This is the report from a security audit performed on NEXO by MrCrambo.
The audit focused primarily on the security of NEXO smart contract.
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/NexoToken.sol
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/utils/AbstractToken.sol
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/utils/Owned.sol
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/utils/SafeMath.sol
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/utils/StandardToken.sol
- https://github.com/nexofinance/NEXO-Token/blob/master/contracts/utils/Token.sol
In total, 2 issues were reported including:
-
0 high severity issues.
-
1 medium severity issues.
-
0 owner privilegies issues.
-
1 low severity issues.
-
0 notes.
Owner allows himself to call transferFrom function from investors, community and advisers address, so there is risk to investors, that owner will transfer this tokens to another address.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );Smart contracts contain medium severity issue.