This document is a security audit report performed by danbogd, where Nexo has been reviewed.
Сommit hash 3571169b3365adfc92c5bd743cc75b5184a2172a.
In total, 3 issues were reported including:
- 0 medium severity issues
- 1 low severity issues
- 1 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
- 1 notes.
No critical security issues were found.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Contract owner allow himself to:
- transfer out any accidentally sent ERC20 tokens here.
Don't forget to change addresses before deploy contract.
https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L31 https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L42 https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L57 https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L75 https://github.com/nexofinance/NEXO-Token/blob/3571169b3365adfc92c5bd743cc75b5184a2172a/contracts/NexoToken.sol#L92
The review did not show any critical issues, some of low severity issues were found.