blockchain security


Enhanced Society Differential Analysis



iosiro was commissioned by Enhanced Society to analyse a pull request to identify potential functional and security flaws introduced into the codebase. The analysis was conducted between 24 May 2018 and 25 May 2018.



The pull request was performed on a fork of the popular TokenMarket ICO Smart Contract Package. The codebase provides a boilerplate of smart contracts for projects wanting to launch an ICO.


The scope of the analysis was limited to changes made in PR #1. The specific commits are listed below.

Note: Only the code changes made by Enhanced Society detailed in the links provided above were analysed. The rest of the forked codebase was not assessed.


A comprehensive list of changes to the smart contracts in scope is given below.

  • Changed the crowdsale fallback function to call investInternal(...) in Crowdsale.sol rather than throwing. This allows participants to send ether directly to the contract and receive tokens, instead of having to call the invest(...) function to purchase tokens.
  • Added functionality that required msg.sender and the token receiver address to be added to a whitelist before being able to contribute to the ICO. Only the crowdsale contract owner could call the whitelist functions.


No functional or security flaws were identified during the analysis.

Kyle Rileysecurity