This document is a security audit report performed by danbogd, where BitUnits has been reviewed.
In total, 3 issues were reported including:
-
1 medium severity issues.
-
1 low severity issues.
-
1 minor observation.
No critical security issues were found.
The reviewed token contract is not ERC223 fully compliant, transferToContract function member of ERC223Token contract call tokenFallback external function on the receiver contract before adding the value to balances[_to]. The original implementation adds the token value to the balance before making the external call (check the link below).
https://github.com/Dexaran/ERC223-token-standard/blob/master/token/ERC223/ERC223_token.sol#L63#L68
A good example is if the contract tries to move the tokens from its balance when the tokens are not yet added to it.
The implemented version of ERC20/ERC223 Token do not require the _to address in transferToAddress to be non null before token transfer. Accidental token loss to address 0x0 can be applicable.
Extra checking in 90 and 100 lines. SafeMath library checks it anyway.
https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L90 https://gist.github.com/yuriy77k/d0d28a553000ddc1a64f63b0fb4d4b05#file-bitunits-sol-L100
Those lines may be deleted.
No critical vulnerabilities were detected,but we highly recommend to complete this bugs before use.