MKR Token security audit report
Audit of Top 200 CoinMarketCap tokens.
In total, 5 issues were reported including:
0 high severity issue.
0 medium severity issues.
5 low severity issues.
0 minor observations.
1. Known vulnerabilities of ERC-20 token
It is possible to double withdrawal attack. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
2. ERC20 Compliance — event missing
- According to ERC20 standard when coins are minted a
Transferevent should be emitted.
burnfunction also should emit the
3. It is necessary to check the input address of
- In the
transferFromfunctions, input destination address is not checked for a null value and the funds can be transferred to a
- Also it is needed to check input address for
In case if the
approve function is called with only "beneficiary" address parameter then max-uint value(!) of token will be approved to recipient.
Also the approved value doesn't decrease when
trnsferFrom called in case of max-uint approved value. It is some sort of ERC20 discrepancy.
5. Owner's Privileges
The contract owner allow himself to pause functions of contract (
There are some vulnerabilities were discovered in this contract.