yuriy77k/ETH_USDT_Report.md Secret

## ETH_USDT_Report.md

      
    Raw
  

              ETH_USDT_Report.md
            
          
    Summary

This is the report from a security audit performed on USDT by MrCrambo.
The audit focused primarily on the security of USDT smart contract.
In scope


https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#contracts

Findings

In total, 8 issues were reported including:


0 high severity issues.


2 medium severity issues.


1 owner privilegies issues.


5 low severity issues.


0 notes.


Security issues

1. No events

Severity: note

Description

There is no event in function transferOwnership.
2. Zero address chekcing

Severity: low

Description

There are no zero address checking in functions transfer and transferFrom.
3. Allowance decrease

Severity: low

Description

In function transferFrom there is possibility, that allowed amount will not be decreased, in case of allowed will be equal to MAX_UINT
4. Owner privilegies

Severity: owner privilegies

Description

Owner can pause contract any time he wants.
5. Blacklist funds

Severity: medium

Description

Owner can add to isBlackListed array any address and can destroy all funds of this user without any restrictions.
6. Unlimited minting

Severity: medium

Description

Using function issue owner can mint any amount of tokens any time, so there is possibility of unlimited minting.
7. Blacklisted user transfering

Severity: low

Description

There is possibility that using transfer function funds will be sent to blacklisted user.
8. Known vulnerabilities of ERC-20 token

Severity: low

Description


It is possible to double withdrawal attack. More details here
Lack of transaction handling mechanism issue. More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
Conclusion

Smart contract contains medium severity issues.
No results found