This is the report from a security audit performed on WeidexV2 by MrCrambo.
The audit focused primarily on the security of Weidex V2 smart contracts.
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/utils/LibCrowdsale.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/utils/LibMath.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/utils/LibOrder.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/utils/LibSignatureValidator.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/mocks/OldERC20.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/mocks/SimpleOldToken.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/mocks/SimpleToken.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/interfaces/IExchangeUpgradability.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/Exchange.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/ExchangeBatchTrade.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/ExchangeMovements.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/ExchangeOffering.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/ExchangeStorage.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/ExchangeUpgradability.sol
- https://github.com/weichain/weidex-eth-v2/blob/master/contracts/exchange/WeiDex.sol
In total, 3 issues were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
1 owner privilegies issues.
-
2 low severity issues.
In function transfer
and transferFrom
there are no zero address checking
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Owner can change exchange address if he wants and contract could be with issues, if it's not audited. And also there is no zero address checking.
Smart contracts contain only low severuty issues.