This is the report from a security audit performed on ExploreCoin by MrCrambo.
The audit focused primarily on the security of ExploreCoin smart contract.
In total, 4 issues were reported including:
-
0 high severity issues.
-
1 medium severity issues.
-
0 owner privilegies issues.
-
3 low severity issues.
In transferFrom function firstly called transfer function and then approve function, but if approve will be failed in case of transfering more than allowed amount, than there will be Logs in Blockchain, that transfer happened, but it didn't. So in case when dapps will work with Logs, then this transferFrom will be considered to have occurred, but it won't.
In constructor at line 306 there need zero address checking for feeReceiver and tokenOwnerAddress.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );Functions _burn and _burnfrom are internal and never will be able to call.
Smart contract contains medium severity issue.