This is the report from a security audit performed on LCX by MrCrambo.
The audit focused primarily on the security of LCX smart contract.
In total, 4 issues were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
3 owner privilegies issues.
-
1 low severity issues.
-
0 notes.
- Owner can change
LCXToken
contract address any time and to any not audited contract. Line 241. - Owner can revoke any address vested tokens and send himself his tokens. Line 367.
- Owner can change vesting contract any time and to any not audited contract. Line 561.
- It is possible to double withdrawal attack, because
increaseAllowance
anddecreaseAllowance
functions call inside of them approve function, but not add or decrease value. More details here - Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Smart contract is free of serious issues.