Phantasma Smart Contract Bug!

in #phantasma7 years ago

Phantasma ICO Smart Contract Bug


Phantasma stopped their ICO halfway, as in their announcement channel, see below.

According to their announcement, there is an issue in their smart contract and thus the ICO (running halfway) need to stop immediately. When investors asked what is the issue, the admin refused to answer.

Out of curiosity, I checked their smart contract source code, and found their mistake.

https://github.com/PhantasmaProtocol/PhantasmaNeo/blob/master/PhantasmaContract/Contract.cs

In the function CheckPurchaseAmount, I found this piece of code:

By using simple calculation, I found that if someone contributed more than their allowed cap, the value of tokens_to_give is 0 (which makes sense), and tokens_to_refund is a number greater than zero.

If you look at the line
if ( tokens_to_refund>0 && tokens_to_give>0 )
it will never execute the statement below it because tokens_to_give is zero.

The correct way of writing that line is
if ( tokens_to_refund>0 && tokens_to_give>=0 )

They forgot the "=". This error will give whitelisted investors the chance to keep sending <=10 NEO to Phantasma smart contract and they will get their Soul correspondingly.