This is the report from a security audit performed on magicchain-blockchain by gorbunovperm.
Smart contract issued ERC223 token. Constant emission, but half of the tokens are frozen. Unfreeze 5 tokens with every Ethereum block.
In total, 3 issues were reported including:
-
1 high severity issue.
-
0 medium severity issues.
-
2 low severity issues.
-
0 minor observations.
- It is possible to double withdrawal attack. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Maximum possible balance of ColdStorage is _totalSupplyLimit - _initialSupply
. But unfreezed
function incorrectly calculates available funds. This allows to transfer twice as much tokens as possible.
Use correct calculation like this:
if(u > _totalSupplyLimit - _initialSupply) {
u = _totalSupplyLimit - _initialSupply;
}
For greater security, swap _transfer
and _approve
calls. Otherwise, the potentially unsafe contract(receiver.tokenFallback
) is called first and only then _allowed
value is reduced. In this case, SafeMath
library protects the contract but it is better to protect yourself from potential attacks.
There are some vulnerabilities were discovered in this contract.