Trail of Bits
Audit Open Original ↗

Golem

Type

Security review

Client

Golem

Date

2018-04

Domain

Blockchain

Effort

4 wks

Section

Ethereum/EVM

Trail of Bits's security review of Golem (Apr 2018) identified 13 issues: 3 high, 3 medium, 5 low, and 2 informational.

Findings · 13

  1. 1 Contracts specify outdated compiler version Informational
  2. 2 Race condition in the ERC20 approve function may lead to token thet Medium
  3. 3 OpenZeppelin dependencies do not track upstream changes Low
  4. 4 User can silently burn tokens in batchTransfer function Low
  5. 5 Empty accounts can trigger Mint and Burn events Informational
  6. 6 Deletion of user tokens in batchTransfer function High
  7. 7 Hardcoded non-zero burn address is active High
  8. 8 User can silently burn tokens in the GNTDeposit withdraw function Medium
  9. 9 Depositing tokens in GNTDeposit does not reset the timelock High
  10. 10 Timelock events can be reused Low
  11. 11 Users can burn their own tokens Low
  12. 12 Burning tokens does not update the corresponding total supply Medium
  13. 13 A user can stop a batch payment by providing 0x0 as an address Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related