This is the report from a security audit performed on by MrCrambo.
The audit focused primarily on the security of aXpire smart contract.
In total, 6 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
1 owner privilegies issues.
-
3 low severity issues.
Function transfer
and transferFrom
should throw in case of failing transfer, but here it will return false.
Using function burnFrom
owner can burn any amount of token from any address.
Add checking that allowed amount is greater than burning amount.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
In functions transfer
and transferFrom
there is possibility of sending to zero address.
Add zero address checking
require(_to != address(0));
- Owner can
pause
transfers any time he wants. - Owner can change
icoTokenExchangeRate
any time he wants. - Owner can change
haltIco
any time he wants.
Function sendFundHome
should work as described in comments Ends the funding period and sends the ETH home
, but it will only send the funds.
Smart contract contains medium severity issues.