This is the report from a security audit performed on Bills of exchange factory by gorbunovperm.
'Bills Of Exchange Factory' is a smart contracts based service that allows user to draw electronic bills or exchange.
https://cryptonomica.net/bills-of-exchange/
In total, 3 issues were reported including:
-
0 critical severity issue.
-
0 high severity issue.
-
1 medium severity issues.
-
2 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
According to ERC20 standard, when initializing a token contract if any token value is set to any given address a Transfer
event should be emitted.
An event isn't emitted when assigning the initial supply to the msg.sender.
Any admin can remove the contract creator from admin list. Together with the ability to change the withdrawal address by admin, this can be quite dangerous.
There are some vulnerabilities were discovered in these contracts.