This is the report from a security audit performed on MKR Token by gorbunovperm.
Audit of Top 200 CoinMarketCap tokens.
In total, 5 issues were reported including:
-
0 high severity issue.
-
0 medium severity issues.
-
5 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
- According to ERC20 standard when coins are minted a
Transfer
event should be emitted. - The
burn
function also should emit theTransfer
event.
- In the
transfer
andtransferFrom
functions, input destination address is not checked for a null value and the funds can be transferred to a0x0
-address. - Also it is needed to check input address for
setOwner
andsetAuthority
function.
In case if the approve
function is called with only "beneficiary" address parameter then max-uint value(!) of token will be approved to recipient.
Also the approved value doesn't decrease when trnsferFrom
called in case of max-uint approved value. It is some sort of ERC20 discrepancy.
The contract owner allow himself to pause functions of contract (transfer
, transferFrom
, approve
, mint
, burn
).
There are some vulnerabilities were discovered in this contract.