The audit focused primarily on the security of Dai smart contract.
In total, 5 issues were reported including:
0 high severity issues.
0 medium severity issues.
2 owner privilegies issues.
2 low severity issues.
1. Zero address checking
setOwner(address owner_) in line 129,
transferFrom(address src, address dst, uint wad) in line 321 there are no zero address checking.
DSTokenBase(uint supply) function in line 302 there is no
Transfer event call after setting all total supply to the owner balance.
3. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
4. Owner privilegies
Severity: owner privilegies
- Owner can stop contract any time.
- Owner can change smart contract name any time.
Smart contract is safe.