This document is a security audit report performed by danbogd, where CRAD CASH has been reviewed.
Сommit hash .
In total, 3 issues were reported including:
- 1 medium severity issues.
- 2 low severity issues.
No critical security issues were found.
The reviewed token contract is not ERC223 fully compliant.
-
The function transfer(address _to, uint _value, bytes _data) call tokenFallback external function on the receiver contract before adding the value to balances[_to]. The original implementation adds the token value to the balance before making the external call check the link below.
-
The function transfer(address _to, uint256 _value) didn't call tokenFallback external function on the receiver contract at all.
Lines: 152-153.
Recommendation Use sample from Dexarans' ERC223 token description.
Extra checking in lines 96, 109-110 lines. SafeMath library checks it anyway.
Those lines may be deleted.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
The review did not show any critical issues, some of medium and low severity issues were found.