This is the report from a security audit performed on Bills Of Exchange Factory by MrCrambo.
The audit focused primarily on the security of Bills Of Exchange Factory smart contract.
In total, 4 issues were reported including:
-
0 high severity issues.
-
1 medium severity issues.
-
1 owner privilegies issues.
-
2 low severity issues.
Function transfer(address _to, uint256 _value)
at line 250 doesn't call fallback function, but it should. Look the right realisation of ERC223 standard by link.
There are possibility of setting zero address in function initToken
at line 187, in function changeCryptonomicaVerificationContractAddress
at line 450, in function signDisputeResolutionAgreementFor
at line 737, in function initBillsOfExchange
at line 786, in function setLegal
at line 851, in function createBillsOfExchange
at line 981.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
- Owner can change price at any time, line 615.
Smart contract contains medium severity issue.