Dear Community,
Request to please look into an observation of an audit report for Token namely BXR. Most of the BXR Token source code available at Ether scan matches exactly with Open Zeppelin Contracts version 3.4.0, on which BXR Token is based.
The Audit observation is a below,
Compromising the private key of the externally owned account
0x2B9AF0bd212BF9969Ed7308F7144ff281f9b8d42 would grant the adversary control
over all aspects of the token, as that account is Admin, Minter and Pauser of the
contract.
constructor() public ERC20Capped(100 * 106 * 1018) ERC20(“Blockster”, “BXR”) {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
_setupRole(PAUSER_ROLE, msg.sender);
_setupRole(MINTER_ROLE, msg.sender);
}
Coinspect confirmed the roles have not been segregated into different accounts since
deployment.
Audit report can be downloaded at https://digitex.io/blockfunder/bxr/1, for your kind perusal.
Need to know what is the safety level for me as a non-technical person to invest in this project? The report is made available by the project owners. They did not hide it.
Shall be grateful for community support and suggestion.