This document is a security audit report performed by danbogd, where ETHERC Security has been reviewed.
Сommit hash 8f3739db93588b5141b7eb0116ebaeb303263569.
In total, 3 issues were reported including:
-
1 high severity issues.
-
1 notes.
-
1 owner privileges (ability of owner to manipulate contract, may be risky for investors).
The function burnFrom In TokenTemplate contract, allow an address to burn from another address that has approved token to it, however the burned value is not subtracted from the allowance once the function is executed, making the spender able to burn the total balance of the from address.
The severity of this issue cannot be defined accurately since the usage of the contract containing the issue should be described by the development team, in all the cases the contract should be corrected since the repository is public.
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/test/TokenTemplate.sol#L85
In ETHERCExchange. contract the owner is allowed to change maker and taker fees without restrictions.
In ETHERCToken contract the owner is allowed to pause/unpause token transfers and approvals without restrictions.
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCExchange.sol#L312
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCExchange.sol#L317
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCToken.sol#L308#L329
The function () payable { revert(); } was a pattern used to prevent implicit acceptance of ether in Solidity versions older than 0.4.0, but today this is unneeded. Code snippet
The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.