Note: All 8 questions in this quiz are based on the InSecureumToken contract shown below. This is the same contract you see for all the 8 questions in this quiz. The InSecureumToken contract implements a token contract which allows users to buy tokens by depositing Ether (at a certain conversion ratio), and transfer tokens.
pragmasolidity 0.7.0;contract InSecureumToken {mapping(address=>uint) private balances;uintpublic decimals =10**18; // decimals of the tokenuintpublic totalSupply; // total supplyuint MAX_SUPPLY =100ether; // Maximum total supplyeventMint(addressindexed destination, uint amount);functiontransfer(address to,uint amount) public {// save the balance in local variables// so that we can re-use them multiple times// without paying for SLOAD on every accessuint balance_from = balances[msg.sender];uint balance_to = balances[to];require(balance_from >= amount); balances[msg.sender] = balance_from - amount; balances[to] =safeAdd(balance_to, amount);}/// @notice Allow users to buy token. 1 ether = 10 tokens/// @dev Users can send more ether than token to be bought, to donate a fee to the protocol team.functionbuy(uint desired_tokens) publicpayable {// Check if enough ether has been sentuint required_wei_sent = (desired_tokens /10) * decimals;require(msg.value >= required_wei_sent);// Mint the tokens totalSupply =safeAdd(totalSupply, desired_tokens); balances[msg.sender] =safeAdd(balances[msg.sender], desired_tokens);emitMint(msg.sender, desired_tokens);}/// @notice Add two values. Revert if overflowfunctionsafeAdd(uint a,uint b) pureinternalreturns(uint) {if (a + b < a) {revert(); }return a + b;}}
Q1 The InSecureumToken contract strictly follows the specification of
Comment:
Since decimals was defined as uint (same as uint256) and not as uint8 as ERC20 or ERC777 standardized, it can't strictly be either of them. And since this is clearly a fungible token contract, it can't be ERC721.
Q2 To avoid lock of funds, the following feature(s) MUST be implemented before contract deployment
Q3 Which of the following assertion(s) is/are true (without affecting the security posture of the contract)?
Q4 The total supply is limited by
Q5 The following issue(s) is/are present in the codebase
Q6 The following issue(s) is/are present in the codebase
Comment:
No requests made before/after a function call would be able to change the token price. All of the functions are intended to be used by users, so no "access control" would be possible without excluding users. A user can send all of their tokens to themselve, which will double their balance due to the pre-loaded variable reuse.
Q7 The following issue(s) is/are present in the codebase
Q8 The following issue(s) is/are present in the codebase
Comment:
While it is indeed possible to exploit an overflow at the multiplication ((desired_tokens / 10) * decimals), it doesn't allow you to receive FREE tokens (although it makes them a bargain).