The audit focused primarily on the security of LCX smart contract.
In total, 4 issues were reported including:
0 high severity issues.
0 medium severity issues.
3 owner privilegies issues.
1 low severity issues.
1. Owner privilegies
Severity: owner privilegies
- Owner can change
LCXTokencontract address any time and to any not audited contract. Line 241.
- Owner can revoke any address vested tokens and send himself his tokens. Line 367.
- Owner can change vesting contract any time and to any not audited contract. Line 561.
2. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack, because
decreaseAllowancefunctions call inside of them approve function, but not add or decrease value. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
Smart contract is free of serious issues.