This document is a security audit report performed by danbogd, where CALL token has been reviewed.
Сommit hash .
- IERC664.sol.
- IERC777.sol.
- IERC777TokensRecipient.sol.
- IERC777TokensSender.sol.
- ERC664Balances.sol.
- SafeGuard.sol.
- ERC777.sol.
- ERC777ERC20Compat.sol.
- ERC777RemoteBridge.sol.
- CALL.sol.
- CStore.sol.
In total, 3 issues were reported including:
- 0 medium severity issues
- 1 low severity issues
- 2 owner privileges (ability of owner to manipulate contract, may be risky for investors).
- 0 notes.
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Contract owner allow himself to:
ERC664Balances.sol
Increase/decrease total supply, lines 58,68.
call.sol
Disable/enable all functions (transfer, trnsferFrom, approve) the ERC20 interface, line 40, 49.
The review did not show any critical issues, some of low severity issues were found.