This is the report from a security audit performed on ExploreCoin by MrCrambo.
The audit focused primarily on the security of ExploreCoin smart contract.
In total, 4 issues were reported including:
-
0 high severity issues.
-
1 medium severity issues.
-
0 owner privilegies issues.
-
3 low severity issues.
In transferFrom
function firstly called transfer
function and then approve
function, but if approve
will be failed in case of transfering more than allowed amount, than there will be Logs in Blockchain, that transfer happened, but it didn't. So in case when dapps will work with Logs, then this transferFrom
will be considered to have occurred, but it won't.
In constructor
at line 306 there need zero address checking for feeReceiver
and tokenOwnerAddress
.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Functions _burn
and _burnfrom
are internal and never will be able to call.
Smart contract contains medium severity issue.