Security Audit of Mainstreet Token and Crowdfund Smart Contracts
By Jordi Baylina
Over the last few days, I’ve been reviewing the Mainstreet Crowdfund contract and the Mainstreet Token contract.
I’ve been working closely with Mainstreet developers, improving the code, reviewing and making independent tests for these contracts.
At this point I don’t see any issues that can affect the security of these smart contracts.
I would also like to mention some characteristics of these smart contracts that very much mitigates potential security issues.
- None of these contracts will hold any ether at any time. The crowdfunding contract just relays the ether to an external standard multisig wallet contract controlled by Mainstreet.
- The core of the token contract is based on a standard ERC20 token contract with a few minor modifications.
This makes the probability of losing any ether even if there is an unseen bug in these contracts very low. The worst case scenario is that these contracts would need to be redeployed with the old balances imported.
Limitations of this work
I only reviewed the solidity portions of the smart contracts mentioned above. I made a fork of the repository at the moment of the review here: https://github.com/jbaylina/token .
I didn’t audit the external wallet or the keyholders key management.
I didn’t make any low level reviews of the assembly code generated by the solidity compiler.
Smart contract security audits like this one, reduce the risks of the smart contracts issues but they do not warranty bug-free code. I encourage the community, especially the Mainstreet community that will be using these contracts directly to continue to analyze these contracts and make their own audits.