This document is a security audit report performed by danbogd, where Dai has been reviewed.
Сommit hash .
In total, 4 issues were reported including:
- 0 medium severity issues
- 3 low severity issues
- 1 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
- 0 notes.
No critical security issues were found.
Incoming addresses should be checked for an empty value(0x0 address).
Line 129.
function setOwner(address owner_)
public
auth
{
owner = owner_;
LogSetOwner(owner);
}-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
Accroding to ERC20 standard, when initializing a token contract if any token value is set to any given address a transfer event should be emited.
function DSTokenBase(uint supply) public {
_balances[msg.sender] = supply;
_supply = supply;
}Contract owner allow himself to:
pause/unpause transferFrom, approve, mint, burn functions
modifier stoppable {
require(!stopped);
_;
}The review did not show any critical issues, some of low severity issues were found.