance.valueOf(), 100000000000, "account balance is not 1,000.00000000"))
+            .then((balance) => assert.equal(balance.valueOf(), thousandTokens, "account balance is not " + thousandTokens))
         })
-    });
+    })
 
     it("account 1 should have 1,000 less tokens", () => {
       return HVNToken.deployed()
         .then((token) => {
           return token.balanceOf(accounts[0])
-            .then((balance) => assert.equal(balance.valueOf(), 49999900000000000, "account balance is not 499,999,000.00000000"))
+            .then((balance) => assert.equal(balance.valueOf(), (initialSupply-thousandTokens), "account balance is not " + (initialSupply-thousandTokens)))
         })
-    });
+    })
 
     it("should fail transfering 2,000 tokens from account 2 to account 4", () => {
       return HVNToken.deployed()
         .then((token) => {
-          return token.transfer(accounts[3], 100000000000, { from: accounts[2] })
+          return token.transfer(accounts[3], thousandTokens, { from: accounts[2] })
             .then(() => token.balanceOf(accounts[3]))
             .catch((err) => assert(evmThrewError(err), err.message))
         })
-    });
+    })
+
+    it("should protect the contract from short address attacks", () => {
+      let longAddress  = 0x1234567890123456789012345678901234567800
+      let shortAddress = 0x12345678901234567890123456789012345678
+      return HVNToken.deployed()
+        .then(token => {
+          return token.transfer(longAddress, oneToken, { from: accounts[0] })
+            .then(() => token.transfer(shortAddress, oneToken, { from: accounts[0] }))
+            .then(() => token.balanceOf(longAddress))
+            .then(balance => assert.equal(balance.valueOf(), oneToken, "vulnerable to short address attack"))
+        })
+
+    })
   })
 
 
   describe("Approval/Allowance", () => {
     it("account 2 should approve account 3 spending 100 tokens", () => {
       return HVNToken.deployed()
         .then(token => {
-          return token.approve(accounts[2], 10000000000, { from: accounts[1] })
+          return token.approve(accounts[2], hundredTokens, { from: accounts[1] })
             .then(() => token.allowance(accounts[1], accounts[2]))
-            .then(result => assert.strictEqual(result.toNumber(), 10000000000))
+            .then(result => assert.strictEqual(result.toNumber(), hundredTokens))
         })
     })
 
     it("account 3 should spend 50 tokens from account 2 balance", () => {
       return HVNToken.deployed()
         .then(token => {
-          return token.transferFrom(accounts[1], accounts[3], 5000000000, { from: accounts[2] })
+          return token.transferFrom(accounts[1], accounts[3], fiftyTokens, { from: accounts[2] })
             .then(() => token.balanceOf(accounts[3]))
-            .then((balance) => assert.equal(balance.valueOf(), 5000000000, "account balance is not 50.00000000"))
+            .then((balance) => assert.equal(balance.valueOf(), fiftyTokens, "account balance is not 50.00000000"))
         })
     })
 
     it("should fail when transferFrom account with no allowance", () => {
       return HVNToken.deployed()
         .then(token => {
-          return token.transferFrom(accounts[0], accounts[5], 15000000000, { from: accounts[5] })
+          return token.transferFrom(accounts[0], accounts[5], fiftyTokens, { from: accounts[5] })
             .then(() => token.balanceOf(accounts[3]))
             .catch((err) => assert(evmThrewError(err), err.message))
         })
@@ -77,34 +99,34 @@ contract('HNVToken', (accounts) => {
 
   describe("Freez/Unfreeze", () => {
       it("owner should be able to freeze transfers and they should fail", () => {
-        let token = null;
+        let token = null
         return HVNToken.deployed()
           .then((t) => token = t)
           .then(() => token.freezeTransfers())
-          .then(() => token.transfer(accounts[6], 100000000000, { from: accounts[0] }))
+          .then(() => token.transfer(accounts[6], thousandTokens, { from: accounts[0] }))
           .catch((err) => assert(evmThrewError(err), err.message))
       })
 
       it("owner should be able to unfreeze transfers and they should succeed", () => {
-        let token = null;
+        let token = null
         return HVNToken.deployed()
           .then((t) => token = t)
           .then(() => token.unfreezeTransfers())
-          .then(() => token.transfer(accounts[6], 100000000000, { from: accounts[0] }))
+          .then(() => token.transfer(accounts[6], thousandTokens, { from: accounts[0] }))
           .then(() => token.balanceOf(accounts[6]))
-          .then((balance) => assert.equal(balance.valueOf(), 100000000000, "account balance is 1000.00000000"))
+          .then((balance) => assert.equal(balance.valueOf(), thousandTokens, "account balance is 1000.00000000"))
       })
 
       it("not-owner should not be able to freeze", () => {
-        let token = null;
+        let token = null
         return HVNToken.deployed()
           .then((t) => token = t)
           .then(() => token.freezeTransfers({ from: accounts[1] }))
           .catch((err) => assert(evmThrewError(err), err.message))
       })
 
       it("not-owner should not be able to unfreeze", () => {
-        let token = null;
+        let token = null
         return HVNToken.deployed()
           .then((t) => token = t)
           .then(() => token.freezeTransfers())
@@ -119,32 +141,32 @@ contract('HNVToken', (accounts) => {
         .then((token) => {
           return token.totalSupply()
             .then(supplyBefore => {
-              return token.mint(1000000000000)
+              return token.mint(tenThousandsTokens)
                 .then(() => token.totalSupply())
-                .then((supplyAfter) => assert.equal(supplyAfter.valueOf(), parseInt(supplyBefore.valueOf()) + 1000000000000, "did not mint 10,000 tokens"))
+                .then((supplyAfter) => assert.equal(supplyAfter.valueOf(), parseInt(supplyBefore.valueOf()) + tenThousandsTokens, "did not mint 10,000 tokens"))
             })
         })
-    });
+    })
 
     it("not-owner should not be able to mint", () => {
-      let token = null;
+      let token = null
       return HVNToken.deployed()
         .then((t) => token = t)
-        .then(() => token.mint(10000000000000, { from: accounts[1] }))
+        .then(() => token.mint(tenThousandsTokens, { from: accounts[1] }))
         .catch((err) => assert(evmThrewError(err), err.message))
     })
 
     it("anyone should be able to burn their tokens", () => {
-      let token = null;
+      let token = null
       return HVNToken.deployed()
         .then((token) => {
           return token.totalSupply()
             .then(supplyBefore => {
-              return token.burn(100000000,  { from: accounts[1] })
+              return token.burn(oneToken,  { from: accounts[1] })
                 .then(() => token.totalSupply())
-                .then((supplyAfter) => assert.equal(supplyAfter.valueOf(), parseInt(supplyBefore.valueOf()) - 100000000, "did not burn 1 token"))
+                .then((supplyAfter) => assert.equal(supplyAfter.valueOf(), parseInt(supplyBefore.valueOf()) - oneToken, "did not burn 1 token"))
             })
         })
     })
   })
-});
+})