The Tierion team asked us to review and audit their Tierion Network Token (TNT) contract. We looked at the code and now publish our results.
The audited contract is in the file TierionNetworkToken.sol with SHA1 hash
Good job using OpenZeppelin to write minimal extra code. The documentation is very good and there are thorough integration tests.
Here’s our assessment and recommendations, in order of importance.
Update: The Tierion team followed our rec0mmendations and updated the contract, now with SHA1 hash
No critical issues were found.
- According to the ERC20 standard the
decimalsvariable (defined in line 31) should be of type
Update: This was fixed in the latest version.
Notes and Additional Information
- Good job defining
INITIAL_SUPPLYin terms of
- Giving a name to the smallest transferable unit of a token, in your case grain, is a great idea. It eliminates a common ambiguity when talking about token amounts. More projects should do this.
- If you are going to distribute the tokens manually via
transfer, keep in mind that token holders will be able to make transfers themselves during the distribution. If you wish to audit the distribution afterwards to ensure it was done correctly, look for the
Transferevents instead of balances.
Using OpenZeppelin led to very little custom code written, and no security issues were found in this code. Only one change was suggested, and some small observations were made.
Note that as of the date of publishing, the above review reflects the current understanding of known security patterns as they relate to the Tierion Network Token contract. We have not reviewed the related Tierion project. The above should not be construed as investment advice. For general information about smart contract security, check out our thoughts here.