This is the report from a security audit performed on USDT by MrCrambo.
The audit focused primarily on the security of USDT smart contract.
In total, 8 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
1 owner privilegies issues.
-
5 low severity issues.
-
0 notes.
There is no event in function transferOwnership
.
There are no zero address checking in functions transfer
and transferFrom
.
In function transferFrom
there is possibility, that allowed amount will not be decreased, in case of allowed will be equal to MAX_UINT
Owner can pause
contract any time he wants.
Owner can add to isBlackListed
array any address and can destroy all funds of this user without any restrictions.
Using function issue
owner can mint any amount of tokens any time, so there is possibility of unlimited minting.
There is possibility that using transfer
function funds will be sent to blacklisted user.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Smart contract contains medium severity issues.