This is the report from a security audit performed on CRAD_CASH by MrCrambo.
The audit focused primarily on the security of CRAD_CASH smart contracts.
In total, 3 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
1 low severity issues.
Smart contract implements ERC223 wrongly.
transfer(address _to, uint _value)
function at line 94 also should call token fallback functiontransfer(address _to, uint _value, bytes memory _data)
function at line 146 works wrongly, there should be token fallback call only after adding and subtracting user balances as in ERC223 standard.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
Smart contract contains medium severity issues.