This is an audit of the Weidex v2 smart contract. The audit focused on the vulnerability of the contract to attacks as well as ability of a third party to exploit such vulnerabilities.
- contracts/utils/LibSignatureValidator.sol
- contracts/exchange/ExchangeUpgradability.sol
- contracts/exchange/ExchangeStorage.sol
- contracts/exchange/ExchangeOffering.sol
- contracts/mocks/OldERC20.sol
- contracts/exchange/ExchangeBatchTrade.sol
- contracts/exchange/interfaces/IExchangeUpgradability.sol
- contracts/exchange/WeiDex.sol
- contracts/mocks/SimpleToken.sol
- contracts/mocks/SimpleOldToken.sol
- contracts/utils/LibOrder.sol
- contracts/utils/LibCrowdsale.sol
- contracts/exchange/ExchangeMovements.sol
In total, 10 issues were found including:
Always assume that calls to external functions will fail.
It is therefore necessary to check for the return value from this functions.
It is also recommended to use the transfer function for sending ether.
Check the return value of functions.
The function can only be called from one address.
This implies total dependency on that address.
If the address is compromised or the private key lost then investor funds may be lost forever.
Implement the function as the contracts constructor.
https://gist.github.com/mobilipia/1ac6bb4124f98893ba310aae9abf695e#file-exchangeupgradability-sol-L38-L43 https://gist.github.com/mobilipia/75ba451d440d86166d9ef9bdc05df145#file-exchangestorage-sol-L200-L212 https://gist.github.com/mobilipia/75ba451d440d86166d9ef9bdc05df145#file-exchangestorage-sol-L217-L230
The audited smart contract requires modification. Some high severity issues were found during the audit.