Maximine Coin (MXM) security audit report

ETH_MaximineCoin(MXM)_report.md

Maximine Coin (MXM) security audit report

Summary

This is the report from a security audit performed on Maximine Coin (MXM) by gorbunovperm.

Audit Top 200 CoinMarketCap tokens.

Maximine Coin (MXM)

https://maximine.io/

In scope

1. MXM.sol

Findings

In total, 5 issues were reported including:

• 0 high severity issue.

• 0 medium severity issues.

• 4 low severity issues.

• 1 owner privileges.

• 0 note.

Security issues

1. Known vulnerabilities of ERC-20 token

Severity: low

Description

• It is possible to double withdrawal attack. More details here

• Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

2. ERC20 Compliance — event missing

Severity: low

Description

According to ERC20 standard when coins are minted(or burned) a Transfer event should be emitted.

Code snippet

• Line 41, 163, 181.

3. ERC20 Compliance — transfer returns

Severity: low

Description

According EIP20 Standard the transfer function should returns boolean value function transfer(address _to, uint256 _value) public returns (bool success). But here it is not implemented.

Code snippet

• Line 76.

4. ERC20 Compliance: zero-value transfers rejecting

Severity: low

Description

EIP20 says that:

Transfers of 0 values MUST be treated as normal transfers and fire the Transfer event. But in this contract, function transfer has a condition:

require(balanceOf[_to] + _value > balanceOf[_to]);

Code snippet

• Line 56.

5. Owner Privileges

Severity: owner privileges

Description

The contract owner allowed to ban transfer functions for certain user.

Code snippet

• Line 86, 77, 111, 128.

Conclusion

There are no serious vulnerabilities were discovered here.