This is the report from a security audit performed on OMG Token by gorbunovperm.
Audit of Top 200 CoinMarketCap tokens.
In total, 5 issues were reported including:
-
0 high severity issue.
-
1 medium severity issues.
-
4 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
onlyPayloadSize
modifier is workaround to avoid the Short Address Attack. But it doesn't work properly.
-
This method failed to execute when it was called from Parity multisignature wallet. The EVM pads call from this multisignature wallet, making the total 96 bytes instead of the expected 68.
-
If
transfer
andtransferFrom
are used by a subcontract function with fewer arguments, the onlyPayloadSize check will fail. It is not possible to adapt the workaround to prevent this issue.
More details here.
Remove this workaround.
The mint
function should emit the Transfer
event.
The contract owner allow himself to pause functions of contract (transfer
, transferFrom
).
It is possible to send tokens to 0x0 address by accidently.
Use condition require(_to != address(0));
.
There are some vulnerabilities were discovered in this contract.